Software for Privacy

Privacy-enhancing software I trust / recommend


  • Email & Messaging

  • mailbox.org

    Commercial Web Windows Mobile Android iPhone Android Tablet ... iPad Kindle Fire Website

    Summary:

    • Feature-rich: email, calendar, contacts, notes and (simple) file storage
    • Based in Germany.
    • Works on: online via browser or sync via email client (e.g. Thunderbird)
    • Doesn't violate your privacy, supports 2FA and PGP
    • Replaces: Gmail, Yahoo Mail (which you should quit immediately!), Outlook.com, GMX and so on...
    • Also consider: Protonmail (max. privacy), Tutanota (max. privacy), Fastmail (more features - except calendar search)

    If you use Gmail and think it's "free", think again. Google's business model is based on exploiting (selling) data about you to advertisers, and in linking your search, emails, browsing habits, Youtube views, mobile data (location, texts), contacts, files in Google Drive, they have more on you than the Stasi would ever have dreamed of. Oh, and they can be compelled by the government to give that stuff up. It's not free. You are the product. This has horrible implications for privacy, freedom-of-speech and democracy. Therefore, pay for your email, calendaring and contacts, and support the people who don't use such horrible business models. Many of these problems apply also to Outlook.com, Yahoo, GMX and any webmail given to you by your Internet Service Provider, all of whom can (and quite probably do) read your emails, can pass them onto others and so on.

    Mailbox.org is Germany-based Gmail replacement with fully-featured (and searchable!) calendars, contacts, writer, sheets, PGP encryption support (you can even manage your keys) and 2FA authentication, including Yubikey support. As a privacy-preserving service, it's somewhere between Fastmail and Protonmail. Not a bad place to be. Check it out.

     

    mailbox.org icon
  • Signal

    Free Mac Windows Linux Android iPhone ... Android Tablet iPad Chrome Website

    What: Free, open-source way to send end-to-end encrypted SMS messages, pics and voicemails via mobile, Windows, Mac or Linux.
    Why: "Normal" text messages are subject to mass surveillance, so is Google 'Allo, etc. Signal is very easy to use.

     

    Signal icon
  • Peerio

    Free Mac Windows Linux Android iPhone ... Chrome OS Chrome Website

    What? Open-source, end-to-end encrypted (private/secure), affordable Slack-type way to chat via chatrooms/channels, manage team projects, share files, etc. Available on Windows, Mac, Linux and Mobile. Well-featured free version.
    Why: Messages on Slack (and many like it) are not encrypted and can be read by Slack's admins, govt agencies, any hackers that breach their systems. Peerio's encryption protects against this.

     

    Peerio icon
  • Password manager

  • bitwarden

    Freemium Mac Windows Linux Web Android ... iPhone Android Tablet iPad Self-Hosted Microsoft Edge Vivaldi Browser Chrome Tor Browser Bundle Safari Opera Brave Firefox Website

    What: Free, open-source, end-to-end encrypted password manager with strong features and that syncs your passwords, notes, attachments between devices, including mobile.
    Why: You should be using a password manager. Bitwarden is more trustworthy than closed-source alternatives like Dashlane, Lastpass and 1Password. Lastpass (and maybe the others) doesn't encrypt domains you have accounts with, which could be used to profile where you go online/who you are. Bitwarden is easy to use, supports 2-factor authentication and has good browser plugins. Paid version is only $10/year.

     

    bitwarden icon
  • Backup & Sync

  • Cryptomator

    Free Mac Windows Linux Android iPhone ... iPad Website

    Summary

    • Cryptomator creates 'vaults' which store encrypted versions of your files. The vaults you can sync using cloud services (e.g. Dropbox or Google Drive) without risking your privacy.
    • Works on: Windows, Mac, Linux (and mobile a bit)
    • Free and open source
    • Easy to use
    • Replaces: encFS, Sookasa, etc.
    • Next best thing: Sync.com, Spideroak or Tresorit, depending on your needs.

    Cryptomator is a free, open source and easy-to-use app that adds a layer of AES encryption to your files for storage in the cloud. Works with any service. There are some bugs on Linux (particularly under KDE desktop environments, like Plasma), but that will disappear once they switch to using FUSE, which they are now working on out. If you value your privacy and can choose only one thing from this list, this one would probably be my top pick. Not least because of how easy it is to use. Maybe it would be second after Bitwarden.

     

    Cryptomator icon
  • Tresorit

    Commercial Mac OS X Windows Linux Android iPhone ... Android Tablet Windows Phone iPad Blackberry 10 Website

    What: Swiss-based Dropbox-like service that syncs your files across Windows, Mac, Linux and mobile with zero-knowledge encryption, 2-factor authentication, and strong features for business. Expensive but might be worth it.
    Why: Unlike Google Drive, OneDrive, Dropbox, Sugarsync, iCloud, Box.com etc., Tresorit cannot see or share (with governments) or leak (to hackers) the contents of your files. The other services I mentioned are subject to mass surveillance, and at least Google's case, make money from trawling through your private content for infomation to profile you, sell to advertisers. Where will that data be in 20 years? Who will incriminate you, dox or blackmail you or increase your insurance premiums using it? No one if you take precautions now to make sure it's not out there to begin with.

     

    Tresorit icon
  • Sync.com

    Freemium Mac OS X Windows Web Android iPhone ... iPad Website

    What: Canadian, Dropbox-like service that uses end-to-end encryption to provide waaay more privacy than you get from Dropbox, Google Drive, Box.com, Sugarsync, iCloud, etc. Works on Windows, Mac and mobile (not Linux).
    Why: Dropbox, Google Drive, Box.com, Sugarsync, iCloud and most other similar services can see the contents of everything you store with them and hand it over to governmet(s) on request. Zero-knowledge encryption means Sync.com cannot see your stuff, can't give it to govt agencies or lose it to hackers who breach their servers. Very competitive price.

     

    Sync.com icon
  • VPN

  • Private Internet Access

    Commercial Mac Windows Linux Android iPhone ... iPad Tomato pfSense OpenVPN DD-WRT Website

    Summary:

    • Hides your internet activity from prying eyes (internet service provider, people in Starbucks on open Wi-Fis).
    • Works on: Windows, Mac, Linux
    • Cheap, trustworthy and soon-to-be open sourced
    • Replaces: Other VPNs that don't respect your privacy.
    • Also consider: ProtonVPN

    f you don't use a VPN, which websites you visit and possibly what you view there is visible to hackers, government agencies and your internet service provider. In the US, a recently passed law has allowed that data to be sold about private individuals. Your entire online browsing history is a commodity. Your only hope is to browse the internet via a VPN (or, alternatively, Tor) so they can't gather that data in the first place. Luckily, it's not so hard to do.

    Private Internet Access is of the very few (perhaps only) VPN service to have had their servers confiscated (in Russia) and were found by the authorities NOT to be storing their customers browsing records. That's worth A LOT of trust in the VPN world, and you should look for reasons to trust a VPN company before you give them your money. Moreover, PIA are cheap, have fast and reliable connections, a dead-easy-to-use client (especially on Mac and Windows) and... to cap it all off... they announced they will open source all their software later in 2018. Highly recommended!

    TIP: whichever VPN service you use, go over to http://www.dnsleaktest.com/ and run the extended test. If it finds any more than 1 server, you have something called a DNS leak. You should read the help or FAQ pages of your VPN provider for help on how to fix that because it could compromise your privacy. Usually, the solution is simple.

     

    Private Internet Access icon
  • Note taking

  • Inkdrop

    Commercial Mac OS X Windows Linux Android iPhone Website

    What: Japan-based note-taking app. Uses markdown format, but has many convenient shortcuts built in. Uses end-to-end encryption (developer, hackers can't get your data) and syncs to Windows, Mac, Linux and mobile. Free for 2 months, then $5/month.
    Why: Evernote, Bear and OneNote can read your notes, give them to others under subpoena, and lose them to hackers. Evernote has been hacked multiple times, lost people's data and have very poor judgement on privacy. Evernote and OneNote don't support Linux, Bear only works on Mac/iOS. Additionally, Inkdrop recognizes and colors programming syntax, is in active development and has growing support and feature sets.

     

    Inkdrop icon
  • Joplin

    Free Mac Windows Linux Android iPhone Website

    Summary:

    • An incomplete but promising attempt to replace Evernote, the note-taking app.
    • Free and open source
    • Works on: Windows, Mac, Linux and mobile
    • Replaces: Evernote, Google Keep, Zoho Notes, etc.
    • Next best thing: maybe... Laverna or Standard Notes, depending on your needs.

    Joplin is a free, open source, cross-platform Evernote replacement. It's not (yet) fully matured, but already it's quite capable and probably more than enough for simple note taking of the type, say, Simple Note offers. Joplin features Evernote importing, encryption, syncing via your choice of service, todos and time-based reminders. Importing files to notes on Android seems to generate errors, but such things will be ironed out in time. Another missing feature is search by multiple tags at once.

     

    Joplin icon
  • Disk encryption

  • VeraCrypt

    Free Mac OS X Windows Linux PortableApps.com Website

    Summary:

    • Veracrypt creates encrypted 'containers' for your files to hide them from anyone who has physical access to your computer.
    • Works on: Windows, Mac, Linux
    • Free and open source
    • Replaces: Nothing, really. Unique and amazing.
    • Also consider: Nothing comes close. SOME of what VeraCrypt does can be done using Cryptomator in a very limited way. In reality, they complement each other though.

    Veracrypt can create encrypted containers for files or even encrypt whole hard drives or USB sticks. This is so no one except you can open and view the contents. It is built on the old TrueCrypt project, which was very popular. Somehow people are still recommending TrueCrypt (even though it's outdated), even though Veracrypt is newer, has had a number of security audits and improvements and has had more functionality added. It is an excellent, free and open source project run by academics in France.

    Enter a password and your mounted (opened) contained or drive behaves just like any other hard disk on your system (e.g. copy/paste files with no noticable lag.) You can choose from various different (or even multiple) encryption protocols. You can even create hidden containers so that you can deny your secrets exist, even to authorities. One password opens up a drive with boring files, a different password opens your secrets. No one can prove the one with secrets even exists. Very clever. (This is called "Plausible deniability" under US law; read about it on Veracrypt's webpage.)

    Veracrypt is for protecting data from prying eyes (e.g. so that no one can read it of your computer is lost, stolen or confiscated) or if your kids go snooping on your computer. Know, however, that encrypted containers are not good for syncing data; for that you want something like Cryptomator (or a service like Tresorit, Spideroak or Sync.com). These and Veracrypt complement each other, so you can (and probably should) use both. Veracrypt works on Windows, Mac and Linux (and probably BSD, I should imagine.)

     

    VeraCrypt icon
  • Browser extensions

  • HTTPS Everywhere

    Free Windows Linux Android Android Tablet BSD ... Vivaldi Browser Chrome Yandex.Browser Opera Chromium Firefox Website

    What: Free, open-source, browser extension (Firefox, Chrome, Vivaldi, Opera, related) that forces connections to websites to use the more secure (and private) https protocol, where available.
    Why: Http connections to websites make it possible for others (hackers, ISPs) to see what content you're looking at online. Https makes this hard. Some websites offer https but this extension forces the connection to go the more secure route. Extremely easy to use: add it to your browser and forget it.

     

    HTTPS Everywhere icon
  • File transfer

  • reep.io

    Free Web JavaScript Website

    What: Free and open-source way to send large files to another person privately without anyone else's servers in the middle storing your data. Both sender and recipient should be online at the same time.
    Why: Easy to use, allows larger files than email, makes it difficult for anyone else to see what you are sending. Files are transfered using SSL encryption.
    Also consider: Syncthing (especially if you have many files to transfer)

     

    reep.io icon



Comments on Software for Privacy

Ola
· Mar 2018 · Helpful Not helpful Report as spam

Glad to see that your back! Have been missing your comments / reviews. Nice that you found the list feature!

[Edited by Ola, March 25]

reply

Thanks. Nice to be back.


carmelapedinni
· 4 days ago · Helpful Not helpful Report as spam

Well-researched, informative and ample list from a trustworthy source. Thumbs up, John!

One question, on bitwarden's entry, you don't mention Encryptr. Do you still recommend it as a good password manager alternative? Cheers.

[Edited by carmelapedinni, April 19]

reply

Encryptr meets some of my favourite criteria: open source and good encryption. (It's made by the folks at SpiderOak.)

However, Encryptr is very simple. It lacks two-factor authentication (2FA), so that makes it less safe (or as safe as Bitwarden without 2FA on). You should aim to have 2FA if you can, particularly for important things. Encryptr has no browser plugin, and so you have to copy/paste your login credentials into a browser. Generally, it's not the best idea to have passwords stored in your copy/paste clipboard as, in principle, that could be read by mailcious apps.

I would say that Encryptr is best to recommend to people who are really not used to using computers (e.g. my grandma); few apps are simpler. It's better to have than nothing, but it doesn't have enough features for me. But it's free (as in beer) and you can just download it and play with it for 10 minutes to see if it's for you.

Thanks so much for the through answer. I've been using Encryptr for a while now but I'm also missing some of the features you mentioned, especially on mobile. I'll definitely look into your other suggestions, then! Cheers.


Sign up to comment, it's simple!