search

Lissy93 / awesome-privacy

🦄 A curated list of privacy & security-focused software and services
https://awesome-privacy.xyz
Creative Commons Zero v1.0 Universal
6.31k stars 281 forks source link
awesome awesome-list hacktoberfest privacy security self-hosted software

readme

🌐 awesome-privacy.xyz

A curated list of privacy & security-focused apps, software, and providers 🔐

Intro

Large data-hungry corporations dominate the digital world but with little, or no respect for your privacy. Migrating to open-source applications with a strong emphasis on privacy and security will help stop corporations, governments, and hackers from logging, storing or selling your personal data.

⚠️ Note: Remember that no software is perfect, and it is important to follow good security practices

🪞 Mirror: This repo is mirrored to codeberg.org/alicia/awesome-privacy

💼 Repo Admin: Website Docs | API Docs | Contributing | Acknowledgment | License

📋 Contents - **Essentials** - [Password Managers](#password-managers) (6) - [2-Factor Authentication](#2-factor-authentication) (9) - [File Encryption](#file-encryption) (3) - [Browsers](#browsers) (6) - [Search Engines](#search-engines) (5) - **Communication** - [Encrypted Messaging](#encrypted-messaging) (4) - [P2P Messaging](#p2p-messaging) (5) - [Encrypted Email](#encrypted-email) (5) - [Email Clients](#email-clients) (6) - [Mail Forwarding](#mail-forwarding) (6) - [Email Security Tools](#email-security-tools) (3) - [VOIP Clients](#voip-clients) (2) - [Virtual Phone Numbers](#virtual-phone-numbers) (5) - [Team Collaboration](#team-collaboration) (5) - **Security Tools** - [Browser Extensions](#browser-extensions) (27) - [Mobile Apps](#mobile-apps) (25) - [Online Tools](#online-tools) (18) - **Networking** - [Virtual Private Networks](#virtual-private-networks) (5) - [Self-Hosted Network Security](#self-hosted-network-security) (8) - [Mix Networks](#mix-networks) (3) - [Proxies](#proxies) (2) - [DNS Providers](#dns-providers) (3) - [DNS Clients](#dns-clients) (6) - [Firewalls](#firewalls) (14) - [Ad Blockers](#ad-blockers) (9) - [Host Block Lists](#host-block-lists) (6) - [Router Firmware](#router-firmware) (2) - [Network Analysis](#network-analysis) (4) - [Intrusion Detection](#intrusion-detection) (5) - [Cloud Hosting](#cloud-hosting) (3) - [Domain Registrars](#domain-registrars) (2) - [DNS Hosting](#dns-hosting) (1) - [Mail Servers](#mail-servers) (3) - **Productivity** - [Digital Notes](#digital-notes) (8) - [Calendar](#calendar) (0) - [Backup and Sync](#backup-and-sync) (3) - [Cloud Productivity Suites](#cloud-productivity-suites) (5) - [Encrypted Cloud Storage](#encrypted-cloud-storage) (7) - [File Drop](#file-drop) (3) - [Browser Sync](#browser-sync) (5) - [Secure Conference Calls](#secure-conference-calls) (2) - **Utilities** - [Virtual Machines](#virtual-machines) (3) - [PGP Managers](#pgp-managers) (9) - [Metadata Removal](#metadata-removal) (3) - [Data Erasers](#data-erasers) (9) - **Operating Systems** - [Mobile Operating Systems](#mobile-operating-systems) (4) - [Desktop Operating Systems](#desktop-operating-systems) (6) - [Linux Defenses](#linux-defenses) (6) - [Windows Defences](#windows-defences) (22) - [Mac OS Defences](#mac-os-defences) (3) - [Anti-Malware](#anti-malware) (2) - **Development** - [Code Hosting](#code-hosting) (5) - [IDEs](#ides) (0) - [Terminal Emulators](#terminal-emulators) (0) - **Smart Home & IoT** - [Voice Assistants](#voice-assistants) (2) - [Smart Home](#smart-home) (1) - **Finance** - [Cryptocurrencies](#cryptocurrencies) (2) - [Crypto Wallets](#crypto-wallets) (9) - [Crypto Exchanges](#crypto-exchanges) (4) - [Virtual Credit Cards](#virtual-credit-cards) (3) - [Other Payment Methods](#other-payment-methods) (3) - [Secure Budgeting](#secure-budgeting) (3) - **Social** - [Social Networks](#social-networks) (4) - [Video Platforms](#video-platforms) (3) - [Blogging Platforms](#blogging-platforms) (5) - [News Readers](#news-readers) (3) - [Proxy Sites](#proxy-sites) (4) - **Media** - [Gaming](#gaming) (0) - [Media Servers](#media-servers) (0) - [Music Players](#music-players) (0) - [Video Players](#video-players) (0) - [Photo Viewers](#photo-viewers) (0) - [E-Book Readers](#e-book-readers) (0) - [Podcast Players](#podcast-players) (0) - [Torrent Downloaders](#torrent-downloaders) (0) - [File Converters](#file-converters) (0) - **Creativity** - [Image Editors](#image-editors) (8) - [Video Editors](#video-editors) (7) - [Audio Editors & Recorders](#audio-editors--recorders) (1) - [Casting & Streaming](#casting--streaming) (1) - [Screenshot Tools](#screenshot-tools) (0) - [3D Graphics](#3d-graphics) (2) - [Animation](#animation) (1)

Essentials

Password Managers

✳️ Notable Mentions > - [Password Safe](https://www.pwsafe.org) - An offline, open source password manager designed by [Bruce Schneier](https://www.schneier.com/academic/passsafe/), with native applications for Windows, Linux, MacOS, Android and iOS, and support for YubiKey. The UI is a little dated, and there is no official browser extension, making is slightly less convenient to use compared with other options > - [PassBolt](https://www.passbolt.com) - A good option for teams. It is free, open source, self-hosted, extensible and OpenPGP based. It is specifically good for development and DevOps usage, with integrations for the terminal, browser and chat, and can be easily extended for custom usage, and deployed quickly with Docker > - [1Password](https://1password.com) - (proprietary) A fully-featured cross-platform password manager with sync. Free for self-hosted data (or $3/ month hosted). Be aware that 1Password is not fully open source, but they do regularly publish results of their independent [security audits](https://support.1password.com/security-assessments), and they have a solid reputation for transparently disclosing and fixing vulnerabilities
ℹ️ Further Info > **Other Open Source PM**: [Buttercup](https://buttercup.pw), [Clipperz](https://clipperz.is), [Pass](https://www.passwordstore.org), [Padloc](https://padloc.app), [TeamPass](https://teampass.net), [PSONO](https://psono.com), [UPM](http://upm.sourceforge.net), [Gorilla](https://github.com/zdia/gorilla/wiki), [Seahorse](https://gitlab.gnome.org/GNOME/seahorse) (for GNOME), [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring), [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager).

If you are using a deprecated PM, you should migrate to something actively maintained. This includes: [Firefox Lockwise](https://www.mozilla.org/en-US/firefox/lockwise), [Encryptr](https://spideroak.com/personal/encryptr?ref=awesome-privacyr), [Mitro](https://www.mitro.co), [Rattic](https://spideroak.com/encryptr), [JPasswords](http://jpws.sourceforge.net/jpasswords.html), [Passopolis](https://passopolis.com), [KYPS](https://en.wikipedia.org/wiki/KYPS), [Factotum](http://man.9front.org/4/factotum).

⬆️ [Back to Top]

2-Factor Authentication

✳️ Notable Mentions > [OTPClient](https://github.com/paolostivanin/OTPClient) *(Linux)*, [gauth](https://github.com/gbraadnl/gauth) *(Self-Hosted, Web-based)*, [Etopa](https://play.google.com/store/apps/details?id=de.ltheinrich.etopa) *(Android)*
For KeePass users, [TrayTop](https://keepass.info/plugins.html#traytotp) is a plugin for managing TOTP's - offline and compatible with Windows, Mac and Linux. >
ℹ️ Further Info > Check which websites support multi-factor authentication: [2fa.directory](https://2fa.directory/)

⬆️ [Back to Top]

File Encryption

⚠️ Word of Warning > Where possible, choose a cross-platform and well established encryption method, so that you are never faced with not being able to access your files using your current system.
Although well-established encryption methods are usually very secure, if the password is not strong, then an adversary may be able to gain access to your files, with a powerful enough GPU. If your system is compromised, then the password may also be able to be skimmed with a keylogger or other similar malware, so take care to follow good basic security practices
✳️ Notable Mentions > - [AES Crypt](https://www.aescrypt.com/) - A light-weight and easy file encryption utility. It includes applications for Windows, Mac OS, BSD and Linux, all of which can be interacted with either through the GUI, CLI or programatically though an API (available for Java, C, C# and Python). Although it is well established, with an overall positive reputation, there have been some [security issues](https://www.reddit.com/r/privacytoolsIO/comments/b7riov/aes_crypt_security_audit_1_serious_issue_found/) raised recently. > - [CryptSetup](https://gitlab.com/cryptsetup/cryptsetup) - is a convenient layer for use on top of [dm-crypt](https://wiki.archlinux.org/index.php/Dm-crypt). [EncFS](https://github.com/vgough/encfs) is a cross-platform file-based encryption module, for use within user local directories. [geli](https://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8) is a disk encryption subsystem included with FreeBSD. > - [BitLocker](https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview) - is popular among Microsoft Windows and enterprise users, and provides fast, efficient and (if correctly configured) reasonably secure full drive encryption. However it is not open source, has poor compatibility with other operating systems, and has some very dodgy [defaults](https://www.diskcryptor.org/why-not-bitlocker/), which could lead to your system being compromised. Similarly, Apple's [FileVault](https://support.apple.com/en-us/HT204837) on MacOS is easy and secure, but again, the source code is proprietary. > - [DiskCryptor](https://www.diskcryptor.org/) - Windows-only, open source, file and volume encryption solution, that makes a good alternative to BitLocker.

⬆️ [Back to Top]

Browsers

⚠️ Word of Warning > New vulnerabilities are being discovered and patched all the time - use a browser that is being actively maintained, in order to receive these security-critical updates.
Even privacy-respecting browsers, often do not have the best privacy options enabled by default. After installing, check the privacy & security settings, and update the configuration to something that you are comfortable with. 12Bytes maintains a comprehensive guide on [Firefox Configuration for Privacy and Performance](https://codeberg.org/12bytes/firefox-config-guide)
✳️ Notable Mentions > **Mobile Browsers**: [Mull](https://f-droid.org/en/packages/us.spotco.fennec_dos/) Hardened fork of FF-Fenix (Android), [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS), [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS), [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android), [Onion Browser](https://onionbrowser.com/) (iOS)

**Additional Desktop**: [Nyxt](https://nyxt.atlas.engineer/), [WaterFox](https://www.waterfox.net), [Epic Privacy Browser](https://www.epicbrowser.com), [PaleMoon](https://www.palemoon.org), [Iridium](https://iridiumbrowser.de/), [Sea Monkey](https://www.seamonkey-project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/) 12Bytes also maintains a list privacy & security [extensions](https://12bytes.org/articles/tech/firefox/firefox-extensions-my-picks/) >

⬆️ [Back to Top]

Search Engines

✳️ Notable Mentions > - [MetaGear](https://metager.org) > - [YaCy](https://yacy.net) > - [Brave Search](https://search.brave.com/) > - [Searx](https://github.com/searxng/searxng) - Self-hostable search engines that use the results of multiple other engines (such as Google and Bing) at the same time. They're open source and self-hostable, although using a [public instance](https://searx.space) has the benefit of not singling out your queries to the engines used. A fork of the original [Searx](https://searx.github.io/searx/).

⬆️ [Back to Top]

Communication

Encrypted Messaging

⚠️ Word of Warning > Many messaging apps claim to be secure, but if they are not open source, then this cannot be verified - and they **should not be trusted**. This applies to [Telegram](https://telegram.org), [Threema](https://threema.ch), [Cypher](https://www.goldenfrog.com/cyphr), [Wickr](https://wickr.com/), [Silent Phone](https://www.silentcircle.com/products-and-solutions/silent-phone/) and [Viber](https://www.viber.com/), to name a few - these apps should not be used to communicate any sensitive data. [Wire](https://wire.com/) has also been removed, due to a [recent acquisition](https://blog.privacytools.io/delisting-wire/)
✳️ Notable Mentions > - [Chat Secure](https://chatsecure.org) > - [KeyBase](https://keybase.io/) - Allows encrypted real-time chat, group chats, and public and private file sharing. It also has some nice features around cryptographically proving social identities, and makes PGP signing, encrypting and decrypting messages easy. However, since it was [acquired by Zoom](https://keybase.io/blog/keybase-joins-zoom) in 2020, it has no longer been receiving regular updates. > - [OpenPGP](https://www.openpgp.org) - can be used over existing chat networks (such as email or message boards). It provides cryptographic privacy and authentication, PGP is used to encrypt messages.
**Note/ Issues with PGP** PGP is [not easy](https://restoreprivacy.com/let-pgp-die/) to use for beginners, and could lead to human error/ mistakes being made, which would be overall much worse than if an alternate, simpler system was used. Do not use [32-bit key IDs](https://evil32.com/) - they are too short to be secure. There have also been vulnerabilities found in the OpenPGP and S/MIME, defined in [EFAIL](https://efail.de/), so although it still considered secure for general purpose use, for general chat, it may be better to use an encrypted messaging or email app instead.

⬆️ [Back to Top]

P2P Messaging

With Peer-to-Peer networks, there are no central server, so there is nothing that can be raided, shut-down or forced to turn over data. There are P2P networks available that are open source, E2E encrypted, routed through Tor services, totally anonymous and operate without the collection of metadata.

✳️ Notable Mentions > - [Cwtch](https://cwtch.im) > - [BitMessage](https://github.com/Bitmessage/PyBitmessage) > - [RetroShare](https://retroshare.cc)

⬆️ [Back to Top]

Encrypted Email

Email is not secure - your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the Prism Program, the government also has full access to your emails (if not end-to-end encrypted) - this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.

For a more details comparison of email providers, see email-comparison.as93.net

⚠️ Word of Warning > - When using an end-to-end encryption technology like OpenPGP, some metadata in the email header will not be encrypted. - OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. You should take great care to keep your private keys safe.
✳️ Notable Mentions > - [HushMail](https://www.hushmail.com) > - [Soverin](https://soverin.net) > - [StartMail](https://www.startmail.com) > - [Posteo](https://posteo.de) > - [Disroot](https://disroot.org/en)

⬆️ [Back to Top]

Email Clients

Email clients are the programs used to interact with the mail server. For hosted email, then the web and mobile clients provided by your email service are usually adequate, and may be the most secure option. For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile. A benefit of using an IMAP client, is that you will always have an offline backup of all email messages (which can then be encrypted and archived), and many applications let you aggregate multiple mailboxes for convenience. Desktop mail clients are not vulnerable to the common browser attacks, that their web app counterparts are.

⚠️ Word of Warning > One disadvantage of mail clients, is that many of them do not support 2FA, so it is important to keep your device secured and encrypted

⬆️ [Back to Top]

Mail Forwarding

Revealing your real email address online can put you at risk. Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. This protects your real email address from being revealed. Aliases are generated automatically, the first time they are used. This approach lets you identify which provider leaked your email address, and block an alias with 1-click.

⬆️ [Back to Top]

Email Security Tools

✳️ Notable Mentions > If you are using ProtonMail, then the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird) enables you to sync & backup your emails to your own desktop mail client. It works well with Thunderbird, Microsoft Outlook and others >

⬆️ [Back to Top]

VOIP Clients

✳️ Notable Mentions > - [SpoofCard](https://www.spoofcard.com) - Lets you make anonymous phone calls + voicemail, but not open source and limited information on security (avoid sending any secure info). > - [MicroSip](https://www.microsip.org) - An open source portable SIP softphone for Windows based on PJSIP stack

⬆️ [Back to Top]

Virtual Phone Numbers

⬆️ [Back to Top]

Team Collaboration

Now more than ever we are relying on software to help with team collaboration. Unfortunately many popular options, such as Slack, Microsoft Teams, Google for Work and Discord all come with some serious privacy implications.
Typical features of team collaboration software includes: instant messaging, closed and open group messaging, voice and video conference calling, file sharing/ file drop, and some level or scheduling functionality.

✳️ Notable Mentions > Some chat platforms allow for cross-platform group chats, voice and video conferencing, but without the additional collaboration features. For example, [Tox](https://tox.chat/), [Session](https://getsession.org/), [Ricochet](https://ricochet.im/), [Mumble](https://www.mumble.info/) and [Jami](https://jami.net/).
For Conferences, [OSEM](https://osem.io) is an open source all-in-one conference management tool, providing Registration, Schedules, Live and Recorded Sessions, Paper Submissions, Marketing Pages and Administration. >

⬆️ [Back to Top]

Security Tools

Browser Extensions

The following browser add-ons give you better control over what content is able to be loaded and executed while your browsing.
Before installing anything, you should read the Word of Warning section below.

⚠️ Word of Warning > - Having many extensions installed raises entropy, causing your fingerprint to be more unique, hence making tracking easier. - Much of the functionality of the above addons can be applied without installing anything, by configuring browser settings yourself. For Firefox this is done in the user.js - Be careful when installing unfamiliar browser add-ons, since some can compromise your security and privacy. At the time of writing, the above list were all open source, verified and 'safe' extensions. - In most situations, only a few of the above extensions will be needed in combination. - See the [arkenfox wiki](https://github.com/arkenfox/user.js/wiki/4.1-Extensions) for more information on the obsolescence and purposelessness of many popular extensions, and why you may only need a very limited set.
✳️ Notable Mentions > - [Extension source viewer](https://addons.mozilla.org/en-US/firefox/addon/crxviewer) - A handy extension for viewing the source code of another browser extension, which is a useful tool for verifying the code does what it says

⬆️ [Back to Top]

Mobile Apps

⚠️ Word of Warning > Too many installed apps will increase your attack surface - only install applications that you need. Be sure to check the permissions, and what data an app has access to prior to installation. Only install from official sources.
✳️ Notable Mentions > For more open source security & privacy apps, check out these publishers: > [The Guardian Project](https://play.google.com/store/apps/dev?id=6502754515281796553), > [The Tor Project](https://play.google.com/store/apps/developer?id=The+Tor+Project), > [Oasis Feng](https://play.google.com/store/apps/dev?id=7664242523989527886), > [Marcel Bokhorst](https://play.google.com/store/apps/dev?id=8420080860664580239), > [SECUSO Research Group]( https://play.google.com/store/apps/developer?id=SECUSO+Research+Group&hl=en_US) > and [Simple Mobile Tools](https://play.google.com/store/apps/dev?id=9070296388022589266) - > all of which are trusted developers or organisations, who've done amazing work. > > For offensive and defensive security, see > The Kali [Nethunter Catalogue](https://store.nethunter.com/en/packages) of apps > > For *advanced* users, the following tools can be used to closely monitor > your devise and networks, in order to detect any unusual activity. > [PortDroid] for network analysis, [Packet Capture] to monitor network > traffic, [SysLog] for viewing system logs, [Dexplorer] to read .dex or .apk files > for your installed apps, and [Check and Test] to check status and details of devices hardware. >

⬆️ [Back to Top]

Online Tools

A selection of free online tools and utilities, to check, test and protect your security

⚠️ Word of Warning > Browsers are inherently insecure, be careful when uploading, or entering personal details.

⬆️ [Back to Top]

Networking

Virtual Private Networks

⚠️ Word of Warning > - *A VPN does not make you anonymous - it merely changes your public IP address to that of your VPN provider, instead of your ISP. Your browsing session can still be linked back to your real identity either through your system details (such as user agent, screen resolution even typing patterns), cookies / session storage, or by the identifiable data that you enter. [Read more about fingerprinting](https://pixelprivacy.com/resources/browser-fingerprinting/)* - *Logging - If you choose to use a VPN because you do not agree with your ISP logging your full browsing history, then it is important to keep in mind that your VPN provider can see (and mess with) all your traffic. Many VPNs claim not to keep logs, but you cannot be certain of this ([VPN leaks](https://vpnleaks.com/)). See [this article](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) for more* - *IP Leaks - If configured incorrectly, your IP may be exposed through a DNS leak. This usually happens when your system is unknowingly accessing default DNS servers rather than the anonymous DNS servers assigned by an anonymity network or VPN. Read more: [What is a DNS leak](https://www.dnsleaktest.com/what-is-a-dns-leak.html), [DNS Leak Test](https://www.dnsleaktest.com), [How to Fix a DNS Leak](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html)* - *Stealth - It will be visible to your adversary that you are using a VPN (usually from the IP address), but other system and browser data, can still reveal information about you and your device (such as your local time-zone, indicating which region you are operating from)* - *Many reviews are sponsored, and hence biased. Do your own research, or go with one of the above options* - *Using [Tor](https://www.torproject.org) (or another [Mix Network](/5_Privacy_Respecting_Software.md#mix-networks)) may be a better option for anonimity*
✳️ Notable Mentions > If you don't trust a VPN provider not to keep logs, then you could self-host your own VPN. This gives you you total control, but at the cost of anonymity (since your cloud provider, will require your billing info). See [Streisand](https://github.com/StreisandEffect/streisand), to learn more, and get started with running a VPN. [Digital Ocean](https://m.do.co/c/3838338e7f79) provides flexible, secure and easy Linux VMs, (from $0.007/hour or $5/month), Here is a [1-click install script](http://dovpn.carlfriess.com/)for on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess. > Recently distributed self-hosted solutions for running your own VPNs have become more popular, with services like [Outline](https://getoutline.org/) letting you spin up your own instance and share it with friends and family. Since it's distributed, it is very resistant to blocking, and gives you world-wide access to the free and open internet. And since you have full control over the server, you can be confident that there is no logging or monitoring happening. However it comes at the cost of anonymity, especially if it's only you using your instance.
ℹ️ Further Info > *While choosing a VPN, consider the following: Logging policy (logs are bad), Jurisdiction (avoid 5-eyes), Number of servers, availability and average load. Payment method (anonymous methods such as BTC, Monero or cash are better), Leak protection (1st-party DNS servers = good, and check if IPv6 is supported), protocols (OpenVPN and WireGuard = good). Finally, usability of their apps, user reviews and download speeds.*

⬆️ [Back to Top]

Self-Hosted Network Security

Fun little projects that you can run on a Raspberry Pi, or other low-powered computer. In order to help detect and prevent threats, monitor network and filter content

⬆️ [Back to Top]

Mix Networks

⚠️ Word of Warning > To provide low-latency browsing, Tor does not mix packets or generate cover traffic. If an adversary is powerful enough, theoretically they could either observe the entire network, or just the victims entry and exit nodes. It's worth mentioning, that even though your ISP can not see what you are doing, they will be able determine that you are using a mix net, to hide this - a VPN could be used as well. If you are doing anything which could put you at risk, then good OpSec is essential, as the authorities have traced criminals through the Tor network before, and [made arrests](https://techcrunch.com/2019/05/03/how-german-and-us-authorities-took-down-the-owners-of-darknet-drug-emporium-wall-street-market). Don't let Tor provide you a false sense of security - be aware of information leaks through DNS, other programs or human error. Tor-supported browsers may might lag behind their upstream forks, and include exploitable unpatched issues. See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19) Note: The Tor network is run by the community. If you benefit from using it and would like to help sustain uncensored internet access for all, consider [running a Tor relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide)
✳️ Notable Mentions > - [GNUnet](https://gnunet.org/en) > - [IPFS](https://ipfs.io) > - [ZeroNet](https://zeronet.io) > - [Panoramix](https://panoramix-project.eu) > - [Nym](https://nymtech.net)
ℹ️ Further Info > Tor, I2P and Freenet are all anonymity networks - but they work very differently and each is good for specific purposes. So a good and viable solution would be to use all of them, for different tasks. *You can read more about how I2P compares to Tor, [here](https://blokt.com/guides/what-is-i2p-vs-tor-browser)*

⬆️ [Back to Top]

Proxies

A proxy acts as a gateway between you and the internet, it can be used to act as a firewall or web filter, improves privacy and can also be used to provide shared network connections and cache data to speed up common requests. Never use a free proxy.

⚠️ Word of Warning > [Malicious Proxies](https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-edward_zaborowski-doppelganger.pdf) are all too common. Always use open source software, host it yourself or pay for a reputable cloud service. Never use a free proxy; it can monitor your connection, steal cookies and contain malware. VPNs are a better option, better still - use the Tor network.
✳️ Notable Mentions > [V2ray-core](https://github.com/v2ray/v2ray-core) is a platform for building > proxies to bypass network restrictions and protect your privacy. > See [more](https://github.com/hugetiny/awesome-vpn) >

⬆️ [Back to Top]

DNS Providers

Without using a secure, privacy-centric DNS all your web requests can be seen in the clear. You should configure your DNS queries to be managed by a service that respects privacy and supports DNS-over-TLS, DNS-over-HTTPS or DNSCrypt.

⚠️ Word of Warning > Using an encrypted DNS resolver will not make you anonymous, it just makes it harder for third-partied to discover your domain history. If you are using a VPN, take a [DNS leak test](https://www.dnsleaktest.com/), to ensure that some requests are not being exposed.
✳️ Notable Mentions > - [Quad9](https://www.quad9.net) - A well-funded, performant DNS with a strong focus on privacy and security and easy set-up, however questions have been raised about the motivation of some of the financial backers. > - [BlahDNS](https://blahdns.com) - (Japan, Finland or Germany) is an excellent security-focused DNS> - [OpenNIC](https://www.opennic.org/) - [NixNet DNS](https://nixnet.services/dns) and [UncensoredDNS](https://blog.uncensoreddns.org) are open source and democratic, privacy-focused DNS > - [Unbound](https://nlnetlabs.nl/projects/unbound/about) - A validating, recursive, caching DNS resolver, designed to be fast and lean. Incorporates modern features and based on open standards > - [Clean Browsing](https://cleanbrowsing.org) - A good option for protecting kids, they offer comprehensive DNS-based Content Filtering > - [Mullvad](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) - Mullvads public DNS with QNAME minimization and basic ad blocking. It has been audited by the security experts at Assured. You can use this privacy-enhancing service even if you don't use Mullvad.
ℹ️ Further Info > #### DNS Protocols DNS-over-TLS was proposed in [RTC-7858](https://tools.ietf.org/html/rfc7858) by the IETF, then 2 years later, the DNS-over-HTTPS specification was outlined in [RFC8484](https://tools.ietf.org/html/rfc8484) in October '18. [DNSCrypt](https://dnscrypt.info/), is a protocol that authenticates communications between a DNS client and a DNS resolver. It prevents DNS spoofing, through using cryptographic signatures to verify that responses originate from the chosen DNS resolver, and haven't been tampered with. DNSCrypt is a well battle-tested protocol, that has been in use since 2013, and is still widely used.

⬆️ [Back to Top]

DNS Clients

⬆️ [Back to Top]

Firewalls

A firewall is a program which monitors the incoming and outgoing traffic on your network, and blocks requests based on rules set during its configuration. Properly configured, a firewall can help protect against attempts to remotely access your computer, as well as control which applications can access which IPs.

⚠️ Word of Warning > There are different [types](https://www.networkstraining.com/different-types-of-firewalls) of firewalls, that are used in different circumstances. This does not omit the need to configure your operating systems defences. Follow these instructions to enable your firewall in [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off), [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall) and other [Linux distros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall). Even when properly configured, having a firewall enabled does not guarantee bad network traffic can not get through and especially during boot if you don't have root privileges.

⬆️ [Back to Top]

Ad Blockers

There are a few different ways to block ads - browser-based ad-blockers, router-based / device blockers or VPN ad-blockers. Typically they work by taking a maintained list of hosts, and filtering each domain/ IP through it. Some also have other methods to detect certain content based on pattern matching

✳️ Notable Mentions > [AdGuardHome](https://github.com/AdguardTeam/AdGuardHome) is a cross-platform DNS Ad Blocker, > similar to Pi Hole, but with some additional features, like parental controls, > per-device configuration and the option to force safe search. > This may be a good solution for families with young children. > > Some VPNs have ad-tracking blocking features, such as > [TrackStop with PerfectPrivacy](https://www.perfect-privacy.com/en/features/trackstop?a_aid=securitychecklist). > > [Private Internet Access](https://www.privateinternetaccess.com/), > [CyberGhost](https://www.cyberghostvpn.com/), > [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740), > and [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) also have ad-block features. > But do not meet security/privact requirements to be included. >

⬆️ [Back to Top]

Host Block Lists

⬆️ [Back to Top]

Router Firmware

Installing a custom firmware on your Wi-Fi router gives you greater control over security, privacy and performance

⚠️ Word of Warning > Flashing custom firmware may void your warranty. If power is interrupted mid-way through a firmware install/ upgrade it is possible for your device to become bricked. So long as you follow a guide, and use a well supported system, on a supported router, than it should be safe
✳️ Notable Mentions > - [Tomato](https://www.polarcloud.com/tomato) > - [Gargoyle](https://www.gargoyle-router.com) > - [LibreCMC](https://librecmc.org) > - [DebWRT](http://www.debwrt.net)

⬆️ [Back to Top]

Network Analysis

Whether you live in a country behind a firewall, or accessing the internet through a proxy - these tools will help you better understand the extent of blocking, deep packet inspection and what data is being analysed

⬆️ [Back to Top]

Intrusion Detection

An IDS is an application that monitors a network or computer system for malicious activity or policy violations, and notifies you of any unusual or unexpected events. If you are running a server, then it's essential to know about an incident as soon as possible, in order to minimize damage.

⬆️ [Back to Top]

Cloud Hosting

Whether you are hosting a website and want to keep your users data safe, or if you are hosting your own file backup, cloud productivity suite or VP - then choosing a provider that respects your privacy and allows you to sign up anonymously, and will keep your files and data safe is be important.

⚠️ Word of Warning > The country that your data is hosted in, will be subject to local laws and regulations. It is therefore important to avoid a jurisdiction that is part of the [5 eyes](https://en.wikipedia.org/wiki/Five_Eyes) (Australia, Canada, New Zealand, US and UK) and [other international cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives) who have legal right to view your data.
✳️ Notable Mentions > See also: [1984](https://www.1984.is) based in Iceland. > [Shinjiru](http://shinjiru.com?a_aid=5e401db24a3a4), which offers off-shore dedicated servers. > [Orange Website](https://www.orangewebsite.com) specialises in protecting online privacy and free speech, hosted in Iceland. > [RackBone](https://rackbone.ch) (previously DataCell) provides secure and ethical hosting, based in Switzerland. > And [Bahnhof](https://www.bahnhof.net) offers high-security and ethical hosting, with their data centres locates in Sweden. > Finally [Simafri](https://www.simafri.com/anonymous) has a range of packages, that support Tor out of the box >

⬆️ [Back to Top]

Domain Registrars

⬆️ [Back to Top]

DNS Hosting

⬆️ [Back to Top]

Mail Servers

⚠️ Word of Warning > Self-hosting your own mail server is not recommended for everyone, it can be time consuming to setup and maintain and securing it correctly is critical

⬆️ [Back to Top]

Productivity

Digital Notes

✳️ Notable Mentions > If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www.getsaferoom.com) > is a utility that encrypts your entire notebook, before it is uploaded to the cloud. > > [Org Mode](https://orgmode.org) is a mode for [GNU Emacs](https://www.gnu.org/software/emacs/) > dedicated to working with the Org markup format. Org can be thought of as > a more featureful Markdown alternative, with support for keeping notes, > maintaining todo lists, planning projects, managing spreadsheets, and > authoring documents -all in plaintext. > > For a simple plain text note taking app, with strong encryption, see > [Protected Text](https://www.protectedtext.com), which works well with the > [Safe Notes](https://play.google.com/store/apps/details?id=com.protectedtext.android) Android app. > [Laverna](https://laverna.cc/) is a cross-platform secure notes app, > where all entries are formatted with markdown. >

⬆️ [Back to Top]

Calendar

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Backup and Sync

⚠️ Word of Warning > You should always ensure that any data stored in the cloud is encrypted. If you are hosting your own server, then take the necessary precautions to [secure the server](https://med.stanford.edu/irt/security/servers.html). For hosted solutions - use a strong password, keep your credentials safe and enable 2FA.
✳️ Notable Mentions > Alternatively, consider a headless utility such as [Duplicacy](https://duplicacy.com) > or [Duplicity](http://duplicity.nongnu.org). > Both of offer an encrypted and efficient sync between 2 or more locations, > using the [rsync](https://linux.die.net/man/1/rsync) algorithm. > > [SpiderOak](https://spideroak.com), [Tresorit](https://tresorit.com) and > [Resilio](https://www.resilio.com/individuals) > are good enterprise solutions, all with solid encryption baked-in > > [FileRun](https://filerun.com) and [Pydio](https://pydio.com) > are self-hosted file explorers, with cross-platform sync capabilities. >

⬆️ [Back to Top]

Cloud Productivity Suites

⬆️ [Back to Top]

Encrypted Cloud Storage

Backing up important files is essential, and keeping an off-site copy is recommended. But many free providers do not respect your privacy, and are not secure enough for sensitive documents. Avoid free mainstream providers, such as Google Drive, cloud, Microsoft Overdrive, Dropbox.

It is recommended to encrypt files on your client machine, before syncing to the cloud. Cryptomator is a cross-platform, open source encryption app, designed for just this.

✳️ Notable Mentions > An alternative option, is to use a cloud computing provider, and implement > the syncing functionality yourself, and encrypt data locally before > uploading it - this may work out cheaper in some situations. > You could also run a local server that you physically own at a secondary location, > that would mitigate the need to trust a third party cloud provider. > Note that some knowledge in securing networks is required. >

⬆️ [Back to Top]

File Drop

✳️ Notable Mentions > [Instant.io](https://github.com/webtorrent/instant.io), is another peer-to-peer based solution, > using [Web Torrent](https://webtorrent.io). > > For specifically transferring images, [Up1](https://github.com/Upload/Up1) is a good self-hosted option, with client-side encryption. > > Finally [PsiTransfer](https://github.com/psi-4ward/psitransfer) is a feature-rich, self-hosted file drop, using streams. >

⬆️ [Back to Top]

Browser Sync

✳️ Notable Mentions > [Ymarks](https://ymarks.org) is a C-based self-hosted bookmark synchronization > server and [Chrome](https://chrome.google.com/webstore/detail/ymarks/gefignhaigoigfjfbjjobmegihhaacfi) extension. > > [syncmarx](https://syncmarx.gregmcleod.com) uses your cloud storage to sync > bookmarks ([Chrome](https://chrome.google.com/webstore/detail/syncmarx/llcdegcpeheociggfokjkkgciplhfdgg) > and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/syncmarx/)). > > [NextCloud Bookmarks](https://apps.nextcloud.com/apps/bookmarks) has several community browser extensions, > inducing [FreedomMarks](https://addons.mozilla.org/en-US/firefox/addon/freedommarks/) (Firefox) and > [OwnCloud Bookmarks](https://chrome.google.com/webstore/detail/owncloud-bookmarks/eomolhpeokmbnincelpkagpapjpeeckc) (Chrome). > > Finally, [Turtl Notes](https://turtlapp.com) has excellent link saving functionality built-in > > [RainDrop](https://raindrop.io) is a fully-featured all-in-1 bookmarking and web-snip suite. > It has a beautiful UI, good data controls and some very handy integrations and features. > Available on desktop, mobile, web and through a browser extension. > The catch is that it is not open source, there is a free and premium plan, but no option for self-hosting. >

⬆️ [Back to Top]

Secure Conference Calls

With the many, many security issues with Zoom, and other mainstream options, it becomes clear that a better, more private and secure alternative is required. As with other categories, the "best video calling app" will be different for each of us, depending on the ratio of performance + features to security + privacy required in your situation.

✳️ Notable Mentions > [Apache OpenMeetings](https://openmeetings.apache.org) provides self-hosted > video-conferencing, chat rooms, file server and tools for meetings. > > [together.brave.com](https://together.brave.com) is Brave's Jitsi Fork. > > For remote learning, [BigBlueButton](https://bigbluebutton.org) is self-hosted conference call software, > aimed specifically at schools and Universities. > It allows for the host/ teacher to have full control over the session, > and provides high-quality video streaming, multi-user whiteboards, > breakout rooms, and instant chat. >

⬆️ [Back to Top]

Utilities

Virtual Machines

A virtual machine (VM) is a sandboxed operating system, running within your current system. Useful for compartmentalisation and safely testing software, or handling potentially malicious files

✳️ Notable Mentions > [QEMU](https://wiki.qemu.org/Main_Page) is a virtual hardware emulation tool, > meaning it is less appropriate for creating fully independant sandboxes, > but performance is considerable better than that of a traditional virtual machine. > > [VMWare](https://www.vmware.com/) is popular in the enterprise world, > it is not open source, and although there is a free version, a license > is required to access all features. VMWare performs very well when running > on a server, with hundreds of hosts and users. > > For Mac users, [Parallels](https://www.parallels.com/uk/) is a popular > option which performs really well, but again is not open source. > > For Windows users, there's > [Hyper-V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v), > which is a native Windows product, developed by Microsoft. >

⬆️ [Back to Top]

PGP Managers

Tools for signing, verifying, encrypting and decrypting text and files using GnuPG standard

⬆️ [Back to Top]

Metadata Removal

Exif/ Metadata is "data about data", this additional information attached to files can lead us to share significantly more information than we intended to.

For example, if you upload an image of a sunset to the internet, but don't remove the metadata, it may reveal the location (GPS lat + long) of where it was taken, the device is was taken on, precise camera data, details about modifications and the picture source + author. Social networks that remove metadata from your photos, often collect and store it, for their own use. This could obviously pose a security risk, and that is why it is recommended to strip out this data from a file before sharing.

✳️ Notable Mentions > It's possible (but slower) to do this without a third-party tool. > For Windows, right click on a file, and go to: `Properties --> Details --> Remove Properties --> Remove from this File --> Select All --> OK`. > > Alternatively, with [ImageMagic](https://imagemagick.org) installed, just run > `convert -strip path/to/image.png` to remove all metadata. > > If you have [GIMP](https://www.gimp.org) installed, then just go to `File --> Export As --> Export --> Advanced Options --> Uncheck the "Save EXIF data" option`. > > Often you need to perform meta data removal programmatically, as part of a script or automation process. > - GoLang: [go-exif](https://github.com/dsoprea/go-exif) by @dsoprea > - JS: [exifr](https://github.com/MikeKovarik/exifr) by @MikeKovarik > - Python: [Piexif](https://github.com/hMatoba/Piexif) by @hMatoba > - Ruby: [Exif](https://github.com/tonytonyjan/exif) by @tonytonyjan > - PHP: [Pel](https://github.com/pel/pel) by @mgeisler >

⬆️ [Back to Top]

Data Erasers

Simply deleting data, does not remove it from the disk, and recovering deleted files is a simple task.

Therefore, to protect your privacy, you should erase/ overwrite data from the disk, before you destroy, sell or give away a hard drive.

✳️ Notable Mentions > There's no need to use a third-party tool. You can boot into a UNIX-based > system, mount the disk you need to erase, and use a command to write it > with arbitrary data. For best results, this process should be repeated > several times. This is a good way to wipe a disk, before selling or > destroying it, to protect your data. > > Such as the [`dd`](https://en.wikipedia.org/wiki/Dd_%28Unix%29) command, > is a tool to convert and copy files, but running > `sudo dd if=/dev/zero of=/dev/sdX bs=1M` will quickly overwrite the whole disk with zeros. > Or [badblocks](https://linux.die.net/man/8/badblocks) which is intended to search for all bad blocks, > but can also be used to write zeros to a disk, > by running `sudo badblocks -wsv /dev/sdd`. > > An effective method of erasing an SSD, it to use [hdparm](https://en.wikipedia.org/wiki/Hdparm) > to issue a [secure erase](https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security) > command, to your target storage device, > for this, see step-by-step instructions via: [wiki.kernel.org](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase). > > Finally, [srm](https://www.systutorials.com/docs/linux/man/1-srm/) can be > use to securely remove files or directories, just run `srm -zsv /path/to/file` > for a single pass over. >

⬆️ [Back to Top]

Operating Systems

Mobile Operating Systems

If you are an Android user, your device has Google built-in at its core. Google tracks you, collecting a wealth of information, and logging your every move.

A custom ROM, is an open source, usually Google-free mobile OS that can be flashed to your device.

⚠️ Word of Warning > It is not recommended to root, or flash your device with a custom ROM if you are not an advanced user. There are risks involved - Although the above ROMs omit Google, they do open up other security issues: Without DM-verity on the system partition, the file system *could* be tampered with, and no verified boot stack, the kernel/initramfs also *could* be edited. You should understand the risks, before proceeding to flash a custom ROM to your device - You will need to rely on updates from the community, which could be slower to be released - this may be an issue for a time-urgent, security-critical patch - It is also possible to brick your device, through interrupted install or bad software - Finally, rooting and flashing your device, will void your warranty
✳️ Notable Mentions > [Replicant OS](https://www.replicant.us/) is a fully-featured distro, > with an emphasis on freedom, privacy and security. > > [OmniRom](https://www.omnirom.org/), > [Resurrection Remix OS](https://resurrectionremix.com/) > and [Paranoid Android](http://paranoidandroid.co/) are also popular options. > > Alternatively, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS. > It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store. > > To install apps on the Play Store without using the Play Store app see > [Aurora Store](https://gitlab.com/AuroraOSS/AuroraStore). > For Google Play Service see [MicroG](https://microg.org/) >

⬆️ [Back to Top]

Desktop Operating Systems

Windows and MacOS have many features that violate your privacy. Microsoft and Apple are able to collect all your data (including, but not limited to: keystrokes, searches and mic input, calendar data, music, photos, credit card information and purchases, identity, passwords, contacts, conversations and location data). Microsoft Windows is also more susceptible to malware and viruses, than alternative systems.

Switching to Linux is a great choice in terms of security and privacy - you don't need necessarily need to use a security distro, any well-maintained stable distro is going to be considerably better than a proprietary OS

✳️ Notable Mentions > [Septor](https://septor.sourceforge.io/) is a Debian-based distro with the > KDE Plasma desktop environment, and Tor baked-in. Designed for surfing the > web anonymously, and completing other internet-based activities (with > Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare). > Septor is light-weight, but comes bundled with all the essential privacy + > security utilities (including: Gufw, Ark, Sweeper, KGpg, Kleopatra, > KWallet, VeraCrypt, Metadata Anonymisation Toolkit and more). > > [Subgraph OS](https://subgraph.com) is designed to be an *adversary resistant > computing platform*, it includes strong system-wide attack mitigations, > and all key applications run in sandbox environments. Subgraph is still > in beta (at the time of writing), but still is well tested, and has some > nice anonymization features > > For defensive security, see [Kali](https://www.kali.org) and [BlackArch](https://blackarch.org), > both are bundled with hundreds of security tools, ready for pretty much any job > (not reccomended as a daily driver!) > > Other security-focused distros include: [TENS OS](https://www.tens.af.mil/), > [Fedora CoreOS](https://getfedora.org/coreos?stream=stable), > [Kodachi](https://www.digi77.com/linux-kodachi/) and [IprediaOS](https://www.ipredia.org) > (Avoid systems that are not being actively maintained) >
ℹ️ Further Info > #### General Purpose Linux Distros If you do not want to use a specalist security-based distro, or you are new to Unix - then just switching to any well-maintained Linux distro, is going to be significantly more secure and private than Windows or Mac OS. Since it is open source, major distros are constantly being audited by members of the community. Linux does not give users admin rights by default - this makes is much less likely that your system could become infected with malware. And of course, there is no proprietary Microsoft or Apple software constantly monitoring everything you do. Some good distros to consider would be: **[Fedora](https://getfedora.org/)**, **[Debian](https://www.debian.org/)**, or **[Arch](https://www.archlinux.org/)**- all of which have a large community behind them. **[Manjaro](https://manjaro.org/)** (based of Arch) is a good option, with a simple install process, used by new comers, and expers alike. **[POP_OS](https://pop.system76.com/)** and **[PureOS](https://www.pureos.net/)** are reasonably new general purpose Linux, with a strong focus on privacy, but also very user-friendly with an intuitive interfac and install process. See [Detailed Comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions). #### BSD BSD systems arguably have far superior network stacks. **[OpenBSD](https://www.openbsd.org)** is designed for maximum security — not just with its features, but with its implementation practices. It's a commonly used OS by banks and critical systems. **[FreeBSD](https://www.freebsd.org)** is more popular, and aims for high performance and ease of use. #### Windows Two alternative options for Windows users are Windows 10 AME (ameliorated) project and the LTSC stream. - **[Windows 10 AME](https://ameliorated.info/)** AME project aims at delivering a stable, non-intrusive yet fully functional build of Windows 10 to anyone, who requires the Windows operating system natively. Core applications, such as the included Edge web-browser, Windows Media Player, Cortana, as well as any appx applications (appx apps will no longer work), have also been successfully eliminated. The total size of removed files is about 2 GB. Comes as a pre-built ISO or option to build from scratch with de-bloat scripts. Strong, supportive community on Telegram. - **[Windows 10 LTSC](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/)** LTSC provides several security benefits over a standard Win 10 Installation. LTSC or Long Term Servicing Channel is a lightweight, low-cost Windows 10 version, that is intended for specialized systems, and receives less regular feature updates. What makes it appealing, is that it doesn't come with any bloatware or non-essential applications, and needs to be configured from the ground up by the user. This gives you much better control over what is running on your system, ultimately improving security and privacy. It also includes several enterprise-grade [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security), which are not available in a standard Windows 10 instance. It does require some technical knowledge to get started with, but once setup should perform just as any other Windows 10 system. Note that you should only download the LTSC ISO from the Microsoft's [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise) #### Improve the Security and Privacy of your current OS After installing your new operating system, or if you have chosen to stick with your current OS, there are a couple of things you can do to improve security. See: [Windows 10 security guide](https://heimdalsecurity.com/en/windows-10-security-guide/privacy), [Mac OS security guide](https://spreadprivacy.com/mac-privacy-tips/) or [Linux security guide](https://spreadprivacy.com/linux-privacy-tips/).

⬆️ [Back to Top]

Linux Defenses

✳️ Notable Mentions > [SecTools.org](https://sectools.org) is a directory or popular Unix security tools. >

⬆️ [Back to Top]

Windows Defences

⚠️ Word of Warning > (The above software was last tested on 01/05/20). Many of the above tools are not necessary or suitable for beginners, and can cause your system to break - only use software that you need, according to your threat model. Take care to only download from an official/ legitimate source, verify the executable before proceeding, and check reviews/ forums. Create a system restore point, before making any significant changes to your OS (such as disabling core features). From a security and privacy perspective, Linux may be a better option.
✳️ Notable Mentions > See also these lists: > - [github.com/Awesome-Windows/Awesome#security](https://github.com/Awesome-Windows/Awesome#security) > - [github.com/PaulSec/awesome-windows-domain-hardening](https://github.com/PaulSec/awesome-windows-domain-hardening) > - [github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses](https://github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses) >

⬆️ [Back to Top]

Mac OS Defences

⬆️ [Back to Top]

Anti-Malware

Cross-platform, open source malware detection and virus prevention tools

⚠️ Word of Warning > For Microsoft Windows, Windows Defender provides totally adequate virus protection in most cases. These tools are intended for single-use in detecting/ removing threats on an infected machine, and are not recommended to be left running in the background, use portable editions where available. Many anti virus products have a history of introducing vulnerabilities themselves, and several of them seriously degrade the performance of your computer, as well as decrease your privacy. Never use a free anti-virus, and never trust the companies that offer free solutions, even if you pay for the premium package. This includes (but not limited to) Avast, AVG, McAfee and Kasperky. For AV to be effective, it needs intermate access to all areas of your PC, so it is important to go with a trusted vendor, and monitor its activity closely.
✳️ Notable Mentions > For 1-off malware scans on Windows, [MalwareBytes](https://www.malwarebytes.com) > is portable and very effective, but [not open source](https://forums.malwarebytes.com/topic/5495-open-source) >

⬆️ [Back to Top]

Development

Code Hosting

⬆️ [Back to Top]

IDEs

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Terminal Emulators

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Smart Home & IoT

Voice Assistants

Google Assistant, Alexa and Siri don't have the best reputation when it comes to protecting consumers privacy, there have been many recent breaches.

For that reason it is recommended not to have these devices in your house. The following are open source AI voice assistants, that aim to provide a human voice interface while also protecting your privacy and security

⚠️ Word of Warning > If you are building your own assistant, you may want to consider a hardware-switch for disabling the microphone. Keep tabs on issues and check the code, to ensure you are happy with how it works, from a privacy perspective.
✳️ Notable Mentions > If you choose to continue using Google Home/ Alexa, then check out > **[Project Alias](https://github.com/bjoernkarmann/project_alias)**. > It's a small app that runs on a Pi, and gives you more control over your smart assistants, for both customisation and privacy. > > For a desktop-based assistant, see > [Dragonfire](https://github.com/DragonComputer/Dragonfire) for Ubuntu, > and [Jarvis](https://github.com/sukeesh/Jarvis) for MacOS. > > [LinTO](https://linto.ai), [Jovo](https://www.jovo.tech) and [Snips](https://snips.ai) > are private-by-design voice assistant frameworks that can be built on by developers, > or used by enterprises. > > [Jasper](https://jasperproject.github.io), > [Stephanie](https://github.com/SlapBot/stephanie-va) and > [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore. > See also [OpenAssistant](https://openassistant.org). >

⬆️ [Back to Top]

Smart Home

⬆️ [Back to Top]

Finance

Cryptocurrencies

⚠️ Word of Warning > Not all cryptocurrencies are anonymous, and without using a privacy-focused coin, a record of your transaction will live on a publicly available distributed ledger, forever. If you send of receive multiple payments, ensure you switch up addresses or use a mixer, to make it harder for anyone trying to trace your transactions. Cryptocurrencies that allow private and public transactions may reveal meta data about your transactions and balances when funds are moving from private to public addresses which can compromise your privacy with methods similar to a knapsack problem. Always store private keys somewhere safe, but offline Note: Cryptocurrency prices can go down. Storing any wealth in crypto may result in losses. If you are new to digital currencies - do your research first, don't invest more than you can afford to loose, and be very weary crypto-related scams are very common. as is and cryptocurrency-related malware. **This is NOT financial advice**
✳️ Notable Mentions > Other privacy-focused cryptocurrencies include: > [PIVX](https://pivx.org), > [Verge](https://vergecurrency.com), and [Piratechain](https://pirate.black/). >
ℹ️ Further Info > It is still possible to use currencies that have a public ledger 'privately', but you will need to take great care not to cause any transactions to be linked with your identity or activity. For example, avoid exchanges that require KYC, and consider using a service such as [Local Bitcoins](https://localbitcoins.net). If you use a [Bitcoin ATM](https://coinatmradar.com), then take care to not be physically tracked (CCTV, phone location, card payments etc)

⬆️ [Back to Top]

Crypto Wallets

⚠️ Word of Warning > Avoid using any online/ hot-wallet, as you will have no control over the security of your private keys. Offline paper wallets are very secure, but ensure you store it properly - to keep it safe from theft, loss or damage.
✳️ Notable Mentions > [Metamask](https://metamask.io/) (Ethereum and ERC20 tokens) is a bridge > that allows you to visit and interact with distributed web apps in your browser. > Metamask has good hardware wallet support, so you can use it to swap, stake, > sign, lend and interact with dapps without you're private key ever leaving your device. > However the very nature of being a browser-based app means that you need to stay vigilant with what services you give access to. >

⬆️ [Back to Top]

Crypto Exchanges

✳️ Notable Mentions > For traders, [BaseFEX](https://www.basefex.com/) doesn't require ID and has a good privacy policy. > > [BitMex](https://www.bitmex.com/) has more advanced trading features, > but ID verification is required for higher value trades involving Fiat currency. > > For buying and selling alt-coins, [Binance](https://www.binance.com/en/register?ref=X2BHKID1) has a wide range of currencies, > ~and ID verification is not needed for small-value trades~ but ID verification is required in most countries. >

⬆️ [Back to Top]

Virtual Credit Cards

Virtual cards generated provide an extra layer of security, improve privacy and help protect from fraud. Most providers have additional features, such as single-use cards (that cannot be charged more than once), card limits (so you can be sure you won't be charged more than you expected) and other security controls.

In most countries KYC is required. The bank will of course be able to see all your transactions. Be sure to read their privacy policy and terms of service beforehand. Not all services are available in all countries.

⬆️ [Back to Top]

Other Payment Methods

⚠️ Word of Warning > Note that credit card providers heavily track transaction metadata, which build up a detailed picture of each persons spending habits. This is done both to provide improved fraud alerts, but also because the data is extremely valuable and is often 'anonymized' and sold to 3rd parties. Hence your privacy is degraded if these cards are used for daily transactions
ℹ️ Further Info > Paying for goods and services is a good example of where privacy and security conflict; the most secure option would be to pay with credit card, since most providers include comprehensive fraud protection, whereas the most private option would be to pay using crypto currency or cash, since neither can be easily tied back to your identity.

⬆️ [Back to Top]

Secure Budgeting

✳️ Notable Mentions > Spreadsheets remain a popular choice for managing budgets and financial planning. > [Collabora](https://nextcloud.com/collaboraonline) or > [OnlyOffice](https://nextcloud.com/onlyoffice) (on [NextCloud](https://nextcloud.com)), > [Libre Office](https://www.libreoffice.org) and [EtherCalc](https://ethercalc.net) > are popular open source spread sheet applications. [Mintable](https://github.com/kevinschaich/mintable) > allows you to auto-populate your spreadsheets from your financial data, > using publicly accessible API - mitigating the requirement for a dedicated budgeting application. > > Other notable open source budgeting applications include: > [Smart Wallet](https://apps.apple.com/app/smart-wallet/id1378013954) (iOS), > [My-Budget](https://rezach.github.io/my-budget) (Desktop), > [MoneyManager EX](https://www.moneymanagerex.org), > [Skrooge](https://skrooge.org), > [kMyMoney](https://kmymoney.org) and > [Budget Zen](https://budgetzen.net) (a simple E2E encrypted budget manager) >

⬆️ [Back to Top]

Social

Social Networks

Over the past decade, social networks have revolutionized the way we communicate and bought the world closer together - but it came at the cost of our privacy.

Social networks are built on the principle of sharing - but you, the user should be able to choose with whom you share what, and that is what the following sites aim to do.

✳️ Notable Mentions > - [diaspora\*](https://diasporafoundation.org), [Pleroma](https://pleroma.social), [Friendica](https://friendi.ca) and [Hubzilla ](https://hubzilla.org) - distributed, decentralized social networks, built on open protocols > - [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit) > - [Pixelfed](https://pixelfed.org) - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram) >
ℹ️ Further Info > The content on many of these smaller sites tends to be more *niche*. To continue using Twitter, there are a couple of [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy), that will improve security. For Reddit, use a privacy-respecting client - such as [Reditr](http://reditr.com/). Other main-stream social networking sites do not respect your privacy, so should be avoided, but if you choose to keep using them see [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy

⬆️ [Back to Top]

Video Platforms

⚠️ Word of Warning > Without moderation, some of these platforms accommodate video creators whose content may not be appropriate for all audiences
ℹ️ Further Info > #### YouTube Proxies The content on many of the smaller video sites, often just doesn't compare to YouTube. So another alternative, is to access YouTube through a proxy client, which reduces what Google can track. - Good options are: [Invidious](https://invidious.io/) (web), [Piped](https://piped.kavin.rocks) (web), [FreeTube](https://freetubeapp.io/) (Windows, Mac OS, Linux), [NewPipe](https://newpipe.schabi.org/) (Android), [YouTube++](https://iosninja.io/ipa-library/download-youtube-plus-ipa-ios) (iOS) - Or download videos with [youtube-dl](https://ytdl-org.github.io/youtube-dl/) (cli) or [youtube-dl-gui](https://github.com/MrS0m30n3/youtube-dl-gui) (gui). For just audio, there is [PodSync](https://podsync.net/) #### Video Search Engines [Petey Vid](https://www.peteyvid.com) is a non-biased video search engine. Unlike normal search engines it indexes videos from a lot of sources, including Twitter, Veoh, Instagram, Twitch, MetaCafe, Minds, BitChute, Brighteon, D-Tube, PeerTube, and many others.

⬆️ [Back to Top]

Blogging Platforms

✳️ Notable Mentions > If you use [Standard Notes](https://standardnotes.com/?s=chelvq36), > then [Listed.to](https://listed.to) is a public blogging platform with > strong privacy features. > It lets you publish posts directly through the Standard Notes app or web interface. > > Other minimalistic platforms include [Notepin.co](https://notepin.co) and [Pen.io](http://pen.io). > > Want to write a simple text post and promote it yourself? > Check out [telegra.ph](https://telegra.ph), [txt.fyi](https://txt.fyi) and [NotePin](https://notepin.co). > For seriously anonymous platforms, aimed at activists, see [noblogs](https://noblogs.org/) > and [autistici](https://www.autistici.org). > It is also possible to host a normal [WordPress](https://wordpress.com) site, > without it being linked to your real identity, although WP does not have > the best reputation when it comes to privacy. > > Of course you could also host your blog on your own server, > using a standard open source blog platform, such as > [Ghost](https://ghost.org) and configure it to disable all trackers, ads and analytics. >

⬆️ [Back to Top]

News Readers

⬆️ [Back to Top]

Proxy Sites

These are websites that enable you to access existing social media platforms, without using their primary website - with the aim of improving privacy & security and providing better user experience. The below options are open source (so can be self-hosted, if you wish), and they do not display ads or tracking (unless otherwise stated).

⚠️ Word of Warning > When proxies are involved - only use reputable services, and **never** enter any personal information
✳️ Notable Mentions > - [NewPipe](https://newpipe.schabi.org) - An open source, privacy-respecting YouTube client for Android.> - [FreeTube](https://freetubeapp.io) - An open source YouTube client for Windows, MacOS and Linux, providing a more private experience, with a native-feel desktop app. It is built upon the [Invidious](https://invidious.io/) API.

⬆️ [Back to Top]

Media

Gaming

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Media Servers

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Music Players

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Video Players

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Photo Viewers

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

E-Book Readers

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Podcast Players

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Torrent Downloaders

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

File Converters

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

Creativity

Image Editors

⬆️ [Back to Top]

Video Editors

⬆️ [Back to Top]

Audio Editors & Recorders

⬆️ [Back to Top]

Casting & Streaming

⬆️ [Back to Top]

Screenshot Tools

⚠️ This section is still a work in progress ⚠️
Check back soon, or help us complete it by submitting a pull request

⬆️ [Back to Top]

3D Graphics

⬆️ [Back to Top]

Animation

⬆️ [Back to Top]

Final Notes

Conclusion

Many corporations put profit before people, collecting data and exploiting privacy. They claim to be secure but without being open source it can't be verified, until there's been a breach and it's too late. Switching to privacy-respecting open source software will drastically help improving your security, privacy and anonymity online.

However, that's not all you need to do. It is also important to: use strong and unique passwords, 2-factor authentication, adopt good networking practices and be mindful of data that are collected when browsing the web. You can see the full personal security checklist for more tips to stay safe.

Important Considerations

Compartmentalise, Update and Be Ready
No piece of software is truly secure or private. Further to this, software can only as secure as the system it is running on. Vulnerabilities are being discovered and patched all the time, so you much keep your system up-to-date. Breaches occur regularly, so compartmentalise your data to minimise damage. It's not just about choosing secure software, you must also follow good security practices.

Attack Surface
It is a good idea to keep your trusted software base small, to reduce potential attack surface. At the same time trusting a single application for too many tasks or too much personal data could be a weakness in your system. So you will need to judge the situation according to your threat model, and carefully plan which software and applications you trust with each segment of your data.

Convenience Vs Security
There is often a trade-off between convenience and security. Construct a threat model, and choose a balance that is right for you. In a similar way in some situations there is privacy and security conflict (e.g. Find My Phone is great for security, but terrible for privacy, and anonymous payments may be good for privacy but less secure than insured fiat currency). Again it is about assessing your situation, understanding the risks and making an informed decision.

Hosted Vs Self-Hosted Considerations
When using a hosted or managed application that is open-source software - there is often no easy way to tell if the version running is the same as that of the published source code (even published signatures can be faked). There is always the possibility that additional backdoors may have been knowingly or unknowingly implemented in the running instance. One way round this is to self-host software yourself. When self-hosting you will then know for sure which code is running, however you will also be responsible for the managing security of the server, and so may not be recommended for beginners.

Open Source Software Considerations
Open source software has long had a reputation of being more secure than its closed source counterparts. Since bugs are raised transparently, fixed quickly, the code can be checked by experts in the community and there is usually little or no data collection or analytics. That being said, there is no piece of software that it totally bug free, and hence never truly secure or private. Being open source, is in no way a guarantee that something is safe. There is no shortage of poorly-written, obsolete or sometimes harmful open source projects on the internet. Some open source apps, or a dependency bundled within it are just plain malicious (such as, that time Colourama was found in the PyPI Repository)

Proprietary Software Considerations
When using a hosted or proprietary solution - always check the privacy policy, research the reputation of the organisation, and be weary about which data you trust them with. It may be best to choose open source software for security-critical situations, where possible.

Maintenance
When selecting a new application, ensure it is still being regularly maintained, as this will allow for recently discovered security issues to be addressed. Software in an alpha or beta phase, may be buggy and lacking in features, but more importantly - it could have critical vulnerabilities open to exploit. Similarly, applications that are no longer being actively maintained may pose a security risk, due to lack of patching. When using a forked application, or software that is based on an upstream code base, be aware that it may receive security-critical patches and updates at a slightly later date than the original application.

This List: Disclaimer
This list contains packages that range from entry-level to advanced, a lot of the software here will not be appropriate for all audiences. It is in no way a definitive list of secure applications, and aims only to be a guide, a collection of software and services that myself and other contributors have used, and would recommend. There will always be new vulnerabilities discovered or introduced, bugs and security-critical glitches, malicious actors and poorly configured systems. It is up to you to do your research, draw up a threat model, and decide where and how your data are managed.

If you find something on this list that should no longer be deemed secure or private/ or should have a warning note attached, please raise an issue. In the same way if you know of something that is missing, or would like to make an edit, then pull requests are welcome, and are much appreciated!

Further Reading

More Awesome Software Lists

This list was focused on privacy-respecting software. Below are other awesome lists, maintained by the community of open source software, categorised by operating system.

Security List

News & Updates
A custom Reddit feed covering news and updates for all the apps covered here can be found here

The Website

The easist way to browse Awesome Privacy, is via our website, at awesome-privacy.xyz

screenshots

About Website

The source for the website is in the web/ directory.

This is a statically generated site, built with Astro, Svelte, TypeScript an SCSS.
At build-time, it reads the data from awesome-privacy.yml and generates the pages.

Running the Website Locally

You'll need Node.js (20.11.1 or later) and Git installed.
Then run the following commands to fetch the code, install dependencies and start the dev server.

git clone git@github.com:Lissy93/awesome-privacy.git
cd awesome-privacy/web
cp .env.sample .env
yarn install
yarn dev
# Then open 127.0.0.1:4321 in your browser

Deploying the Website

Follow the steps above, then run yarn build to generate the static files.
You can then upload the ./dist directory to any web server, static host or CDN.
Alternatively, you can fork the repo and import it into either Vercel or Netlify.

Contributing

We welcome suggestions, additions, edits and removals to the list.
It's thanks to contributors like you that this project is possible 💜

All data is stored in awesome-privacy.yml. If you're adding, editing or removing a listing - this is the only file you need to edit.

Please familiarise yourself with the Contributing Guidelines before submiting your pull request, as we have some guidelines that must be followed to ensure your PR can be accepted.

If you're new to open source, you can find some resources to get you started at git-in.to, but feel free to reach out if you need any help 😊

The API

We also have a free, no-auth, CORS-enabled RESR API, which you can use to access Awesome Privacy's data programmatically, or to build your own apps on top of it.

To get started, try our Swagger Explorer, which outlines all endpoints, usage and examples.

You can either use our public instance, at: https://api.awesome-privacy.xyz or self-host your own, with the source of the api/ directory.

Acknowledgements

Sponsors

Huge thanks to the following sponsors, for their ongoing support 💖

undefined
Undefined 		koconder
Vincent Koc 		Admonstrator
Aaron Viehl 		tbjers
Torgny Bjers 		AnandChowdhary
Anand Chowdhary 		shrippen
Shrippen
bile0026
Zach Biles 		UlisesGascon
Ulises Gascón 		digitalarche
Digital Archeology 		InDieTasten
InDieTasten 		araguaci
Araguaci 		bmcgonag
Brian McGonagill
vlad-tim
Vlad 		helixzz
HeliXZz 		patvdv
Patrick Van Der Veken 		plgonzalezrx8
Pedro Gonzalez 		mryesiller
Göksel Yeşiller 		Bastii717
Bastii717
M2TD
M2TD 		frankdez93
Frankdez93 		nrvo
Nrvo

Contributors

This project exists thanks to all the people who've helped build and maintain it 🌟

Lissy93
Alicia Sykes 		liss-bot
Alicia Bot 		Ki-er
Kieran 		lilithium-hydride
Lilith 		ltguillaume
Guillaume 		lamtrinhdev
LamTrinh.Dev
A-childs-encyclopedia
A-childs-encyclopedia 		amilich
Andrew Milich 		kerbless
Kerbless 		GhoulBoii
GhoulBoi69 		titanism
Titanism 		smspool
SMSPool
slade991
Slade991 		samsapti
Sam A. 		gabrielvicenteYT
Coccocoa's Helper 		AlexOgden
Alex Ogden 		alxwnth
Alex 		spignelon
Ujjawal Saini
WardPearce
Ward 		Wesley-Ryan
Wesley-Ryan 		thezacharytaylor
Zachary Taylor 		ZhymabekRoman
Zhymabek Roman 		baddate
Sanmonji 		colenh
Cole
jxhn
Jxhn 		kolaente
Kolaente 		magical-heyrovsky
Magical-heyrovsky 		mrpavan
Pavan 		pnodet
Paul Nodet 		poegl
WP

License

Lissy93/Awesome-Privacy/web is licensed under MIT
awesome-privacy.yml is licensed under CC0-1.0 license
Copyright © Alicia Sykes <aliciasykes.com> 2024.
For information, see TLDR Legal > MIT

Expand License ``` The MIT License (MIT) Copyright (c) Alicia Sykes Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sub-license, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included install copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANT ABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ```

© Alicia Sykes 2024
Licensed under MIT & CC0-1.0

Thanks for visiting :)