privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-05-25 12:51:25 +00:00
Code Issues Activity

style: Update frontmatter/intros to tool pages

Browse Source
This commit is contained in:
Jonah Aragon
2026-05-12 13:09:57 -05:00
parent 2e0ad0fc9d
commit caed4eb4b6
48 changed files with 162 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files
content/tools/services/calendar/_index.md
+2 -4
View File
@@ -1,13 +1,11 @@
---
title: Calendar Sync
icon: material/calendar
description: Calendars contain some of your most sensitive data; use products that implement encryption at rest.
cover: calendar.webp
---
<small>Protects against the following threat(s):</small>
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
**Calendars** contain some of your most sensitive data; use products that implement end-to-end encryption at rest to prevent a provider from reading them.
content/tools/services/cloud/_index.md
+11 -11
View File
@@ -2,29 +2,29 @@
title: Cloud Storage
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
---
<small>Protects against the following threat(s):</small>
<small>Protects against the following threat(s):</small>
[{{< badge content="Passive Attacks" color="orange" >}}]((basics/common-threats.md#security-and-privacy))
[{{< badge content="Service Providers" color="teal" >}}]((basics/common-threats.md#privacy-from-service-providers))
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
<div class="pg-card-logos">
{{< cards >}}
{{< card link="#proton-drive" title="Proton Drive" image="https://www.privacyguides.org/en/assets/img/cloud/protondrive.svg" subtitle="Proton Drive is an encrypted cloud storage provider from the popular encrypted email provider Proton Mail." >}}
{{< card link="#tresorit" title="Tresorit" image="https://www.privacyguides.org/en/assets/img/cloud/tresorit.svg" subtitle="Tresorit is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland." >}}
{{< card link="#peergos" title="Peergos" image="https://www.privacyguides.org/en/assets/img/cloud/peergos.svg" subtitle="Peergos is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc." >}}
{{< card link="#proton-drive" title="Proton Drive" image="./protondrive.svg" subtitle="Proton Drive is an encrypted cloud storage provider from the popular encrypted email provider Proton Mail." >}}
{{< card link="#tresorit" title="Tresorit" image="./tresorit.svg" subtitle="Tresorit is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland." >}}
{{< card link="#peergos" title="Peergos" image="./peergos.svg" subtitle="Peergos is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc." >}}
{{< /cards >}}
</div>
Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure end-to-end encryption.
If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](../../software/encryption/_index.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
> [!NOTE]
> For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
> For more technical readers, Nextcloud is [still a recommended tool](../../self-hosting/file-management/_index.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
## Proton Drive
**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](../email/_index.md#proton-mail).
The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
@@ -88,7 +88,7 @@ Peergos secures your files with quantum-resistant E2EE and ensures all data abou
[{{< badge content="Web" color="gray" >}}](https://peergos.net)
[{{< badge content="GitHub" color="gray" >}}](https://github.com/Peergos/web-ui/releases)
Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship).
The client, server, and command line interface for Peergos all run from the same binary. Additionally, Peergos includes a [sync engine](https://book.peergos.org/features/sync) (accessible via the native apps) for bi-directionally synchronizing a local folder with a Peergos folder, and a [webdav bridge](https://book.peergos.org/features/webdav) to allow other applications to access your Peergos storage. You can refer to Peergos's documentation for a full overview of their numerous features.
@@ -96,7 +96,7 @@ Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
### Minimum Requirements
content/tools/services/data-broker-removals/_index.md
+1 -3
View File
@@ -1,12 +1,10 @@
---
title: Data Removal Services
icon: material/database-off
description: Our recommended methods for removing your personal information from data brokers and people search sites.
cover: data-broker-removals.webp
---
<small>Protects against the following threat(s):</small>
- [:material-account-search: Public Exposure](../../kb/basics/common-misconceptions.md){ .pg-green }
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-misconceptions.md)
"People search sites" operated by data brokers represent an immense privacy risk to the majority of Americans. For many, sensitive personal information such as your address, phone number, email, and age is a simple internet search away. While there is unfortunately no federal regulation in place to protect your data, many of these companies will remove your information from their *public* databases upon request.
content/tools/services/dns/_index.md
+11 -15
View File
@@ -1,24 +1,20 @@
---
title: DNS Resolvers
icon: material/dns
description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration.
cover: dns.webp
global:
- [randomize-element, "table tbody"]
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button }
[Learn more about DNS :material-arrow-right-drop-circle:](../../../wiki/advanced/dns-overview.md){ .md-button }
## Recommended Providers
These are our favorite public DNS resolvers based on their privacy and security characteristics, and their worldwide performance. Some of these services offer basic DNS-level blocking of malware or trackers depending on the server you choose, but if you want to be able to see and customize what is blocked, you should use a dedicated DNS filtering product instead.
| DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
| DNS Provider | Protocols | Logging / Privacy Policy | [ECS](../../../wiki/advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|---|---|---|---|---|---|
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardSDNSFilter) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext <br>DoH/3 <br>DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
@@ -118,7 +114,7 @@ NextDNS also offers a public DoH service at `https://dns.nextdns.io` and DNS-ove
## Encrypted DNS Proxies
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically, it is used on platforms that don't natively support [encrypted DNS](advanced/dns-overview.md#what-is-encrypted-dns).
Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](../../../wiki/advanced/dns-overview.md#unencrypted-dns) resolver to forward to. Typically, it is used on platforms that don't natively support [encrypted DNS](../../../wiki/advanced/dns-overview.md#what-is-encrypted-dns).
### RethinkDNS
@@ -127,7 +123,7 @@ Encrypted DNS proxy software provides a local proxy for the [unencrypted DNS](ad
![RethinkDNS logo](assets/img/android/rethinkdns.svg#only-light){ align=right }
![RethinkDNS logo](assets/img/android/rethinkdns-dark.svg#only-dark){ align=right }
**RethinkDNS** is an open-source Android client that supports [DoH](advanced/dns-overview.md#dns-over-https-doh), [DoT](advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
**RethinkDNS** is an open-source Android client that supports [DoH](../../../wiki/advanced/dns-overview.md#dns-over-https-doh), [DoT](../../../wiki/advanced/dns-overview.md#dns-over-tls-dot), [DNSCrypt](../../../wiki/advanced/dns-overview.md#dnscrypt) and DNS Proxy. It also provides additional functionality such as caching DNS responses, locally logging DNS queries, and using the app as a firewall.
[:octicons-home-16: Homepage](https://rethinkdns.com){ .md-button .md-button--primary }
[:octicons-eye-16:](https://rethinkdns.com/privacy){ .card-link title="Privacy Policy" }
@@ -152,7 +148,7 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
![DNSCrypt-Proxy logo](assets/img/dns/dnscrypt-proxy.svg){ align=right }
**DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](advanced/dns-overview.md#dnscrypt), [DoH](advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
**DNSCrypt-Proxy** is a DNS proxy with support for [DNSCrypt](../../../wiki/advanced/dns-overview.md#dnscrypt), [DoH](../../../wiki/advanced/dns-overview.md#dns-over-https-doh), and [Anonymized DNS](https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Anonymized-DNS).
[:octicons-repo-16: Repository](https://github.com/DNSCrypt/dnscrypt-proxy#readme){ .md-button .md-button--primary }
[:octicons-info-16:](https://github.com/DNSCrypt/dnscrypt-proxy/wiki){ .card-link title="Documentation" }
@@ -173,19 +169,19 @@ While RethinkDNS takes up the Android VPN slot, you can still use a VPN or Orbot
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
The anonymized DNS feature does [not](advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
The anonymized DNS feature does [not](../../../wiki/advanced/dns-overview.md#why-shouldnt-i-use-encrypted-dns) anonymize other network traffic.
</div>
## Criteria
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](../../../about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
All DNS products...
- Must support [DNSSEC](advanced/dns-overview.md#what-is-dnssec).
- Must support [QNAME Minimization](advanced/dns-overview.md#what-is-qname-minimization).
- Must anonymize [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
- Must support [DNSSEC](../../../wiki/advanced/dns-overview.md#what-is-dnssec).
- Must support [QNAME Minimization](../../../wiki/advanced/dns-overview.md#what-is-qname-minimization).
- Must anonymize [ECS](../../../wiki/advanced/dns-overview.md#what-is-edns-client-subnet-ecs) or disable it by default.
Additionally, all public providers...
content/tools/services/email-aliasing/_index.md
+2 -4
View File
@@ -1,13 +1,11 @@
---
title: "Email Aliasing"
icon: material/email-lock
description: An email aliasing service allows you to easily generate a new email address for every website you register for.
cover: email-aliasing.webp
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green }
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats.md#limiting-public-information)
An **email aliasing service** allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your [email provider](email.md).
content/tools/services/email/_index.md
+19 -24
View File
@@ -1,19 +1,14 @@
---
meta_title: "Encrypted Private Email Recommendations - Privacy Guides"
title: Email Services
icon: material/email
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
cover: email.webp
global:
- [randomize-element, "table tbody"]
---
<small>Protects against the following threat(s):</small>
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
Email is practically a necessity for using any online service, however we do not recommend it for person-to-person conversations. Rather than using email to contact other people, consider using an instant messaging medium that supports forward secrecy.
[Recommended Instant Messengers](real-time-communication.md){ .md-button }
[Recommended Instant Messengers](../messengers/_index.md){ .md-button }
## Recommended Providers
@@ -25,13 +20,13 @@ For everything else, we recommend a variety of email providers based on sustaina
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero via third party <br>Cash via third party |
In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](../email-aliasing/_index.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
- [More Information :material-arrow-right-drop-circle:](email-aliasing.md)
- [More Information :material-arrow-right-drop-circle:](../email-aliasing/_index.md)
## OpenPGP Compatible Services
These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](../../../wiki/basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
<div class="grid cards" markdown>
@@ -43,11 +38,11 @@ These providers natively support OpenPGP encryption/decryption and the [Web Key
<div class="admonition warning" markdown>
<p class="admonition-title">Warning</p>
When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](basics/email-security.md#email-metadata-overview).
When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about [email metadata](../../../wiki/basics/email-security.md#email-metadata-overview).
OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed.
- [How do I protect my private keys?](basics/email-security.md#how-do-i-protect-my-private-keys)
- [How do I protect my private keys?](../../../wiki/basics/email-security.md#how-do-i-protect-my-private-keys)
</div>
@@ -82,7 +77,7 @@ The Proton Free plan comes with 500 MB of Mail storage, which you can increase u
</div>
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) such as Thunderbird. Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](email-aliasing.md#simplelogin) Premium.
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](../../software/email-clients/_index.md) such as Thunderbird. Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](../email-aliasing/_index.md#simplelogin) Premium.
A [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) was provided for Proton Mail's apps in November 2021 by [Securitum](https://research.securitum.com).
@@ -108,7 +103,7 @@ Paid Proton Mail subscribers can use their own domain with the service or a [cat
#### :material-check:{ .pg-green } Private Payment Methods
Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](cryptocurrency.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](../../../wiki/advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](../cryptocurrency/_index.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
#### :material-check:{ .pg-green } Account Security
@@ -124,7 +119,7 @@ Certain information stored in [Proton Contacts](https://proton.me/support/proton
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. Proton also supports automatic external key discovery with WKD. This means that emails sent to other providers which use WKD will be automatically encrypted with OpenPGP as well, without the need to manually exchange public PGP keys with your contacts. They also allow you to [encrypt messages to non-Proton Mail addresses without OpenPGP](https://proton.me/support/password-protected-emails), without the need for them to sign up for a Proton Mail account.
Proton Mail also publishes the public keys of Proton accounts via HTTP from their WKD. This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like `@proton.me`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
Proton Mail also publishes the public keys of Proton accounts via HTTP from their WKD. This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like `@proton.me`. If you use a custom domain, you must [configure WKD](../../../wiki/basics/email-security.md#what-is-the-web-key-directory-standard) separately.
#### :material-information-outline:{ .pg-blue } Account Termination
@@ -158,7 +153,7 @@ Accounts start with up to 2 GB storage, which can be upgraded as needed.
</div>
#### :material-check:{ .pg-green } Custom Domains and Aliases
z
Mailbox Mail lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/use-your-own-domain-with-catch-all/) addresses. Mailbox Mail also supports [sub-addressing](https://kb.mailbox.org/en/private/e-mail/what-is-an-alias-and-how-do-i-use-it/), which is useful if you don't want to purchase a domain.
#### :material-check:{ .pg-green } Private Payment Methods
@@ -167,19 +162,19 @@ Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment pr
#### :material-check:{ .pg-green } Account Security
Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/security-and-privacy/how-to-use-two-factor-authentication-2fa/) for their webmail only. You can use either TOTP or a [YubiKey](security-keys.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/security-and-privacy/how-to-use-two-factor-authentication-2fa/) for their webmail only. You can use either TOTP or a [YubiKey](../../hardware/security-keys/_index.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
#### :material-information-outline:{ .pg-blue } Data Security
Mailbox Mail allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/encryption/your-encrypted-mailbox/). New messages that you receive will then be immediately encrypted with your public key.
However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/business/security-privacy-article/encryption-of-calendar-and-address-book/) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/business/security-privacy-article/encryption-of-calendar-and-address-book/) the encryption of your address book and calendar. A [standalone option](../../software/calendar/_index.md) may be more appropriate for that data.
#### :material-check:{ .pg-green } Email Encryption
Mailbox Mail has [integrated encryption](https://kb.mailbox.org/en/private/encryption/how-can-e-mails-be-encrypted-with-pgp/) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/encryption/my-recipient-does-not-use-pgp/) on Mailbox Mail's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](../../../wiki/basics/email-security.md#what-is-the-web-key-directory-standard) separately.
#### :material-information-outline:{ .pg-blue } Account Termination
@@ -235,7 +230,7 @@ Free accounts start with 1 GB of storage.
</div>
Tuta doesn't support the [IMAP protocol](https://tuta.com/support#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
Tuta doesn't support the [IMAP protocol](https://tuta.com/support#imap) or the use of third-party [email clients](../../software/email-clients/_index.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tuta app. [Email import](https://github.com/tutao/tutanota/issues/630) is not currently supported either, though this is [due to be changed](https://tuta.com/blog/kickoff-import). Emails can be exported [individually or by bulk selection](https://tuta.com/support#generalMail) per folder, which may be inconvenient if you have many folders.
#### :material-check:{ .pg-green } Custom Domains and Aliases
@@ -243,7 +238,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
#### :material-information-outline:{ .pg-blue } Private Payment Methods
Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](cryptocurrency.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](../cryptocurrency/_index.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
#### :material-check:{ .pg-green } Account Security
@@ -304,7 +299,7 @@ We prefer our recommended providers to collect as little data as possible.
**Best Case:**
- Should accept [anonymous payment options](advanced/payments.md) ([cryptocurrency](cryptocurrency.md), cash, gift cards, etc.)
- Should accept [anonymous payment options](../../../wiki/advanced/payments.md) ([cryptocurrency](../cryptocurrency/_index.md), cash, gift cards, etc.)
- Should be hosted in a jurisdiction with strong email privacy protection laws.
### Security
@@ -313,7 +308,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Minimum to Qualify:**
- Protection of webmail with 2FA, such as [TOTP](basics/multi-factor-authentication.md#time-based-one-time-password-totp).
- Protection of webmail with 2FA, such as [TOTP](../../../wiki/basics/multi-factor-authentication.md#time-based-one-time-password-totp).
- Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
- [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) support.
- No TLS errors or vulnerabilities when being profiled by tools such as [Hardenize](https://hardenize.com), [testssl.sh](https://testssl.sh), or [Qualys SSL Labs](https://ssllabs.com/ssltest); this includes certificate related errors and weak DH parameters, such as those that led to [Logjam](https://en.wikipedia.org/wiki/Logjam_(computer_security)).
@@ -331,7 +326,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
**Best Case:**
- Should support hardware authentication, i.e. U2F and [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online).
- Should support hardware authentication, i.e. U2F and [WebAuthn](../../../wiki/basics/multi-factor-authentication.md#fido-fast-identity-online).
- [DNS Certification Authority Authorization (CAA) Resource Record](https://tools.ietf.org/html/rfc6844) in addition to DANE support.
- Should implement [Authenticated Received Chain (ARC)](https://en.wikipedia.org/wiki/Authenticated_Received_Chain), which is useful for people who post to mailing lists [RFC8617](https://tools.ietf.org/html/rfc8617).
- Published security audits from a reputable, third-party firm.
content/tools/services/financial-services/_index.md
+4 -6
View File
@@ -1,22 +1,20 @@
---
title: Financial Services
icon: material/bank
cover: financial-services.webp
description: These services can assist you in protecting your privacy from merchants and other trackers, which is one of the biggest challenges to privacy today.
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
Making payments online is one of the biggest challenges to privacy. These services can assist you in protecting your privacy from merchants and other trackers, provided you have a strong understanding of how to make private payments effectively. We strongly encourage you first read our payments overview article before making any purchases:
[Making Private Payments :material-arrow-right-drop-circle:](advanced/payments.md){ .md-button }
[Making Private Payments :material-arrow-right-drop-circle:](../../../wiki/advanced/payments.md){ .md-button }
## Payment Masking Services
<small>Protects against the following threat(s):</small>
- [:material-account-search: Public Exposure](basics/common-threats.md#limiting-public-information){ .pg-green }
[{{< badge content="Public Exposure" color="green" >}}](../../../wiki/basics/common-threats.md#limiting-public-information)
There are a number of services which provide "virtual debit cards" which you can use with online merchants without revealing your actual banking or billing information in most cases. It's important to note that these financial services are **not** anonymous and are subject to "Know Your Customer" (KYC) laws and may require your ID or other identifying information. These services are primarily useful for protecting you from merchant data breaches, less sophisticated tracking or purchase correlation by marketing agencies, and online data theft; and **not** for making a purchase completely anonymously.
@@ -76,7 +74,7 @@ MySudo's virtual cards are currently only available via their iOS app.
<small>Protects against the following threat(s):</small>
- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue }
[{{< badge content="Mass Surveillance" color="blue" >}}](../../../wiki/basics/common-threats.md#mass-surveillance-programs)
These services allow you to purchase gift cards for a variety of merchants online with [cryptocurrency](cryptocurrency.md). Some of these services offer ID verification options for higher limits, but they also allow accounts with just an email address. Basic limits typically start at $5,000-10,000 a day for basic accounts, with significantly higher limits for ID verified accounts (if offered).
content/tools/services/messengers/_index.md
+9 -11
View File
@@ -1,17 +1,15 @@
---
title: Instant Messengers
icon: material/chat-processing
description: Encrypted messengers like Signal and SimpleX keep your sensitive communications secure from prying eyes.
cover: real-time-communication.webp
---
<small>Protects against the following threat(s):</small>
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
- [:material-eye-outline: Mass Surveillance](basics/common-threats.md#mass-surveillance-programs){ .pg-blue }
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
[{{< badge content="Mass Surveillance" color="blue" >}}](../../../wiki/basics/common-threats.md#mass-surveillance-programs)
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](advanced/communication-network-types.md).
These recommendations for encrypted **real-time communication** are great for securing your sensitive communications. These instant messengers come in the form of many [types of communication networks](../../../wiki/advanced/communication-network-types.md).
[:material-movie-open-play-outline: Video: It's time to stop using SMS](https://www.privacyguides.org/videos/2025/01/24/its-time-to-stop-using-sms-heres-why){ .md-button }
@@ -66,7 +64,7 @@ The protocol was independently [audited](https://eprint.iacr.org/2016/1013.pdf)
### Molly (Android)
If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
If you use Android and your threat model requires protecting against [:material-target-account: Targeted Attacks](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } you may consider using this alternative app, which features a number of security and usability improvements, to access the Signal network.
<div class="admonition recommendation" markdown>
@@ -105,7 +103,7 @@ Both versions of Molly provide the same security improvements and support [repro
![SimpleX Chat logo](assets/img/messengers/simplex.svg){ align=right }
**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
**SimpleX Chat** is an instant messenger that doesn't depend on any unique identifiers such as phone numbers or usernames. Its decentralized network makes SimpleX Chat an effective tool against [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
[:octicons-home-16: Homepage](https://simplex.chat){ .md-button .md-button--primary }
[:octicons-eye-16:](https://simplex.chat/privacy){ .card-link title="Privacy Policy" }
@@ -141,7 +139,7 @@ SimpleX Chat was independently audited in [July 2024](https://simplex.chat/blog/
![Briar logo](assets/img/messengers/briar.svg){ align=right }
**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](alternative-networks.md#tor), making it an effective tool at circumventing [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briars local mesh mode can be useful when internet availability is a problem.
**Briar** is an encrypted instant messenger that [connects](https://briarproject.org/how-it-works) to other clients using the [Tor network](alternative-networks.md#tor), making it an effective tool at circumventing [:material-close-outline: Censorship](../../../wiki/basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }. Briar can also connect via Wi-Fi or Bluetooth when in local proximity. Briars local mesh mode can be useful when internet availability is a problem.
[:octicons-home-16: Homepage](https://briarproject.org){ .md-button .md-button--primary }
[:octicons-eye-16:](https://briarproject.org/privacy-policy){ .card-link title="Privacy Policy" }
@@ -186,7 +184,7 @@ Our best-case criteria represents what we would like to see from the perfect pro
- Should support future secrecy (post-compromise security)[^2]
- Should have open-source servers.
- Should use a decentralized network, i.e. [federated or P2P](advanced/communication-network-types.md).
- Should use a decentralized network, i.e. [federated or P2P](../../../wiki/advanced/communication-network-types.md).
- Should use E2EE for all messages by default.
- Should support Linux, macOS, Windows, Android, and iOS.
content/tools/services/passwords/_index.md
+4 -121
View File
@@ -1,133 +1,16 @@
---
meta_title: "The Best Password Managers to Protect Your Privacy and Security - Privacy Guides"
title: Password Managers
icon: material/form-textbox-password
description: Password managers allow you to securely store and manage passwords and other credentials.
cover: passwords.webp
schema:
-
"@context": http://schema.org
"@type": WebPage
name: Password Manager Recommendations
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Bitwarden
image: /assets/img/password-management/bitwarden.svg
url: https://bitwarden.com
sameAs: https://en.wikipedia.org/wiki/Bitwarden
applicationCategory: Password Manager
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: 1Password
image: /assets/img/password-management/1password.svg
url: https://1password.com
sameAs: https://en.wikipedia.org/wiki/1Password
applicationCategory: Password Manager
operatingSystem:
- Windows
- macOS
- Linux
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Proton Pass
image: /assets/img/password-management/protonpass.svg
url: https://proton.me/pass
applicationCategory: Password Manager
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Psono
image: /assets/img/password-management/psono.svg
url: https://psono.com
applicationCategory: Password Manager
operatingSystem:
- Android
- iOS
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassXC
image: /assets/img/password-management/keepassxc.svg
url: https://keepassxc.org
sameAs: https://en.wikipedia.org/wiki/KeePassXC
applicationCategory: Password Manager
operatingSystem:
- Windows
- macOS
- Linux
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: KeePassDX
image: /assets/img/password-management/keepassdx.svg
url: https://keepassdx.com
applicationCategory: Password Manager
operatingSystem: Android
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
-
"@context": http://schema.org
"@type": SoftwareApplication
name: Gopass
image: /assets/img/password-management/gopass.svg
url: https://gopass.pw
applicationCategory: Password Manager
operatingSystem:
- Windows
- macOS
- Linux
- FreeBSD
subjectOf:
"@context": http://schema.org
"@type": WebPage
url: "./"
---
<small>Protects against the following threat(s):</small>
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
[{{< badge content="Targeted Attacks" color="red" >}}](../../../wiki/basics/common-threats.md#attacks-against-specific-individuals)
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
**Password managers** allow you to securely store and manage passwords and other credentials with the use of a master password.
[Introduction to Passwords :material-arrow-right-drop-circle:](basics/passwords-overview.md)
[Introduction to Passwords :material-arrow-right-drop-circle:](../../../wiki/basics/passwords-overview.md)
<div class="admonition info" markdown>
<p class="admonition-title">Info</p>
content/tools/services/photo-backups/_index.md
+2 -4
View File
@@ -1,13 +1,11 @@
---
title: Photo Management
icon: material/image
description: These photo management tools keep your personal photos safe from the prying eyes of cloud storage providers and other unauthorized parties.
cover: photo-management.webp
---
<small>Protects against the following threat(s):</small>
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
[{{< badge content="Passive Attacks" color="amber" >}}](../../../wiki/basics/common-threats.md#security-and-privacy)
[{{< badge content="Service Providers" color="indigo" >}}](../../../wiki/basics/common-threats.md#privacy-from-service-providers)
Most cloud **photo management solutions** like Google Photos, Flickr, and Amazon Photos don't secure your photos against being accessed by the cloud storage provider themselves. These options keep your personal photos private, while allowing you to share them only with family and trusted people.
content/tools/services/search-engines/_index.md
+1 -6
View File
@@ -1,15 +1,10 @@
---
meta_title: "Recommended Search Engines: Anonymous Alternatives to Google - Privacy Guides"
title: Search Engines
icon: material/search-web
description: Use privacy-respecting search engines which don't build an advertising profile based on your searches.
cover: search-engines.webp
global:
- [randomize-element, "table tbody"]
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
Use a **search engine** that doesn't build an advertising profile based on your searches.
content/tools/services/vpn/_index.md
+5 -11
View File
@@ -1,16 +1,10 @@
---
meta_title: "Private VPN Service Recommendations and Comparison, No Sponsors or Ads - Privacy Guides"
title: VPN Services
icon: material/vpn
description: The best VPN services for protecting your privacy and security online. Find a provider here that isn't out to spy on you.
cover: vpn.webp
global:
- [randomize-element, "table tbody"]
---
<small>Protects against the following threat(s):</small>
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
[{{< badge content="Surveillance Capitalism" color="purple" >}}](../../../wiki/basics/common-threats.md#surveillance-as-a-business-model)
If you're looking for additional *privacy* from your ISP, on a public Wi-Fi network, or while torrenting files, a **VPN** may be the solution for you.
@@ -21,11 +15,11 @@ Using a VPN will **not** keep your browsing habits anonymous, nor will it add ad
If you are looking for **anonymity**, you should use the Tor Browser. If you're looking for added **security**, you should always ensure you're connecting to websites using HTTPS. A VPN is not a replacement for good security practices.
[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](advanced/tor-overview.md){ .md-button }
[Introduction to the Tor Browser](tor.md#tor-browser){ .md-button .md-button--primary } [Tor Myths & FAQ](../../../wiki/advanced/tor-overview.md){ .md-button }
</div>
[Detailed VPN Overview :material-arrow-right-drop-circle:](basics/vpn-overview.md){ .md-button }
[Detailed VPN Overview :material-arrow-right-drop-circle:](../../../wiki/basics/vpn-overview.md){ .md-button }
## Recommended Providers
@@ -86,7 +80,7 @@ Proton VPN provides the source code for their desktop and mobile clients in thei
#### :material-check:{ .pg-green } Accepts Cash
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
Proton VPN, in addition to accepting credit/debit cards, PayPal, and [Bitcoin](../../../wiki/advanced/payments.md#other-coins-bitcoin-ethereum-etc), also accepts **cash/local currency** as an anonymous form of payment.
#### :material-check:{ .pg-green } WireGuard Support
@@ -330,7 +324,7 @@ We prefer our recommended providers to collect as little data as possible. Not c
**Best Case:**
- Accepts multiple [anonymous payment options](advanced/payments.md).
- Accepts multiple [anonymous payment options](../../../wiki/advanced/payments.md).
- No personal information accepted (auto-generated username, no email required, etc.).
### Security