Skip to content

Privacy Guide

THIS IS A PROOF OF CONCEPT THAT IS STILL WORK IN PROGRESS, THE CONTENT OF THIS PAGE WILL SURELY END UP IN A DEDICATED WEB PAGE OUTSIDE OF THE WIKI

What?

This "guide" is just a big list of great software/providers to dig into, the idea is that this is the information I would like to have seen 4 years ago: me from 4 years ago just wanted a list of good things to dig into: this is a list of good things to dig into.

Threat model: This guide is focused on a specific threat model: avoiding Big Tech company, avoiding companies with ties to law enforcements/government agencies/governments (when possible), avoiding companies with double standard/bad privacy practices.

License: The content of this guide is released under the CC BY-NC-SA 4.0 to everyone, except the current, past and future team members of privacyguides org and privacytools io (or any future domain owned/controlled/related by or to them), reuse is allowed following this license, as long as the content doesn't end up on privacyguides org, privacytools io (or any future domain owned/controlled/related by or to them) and any provider that isn't recommended in this guide.


Why?

This guide has been created because privacyguides org and privacytools io made awful decisions and have awful recommendations. There's also various internal issues at privacyguides org between their own team members.

Some examples of awful decisions I contested:

The "Do not use" category include things recommended by privacyguides org, that, as the name suggest, you shouldn't use.


Some community feedback about what privacyguides org has become:

More: https://libreddit.pussthecat.org/r/PrivacyGuides/comments/rbv0uh/recent_updates_to_privacyguidesorg/


Requirements

  • All software must be open source no exception.
  • All providers mustn't be based in the Five Eyes - USA/Canada/Australia/United Kingdom/New Zealand - or Russia.
  • All providers shouldn't ideally be based in Switzerland (reason: Switzerland privacy died in 2018, they now basically have their own "NSA-like" agency, providers are just using "Switzerland" in their marketing because the country still has a reputation of being private - while it's not).
  • All providers must have open source clients (or use an open standard, like IMAP/POP3 for e-mail).
  • All providers should ideally have open source servers.
  • All providers mustn't be invite only (sorry RiseUp and cTemplar).

List

Providers

Cloud Storage

Use:

  • Your own self-hosted Nextcloud
  • Any provider supported by Rclone (and just encrypt with it) that isn't: a Big Tech company (Amazon, Apple, Google, Microsoft...), in a Five Eyes country - USA, Canada, Australia, United Kingdom, New Zealand - (BackBlaze, Dropbox, Icedrive, Mega, Box, OpenDrive, Crashplan, Wasabi, pCloud, Rsync net, and more...) or in Russia (Yandex...).
  • Cryptee (Note: expensive, not audited, not supported by Rclone)
  • Filen (Note: really young, not audited, not supported by Rclone)

Do not use:

DNS Resolver

Use (if you use a VPN):

  • The one provider by your VPN provider

Use (if you don't use a VPN):

Do not use:

  • Cloudflare: it's Cloudflare.
  • NextDNS: USA-based
  • UncensoredDNS: Hobby project + No privacy policy.

Email provider

Moved to their own page

Search Engines

Use:

Social Networks

Social networks are fundamentally not private by design, but if you have to use one, follow this list:

Use:

  • Any Fediverse-compatible project (Mastodon, diaspora*, Friendica, GNU social, Pleroma, Pixelfed...)
  • Lemmy (Note: Projects owners/creators are heavily politically biased and use Lemmy to "push" their political opinions)

Social News Aggregator

Use:

  • RSS

VPN

Note: A good rules is to avoid any VPN that has referrals and/or advertise and/or do fake "time limited" sales (basically 99% of them).

Use:

Do not use:

Software

Web Browser

Use:

Do not use:

  • Tor Browser: it's a browser made for anonymity, not privacy

Operating Systems

PC

Use:

  • Any FOSS non-corporate GNU/Linux distribution (except Manjaro)
  • Any FOSS non-corporate BSD distribution

Do not use:

  • Anything Ubuntu-based (that isn't Linux Mint): Made by Canonical, a company that created and "push" the use of Snap, a "packaging system" that requires connecting to their own closed source server, and used to include advertising for Amazon.
  • Any corporate distro
  • Manjaro: Sketchy, amateurish distro, awful security practice (keep packages on hold for 2 weeks "testing purposes" but no test is actually done), fired their treasurer because he dug too much into the finances and so much more. (More: https://manjarno.pages.dev/ / https://github.com/arindas/manjarno - Luke Smith's video about it: Invidious / Odysee / PeerTube).
Mobile

Use:

Do not use:

  • Any rom that ship with MicroG (CalyxOS...): MicroG encourage the use of spyware, just stick to open source software. Having MicroG isn't that bad on principle if you stick to 100% FOSS stuff but disable as much stuff as possible.

Calendar and Contact Sync

Use:

  • EteSync
  • CalDAV/CarDAV (No client side encryption)

Notebooks

Use:

Do not use:

  • Standard Notes: Overly corporate, requires a subscription (so requires an account) on their platform to do basic things (like installing "editors": "An active subscription is required to access advanced features such as editors."), markdown support is only available through a "custom editor", and therefore requires a subscription.

Email Clients

PC

Use:

Mobile

Use:

File Encryption Software

Use:

Do not use:

  • Cryptomator: Android client is paid

File Sharing

Use:

Metadata Removal Tools

PC

Use:

  • ExifCleaner
  • Exiftools or anything supporting it (imagemagick for example)
Mobile

Use:

Password Managers

Use:

  • Vaultwarden (You can also use Bitwarden itself to support its development, but it's not as simple to deploy)
  • KeePassXC (Android client: KeePassDX)

Pastebin

Use:

Instant Messengers

Use:

  • XMPP (Note: not really user friendly, OMEMO encryption with multiple devices on one account is "weird" and sometimes will only make messages apear on one devices)
  • Matrix (Note: more user friendly than XMPP, easy encryption with multiple devices, but worse clients, more metadata leakages, heavier server and more minor to major issues)
  • Briar (Note: Anonymous, P2P, TOR based, ideal for anonymous communication)
  • Session (Note: Anonymous, Lokinet based, ideal for anonymous communication)

Do not use:

Video/Voice chat

Use: