~/

posts

whoami

dev

contacts

rss

A Good Privacy List

Update: 10 December 2022


Table of Contents


Introduction

This is my list of Privacy Alternatives of not so good mainstream products who use your data to make money and collaborate with governments for mass surveillance. The list is compiled in a simple way, privacy defence requires continuous research, so before using the apps on this list do your own research and if you find something wrong please contact me so I can update it.

I do not sponsor or get paid by any of the organizations of the products listed and there are NO referrer URLs in the list, to verify the links you can check the source code of the page (i.e. right click -> “View Page Source”). When I choose to use a service it means that I have search information before, and I have my own opinion about it that may not be the same as other people in this sector. I often read articles where an application is declared not private and insecure without consistent sources which confirm the claims, or where it’s declared reliable and instead ..it is ad advertising company or a government agency.

Security is a process, so you cannot fully trust any application, organization, and the people behind it. Regarding this topic see:

Threat Model

Defence in depth

I hope this modest work can help to defende you and fight the censorship and oppression we are experiencing especially in recent years, knowledge is power, so search, read, and think with your head! In this sector it’s very easy to meet organizations and projects that claim to defend privacy but in reality are just mousetraps.

Requirements for the products

Only products that meet the following requirements are included in the list:

  • Security first: services that are not a security risk (although this is a very long and complex topic), and that are not in the experimental phase (i.e. the software is in the alpha phase).

  • Open source software and clear references to the application source code, I know that a closed source program doesn’t necessarily mean it’s malicious, but I prefer to know that there’s code available for everyone to read.

  • Clear references to the development team and organization (i.e. “About Me” section), if I cannot find easily what is the organization behind the project I prefer to skip to another choice.

  • Privacy Policy clear and easily accessible, if I have to click for 10 pages before reading a complicated and obscure privacy policy I consider that there is something wrong.

  • Not sharing data with bad third parties (i.e. No Google, Amazon, Meta (Facebook), Cloudflare and other evil companies), about that argument see: Notes

  • Not sharing data with Data Brokers, this is sometimes hard to determine, as above, “do you own research”, and if there is anything wrong with a product on the list, please let me know.

  • The project/application must be updated and actively maintained, (with exceptions, some applications may be valid even if updated some time ago).

AI Assistants

Android App Stores

Calendar Apps

Cloud Storage

DNS Servers

Email Providers

Email Anonymous Forwarding

Encryption Software

Disk Encryption

File Encryption

File Sharing

Git Hosting

Graphics Editor

Instant Messaging

Centralized

Matrix Clients

XMPP Clients

P2P

Maps

Mobile

Operating Systems

GNU/Linux Operating Systems

Security-Focused Operating Systems

Android-based

Password Managers

Privacy Frontends

Quora

Reddit

Reddit Mobile Clients

Reddit Alternative Communities

Twitter

Wikipedia

YouTube

YouTube Desktop Clients

YouTube Mobile Clients

Youtube Alternatives Platforms

Search Engines / Metasearch Engines

Social Networks

Torrent Clients

VPNs

Web Browsers

Desktop

Mobile

Other Privacy and Security Resources

Notes

Utilization of 3rd party services: About organizations that use third party software I think a clarification should be made. Often it’s necessary to use third party services in order to make them stable and working, examples are Proton or Signal services that use some Amazon AWS or Google servers for traffic routing. It’s not easy to manage thousands or millions of users and it’s not easy to manage continuous spam attempts or criminal activities, impossible to do with self-hosted servers with little traffic capacity.

US based services: In the post-Snowden era we all know the data collection and surveillance capabilities of the NSA, many are advising not to use services in US jurisdiction, this may be true for unencrypted services, such as email without OpenPGP encryption, IRC servers etc., but if the data is encrypted, then I think we can make an exception. On the other hand, the NSA’s surveillance and storage capabilities it extend globally, So try to encrypt as much as possible, if the data is stored in some server in Nevada, China, or outer space ..it will be encrypted data, about this speech see: Post-quantum_cryptography). However, I generally tend to prefer services that have jurisdiction in countries with good privacy laws (i.e. Switzerland, Estonia, Iceland) or at least that they are not part of the Five Eyes, about this topic see: The Five, Nine, and Fourteen Eyes agreements (Explained).

ProtonMail case: Recently it has jumped to the headlines the case in which the service ProtonMail has provided (and previously logged) the IP address of an activist, see: ProtonMail logged IP address of French activist after order by Swiss authorities. Regarding this, I have made my own opinion, which is the same as it was when I first became interested in these topics years ago after Lavabit case: No existing service in the world can “cover the ass” of someone who commits an action “judged to be criminal” or criminal, in the case of Proton, probably this person could not have been traced if he had used a VPN or if he had connected by Tor network, also the Proton team recommends using Tor when using their email service if you need to protect your IP address. Anyway, this is a very complex speech that can’t be covered here, my advice is to use at least one VPN, and if you use the ProtonMail service you can use it with another VPN service like Mullvad for example. This way you don’t relegate security to a single service, the disadvantage is that you have to trust one more service (the Hamletian doubts of Internet Privacy).

Donations

If you liked my work, you can support me with a small donation:

Bitcoin

19vqscjZcpa22qScPoQEuHJyyiyKokZ6C3

Monero

42HrxGUKPzNNJKFguPfFhXQajwNDnhLbogy6EWexWw9Sh5pTumVk7dkcD2PB4MuFgD1m8rnaR3pr1g852BWUTpXaTo9rQyr


Special thanks to the users of the /r/DeGoogle subreddit for advices and corrections.