privacytools.io

You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.

Glenn Greenwald: Why privacy matters Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.

The primary reason for window curtains in our house, is to stop people from being able to see in. The reason we don’t want them to see in is because we consider much of what we do inside our homes to be private. Whether that be having dinner at the table, watching a movie with your kids, or even engaging in intimate or sexual acts with your partner. None of these things are illegal by any means but even knowing this, we still keep the curtains and blinds on our windows. We clearly have this strong desire for privacy when it comes to our personal life and the public.

Read also:

Quotes

Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.

The NSA has built an infrastructure that allows it to intercept almost everything. With this capability, the vast majority of human communications are automatically ingested without targeting. If I wanted to see your emails or your wife's phone, all I have to do is use intercepts. I can get your emails, passwords, phone records, credit cards. I don't want to live in a society that does these sort of things... I do not want to live in a world where everything I do and say is recorded. That is not something I am willing to support or live under.

We all need places where we can go to explore without the judgmental eyes of other people being cast upon us, only in a realm where we're not being watched can we really test the limits of who we want to be. It's really in the private realm where dissent, creativity and personal exploration lie.

Global Mass Surveillance - The Fourteen Eyes

UKUSA Agreement

The UKUSA Agreement is an agreement between the United Kingdom, United States, Australia, Canada, and New Zealand to cooperatively collect, analyze, and share intelligence. Members of this group, known as the Five Eyes, focus on gathering and analyzing intelligence from different parts of the world. While Five Eyes countries have agreed to not spy on each other as adversaries, leaks by Snowden have revealed that some Five Eyes members monitor each other's citizens and share intelligence to avoid breaking domestic laws that prohibit them from spying on their own citizens. The Five Eyes alliance also cooperates with groups of third-party countries to share intelligence (forming the Nine Eyes and Fourteen Eyes), however Five Eyes and third-party countries can and do spy on each other.

Five Eyes

  1. Australia
  2. Canada
  3. New Zealand
  4. United Kingdom
  5. United States of America

Nine Eyes

  1. Denmark
  2. France
  3. Netherlands
  4. Norway

Fourteen Eyes

  1. Belgium
  2. Germany
  3. Italy
  4. Spain
  5. Sweden

Key Disclosure Law

Who is required to hand over the encryption keys to authorities?

Mandatory key disclosure laws require individuals to turn over encryption keys to law enforcement conducting a criminal investigation. How these laws are implemented (who may be legally compelled to assist) vary from nation to nation, but a warrant is generally required. Defenses against key disclosure laws include steganography and encrypting data in a way that provides plausible deniability.

Steganography involves hiding sensitive information (which may be encrypted) inside of ordinary data (for example, encrypting an image file and then hiding it in an audio file). With plausible deniability, data is encrypted in a way that prevents an adversary from being able to prove that the information they are after exists (for example, one password may decrypt benign data and another password, used on the same file, could decrypt sensitive data).

Key disclosure laws may apply

Key disclosure laws don't apply

* (people who know how to access a system may be ordered to share their knowledge, however, this doesn't apply to the suspect itself or family members.)

Related Information

Why is it not recommended to choose a US-based service?

USA

Services based in the United States are not recommended because of the country's surveillance programs, use of National Security Letters (NSLs) and accompanying gag orders, which forbid the recipient from talking about the request. This combination allows the government to secretly force companies to grant complete access to customer data and transform the service into a tool of mass surveillance.

An example of this is Lavabit – a secure email service created by Ladar Levison. The FBI requested Snowden's records after finding out that he used the service. Since Lavabit did not keep logs and email content was stored encrypted, the FBI served a subpoena (with a gag order) for the service's SSL keys. Having the SSL keys would allow them to access communications (both metadata and unencrypted content) in real time for all of Lavabit's customers, not just Snowden's.

Ultimately, Levison turned over the SSL keys and shut down the service at the same time. The US government then threatened Levison with arrest, saying that shutting down the service was a violation of the court order.

Related Information

Recommended VPN Service

Mullvad

Mullvad EUR €60/Year

Mullvad is a fast and inexpensive VPN with a serious focus on transparency and security, they have been in operation since 2009. It is the only VPN provider that currently meets our criteria for recommendation. Mullvad is based in Sweden and does not have a free trial. Visit mullvad.net to create an account.

409+ Servers

Mullvad has 409 servers in 38 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.

WireGuard Support

In addition to standard OpenVPN connections, Mullvad supports Wireguard. Wireguard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.

Independently Audited

Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report published at cure53.de. The security researchers concluded:

...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.

Accepts Bitcoin

Mullvad in addition to accepting credit/debit cards and PayPal, accepts Bitcoin, Bitcoin Cash, and cash/local currency as anonymous forms of payment. They also accept Swish and bank wire transfers.

No Mobile Clients

While iOS and Android clients are reportedly in the works, mobile users will need to use a traditional OpenVPN client and configuration files, which are a bit more difficult to configure.

Extra Functionality

The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at xcln5hkbriyklr6n.onion.

Other Providers Worth Mentioning

ProtonVPN

ProtonVPN Free USD $96/year

ProtonVPN is a strong contender in the VPN space, and they have been in operation since 2016. ProtonVPN is based in Switzerland and offers a limited free pricing tier, as well as premium options. Unfortunately due to its lack of an independent security audit it does not meet the complete criteria for recommendation, see our notes below.

Not Audited

ProtonVPN has not undergone a security audit by an independent third party, and therefore cannot be strongly recommended at this time. We have still chosen to list it on this page with the assumption that an audit will be published soon:

We are currently undergoing a complete security audit of our VPN applications by a reputable Swiss security company. The results of the audit will be summarized in a public report for cases like this.

Marc Loebekken, ProtonVPN AG Legal counsel

We will reevaluate this listing at the end of 2019 or when the aforementioned report has been published, whichever is sooner.

442+ Servers

ProtonVPN has 442 servers in 33 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.

Accepts Bitcoin

ProtonVPN does technically accept Bitcoin payments, however you either need to have an existing account, or contact their support team in advance to register with Bitcoin.

Mobile Clients

In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for iOS or Android allowing for easy connections to their servers.

Extra Functionality

The ProtonVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using the official Tor Browser for this purpose.

IVPN

IVPN USD $100/Year

IVPN is another strong premium VPN provider, and they have been in operation since 2009. IVPN is based in Gibraltar and offers a 3 day free trial. Unfortunately due to its lack of an independent security audit it does not meet the complete criteria for recommendation, see our notes below.

No Security Audit

IVPN has undergone a no-logging audit from Cure53 which concluded in agreement with IVPN's no-logging claim. However, IVPN has not undergone a more comprehensive security audit by an independent third party, and therefore cannot be strongly recommended at this time. We have still chosen to list it on this page with the assumption that an audit will be published soon: The IVPN team reportedly plans to begin the process in September.

We will reevaluate this listing at the end of 2019 or when the aforementioned report has been published, whichever is sooner.

70+ Servers

IVPN has 70 servers in 29 countries at the time of writing this page. Typically the more servers a provider offers, the better. IVPN has a decent (but not exceptional) server count that will most likely provide adequate coverage to most users.

Accepts Bitcoin

In addition to accepting credit/debit cards and PayPal, IVPN accepts Bitcoin and cash/local currency (on annual plans) as anonymous forms of payment.

Mobile Clients

In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for iOS or Android allowing for easy connections to their servers.

Extra Functionality

The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "AntiTracker" functionality, which blocks advertising networks and trackers from the network level.

What is a warrant canary?

Warrant Canary Example

A warrant canary is a posted document stating that an organization has not received any secret subpoenas during a specific period of time. If this document fails to be updated during the specified time then the user is to assume that the service has received such a subpoena and should stop using the service.

Warrant Canary Examples:

  1. https://proxy.sh/canary
  2. https://www.ivpn.net/resources/canary.txt
  3. https://www.bolehvpn.net/canary.txt
  4. https://www.ipredator.se/static/downloads/canary.txt

Related Warrant Canary Information

Browser Recommendations

Mozilla Firefox

Mozilla Firefox Firefox is fast, reliable, open source and respects your privacy. Don't forget to adjust the settings according to our recommendations: WebRTC and about:config and get the privacy add-ons.


Tor Browser - Provides Anonymity

Tor Browser - Provides Anonymity Tor Browser is your choice if you need an extra layer of anonymity. It's a modified version of Firefox ESR, which comes with pre-installed privacy add-ons, encryption and an advanced proxy. How does Tor work?


Browser Fingerprint - Is your browser configuration unique?

Fingerprint image

When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using cookies. EFF created a Tool called Panopticlick to test your browser to see how unique it is.

Test your Browser now

You need to find what most browsers are reporting, and then use those variables to bring your browser in the same population. This means having the same fonts, plugins, and extensions installed as the large installed base. You should have a spoofed user agent string to match what the large userbase has. You need to have the same settings enabled and disabled, such as DNT and WebGL. You need your browser to look as common as everyone else. Disabling JavaScript, using Linux, or even the TBB, will make your browser stick out from the masses.

Modern web browsers have not been architected to assure personal web privacy. Rather than worrying about being fingerprinted, it seems more practical to use free software plugins like Privacy Badger and uBlock Origin. They not only respect your freedom, but your privacy also. You can get much further with these than trying to manipulate your browser's fingerprint.

Firefox Addon: CanvasBlocker

Related Information

WebRTC IP Leak Test - Is your IP address leaking?

While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe.

Test your Browser now

How to disable WebRTC in Firefox?

In short: Set "media.peerconnection.enabled" to "false" in "about:config".

Explained:

  1. Enter "about:config" in the firefox address bar and press enter.
  2. Press the button "I'll be careful, I promise!"
  3. Search for "media.peerconnection.enabled"
  4. Double click the entry, the column "Value" should now be "false"
  5. Done. Do the WebRTC leak test again.

If you want to make sure every single WebRTC related setting is really disabled change these settings:

  1. media.peerconnection.turn.disable = true
  2. media.peerconnection.use_document_iceservers = false
  3. media.peerconnection.video.enabled = false
  4. media.peerconnection.identity.timeout = 1

Now you can be 100% sure WebRTC is disabled.

Test your Browser again

How to fix the WebRTC Leak in Google Chrome?

WebRTC cannot be fully disabled in Chrome, however it is possible to change its routing settings (and prevent leaks) using an extension. Two open source solutions include WebRTC Leak Prevent (options may need to be changed depending on the scenario), and uBlock Origin (select "Prevent WebRTC from leaking local IP addresses" in Settings).

What about other browsers?

Chrome on iOS, Internet Explorer and Safari does not implement WebRTC yet. But we recommend using Firefox on all devices.

Recommended Browser Add-ons

Privacy Badger: Stop Tracking

Privacy Badger: Stop Tracking Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. Privacy Badger learns about trackers as you browse.


uBlock Origin: Block Ads and Trackers

uBlock Origin: Block Ads and Trackers uBlock Origin is an efficient wide-spectrum-blocker that's easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source.


Cookie AutoDelete: Automatically Delete Cookies

Cookie AutoDelete: Automatically Delete Cookies Cookie AutoDelete automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged.


HTTPS Everywhere: Secure Connections

HTTPS Everywhere: Secure Connections HTTPS Everywhere encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation.


Decentraleyes: Block Content Delivery Networks

Decentraleyes: Block Content Delivery Networks Decentraleyes emulates Content Delivery Networks locally by intercepting requests, finding the required resource and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required.


Terms of Service; Didn’t Read: Be Informed

Terms of Service; Didn’t Read: Be Informed Terms of Service; Didn’t Read “I have read and agree to the Terms” is the biggest lie on the web. This addon aims to fix that by grading websites based on their Terms of Service agreements and gives short summaries.


Snowflake

Snowflake Snowflake is a new pluggable transport from the Tor Project. If you have an uncensored connection, running this extension volunteers your connection to be used as a Snowflake proxy to help users unable to connect to the Tor network. Your IP will not be visible to the sites users visit using your proxy, as this extension will not make you an exit node. If your access to the Tor network is blocked, this extension will not assist you, and you should use the Tor Browser instead.


For Experts Only

uMatrix: Stop Cross-Site Requests

uMatrix: Stop Cross-Site Requests uMatrix gives you control over the requests that websites make to other websites. Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics.


NoScript Security Suite: Be in total control

NoScript Security Suite: Be in total control NoScript is a highly customizable plugin to selectively allow JavaScript, Java, and Flash to run only on websites you trust. Not for casual users, it requires technical knowledge to configure.


Firefox: Privacy Related "about:config" Tweaks

Preparation:

  1. Enter "about:config" in the firefox address bar and press enter.
  2. Press the button "I'll be careful, I promise!"
  3. Follow the instructions below...

Getting started:

privacy.firstparty.isolate = true
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. (Don't do this if you are using the Firefox Addon "Cookie AutoDelete" with Firefox v58 or below.)
privacy.resistFingerprinting = true
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
privacy.trackingprotection.fingerprinting.enabled = true
[FF67+] Blocks Fingerprinting
privacy.trackingprotection.cryptomining.enabled = true
[FF67+] Blocks CryptoMining
privacy.trackingprotection.enabled = true
This is Mozilla's new built-in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.
browser.cache.offline.enable = false
Disables offline cache.
browser.safebrowsing.malware.enabled = false
Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
browser.safebrowsing.phishing.enabled = false
Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
browser.send_pings = false
The attribute would be useful for letting websites track visitors' clicks.
browser.sessionstore.max_tabs_undo = 0
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
browser.urlbar.speculativeConnect.enabled = false
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
dom.battery.enabled = false
The battery status of your device could be tracked.
dom.event.clipboardevents.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
geo.enabled = false
Disables geolocation.
media.eme.enabled = false

Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details

DRM-controlled content that requires the Adobe Flash or Microsoft Silverlight NPAPI plugins will still play, if installed and enabled in Firefox.

media.gmp-widevinecdm.enabled = false
Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content. Details
media.navigator.enabled = false
Websites can track the microphone and camera status of your device.
network.cookie.cookieBehavior = 1
Disable cookies
  • 0 = Accept all cookies by default
  • 1 = Only accept from the originating site (block third-party cookies)
  • 2 = Block all cookies by default
network.cookie.lifetimePolicy = 2
cookies are deleted at the end of the session
  • 0 = Accept cookies normally
  • 1 = Prompt for each cookie
  • 2 = Accept for current session only
  • 3 = Accept for N days
network.http.referer.trimmingPolicy = 2
Send only the scheme, host, and port in the Referer header
  • 0 = Send the full URL in the Referer header
  • 1 = Send the URL without its query string in the Referer header
  • 2 = Send only the scheme, host, and port in the Referer header
network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
  • 0 = Send Referer in all cases
  • 1 = Send Referer to same eTLD sites
  • 2 = Send Referer only when the full hostnames match
network.http.referer.XOriginTrimmingPolicy = 2
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
  • 0 = Send full url in Referer
  • 1 = Send url without query string in Referer
  • 2 = Only send scheme, host, and port in Referer
network.trr.mode = 2
Use Trusted Recursive Resolver (DNS-over-HTTPS) first and if it fails, use the system resolver Source
  • 0 = disabled by default, may change in the future
  • 1 = use the faster resolver
  • 2 = use DoH first, fallback to system resolver
  • 3 = only use DoH. This may require network.trr.bootstrapAddress or using an IP address in network.trr.uri.
  • 5 = explicitly disable DoH
network.trr.uri = CHANGEME
The address of your DNS-over-HTTPS provider, if you don't have one, check our encrypted DNS recommendations. It can also be changed in Settings, Network Settings, Enable DNS over HTTPS, Use Provider, Custom.
network.security.esni.enabled = true
Hide the address which you are requesting SSL certificate for if the server supports it. This requires DoH/TRR to be enabled even on Android 9+ when Private DNS is enabled.
webgl.disabled = true
WebGL is a potential security risk. Source
browser.sessionstore.privacy_level = 2
This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data. Details
  • 0 = Store extra session data for any site. (Default starting with Firefox 4.)
  • 1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)
  • 2 = Never store extra session data.
extensions.pocket.enabled = false
Disables Pocket completely.
network.IDN_show_punycode = true
Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
extensions.blocklist.url = https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/

Limit the amount of identifiable information sent when requesting the Mozilla harmful extension blocklist.

Optionally, the blocklist can be disabled entirely by setting extensions.blocklist.enabled to false for increased privacy, but decreased security. Source

Firefox user.js Templates

Related Information

Privacy-Conscious Email Providers - No Affiliates

Email Provider Website Since Jurisdiction Storage Yearly Price Bitcoin Encryption Own Domain
Disroot WWW 2015 Netherlands 1 GB Free Accepted Built-in Yes
Kolab Now WWW 2010 Switzerland 2 GB $ 60 Accepted No Yes
mailbox.org WWW 2014 Germany 2 GB 12 € Accepted Built-in Yes
Mailfence WWW 2013 Belgium 500 MB Free Accepted Built-in Yes
Neomailbox WWW 2003 Switzerland 1 GB $ 49.95 Accepted Built-in Yes
Posteo WWW 2009 Germany 2 GB 12 € No Built-in No
Protonmail WWW Tor 2013 Switzerland 500 MB Free Accepted Built-in Yes
Runbox WWW 1999 Norway 1 GB $ 19.95 Accepted No Yes
Soverin WWW 2015 Netherlands 25 GB 29 € No No Yes
StartMail WWW 2014 Netherlands 10 GB $ 59.95 Accepted Built-in Yes
Tutanota WWW 2011 Germany 1 GB Free No Built-in Yes

Interesting Email Providers Under Development

Become Your Own Email Provider with Mail-in-a-Box

Mail-in-a-Box

Take it a step further and get control of your email with this easy-to-deploy mail server in a box. Mail-in-a-Box lets you become your own mail service provider in a few easy steps. It's sort of like making your own Gmail, but one you control from top to bottom. Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don't need to be a technology expert to set it up. More: https://mailinabox.email/

Related Information

Email Clients

Thunderbird

Thunderbird Thunderbird is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by community, previously by the Mozilla Foundation.


Claws Mail

Claws Mail Claws Mail is a free and open source, GTK-based email and news client. It offers easy configuration and an abundance of features. It is included with Gpg4win, an encryption suite for Windows.


Privacy Email Tools

Worth Mentioning

Email Alternatives

Bitmessage

Bitmessage Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data.


RetroShare

RetroShare Retroshare creates encrypted connections to your friends. Nobody can spy on you. Retroshare is completely decentralized. This means there are no central servers. It is entirely Open-Source and free. There are no costs, no ads and no Terms of Service.


Worth Mentioning

Privacy Respecting Search Engines

searx - Decentral

searx - Decentral An open source metasearch engine, aggregating the results of other search engines while not storing information about its users. No logs, no ads and no tracking. List of Instances or try search.privacytools.io


StartPage - Netherlands

StartPage - Netherlands Google search results, with complete privacy protection. Behind StartPage is a European company that has been obsessive about privacy since 2006.


DuckDuckGo - USA

DuckDuckGo - USA The search engine that doesn't track you. Some of DuckDuckGo's code is free software hosted at GitHub, but the core is proprietary. The company is based in the USA.


Qwant - France

Qwant - France Qwants philosophy is based on two principles: no user tracking and no filter bubble. Qwant was launched in France in February 2013. Privacy Policy.


Firefox Addon

Worth Mentioning

Encrypted Instant Messenger

Signal

Signal Signal is a mobile app developed by Open Whisper Systems. The app provides instant messaging, as well as voice and video calling. All communications are end-to-end encrypted. Signal is free and open source. VoIP


Wire

Wire A free software End-to-End Encrypted chatting application that supports instant messaging, voice, and video calls. Full source code is available. Warning VoIP


Complete Comparison

Worth Mentioning

Related Information

Video/Voice Calling

Linphone

Linphone Linphone is an open source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication.


Mumble

Mumble Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming. Note that while Mumble doesn't log messages or record by default, it's missing end-to-end encryption, so self-hosting is recommended.


Worth Mentioning

Related Information

Team Chat Platforms

Rocket.chat

Rocket.chat Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE. Experimental


Keybase

Keybase Keybase provides a hosted team chat with end-to-end encryption. It has also been indepedently audited (PDF). Warning


Worth Mentioning

File Sharing

Firefox Send

Firefox Send Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether to add an optional password for an extra layer of security.


OnionShare

OnionShare OnionShare is an open source tool that lets you securely and anonymously share a file of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files.


Magic Wormhole

Magic Wormhole Get things from one computer to another, safely. This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another.


Worth Mentioning

Encrypted Cloud Storage Services

Nextcloud - Choose your hoster

Nextcloud - Choose your hoster Similar functionally to the widely used Dropbox, with the difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server, with no limits on storage space or the number of connected clients.


Least Authority S4 - For Experts

Least Authority S4 - For Experts S4 (Simple Secure Storage Service) is Least Authority's verifiably secure off-site backup system for individuals and businesses. 100% client-side encryption and open source transparency. 250GB for $9.95/month or 5TB for $25.95/month. Servers are hosted with Amazon S3 in the US.


Worth Mentioning

Self-Hosted Cloud Server Software

Pydio

Pydio Pydio is open source software that turns instantly any server (on-premise, NAS, cloud IaaS or PaaS) into a file sharing platform for your company. It is an alternative to SaaS Boxes and Drives, with more control, safety and privacy, and favorable TCOs.

Website: pydio.com

OS: Windows, macOS, Linux, iOS, Android.

Tahoe-LAFS

Tahoe-LAFS Tahoe-LAFS is a Free and Open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security.

Website: tahoe-lafs.org

OS: Windows, macOS, Linux.

Nextcloud

Nextcloud Similar functionally to the widely used Dropbox, with the difference being that Nextcloud is free and open-source, and thereby allowing anyone to install and operate it without charge on a private server, with no limits on storage space or the number of connected clients.

Website: nextcloud.com

Client OS: Windows, macOS, Linux, BSD, Unix, iOS, Android, Fire OS. Server: Linux.

Worth Mentioning

Secure Hosting Provider

Data Center: Bahnhof

Data Center: Bahnhof Bahnhof is one of Sweden’s largest network operators, founded in 1994. They specialize in innovative data center construction: Extreme security coupled with low cost green energy has made us world famous.


VPS & Domain: Njalla

VPS & Domain: Njalla Created by people from The Pirate Bay and IPredator VPN. Accepted Payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal. A privacy-aware domain registration service and VPS provider.


Colocation: DataCell

Colocation: DataCell DataCell is a data center providing secure colocating in Switzerland and Iceland.


VPS & Hosting: Orange Website

VPS & Hosting: Orange Website Orange Website is an Icelandic web hosting provider that prides themselves in protecting online privacy and free speech.


Secure File Sync Software

SparkleShare

SparkleShare SparkleShare creates a special folder on your computer. You can add remotely hosted folders (or "projects") to this folder. These projects will be automatically kept in sync with both the host and all of your peers when someone adds, removes or edits a file.

Website: sparkleshare.org

OS: Windows, macOS, Linux.

Syncthing

Syncthing Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third-party and how it's transmitted over the Internet.

Website: syncthing.net

OS: Windows, macOS, Linux, Android, BSD, Solaris.

Worth Mentioning

Password Manager Software

Bitwarden - Cloud/Self-host

Bitwarden - Cloud/Self-host Bitwarden is a free and open source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden server.


KeePassXC - Local

KeePassXC - Local KeePassXC is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager.


LessPass - Browser

LessPass - Browser LessPass is a free and open source password manager that generates unique passwords for websites, email accounts, or anything else based on a master password and information you know. No sync needed. Uses PBKDF2 and SHA-256. It's advised to use the browser addons for more security.


Worth Mentioning

Related Information

Calendar and Contacts Sync

Nextcloud

Nextcloud NextCloud is a suite of client-server software for creating and using file hosting services. This includes calendar sync via CalDAV and contacts sync via CardDAV. Nextcloud is free and open-source, thereby allowing anyone to install and operate it without charge on a private server.

Website: nextcloud.com

Client OS: Windows, macOS, Linux, BSD, Unix, iOS, Android, Fire OS. Server: Linux.

Email Providers

Email Providers Many email providers also offer calendar and or contacts sync services. Refer to the Email Providers section to choose an email provider and check if they also offer calendar and or contacts sync.

Website: Email Providers section

OS: depends on email provider.

EteSync

EteSync EteSync is a secure, end-to-end encrypted and journaled personal information (e.g. contacts and calendar) cloud synchronization and backup for Android and any OS that supports CalDAV/CardDAV. It costs $14 per year to use, or you can host the server yourself for free.

Website: etesync.com

Client OS: Android, Web. Server OS: Linux.

Worth Mentioning

File Encryption Software

VeraCrypt - Disk Encryption

VeraCrypt - Disk Encryption VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file or encrypt a partition or the entire storage device with pre-boot authentication. VeraCrypt is a fork of the discontinued TrueCrypt project. It was initially released on June 22, 2013. According to its developers, security improvements have been implemented and issues raised by the initial TrueCrypt code audit have been addressed.

Website: veracrypt.fr

OS: Windows, macOS, Linux.

GNU Privacy Guard - Email Encryption

GNU Privacy Guard - Email Encryption GnuPG is a GPL Licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government. GPGTools for macOS.

Website: gpgtools.org

OS: Windows, macOS, Linux, Android, BSD.

PeaZip - File Archive Encryption

PeaZip - File Archive Encryption PeaZip is a free and open-source file manager and file archiver made by Giorgio Tani. It supports its native PEA archive format (featuring compression, multi volume split and flexible authenticated encryption and integrity check schemes) and other mainstream formats, with special focus on handling open formats. It supports 181 file extensions (as of version 5.5.1).

macOS alternative: Keka is a free file archiver.

Website: peazip.org

OS: Windows, Linux, BSD.

Worth Mentioning

Self-contained Networks

Tor

Tor The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Tor is an effective censorship circumvention tool.

I2P Anonymous Network

I2P Anonymous Network The Invisible Internet Project (I2P) is a computer network layer that allows applications to send messages to each other pseudonymously and securely. Uses include anonymous Web surfing, chatting, blogging and file transfers. The software that implements this layer is called an I2P router and a computer running I2P is called an I2P node. The software is free and open source and is published under multiple licenses.

Website: geti2p.net

OS: Windows, macOS, Linux, Android, BSD / Solaris.

The Freenet Project

The Freenet Project Freenet is a peer-to-peer platform for censorship-resistant communication. It uses a decentralized distributed data store to keep and deliver information, and has a suite of free software for publishing and communicating on the Web without fear of censorship. Both Freenet and some of its associated tools were originally designed by Ian Clarke, who defined Freenet's goal as providing freedom of speech on the Internet with strong anonymity protection.

Website: freenetproject.org

OS: Windows, macOS, Linux.

Related Information

Worth Mentioning

Decentralized Social Networks

Mastodon - Twitter Alternative

Mastodon - Twitter Alternative Mastodon is a social network based on open web protocols and free, open-source software. It is decentralized like e-mail. It also has the most users, and the most diverse (in terms of interests) users, looks good, and is easy to setup. Feel welcome to join our hosted instance: social.privacytools.io


diaspora* - Google+ Alternative

diaspora* - Google+ Alternative diaspora* is based on three key philosophies: Decentralization, freedom and privacy. It is intended to address privacy concerns related to centralized social networks by allowing users set up their own server (or "pod") to host content; pods can then interact to share status updates, photographs, and other social data.


Friendica - Facebook Alternative

Friendica - Facebook Alternative Friendica has an emphasis on extensive privacy settings and easy server installation. It aims to federate with as many other social networks as possible. Currently, Friendica users can integrate contacts from Facebook, Twitter, Diaspora, GNU social, App.net, Pump.io and other services in their social streams.


PixelFed - Instagram Alternative

PixelFed - Instagram Alternative A free and ethical photo sharing platform, powered by ActivityPub federation. Pixelfed is an open-source, federated platform. You can run your own instance or join one.


GNU social - Twitter Alternative

GNU social - Twitter Alternative A social communication software for both public and private communications. It is widely supported and has a large userbase. It is already used by the Free Software Foundation.


Worth Mentioning

Related Information

Facebook Related

Social News Aggregators

Aether

Aether Free/libre and open source decentralized social news aggregator with a built in voting system.


Tildes

Tildes Tildes is a web-based self-hostable online bulletin board. It is licensed under GPL 3.0.


Raddle

Raddle Raddle is a public Postmill instance focused on privacy and anti-censorship.


Worth Mentioning

Domain Name System (DNS)

OpenNIC - Service

OpenNIC - Service OpenNIC is an alternate network information center/alternative DNS root which lists itself as an alternative to ICANN and its registries. Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of the Internet.


Njalla - Domain Registration

Njalla - Domain Registration Njalla only needs your email or jabber address in order to register a domain name for you. Created by people from The Pirate Bay and IPredator VPN. Accepted Payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal. A privacy-aware domain registration service.


DNSCrypt - Tool

DNSCrypt - Tool A protocol for securing communications between a client and a DNS resolver. The DNSCrypt protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.


Encrypted ICANN DNS Providers

ICANN DNS Provider Server Locations Privacy Policy Type Logging Protocols DNSSEC QNAME Minimization Filtering Source Code
AdGuard Anycast (based in Cyprus) WWW Commercial No DoH, DoT, DNSCrypt Yes Yes Ads, trackers, malicious domains WWW
BlahDNS Switzerland, Japan, Germany WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Ads, trackers, malicious domains WWW
Cloudflare Anycast (based in US) WWW Commercial Some DoH, DoT, DNSCrypt Yes Yes No WWW
CZ.NIC Czech Republic WWW Association No DoH, DoT Yes Yes ? ?
dnswarden Germany WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Based on server choice ?
Foundation for Applied Privacy Austria WWW Non-Profit Some DoH, DoT Yes Yes No ?
nextdns Anycast (based in US) WWW Commercial Based on user choice DoH, DoT, DNSCrypt Yes Yes Based on user choice ?
PowerDNS The Netherlands WWW Hobby Project No DoH Yes No No WWW
Quad9 Anycast (based in US) WWW Non-Profit Some DoH, DoT, DNSCrypt Yes Yes Malicious domains ?
SecureDNS The Netherlands WWW Hobby Project No DoH, DoT, DNSCrypt Yes Yes Based on server choice ?
UncensoredDNS Anycast (based in Denmark) WWW Hobby Project No DoT Yes No No ?

Terms

  • DNS-over-TLS (DoT) - A security protocol for encrypted DNS on a dedicated port 853. Some providers support port 443 which generally works everywhere while port 853 is often blocked by restrictive firewalls.
  • DNS-over-HTTPS (DoH) - Similar to DoT, but uses HTTPS instead, being indistinguishable from "normal" HTTPS traffic on port 443.
  • DNSCrypt - An older yet robust method of encrypting DNS.

Worth Mentioning and Additional Information

  • Firefox comes with built-in DoH support with Cloudflare set as the default resolver, but can be configured to use any DoH resolver. Currently Mozilla is conducting studies before enabling DoH by default for all US-based Firefox users.
  • Android 9 comes with a DoT client by default.
  • DNSCloak - An open-source DNSCrypt and DoH client for iOS by the Center for the Cultivation of Technology gemeinnuetzige GmbH.
  • Pi-hole - A network-wide DNS server mainly for the Raspberry Pi. Blocks ads, tracking, and malicious domains for all devices on your network.
  • NoTrack - A network-wide DNS server like Pi-hole for blocking ads, tracking, and malicious domains.
  • Stubby - An open-source application for Linux, macOS, and Windows that acts as a local DNS Privacy stub resolver using DoT.
  • Namecoin - A decentralized DNS open-source information registration and transfer system based on the Bitcoin cryptocurrency.
  • QNAME Minimization and Your Privacy by the Internet Systems Consortium (ISC)
  • DNSSEC and BIND 9 by the ISC

Digital Notebook

Joplin

Joplin Joplin is a free, open source, fully featured note taking and to-do application, which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE encryption and can sync through Nextcloud, Dropbox and more. It also offers easy import from Evernote and plain text notes.


Standard Notes

Standard Notes Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. Features end-to-end encryption on every platform, and a powerful desktop experience with themes and custom editors.


Turtl

Turtl Turtl lets you take notes, bookmark websites, and store documents for sensitive projects. From sharing passwords with your coworkers to tracking research on an article you're writing, Turtl keeps it all safe from everyone but you and those you share with.


Warning

Worth Mentioning

Pastebin Services

PrivateBin

PrivateBin PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256bit AES. It is the improved version of ZeroBin.


CryptPad

CryptPad CryptPad is an open source, zero knowledge, realtime collaborative editor. Data is encrypted/decrypted in the browser using 256bit AES.


Productivity Tools

CryptPad

CryptPad CryptPad is a private-by-design alternative to popular office tools and cloud services. All content is end-to-end encrypted. It is free and open source, enabling anyone to verify its security by auditing the code. The development team is supported by donations and grants. No registration is required, and it can be used anonymously via Tor browser.

Website: cryptpad.fr

OS: Linux, macOS, Windows, Web.

Etherpad

Etherpad Etherpad is a highly customizable Open Source online editor providing collaborative editing in really real-time. Etherpad allows you to edit documents collaboratively in real-time, much like a live multi-player editor that runs in your browser. Write articles, press releases, to-do lists, etc. Sites That Run Etherpad

Website: etherpad.org

OS: Windows, macOS, Linux.

Write.as

Write.as Write.as is a cross-platform, privacy-oriented blogging platform. It's anonymous by default, letting you publish without signing up. If you create an account, it doesn't require any personal information. No ads, distraction-free, and built on a sustainable business model.

Website: write.as Tor

OS: Windows, macOS, Linux, Android, iOS, Chrome OS, Web.

Worth Mentioning

PC Operating Systems

Qubes OS Xen

Qubes OS Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. contrib


Fedora Workstation GNU/Linux

Fedora Workstation Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment. contrib


Debian GNU/Linux

Debian Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.


Warning

Worth Mentioning

Live CD Operating Systems

Tails GNU/Linux

Tails Tails is a live operating system, that starts on almost any computer from a DVD, USB stick, or SD card. It aims at preserving privacy and anonymity, and helps to: Use the Internet anonymously and circumvent censorship; Internet connections go through the Tor network; leave no trace on the computer; use state-of-the-art cryptographic tools to encrypt files, emails and instant messaging. contrib


KNOPPIX GNU/Linux

KNOPPIX Knoppix is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. When starting a program, it is loaded from the removable medium and decompressed into a RAM drive. The decompression is transparent and on-the-fly. contrib


Puppy Linux GNU/Linux

Puppy Linux Puppy Linux operating system is a lightweight Linux distribution that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 210 MB, allowing the boot medium to be removed after the operating system has started. contrib


Worth Mentioning

Mobile Operating Systems

GrapheneOS AOSP

GrapheneOS GrapheneOS (formerly known as CopperheadOS) is a free and open-source security and privacy focused mobile operating system built on top of the Android Open Source Project. It currently specifically targets devices offering strong hardware security. contrib


LineageOS AOSP

LineageOS LineageOS is a free and open-source operating system for smartphones and tablets, based on the official releases of the Android Open Source Project. It is the continuation of the CyanogenMod project. contrib


Ubuntu Touch GNU/Linux

Ubuntu Touch Ubuntu Touch is a free and open-source operating system for smartphones and tablets. It's an alternative to the current popular mobile operating systems on the market. Only a few devices are supported. contrib


Worth Mentioning

Android Privacy Add-ons

Blokada

Block ads with Blokada

Blokada works across all of your apps, not only the browser. It doesn't require root, supports both wifi and mobile networks, and is perfectly safe and simple to use. Just turn it on, and it will do the job silently!

NetGuard

Control your traffic with NetGuard

NetGuard provides simple and advanced ways to block certain apps' access to the internet without the help of root privileges. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection, allowing you to control which apps are able to call home or not.

Orbot

Tor for Android with Orbot

Orbot is a free proxy app that empowers other apps to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and then hides it by bouncing through a series of computers around the world. Root Mode: Orbot can be configured to transparently proxy all of your Internet traffic through Tor. You can also choose which specific apps you want to use through Tor.

Open Source Router Firmware

OpenWrt Linux

OpenWrt OpenWrt is an operating system (in particular, an embedded operating system) based on the Linux kernel, primarily used on embedded devices to route network traffic. The main components are the Linux kernel, util-linux, uClibc and BusyBox. All components have been optimized for size, to be small enough for fitting into the limited storage and memory available in home routers. contrib


pfSense BSD

pfSense pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a computer to make a dedicated firewall/router for a network and is noted for its reliability and offering features often only found in expensive commercial firewalls. pfSense is commonly deployed as a perimeter firewall, router, wireless access point, DHCP server, DNS server, and as a VPN endpoint. contrib


LibreCMC GNU/Linux

LibreCMC LibreCMC is a GNU/Linux-libre distribution for computers with minimal resources, such as the Ben Nanonote, ath9k-based Wi-Fi routers, and other hardware with emphasis on free software. The project's current goal is to aim for compliance with the GNU Free System Distribution Guidelines (GNU FSDG) and ensure that the project continues to meet these requirements set forth by the Free Software Foundation (FSF).


Worth Mentioning

Don't use Windows 10 - It's a privacy nightmare

Windows 10 Privacy
  1. Data syncing is by default enabled.
    • Browsing history and open websites.
    • Apps settings.
    • WiFi hotspot names and passwords.
  2. Your device is by default tagged with a unique advertising ID.
    • Used to serve you with personalized advertisements by third-party advertisers and ad networks.
  3. Cortana can collect any of your data.
    • Your keystrokes, searches and mic input.
    • Calendar data.
    • Music you listen to.
    • Credit Card information.
    • Purchases.
  4. Microsoft can collect any personal data.
    • Your identity.
    • Passwords.
    • Demographics.
    • Interests and habits.
    • Usage data.
    • Contacts and relationships.
    • Location data.
    • Content like emails, instant messages, caller list, audio and video recordings.
  5. Your data can be shared.
    • When downloading Windows 10, you are authorizing Microsoft to share any of above-mentioned data with any third-party, with or without your consent.

Download: W10Privacy

This tool uses some known methods that attempt to disable major tracking features in Windows 10.

Related Information

More Privacy Resources

Guides

Information

Tools

Note: Just being open source does not make software secure!

It's important for a website like privacytools.io to stay up-to-date. Keep an eye on software updates for the applications listed on our site. Follow recent news about providers that we recommend. We try our best to keep up, but we're not perfect and the internet is changing fast. If you find an error, or you think a provider should not be listed here, or a qualified service provider is missing, or a browser plugin is not the best choice anymore, or anything else... Talk to us please. You can also find us on our own Mastodon instance or on Matrix at #general:privacytools.io.

Discourse & Reddit

Discourse & Reddit Join our Discourse community to stay up to date on privacy news or make suggestions!

Follow on Mastodon & Twitter

Follow on Mastodon & Twitter Get the latest privacy-related updates from our Mastodon Feed. Follow us today!

Develop on GitHub

Develop on GitHub The complete website source code is available on GitHub. Join our developer team!

This is a community project aiming to deliver the best information available to improve privacy online. Thank you for participating. This project needs you.