Here is a short summary of the best practises for maintaining security and privacy.
This list will be updated...
- Inspired by Awesome Privacy, Check out for full list
Note (Image Meta Data)
Please erase Exif/Metadata from photos before sharing them online. due to the possibility that
it will disclose the photograph's location(GPS lat + long).
- Essentials
- Communication
- Networking
- Utilities
| Provider | Description |
|---|---|
| Bitwarden (Best One) | Fully-featured, open source password manager with cloud-sync. Bitwarden is easy-to-use with a clean UI and client apps for desktop, web and mobile. |
| Norton™ Password Manager | LessPass is a little different, since it generates your passwords using a hash of the website name, your username and a single main-passphrase that you reuse. It omits the need for you to ever need to store or sync your passwords. They have apps for all the common platforms and a CLI, but you can also self-host it. |
| Padloc | A modern, open source password manager for individuals and teams. Beautiful, intuitive and dead simple to use. Apps available for all platforms and you can self-host it as well. |
1. The purpose of a password manager is to remember one strong master password in addition to creating random generated passwords for each of your accounts.
2. Please DO NOT use biometric or facial recognition to access your password manager app; it is extremely unsafe.
| Provider | Description |
|---|---|
| Aegis (Android) | Free, secure and open source authenticator app for Android. Has a backup/ restore feature and a customisable UI with dark mode |
| Raivo OTP (iOS) | A native, lightweight and secure one-time-password (OTP) client built for iOS; Raivo OTP! - built by @tijme |
Please always enable 2FA for your accounts. Bitwarden Password Manager also supports 2FA so enable it to increase security.
| Provider | Description |
|---|---|
| VeraCrypt | VeraCrypt is open source cross-platform disk encryption software. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt. |
| Cryptomator | Open source client-side encryption for cloud files - Cryptomator is geared towards using alongside cloud-backup solutions, and hence preserves individual file structure, so that they can be uploaded. It too is easy to use, but has fewer technical customizations for how the data is encrypted, compared with VeraCrypt. Cryptomator works on Windows, Linux and Mac - but also has excellent mobile apps. |
| age | age is a simple, modern and secure CLI file encryption tool and Go library. It features small explicit keys, no config options, and UNIX-style composability |
Where possible, choose a cross-platform and well established encryption method, so that you are never faced with not being able to access your files using your current system.
Although well-established encryption methods are usually very secure, if the password is not strong, then an adversary may be able to gain access to your files, with a powerful enough GPU. If your system is compromised, then the password may also be able to be skimmed with a keylogger or other similar malware, so take care to follow good basic security practices
Without using a secure app for instant messaging, all your conversations, meta data and more are unprotected. Signal is one of the best options - it's easy, yet also highly secure and privacy-centric.
| Provider | Description |
|---|---|
| Signal | Probably one of the most popular, secure private messaging apps that combines strong encryption (see Signal Protocol) with a simple UI and plenty of features. It's widely used across the world, and easy-to-use, functioning similar to WhatsApp - with instant messaging, read-receipts, support for media attachments and allows for high-quality voice and video calls. It's cross-platform, open-source and totally free. Signal is recommended by Edward Snowden, and is a perfect solution for most users |
| Session | Session is a fork of Signal, however unlike Signal it does not require a mobile number (or any other personal data) to register, instead each user is identified by a public key. It is also decentralized, with servers being run by the community though Loki Net, messages are encrypted and routed through several of these nodes. All communications are E2E encrypted, and there is no meta data. |
| Telegram (Check Note) | Telegram is a globally accessible freemium, cross-platform, cloud-based instant messaging (IM) service. The service also provides optional end-to-end encrypted chats and video calling, VoIP, file sharing and several other features. |
| Silence | If you're restricted to only sending SMS/MMS, then Silence makes it easy to encrypt messages between 2 devices. This is important since traditional text messaging is inherently insecure. It's easy-to-use, reliable and secure - but has fallen in popularity, now that internet-based messaging is often faster and more flexible |
(*) Many messaging apps claim to be secure, but if they are not open source, then this cannot be verified - and they should not be trusted. This applies to Telegram, Threema, Cypher, Wickr, Silent Phone and Viber, to name a few - these apps should not be used to communicate any sensitive data.
Email is not secure - your messages can be easily intercepted and read. Corporations scan the content of your mail, to build up a profile of you, either to show you targeted ads or to sell onto third-parties. Through the Prism Program, the government also has full access to your emails (if not end-to-end encrypted) - this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.
| Provider | Description |
|---|---|
| ProtonMail (Best One) | An open-source, end-to-end encrypted anonymous email service. ProtonMail has a modern easy-to-use and customizable UI, as well as fast, secure native mobile apps. ProtonMail has all the features that you'd expect from a modern email service and is based on simplicity without sacrificing security. |
| Tutanota | Free and open source email service based in Germany. It has a basic intuitive UI, secure native mobile apps, anonymous signup, and a .onion site. Tutanota does not use OpenPGP like most encrypted mail providers, instead they use a standardized, hybrid method consisting of a symmetrical and an asymmetrical algorithm (with 128 bit AES, and 2048 bit RSA). This causes compatibility issues when communicating with contacts using PGP. But it does allow them to encrypt much more of the header data (body, attachments, subject lines, and sender names etc) which PGP mail providers cannot do |
| Skiff | End-to-end encrypted, open-source, and privacy-first email that also integrates Web3 features such as crypto wallets and decentralized storage. Skiff has a simple and intuitive UI, supports mobile apps on iOS and Android, and requires no personally identifiable information to sign up or create an account. Skiff offers a Pro plan with additional storage space, aliases, custom domains, and more for $8 per month that can be paid using a credit card or with a crypto wallet. |
1. When using an end-to-end encryption technology like OpenPGP, some metadata in the email header will not be encrypted.
2. OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. You should take great care to keep your private keys safe.
| Provider | Description |
|---|---|
| Anonaddy (Best One) | An open source anonymous email forwarding service, allowing you to create unlimited email aliases. Has a free plan. |
| SimpleLogin | Fully open source (view on GitHub) allias service with many additional features. Can be self-hosted, or the managed version has a free plan, as well as hosted premium option ($2.99/ month) for using custom domains |
| Firefox Private Relay | Developed and managed by Mozilla, Relay is a Firefox addon, that lets you make an email alias with 1 click, and have all messages forwarded onto your personal email. Relay is totally free to use, and very accessible to less experienced users, but also open source, and able to me self-hosted for advanced usage |
Revealing your real email address online can put you at risk. Email aliasing allows messages to be sent to [anything]@my-domain.com and still land in your primary inbox. This protects your real email address from being revealed. Aliases are generated automatically, the first time they are used. This approach lets you identify which provider leaked your email address, and block an alias with 1-click.
VPNs are good for getting round censorship, increasing protection on public WiFi, obscuring your IP address, and reducing what data your ISP can log. But for the best anonymity, you should use Tor. VPNs do not mean you are magically protected, or anonymous (see below).
| Provider | Protocols | Devices |
|---|---|---|
| ProtonVPN (Best One) | OpenVPN (UDP, TCP) - IKev2 - Wiregaurd | iOS, Android, MacOS, Windows, Linux |
| Betternet | Catapult Hydra | iOS, Android, MacOS, Windows |
| Unseen Online | --- | iOS, Android |
| Orbot | Tor Proxy | iOS, Android |
| Opera | --- | Only Browser Extention |
| VPNBook | PPTP - OpenVPN | NO GUI |
| VPNGate | Various | NO GUI |
| Provider | Protocols | Devices |
|---|---|---|
| Speedify (2GB/mo) (Best) | OpenVPN (UDP, TCP) - IKev2 - HTTPS | iOS, Android, MacOS, Windows |
| Windscribe (+10GB/mo) (Best) | OpenVPN (UDP, TCP) - IKev2 - Wiregaurd and more | iOS, Android, MacOS, Windows |
| hide.me VPN (2GB/mo) | --- | iOS, Android, MacOS, Windows |
Mix networks are routing protocols, that create hard-to-trace communications, by encrypting and routing traffic through a series of nodes. They help keep you anonymous online, and unlike VPNs -there are no logs
| Provider | Description |
|---|---|
| Tor (Best One) | Tor provides robust anonymity, allowing you to defend against surveillance, circumvent censorship and reduce tracking. It blocks trackers, resists fingerprinting and implements multi-layered encryption by default, meaning you can browse freely. Tor also allows access to OnionLand: hidden services |
| Freenet | Freenet is easy to setup, provides excellent friend To Friend Sharing vs I2P, and is great for publishing content anonymously. It's quite large in size, and very slow so not the best choice for casual browsing |
The Tor network is run by the community. If you benefit from using it and would like to help sustain uncensored internet access for all, consider running a Tor relay
Without using a secure, privacy-centric DNS all your web requests can be seen in the clear. You should configure your DNS queries to be managed by a service that respects privacy and supports DNS-over-TLS, DNS-over-HTTPS or DNSCrypt.
| Provider | Description |
|---|---|
| CloudFlare (Best One) | One of the most performant options, Cloudflare's DNS supports DoH and DoT, and has a Tor implementation, providing world-class protection. They have native cross-platform apps, for easy set-up. |
| AdGuard | Open-source DNS provider, specialising in the blocking of ads, trackers and malicious domains. They have been independently audited and do not keep logs |
| SecureDNS | An open source DNS provider, with built-in ad block and additional privacy features. Supports DoH, DoT and DNSCrypt. It is not as performant as some of the bigger players, but still a good option in terms of security |
| NextDNS | An ad-blocking, privacy-protecting, censorship-bypassing DNS. Also comes with analytics, and the ability to shield kids from adult content |
Using an encrypted DNS resolver will not make you anonymous, it just makes it harder for third-partied to discover your domain history. If you are using a VPN, take a DNS leak test, to ensure that some requests are not being exposed.
| Provider | Description |
|---|---|
| ExifCleaner (Best One) | Cross-platform, open source, performant EXIF meta data removal tool. This GUI tool makes cleaning media files really easy, and has great batch process support. Created by @szTheory, and uses ExifTool |
| ExifTool (CLI) | Platform-independent open source Perl library & CLI app, for reading, writing and editing meta data. Built by Phill Harvey. Very good performance, and supports all common metadata formats (including EXIF, GPS, IPTC, XMP, JFIF, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP and ID3). An official GUI application is available for Windows, implemented by Bogdan Hrastnik. |
| ImageOptim (MacOS) | Native MacOS app, with drag 'n drop image optimization and meta data removal |
Social networks that remove metadata from your photos, often collect and store it, for their own use. This could obviously pose a security risk, and that is why it is recommended to strip out this data from a file before sharing.
Simply deleting data, does not remove it from the disk, and recovering deleted files is a simple task. Therefore, to protect your privacy, you should erase/ overwrite data from the disk, before you destroy, sell or give away a hard drive.
| Provider | Description |
|---|---|
| Eraser (Windows) | Allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns |
| Hard Disk Scrubber (Windows) | Easy to use, but with some advanced features, including custom wipe patterns. Data Sanitation Methods: AFSSI-5020, DoD 5220.22-M, and Random Data |
| SDelete (Windows) | Microsoft Secure Delete is a CLI utility, uses DoD 5220.22-M |
| OW Shredder (Windows) | File, folder and drive portable eraser for Windows. Bundled with other tools to scan, analyze, and wipe, and other traces that were left behind. Includes context menu item, recycle bin integration |
| DBAN (bootable) | Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is the free edition of Blanco, which is an enterprise tool designed for legal compliance. |
| nwipe (Cross-platform) | C-based secure light-weight disk eraser, operated through the easy-to-use CLI or a GUI interface |
| shred (Unix) | A CLI utility that can be used to securely delete files and devices, to make them extremely difficult to recover. See also, wipe for erasing files from magnetic media |
| Secure Remove (Unix) | CLI utility for securely removing files, directories and whole disks, works on Linux, BSD and MacOS |
| Mr. Phone (Android/ iOS) | Propriety, closed-source suite of forensic data tools for mobile. The data eraser allows for both Android and iOS to be fully wiped, through connecting them to a PC. |