👨‍💻 Berkan's Blog

Anonymity Tools for Privacy Paranoid People

Published by Berkan K. on March 8

book 28 min read

The data is from privacyguides.org and is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This blogpost simplifies, summarized and wraps the original content in a new format. The original content is available at privacyguides.org. You can find al the criterias and best practices for each choice in the original content. While the final decision and contens is made by Privacy Guides, i’ve also included some other external sources to provide a more comprehensive view for some of the tools, along with my own personal experience and opinions.

Table of Contents

TOR Network

The Onion Router (TOR) is a free and open-source software that enables anonymous communication by directing internet traffic through a worldwide volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using TOR, you can access websites that are not indexed by traditional search engines, known as the dark web.

Tor Browser

The Tor Browser is a web browser that anonymizes your web traffic using the Tor network, making it easy to protect your identity online. If you’re investigating a competitor, researching an opposing party in a legal dispute, or just think it’s creepy for your ISP or the government to know what you’re doing online, you should be using the Tor Browser.

You should never install any additional extensions on Tor Browser or edit about:config settings, as this can compromise your privacy and security by making you stand out from other Tor Browser users.

Orbot (Tor for Android)

Orbot is a free Tor VPN for smartphones which routes traffic from any app on your device through the Tor network.

Onion Browser (Tor for iOS)

Onion Browser is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the Tor Project.

Snowflake (Relays and Bridges)

Snowflake allows you to donate bandwidth to the Tor Project by operating a “Snowflake proxy” within your browser.


People who are censored can use Snowflake proxies to connect to the Tor network. Snowflake is a great way to contribute to the network even if you don’t have the technical know-how to run a Tor relay or bridge.


You have the option to activate Snowflake directly in your browser by launching it in a separate tab and toggling the switch to the on position. This allows you to assist by sharing your connection, simply by keeping it active in the background as you continue your online activities. However, it is not recommended installing Snowflake as a browser add-on, as incorporating third-party extensions could potentially compromise your privacy and security.

Desktop Browsers

Mullvad Browser

Mullvad Browser is a version of Tor Browser with Tor network integrations removed, aimed at providing Tor Browser’s anti-fingerprinting browser technologies to VPN users. It is developed by the Tor Project and distributed by Mullvad, and does not require the use of Mullvad’s VPN.


As with the TOR browser, Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: Standard, Safer and Safest.


Anti Fingerprinting
Mullvad Browser boosts your online privacy right from the start, tackling simple fingerprinting just like Firefox with Arkenfox or Brave does, though you might notice some limits in flexibility. For the best anti-fingerprinting results, it’s a good idea to use the browser with a VPN. This way, your online identity blends in with many others, following a privacy approach similar to what you’d find with Tor Browser. It works best when others on the same VPN are also using Mullvad Browser, especially with Mullvad’s own VPN service.


The browser is already set up with privacy-protecting extensions such as uBlock Origin and NoScript, aimed at keeping your browsing anonymous. It’s important to leave these extensions as they are to ensure your browser blends in with all others and maintains a consistent fingerprint with the Mullvad Browser community.


Private Browsing Mode
Mullvad Browser also includes a private browsing mode that doesn’t store any cookies, history, or passwords. This is a great way to keep your browsing habits private, especially if you’re using a shared computer or a public computer.


Leta
Leta is a privacy-focused search engine that doesn’t track your searches or store your data. It’s a great way to keep your browsing habits private, especially if you’re using a shared computer or a public computer.

Leta requires an active Mullvad VPN connection subscription to use, as it queries Google's paid search API.

Firefox

Firefox is a free and open-source web browser developed by the Mozilla Foundation. It is available for Windows, macOS, Linux, and Android, and is the default browser for many Linux distributions. Firefox, provides Enhanced Tracking Protection, which blocks third-party tracking cookies and cryptominers.


The recommended configuration for enhanced privacy and security in Firefox includes:

  • Search: Disable search suggestions to prevent sending every typed query to your search engine, thus enhancing control over the data shared.
  • Privacy & Security: Activate Strict Enhanced Tracking Protection to block various trackers and malicious content, though it’s not a complete solution against all types of fingerprinting.
  • Firefox Suggest (US only): Disable this feature to avoid sending your search queries to Mozilla, similar to disabling search suggestions.
  • Sanitize on Close: Enable the setting to delete cookies and site data when closing the browser, with options to keep certain sites logged in through exceptions.
  • Telemetry: Turn off all telemetry settings to prevent sending technical and usage data to Mozilla, safeguarding your browsing privacy.
  • HTTPS-Only Mode: Enforce HTTPS-Only browsing to secure your web connections, avoiding unencrypted HTTP sites.
  • DNS over HTTPS: Opt for maximum protection with DNS over HTTPS, ensuring your DNS queries are securely encrypted.
  • Sync: Utilize Firefox Sync to access your browsing data across devices securely, encrypted end-to-end for privacy.

Brave

Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. It includes a built-in ad blocker and anti-tracking features.


The recommended configuration for Brave browser focuses on maximizing privacy and security:

  • Shields:
    • Enable Shields globally to prevent fingerprinting and aggressive ad and tracker blocking.
    • Maintain default filter lists and enforce strict HTTPS upgrades.
    • Optionally block scripts and set fingerprinting protection to strict, which may affect site functionality.
    • Activate the option to forget site data upon closing.
  • Social Media Blocking:
    • Disable all integrations with social media to enhance privacy.
  • Privacy and Security:
    • Disable non-proxied UDP to prevent leaks via WebRTC.
    • Turn off Google’s push messaging and other privacy-invading features like P3A and diagnostic reports.
    • Opt-out of using the private window with Tor if not needed.
    • Configure the browser to clear cookies and site data when closed, with the option to set exceptions.
  • Extensions:
    • Deactivate any unused built-in extensions, such as Hangouts and WebTorrent.
  • Web3:
    • Adjust settings to minimize browser fingerprinting related to Web3 features.
    • Set default wallets to “none” and disable IPFS integration.
  • System:
    • Ensure that Brave doesn’t run background apps when closed.
  • Sync:
    • Use Brave Sync for encrypted cross-device access to browsing data without needing an account.
  • Brave Rewards and Wallet:
    • Consider avoiding Brave Rewards and the Brave Wallet if privacy with cryptocurrency is a concern, as these features might not align with stringent privacy standards.

Additions

uBlock Origin:
uBlock Origin is a free and open-source, cross-platform browser extension for content-filtering, including ad-blocking. The extension is available for several browsers, including Chrome, Firefox, and Edge, and is designed to use fewer system resources than other ad-blockers.


uBlock Origin Lite:
Same as uBlock Origin, but doesn’t need grant full read/write permissions to website data, is a more CPU effociant content blocker and can work for browsers only supporting Manifest V3 extensions.

Mobile Browsers

Android

For Android devices, the recommended browser is Brave with the same settings for the Desktop version. Firefox is also a good choice, but is less secure than chromium-based browsers.

iOS

Since iOS mandates that all third-party browsers use the built-in WebKit framework, opting for a browser other than Safari doesn’t offer much advantage. Safari itself comes packed with numerous privacy features such as Intelligent Tracking Prevention, Privacy Report, and secure Private Browsing tabs that are isolated and temporary. It also includes iCloud Private Relay and anti-fingerprinting measures that randomize and simplify your system’s configuration to make your device appear identical to others, enhancing anonymity online. Moreover, Safari provides the option to secure your private tabs using biometric authentication or a PIN, adding an extra layer of privacy.


However, if you really want to use a third-party browser, Brave will again be a good choice.

Cloud Storage

ProtonDrive

ProtonDrive is a secure and private cloud storage service developed by a the swiss company Proton Technologies AG, the same company behind ProtonMail and ProtonVPN. ProtonDrive is designed to provide end-to-end encryption for your files, ensuring that only you can access your data.

The Proton Drive web application has been independently audited by Securitum in 2021. However, Proton Drive’s brand new mobile clients have not yet been publicly audited by a third-party.

Tresorit

Tresorit is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.

Tresorit has received a number of independent security audits:

  • 2022: ISO/IEC 27001:20131 Compliance Certification by TĂśV Rheinland InterCert Kft
  • 2021: Penetration Testing by Computest
    • This review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.
    • Computest discovered two vulnerabilities which have been resolved.
  • 2019: Penetration Testing by Ernst & Young.
    • This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit’s white paper.
    • Ernst & Young additionally tested the web, mobile, and desktop clients: “Test results found no deviation from Tresorit’s data confidentiality claims.”

They have also received the Digital Trust Label, a certification from the Swiss Digital Initiative, which requires passing 35 criteria related to security, privacy, and reliability.

Nextcloud

Nextcloud is a suite of client-server software for creating and using file hosting services. It is functionally similar to Dropbox, but Nextcloud is free and open-source, allowing anyone to install and operate it on a private server. Nextcloud is still a recommended tool for self-hosting a file management suite, however it is not recommended to use third-party Nextcloud storage providers, because the built-in E2EE functionality for home users isn’t recommended for sensitive data.

DNS Resolvers

Encrypted DNS with third-party servers should only be used to get around basic DNS blocking when you can be sure there won’t be any consequences. Encrypted DNS will not help you hide any of your browsing activity.

ADGuard

Information about ADGuard DNS.

  • Protocols: Cleartext, DoH3, DoT, DoQ & DNSCrypt
  • Logging: Some
  • Filtering: Based on personal configuration.

Cloudflare

Information about Cloudflare DNS.

  • Protocols: Cleartext, DoH & DoT
  • Logging: Some
  • Filtering: Based on personal configuration.

ControlD

Information about ControlD DNS.

  • Protocols: Cleartext, DoH, DoT & DoQ
  • Logging: Optional
  • Filtering: Based on personal configuration.

Mullvad

Information about Mullvad DNS.

  • Protocols: DoH & DoT
  • Logging: No
  • Filtering: Based on personal configuration.

NextDNS

Information about NextDNS.

  • Protocols: Cleartext, DoH3, DoT & DoQ
  • Logging: Optional
  • Filtering: Based on personal configuration.

Quad9

Information about Quad9 DNS.

  • Protocols: Cleartext, DoH, DoT & DNSCrypt
  • Logging: Some
  • Filtering: Based on personal configuration. Malware blocking by default.

Email Services

Both Proton Mail and Mailbox.org integrate OpenPGP encryption, ensuring that emails are secure and private. This system allows users to send encrypted emails across different providers, enhancing the security ecosystem. However, users should be aware of the data elements that aren’t encrypted, such as certain contact details in Proton Mail and the address book or calendar in Mailbox.org.

ProtonMail

Established in 2013 and based in Geneva, Switzerland, Proton Mail is synonymous with privacy-centric email services. It’s built on the pillars of encryption, security, and simplicity. Even their free plan, which starts with 500 MB storage, incorporates essential privacy features.


Key Features:

  • End-to-End Encryption: Utilizing OpenPGP, Proton Mail ensures that emails are encrypted automatically to other Proton Mail accounts, with the option to encrypt emails to non-users seamlessly.
  • Zero-Access Encryption: Your emails and calendars are encrypted at rest, meaning only you can access them. However, it’s notable that certain Proton Contacts details, like display names and email addresses, aren’t encrypted, while fields supporting encryption are marked with a padlock icon.
  • Custom Domains and Advanced Security: Paid versions offer additional perks like Proton Mail Bridge for desktop clients, extra storage, and custom domain support. Security-wise, it supports TOTP two-factor authentication and FIDO2/U2F hardware security keys.

Mailbox.org

Launched in 2014 and operating out of Berlin, Germany, Mailbox.org offers an ad-free, secure email service powered entirely by green energy. Starting with 2 GB of storage, the service emphasizes both privacy and environmental responsibility.


Key Features:

  • Integrated Email Encryption: Offering built-in encryption for your emails, Mailbox.org simplifies secure communication, even enabling recipients without OpenPGP to read encrypted messages securely hosted on their server.
  • Eco-Friendly and Secure: Besides being powered by 100% eco-friendly energy, it supports two-factor authentication and offers an encrypted mailbox, though it doesn’t encrypt your address book or calendar.

Financial Services

Payment Masking

Payment masking services allow you to make purchases online without revealing your real credit card number. These services generate a virtual credit card number that is linked to your real credit card, but the merchant only sees the virtual number.


Privacy.com (US)
Privacy.com’s free plan allows you to create up to 12 virtual cards per month, set spend limits on those cards, and shut off cards instantly. Their paid plan allows you to create up to 36 cards per month, get 1% cash back on purchases, and hide transaction information from your bank.


MySudo (US Paid)
MySudo provides up to 9 virtual cards depending on the plan you purchase. Their paid plans additionally include functionality which may be useful for making purchases privately, such as virtual phone numbers and email addresses, although it is recommend to use other email aliasing providers for extensive email aliasing use.


MySudo’s virtual cards are currently only available via their iOS app.

Gift Card Marketplaces

Gift card marketplaces allow you to buy gift cards with cryptocurrency, which can then be used to make purchases online. This can be a way to make purchases without revealing your real identity.


CoinCards (US & Canada)
CoinCards (available in the US and Canada) allows you to purchase gift cards for a large variety of merchants.

Photo Management

Ente

Ente is a photo management application that allows you to store and organize your photos and videos. It includes end-to-end encryption, so only you can access your photos and videos. Ente is designed to be self-hosted, so you can run it on your own server or use a third-party provider.Itsupports automatic backups on iOS and Android and underwent an audit by Cure53 in March 2023.

Stingle

Stingle is a gallery and camera application with built-in, end-to-end encrypted backup and sync functionality for your photos and videos. Storage starts at 1GB for free accounts on their cloud, or you can host your own Stingle API server for total independence.

PhotoPrism

PhotoPrism is a self-hosted photo management application that allows you to store and organize your photos and videos. It includes facial recognition and location-based search, and it can be used to automatically tag and categorize your photos. PhotoPrism is designed to be self-hosted, so you can run it on your own server or use a third-party provider.

Search Engines

Developed by Brave, featuring its own independent index optimized against Google for contextually accurate results. Offers unique features like Discussions for conversation-focused results. Based in the US, collects aggregated usage metrics without personally identifiable information. Recommends disabling Anonymous usage metrics for privacy.

DuckDuckGo

A mainstream private search engine using Bing’s API and other sources for results, famous for bangs and instant answers. Default search engine for Tor Browser and available on Safari. Based in the US, logs searches without IP addresses for product improvement. Offers JavaScript-free versions for enhanced privacy.

SearXNG

An open-source, self-hostable metasearch engine aggregating results without storing information. It’s a privacy-focused fork of SearX, acting as a proxy between users and other search engines. Privacy policies vary by instance, and some run as Tor hidden services for added privacy.

Startpage

Offers private search results from Google and Bing with an Anonymous View feature for standardized user activity. Based in the Netherlands, it logs no IP addresses or personally identifying information. Regularly restricts access from VPNs and Tor IPs. Majority owned by adtech company System1 but maintains a separate privacy policy

VPNs

If you’re looking for additional privacy from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.

Proton VPN

Launched by Proton AG in Switzerland in 2016, it offers both a free tier and premium options, with servers in 71 countries (3 for free users). It emphasizes security with dedicated servers and underwent independent audits, correcting all identified vulnerabilities. Features include open-source clients, cash payment options, and WireGuard protocol support, though Linux lacks WireGuard. Proton VPN includes a Stealth protocol for bypassing censorship, but it’s not available on all platforms. It offers remote port forwarding, content blocking, and supports two-factor authentication, but its killswitch feature may be problematic on Intel-based Macs.

IVPN

Based in Gibraltar since 2009, IVPN operates servers in 37 countries and prioritizes privacy with a no-logging policy verified by independent audits. Its clients are open-source, and it accepts anonymous payment methods including cash and Monero. IVPN supports WireGuard, but no longer offers remote port forwarding. It provides obfuscation modes to circumvent censorship and includes an “AntiTracker” feature to block trackers at the network level.

Mullvad VPN

Mullvad, from Sweden, has been focused on privacy and security since 2009, with servers in 40 countries. It has undergone several security audits, maintains open-source clients, and accepts various anonymous payment methods. Mullvad supports the WireGuard protocol and IPv6 access but recently removed port forwarding. It uses obfuscation to bypass censorship and is transparent about its server infrastructure, recommending the official Tor Browser for accessing onion sites. Mullvad’s service can also be accessed via its Tor onion address.

Calendar and Scheduling

Tuta

Tuta offers an encrypted calendar service with a focus on privacy. It’s free to use across supported platforms and provides end-to-end encryption for all data. Key features include sharing options, import/export capabilities, and multi-factor authentication. While all users can enjoy the basic functionalities, access to multiple calendars and advanced sharing features is reserved for paid subscribers.

Proton Calendar

Proton Calendar, part of the Proton suite, delivers encrypted calendar services to its users. Available via web and mobile platforms, it ensures end-to-end encryption of data. Free users can manage up to 3 calendars, and paid members can expand up to 25 calendars, with additional sharing options exclusive to subscribers.

Cryptocurrency

Monero

Monero is a privacy-focused cryptocurrency that uses ring signatures, ring confidential transactions, and stealth addresses to obfuscate the sender, recipient, and amount of every transaction. Monero is the most widely used privacy-focused cryptocurrency and is available on most major cryptocurrency exchanges.


It recommends using noncustodial wallets for greater privacy, allowing users to control their funds and transaction visibility. Notable wallets include the Official Monero client, Cake Wallet, Feather Wallet, and Monerujo. For maximum privacy, running a personal Monero node is advised, though using external nodes can compromise some information if not protected by Tor or i2p.


Despite its privacy features, Monero has faced careful inspection. CipherTrace claimed to have developed tools for tracing Monero transactions for government agencies, raising concerns about potential vulnerabilities. Although Monero is considered a leading privacy-focused cryptocurrency, its ability to completely safeguard privacy against targeted attacks and surveillance has not been definitively proven, necessitating further research.

Data and Metadata Redaction

MAT2 (Desktop)

MAT2 is a free and open-source metadata removal tool for Linux, designed to clean metadata from various file formats, including images, documents, and audio files. It also has a command-line tool that can be used to redact metadata from files in bulk, and it supports a wide range of file formats.

ExifEraser (Android)

ExifEraser is an Android app designed to erase image metadata from JPEG, PNG, and WebP files. It can remove various types of metadata including ICC Profile, Exif, Photoshop Image Resources, and XMP/ExtendedXMP. Users can erase metadata by sharing images to ExifEraser from another app, selecting images directly in ExifEraser, using the camera option to take and process photos, dragging photos into ExifEraser in split-screen mode, or pasting images from the clipboard. Lastly, it provides a detailed report on what metadata was removed.

Metapho (iOS)

Metapho is an iOS app that allows you to view and remove metadata from photos and videos. It can remove location data, camera model, and other metadata from photos and videos, and it can also remove metadata from multiple files at once. Metapho also has a feature that allows you to view the metadata of photos and videos, and it can display the location of photos on a map.

PrivactBlur

PrivacyBlur obfuscates faces and other sensitive information in images and videos.

ExifTool

ExifTool is a free and open-source metadata removal tool for Windows, macOS, and Linux. It can remove metadata from a wide range of file formats, including images, documents, and audio files. It also has a command-line tool that can be used to redact metadata from files in bulk, and it supports a wide range of file formats.


Example: Deleting data from a directory of files

exiftool -all= *.file_extension

Email Clients

Thunderbird

Thunderbird is a free and open-source email client developed by the Mozilla Foundation. It is available for Windows, macOS, and Linux, and is the default email client for many Linux distributions. Thunderbird includes features like OpenPGP encryption, a calendar, and an address book.


Some recommended changes to Thunderbird’s default settings include:

  • Web Content -> Uncheck Remember websites and links I’ve visited
  • Web Content -> Uncheck Accept cookies from sites
  • Telemetry -> Uncheck Allow Thunderbird to send technical and interaction data to Mozilla

File Encryption

Cryptomator (Cloud)

Cryptomator is a free and open-source encryption tool that allows you to encrypt your files before uploading them to the cloud. It is available for Windows, macOS, Linux, Android, and iOS, and supports a wide range of cloud storage providers.

PicoCrypt (File)

Pico is a small, simple, and secure encryption tool that you can use to protect your files. It’s designed to be the go-to tool for encryption, with a focus on security, simplicity, and reliability. Pico uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security.

VeraCrypt (Disk)

VeraCrypt is a source-available freeware utility used for on-the-fly encryption. It can create a virtual encrypted disk within a file, encrypt a partition, or encrypt the entire storage device with pre-boot authentication.

BitLocker (Full Disk - Windows)

BitLocker is the full volume encryption solution bundled with Microsoft Windows. The main reason it is recommended for encrypting your boot drive, is because of its use of TPM.

FileVault (Full Disk - macOS)

FileVault is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it leverages hardware security capabilities present on an Apple silicon SoC or T2 Security Chip.

File Sharing

Send

Send is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a public instance. You can use other public instances, or you can host Send yourself.


Send can be used via its web interface or via the ffsend CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the —host flag to use a specific server:

ffsend upload --host https://send.vis.ee/ FILE

OnionShare

OnionShare is a free and open-source tool that allows you to securely and anonymously share files over the Tor network. It creates a temporary web server on your computer that can be accessed by anyone with the unique URL that OnionShare generates. OnionShare is available for Windows, macOS, and Linux.

MFAs

YubiKey

YubiKey is a hardware security key that provides strong two-factor authentication. It can be used to secure your online accounts, protect your data, and prevent unauthorized access to your devices. YubiKey is available in a variety of form factors, including USB-A, USB-C, and NFC, and supports a wide range of authentication protocols, including FIDO2, U2F, and OTP.


YubiKeys can be programmed using the YubiKey Manager or YubiKey Personalization Tools. For managing TOTP codes, you can use the Yubico Authenticator

Nitrokey

Nitrokey has a security key capable of FIDO2 and WebAuthn called the Nitrokey FIDO2. For PGP support, you need to purchase one of their other keys such as the Nitrokey Start, Nitrokey Pro 2 or the Nitrokey Storage 2.


Nitrokey models can be configured using the Nitrokey app.

Note Taking

Standard Notes

Standard Notes is a free and open-source note-taking app that focuses on privacy and security. It offers end-to-end encryption, cross-platform support, and a variety of features like tags, pinning, code snippets and markdown support. Standard Notes is available on Windows, macOS, Linux, Android, and iOS.

Notesnook

Notesnook is a free & open-source note-taking app focused on user privacy & ease of use. It features end-to-end encryption on all platforms with a powerful sync to take your notes on the go. You can easily import your notes from Evernote, OneNote & a lot of other apps using their official importer.

Notesnook only allows local note encryption with the private vault feature on their pro plan, otherwise your notes are not stored encrypted on your device. Your notes are always encrypted before being synced to their servers with keys which only you have access to.

Joplin

Joplin is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers E2EE and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes.


Joplin does not support password/PIN protection for the application itself or individual notes and notebooks. However, your data is still encrypted in transit and at the sync location using your master key. Since January 2023, Joplin supports biometrics app lock for Android and iOS.

Cryptee

Cryptee is an open-source, web-based E2EE document editor and photo storage application. Cryptee is a PWA, which means that it works seamlessly across all modern devices without requiring native apps for each respective platform.


Cryptee offers 100MB of storage for free, with paid options if you need more. Sign-up doesn’t require an e-mail or other personally identifiable information.

Password Managers

Bitwarden

Bitwarden is a free and open-source password and passkey manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the best and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices.


Bitwarden also features Bitwarden Send, which allows you to share text and files securely with end-to-end encryption. A password can be required along with the send link. Bitwarden Send also features automatic deletion.

You need the Premium Plan to be able to share files. The free plan only allows text sharing.

ProtonPass

Proton Pass is an open-source, end-to-end encrypted password manager developed by Proton, the team behind Proton Mail. It securely stores your login credentials, generates unique email aliases, supports and stores passkeys, and offers a community-funded, Swiss-based service with strict data privacy laws.


With the acquisition of SimpleLogin in April 2022, Proton has offered a “hide-my-email” feature that lets you create 10 aliases (free plan) or unlimited aliases (paid plans).


Proton Pass currently doesn’t have any “master password” functionality, which means that your vault is protected with the password for your Proton account and any of their supported two factor authentication methods.

1Password

1Password is my person go-to password manager with a strong focus on security and ease-of-use, which allows you to store passwords, passkeys, credit cards, software licenses, and any other sensitive information in a secure digital vault. 1Password is closed source; however, the security of the product is thoroughly documented in their security white paper.


One advantage 1Password has over Bitwarden is its first-class support for native clients. While Bitwarden relegates many duties, especially account management features, to their web vault interface, 1Password makes nearly every feature available within its native mobile or desktop clients. 1Password’s clients also have a more intuitive UI, which makes them easier to use and navigate.

Messaging Apps

Signal

Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy and post-compromise security.


Signal requires your phone number for registration, however you should create a username to hide your phone number from your contacts. Also change the “Who Can See My Number” setting to: Nobody.


You can optionally change the Who Can Find Me By Number setting to Nobody as well, if you want to prevent people who already have your phone number from discovering your Signal account/username.


Contact lists on Signal are encrypted using your Signal PIN and the server does not have access to them. Personal profiles are also encrypted and only shared with contacts you chat with. Signal supports private groups, where the server has no record of your group memberships, group titles, group avatars, or group attributes. Signal has minimal metadata when Sealed Sender is enabled. The sender address is encrypted along with the message body, and only the recipient address is visible to the server. Sealed Sender is only enabled for people in your contacts list, but can be enabled for all recipients with the increased risk of receiving spam.

Operating Systems - Android

Generally, avoid purchasing a used android device, as it may have been tampered with. Also try to avoid buying a device from a carrier, as these often have a locked bootloader thereby not allowing OEM unlocking, which is required for installing custom ROMs.

GrapheneOS

GrapheneOS is a privacy and security-focused mobile operating system derived from the Android Open Source Project. It implements a range of enhancements aimed at safeguarding user privacy and enhancing device security. These include a hardened memory allocator, stringent network and sensor permissions, and various other security features. Moreover, GrapheneOS ensures robust security through full firmware updates and signed builds, enabling verified boot functionality. By minimizing data collection and employing robust encryption measures, GrapheneOS prioritizes user privacy and security in the mobile computing environment.

DivestOS

DivestOS is a privacy-focused mobile operating system based on LineageOS. It aims to provide a secure and privacy-focused mobile experience by implementing various security and privacy enhancements. DivestOS includes features such as a hardened kernel, enhanced network security, and improved privacy controls. It also offers regular security updates through its automated kernel vulnerability (CVE) patching and supports a range of devices.

Operating Systems - Desktop/PC

Fedora Workstation (Beginner)

Fedora Workstation is a free and open-source operating system developed by the Fedora Project, a community-driven project sponsored by Red Hat. It is based on the Linux kernel and the GNOME desktop environment. Fedora Workstation is designed for developers, system administrators, and other users who need a stable and secure operating system for their desktop or laptop. This operating system is recommended for beginners.

Arch Linux (Advanced)

Arch Linux is a free and open-source operating system based on the Linux kernel. It is designed for users who want to build their own customized Linux system from the ground up. Arch Linux is a rolling release distribution, which means that it is continuously updated with the latest software and security patches. This operating system is recommended for advanced users, as you only get what you install.

Tails (Anonymity Focused)

Tails is a free and open-source operating system designed to preserve your privacy and anonymity. It is based on Debian and runs from a USB stick or DVD. Tails routes all internet traffic through the Tor network, ensuring that your online activities are anonymous and secure. Tails is recommended for users who need to protect their privacy and anonymity while using a computer.

Qubes OS (Security Focused)

Qubes OS is a free and open-source operating system designed for security. It uses virtualization to isolate different parts of the operating system, such as applications and network connections, from each other. This isolation helps prevent malware and other security threats from spreading across the system. Qubes OS is recommended for users who need a highly secure operating system for sensitive workloads.

Resources

Author
profile
Hello, I'm a 23-year-old Software Engineer based in Denmark, specializing in Cybersecurity and
Fullstack Development.

Beyond programming, I enjoy sharing my journey and insights through writing, aiming to contribute to the tech community and inspire like-minded professionals.

Post Details Category