The Privacy Toolbox

The tools we use and recommend to protect your online privacy and identity.

Desktop / Laptop OS

Top Pick

Qubes OS
Qubes OS is a security-focused desktop operating system that aims to provide security through isolation. Virtualization is performed by Xen, and user environments can be based on Fedora, Debian, Whonix, and Microsoft Windows, among other operating systems.

More Options

  • Whoinix – A Debian based security-focused Linux OS consisting of two virtual machines, a “Workstation” and a Tor “Gateway”. All communications are forced through the Tor network to accomplish anonymity.
  • Subgraph OS – A Debian Linux distribution designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet. By default, it anonymizes Internet traffic by sending it through the Tor network.
  • Discreete Linux – An OS with the purpose of protecting data and people against surveillance attacks with trojan software by creating a secure, isolated environment for processing and encrypting/decrypting sensitive data.

Live CD Operating System

Top Pick

Tails
A live OS that you can start from a USB stick or a DVD. It helps you use the Internet anonymously by all connections to the Internet are forced to go through the Tor network. It leave no trace on the computer you are using and uses state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

More Options

  • KNOPPIX – A live OS based on Debian Linux that runs from a CD, DVD or a USB flash drive. Programs run in the RAM and leave no trace on the computer hard drive.
  • Puppy Linux – An lightweight Linux OS that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 210 MB, allowing the boot medium to be removed after the operating system has started.
  • Tiny Core Linux – A minimal Linux OS focusing on providing a base system using BusyBox and FLTK. The distribution is notable for its small size (11 to 16 MB) and minimalism – additional functions are provided by extensions.
  • Kodachi – A live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It preserves your privacy by forcing all Internet connections through a VPN then Tor network with DNS encryption.

Mobile Operating System

Top Pick

LineageOS
An open-source OS for smartphones and tablet computers, based on the Android mobile platform. Tools such as Privacy Guard allow you to control what your apps can do and access.

More Options

  • CopperheadOS – A security and privacy focused mobile operating system based on the Android mobile platform and compatible with Android apps.
  • Replicant – A free OS based on the Android mobile platform that aims to replace all proprietary Android components with free-software counterparts.
  • MicroG – An OS based on Android that allows you to circumvent the need for Google’s proprietary software on your device while retaining nearly full functionality through free open-source software (FOSS).

Android Add-ons

  • NetGuard – Provides ways to block Apps and addresses access to the internet. Each can individually be allowed or denied access to the connection.
  • XPrivacyLua – Protects your privacy by feeding applications fake or no data and restricting them from accessing personal data such as contacts and location.

Router

Top Pick

pfSense
An open-source firewall/router software based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.

More Options

  • OpenWrt – An open-source project for operating system based on Linux, primarily used on embedded devices to route network traffic. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.
  • LibreCMC – a Linux distribution for computers with minimal resources. It aims to give its users freedom and control over the software that runs on their hardware and supports a wide range of routers.
  • DD-WRT – Linux-based firmware for wireless routers and access points. One of a handful of third-party firmware projects designed to replace manufacturer’s original firmware with custom firmware offering additional features or functionality.

Web Browser

Top Pick

Tor Browser
A modified version of Firefox that routes all internet traffic through the Tor network
which helps defend against traffic analysis. It comes with pre-installed privacy add-ons and encryption. These include the TorButton, TorLauncher, NoScript, and HTTPS Everywhere Firefox extensions and the Tor proxy.

More Options

  • Mozilla Firefox – A fast and reliable open-source browser that respects your privacy. With a little bit of adjusting of the default settings and a few privacy add-ons, Firefox is a solid choice for secure private browsing.
  • Brave – Open-source Chromium based browser that automatically blocks ads and trackers, making it 2x – 8x faster and safer than your current browser.

Firefox Add-ons

  • Privacy Badger – A browser add-on from the Electronic Frontier Foundation (EFF) that stops third-party trackers and advertisers from secretly tracking what pages you look at on the web.
  • uBlock Origin – An open-source ad and tracker blocker that uses much less memory than other extensions, and yet can load and enforce thousands more filters than other popular blockers.
  • Cookie AutoDelete – An add-on that deletes any cookies not being used automatically when a browser tab is closed. It prevents tracking by other cookies and allows you to add only the ones you trust with a whitelist feature.
  • HTTPS Everywhere – An extension developed collaboratively by The Tor Project and the Electronic Frontier Foundation (EFF) that encrypts your communications with many major websites (if they support it) with the option “Block all HTTP requests” making your browsing more secure.
  • Decentraleyes – A complements regular content blockers that protects you against tracking through “free”, centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking.
  • uMatrix – An add-on which you can use to control exactly what network requests are made by the browser with point & click and thus what is loaded in the web page you have requested. Use it to block scripts, iframes, ads, Facebook, etc.
  • NoScript Security Suite – An add-on that allows executable web content based on JavaScript, Java, Flash, Silverlight, and other plugins only if the site hosting is considered trusted by its user and has been previously added to a whitelist. It also offers specific countermeasures against security exploits.

VPN

Top Pick

Perfect Privacy
The company is located in Switzerland and they operate 39 servers in 23 different countries. Every server is configured to support the OpenVPN, IPSec, PPTP, SSH2, Squid, and Socks5 protocols.

More Options

  • NordVPN – Company is located in Panama, has 5,292 servers worldwide and a no logs policy. You can connect 6 devices at the same time.
  • ProtonVPN – As a Swiss VPN provider, they do not log user activity or share data with third parties. Their anonymous VPN service enables Internet without surveillance.

Search Engine

Top Pick

DuckDuckGo – A search engine that doesn’t track you. It emphasizes protecting searchers’ privacy and avoiding the filter bubble of personalized search results.

More Options

  • searX – A free internet metasearch engine which aggregates results from more than 70 search services. Users are neither tracked nor profiled. Additionally, it can be used over Tor for online anonymity.
  • StartPage – Provides Google search results without Google tracking you. Features include no collecting or sharing of private information and an Anonymous View which allows you to view a search result without actually visiting the web page and getting loaded up with cookies and trackers.
  • Qwant – A European search engine that is cookie-free, doesn’t keep any search history, and does not employ personalized search.
  • MetaGer – An open-source metasearch engine based in Germany focusing on protecting user privacy.

Email Hosting

Top Pick

Mail-in-a-Box
Lets you become your own mail service provider (like Gmail) in a few easy steps that you control from top to bottom. It turns a fresh cloud computer into a working mail server without needing to be a technology expert to set it up.

More Options

  • ProtonMail – An end-to-end encrypted email service that uses client-side encryption to protect email contents and user data before they are sent to ProtonMail servers. The service can be accessed through a webmail client, the Tor network, or dedicated iOS and Android apps. ProtonMail is based in the Canton of Geneva, and its servers are located at two locations in Switzerland, outside of US and EU jurisdiction.
  • Neomailbox – An email service designed to protect your privacy with built in OpenPGP encryption support, IP anonymization, servers hosted in Switzerland and ability to pay in non-traceable forms such as Bitcoin, Western Union and Cash by snail mail.

Email Clients

Top Pick

Mozilla Thunderbird
An open-source email application that’s easy to set up and customize developed by the Mozilla Foundation. It’s add-on functionality allows for the use of OpenPGP and Tor encryption to ensure privacy.

More Options

  • K-9 Mail – An open-source email application for the Android OS. It supports both POP3 and IMAP mailboxes and IMAP IDLE for real-time notifications.
  • GNU Privacy Guard (GPG) – A free data encryption and decryption application which provides end-users with a privacy and authentication system for communicating allowing you to sign, encrypt, and decrypt text, for email, files, directories, or entire disk partitions. Alternatively use GPGTools for macOS.
  • Mailpile – An open-source email client with the main focus of privacy and usability.

More Email Privacy Tools

  • gpg4usb – A small easy to use portable editor to encrypt and decrypt any text-message or file you need.
  • Mailvelope – A browser extension that enables you to encrypt and sign electronic messages, including attached files, without the use of a separate, native email client (like Thunderbird) using the OpenPGP standard.
  • Enigmail – An integrated security add-on for Mozilla Thunderbird allowing you to use OpenPGP to encrypt, decrypt, digitally sign and verify messages you send and receive.
  • TorBirdy – And add-on that configures Mozilla Thunderbird to make connections over the Tor anonymity network.
  • Email Privacy Tester – Sends you a test email specially crafted to send information back to their servers when read. It will then display the privacy test results for you.

Email Alternatives

  • I2P-Bote  – A plugin for I2P anonymizing network that allows users to send and receive emails without the need for a mail server because emails are stored in a distributed hash table. They are automatically encrypted and digitally signed, to ensures only the intended recipient can read the email, and third parties cannot forge them.
  • Bitmessage  – A decentralized, encrypted, peer-to-peer, trustless communications system that can be used by one person to send encrypted messages to one or many subscribers. It does this inside its P2P network, mixing it with inboxes of other users in order to conceal user’s identity, prevent eavesdropping and allow the network to operate in a decentralized manner.
  • RetroShare – Creates encrypted connections to your friends, which is completely decentralized and provides various distributed services on top of it including mail, forums, channels, and chat.

Calendar & Contacts

Top Pick

Nextcloud
A suite of client-server software for creating and using file hosting services including calendar sync via CalDAV and contacts sync via CardDAV. It’s open-source allowing anyone to install it for free on a private server.

More Options:

  • EteSync – A end-to-end encrypted app that backs up and syncs your contacts and calendars across devices and to the cloud in a secure way while maintaining a full history of the changes.
  • Fruux – A cross-platform synchronization service that enables users to securely synchronize address book contacts, calendar events, tasks, bookmarks and notes between their devices.

Instant Messaging

Top Pick

Signal
An open-source app that provides instant messaging, as well as voice and video calling that are end-to-end encrypted. The app is developed by Open Whisper Systems and there are no advertisements, and it doesn’t cost anything to use.

More Options

  • Ricochet – An IM app that uses the Tor network to reach your contacts without relying on messaging servers. Everything is encrypted end-to-end and it creates a hidden service, which is used to rendezvous with your contacts without revealing your location or IP address. Your list of contacts is only known to your computer – never exposed to servers or network traffic monitoring.
  • Riot.im – A decentralized free chatting app based on the Matrix protocol, an open protocol for real-time communication offering end-to-end encryption, groups, channels and sharing of files between users.
  • ChatSecure – An open-source software messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol that features built-in support for anonymous communication on the Tor network.
  • Cryptocat – Open-source chat messenger with end-to-end encryption. Chats are safe even if your keys are stolen. Works on multiple devices, receives messages even when offline and supports file sharing.
  • Kontalk – Instant messaging network where client-to-server and server-to-server channels are fully encrypted. Users can be safe with end-to-end encryption — even the servers can’t decrypt it.
  • Conversations – Open-source Jabber/XMPP client for Android 4.4+ smartphones that supports end-to-end encryption with either OMEMO or openPGP.

Video & Voice Messaging

Top PickL

Signal
An open-source app that provides voice and video calling , as well as instant messaging that are end-to-end encrypted. The app is developed by Open Whisper Systems and there are no advertisements, and it doesn’t cost anything to use.

More Options

  • Linphone – Open-source Voice Over IP phone (or SIP phone) used to communicate freely with people over the internet, with voice, video, and text instant messaging. It supports ZRTP for end-to-end encrypted voice and video communication.
  • Jitsi – Set of open-source projects that allows you to easily build and deploy secure videoconferencing solutions.
  • Tox – Open-source, peer-to-peer, encrypted voice/video calling,
    instant messaging, screen sharing and file sharing application.
  • Jami – Free and universal communication platform which preserves the user’s privacy and freedoms. Features includes voice/video calling, instant messaging, conference call and file sharing.

Password Manager

Top Pick

KeePassXC
Cross-platform password manager recommended by the Electronic Frontier Foundation that helps you to securely manage your passwords. Passwords are stored in an encrypted database (AES and Twofish) which is locked with a master key or a key file.

More Options

  • LessPass – Open-source password manager that generates unique passwords based on a master password and information you know using PBKDF2 and SHA-256. It eliminates the need to sync password across devices.
  • Bitwarden – Open-source password management service that stores sensitive information such as website credentials in an encrypted vault. It offers a cloud-hosted service as well as the ability to deploy the solution on-premise.
  • Master Password – Differs from traditional password managers. Its passwords aren’t stored: they are generated on-demand using information entered by the user; most importantly, their full name, a master password, and a unique name for the service.
  • Password Safe – Allows you to safely and easily create a secured and encrypted user name/password list. Which can be accesses with a single “Master Password” of your choice.

File Sharing

Top Pick

OnionShare
Securely and anonymously share files of any size. A web server is started, making OnionShare accessible as a encrypted Tor Onion Service. A random address is generated for the recipient to open in the Tor Browser to download the files. No separate server or third party file-sharing service is required.

More Options

  • Magic Wormhole – Command-line tool which makes it possible to securely transfer arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical “wormhole codes” which are generated from a phonetically-distinct wordlist.

Cloud Storage & File Sync

Top Pick

Nextcloud Files
Self-hosted, open-source file sync and share solution designed to be easy-to-use and highly secure. Powerful on-server and End-to-end Encryption. Files can be stored inside your own infrastructure, without any third party ever gaining access.

More Options

  • Least Authority S4  – Verifiably secure off-site backup system for individuals and businesses built on top of Amazon S3. It provides 100% client-side encryption and open-source transparency.
  • Pydio – Open-source file-sharing and sync software that runs on your own own server or in the cloud providing more control, safety and privacy, and favorable TCOs compared to SaaS drives.
  • Tahoe-LAFS – Free and open decentralized cloud storage system that distributes your data across multiple servers. Even in the event of failure or an attack, the entire file store continues to function correctly, preserving your privacy and security.
  • Syncthing – Replaces proprietary sync and cloud services with an open, trustworthy and decentralized system. Data security and data safety are built into the design of the software.
  • SparkleShare – Open-source cloud storage and file synchronization client app. By default, it uses Git as a storage backend. Files can be stored on any server including GitHub, Dropbox or your own.

File Encryption

Top Pick

VeraCrypt
Disk Encryption – Freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file that mounts as a real disk or encrypt a partition or the entire storage device with pre-boot authentication.

More Options

  • GNU Privacy Guard (GPG– Email Encryption – Free data encryption and decryption application which provides end-users with a privacy and authentication system for communicating allowing you to sign, encrypt, and decrypt text, for email, files, directories, or entire disk partitions. Alternatively use GPGTools for macOS.
  • PeaZip – File Archive Encryption – Open-source file manager and file that supports its native PEA archive format (featuring compression, multi volume split and flexible authenticated encryption and integrity check schemes) and other mainstream formats, with special focus on handling open formats.
  • Cryptomator – Cloud File Encryption – Free client-side encryption for your cloud files. Open-source software: No backdoors, no registration. Create vaults in your Dropbox, Google Drive or wherever you like. Assign a passphrase and you’re ready to go.
  • AES Crypt – File Encryption – File encryption software available on several operating systems that uses the industry standard Advanced Encryption Standard (AES) to easily and securely encrypt files.
  • DiskCryptor – Disk Encryption – Open encryption solution that offers encryption of all disk partitions, including the system partition. It’s openess is in sharp contrast with comparable completely proprietary software, which is unacceptable to use for protection of confidential data.
  • Linux Unified Key Setup (LUKS) – Disk Encryption – A full disk encryption system for Linux using dm-crypt as the disk encryption backend. Included by default in Ubuntu.

Darkweb & Self-contained Networks

Top Pick

Tor Browser
A modified version of Firefox that routes all internet traffic through the Tor network which helps defend against traffic analysis. It comes with pre-installed privacy add-ons and encryption. These include the TorButton, TorLauncher, NoScript, and HTTPS Everywhere Firefox extensions and the Tor proxy.

More Options

  • Invisible Internet Project (I2P) – An anonymous overlay network – a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs. Uses include anonymous Web surfing, chatting, blogging and file transfers.
  • The Freenet Project – Free software which lets you anonymously share files, browse and publish web sites accessible only through Freenet, and chat on forums without fear of censorship. It’s decentralised to make it less vulnerable to attack, and if used in “darknet” mode, where users only connect to their friends, is very difficult to detect.
  • ZeroNet – Open, free and uncensorable websites, using Bitcoin cryptography and BitTorrent network.
  • RetroShare – Creates encrypted connections to your friends, which is completely decentralized and provides various distributed services on top of it including mail, forums, channels, and chat.
  • GNUnet – An alternative network stack that provides a strong foundation of free software for a global, distributed network that provides security and privacy.

Domain Name System (DNS)

Top Pick

DNSCrypt
A protocol for securing communications between a client and a DNS resolver. The protocol uses high-speed high-security elliptic-curve cryptography and is very similar to DNSCurve, but focuses on securing communications between a client and its first-level resolver.

More Options

  • Njalla – A privacy-aware domain registration service. Only requires an email or jabber address for complete privacy. Created by people from The Pirate Bay and IPredator VPN. Accepted Payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal.
  • OpenNIC – An alternate network information center/alternative DNS root which lists itself as an alternative to ICANN and its registries. Like all alternative root DNS systems, OpenNIC-hosted domains are unreachable to the vast majority of the Internet. Only specific configuration in one’s DNS resolver makes these reachable, and very few Internet service providers have this configuration.
  • Namecoin – A cryptocurrency that aims to provide a decentralized DNS. It implements the top level domain .bit, which is independent of ICANN.
  • Pi-hole – A network-wide DNS server for the Raspberry Pi. Blocks advertising and tracking domains for all devices on your network.

Paste Services

Top Pick

PrivateBin
Minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
It is the improved version of ZeroBin.

More Options

  • Zerobin.net – Minimalist, open-source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Digital Notebook

Top Pick

Joplin
Fully featured open-source note taking and to-do application, which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE encryption and can sync through Nextcloud, Dropbox and more. It also offers easy import from Evernote and plain text notes.

More Options

  • Standard Notes – A safe place for your notes, thoughts, and life’s work. Free, open-source, and completely encrypted.
  • Turtl – Take notes, bookmark websites, and store documents for sensitive projects. From sharing passwords with your coworkers to tracking research on an article you’re writing, uses high-end cryptography to protect your data.
  • Paperwork – Open-source, self-hosted alternative to services like Evernote , Microsoft OneNote or Google Keep that uses PHP/MySQL.

Productivity Tools

Top Pick

ProtectedText
Open-source web application that encrypts and decrypts text in the browser. It’s password (or its hash) is never sent to the server – so that text can’t be decrypted even if requested by authorities. No cookies, no sessions, no registration, no users tracking and no ads.

More Options

  • Write.as – Privacy-oriented blogging platform that’s anonymous by default, letting you publish without signing up. If you create an account, it doesn’t require any personal information. No ads, distraction-free, and built on a sustainable business model.
  • Cryptee – Your documents, notes, journals, files, PDFs, and more all encrypted, all private and available on all your devices with live-sync.
  • disroot.org – Platform providing online services based on principles of freedom, privacy, federation and decentralization. No tracking, no ads, no profiling and no data mining.
  • LibreOffic – Open-source office suite comprised of programs for word processing, spreadsheets, slideshows, diagrams and drawings, and working with databases.

Additional Tools

  • IPLeak.net – IP/DNS Detect – What is your IP, what is your DNS, what information you send to websites.
  • Panopticlick – Analyze how well your browser and add-ons protect you against online tracking techniques.
  • The Ultimate Online Privacy Test Resource List – A collection of Internet sites that check whether your web browser leaks information.
  • PRISM Break – List of tools to opt-out of global data surveillance programs like PRISM, XKeyscore and Tempora.
  • SecureDrop – Open-source whistleblower submission system that media organizations can install to securely accept documents from anonymous sources.
  • Reset the Net Privacy Pack – Tool bundles to protect yourself and your friends.
  • Umbrella – The only security handbook you’ll ever need in a free, open source app. It’s up-to-date information you can trust. And it’s always in your pocket.
  • Osalt – Find open source software alternatives to well-known commercial software.
  • AlternativeTo – find alternatives to other software, with the option to only show open source software.

Friends Don’t Let Friends Go Unencrypted

Social Snare Buttons Go Here