Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-privacy

šŸ¦„ A curated list of privacy & security-focused software and services
https://github.com/lissy93/awesome-privacy

Last synced: 5 days ago
JSON representation

  • Bonus #3 - Self-Hosted Services

  • Bonus #1 - Alternatives to Google

  • Password Managers

    • Categories

      • KeePass - sync baked in, deemed to be [gold standard](https://keepass.info/ratings.html) for secure password managers. KeePass clients: [Strongbox](https://apps.apple.com/us/app/strongbox-keepass-pwsafe/id897283731) *(Mac & iOS)*, [KeePassDX](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) *(Android)*, [KeeWeb](https://keeweb.info) *(Web-based/ self-hosted)*, [KeePassXC](https://keepassxc.org) *(Windows, Mac & Linux)*, see more KeePass clients and extensions at [awesome-keepass](https://github.com/lgg/awesome-keepass) by @lgg.
      • LessPass - Hosted)* | LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it.
      • Padloc - host it as well.
      • ProtonPass - friendly native mobile and desktop apps. ProtonPass is one of the few "trustworthy" providers that also offers a free plan.
      • Password Safe
      • PassBolt - hosted, extensible and OpenPGP based. It is specifically good for development and DevOps useage, with integrations for the terminal, browser and chat, and can be easily extended for custom usage, and deployed quickly with Docker
      • 1Password - featured cross-platform password manager with sync. Free for self-hosted data (or $3/ month hosted). Be aware that 1Password is not fully open source, but they do regularly publish results of their independent [security audits](https://support.1password.com/security-assessments), and they have a solid reputation for transparently disclosing and fixing vulnerabilities
      • Buttercup
      • Firefox Lockwise - privacyr), [Mitro](https://www.mitro.co), [Rattic](https://spideroak.com/encryptr), [JPasswords](http://jpws.sourceforge.net/jpasswords.html), [Passopolis](https://passopolis.com), [KYPS](https://en.wikipedia.org/wiki/KYPS), [Factotum](http://man.9front.org/4/factotum).
      • 1Password - featured cross-platform password manager with sync. Free for self-hosted data (or $3/ month hosted). Be aware that 1Password is not fully open source, but they do regularly publish results of their independent [security audits](https://support.1password.com/security-assessments), and they have a solid reputation for transparently disclosing and fixing vulnerabilities
  • 2-Factor Authentication

    • Categories

      • Tofu - to-use, open-source two-factor authentication app designed specifically for iOS
      • Authenticator - FA Client for iOS, which never connects to the internet - built by @mattrubin.me
      • Authenticator - based OTP authenticator. Has native With GNOME Shell integration. Also available through [flathub](https://flathub.org/apps/details/com.belmoussaoui.Authenticator).
      • Authenticator - browser One-Time Password (OTP) client, supports both Time-Based One-Time Password (TOTP, specified in [RFC 6238](https://tools.ietf.org/html/rfc6238) and HMAC-Based One-Time Password (HOTP, specified in [RFC 4226](https://tools.ietf.org/html/rfc4226).
      • 2fa.directory
      • TrayTop - offline and compatible with Windows, Mac and Linux.
      • Authy
      • Raivo OTP - time-password (OTP) client built for iOS; Raivo OTP! - built by @tijme
      • OTPClient - Hosted, Web-based)*, [Etopa](https://play.google.com/store/apps/details?id=de.ltheinrich.etopa) *(Android)*
      • 2fa.directory
  • File Encryption

    • Categories

      • VeraCrypt - platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt.
      • AES Crypt - weight and easy file encryption utility. It includes applications for Windows, Mac OS, BSD and Linux, all of which can be interacted with either through the GUI, CLI or programatically though an API (available for Java, C, C# and Python). Although it is well established, with an overall positive reputation, there have been some [security issues](https://www.reddit.com/r/privacytoolsIO/comments/b7riov/aes_crypt_security_audit_1_serious_issue_found/) raised recently.
      • BitLocker - not-bitlocker/), which could lead to your system being compromised. Similarly, Apple's [FileVault](https://support.apple.com/en-us/HT204837) on MacOS is easy and secure, but again, the source code is proprietary.
      • DiskCryptor - only, open source, file and volume encryption solution, that makes a good alternative to BitLocker.
      • PeaZip - platform open source file archiver utility. It allows you to create, open, and extract RAR TAR ZIP archives. It also has a [password-protection feature](https://peazip.github.io/peazip-password.html), which encrypts compressed files using AES-256, which is also compatible with most other archive utilities
      • age - style composability
      • CryptSetup - crypt](https://wiki.archlinux.org/index.php/Dm-crypt). [EncFS](https://github.com/vgough/encfs) is a cross-platform file-based encryption module, for use within user local directories. [geli](https://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8) is a disk encryption subsystem included with FreeBSD.
      • VeraCrypt - platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt.
  • Encrypted Cloud Storage

    • Notable Mentions

      • Cryptomator - platform, open source encryption app, designed for just this.
      • Tresorit - to-end encrypted zero knowledge file storage, syncing and sharing provider, based in Switzerland. The app is cross-platform, user-friendly client and with all expected features. Ā£6.49/month for 500 GB
      • IceDrive - platform apps. Starts as Ā£1.50/month for 150 GB or Ā£3.33/month for 1 TB
      • Sync.com
      • pCloud - platform client apps. Ā£3.99/month for 500 GB
      • Peergos - to-peer end-to-end encrypted global filesystem with fine grained access control. Provides a secure and private space online where you can store, share and view your photos, videos, music and documents. Also includes a calendar, news feed, task lists, chat and email client. Fully open source and self-hostable (or use hosted solution, Ā£5/month for 50 GB)
      • Internxt - knowledge cloud storage service based on best-in-class privacy and security. Made in Spain. Open-source mobile and desktop apps. 10GB FREE and Paid plans starting from ā‚¬0.99/month for 20GB.
      • FileN - to-end encrypted affordable cloud storage made in Germany. Open-source mobile and desktop apps. 10GB FREE with paid plans starting at ā‚¬0.92/month for 100GB.
  • Browsers

    • Categories

      • LibreWolf
      • Brave Browser - it provides speed, security, and privacy by blocking trackers with a clean, yet fully-featured UI. It also pays you in [BAT tokens](https://basicattentiontoken.org/) for using it. Brave also has Tor built-in, when you open up a private tab/ window.
      • Firefox - privacy/) or [12Bytes](https://12bytes.org/7750)
      • Bromite - respecting fork of Chromium for Android. Comes with built-in adblock and additional settings for hardening.
      • Mull - Fenix (Android), [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS), [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS), [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android), [Onion Browser](https://onionbrowser.com/) (iOS)
      • Nyxt - project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/)
      • extensions
      • Firefox Configuration for Privacy and Performance
      • extensions
      • Firefox Configuration for Privacy and Performance
    • Categories

      • DuckDuckGo - friendly, fast and secure search engine. It's totally private, with no trackers, cookies or ads. It's also highly customisable, with dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion) URL, for use with Tor and a [no Javascript version](https://duckduckgo.com/html/)
      • Qwant - party advertising. It returns non-biased search results, with no promotions. Qwant has a unique, but nice UI.
      • Startpage
      • Mojeek
      • MetaGear
      • privacy-respecting search engines
      • Searx - hostable search engines that use the results of multiple other engines (such as Google and Bing) at the same time. They're open source and self-hostable, although using a [public instance](https://searx.space) has the benefit of not singling out your queries to the engines used.
  • Encrypted Messaging

    • Categories

      • Signal - to-use, functioning similar to WhatsApp - with instant messaging, read-receipts, support for media attachments and allows for high-quality voice and video calls. It's cross-platform, open-source and totally free. Signal is [recommended](https://twitter.com/Snowden/status/661313394906161152) by Edward Snowden, and is a perfect solution for most users
      • XMPP - to-end encryption](https://en.wikipedia.org/wiki/OMEMO), which is based on the [Double Ratchet Algorithm](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) that is used in Signal. For more hands-on information and to register an account you can visit [JoinJabber](https://joinjabber.org). Below you can find a list of OMEMO-enabled clients for all the major platforms.<br><br><table><thead><tr><th>Program</th><th>Linux</th><th>MacOS</th><th>Windows</th><th>Android</th><th>iOS</th></tr></thead><tbody><tr><td><a href="https://gajim.org">Gajim</a> (<a href="https://gajim.org/download/#install-instructions">OMEMO plugin</a>)</td><td>āœ“</td><td><a href="https://dev.gajim.org/gajim/gajim/-/wikis/help/Gajim-on-macOS">~</a></td><td>āœ“</td><td></td><td></td></tr><tr><td><a href="https://dino.im">Dino</a> āœ†</td><td>āœ“</td><td></td><td><a href="https://github.com/LAGonauta/dino/releases">āœ“</a></td><td></td><td></td></tr><tr><td><a href="https://conversations.im">Conversations</a> / <a href="https://blabber.im">Blabber</a> āœ†</td><td></td><td></td><td></td><td>āœ“</td><td></td></tr><tr><td><a href="https://monal-im.org">Monal IM</a></td><td></td><td>āœ“</td><td></td><td></td><td>āœ“</td></tr><tr><td><a href="https://beagle.im">Beagle IM</a> / <a href="https://siskin.im">Siskin IM</a> āœ†</td><td></td><td>āœ“</td><td></td><td></td><td>āœ“</td></tr></tbody></table>
      • Matrix
      • Surespot
      • OpenPGP
      • not easy - bit key IDs](https://evil32.com/) - they are too short to be secure. There have also been vulnerabilities found in the OpenPGP and S/MIME, defined in [EFAIL](https://efail.de/), so although it still considered secure for general purpose use, for general chat, it may be better to use an encrypted messaging or email app instead.
      • Telegram - and-solutions/silent-phone/) and [Viber](https://www.viber.com/), to name a few - these apps should not be used to communicate any sensitive data. [Wire](https://wire.com/) has also been removed, due to a [recent acquisition](https://blog.privacytools.io/delisting-wire/)
      • Surespot
      • Surespot
      • Surespot
  • P2P Messaging

    • Categories

      • Session - based network. Session is a desktop and mobile app that uses these private routing protocols to secure messages, media and metadata.
      • Cwtch - tor-messenger) *(deprecated)*, [TorChat2](https://github.com/prof7bit/TorChat) *(deprecated)*, [Ricochet](https://ricochet.im) *(deprecated)*
      • Peer-to-Peer - down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of metadata.
      • Briar - based Android app for P2P encrypted messaging and forums. Where content is stored securely on your device (not in the cloud). It also allows you to connect directly with nearby contacts, without internet access (using Bluetooth or WiFi).
      • Ricochet Refresh
      • Tox - see [supported clients](https://tox.chat/clients.html). Clearly documented code and multiple language bindings make it easy for developers to integrate with Tox.
  • Encrypted Email

    • Categories

      • Prism Program - to-end encrypted) - this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
      • ProtonMail - source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. It has a free plan or a premium option for using custom domains (starting at $5/month). ProtonMail requires no personally identifiable information for signup, they have a [.onion](https://protonirockerxow.onion) server, for access via Tor, and they accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal).
      • Tutanota - featured free plan or a premium subscription for businesses allowing for custom domains ($12/ month).<br>Tutanota [does not use OpenPGP](https://tutanota.com/blog/posts/differences-email-encryption/) like most encrypted mail providers, instead they use a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm (with 128 bit AES, and 2048 bit RSA). This causes compatibility issues when communicating with contacts using PGP. But it does allow them to encrypt much more of the header data (body, attachments, subject lines, and sender names etc) which PGP mail providers cannot do
      • Mailfence - featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where Bitcoin, LiteCoin or credit card is accepted
      • MailBox.org - based, eco-friendly secure mail provider. There is no free plan, the standard service costs ā‚¬12/year. You can use your own domain, with the option of a [catch-all alias](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain). They provide good account security and email encryption, with OpenPGP, as well as encrypted storage. There is no dedicated app, but it works well with any standard mail client with SSL. There's also currently no anonymous payment option
      • Skiff - to-end encrypted, open-source, and privacy-first email that also integrates Web3 features such as crypto wallets and decentralized storage. Skiff has a simple and intuitive UI, supports [mobile apps](https://skiff.com/download) on iOS and Android, and requires no personally identifiable information to sign up or create an account. Skiff offers a Pro plan with additional storage space, aliases, custom domains, and more for $8 per month that can be paid using a credit card or with a crypto wallet.
      • HushMail
      • Mailfence - featured free plan, or you can pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5 domains), where Bitcoin, LiteCoin or credit card is accepted
      • OpenTechFund - Secure Email
      • Comparison or Private Email Providers - security-checklist/blob/master/README.md#emails)
    • Self-Hosted Email

      • Mail-in-a-box - to-go self-hosted mail options include [Mailu](https://mailu.io/1.7/) and [Mail Cow](https://mailcow.email/), both of which are docker containers.
  • Email Clients

    • Self-Hosted Email

      • Mozilla Thunderbird - it's secure, private easy and customizable. ~~The [Enigmail](https://www.enigmail.net) add-on allows for easy encryption/ decryption of PGP messages~~ (as of V 78.2.1 encryption is built in), and the [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy) extension routes all traffic through the Tor network. Forks, such as [Betterbird](https://github.com/Betterbird/thunderbird-patches) may add additional features
      • eM Client - based email client, for Windows and MacOS. eM Client has a clean user interface, snappy performance and good compatibility. There is a paid version, with some handy features, including snoozing incoming emails, watching for replies for a specific thread, message translation, send later, and built-in Calendar, Tasks, Contacts and Notes. Note, eM Client is proprietary, and not open source
      • SnappyMail - based mail client. This is an IMAP-only fork of [RainLoop](http://www.rainloop.net) that mitigates a severe [RainLoop vulnerability](https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html) and adds several new [features](https://snappymail.eu/comparison).
      • RoundCube - based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an email client, including MIME support, address book, folder manipulation, message searching and spell checking
      • FairEmail - featured and easy mail client for Android. Supports unlimited accounts and email addresses with the option for a unified inbox. Clean user interface, with a dark mode option, it is also very lightweight and consumes minimal data usage
      • K-9 Mail - 9 is open source, very well supported and trusted - k9 has been around for nearly as long as Android itself! It supports multiple accounts, search, IMAP push email, multi-folder sync, flagging, filing, signatures, BCC-self, PGP/MIME & more. Install OpenKeychain along side it, in order to encrypt/ decrypt emails using OpenPGP
      • pā‰”p - to-end encrypted mail client, for "automatic privacy". It has some nice features, however it is not open source
  • Anonymous Mail Forwarding

    • Self-Hosted Email

      • Anonaddy
      • 33Mail - standing aliasing service. As well as receiving, 33Mail also lets you reply to forwarded addresses anonymously. Free plan, as well as Premium plan ($1/ month) if you'd like to use a custom domain
      • SimpleLogin - login)) allias service with many additional features. Can be self-hosted, or the managed version has a free plan, as well as hosted premium option ($2.99/ month) for using custom domains
      • Firefox Private Relay - private-relay), and able to me self-hosted for advanced usage
      • ForwardEmail - all email forwarding service. Easy to self-host (see on [GitHub](https://github.com/forwardemail/free-email-forwarding)), or the hosted version has a free plan as well as a ($3/month) premium plan
      • ProtonMail - All Email feature.
      • mailhero.io - in encryption, so you will need to use PGP, but it is free.
      • Mailu - catchall](https://github.com/Pro/exchange-catchall)
      • ForwardEmail - all email forwarding service. Easy to self-host (see on [GitHub](https://github.com/forwardemail/free-email-forwarding)), or the hosted version has a free plan as well as a ($3/month) premium plan
  • Email Security Tools

    • Self-Hosted Email

      • Enigmail - on, enabling the use of OpenPGP to easily encrypt, decrypt, verify and sign emails. Free and open source, Enigmail is compatible with Interlink Mail & News and Postbox. Their website contains thorough documentation and quick-start guides, once set up it is extremely convenient to use.
      • Email Privacy Tester - receipts or other tracking data your mail client allows to be sent back to the sender. The system is open source ([on GitLab](https://gitlab.com/mikecardwell/ept3)), developed by [Mike Cardwell](https://www.grepular.com/) and trusted, but if you do not want to use your real email, creating a second account with the same provider, should yield identical results
      • DKIM Verifier - mail header, in order to help spot spoofed emails (which do not come from the domain that they claim to)
      • ProtonMail Bridge
  • VOIP Clients

    • Self-Hosted Email

      • Linphone - in media server. [SIP](https://en.wikipedia.org/wiki/Session_Initiation_Protocol)-based evolving to [RCS](https://en.wikipedia.org/wiki/Rich_Communication_Services). Native apps for Android, iOS, Windows, GNU/Linux and MacOS
      • SpoofCard
      • MicroSip
      • Mumble - latency, high quality voice chat software. You can host your own server, or use a hosted instance, there are client applications for Windows, MacOS and Linux as well as third-party apps for Android and iOS.
      • SpoofCard
  • Virtual Phone Numbers

    • Self-Hosted Email

  • Team Collaboration Platforms

    • Self-Hosted Email

      • Slack - teams-meeting-data-privacy), [Google for Work](https://www.wired.com/story/google-tracks-you-privacy/) and [Discord](https://cybernews.com/privacy/discord-privacy-tips-that-you-should-use-in-2020/) all come with some serious privacy implications.
      • RetroShare - to-1 chats with text and rich media using decentralized chat rooms, with a mail feature for delivering messages to offline contacts. A channels feature makes it possible for members of different teams to stay up-to-date with each other, and to share files. Also includes built-in forums, link aggregations, file sharing and voice and video calling. RetroShare is a bit more complex to use than some alternatives, and the UI is quite *retro*, so may not be appropriate for a non-technical team
      • Element - focused messenger using the Matrix protocol. The Element client allows for group chat rooms, media sharing voice and video group calls.
      • variety of clients - popular options include: [The Longe](https://thelounge.chat/) (Web-based), [HexChat](https://hexchat.github.io/) (Linux), [Pidgin](https://pidgin.im/help/protocols/irc/) (Linux), [WeeChat](https://weechat.org/) (Linux, terminal-based), [IceChat](https://www.icechat.net/) (Windows), [XChat Aqua](https://xchataqua.github.io/) (MacOS), [Palaver](https://palaverapp.com/) (iOS) and [Revolution](https://github.com/MCMrARM/revolution-irc) (Android)
      • Mattermost - hosted. It makes a good Slack alternative, with native desktop, mobile and web apps and a wide variety of [integrations](https://integrations.mattermost.com/)
      • Dialog
      • Rocket.Chat - to-deploy, self-hosted team collaboration platform with stable, feature-rich cross-platform client apps. The UI is fast, good looking and intuitive, so very little technical experience is needed for users of the platform. Rocket.Chat's feature set is similar to Slack's, making it a good replacement for any team looking to have greater control over their data
    • Notable Mentions

      • Tox
      • OSEM - in-one conference management tool, providing Registration, Schedules, Live and Recorded Sessions, Paper Submissions, Marketing Pages and Administration.
  • Browser Extensions

    • Notable Mentions

      • Privacy Badger - parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox]
      • HTTPS Everywhere - https.html)). Note this functionality is now included by default in most modern browsers. **Download**: [Chrome][https-everywhere-chrome] \ [Firefox][https-everywhere-firefox]
      • Firefox Multi-Account Containers - Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously. **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)
      • Canvas Fingerprint Blocker - blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd) \ [Firefox](https://addons.mozilla.org/en-US/firefox/addon/canvas-blocker-no-fingerprint/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/ahiddppepedlomdleppkbljnmkchlmdc) \ [Source](https://github.com/joue-quroi/canvas-fingerprint-blocker)
      • CSS Exfil Protection - exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo) \ [Firefox](https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/) \ [Source](https://github.com/mlgualtieri/CSS-Exfil-Protection)
      • Decentraleyes - party CDN. Improves privacy and load times. Works out-of-the-box and plays nicely with regular content blockers. **Download**: [Chrome][decentraleyes-chrome] \ [Firefox][decentraleyes-firefox] \ [Opera][decentraleyes-opera] \ [Pale Moon][decentraleyes-pale-moon] \ [Source][decentraleyes-source]
      • Privacy Essentials - essentials-chrome] \ [Firefox][privacy-essentials-firefox]
      • Self-Destructing Cookies - destructing-cookies-chrome] \ [Firefox][self-destructing-cookies-firefox] \ [Opera][self-destructing-cookies-opera] \ [Source][self-destructing-cookies-source]
      • User Agent Switcher - Agent string, making it appear that you are on a different device, browser and version to what you are actually using. This alone does very little for privacy, but combined with other tools, can allow you to keep your fingerprint changing, and feed fake info to sites tracking you. Some websites show different content, depending on your user agent.<br>**Download**: [Chrome](https://chrome.google.com/webstore/detail/user-agent-switcher/bhchdcejhohfmigjafbampogmaanbfkg) \ [Fireforx](https://addons.mozilla.org/firefox/addon/user-agent-string-switcher/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/cnjkedgepfdpdbnepgmajmmjdjkjnifa) \ [Opera](https://addons.opera.com/extensions/details/user-agent-switcher-8/) \ [Source](https://github.com/ray-lothian/UserAgent-Switcher/)
      • PrivacySpy - an open project that rates, annotates, and archives privacy policies. The extension shows a score for the privacy policy of the current website.<br>**Download**: [Chrome](https://chrome.google.com/webstore/detail/privacyspy/ppembnadnhiknioggbglgiciihgmkmnd) \ [Fireforx](https://addons.mozilla.org/en-US/firefox/addon/privacyspy/)
      • Web Archives - US/firefox/addon/view-page-archive/) \ [Chrome](https://chrome.google.com/webstore/detail/web-archives/hkligngkgcpcolhcnkgccglchdafcnao) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/apcfghlggldjdjepjnahfdjgdcdekhda) \ [Source](https://github.com/dessant/web-archives)
      • Flagfox - US/firefox/addon/flagfox/)
      • Track Me Not - profiling, through creating meaningless noise and obfuscation, outlined in their [whitepaper][tmn-whitepaper]. Controversial whether or not this is a good approach **Download**: [Firefox][tmn-firefox] \ [Source][tmn-source]
      • AmIUnique Timeline - chrome] \ [Firefox][amiunique-firefox]
      • Netcraft Extension - anti-phishing-ex/bmejphbfclcpmpohkggcjeibfilpamia) \ [Firefox](https://addons.mozilla.org/en-us/firefox/addon/netcraft-toolbar?src=external-apps-hero) \ [Opera](https://addons.opera.com/en/extensions/details/netcraft-anti-phishing-extension/) \ [Edge](https://microsoftedge.microsoft.com/addons/detail/netcraft-extension/ngjhgbnmdjjnmejmpamalgnlnmopllkm)
      • Extension source viewer
      • arkenfox wiki
      • LocalCDN - US/firefox/addon/localcdn-fork-of-decentraleyes/)
      • uBlock Origin - chrome] \ [Firefox][ublock-firefox]
      • ScriptSafe - safe-chrome] \ [Firefox][script-safe-firefox]
      • Temporary Containers - Account Containers, let's you isolate cookies and other private data for each web site. **Download**: [Firefox](https://github.com/stoically/temporary-containers)
      • WebRTC-Leak-Prevent - rtc-chrome]. For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc). Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)
      • Site Bleacher - US/firefox/addon/site-bleacher/) \ [Chrome](https://chrome.google.com/webstore/detail/site-bleacher/mlcfcepfmnjphcdkfbfgokkjodlkmemo) \ [Source](https://github.com/wooque/site-bleacher)
      • HTTPZ - Everywhere) <br>**Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/httpz/)
      • Lightbeam - firefox] \ [Source][lightbeam-source]
      • First Party Isolation - US/firefox/addon/first-party-isolation/)
      • Privacy-Oriented Origin Policy - US/firefox/addon/privacy-oriented-origin-policy/) \ [Source](https://github.com/claustromaniac/poop)
      • Privacy Redirect - US/firefox/addon/privacy-redirect/) / [Chrome](https://chrome.google.com/webstore/detail/privacy-redirect/pmcmeagblkinmogikoikkdjiligflglb)
      • LocalCDN - US/firefox/addon/localcdn-fork-of-decentraleyes/)
      • Skip Redirect - on tries to extract the final url from the intermediary url and goes there straight away if successful <br>**Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/skip-redirect/) \ [Source](https://github.com/sblask/webextension-skip-redirect)
      • Decentraleyes - party CDN. Improves privacy and load times. Works out-of-the-box and plays nicely with regular content blockers. **Download**: [Chrome][decentraleyes-chrome] \ [Firefox][decentraleyes-firefox] \ [Opera][decentraleyes-opera] \ [Pale Moon][decentraleyes-pale-moon] \ [Source][decentraleyes-source]
      • Privacy Badger - parties from secretly tracking where you go and what pages you look at. **Download**: [Chrome][privacy-badger-chrome] \ [Firefox][privacy-badger-firefox]
  • Browser Sync

    • Notable Mentions

      • ClearURLs
      • Floccus - US/firefox/addon/floccus/) and [Edge](https://microsoftedge.microsoft.com/addons/detail/gjkddcofhiifldbllobcamllmanombji)
      • XBrowserSync - run sync server](https://www.xbrowsersync.org/#status), or host your own with their [docker image](https://hub.docker.com/r/xbrowsersync/api). Extensions are available for [Chrome](https://chrome.google.com/webstore/detail/xbrowsersync/lcbjdhceifofjlpecfpeimnnphbcjgnc), [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/xbs/) and on [Android](https://play.google.com/store/apps/details?id=com.xBrowserSync.android)
      • Reminiscence - hosted bookmark and archive manager. Reminiscence is more geared towards archiving useful web pages either for offline viewing or to preserve a copy. It is a web application, that can be installed with Docker on either a local or remote server, although it has a comprehensive and well-documented REST API, there is currently [no browser extension](https://github.com/kanishka-linux/reminiscence/wiki/Browser-Addons)
      • Ymarks - based self-hosted bookmark synchronization server and [Chrome](https://chrome.google.com/webstore/detail/ymarks/gefignhaigoigfjfbjjobmegihhaacfi) extension.
      • syncmarx - US/firefox/addon/syncmarx/)).
      • NextCloud Bookmarks - US/firefox/addon/freedommarks/) (Firefox) and [OwnCloud Bookmarks](https://chrome.google.com/webstore/detail/owncloud-bookmarks/eomolhpeokmbnincelpkagpapjpeeckc) (Chrome).
      • Turtl Notes - in
      • RainDrop - featured all-in-1 bookmarking and web-snip suite. It has a beautiful UI, good data controls and some very handy integrations and features. Available on desktop, mobile, web and through a browser extension. The catch is that it is not open source, there is a free and premium plan, but no option for self-hosting.
  • Mobile Apps

  • Online Tools

  • Anti-Malware

    • Notable Mentions

      • VirusTotal - based malware scanner, that inspects files and URLs with over 70 antivirus scanners, URL/domain services, and other tools to extract signals and determine the legitimacy
      • ClamAV - platform antivirus engine for detecting viruses, malware & other malicious threats. It is versatile, performant and very effective
      • Armadito - based anti-virus and malware detection for Windows and Linux. Supports both ClamAV signatures and YARA rules. Has a user-friendly interface, and includes a web-based admin panel for remote access.
      • MalwareBytes - open-source)
  • Virtual Private Networks

    • Notable Mentions

      • Mullvad
      • Azire - security-checklist/issues/140).
      • IVPN - source apps and website. Strong ethics: no trackers, no false promises, no surveillance ads. Accepts various payment methods including crypotcurrencies.
      • ProtonVPN - friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy" providers that also offer a free plan
      • OVPN - proven VPN service with support for Wireguard and OpenVPN support, and optional ad-blocking. Running on dedicated hardware, with no hard drives
      • Read more about fingerprinting
      • VPN leaks
      • What is a DNS leak - to-fix-a-dns-leak.html)*
      • Streisand
      • Digital Ocean - to-set-up-and-configure-an-openvpn-server-on-centos-7) or [Ubuntu 18.4+](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7). See more about configuring [OpenVPN](https://openvpn.net/vpn-server-resources/digital-ocean-quick-start-guide/) or [IKEv2](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2). Alternatively, here is a [1-click install script](http://dovpn.carlfriess.com/)for on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess.
      • Outline - wide access to the free and open internet. And since you have full control over the server, you can be confident that there is no logging or monitoring happening. However it comes at the cost of anonymity, especially if it's only you using your instance.
      • Streisand
      • Digital Ocean - to-set-up-and-configure-an-openvpn-server-on-centos-7) or [Ubuntu 18.4+](https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7). See more about configuring [OpenVPN](https://openvpn.net/vpn-server-resources/digital-ocean-quick-start-guide/) or [IKEv2](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2). Alternatively, here is a [1-click install script](http://dovpn.carlfriess.com/)for on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess.
      • Tor
  • Bonus #4 - Self-Hosted Sysadmin

  • Self-Hosted Network Security

    • Notable Mentions

      • Technitium - invasive content at it's source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it
      • PiVPN - works nicely along-side PiHole
      • PF Sense
      • Zeek - infected computer on your network, and powerful network analysis framework and monitor
      • Pre-configured security boxes
      • SquidGuard - in for Squid and uses blacklists to define sites for which access is redirected
  • Mix Networks

    • Notable Mentions

      • Mix networks - to-trace communications, by encrypting and routing traffic through a series of nodes. They help keep you anonymous online, and unlike VPNs -there are no logs
      • Tor - layered encryption by default, meaning you can browse freely. Tor also allows access to OnionLand: hidden services
      • I2P - lived tunnels, it is packet-switched (instead of circuit-switched) with TCP and UDP, and continuously profiles peers, in order to select the best performing ones. <br>I2P is less mature, but fully-distributed and self-organising, its smaller size means that it hasn't yet been blocked or DOSed much
      • Freenet
      • here
      • GNUnet - project.eu), and [Nym](https://nymtech.neteu)
      • made arrests - be aware of information leaks through DNS, other programs or human error. Tor-supported browsers may might lag behind their upstream forks, and include exploitable unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)
      • running a Tor relay
  • Proxies

    • Notable Mentions

      • free
      • ShadowSocks - platform and easy to deploy, see [GitHub repo](https://github.com/shadowsocks)
      • Privoxy - caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk
      • Malicious Proxies - use the Tor network.
      • Malicious Proxies - use the Tor network.
  • DNS

    • Notable Mentions

      • CloudFlare - class protection. They have native cross-platform apps, for easy set-up.
      • AdGuard - source DNS provider, specialising in the blocking of ads, trackers and malicious domains. They have been independently audited and do not keep logs
      • NextDNS - blocking, privacy-protecting, censorship-bypassing DNS. Also comes with analytics, and the ability to shield kids from adult content
      • Full List of Public DoH Servers
      • this article
      • Quad9 - funded, performant DNS with a strong focus on privacy and security and easy set-up, however questions have been raised about the motivation of some of the financial backers.
      • BlahDNS - focused DNS
      • OpenNIC - focused DNS
      • Clean Browsing - based Content Filtering
      • Mullvad - enhancing service even if you donā€™t use Mullvad.
      • DNS leak test
      • RTC-7858 - over-HTTPS specification was outlined in [RFC8484](https://tools.ietf.org/html/rfc8484) in October '18. [DNSCrypt](https://dnscrypt.info/), is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing, through using cryptographic signatures to verify that responses originate from the chosen DNS resolver, and havenā€™t been tampered with. DNSCrypt is a well battle-tested protocol, that has been in use since 2013, and is still widely used.
      • this article
      • CloudFlare - class protection. They have native cross-platform apps, for easy set-up.
  • DNS Clients

    • Notable Mentions

      • Nebulo - root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. *(Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo)*
      • Stubby - Linux, Mac, OpenWrt & [Windows](https://dnsprivacy.org/wiki/display/DP/Windows+installer+for+Stubby)) | Acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy. Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections), [see example configuration](https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients)
      • Unbound - BSD, Linux, Windows & MacOS) | Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast, lean, and secure Unbound incorporates modern features based on open standards. It's fully open source, and recently audited. *(For an in-depth tutorial, see [this article](https://dnswatch.com/dns-docs/UNBOUND/) by DNSWatch.)*
      • Nebulo - root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. *(Note, since this uses Android's VPN API, it is not possible to run a VPN while using Nebulo)*
  • Firewalls

  • Ad Blockers

    • Notable Mentions

      • Diversion - blocking, Dnsmasq logging, Entware and pixelserv-tls installations and more on supported routers running [Asuswrt-Merlin firmware](https://www.asuswrt-merlin.net/), including its forks
      • hBlock - compliant shell script, designed for Unix-like systems, that gets a list of domains that serve ads, tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported) that prevents your system from connecting to them. Aimed at improving security and privacy through blocking advert, tracking and malware associated domains
      • RethinkDNS + Firewall - blocker and a firewall for Android 6+ (no root required)
      • TrackStop with PerfectPrivacy
      • Private Internet Access - 9242873-13842740), and [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) also have ad-block features.
  • Host Block Lists

    • Notable Mentions

      • SomeoneWhoCares/ Hosts - to-date host list, maintained by Dan Pollock - to make the internet not suck (as much)
      • Hosts by StevenBlack - maintained consolidated and extending hosts files from several well-curated sources. You can optionally pick extensions to block p0rn, Social Media, gambling, fake news and other categories
      • EasyList
      • iBlockList - for) for blocking content based on certain topics, inducing: spam, abuse, political, illegal, hijacked, bad peers and more
  • Router Firmware

    • Notable Mentions

      • OpenWRT - configured port forwarding protocols (UPnP, NAT-PMP + upnpd, etc), Load balancing, IP tunneling, IPv4 & IPv6 support
      • DD-WRT - in for firewall, and there's great VPN support as well as additional plug-and-play and wake-on-lan features
      • Tomato - router.com), [LibreCMC](https://librecmc.org) and [DebWRT](http://www.debwrt.net)
  • Network Analysis

    • Notable Mentions

      • OONI - A free tool and global observation network, for detecting censorship, surveillance and traffic manipulation on the internet. Developed by The Tor Project, and available for [Android](https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe), [iOS](https://apps.apple.com/us/app/id1199566366) and [Linux](https://ooni.org/install/ooniprobe)
      • Mongol
      • Proxy Checker - do-i-know-what-proxy-server-im-using)
  • Intrusion Detection

    • Notable Mentions

      • Zeek
      • OSSEC - based intrusion detection system, that performs log analysis, integrity checking, monitoring, rootkit detection, real-time alerting and active response
      • Kismet
      • Snare
  • Cloud Hosting

    • Notable Mentions

      • Vindo - managed virtual private servers and domain registration
      • Private Layer - grade, high-speed offshore dedicated servers, they own their own data centres, have a solid privacy policy and accept anonymous payment
      • Servers Guru - currencies (Bitcoin, Monero, Ethereum etc..) and don't require any personal informations. They resell from reliable main actors in the industry and provide multiple hosting locations across europe. Their VPS offers starts at 4.99ā‚¬/ month
      • 1984 - shore dedicated servers. [Orange Website](https://www.orangewebsite.com) specialises in protecting online privacy and free speech, hosted in Iceland. [RackBone](https://rackbone.ch) (previously DataCell) provides secure and ethical hosting, based in Switzerland. And [Bahnhof](https://www.bahnhof.net) offers high-security and ethical hosting, with their data centres locates in Sweden. Finally [Simafri](https://www.simafri.com/anonymous) has a range of packages, that support Tor out of the box
      • 5 eyes
  • Domain Registrars

  • DNS Hosting

  • Pre-Configured Mail-Servers

    • Notable Mentions

      • Mail-in-a-box - to-deploy fully-featured and pre-configured SMTP mail server. It includes everything from webmail, to spam filtering and backups
      • Docker Mailserver - stack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. Very complete, with everything you will need, customizable and very easy to deploy with docker
  • Digital Notes

    • Notable Mentions

      • Cryptee - text documents. Cryptee has encryption and anonymity at its core, it also has a beautiful and minimalistic UI. You can use Cryptee from the browser, or download native Windows, Mac OS, Linux, Android and iOS apps. Comes with many additional features, such as support for photo albums and file storage. The disadvantage is that only the frontend is open source. Pricing is free for starter plan, $3/ month for 10GB, additional plans go up-to 2TB
      • Turtle - host it yourself (see [repo](https://github.com/turtl)), or use their hosted plan (free edition or $3/ month for premium)
      • Joplin - platform desktop and mobile note-taking and todo app. Easy organisation into notebooks and sections, revision history and a simple UI. Allows for easy import and export of notes to or from other services. Supports synchronisation with cloud services, implemented with E2EE - however it is only the backed up data that is encrypted
      • Notable - based note editor for desktop, with a simple, yet feature-rich UI. All notes are saved individually as .md files, making them easy to manage. No mobile app, or built-in cloud-sync or encryption
      • Logseq - first, open-source knowledge base that works on top of local plain-text Markdown and Org-mode files
      • AFFiNE - source alternative to Notion, monday.com and Miro.
      • SafeRoom
      • Org Mode - all in plaintext.
      • Protected Text - platform secure notes app, where all entries are formatted with markdown.
  • Cloud Productivity Suites

    • Notable Mentions

      • NextCloud - hosted productivity platform, with a strong community and growing [app store](https://apps.nextcloud.com). NextCloud is similar to (but arguably more complete than) Google Drive, Office 365 and Dropbox, originally it was a fork from [OwnCloud](https://owncloud.org/), but since have diverged. Clear UI and stable native apps across all platforms, and also supports file sync. Supports encrypted files, but you need to configure this yourself. Fully open source, so you can self-host it yourself (or use a hosted solution, starting from $5/ month)
      • Disroot - it is widely used by journalists, activists and whistle-blowers. It is free to use, but there have been reported reliability issues of the cloud services
      • Sandstorm - hosting web apps. Once you've set it up, you can install items from the Sandstorm [App Market](https://apps.sandstorm.io/) with -click, similar to NextCloud in terms of flexibility
      • Vikunja - source to-do application. It is suitable for a wide variety of projects, supporting List, Gantt, Table and Kanban views to visualize all tasks in different contexts. For collaboration, it has sharing support via private teams or public links. It can be self-hosted or used as a managed service for a small fee.
      • Skiff Pages - to-end encrypted, privacy-first collaborative document, note-taking, and wiki product. Skiff Pages has a modern, easy-to-use UI and supports rich text documents with embedded content. Skiff also supports end-to-end encrypted file upload and sharing ([Skiff Drive](https://skiff.com/drive)), as well as workspaces for multiple users to collaborate. [Skiff Pages is available](https://skiff.com/download) on web, iOS, and Android.
  • Backup and Sync

    • Notable Mentions

      • Syncthing - encrypted and private. Syncthing can be deployed with Docker, and there are native clients for Windows, Mac, Linux, BSD and Android
      • Duplicacy
      • SpiderOak - in
      • secure the server - use a strong password, keep your credentials safe and enable 2FA.
  • File Drop

    • Notable Mentions

      • FilePizza - to-peer based file transfer from the browser, using [Web Torrent](https://webtorrent.io/). It's quick and easy to use, and doesn't require any software to be installed. Can also be self-hosted: [repo](https://github.com/kern/filepizza)
      • FileSend - day retention. Files are secured with client-side AES-256 encryption and no IP address or device info is logged. Files are permanently deleted after download or after specified duration. Developed by [StandardNotes](https://standardnotes.org/?s=chelvq36), and has built-in integration with the SN app.
      • OnionShare
  • Data Erasers

    • Notable Mentions

      • OW Shredder
      • not remove it - to-recover-deleted-files-2622870). Therefore, to protect your privacy, you should erase/ overwrite data from the disk, before you destroy, sell or give away a hard drive.
      • Eraser
      • Hard Disk Scrubber - 5020, DoD 5220.22-M, and Random Data
      • SDelete - M
      • DBAN - contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is the free edition of [Blanco](https://www.blancco.com/products/drive-eraser/), which is an enterprise tool designed for legal compliance.
      • shred
      • Secure Remove
      • Mr. Phone - source suite of forensic data tools for mobile. The data eraser allows for both Android and iOS to be fully wiped, through connecting them to a PC.
      • `dd` - wsv /dev/sdd`. An effective method of erasing an SSD, it to use [hdparm](https://en.wikipedia.org/wiki/Hdparm) to issue a [secure erase](https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security) command, to your target storage device, for this, see step-by-step instructions via: [wiki.kernel.org](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase). Finally, `[srm](https://www.systutorials.com/docs/linux/man/1-srm/)` can be use to securely remove files or directories, just run `srm -zsv /path/to/file` for a single pass over.
  • Video Conference Calls

    • Notable Mentions

      • many, many security issues with Zoom
      • Jitsi - host your own, or use a [community hosted instance](https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances)
      • Apache OpenMeetings - hosted video-conferencing, chat rooms, file server and tools for meetings. [together.brave.com](https://together.brave.com) is Brave's Jitsi Fork.
      • BigBlueButton - hosted conference call software, aimed specifically at schools and Universities. It allows for the host/ teacher to have full control over the session, and provides high-quality video streaming, multi-user whiteboards, breakout rooms, and instant chat.
  • PGP Managers

  • Metadata Removal Tools

    • Notable Mentions

      • Exif - magazine-just-accidentally-revealed-where-john-mca-5965295) to.
      • may reveal the location
      • ExifCleaner - platform, open source, performant EXIF meta data removal tool. This GUI tool makes cleaning media files really easy, and has great batch process support. Created by @szTheory, and uses [ExifTool](https://exiftool.org)
      • ExifTool - independent open source Perl library & CLI app, for reading, writing and editing meta data. Built by Phill Harvey. Very good performance, and supports all common metadata formats (including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3). An official [GUI application](https://exiftool.org/gui/) is available for Windows, implemented by Bogdan Hrastnik.
      • ImageMagic - strip path/to/image.png` to remove all metadata. If you have [GIMP](https://www.gimp.org) installed, then just go to `File --> Export As --> Export --> Advanced Options --> Uncheck the "Save EXIF data" option`.
  • Virtual Machines

    • Notable Mentions

      • VirtualBox - rich virtualization product, supporting x86 and AMD64/Intel64 architectures. Available for Windows, MacOS, Linux and BSD, and free for both personal and enterprise use. VirtualBox is backed by a strong community, and has been under active development since 2007.
      • Xen Project - 1 hyperviser for multiple operating systems using the same hardware - very useful for servers, as it allows for fully independent virtual Linux machines
      • UTM - 64 OSes on Apple Silicon Macs
      • QEMU
      • VMWare - V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v), which is a native Windows product, developed by Microsoft.
  • Social Networks

    • Notable Mentions

      • cost of our privacy - but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do.
      • Aether - governing communities with auditable moderation - a similar concept to Reddit, but more privacy-sensitive, democratic and transparent. Aether is open source and peer-to-peer, it runs on Windows, Mac and Linux
      • Discourse - hostable discussion platform you can use as a mailing list, discussion forum or long-form chat room.
      • Mastodon - source, distributed across independent servers, and with no algorithms that mess with users timelines
      • Minds
      • Vero - source) A mobile-based social network, whose USP is that they have "No Ads. No Data Mining. No Algorithms." Since Vero is not open source, it is not possible to verify the validity of these claims
      • diaspora\* - distributed, decentralized social networks, built on open protocols
      • Tildes - bulletin boards and news aggregators (similar to Reddit)
      • Pixelfed - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram)
      • tweaks - respecting client - such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy
  • Video Platforms

    • Notable Mentions

      • DTube - free video platform with little to no moderation that uses cryptocurrency and blockchain technology to pay its users.
      • BitTube - to-peer, decentralized, censorship-free, ad-free video sharing and live streaming platform based on IPFS and blockchain technology
      • BitChute
      • Petey Vid - biased video search engine. Unlike normal search engines it indexes videos from a lot of sources, including Twitter, Veoh, Instagram, Twitch, MetaCafe, Minds, BitChute, Brighteon, D-Tube, PeerTube, and many others.
  • Blogging Platforms

    • Notable Mentions

      • telegra.ph
      • Mataroa - blog/mataroa) and privacy-conscious.
      • Bear Blog - first, no-nonsense, super-fast blogging platform. [Repo on GitHub](https://github.com/HermanMartinus/bearblog).
      • Movim - source](https://github.com/movim/movim) web frontend for XMPP that supports decentralized blogging and chatrooms.
      • Ghost
      • Standard Notes
  • News Readers and Aggregation

    • Notable Mentions

      • Tiny RSS - based news feed (RSS/Atom) reader and aggregator
      • RSSOwl - based RSS reader, with powerful organisation features
      • Feedly - to-digest clean and modern interface. It works with more than just RSS feeds, since it is well integrated with many major news outlets. It does not manipulate the stories you see, and is mostly open source
      • Tonic - you can use throwaway accounts for posting.
      • reputation - and for that a lot of data needs to have been collected about you, your habits, interests and routines.
  • Proxy Sites

    • Notable Mentions

      • Nitter - end focused on privacy, it prevents Twitter from tracking your IP or browser fingerprint. It does not include any JavaScript, and all requests go through the backend, so the client never talks directly to Twitter. It's written in Nim, is super lightweight, with multiple themes and a responsive mobile version available, as well as customizable RSS feeds. Uses an unofficial API, with no rate limits or and no developer account required.
      • Libreddit - end for Reddit written in Rust. Massively [faster than Reddit](https://github.com/spikecodes/libreddit#speed) by not including ads, trackers or bloat. Libreddit can be deployed and selfhosted through `cargo`, Docker and Repl.it and proxies all requests through the back-end. Libreddit currently implements most of Reddit's functionalities that don't require users to be signed in.
      • WebProxy - blocked content. The service is maintained by [DevroLabs](https://devrolabs.com/), who also run the [OnionSite](https://onionsite.weboproxy.com/) web proxy, they claim to that all traffic is 256-bit SSL-encrypted, but this cannot be verified - never enter any potentially personally identifiable information, and use it purely for consuming content.
      • NewPipe - respecting YouTube client for Android.
      • FreeTube - feel desktop app. It is built upon the [Invidious](https://invidious.io/) API.
      • Invidious - focused, open source alternative frontend for YouTube. It prevents/ reduces Google tracking, and adds additional features, including an audio-only mode, Reddit comment feed, advanced video playback settings. It's super lightweight, and does not require JavaScript to be enabled, and you can import/ export your subscriptions list, and customize your feed. See list of [Invidious Public Instances](https://github.com/iv-org/invidious/wiki/Invidious-Instances).
  • Cryptocurrencies

    • Notable Mentions

      • ZCash - knowledge proofs to protect privacy cryptographic technique, that allows two users to transact without ever revealing their true identity or address. The Zcash blockchain uses two types of addresses and transactions, Z transactions and addresses are private and T transactions and addresses are transparent like Bitcoin.
      • Local Bitcoins
      • PIVX
  • Crypto Wallets

    • Notable Mentions

      • Trezor - platform, offline, crypto wallet, compatible with 1000+ coins. Your private key is generated on the device, and never leaves it, all transactions are signed by the Trezor, which ensures your wallet is safe from theft. There are native apps for Windows, Linux, MacOS, Android and iOS, but Trezor is also compatible with other wallets, such as Wasabi. You can back the Trezor up, either by writing down the seed, or by duplicating it to another device. It is simple and intuitive to use, but also incredible customisable with a large range of advanced features.
      • Electrum - standing Python-based Bitcoin wallet with good security features. Private keys are encrypted and do not touch the internet and balance is checked with a watch-only wallet. Compatible with other wallets, so there is no tie-in, and funds can be recovered with your secret seed. It supports proof-checking to verify transactions using SPV, multi-sig and add-ons for compatibility with hardware wallets. A decentralized server indexes ledger transactions, meaning it's fast and doesn't require much disk space. The potential security issue here would not be with the wallet, but rather your PC - you must ensure your computer is secure and your wallet has a long, strong passphrase to encrypt it with.
      • Samourai Wallet - source, Bitcoin-only privacy-focused wallet, with some innovative features.<br>Samourai Wallet works under any network conditions, with a full offline mode, useful for cold storage. It also supports a comprehensive range of privacy features including: STONEWALL that helps guard against address clustering deanonymization attacks, PayNym which allows you to receive funds without revealing your public address for all to see, Stealth Mode which hides Samourai from your devices launcher, Remote SMS Commands to wipe or recover your wallet if device is seized or stolen, and Whirlpool which is similar to a coin mixer, and OpenDime is also supported for offline USB hardware wallets.
      • Sparrow Wallet - on the contrary it attempts to provide as much detail as possible about your transactions and UTXOs, but in a way that is manageable and usable.
      • Atomic Wallet - does-atomic-wallet-offer-hardware-wallet-integration) hardware wallets yet. Therefor, it may only be a good choice as a secondary wallet, for storing small amounts of your actively used currency
      • CryptoSteel - CryptoSteel is a good fire-proof, shock-proof, water-proof and stainless cryptocurrency backup solution.
      • BitBox02 - 20 tokens) | Open source hardware wallet, supporting secure multisig with the option for making encrypted backups on a MicroSD card.
      • ColdCard
      • Metamask - based app means that you need to stay vigilant with what services you give access to.
  • Crypto Exchanges

    • Notable Mentions

      • Bisq - source, peer-to-peer application that allows you to buy and sell cryptocurrencies in exchange for national currencies. Fully decentralized, and no registration required.
      • LocalBitcoins - to-person exchange, find people local to your area, and trade directly with them, to avoid going through any central organisation. Primarily focused on Bitcoin, Ethereum, Ripple and LiteCoin, as it gets harder to find people near you selling niche alt-coins
      • AtomicDEX - to-person cryptocurrency exchange with no KYC or registration required and uses atomic swaps to perform trustless trades. The orderbook uses a modified libp2p protocol to prevent censorship and maintain decentralization. Fiat currencies are not supported, but hundreds of alt-coins and major cryptocurrencies are supported.
      • RoboSats - to-peer experience and makes use lightning hold invoices to minimize custody and trust requirements. The deterministically generated avatars help users stick to best privacy practices.
      • BaseFEX - coins, [Binance](https://www.binance.com/en/register?ref=X2BHKID1) has a wide range of currencies, and ID verification is not needed for small-value trades.
  • Virtual Credit Cards

  • Budgeting Tools

    • Notable Mentions

      • Firefly III - hosted) | A free and open source personal finance manager. Firefly III has all essential features, a clean and clear UI and is easy to set up and use (see [live demo](https://demo.firefly-iii.org)). It's backed by a strong community, and is regularly updated with new features, improvements and fixes. There is also a hass.io [addon](https://github.com/hassio-addons/addon-firefly-iii), and it works nicely with [Home Assistant](https://www.home-assistant.io). Note: Since it is self-hosted, you will need to ensure that your server (either local or remote) is correctly configured for security.
      • EasyBudget - to-use app open source budgeting app. It doesn't have all the features that alternatives offer, but it does simple budget management and planning very effectively
      • HomeBank - party port for Mac OS)
      • GnuCash - featured cross-platform accounting application, which works well for both personal and small business finance. First released in 1998, GnuCash is long standing and very stable, and despite a slightly dated UI, it's still a very popular option. Originally developed for Linux, GnuCash is now available for Windows, Mac and Linux and also has a well rated official [Android app](https://play.google.com/store/apps/details?id=org.gnucash.android&hl=en)
      • Plain Text Accounting - line-friendly software, such as Ledger](https://www.ledger-cli.org), [hledger](https://hledger.org/), [Beancount](https://github.com/beancount/beancount) and [more](https://plaintextaccounting.org/#pta-apps). Unlike other tools, you have full control over your data, and are not tied to a particular vendor
      • Collabora - populate your spreadsheets from your financial data, using publicly accessible API - mitigating the requirement for a dedicated budgeting application.
      • Smart Wallet - Budget](https://rezach.github.io/my-budget) (Desktop), [MoneyManager EX](https://www.moneymanagerex.org), [Skrooge](https://skrooge.org), [kMyMoney](https://kmymoney.org) and [Budget Zen](https://budgetzen.net) (a simple E2E encrypted budget manager)
  • Mobile Operating Systems

    • Notable Mentions

      • Google tracks you
      • custom ROM - free mobile OS that can be flashed to your device.
      • GrapheneOS - support).
      • CalyxOS
      • DivestOS - span of discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained solely by Tad (SkewedZeppelin) since 2014.
      • LineageOS - source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, supports a wide range of devices, and comes bundled with [Privacy Guard](https://en.wikipedia.org/wiki/Android_Privacy_Guard)
      • Replicant OS - featured distro, with an emphasis on freedom, privacy and security. [OmniRom](https://www.omnirom.org/), [Resurrection Remix OS](https://resurrectionremix.com/), and [Paranoid Android](http://paranoidandroid.co/) are also popular options. Alternatively, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.
  • Desktop Operating Systems

    • Notable Mentions

      • Qubes OS - source security-oriented operating system for single-user desktop computing. It uses virtualisation, to run each application in its own compartment to avoid data being leaked. It features [Split GPG](https://www.qubes-os.org/doc/split-gpg/), [U2F Proxy](https://www.qubes-os.org/doc/u2f-proxy/), and [Whonix integration](https://www.qubes-os.org/doc/whonix/). Qubes makes is easy to create [disposable VMs](https://www.qubes-os.org/doc/disposablevm/) which are spawned quickly and destroyed when closed. Qubes is [recommended](https://twitter.com/Snowden/status/781493632293605376) by Edward Snowden
      • Whonix - Whonix is based on Debian, [KickSecure](https://www.whonix.org/wiki/Kicksecure) and [Tor](https://www.whonix.org/wiki/Whonix_and_Tor)
      • Tails - in system-wide, and uses state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging. Open source, and built on top of Debian. Tails is simple to stop, configure and use
      • Parrot - based operating system, that is geared towards security, privacy and development. It is fully-featured yet light-weight, very open. There are 3 editions: General Purpose, Security and Forensic. The Secure distribution includes its own sandbox system obtained with the combination of [Firejail](https://firejail.wordpress.com/) and [AppArmor](https://en.wikipedia.org/wiki/AppArmor) with custom security profiles. While the Forensics Edition is bundled with a comprehensive suite of security/ pen-testing tools, similar to Kali and Black Arch
      • Discreete Linux - blowers, Discreete Linux is similar to Tails, in that it is booted live from external media, and leaves no/ minimal trace on the system. The aim of the project, was to provide all required cryptographic tools offline, to protect against Trojan-based surveillance
      • Alpine Linux - oriented, lightweight distro based on musl libc and busybox. It compiles all user-space binaries as position-independent executables with stack-smashing protection. Install and setup may be quite complex for some new users
      • Septor - based distro with the KDE Plasma desktop environment, and Tor baked-in. Designed for surfing the web anonymously, and completing other internet-based activities (with Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare). Septor is light-weight, but comes bundled with all the essential privacy + security utilities (including: Gufw, Ark, Sweeper, KGpg, Kleopatra, KWallet, VeraCrypt, Metadata Anonymisation Toolkit and more).
      • Subgraph OS - wide attack mitigations, and all key applications run in sandbox environments. Subgraph is still in beta (at the time of writing), but still is well tested, and has some nice anonymization features
      • Kali
      • TENS OS - kodachi/) and [IprediaOS](https://www.ipredia.org). (Avoid systems that are not being actively maintained)
      • Fedora - all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch) is a good option, with a simple install process, used by new comers, and expers alike. **[POP_OS](https://pop.system76.com/)** and **[PureOS](https://www.pureos.net/)** are reasonably new general purpose Linux, with a strong focus on privacy, but also very user-friendly with an intuitive interfac and install process. See [Simple Comparison](https://computefreely.org/) or [Detailed Comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions).
      • OpenBSD
      • Windows 10 AME - intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications (appx apps will no longer work), have also been successfully eliminated. The total size of removed files is about 2 GB. Comes as a pre-built ISO or option to build from scratch with de-bloat scripts. Strong, supportive community on Telegram.
      • Windows 10 security guide - privacy-tips/) or [Linux security guide](https://spreadprivacy.com/linux-privacy-tips/).
      • Windows 10 LTSC - cost Windows 10 version, that is intended for specialized systems, and receives less regular feature updates. What makes it appealing, is that it doesn't come with any bloatware or non-essential applications, and needs to be configured from the ground up by the user. This gives you much better control over what is running on your system, ultimately improving security and privacy. It also includes several enterprise-grade [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security), which are not available in a standard Windows 10 instance. It does require some technical knowledge to get started with, but once setup should perform just as any other Windows 10 system. Note that you should only download the LTSC ISO from the Microsoft's [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise)
  • Linux Defences

    • Notable Mentions

      • Gufw - overhead, under active maintenance and backed by a strong community. Installable through most package managers, or compile from [source](https://answers.launchpad.net/gui-ufw)<br>Other popular firewalls are [OpenSnitch](https://github.com/evilsocket/opensnitch) and [Uncomplicated Firewall](https://en.wikipedia.org/wiki/Uncomplicated_Firewall), see more [firewalls](#firewalls)
      • ClamTk - end for ClamAV, making it an easy to use, light-weight, on-demand virus scanner for Linux systems
      • chkrootkit
      • Snort - time traffic analysis and packet
      • SecTools.org
  • Windows Defences

  • Code Hosting

    • Notable Mentions

      • GitLab - featured git, CI and project management platform. Managed instance available, but can also be self-hosted
      • SourceHut - based build pipelines. Can be self-hosted, or used through the managed instance at [sr.ht](https://sr.ht/)
      • Codeberg - managed instance of [Forgejo](https://forgejo.org)
      • Gitea - hosted git platform, written in Go
      • Gogs - hosted git platform, written in Go
  • Home Automation

    • Notable Mentions

      • Home Assistant - 1500+ integrations. Runs well on a Raspberry Pi, accessible though a web interface and CLI, as well as several controller apps (such as [HassKit](https://play.google.com/store/apps/details?id=com.thhkstudio.hasskit) and the official [Home Assistant App](https://play.google.com/store/apps/details?id=io.homeassistant.companion.android))
      • OpenHAB - powered home server, and again there are some great apps for, such as the official [OpenHabb App](https://play.google.com/store/apps/details?id=org.openhab.habdroid) and the [HomeHabit](https://play.google.com/store/apps/details?id=app.homehabit.view) wall dashboard
      • Domoticz
      • Node-RED - RED is a programming tool for wiring together hardware devices, APIs and online services, it provides a browser-based editor that makes it easy to build flows with a wide range of supported nodes, and it is easy to deploy locally in your network
      • ThingsBoard
      • Domoticz
  • AI Voice Assistants

    • Notable Mentions

      • reputation - google-home-security-vulnerability-srlabs-phishing-eavesdropping). For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security
      • Kalliope - on voice controlled personal assistant designed for home automation. It runs well on Raspberry Pi, Debian or Ubuntu and is easy to program with simple YAML-based skills, but does not have a wide library of pre-built add-ons
  • Bonus #2 - Open Source Media Applications

  • Bonus #7 - Raspberry Pi/ IoT Security Software

    • Notable Mentions

      • KeePass Portable - Portable password manager. For hardware-encrypted password manager, see [HardPass 2.0](https://hackaday.io/project/21227-hardpass02-hardware-passwd-manager-w-smart-card)
  • More Awesome Software Lists

  • News & Updates

    • Notable Mentions

  • Final Notes

  • Bonus #5 - Self-Hosted Development Tools

    • Notable Mentions

      • Docker
      • Request Bin - Inspect HTTP requests and Debug webhooks
      • Judge0 - A web compiler accessed through either an API of web-IDE, for executing trusted or untrusted code
  • Intro [![Awesome](https://awesome.re/badge.svg)](https://awesome.re)

Categories
Bonus #1 - Alternatives to Google 72 Browser Extensions 32 Online Tools 23 Mobile Apps 21 Desktop Operating Systems 15 Bonus #3 - Self-Hosted Services 15 DNS 14 Virtual Private Networks 14 PGP Managers 13 Windows Defences 12 Encrypted Email 11 Encrypted Messaging 10 Data Erasers 10 Social Networks 10 2-Factor Authentication 10 Bonus #2 - Open Source Media Applications 10 Password Managers 10 Browsers 10 Crypto Wallets 9 Browser Sync 9 Anonymous Mail Forwarding 9 Team Collaboration Platforms 9 Firewalls 9 Digital Notes 9 File Encryption 8 Mix Networks 8 Encrypted Cloud Storage 8 Mobile Operating Systems 7 Virtual Credit Cards 7 Budgeting Tools 7 Email Clients 7 Bonus #4 - Self-Hosted Sysadmin 7 Search Engines 7 Home Automation 6 P2P Messaging 6 Self-Hosted Network Security 6 Proxy Sites 6 Blogging Platforms 6 Final Notes 5 Proxies 5 Code Hosting 5 News Readers and Aggregation 5 Ad Blockers 5 Cloud Productivity Suites 5 Cloud Hosting 5 Virtual Machines 5 Linux Defences 5 Metadata Removal Tools 5 Crypto Exchanges 5 VOIP Clients 5 Email Security Tools 4 Host Block Lists 4 Intrusion Detection 4 Video Conference Calls 4 Anti-Malware 4 DNS Clients 4 Backup and Sync 4 More Awesome Software Lists 4 Video Platforms 4 Virtual Phone Numbers 4 Router Firmware 3 Network Analysis 3 File Drop 3 Cryptocurrencies 3 Bonus #5 - Self-Hosted Development Tools 3 AI Voice Assistants 2 Pre-Configured Mail-Servers 2 News & Updates 1 DNS Hosting 1 Intro [![Awesome](https://awesome.re/badge.svg)](https://awesome.re) 1 Domain Registrars 1 Bonus #7 - Raspberry Pi/ IoT Security Software 1