Privacy focused software

This article isn't complete yet. It is a work in progress.

Topics

Privacy focused software

Why privacy?

Privacy means?

A man who looks at the white lock which is on the light red background of this image.

Security, Privacy, Lock image By Mohamed Hassan - Public Domain licensed.

You have a right on privacy. Privacy means that you have the control over your personal information.

Your personal information might be a lot more as you think. It is more as just your name or email. It can include your shopping behavior, the sites which you visit, medical info, full-time access to your microphone and a lot more.

Why it matters

Many don't value privacy until they lose it. Caring about other people's privacy means that you respect them.

Privacy creates trust. Trust is usually one of the most important elements of love. In other words share the love and give your users their privacy.

Two heart-printed stainless steel padlocks.

Two heart-printed stainless steel padlocks image By Ylanite Koppens - Public Domain licensed.

My personal biggest reason to care is that I don't think that it is respectful or ethical to deny the privacy of users. I care about privacy, since I think that others should have it.

I have nothing to hide

We wouldn't have passwords if no one cared about privacy. In other words, feel free to make all your logins public if you don't care about privacy.
Don't actually do this. It asks for trouble.

Privacy does not exist

Some might claim that there is no such thing as privacy nowadays. The thing is, everything is breakable, but you can make it harder. People are less likely to break something which is not easy to break, since it is easier to break the thing which is easier to break.

They already have all of my data

Old database data can get removed and you change, so the info which they have might be irrelevant in the future. There is also a chance that some cybercriminals remove all that data. The GDPR law (Europe only) is also a thing now, so you have the right to be forgotten.

Not everyone knows or cares

The sad truth is that many companies spy on users, so that they can sell your personal data to others. Not only companies do this, some cybercriminals also post personal information which they find online.

Even your friends might share your personal data without being aware of it. Privacy usually requires small sacrifices, not everyone has the guts to make them. Convenience is extremely useful and making every sacrifice is almost, if not completely impossible.

Your choices are not everyone's choices. A bit better is already a step in the right direction. Not everyone has to be an extreme privacy geek.

Basic tips

Remove things which you no longer use

This makes the attack surface smaller.

Don't trust every website or person

Avoid websites which you don't trust. Some dangerous websites are very good at pretending that they are not dangerous. Don't download or trust every random thing that you read on the internet.

Passwords

Use a password or any other form of security (PIN, fingerprint,...) on every device.

Use strong passwords and use a different password for every website.

I highly recommend KeepassXC (GPLv2 licensed) which is a password database. It generates all your passwords for you. You only have to remember one password so using it is very convenient.

Bitwarden (GPLv3 licensed) is another option if you prefer an online password database, but remember that online databases might leak.

Use encryption if it is possible

Encryption is another layer of security. It is not bad to make everything a little bit more secure.

I don't use encryption on all my stuff, but I should.

Number six, any logged cleartext, forget it!
Encrypt all your data, take those bytes off the record!

- Dual Core ( 0x0A Hack Commandments )

Decide how far you want to go for your privacy

Your online information can be used against you. Know what you post, and know that people might use it against you.

Decide how far you are willing to go for privacy.
You can make your own choices.

Software types

The most popular different types of software

There are many different types of software and knowing a bit about these types helps, but it is not essential.

Proprietary or closed source software

  • People can't read the source code.
  • Usually not great for privacy, since one line of code is usually enough to spy on the user.

Open source software

  • People can read the source code.
  • Better for privacy, but privacy is not guarantied.

Some software only uses some open source to "open wash" their product. This usually means that they still use a lot of closed source software. They usually just do it to look good.

Open source software can be good for privacy, but you only know this after reading the source code. It can contain code which spies on the user.

Public Domain software

  • This software has no restrictions.
  • Better for privacy, but privacy is not guarantied.
  • People can legally steal the code.
  • Public domain means this is from everyone.

Public Domain software can be good for privacy, but you only know this after reading the source code. It can contain code which spies on the user.

Free or libre software

  • People can read the source code.
  • Great for privacy.
  • Has to respect the four essential freedoms of every user.

Don't confuse the term "free" with "gratis".
Free software is free as in freedom. It is not always gratis.

Some software might describe itself as free while they actually mean gratis. You can check the license if you want to be sure. People tend to also call free software "libre software" to avoid this confusion.

Not all free software is what it should be and there are always exceptions, but it is usually great for privacy.

Email

Email Providers

Many mail providers are proprietary software which is why you probably should not trust them. There are not many email providers which are focused on privacy.

  • Tutanota (GPLv3 licensed)
  • Protonmail (MIT licensed)
  • Cock.li - A server which is hosted by one person instead of a company. Use this at your own risk. Many sites block mailaddresses of this provider.
  • Selfhost your email. This is meant for the people who care a ton about privacy. It is definelty not the easiest route.

Email Clients

There are a lot of clients which I could mention here.
I personally just use my browser to check my email.

Claws mail, Evolution, Mutt (terminal only),...

The reason that I probably would not recommend the popular Mozilla Thunderbird client is that it is not GPL licensed. I don't think that it uses a bad license, but there are GPL licensed alternatives.

PGP

PGP (Pretty Good Privacy) is something which you can use to encrypt your emails. It works with a web of trust.

I personally use Tutanota, so I use the method of encryption which they provide.

Social media

Social media

It is actually pretty funny that social media is in this list. People can find a ton of personal information on social media. You could try to stop using the most social media when you are a privacy extremist.

The most popular social media services are actually known for not caring about privacy. A more privacy focused social media service does help, but it is still social media.

Don't put everything publicly on social media, since it is free information for data mining and cybercriminals. I also recommend removing your old posts. Information can be used against you.

Disclaimer

I mean privacy as in they aren't known to mine your personal data when I say more privacy focused in this section.


Some decentralized services still have some issues.

Anyone can modify it at the server-side after getting the code. They can mine your data with own modified code. I think that many admins won't actually create or research advanced tools which could do this for them.

I, however trust the admin(s) of the non-proprietary social media which I use enough to make an account. The instances which I use are not that big which makes it easy to communicate with the admin(s).

Another thing is that every server is supposed to get the updated posts/other media from other servers. Not all servers update info often which means that your info can be longer on web as expected if you deleted a post/other media.

I think that you can set Pleroma, and Mastodon to not index your posts, which means that they shouldn't appear in search engines.

The Fediverse

The most popular privacy focused social media network out there is probably the Fediverse. It can do a lot, including video hosting (like YouTube) and image hosting (like Instagram). The possibilities of this network are huge.

Five nodes in pentagon shape with all diagonals, multicoloured. Logo created to represent the Fediverse.

Fediverse logo By Eukombos - Public Domain licensed.

Similar to Twitter

Mastodon and Pleroma are pretty popular services which act a bit like Twitter. There are many things like it.

It works with a thing called "instances". You will have to pick an instance when you want to join it. Don't worry though. You can communicate with other instances as well, and it is not unusual to switch instance after a few months.

Some instances which don't use Cloudflare are: welovela.in, linuxrocks.online,...
Read more about the dangerous Cloudflare issue.
Please don't pick an instance which uses Cloudflare.

Similar to Facebook

Diaspora also exists and that is more Facebook like. It is not as popular as Mastodon or Pleroma. I think that it is not even a part of the Fediverse network. I don't know how great it is, since I haven't used it.

It works with a thing called "pods". You will have to pick a pod when you want to join it.

Feel free to send me some pods which don't use Cloudflare so that I can recommend them.
Read more about the dangerous Cloudflare issue.
Please don't pick a pod which uses Cloudflare.

Similar to YouTube

PeerTube is a decentralized video platform.

Some instances which don't use Cloudflare are: peertube.cpy.re, framatube.org, peertube.video
Read more about the dangerous Cloudflare issue.
Please don't pick an instance which uses Cloudflare.

Another great option is invidious. Invidious is an alternative privacy focused YouTube front-end. You don't even need a google account to use invidious, and you can subscribe to YouTube channels through invidious.

I want to support PeerTube more, but YouTube has a ton of content which I love to watch and invidious is the perfect solution for that problem.

The PeerTubeify add-on displays a link to PeerTube if the YouTube video is also on PeerTube. I prefer to watch it on PeerTube since I want to support that platform. That add-on also works on invidious.

Similar to Instagram

Pixelfed is a privacy focused photo sharing platform. It is AGPL licensed. I personally don't use it.

Feel free to send me some instances which don't use Cloudflare so that I can recommend them.
Read more about the dangerous Cloudflare issue.
Please don't pick an instance which uses Cloudflare.

Similar to Discord and Slack

Matrix (small rant)

Many matrix.org clients look a lot like Discord.

I personally can't really recommend matrix, since the main instance uses Cloudflare. New users will probably just use the main instance for convenience. I recommend to avoid it for that reason.

Do they really care about privacy if they do that? Privacy means something different for everyone. I personally believe that Cloudflare removes some of your privacy.

Feel free to send me some matrix servers which don't use Cloudflare so that I can list them. I personally couldn't find any matrix servers which respect your privacy.
Read more about the dangerous Cloudflare issue.
Please don't pick a server, which uses Cloudflare.

IRC

IRC is an option if you want to go more nerdy/geeky. It is not the most secure option, depending on the configuration.

IRC can keep logs, but Discord probably mines your personal data. Matrix also has a privacy problem because it usually uses Cloudflare.

Beware, the famous Freenode website uses Cloudflare. Freenode does not make requests to Cloudflare if you connect to it without using the Freenode website.
Read more about the dangerous Cloudflare issue.

Actually know what you say

Think about your words when you chat. I personally have bad experiences with chatting. I basically trusted the wrong people.

Number three, never trust nobody!
IRC is bad luck when you chat too much.

- Dual Core ( 0x0A Hack Commandments )

My personal mindset is, pick the software which you love and support the most. It is ok to pick multiple applications, but remember that that increases the attack surface.

Browsers

Support competition

People compare a lot of browsers, but I personally think that the privacy problems might be deeper. I think that there just isn't enough competition.

Chromium based browsers have a lot of the browser market. I personally would avoid them. Support competition instead.

Tor browser

The Tor browser is probably the most privacy focused browser out there, but I wouldn't use it for everything because it is also slow. It isn't perfect though.

Don't bet your future on just a few tools.
Even .onion sites can have leaks too.

- Dual Core ( 0x0A Hack Commandments )

The perfect browser

I personally think that none of the browsers are perfect. GNU Icecat is the browser which I usually prefer. You can install a torbutton add-on if you want to use Tor for extra privacy.

Firefox and Chromium issues

Mozilla Firefox uses Cloudflare for DNS, by default unless you use an older Firefox version. Chromium probably tracks you a lot since it is from Google.

Read more about the dangerous Cloudflare issue.

Google also does some great things for the community, but remember that they are an advertising company. They make the many of their money from their proprietary advertising service, AdWords.

Tracking users helps them with providing more personal advertisements, which might increase the amount of clicks on the ads.

Mozilla also did some good things for the community. I personally would pick Firefox over Chromium if I had to choose. Just know that both browsers have some privacy issues by default.

Web browsing tips

Basic tips

I already mentioned many tips in the basic tips section of this page, but it isn't bad to repeat one of them. Don't trust every website or link.

Many (if not all) browsers show the actual location of a link in the left bottom if you place your mouse on top of the link.

Some websites have malware on them. Don't trust a site which has a ton of download buttons or a ton of ads and such. Just use your common sense and check if the site can be trusted.

Know what the attackers do

Some people are very good at hiding malware or/and stealing your personal information. It isn't bad to take a look at the things which cybercriminals try to do.

Phishing is a thing that many still fall for. You can easily learn yourself how to detect many phishing attacks. Phishing is when an attacker sends you an email or something else which is supposed to look innocent, but it is probably harmful.

Defending yourself against attackers is a whole topic, so I suggest that you do your own research on the basics of defending yourself.

Don't accept tracking cookies

Cookies are small files which contain a bit of data. This data can be used to keep your preferences like the language and/or website theme you prefer.

Those harmless cookies aren't the real problem. The real problems are the tracking cookies. Those cookies usually store your behavior and other personal browsing data.

They might contain any of the following information:

  • The links you click while using the website
  • The amount of time you spend on a website
  • The pages which you visit (a bit like your browsing history)
  • Much more tracking data

The Europe GDPR law contains something so that people can't collect personal data through cookies unless they have your permission. This is one of the reasons why you might see cookies pop-ups on websites.

You can decline cookies and I recommend you to do so.

Fingerprinting and privacy related extensions

It is true that extensions make your browser fingerprint more unique if they interact with more as the browser UI.

Every browser has a fingerprint which can be used to track you. It is not easy to do something about this even the way in which you type defines a bit of your browser fingerprint.

Completely getting rid of a unique fingerprint is probably impossible. There is always something which makes it unique unless you use the defaults of a browser. This is also why the Tor browser is pretty secure. Many people use it with the default settings.

You can defend yourself against the most common fingerprinting techniques though. A canvas blocker add-on tries to defend you against fingerprinting attacks which are caused by the HTML5 canvas element.

I personally think that add-ons at least protect you from other threads, so I think that you should use them.

Recommended add-ons

World maps

World maps

OpenStreetMap (OSM) is a more privacy focused service similar to Google maps.

Search engines

Search engines

Many browsers come with Google as the default search engine, but keep in mind that Google is an advertising company. They have to do tracking to make more money.

Some alternatives are startpage (couldn't find the license) and searx (AGPL licensed). I personally switch search engine from time to time. I have used the above search engines, but it is not easy to pick one.

Most search engines are proprietary. Proprietary search engines: Bing, Qwant, DuckDuckGo (the core of DuckDuckGo is proprietary),...

Other recommendations

Phones

Avoid phones or use a ROM like LineageOS and F-Droid as the app store if you really need a phone. This might change in the future, the Librem 5 might become a good option.

Only use the features which you need when you decide to use a phone.

Phones in general collect a ton of personal info.
You are the one that chooses your sacrifices though.
A phone is an essential device for many people.

Operating systems

Windows and OS X are proprietary, thus cannot be trusted.
You can use them and many people depend on some specific tools.

Remember, it is a choice. You probably won't convince someone to use something if you push them too hard. They will probably ask you questions about your system if they are actually interested.

The GNU+Linux and BSD operating systems are the alternatives to those operating systems. I personally would recommend Debian or Devuan for beginners. You can try those operating systems in a virtual machine.

I am not going to lie, these operating systems might require some learning, but it is not that hard. I have no experience with BSD. BSD might be even harder to learn. but it probably has its own good points.

For the people who want to go even further.

Qubes OS seems to be really security focused, but it looks resource heavy. I also really like what GuixSD is doing.

You can use a free distro, but you have to be sure that you have drivers for everything. I want to recommend this to everyone, but I think that the privacy sacrifice might be too big for the most people.

Keep learning

Look at the privacy focused movements, and don't trust everything blindly. Some of these movements are the FSF, the EFF, defective by design,...

I could write more about this, but I wanted to stick to the basics. Feel free to contact me if you think that I missed something important.