A Good Privacy List
Update: 10 December 2022
Table of Contents
- Table of Contents
- Requirements for the products
- AI Assistants
- Android App Stores
- Calendar Apps
- Cloud Storage
- DNS Servers
- Email Providers
- Email Anonymous Forwarding
- Encryption Software
- File Sharing
- Git Hosting
- Graphics Editor
- Instant Messaging
- Operating Systems
- Password Managers
- Privacy Frontends
- Search Engines / Metasearch Engines
- Social Networks
- Torrent Clients
- Web Browsers
- Other Privacy and Security Resources
This is my list of Privacy Alternatives of not so good mainstream products who use your data to make money and collaborate with governments for mass surveillance. The list is compiled in a simple way, privacy defence requires continuous research, so before using the apps on this list do your own research and if you find something wrong please contact me so I can update it.
I do not sponsor or get paid by any of the organizations of the products listed and there are NO referrer URLs in the list, to verify the links you can check the source code of the page (i.e. right click -> “View Page Source”). When I choose to use a service it means that I have search information before, and I have my own opinion about it that may not be the same as other people in this sector. I often read articles where an application is declared not private and insecure without consistent sources which confirm the claims, or where it’s declared reliable and instead ..it is ad advertising company or a government agency.
Security is a process, so you cannot fully trust any application, organization, and the people behind it. Regarding this topic see:
I hope this modest work can help to defende you and fight the censorship and oppression we are experiencing especially in recent years, knowledge is power, so search, read, and think with your head! In this sector it’s very easy to meet organizations and projects that claim to defend privacy but in reality are just mousetraps.
Requirements for the products
Only products that meet the following requirements are included in the list:
Security first: services that are not a security risk (although this is a very long and complex topic), and that are not in the experimental phase (i.e. the software is in the alpha phase).
Open source software and clear references to the application source code, I know that a closed source program doesn’t necessarily mean it’s malicious, but I prefer to know that there’s code available for everyone to read.
Clear references to the development team and organization (i.e. “About Me” section), if I cannot find easily what is the organization behind the project I prefer to skip to another choice.
Not sharing data with bad third parties (i.e. No Google, Amazon, Meta (Facebook), Cloudflare and other evil companies), about that argument see: Notes
Not sharing data with Data Brokers, this is sometimes hard to determine, as above, “do you own research”, and if there is anything wrong with a product on the list, please let me know.
The project/application must be updated and actively maintained, (with exceptions, some applications may be valid even if updated some time ago).
Android App Stores
- F-Droid - Some security issues, see: F-Droid Issues
- Droid-ify - Recommended F-Droid Alternative
- Neo Store - Fork of Droid-ify
- Aurora Store - Alternative Google Playstore Client
- Nextcloud Calendar
- Tutanota Calendar - Required an email account with this service
- Proton Calendar - Required an email account with this service
Email Anonymous Forwarding
GNU/Linux Operating Systems
Security-Focused Operating Systems
- Calyx OS
- Plasma Mobile
- Sailfish OS
- Ubuntu Touch
Reddit Mobile Clients
Reddit Alternative Communities
YouTube Desktop Clients
YouTube Mobile Clients
Youtube Alternatives Platforms
Search Engines / Metasearch Engines
- AzireVPN - Some warnings, see: https://github.com/Lissy93/awesome-privacy/issues/4
- Tor Browser
- Mozilla Firefox - Eh, the Mozilla long story.., hardening is required.
- Tor Browser for Android
- Privacy Browser
- Fennec F-Droid
- FOSS Browser
- monocles browser
- Onion Browser (iOS)
Other Privacy and Security Resources
- Security List
- Privacy Blogs List
- The Hitchhiker’s Guide to Online Anonymity
- Surveillance Self-Defence
- PRISM Break
- The New Oil
- Defensive Computing Checklist
- Watch Your Hack
- Decentralize Today - Privacy Cookbook
Utilization of 3rd party services: About organizations that use third party software I think a clarification should be made. Often it’s necessary to use third party services in order to make them stable and working, examples are Proton or Signal services that use some Amazon AWS or Google servers for traffic routing. It’s not easy to manage thousands or millions of users and it’s not easy to manage continuous spam attempts or criminal activities, impossible to do with self-hosted servers with little traffic capacity.
US based services: In the post-Snowden era we all know the data collection and surveillance capabilities of the NSA, many are advising not to use services in US jurisdiction, this may be true for unencrypted services, such as email without OpenPGP encryption, IRC servers etc., but if the data is encrypted, then I think we can make an exception. On the other hand, the NSA’s surveillance and storage capabilities it extend globally, So try to encrypt as much as possible, if the data is stored in some server in Nevada, China, or outer space ..it will be encrypted data, about this speech see: Post-quantum_cryptography). However, I generally tend to prefer services that have jurisdiction in countries with good privacy laws (i.e. Switzerland, Estonia, Iceland) or at least that they are not part of the Five Eyes, about this topic see: The Five, Nine, and Fourteen Eyes agreements (Explained).
ProtonMail case: Recently it has jumped to the headlines the case in which the service ProtonMail has provided (and previously logged) the IP address of an activist, see: ProtonMail logged IP address of French activist after order by Swiss authorities. Regarding this, I have made my own opinion, which is the same as it was when I first became interested in these topics years ago after Lavabit case: No existing service in the world can “cover the ass” of someone who commits an action “judged to be criminal” or criminal, in the case of Proton, probably this person could not have been traced if he had used a VPN or if he had connected by Tor network, also the Proton team recommends using Tor when using their email service if you need to protect your IP address. Anyway, this is a very complex speech that can’t be covered here, my advice is to use at least one VPN, and if you use the ProtonMail service you can use it with another VPN service like Mullvad for example. This way you don’t relegate security to a single service, the disadvantage is that you have to trust one more service (the Hamletian doubts of Internet Privacy).
If you liked my work, you can support me with a small donation:
Special thanks to the users of the /r/DeGoogle subreddit for advices and corrections.