privacyguides/privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

Merge branch 'master' into startpage

Browse Source
This commit is contained in:
Jonah Aragon
2020-04-28 19:37:36 -05:00
committed by GitHub
parent c17c2fe943 2741e3cdea
commit e92a879a31
91 changed files with 1256 additions and 885 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
_includes/sections/browser-addons.html
View File

@ -9,6 +9,7 @@ title="uBlock Origin: Block Ads and Trackers"
image="/assets/img/svg/3rd-party/ublock_origin.svg"
description="<strong>uBlock Origin</strong> is an efficient <a href=https://github.com/gorhill/uBlock/wiki/Blocking-mode>wide-spectrum blocker</a> that is easy on memory, and yet can load and enforce thousands more filters than other popular blockers out there. It has no monetization strategy and is completely open source."
website="https://addons.mozilla.org/firefox/addon/ublock-origin/"
privacy-policy="https://github.com/gorhill/uBlock/wiki/Privacy-policy"
forum="https://forum.privacytools.io/t/discussion-ublock-origin/266"
github="https://github.com/gorhill/uBlock/"
firefox="https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/"
@ -22,6 +23,7 @@ title="HTTPS Everywhere: Secure Connections"
image="/assets/img/svg/3rd-party/https_everywhere.svg"
description="<strong>HTTPS Everywhere</strong> enables encryption of your connections to many major websites, making your browsing more secure. It is a collaboration between The Tor Project and the Electronic Frontier Foundation."
website="https://www.eff.org/https-everywhere"
privacy-policy="https://www.eff.org/code/privacy/policy"
forum="https://forum.privacytools.io/t/discussion-https-everywhere/268"
github="https://github.com/EFForg/https-everywhere"
firefox="https://addons.mozilla.org/en-US/firefox/addon/https-everywhere"
@ -34,6 +36,7 @@ title="Decentraleyes: Block Content Delivery Networks"
image="/assets/img/svg/3rd-party/decentraleyes.svg"
description="<strong>Decentraleyes</strong> emulates Content Delivery Networks locally by intercepting requests, finding the required resource, and injecting it into the environment. This all happens instantaneously, automatically, and no prior configuration is required."
website="https://decentraleyes.org/"
privacy-policy="https://decentraleyes.org/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-decentraleyes/269"
gitlab="https://git.synz.io/Synzvato/decentraleyes"
firefox="https://addons.mozilla.org/en-US/firefox/addon/decentraleyes"
@ -57,6 +60,7 @@ title="Terms of Service; Didnt Read: Be Informed"
image="/assets/img/svg/3rd-party/terms_of_service_didnt_read.svg"
description='<strong>Terms of Service; Didnt Read</strong> is an addon that believes "I have read and agree to the Terms of Service" is the biggest lie on the web, and wants to fix it by grading websites based on their terms of service agreements and privacy policies. It also gives short summaries of those agreements. The analysis and ratings are published transparently by a community of reviewers.'
website="https://tosdr.org/"
privacy-policy="https://addons.mozilla.org/en-US/firefox/addon/terms-of-service-didnt-read/privacy/"
forum="https://forum.privacytools.io/t/discussion-terms-of-service-didn-t-read/270"
github="https://github.com/tosdr/"
firefox="https://addons.mozilla.org/en-US/firefox/addon/terms-of-service-didnt-read/"
@ -67,7 +71,7 @@ opera="https://addons.opera.com/en/extensions/details/terms-of-service-didnt-rea
{% include cardv2.html
title="Snowflake"
image="/assets/img/svg/3rd-party/snowflake.svg"
description="<strong>Snowflake</strong> is a new <a href=https://2019.www.torproject.org/docs/pluggable-transports.html.en>pluggable transport</a> from the Tor Project. If you have an uncensored connection, running this extension volunteers your connection to be used as a Snowflake proxy to help users unable to connect to the Tor network. Your IP will not be visible to the sites users visit using your proxy, as this extension will not make you an exit node. If your access to the Tor network is blocked, this extension will not assist you, and you should use the <a href=https://www.torproject.org>Tor Browser</a> instead."
description="<strong>Snowflake</strong> is a new <a href=https://2019.www.torproject.org/docs/pluggable-transports.html.en>pluggable transport</a> from the Tor Project. If you have an uncensored connection, running this extension volunteers your connection to be used as a Snowflake proxy to help users unable to connect to the Tor network. Your IP will not be visible to the sites users visit using your proxy, as this extension will not make you an exit node. If your access to the Tor network is blocked, this extension will not assist you, and you should use the <a href=https://www.torproject.org>Tor Browser</a> instead. <b>Note:</b> This add-on does not work with WebRTC disabled."
website="https://snowflake.torproject.org"
forum="https://forum.privacytools.io/t/discussion-snowflake/1146"
git="https://gitweb.torproject.org/pluggable-transports/snowflake.git"
@ -80,6 +84,7 @@ title="Privacy Badger: Stop Tracking"
image="/assets/img/svg/3rd-party/privacy_badger.svg"
description="<strong>Privacy Badger</strong> is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. Privacy Badger learns about trackers as you browse."
website="https://www.eff.org/privacybadger"
privacy-policy="https://www.eff.org/code/privacy/policy"
forum="https://forum.privacytools.io/t/discussion-privacy-badger/265"
github="https://github.com/EFForg/privacybadger"
firefox="https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17"
@ -98,6 +103,7 @@ title="uMatrix: Stop Cross-Site Requests"
image="/assets/img/png/3rd-party/umatrix.png"
description="<strong>uMatrix</strong> gives you control over the requests that websites make to other websites. Many websites integrate features which let other websites track you, such as Facebook Like Buttons or Google Analytics."
website="https://addons.mozilla.org/firefox/addon/umatrix/"
privacy-policy="https://github.com/gorhill/uMatrix/wiki/Privacy-policy"
forum="https://forum.privacytools.io/t/discussion-umatrix/271"
github="https://github.com/gorhill/uMatrix"
firefox="https://addons.mozilla.org/en-US/firefox/addon/umatrix"
@ -109,7 +115,8 @@ opera="https://addons.opera.com/en/extensions/details/umatrix"
title="NoScript Security Suite: Be in total control"
image="/assets/img/svg/3rd-party/noscript.svg"
description="<strong>NoScript</strong> is a highly customizable plugin to selectively allow JavaScript, Java, and Flash to run only on websites you trust. Not for casual users, it requires technical knowledge to configure."
website="https://addons.mozilla.org/firefox/addon/noscript/"
website="https://noscript.net/"
privacy-policy="https://addons.mozilla.org/en-US/firefox/addon/noscript/privacy/"
forum="https://forum.privacytools.io/t/discussion-noscript-security-suite/272"
github="https://github.com/hackademix/noscript"
firefox="https://addons.mozilla.org/en-US/firefox/addon/noscript"

9
_includes/sections/browser-recommendation.html
View File

@ -9,6 +9,7 @@ image="/assets/img/svg/3rd-party/firefox_browser.svg"
description='Firefox is fast, reliable, open-source, and respects your privacy. Don\'t forget to adjust the settings according to our
recommendations: <a href="#addons"><i class="fas fa-link"></i> Privacy Add-ons</a> <a href="#webrtc"><i class="fas fa-link"></i> WebRTC</a> <a href="#about_config"><i class="fas fa-link"></i> about:config tweaks</a>.'
website="https://firefox.com"
privacy-policy="https://www.mozilla.org/en-US/privacy/firefox/"
forum="https://forum.privacytools.io/t/discussion-firefox/279"
source="https://hg.mozilla.org/mozilla-central/"
windows="https://www.mozilla.org/firefox/windows/"
@ -24,6 +25,7 @@ title="Tor Browser - Provides Anonymity"
image="/assets/img/svg/3rd-party/tor_browser.svg"
description='Tor Browser is your choice if you need an extra layer of anonymity. It\'s a modified version of Firefox ESR, which comes with pre-installed privacy add-ons, encryption, and an advanced proxy. <a href="https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-1-myth-busting-tor">How does Tor work?</a>'
website="https://www.torproject.org/"
privacy-policy="https://support.torproject.org/tbb/tbb-3/"
tor="http://expyuzz4wqqyqhjn.onion/"
forum="https://forum.privacytools.io/t/discussion-tor-browser/278"
git="https://trac.torproject.org/projects/tor"
@ -43,6 +45,7 @@ image="/assets/img/svg/3rd-party/firefox_browser.svg"
description='Firefox is fast, reliable, open-source, and respects your privacy. Don\'t forget to adjust the settings according to our
recommendations: <a href="#addons"><i class="fas fa-link"></i> Privacy Add-ons</a> <a href="#webrtc"><i class="fas fa-link"></i> WebRTC</a> <a href="#about_config"><i class="fas fa-link"></i> about:config tweaks</a>.'
website="https://www.mozilla.org/en-US/firefox/mobile/"
privacy-policy="https://www.mozilla.org/en-US/privacy/firefox/"
forum="https://forum.privacytools.io/t/discussion-firefox/279"
source="https://github.com/mozilla-mobile"
fdroid="https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/"
@ -55,6 +58,7 @@ title="Tor Browser - Provides Anonymity"
image="/assets/img/svg/3rd-party/tor_browser.svg"
description='Tor Browser is your choice if you need an extra layer of anonymity. It\'s a modified version of Firefox ESR, which comes with pre-installed privacy add-ons, encryption and an advanced proxy. <a href="https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-1-myth-busting-tor">How does Tor work?</a>'
website="https://www.torproject.org/"
privacy-policy="https://support.torproject.org/tbb/tbb-3/"
tor="http://expyuzz4wqqyqhjn.onion/"
forum="https://forum.privacytools.io/t/discussion-tor-browser-for-android-browsers/1522"
git="https://gitweb.torproject.org/tor-browser.git/"
@ -66,7 +70,7 @@ googleplay="https://play.google.com/store/apps/details?id=org.torproject.torbrow
{% include cardv2.html
title="Bromite"
image="/assets/img/svg/3rd-party/bromite.svg"
description='Bromite is a Chromium-based browser with security enhancement patches from GrapheneOS and other security-focused projects, built-in adblocking, and DNS over HTTPS support. More info can be found <a href="https://www.bromite.org/#main-features">on their website</a>.'
description='Bromite is a Chromium-based browser with privacy and security enhancements, built-in adblocking and DNS over HTTPS support; it includes patches from ungoogled-chromium and other privacy-focused projects. More info can be found <a href="https://www.bromite.org/#main-features">on the official website</a>.'
website="https://www.bromite.org/"
forum="https://forum.privacytools.io/t/discussion-bromite-browsers/1521"
github="https://github.com/bromite/bromite"
@ -97,6 +101,7 @@ title="Firefox"
image="/assets/img/svg/3rd-party/firefox_browser.svg"
description='Firefox is fast, reliable, open-source, and respects your privacy. Note: Because of limitations set by Apple in iOS, our recommended tweaks cannot be applied. However, Firefox for iOS has an <a href="https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-ios">Enhanced Tracking Protection</a> feature that uses a list provided by <a href="https://disconnect.me/trackerprotection">Disconnect</a> to identify and block ad, social, and analytics trackers, as well as cryptominers and fingerprinters.'
website="https://www.mozilla.org/en-US/firefox/mobile/"
privacy-policy="https://www.mozilla.org/en-US/privacy/firefox/"
forum="https://forum.privacytools.io/t/discussion-firefox/279"
source="https://github.com/mozilla-mobile/firefox-ios"
ios="https://apps.apple.com/us/app/firefox-private-safe-browser/id989804926"
@ -108,6 +113,7 @@ title="Onion Browser"
image="/assets/img/svg/3rd-party/onion_browser.svg"
description='Onion Browser is an open-source browser that lets you browse the web anonymously over the Tor network on iOS devices and is endorsed by the Tor Project. Warning: there are certain anonymity-related <a href="https://onionbrowser.com/#security-advisories">issues</a> with Onion Browser due to iOS limitations.'
website="https://onionbrowser.com/"
privacy-policy="https://onionbrowser.com/privacy-policy"
forum="https://forum.privacytools.io/t/discussion-onion-browser-browsers/1523"
github="https://github.com/OnionBrowser/OnionBrowser"
ios="https://apps.apple.com/us/app/onion-browser/id519296448"
@ -119,6 +125,7 @@ title="DuckDuckGo Privacy Browser"
image="/assets/img/svg/3rd-party/duckduckgo.svg"
description='DuckDuckGo Privacy Browser is an open-source web browser that has built-in ad and tracker blocking and utilizes <a href="https://tosdr.org/">ToS;DR</a> to rate the privacy policies of the sites you visit.'
website="https://duckduckgo.com/app"
privacy-policy="https://duckduckgo.com/privacy"
tor="https://3g2upl4pq6kufc4m.onion/app"
forum="https://forum.privacytools.io/t/discussion-duckduckgo-privacy-browser-browsers/1524"
github="https://github.com/duckduckgo/iOS"

31
_includes/sections/browser-tweaks.html
View File

@ -6,7 +6,7 @@
<ol>
<li>Enter "about:config" in the firefox address bar and press enter.</li>
<li>Press the button "I'll be careful, I promise!"</li>
<li>Press the button "Accept the Risk and Continue" [FF71+] or "I accept the risk".</li>
<li>Follow the instructions below...</li>
</ol>
@ -26,14 +26,11 @@
<dd>[FF67+] Blocks CryptoMining</dd>
<dt>privacy.trackingprotection.enabled = true</dt>
<dd>This is Mozilla's new built-in tracking protection. It uses Disconnect.me filter list, which is redundant if you are already using uBlock Origin 3rd party filters, therefore you should set it to false if you are using the add-on functionalities.</dd>
<dd>This is Mozilla's new built-in tracking protection. One of it's benefits is blocking tracking (i.e. Google Analytics) on <a href="https://github.com/gorhill/uMatrix/wiki/Privileged-Pages">privileged pages</a> where add-ons that usually do that are disabled.</dd>
<dt>browser.send_pings = false</dt>
<dd>The attribute would be useful for letting websites track visitors' clicks.</dd>
<dt>browser.sessionstore.max_tabs_undo = 0</dt>
<dd>Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -&gt; History -&gt; Recently Closed Tabs.</dd>
<dt>browser.urlbar.speculativeConnect.enabled = false</dt>
<dd>Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. <a href="https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/">Source</a></dd>
@ -85,9 +82,6 @@
</ul>
</dd>
<dt>Looking for TRR, DoH or ESNI?</dt>
<dd>They have moved to <a href="/providers/dns/#icanndns">our DNS page</a>.</dd>
<dt>webgl.disabled = true</dt>
<dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>
@ -101,14 +95,32 @@
</ul>
</dd>
<dt>beacon.enabled = false</dt>
<dd>Disables sending additional analytics to web servers. <a href="https://developer.mozilla.org/en-US/docs/Web/API/Navigator/sendBeacon">Details</a></dd>
<dt>browser.safebrowsing.downloads.remote.enabled = false</dt>
<dd>Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. <a href="https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-are-enabled">Details</a></dd>
<dt>Disable Firefox prefetching pages it thinks you will visit next:</dt>
<dd>
Prefetching causes cookies from the prefetched site to be loaded and other potentially unwanted behavior. Details <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ">here</a> and <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control">here</a>.
<ul>
<li>network.dns.disablePrefetch = true</li>
<li>network.dns.disablePrefetchFromHTTPS = true</li>
<li>network.predictor.enabled = false</li>
<li>network.predictor.enable-prefetch = false</li>
<li>network.prefetch-next = false</li>
</dd>
<dt>network.IDN_show_punycode = true</dt>
<dd>Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. <a href="https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/#more-42636">Source</a></dd>
<dt>Looking for TRR, DoH or ESNI?</dt>
<dd>They have moved to <a href="/providers/dns/#dns">our DNS page</a>.</dd>
<h3 id="user.js">Firefox user.js Templates</h3>
<ul>
<li><a href="https://github.com/ghacksuserjs/ghacks-user.js">ghacks-user.js</a> - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
<li><a href="https://github.com/ghacksuserjs/ghacks-user.js">ghacks-user.js</a> - An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.</li>
</ul>
@ -117,7 +129,6 @@
<ul>
<li><a href="https://blog.privacytools.io/firefox-privacy-an-introduction-to-safe/">Firefox Privacy: Tips and Tricks for Better Browsing</a> - A good starting guide for users looking to keep their data private and secure.</li>
<li><a href="https://ffprofile.com/">ffprofile.com</a> - Helps you to create a Firefox profile with the defaults you like.</li>
<li><a href="http://kb.mozillazine.org/Category:Security_and_privacy-related_preferences">mozillazine.org</a> - Security and privacy-related preferences. </li>
<li><a href="https://addons.mozilla.org/firefox/addon/privacy-settings/">Privacy Settings</a> - A Firefox add-on to alter built-in privacy settings easily with a toolbar panel.</li>
<li><a href="https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies/">Firefox Privacy Guide For Dummies</a> - Guide on ways (already discussed and others) to improve your privacy and safety on Firefox.</li>
</ul>

17
_includes/sections/browser-webrtc.html
View File

@ -4,7 +4,7 @@
<strong>WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN.</strong>
</div>
<p>While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe.</p>
<p>While software like NoScript prevents this, it's probably a good idea to block this protocol directly as well, just to be safe. <b>Note:</b> This disables browser-based call functionality that is used for webapps like Discord, Hangouts, Jitsi, etc.</p>
<p>
<a class="btn btn-warning" target="_blank" rel="noopener noreferrer" href="https://ipleak.net">Test your Browser now</a>
@ -38,10 +38,21 @@
<a class="btn btn-primary" target="_blank" rel="noopener noreferrer" href="https://ipleak.net">Test your Browser again</a>
</p>
<h3>How to fix the WebRTC Leak in Google Chrome?</h3>
<h3>How to disable WebRTC in Safari?</h3>
<p>Safari is far stricter with WebRTC than other major browsers, and it does not leak your IP address in its default configuration. If you'd like, you can follow these steps just to double-check your browser:</p>
<ol class="long-string-list">
<li>Choose "Preferences" under the Safari menu in your menu bar.</li>
<li>Select the Advanced tab and check the "Show Develop menu in menu bar" box.</li>
<li>Exit Preferences and open the Develop menu in your menu bar.</li>
<li>In the drop-down menu, open the "WebRTC" submenu and ensure "Enable Legacy WebRTC API" is unchecked. If it's grayed out, even better.</li>
</ol>
<h3>How to disable WebRTC in Google Chrome?</h3>
<p>WebRTC cannot be fully disabled in Chrome; however, it is possible to change its routing settings (and prevent leaks) using an extension. Two open-source solutions include <a href="https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml">WebRTC Leak Prevent</a> (options may need to be changed depending on the scenario), and <a href="https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm">uBlock Origin</a> (select "Prevent WebRTC from leaking local IP addresses" in Settings).</p>
<h3>What about other browsers?</h3>
<p>Chrome on iOS, Internet Explorer and Safari does not implement WebRTC yet. <a href="#browser"><i class="fas fa-link"></i> But we recommend using Firefox on all devices.</a></p>
<p>Chrome on macOS and Internet Explorer do not implement WebRTC yet. <a href="#browser"><i class="fas fa-link"></i> But we recommend using Firefox on all devices.</a></p>

2
_includes/sections/calendar-contacts-sync.html
View File

@ -10,6 +10,7 @@
image="/assets/img/svg/3rd-party/nextcloud.svg"
description="<strong>Nextcloud</strong> is a suite of client-server software for creating and using file hosting services. This includes calendar sync via CalDAV and contacts sync via CardDAV. Nextcloud is free and open-source, thereby allowing anyone to install and operate it without charge on a private server."
website="https://nextcloud.com/"
privacy-policy="https://nextcloud.com/privacy/"
forum="https://forum.privacytools.io/t/discussion-nextcloud-calender-contacts-sync-tools/1535"
github="https://github.com/nextcloud"
windows="https://nextcloud.com/install/"
@ -28,6 +29,7 @@
image="/assets/img/svg/3rd-party/etesync.svg"
description="<strong>EteSync</strong> is a secure, end-to-end encrypted, and privacy-respecting cloud backup and synchronization software for your personal information (e.g. contacts and calendars). There are native clients for Android, iOS, and the web, and an adapter layer for most desktop clients. It costs $24 per year to use, or you can host the server yourself for free."
website="https://www.etesync.com/"
privacy-policy="https://www.etesync.com/tos/#privacy"
forum="https://forum.privacytools.io/t/discussion-etesync-calender-contacts-sync-tools/1536"
github="https://github.com/etesync"
web="https://client.etesync.com/"

32
_includes/sections/cloud-storage.html
View File

@ -5,21 +5,23 @@
</div>
{% include cardv2.html
title="Nextcloud - Choose your hoster"
image="/assets/img/svg/3rd-party/nextcloud.svg"
description="<strong>Nextcloud</strong> is a suite of client-server software for creating your own file hosting services on a private server you control. Nextcloud is free and open-source, and supports end-to-end encryption with many of its clients. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
website="https://nextcloud.com/"
forum="https://forum.privacytools.io/t/discussion-nextcloud/287"
github="https://github.com/nextcloud"
windows="https://nextcloud.com/install/#install-clients"
mac="https://nextcloud.com/install/#install-clients"
linux="https://nextcloud.com/install/#install-clients"
freebsd="https://www.freshports.org/www/nextcloud/"
openbsd="http://openports.se/www/nextcloud"
netbsd="http://pkgsrc.se/www/php-nextcloud"
ios="https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8"
fdroid="https://f-droid.org/packages/com.nextcloud.client/"
googleplay="https://play.google.com/store/apps/details?id=com.nextcloud.client"
title="Nextcloud - Choose your hoster"
image="/assets/img/svg/3rd-party/nextcloud.svg"
description="<strong>Nextcloud</strong> is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
labels="warning:<a href=//github.com/nextcloud/end_to_end_encryption/issues/111>Experimental E2EE</a>:Regarding E2EE their description states 'End-to-end encryption is still in alpha state, don't use this in production and only with test data!'."
website="https://nextcloud.com/"
privacy-policy="https://nextcloud.com/privacy/"
forum="https://forum.privacytools.io/t/discussion-nextcloud/287"
windows="https://nextcloud.com/install/#install-clients"
mac="https://nextcloud.com/install/#install-clients"
linux="https://nextcloud.com/install/#install-clients"
freebsd="https://www.freshports.org/www/nextcloud/"
openbsd="http://openports.se/www/nextcloud"
netbsd="http://pkgsrc.se/www/php-nextcloud"
fdroid="https://f-droid.org/packages/com.nextcloud.client/"
googleplay="https://play.google.com/store/apps/details?id=com.nextcloud.client"
ios="https://itunes.apple.com/us/app/nextcloud/id1125420102"
github="https://github.com/nextcloud"
%}

45
_includes/sections/dns.html
View File

@ -154,7 +154,7 @@
</td>
<td>Commercial</td>
<td><a data-toggle="tooltip" data-placement="bottom" data-original-title='"We will collect limited DNS query data that is sent to the resolvers. This data does not contain user IP addresses or any other personally identifiable information, and the bulk of the data is only stored for 24 hours."' href="https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/">Some</a></td>
<td>DoH, DoT, DNSCrypt</td>
<td>DoH, DoT</td>
<td>Yes</td>
<td>Yes</td>
<td>No</td>
@ -191,49 +191,6 @@
<td>Self</td>
</tr>
<tr>
<td data-value="dnswarden">
<a href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md">dnswarden</a>
</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span>
Germany
</span>
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://github.com/bhanupratapys/dnswarden/blob/master/README.md#privacy-policy-and-tc">
<span class="fas fa-globe"></span>
</a>
</td>
<td>Hobby Project</td>
<td>No</td>
<td data-value="dot/443">
<span class="no-text-wrap">
DoH,
<span data-toggle="tooltip" data-placement="bottom" data-original-title="Supports port 443 in addition to 853">
DoT <span class="fas fa-info-circle fa-sm text-secondary"></span>,
</span>
</span>
DNSCrypt
</td>
<td>Yes</td>
<td>Yes</td>
<td>
<span class="no-text-wrap">
Based on server choice
</span>
</td>
<td>?</td>
<td>
<span class="no-text-wrap">
<a href="https://www.hetzner.com/">Hetzner Online GmbH</a>
</span>
</td>
</tr>
<tr>
<td data-value="Foundation for Applied Privacy">
<a href="https://appliedprivacy.net/services/dns/">Foundation for Applied Privacy</a>

1
_includes/sections/email-clients.html
View File

@ -5,6 +5,7 @@ title="Thunderbird"
image="/assets/img/svg/3rd-party/thunderbird.svg"
description="Thunderbird is a free, open source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Twitter) client developed by the Thunderbird community, and previously by the Mozilla Foundation."
website="https://www.thunderbird.net/"
privacy-policy="https://www.mozilla.org/en-US/privacy/thunderbird/"
forum="https://forum.privacytools.io/t/discussion-thunderbird/659"
source="https://hg.mozilla.org/comm-central/"
windows="https://www.thunderbird.net/en-US/"

558
_includes/sections/email-providers.html
View File

@ -1,321 +1,273 @@
<h1 id="email" class="anchor"><a href="#email"><i class="fas fa-link anchor-icon"></i></a> Privacy-Conscious Email Providers - No Affiliates</h1>
<h1 id="email" class="anchor"><a href="#email"><i class="fas fa-link anchor-icon"></i></a> Recommended Email Services</h1>
<div class="alert alert-success" role="alert">
<strong>All providers listed here are operating outside the US and support <a data-toggle="tooltip" data-placement="bottom" data-original-title="When sending or receiving emails, if both the sending and receiving servers support TLS encryption, the email is sent between servers using an encrypted connection.">SMTP TLS.</a> The table is sortable.</strong>
<strong>Our recommended providers operate outside of the US, adopt modern email technology, and meet <a href="/providers/email/#criteria">our other criteria</a> for listing.</strong> We also have a <a href="https://wiki.privacytools.io/view/Comparison_of_email_providers#Provider_comparison">detailed comparison table</a> of the below providers on the wiki.
</div>
<div class="table-responsive">
<table class="table sortable-theme-bootstrap" data-sortable>
<thead>
<tr>
<th data-sorted="true" data-sorted-direction="ascending">Email Provider</th>
<th data-sortable="false">Website</th>
<th data-sortable="true">Since</th>
<th data-sortable="true">Jurisdiction</th>
<th data-sortable="true">Storage</th>
<th data-sortable="true">Yearly Price</th>
<th data-sortable="true">Bitcoin</th>
<th data-sortable="true">Encryption</th>
<th data-sortable="true">Own Domain</th>
</tr>
</thead>
<div class="container-fluid">
<tbody>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/protonmail.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="ProtonMail">
</div>
<div class="col">
<h2 id="protonmail" class="anchor"><a href="#protonmail"><i class="fas fa-link anchor-icon"></i></a> ProtonMail <span class="badge badge-info">Free</span></h2>
<p><strong><a href="https://protonmail.com">ProtonMail.com</a></strong> is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since <strong>2013</strong>. ProtonMail is based in Genève, <span class="flag-icon flag-icon-ch"></span> Switzerland. Accounts start with 500 MB storage with their free plan.</p>
<tr>
<td data-value="disroot">
<img
alt="Disroot"
src="/assets/img/svg/3rd-party/disroot.svg"
data-theme-src="/assets/img/svg/3rd-party/disroot-dark.svg"
width="200"
height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://disroot.org">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2015">2015</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-nl"></span> Netherlands
</span>
</td>
<td data-value="1000">1 GB</td>
<td data-value="0"><span class="label label-warning">Free</span></td>
<td data-value="1"><span class="label label-success">Accepted</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<p>Free accounts have some limitations and do not allow the use of the <a href="https://protonmail.com/bridge">ProtonMail Bridge</a>, which is required to use a <a href="/software/email">recommended email client</a> (e.g. Thunderbird) or to search email by body text. Paid accounts are available starting at <strong>€48/y</strong> which include features like ProtonMail Bridge, additional storage, custom domain support, and more. The webmail and mobile apps can only search <code>To:</code>, <code>From:</code>, <code>Date:</code> and <code>Subject:</code> (this is likely to change when <a href="https://reddit.com/comments/cqwk2a/comment/ex21b4e">v4.0</a> of ProtonMail is released).</p>
<tr>
<td data-value="kolabnow">
<img
alt="Kolab Now"
src="/assets/img/svg/3rd-party/kolab_now.svg"
data-theme-src="/assets/img/svg/3rd-party/kolab_now-dark.svg"
width="200"
height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://kolabnow.com">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2010">2010</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-ch"></span> Switzerland
</span>
</td>
<td data-value="2048">2 GB</td>
<td data-value="6000">$ 60</td>
<td data-value="1"><span class="label label-success">Accepted</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Paid ProtonMail users can use their own domain with the service. <a href="https://protonmail.com/support/knowledge-base/catch-all/">Catch-all</a> addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports <a href="https://protonmail.com/support/knowledge-base/creating-aliases/">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<tr>
<td data-value="mailbox">
<img alt="mailbox.org" src="/assets/img/svg/3rd-party/mailboxorg.svg" width="200" height="70">
<h5><span class="badge badge-success">Payment Methods</span></h5>
<p>ProtonMail accepts Bitcoin in addition to accepting credit/debit cards and PayPal.</p>
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://mailbox.org">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2014">2014</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span> Germany
</span>
</td>
<td data-value="2000">2 GB</td>
<td data-value="1444">12 €</td>
<td data-value="0"><span class="label label-success">No</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>ProtonMail supports <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> <a href="https://protonmail.com/support/knowledge-base/two-factor-authentication/">two factor authentication</a> only. The use of a <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key is not yet supported. ProtonMail is planning to implement U2F upon completion of their <a href="https://reddit.com/comments/cheoy6/comment/feh2lw0/">Single Sign On (SSO)</a> code.</p>
<tr>
<td data-value="mailfence">
<img
alt="Mailfence"
src="/assets/img/svg/3rd-party/mailfence.svg"
data-theme-src="/assets/img/svg/3rd-party/mailfence-dark.svg"
width="200"
height="70">
</td>
<td>
<a
href="https://mailfence.com"
class="btn-secondary btn-icon">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2013">2013</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-be"></span> Belgium
</span>
</td>
<td data-value="500">500 MB</td>
<td data-value="0"><span class="label label-warning">Free</span></td>
<td data-value="1"><span class="label label-success">Accepted</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">Data Security</span></h5>
<p>ProtonMail has <a href="https://protonmail.com/blog/zero-access-encryption">zero access encryption at rest</a> for your emails, <a href="https://protonmail.com/blog/encrypted-contacts-manager">address book contacts</a>, and <a href="https://protonmail.com/blog/protoncalendar-security-model">calendars</a>. This means the messages and other data stored in your account are only readable by you. </p>
<tr>
<td data-value="posteo">
<img alt="Posteo" src="/assets/img/svg/3rd-party/posteo.svg" width="200" height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://posteo.de">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2009">2009</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span> Germany
</span>
</td>
<td data-value="2000">2 GB</td>
<td data-value="1444">12 €</td>
<td data-value="0"><span class="label label-primary">No</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="0"><span class="label label-primary">No</span></td>
</tr>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>ProtonMail has <a href="https://protonmail.com/support/knowledge-base/how-to-use-pgp">integrated OpenPGP encryption</a> in their webmail. Emails to other ProtonMail users are encrypted automatically, and encryption to non-ProtonMail users with an OpenPGP key can be enabled easily in your account settings. They also allow you to <a href="https://protonmail.com/support/knowledge-base/encrypt-for-outside-users">encrypt messages to non-ProtonMail users</a> without the need for them to sign up for a ProtonMail account or use software like OpenPGP.</p>
<p>ProtonMail also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of ProtonMail to find the OpenPGP keys of ProtonMail users easily, for cross-provider E2EE.</p>
<tr>
<td data-value="protonmail">
<img alt="ProtonMail" src="/assets/img/svg/3rd-party/protonmail.svg" width="200" height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://protonmail.com">
<span class="fas fa-globe"></span>
</a>
<a
class="btn-tor btn-icon mt-1"
href="https://protonirockerxow.onion"
title="Requires specific software to access: torproject.org"
data-toggle="tooltip"
data-placement="bottom">
<span class="ptio-tor"></span>
</a>
</td>
<td data-value="2013">2013</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-ch"></span> Switzerland
</span>
</td>
<td data-value="500">500 MB</td>
<td data-value="0"><span class="label label-warning">Free</span></td>
<td data-value="1"><span class="label label-success">Accepted</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">.onion Service</span></h5>
<p>ProtonMail is accessible via Tor at <a href="https://protonirockerxow.onion/">protonirockerxow.onion</a>.</p>
<tr>
<td data-value="runbox">
<img
alt="Runbox"
src="/assets/img/png/3rd-party/runbox.png"
data-theme-src="/assets/img/png/3rd-party/runbox-dark.png"
width="200"
height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://runbox.com">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="1999">1999</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-no"></span> Norway
</span>
</td>
<td data-value="1000">1 GB</td>
<td data-value="1995">$ 19.95</td>
<td data-value="1"><span class="label label-primary">Accepted</span></td>
<td data-value="0"><span class="label label-primary">No</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>ProtonMail offers a "Visionary" account for €24/Month, which also enables access to ProtonVPN in addition to providing multiple accounts, domains, aliases, and extra storage.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/mailboxorg.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="Mailbox">
</div>
<div class="col">
<h2 id="mailbox" class="anchor"><a href="#mailbox"><i class="fas fa-link anchor-icon"></i></a> Mailbox.org <span class="badge badge-info">€12/y</span></h2>
<p><strong><a href="https://mailbox.org">Mailbox.org</a></strong> is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since <strong>2014</strong>. Mailbox.org is based in Berlin, <span class="flag-icon flag-icon-de"></span> Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.</p>
<tr>
<td data-value="soverin">
<img alt="Soverin" src="/assets/img/svg/3rd-party/soverin.svg" width="200" height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://soverin.net">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2015">2015</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-nl"></span> Netherlands
</span>
</td>
<td data-value="25000">25 GB</td>
<td data-value="3489">29 €</td>
<td data-value="0"><span class="label label-success">No</span></td>
<td data-value="0"><span class="label label-success">No</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Mailbox.org lets users use their own domain and they support <a href="https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain">catch-all</a> addresses. Mailbox.org also supports <a href="https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<tr>
<td data-value="startmail">
<img
alt="StartMail"
src="/assets/img/svg/3rd-party/startmail.svg"
data-theme-src="/assets/img/svg/3rd-party/startmail-dark.svg"
width="200"
height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://startmail.com">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2014">2014</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-nl"></span> Netherlands
</span>
</td>
<td data-value="10000">10 GB</td>
<td data-value="5995">$ 59.95</td>
<td data-value="1"><span class="label label-success">Accepted</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-warning">Payment Methods</span></h5>
<p>Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.</p>
<tr>
<td data-value="tutanota">
<img
alt="Tutanota"
src="/assets/img/svg/3rd-party/tutanota.svg"
data-theme-src="/assets/img/svg/3rd-party/tutanota-dark.svg"
width="200"
height="70">
</td>
<td>
<a
class="btn-secondary btn-icon"
href="https://tutanota.com">
<span class="fas fa-globe"></span>
</a>
</td>
<td data-value="2011">2011</td>
<td>
<span class="no-text-wrap">
<span class="flag-icon flag-icon-de"></span> Germany
</span>
</td>
<td data-value="1000">1 GB</td>
<td data-value="0"><span class="label label-warning">Free</span></td>
<td data-value="0"><span class="label label-primary">No</span></td>
<td data-value="1"><span class="label label-success">Built-in</span></td>
<td data-value="1"><span class="label label-success">Yes</span></td>
</tr>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>Mailbox.org supports <a href="https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA">two factor authentication</a> for their webmail only. You can use either <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> or a <a href="https://en.wikipedia.org/wiki/YubiKey">Yubikey</a> via the <a href="https://www.yubico.com/products/services-software/yubicloud">Yubicloud</a>. Web standards such as <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> and <a href="https://en.wikipedia.org/wiki/WebAuthn">WebAuthn</a> are not yet supported.</p>
</tbody>
</table>
<h5><span class="badge badge-warning">Data Security</span></h5>
<p>Mailbox.org allows for encryption of incoming mail using their <a href="https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox">encrypted mailbox</a>. New messages that you receive will then be immediately encrypted with your public key.</p>
<p>However, <a href="https://en.wikipedia.org/wiki/Open-Xchange">Open-Exchange</a>, the software platform used by Mailbox.org, <a href="https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book">does not support</a> the encryption of your address book and calendar. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate for that information.</p>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>Mailbox.org has <a href="https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also allow <a href="https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP">remote recipients to decrypt an email</a> on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.</p>
<p>Mailbox.org also supports the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Mailbox.org to find the OpenPGP keys of Mailbox.org users easily, for cross-provider E2EE.</p>
<h5><span class="badge badge-warning">.onion Service</span></h5>
<p>You can access your Mailbox.org account via IMAP/SMTP using <a href="https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org">their .onion service</a>. However, their webmail interface cannot be accessed via their .onion service, and users may experience TLS certificate errors.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>All accounts come with limited cloud storage that <a href="https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive">can be encrypted</a>. Mailbox.org also offers the alias <a href="https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely">@secure.mailbox.org</a>, which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports <a href="https://en.wikipedia.org/wiki/Exchange_ActiveSync">Exchange ActiveSync</a> in addition to standard access protocols like IMAP and POP3.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/posteo.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="Posteo">
</div>
<div class="col">
<h2 id="posteo" class="anchor"><a href="#posteo"><i class="fas fa-link anchor-icon"></i></a> Posteo <span class="badge badge-info">€12/y</span></h2>
<p><strong><a href="https://posteo.de">Posteo.de</a></strong> is an email provider that focuses on anonymous, secure, and private email. Their servers are powered by 100% sustainable energy. They have been in operation since <strong>2009</strong>. Posteo is based in <span class="flag-icon flag-icon-de"></span> Germany and has a free 14-day trial. Posteo comes with 2 GB for the monthly cost and an extra gigabyte can be purchased for €0.25 per month.</p>
<h5><span class="badge badge-warning">Domains and Aliases</span></h5>
<p>Posteo does <a href="https://posteo.de/en/site/faq">not allow the use of custom domains</a>, however users may still make use of <a href="https://posteo.de/en/help/what-is-an-email-alias">subaddressing</a>.</p>
<h5><span class="badge badge-warning">Payment Methods</span></h5>
<p>Posteo does not accept Bitcoin or other cryptocurrencies as a form of payment, however they do accept cash-by-mail. They also accept credit/debit cards, bank transfers, and PayPal, and remove PII (personally identifiable information) <a href="https://posteo.de/en/site/payment">that they receive</a> in connection with these payment methods.</p>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>Posteo supports <a href="https://posteo.de/en/help/what-is-two-factor-authentication-and-how-do-i-set-it-up">two factor authentication</a> for their webmail only. You can use either <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> a <a href="https://en.wikipedia.org/wiki/YubiKey">Yubikey</a> with TOTP. Web standards such as <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> and <a href="https://en.wikipedia.org/wiki/WebAuthn">WebAuthn</a> are not yet supported.</p>
<h5><span class="badge badge-warning">Data Security</span></h5>
<p>Posteo has <a href="https://posteo.de/en/site/encryption#cryptomailstorage">zero access encryption</a> for email storage. This means the messages stored in your account are only readable by you.</p>
<p>Posteo also supports the encryption of your <a href="https://posteo.de/en/site/features#featuresaddressbook">address book contacts</a> and <a href="https://posteo.de/en/site/features#featurescalendar">calendars</a> at rest. However, Posteo still uses standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> for calendars and contacts. These protocols do not support <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">E2EE (End-To-End Encryption)</a>. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropiate.</p>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>Posteo has <a href="https://posteo.de/en/site/encryption#pgp_webmailer">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also support the discovery of public keys via HTTP from their <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Posteo to find the OpenPGP keys of Posteo users easily, for cross-provider E2EE.</p>
<h5><span class="badge badge-danger">.onion Service</span></h5>
<p>Posteo does not operate a .onion service.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>Posteo allows users to <a href="https://posteo.de/en/help/does-posteo-offer-mailing-lists">set up their own mailing lists</a>. Each account can create one list for free.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/soverin.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="Soverin">
</div>
<div class="col">
<h2 id="soverin" class="anchor"><a href="#soverin"><i class="fas fa-link anchor-icon"></i></a> Soverin <span class="badge badge-info">€29/y</span></h2>
<p><strong><a href="https://soverin.net">Soverin.net</a></strong> is an email provider which focuses on being private, ad-free, and powered by sustainable energy. They have been in operation since <strong>2015</strong>. Soverin is based in <span class="flag-icon flag-icon-nl"></span> Amsterdam and does not have a free trial. Accounts start at 25 GB.</p>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Soverin lets users use their own domain. Soverin users can also use <a href="https://support.soverin.net/hc/en-us/articles/115004811093-How-can-I-setup-a-catch-all-on-my-domain-">catch-all</a> and <a href="https://support.soverin.net/hc/en-us/articles/115004811073-How-can-I-add-an-alias-to-my-domain-">aliases</a> for domains they own. Soverin also allows for <a href="https://support.soverin.net/hc/en-us/articles/115004811033-Do-support-the-plus-syntax-subaddressing-">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<h5><span class="badge badge-success">Payment Methods</span></h5>
<p>Soverin accepts Bitcoin as payment. They also accept credit/debit cards, PayPal, and the Netherlands-specific payment gateway iDEAL.</p>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>Soverin supports <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication <a href="https://support.soverin.net/hc/en-us/articles/360008819553-Setting-up-2-Factor-Authentication-2FA-Webmail-only">for webmail only</a>. They do not allow <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
<h5><span class="badge badge-warning">Data Security</span></h5>
<p>Soverin has <a href="https://support.soverin.net/hc/en-us/articles/115004810713-Technical-details-about-Soverin">encryption at rest</a> however it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have.</p>
<p>Soverin also uses the standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>Soverin has integrated encryption in their webmail, which simplifies sending messages to users. However, Soverin has not integrated a <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.<p>
<h5><span class="badge badge-danger">.onion Service</span></h5>
<p>Soverin does not operate a .onion service.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>Soverin also providers users with space for a personal webpage.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/disroot.svg"
data-theme-src="/assets/img/svg/3rd-party/disroot-dark.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="Disroot">
</div>
<div class="col">
<h2 id="disroot" class="anchor"><a href="#disroot"><i class="fas fa-link anchor-icon"></i></a> Disroot <span class="badge badge-info">Free</span></h2>
<p><strong><a href="https://disroot.org/en/services/email">Disroot</a></strong> offers email amongst <a href="https://disroot.org/en/#services">other services</a>. The service is maintained by volunteers and its community. They have been in operation since <strong>2015</strong>. Disroot is based in <span class="flag-icon flag-icon-nl"></span> Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. Users support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.</p>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Disroot lets users use their own domain. They have aliases, however you must <a href="https://disroot.org/en/forms/alias-request-form">manually apply</a> for them.</p>
<h5><span class="badge badge-success">Payment Methods</span></h5>
<p>Disroot accepts Bitcoin and Faircoin as payment methods. They also accept PayPal, direct bank deposit, and Patreon payments. Disroot is a not-for-profit organization that also accepts donations through Liberapay, Flattr, and Monero, but these payment methods cannot be used to purchase services.</p>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>Disroot supports <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication for webmail only. They do not allow <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
<h5><span class="badge badge-warning">Data Security</span></h5>
<p>Disroot uses full disk encryption. However, it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have.</p>
<p>Disroot also uses the standard <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <a href="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a <a href="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.</p>
<h5><span class="badge badge-danger">.onion Service</span></h5>
<p>Disroot does not operate a .onion service.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>They offer <a href="https://disroot.org/en/#services">other services</a> such as NextCloud, XMPP Chat, Etherpad, Ethercalc, Pastebin, Online polls and a Gitea instance. They also have an app <a href="https://f-droid.org/packages/org.disroot.disrootapp/">available in F-Droid</a>.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/tutanota.svg"
data-theme-src="/assets/img/svg/3rd-party/tutanota-dark.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="Tutanota">
</div>
<div class="col">
<h2 id="tutanota" class="anchor"><a href="#tutanota"><i class="fas fa-link anchor-icon"></i></a> Tutanota <span class="badge badge-info">Free</span></h2>
<p><strong><a href="https://tutanota.com">Tutanota.com</a></strong> is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since <strong>2011</strong> and is based in Hanover, <span class="flag-icon flag-icon-de"></span> Germany. Accounts start with 1GB storage with their free plan.</p>
<p>Tutanota <a href="https://tutanota.com/faq/#imap">doesn't allow</a> the use of third-party <a href="/software/email/">email clients</a>. There are plans to allow Tutanota pull email from <a href="https://github.com/tutao/tutanota/issues/544">external email accounts</a> using the <a href="https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</a> protocol. <a href="https://github.com/tutao/tutanota/issues/630">Email import</a> is currently not possible.</p>
<p>Emails can be exported <a href="https://tutanota.com/howto#generalMail">individually or by bulk selection</a>. Tutanota does not allow for <a href="https://github.com/tutao/tutanota/issues/927">subfolders</a> as you might expect with other email providers.</p>
<p>Tutanota is working on a <a href="https://tutanota.com/blog/posts/desktop-clients/">desktop client</a> and they have an app <a href="https://f-droid.org/packages/de.tutao.tutanota">available in F-Droid</a>. They also have their app in conventional stores such as <a href="https://apps.apple.com/us/app/tutanota/id922429609">App Store</a> on iOS and <a href="https://play.google.com/store/apps/details?id=de.tutao.tutanota">Google Play</a> for Android.</p>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Paid Tutanota accounts can use up to 5 <a href="https://tutanota.com/faq#alias">aliases</a> and <a href="https://tutanota.com/faq#custom-domain">custom domains</a>. Tutanota doesn't allow for <a href="https://tutanota.com/faq#plus">subaddressing (plus addresses)</a>, but you can use a <a href="https://tutanota.com/howto#settings-global">catch-all</a> with a custom domain.</p>
<h5><span class="badge badge-danger">Payment Methods</span></h5>
<p>Tutanota accepts only credit cards and PayPal.</p>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>Tutanota supports <a href="https://tutanota.com/faq#2fa">two factor authentication</a>. Users can either use <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> or <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a>. U2F support is <a href="https://github.com/tutao/tutanota/issues/443">not yet available on Android</a>.</p>
<h5><span class="badge badge-success">Data Security</span></h5>
<p>Tutanota has <a href="https://tutanota.com/faq#what-encrypted">zero access encryption at rest</a> for your emails, <a href="https://tutanota.com/faq#encrypted-address-book">address book contacts</a>, and <a href="https://tutanota.com/faq#calendar">calendars</a>. This means the messages and other data stored in your account are only readable by you. </p>
<h5><span class="badge badge-warning">Email Encryption</span></h5>
<p>Tutanota <a href="https://www.tutanota.com/faq/#pgp">does not use OpenPGP</a>. Tutanota users can only receive encrypted emails when external users send them through a <a href="https://www.tutanota.com/howto/#encrypted-email-external">temporary Tutanota mailbox</a>.</p>
<p>Tutanota <a href="https://github.com/tutao/tutanota/issues/198">does have plans</a> to support <a href="https://autocrypt.org">AutoCrypt</a>. This would allow for external users to send encrypted emails to Tutanota users as long as their email client supports the AutoCrypt headers.</p>
<h5><span class="badge badge-danger">.onion Service</span></h5>
<p>Tutanota does not operate a .onion service but <a href="https://github.com/tutao/tutanota/issues/528">may consider</a> it in the future.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>Tutanota offers the business version of <a href="https://tutanota.com/blog/posts/secure-email-for-non-profit">Tutanota to non-profit organizations</a> for free or with a heavy discount.</p>
<p>Tutanota also has a business feature called <a href="https://tutanota.com/secure-connect/">Secure Connect</a>. This ensures customer contact to the business uses E2EE. The feature costs €240/y.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img
src="/assets/img/svg/3rd-party/startmail.svg"
data-theme-src="/assets/img/svg/3rd-party/startmail-dark.svg"
height="70"
width="200"
class="img-fluid d-block mr-auto ml-auto align-middle"
alt="StartMail">
</div>
<div class="col">
<h2 id="startmail" class="anchor"><a href="#startmail"><i class="fas fa-link anchor-icon"></i></a> StartMail <span class="badge badge-info">Personal USD $59.95/y</span></h2>
<p><strong><a href="https://startmail.com">StartMail.com</a></strong> is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since <strong>2014</strong> and is based in Boulevard 11, Zeist <span class="flag-icon flag-icon-nl"></span> Netherlands. Accounts start with 10GB. They offer a 30-day trial.</p>
<h5><span class="badge badge-success">Domains and Aliases</span></h5>
<p>Personal accounts can use <a href="https://support.startmail.com/hc/en-us/articles/360007297457-Aliases">Custom or Generated</a> aliases. Business accounts can use <a href="https://support.startmail.com/hc/en-us/articles/360006840058">Domain aliases</a>.</p>
<h5><span class="badge badge-warning">Payment Methods</span></h5>
<p>StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other <a href="https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods">payment options</a> such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.</p>
<h5><span class="badge badge-success">Account Security</span></h5>
<p>StartMail supports <a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication <a href="https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA">for webmail only</a>. They do not allow <a href="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
<h5><span class="badge badge-warning">Data Security</span></h5>
<p>StartMail has <a href="https://www.startmail.com/en/whitepaper/#_Toc458527835">zero access encryption at rest</a>, using their "user vault" system. When a user logs in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.</p>
<p>StartMail supports importing <a href="https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts">contacts</a> however, they are only accessible in the webmail and not through protocols such as <a href="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a>. Contacts are also not stored using zero knowledge encryption, so a <a href="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
<h5><span class="badge badge-success">Email Encryption</span></h5>
<p>StartMail has <a href="https://support.startmail.com/hc/en-us/sections/360001889078-Encryption">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys.</p>
<h5><span class="badge badge-danger">.onion Service</span></h5>
<p>StartMail does not operate a .onion service.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>StartMail allows for proxying of images within emails. If a user allows the remote image to be loaded, the sender won't know what the user's IP address is.</p>
</div>
</div>
</div>
<h3>Interesting Email Providers Under Development</h3>
<ul>
<li><a href="https://www.confidantmail.org/">Confidant Mail</a> - An open-source non-SMTP cryptographic email system optimized for large file attachments. It is a secure and spam-resistant alternative to regular email and online file drop services. It
uses <a href="https://theprivacyguide.org/tutorials/gpg.html">GNU Privacy Guard (GPG)</a> for content encryption and authentication, and TLS 1.2 with ephemeral keys for transport encryption.</li>
</ul>
<h3>Become Your Own Email Provider</h3>
<a href="https://mailinabox.email/"><img src="/assets/img/svg/3rd-party/mail-in-a-box.svg" width="80rem" class="img-fluid float-left mr-3" alt="Mail-in-a-Box"></a>
<p><strong>Mail-in-a-Box</strong> lets you become your own mail service provider in a few easy steps. It's sort of like making your own Gmail, but one you control from top to bottom. Technically, Mail-in-a-Box turns a fresh cloud computer into a working mail server. But you don't need to be a technology expert to set it up. <strong>More: <a href="https://mailinabox.email/">https://mailinabox.email/</a></strong></p>
<a href="https://mailcow.email/"><img src="/assets/img/svg/3rd-party/mailcow.svg" width="80rem" class="img-fluid float-left mr-3" alt="Mailcow"></a>
<p><strong>Mailcow</strong> is a slightly more advanced mail server perfect for those with a bit more Linux experience. It has everything you need in a Docker container: A mailserver with DKIM support, antivirus and spam monitoring, webmail and ActiveSync with SOGo, and web-based administration with 2FA support. <strong>More: <a href="https://mailcow.github.io/mailcow-dockerized-docs/">Mailcow Dockerized docs</a></strong></p>

10
_includes/sections/email-warning.html Normal file
View File

@ -0,0 +1,10 @@
<div class="card border-danger">
<div class="card-header text-danger"><i class="fas fa-exclamation-circle fa-fw"></i> Warning</div>
<div class="card-body">
<p class="card-text text-danger">When using end-to-end encryption (E2EE) technology like <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy">OpenPGP</a>, email will still have some metadata that is not encrypted in the header of the email. <a href="/providers/email/#metadata">Read more about email metadata.</a></p>
<p class="card-text text-danger">OpenPGP also does not support <a href="https://en.wikipedia.org/wiki/Forward_secrecy">Forward secrecy</a>, which means if either your or the recipient's private key is ever stolen, <strong>all</strong> previous messages encrypted with it will be exposed. <a href="/providers/email/#email-encryption">How do I protect my private keys?</a></p>
<p class="card-text text-secondary">Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.</p>
<a href="/software/real-time-communication/" class="btn btn-outline-secondary">Recommended Instant Messengers</a>
</div>
</div>

27
_includes/sections/file-encryption.html
View File

@ -24,6 +24,7 @@
image="/assets/img/svg/3rd-party/gnupg.svg"
description="<strong>GnuPG</strong> is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF standards track specification of OpenPGP. Current versions of PGP (and Veridis' Filecrypt) are interoperable with GnuPG and other OpenPGP-compliant systems. GnuPG is a part of the Free Software Foundation's GNU software project, and has received major funding from the German government."
website="https://gnupg.org/"
privacy-policy="https://gnupg.org/privacy-policy.html"
forum="https://forum.privacytools.io/t/discussion-gnupg-file-encryption/1533"
git="https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git"
windows="https://gpg4win.org/download.html"
@ -38,17 +39,17 @@
{%
include cardv2.html
title="PeaZip - File Archive Encryption"
image="/assets/img/svg/3rd-party/peazip.svg"
description="<strong>PeaZip</strong> is a free and open-source file manager and file archiver made by Giorgio Tani. It supports its native PEA archive format (featuring compression, multi volume split and flexible authenticated encryption and integrity check schemes) and other mainstream formats, with special focus on handling open formats. It also supports 180+ archive formats."
website="http://www.peazip.org"
forum="https://forum.privacytools.io/t/discussion-peazip-file-encryption/1534"
source="https://osdn.net/projects/peazip"
windows="https://www.peazip.org/peazip-64bit.html"
linux="https://www.peazip.org/peazip-linux.html"
freebsd="https://www.freshports.org/archivers/peazip/"
openbsd="https://www.peazip.org/peazip-bsd.html"
netbsd="https://www.peazip.org/peazip-bsd.html"
title="7 Zip"
image="/assets/img/svg/3rd-party/7zip.svg"
description='<strong>7-Zip</strong> is a free and open-source file archiver, a utility used to place groups of files within compressed containers. On Linux, MacOS etc. the command-line tool <a href="http://p7zip.sourceforge.net/"><strong>p7zip</strong></a> is used and integrates into various interfaces such as <a href="https://wiki.gnome.org/Apps/FileRoller">FileRoller</a>, <a href="https://github.com/ib/xarchiver">Xarchiver</a>, <a href="https://kde.org/applications/utilities/ark">Ark</a>.'
website="https://7-zip.org"
forum="https://forum.privacytools.io/t/discussion-7-zip/3024"
source="https://sourceforge.net/projects/sevenzip/files/"
windows="https://7-zip.org/download.html"
linux="https://sourceforge.net/projects/p7zip/files"
freebsd="https://www.freshports.org/archivers/p7zip"
openbsd="https://sourceforge.net/projects/p7zip"
netbsd="https://sourceforge.net/projects/p7zip"
%}
<h3>Worth Mentioning</h3>
@ -56,6 +57,8 @@
<ul>
<li><a href="https://cryptomator.org/">Cryptomator</a> - Free client-side AES encryption for your cloud files. Open source software: No backdoors, no registration. <span class="badge badge-warning" data-toggle="tooltip" title="Cryptomator's mobile apps are not open-source."><a href="https://github.com/cryptomator/cryptomator-android/issues/1#issuecomment-257979375"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><a href="https://gitlab.com/cryptsetup/cryptsetup/">Linux Unified Key Setup (LUKS)</a> - A full disk encryption system for Linux using dm-crypt as the disk encryption backend. Included by default in Ubuntu. Available for Windows and Linux.</li>
<li><a href="https://www.dyne.org/software/tomb/">Tomb</a> - A simple zsh script for making LUKS containers on the commandline.</li>
<li><a href="https://hat.sh/">Hat.sh</a> - A cross-platform, serverless JavaScript web application that provides secure file encryption using the AES-256-GCM algorithm in your browser. It can also be downloaded and run offline.</li>
<li><a href="https://www.keka.io/">Keka</a> - A macOS-only, open-source file archiver with the ability to encrypt files.</li>
<li><a href="https://www.keka.io/">Keka</a> - A macOS-only, file archiver with the ability to encrypt files. <span class="badge badge-warning" data-toggle="tooltip" title="This software isn't open source anymore"><a href="https://github.com/aonez/Keka#so-where-is-the-source-code"><i class="fas fa-exclamation-triangle"></i></a></span>
</li>
</ul>

13
_includes/sections/file-sharing.html
View File

@ -3,8 +3,10 @@
{% include cardv2.html
title="Firefox Send"
image="/assets/img/svg/3rd-party/firefox_send.svg"
website="https://send.firefox.com/"
labels="warning:<a href=//send.firefox.com/legal>Warning</a>: IP addresses are retained in logs for 90 days."
description="Firefox Send uses end-to-end encryption to keep your data secure from the moment you share to the moment your file is opened. It also offers security controls that you can set. You can choose when your file link expires, the number of downloads, and whether you would like to add a password for an extra layer of security."
website="https://send.firefox.com/"
privacy-policy="https://send.firefox.com/legal"
forum="https://forum.privacytools.io/t/discussion-firefox-send/755"
github="https://github.com/mozilla/send"
web="https://send.firefox.com/"
@ -15,8 +17,8 @@ googleplay="https://play.google.com/store/apps/details?id=org.mozilla.firefoxsen
title="OnionShare"
image="/assets/img/svg/3rd-party/onionshare.svg"
website="https://onionshare.org/"
tor="http://elx57ue5uyfplgva.onion/"
description="OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL for you to share so that the recipients can access and download the files."
tor="http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/"
description="OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files."
forum="https://forum.privacytools.io/t/discussion-onionshare/754"
github="https://github.com/micahflee/onionshare"
windows="https://onionshare.org/#downloads"
@ -44,6 +46,7 @@ netbsd="https://pypi.org/project/magic-wormhole/"
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://github.com/schollz/croc">croc</a> - Easily and securely send things from one computer to another.</li>
<li><a href="https://freedombox.org/">FreedomBox</a> - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or Jabber server, to a wiki, or VPN.</li>
<li><a href="https://framadrop.org/">FramaDrop</a> - Stores a file of any size for 24h. Data is end-to-end encrypted from your browser, powered by <a href="https://framagit.org/fiat-tux/hat-softwares/lufi">LuFi</a>. <span class="badge badge-warning" data-toggle="tooltip" title="FramaDrop logs IP addresses and fingerprints the browser for an unclear amount of time."><a href="https://framasoft.org/en/cgu/"><i class="fas fa-exclamation-triangle"></i></a></span></li>
<li><a href="https://github.com/schollz/croc">croc</a> - Easily and securely send arbitrary-sized files from one computer to another. Similar to Magic Wormhole but without dependencies.</li>
<li><a href="https://freedombox.org/">FreedomBox</a> - Designed to be your own inexpensive server at home. It runs free software and offers an increasing number of services ranging from a calendar or XMPP server, to a wiki, or VPN.</li>
</ul>

12
_includes/sections/file-sync.html
View File

@ -20,18 +20,6 @@
googleplay="https://play.google.com/store/apps/details?id=com.github.catfriend1.syncthingandroid"
%}
{%
include cardv2.html
title="SparkleShare"
image="/assets/img/svg/3rd-party/sparkleshare.svg"
description="<strong>SparkleShare</strong> creates a special folder on your computer. You can add remotely hosted folders (or \"projects\") to this folder. These projects will be automatically kept in sync with both the host and all of your peers when someone adds, removes, or edits a file."
website="https://sparkleshare.org/"
forum="https://forum.privacytools.io/t/discussion-sparkleshare/1626"
github="https://github.com/hbons/SparkleShare"
linux="https://www.sparkleshare.org/"
mac="https://github.com/hbons/SparkleShare/releases/"
%}
<h3>Worth Mentioning</h3>
<ul>

5
_includes/sections/hosting-provider.html
View File

@ -6,6 +6,7 @@ image="/assets/img/svg/3rd-party/bahnhof.svg"
image-dark="/assets/img/svg/3rd-party/bahnhof-dark.svg"
description="Bahnhof is one of Swedens largest network operators, founded in 1994. They specialize in innovative data center construction: Extreme security coupled with low-cost green energy has made them world famous."
website="https://www.bahnhof.net/"
privacy-policy="https://www.bahnhof.net/page/privacy-policy"
forum="https://forum.privacytools.io/t/discussion-bahnhof-net/341"
%}
@ -13,7 +14,7 @@ forum="https://forum.privacytools.io/t/discussion-bahnhof-net/341"
title="VPS & Domain: Njalla"
image="/assets/img/svg/3rd-party/njalla.svg"
image-dark="/assets/img/svg/3rd-party/njalla-dark.svg"
description="Njalla is a privacy-aware domain registration service and VPS provider based in Nevis (with VPS data centers in Sweden). It is created by people from The Pirate Bay and IPredator VPN. Accepted payments: Bitcoin, Litecoin, Monero, DASH, Bitcoin Cash and PayPal."
description="Njalla is a privacy-aware domain registration service and VPS provider based in Nevis (with VPS data centers in Sweden). It is created by people from The Pirate Bay and IPredator VPN. Accepted payments: Bitcoin, Litecoin, Monero, Zcash, DASH, Bitcoin Cash and PayPal."
website="https://njal.la/"
tor="http://njalladnspotetti.onion"
forum="https://forum.privacytools.io/t/discussion-njalla/339"
@ -24,6 +25,7 @@ title="Colocation: DataCell"
image="/assets/img/png/3rd-party/datacell.png"
description="DataCell is a data center providing secure colocating in Switzerland and Iceland."
website="https://datacell.is/"
privacy-policy="https://datacell.is/privacy/"
forum="https://forum.privacytools.io/t/discussion-datacell-is/342"
%}
@ -32,5 +34,6 @@ title="VPS, Hosting, & Domain: Orange Website"
image="/assets/img/png/3rd-party/orange_website.png"
description="Orange Website is an Icelandic web hosting provider that prides themselves in protecting online privacy and free speech."
website="https://www.orangewebsite.com/"
privacy-policy="https://www.orangewebsite.com/docs/privacy-policy.php"
forum="https://forum.privacytools.io/t/discussion-orange-website/343"
%}

241
_includes/sections/instant-messenger.html
View File

@ -1,4 +1,10 @@
<h1 id="im" class="anchor"><a href="#im"><i class="fas fa-link anchor-icon"></i></a> Encrypted Instant Messengers</h1>
<h1 id="im" class="anchor">
<a href="#im"><i class="fas fa-link anchor-icon"></i></a>
Encrypted Instant Messengers
</h1>
<div class="alert alert-warning" role="alert">
<strong>If you are currently using an Instant Messenger like Telegram, LINE, Viber, <a href="https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns">WhatsApp</a>, or plain SMS, you should pick an alternative here.</strong></div>
<p>We only recommend instant messenger programs or apps that support <a href="https://en.wikipedia.org/wiki/End-to-end_encryption">end-to-end encryption (E2EE)</a>. When E2EE is used, all transmissions (messages, voice, video, etc.) are encrypted <strong>before</strong> they are sent from your device. E2EE protects both the authenticity and confidentiality of the transmission as they pass through any part of the network (servers, etc.).</p>
@ -6,45 +12,29 @@
<p>We have described the three main types of messaging programs that exist: Centralized, Federated and Peer-to-Peer (P2P), with the advantages and disadvantages of each.</p>
<h2 id="centralized" class="anchor"><a href="#centralized"><i class="fas fa-link anchor-icon"></i></a> Centralized</h2>
<h2 id="centralized" class="anchor">
<a href="#centralized"><i class="fas fa-link anchor-icon"></i></a>
Centralized
</h2>
<p>Centralized messengers are those where every participant is on the same server or network of servers controlled by the same organization.</p>
<h3>Advantages</h3>
<ul>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
</ul>
<h3>Disadvantages</h3>
<ul>
<li>Centralized services could be more susceptible to <a href="#exploiting-centralized-networks">legislation requiring backdoor access</a>.</li>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
</ul>
<li>The <a href="https://blog.privacytools.io/delisting-wire">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
</ul>
<div class="alert alert-warning" role="alert">
<strong>If you are currently using an Instant Messenger like Telegram, LINE, Viber, <a href="https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns">WhatsApp</a>, or plain SMS, you should pick an alternative here.</strong></div>
{%
include cardv2.html
title="Signal"
image="/assets/img/svg/3rd-party/signal.svg"
description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been <a href="https://eprint.iacr.org/2016/1013.pdf">indepedently audited (PDF)</a>'
labels="warning:<a>Requires phone number</a>:Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|success:VoIP"
website="https://signal.org/"
forum="https://forum.privacytools.io/t/discussion-signal/664"
github="https://github.com/signalapp"
windows="https://signal.org/download/"
mac="https://signal.org/download/"
linux="https://signal.org/download/"
googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms"
android="https://signal.org/android/apk/#apk-danger"
ios="https://apps.apple.com/app/signal-private-messenger/id874139669"
include cardv2.html
title="Signal"
image="/assets/img/svg/3rd-party/signal.svg"
description='Signal is a mobile app developed by Signal Messenger LLC. The app provides instant messaging, as well as voice and video calling. All communications are E2EE unless you choose to send as SMS. Its protocol has also been <a href="https://eprint.iacr.org/2016/1013.pdf">indepedently audited (PDF)</a>'
labels="warning:<a>Requires phone number</a>:Signal requires your phone number as an personal identifier which means anyone you communicate with will see it.|success:VoIP"
website="https://signal.org/"
privacy-policy="https://signal.org/legal/"
forum="https://forum.privacytools.io/t/discussion-signal/664"
github="https://github.com/signalapp"
windows="https://signal.org/download/"
mac="https://signal.org/download/"
linux="https://signal.org/download/"
googleplay="https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms"
android="https://signal.org/android/apk/#apk-danger"
ios="https://apps.apple.com/app/signal-private-messenger/id874139669"
%}
{%
@ -54,6 +44,7 @@
description='Keybase provides a hosted team chat with E2EE. Its protocol has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>. Keybase can help you prove you own social media accounts though the use of cryptographic signing of "<a href="https://en.wikipedia.org/wiki/Keybase#Identity_proofs">identity proofs</a>".'
labels="warning:<a href=//github.com/keybase/client/issues/6374>Warning</a>:This software relies on a closed-source central server."
website="https://keybase.io/"
privacy-policy="https://keybase.io/docs/privacypolicy"
forum="https://forum.privacytools.io/t/discussion-keybase/1224"
tor="http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/"
github="https://github.com/Keybase"
@ -67,38 +58,47 @@
chrome="https://chrome.google.com/webstore/detail/keybase-for-reddit/ognfafcpbkogffpmmdglhbjboeojlefj"
%}
<div>
<h2 id="federated" class="anchor"><a href="#federated"><i class="fas fa-link anchor-icon"></i></a> Federated</h2>
<p>Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.</p>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Generally a less juicy target for governments wanting <a href="#exploiting-centralized-networks">backdoor access to everything</a> as the trust is decentralized. The server may be hosted independently from the organization developing the software.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
<li>Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.</li>
<li>New features and changes can be implemented more quickly.</li>
<li>Easier to get started with and to find contacts.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
<li>Centralized services could be more susceptible to <a href="#exploiting-centralized-networks">legislation requiring backdoor access</a>.</li>
<li>Can include <a href="https://drewdevault.com/2018/08/08/Signal.html">restricted control or access</a>. This can include things like:</li>
<ul>
<li>Being <a href="https://github.com/LibreSignal/LibreSignal/issues/37#issuecomment-217211165">forbidden from connecting third-party clients</a> to the centralized network that might provide for greater customization or better user experience. Often defined in Terms and Conditions of usage.</li>
<li>Poor or no documentation for third-party developers.</li>
</ul>
<li>The <a href="https://blog.privacytools.io/delisting-wire">ownership</a>, privacy policy, and operations of the service can change easily when a single entity controls it, potentially compromising the service later on.</li>
</ul>
</div>
</div>
</div>
<div>
<h2 id="federated" class="anchor">
<a href="#federated"><i class="fas fa-link anchor-icon"></i></a>
Federated
</h2>
<p>Federated messengers use multiple, independent servers that are able to talk to each other (email is one example of a federated service). Federation allows system administrators to control their own server and still be a part of the larger communications network.</p>
{%
include cardv2.html
title="Matrix"
image="/assets/img/svg/3rd-party/matrix.svg"
image-dark="/assets/img/svg/3rd-party/matrix-dark.svg"
description='<a href="https://matrix.org/docs/guides/introduction">Matrix</a> is an open-source project that publishes the <a href="https://matrix.org/docs/spec">Matrix open standard</a> for secure, decentralized, real-time communication.<br />
<a href="https://en.wikipedia.org/wiki/Riot.im">Riot.im</a> is the popular reference client produced by the Matrix.org team. It offers optional E2EE for 1:1 and group conversations that <strong>must</strong> be turned on by the user. (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security &amp; Privacy → Encrypted). In the future it will be <a href="https://github.com/vector-im/riot-web/issues/6779">on by default.</a>'
title="Riot"
image="/assets/img/svg/3rd-party/riotim.svg"
description='<a href="//about.riot.im">Riot.im</a> is the reference client for the <a href="//matrix.org/docs/guides/introduction">Matrix</a> network. The <a href="//matrix.org/docs/spec">Matrix open standard</a> is an open-source standard for secure, decentralized, real-time communication.<br />'
labels="warning:<a href=//github.com/vector-im/riot-web/issues/6779>Warning</a>:Riot offers optional E2EE for 1&#x3a;1 and group conversations that must be turned on by the user.
(This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security &amp; Privacy → Encrypted).|success:VoIP"
website="https://about.riot.im/"
privacy-policy="https://riot.im/privacy"
forum="https://forum.privacytools.io/t/discussion-riot-im/665/"
github="https://github.com/vector-im/riot-web/"
windows="https://riot.im/download/desktop/"
@ -110,49 +110,52 @@
web="https://riot.im/app/"
%}
<div>
<h4>Worth Mentioning</h4>
<ul>
<li>Other <a href="https://matrix.org/clients">Matrix</a> clients, that may however be less feature complete than Riot.im.</li>
<li><a href="https://xmpp.org/about">XMPP</a> (Extensible Messaging and Presence Protocol) is an open-source communications protocol that began development in 1999. Since then, XMPP has been extended by the publishing of XEPs (XMPP Extension Protocols). <a href="https://conversations.im/omemo/">OMEMO</a> is the most popular XEP (XMPP extension) for E2EE. Clients are developed by the community and not by the XSF (XMPP Standards Foundation). <span class="badge badge-warning" data-toggle="tooltip" title="VoIP and file transfers/names may not be end-to-end encrypted.">Inconsistent E2EE</span></li>
<ul>
<li><a href="https://gajim.org/">Gajim</a></li>
<li><a href="https://conversations.im">Conversations</a></li>
<li><a href="https://siskin.im/">Siskin</a></li>
<li>Other <a href="https://omemo.top">OMEMO</a> capable clients for XMPP.</li>
</ul>
<li><a href="https://www.kontalk.org">Kontalk</a> is a community-driven instant messaging network based on XMPP.</li>
</ul>
<h2 id="peer-to-peer" class="anchor"><a href="#peer-to-peer"><i class="fas fa-link anchor-icon"></i></a> Peer to Peer (P2P)</h2>
<p>Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a <a href="https://en.wikipedia.org/wiki/Distributed_computing">distributed computing</a> network. Examples of this include <a href="https://en.wikipedia.org/wiki/Distributed_hash_table">DHT (distributed hash table)</a> (used with technologies like <a href="https://en.wikipedia.org/wiki/BitTorrent_(protocol)">torrents</a> and <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>, for example), or <a href="https://en.wikipedia.org/wiki/Ethereum">Ethereum</a>'s <a href="https://github.com/ethereum/wiki/wiki/Whisper">Whisper</a> protocol (used with some newer DApps). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the <a href="https://www.scuttlebutt.nz">Scuttlebutt</a> social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.</p>
<h3>Advantages</h3>
<ul>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
<h3>Disadvantages</h3>
<ul>
<li>Reduced feature set:</li>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Allows for greater control over your own data when running your own server.</li>
<li>Allows you to choose who to trust your data with by choosing between multiple "public" servers.</li>
<li>Often allows for third party clients which can provide a more native, customized, or accessible experience.</li>
<li>Generally a less juicy target for governments wanting <a href="#exploiting-centralized-networks">backdoor access to everything</a> as the trust is decentralized. The server may be hosted independently from the organization developing the software.</li>
<li>Server software can be verified that it matches public source code, assuming you have access to the server or you trust the person who does (e.g., a family member)</li>
<li>Third-party developers can contribute code and add new features, instead of waiting for a private development team to do so.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Adding new features is more complex, because these features need to be standardized and tested to ensure they work with all servers on the network.</li>
<li>Some metadata may be available (e.g., information like "who is talking to whom," but not actual message content if E2EE is used).</li>
<li>Federated servers generally require trusting your server's administrator. They may be a hobbyist or otherwise not a "security professional," and may not serve standard documents like a privacy policy or terms of service detailing how your data is utilized.</li>
<li>Server administrators sometimes choose to block other servers, which are a source of unmoderated abuse or break general rules of accepted behavior. This will hinder your ability to communicate with users on those servers.</li>
</ul>
</div>
</div>
</div>
<div>
<h4>Worth Mentioning</h4>
<ul>
<li><a href="https://status.im">Status.im</a> - Encrypted instant messenger with an integrated <a href="https://en.wikipedia.org/wiki/Ethereum">Ethereum</a> wallet (cryptocurrency) that also includes support for <a href="https://our.status.im/tag/dapps">DApps (decentralized apps)</a> (web apps in a curated store). Uses the <a href="https://our.status.im/status-launches-private-peer-to-peer-messaging-protocol/">Waku protocol (a fork of Whisper)</a> for P2P communication. Only available for iOS and Android.</li>
</ul>
<h2 id="peer-to-peer" class="anchor">
<a href="#peer-to-peer"><i class="fas fa-link anchor-icon"></i></a>
Peer to Peer (P2P)
</h2>
<p>Peer-to-Peer instant messengers connect directly to each other without requiring third-party servers. Clients (peers) usually find each other through the use of a <a href="https://en.wikipedia.org/wiki/Distributed_computing">distributed computing</a> network. Examples of this include <a href="https://en.wikipedia.org/wiki/Distributed_hash_table">DHT (distributed hash table)</a> (used with technologies like <a href="https://en.wikipedia.org/wiki/BitTorrent_(protocol)">torrents</a> and <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>, for example). Another approach is proximity based networks, where a connection is established over WiFi or Bluetooth (for example, Briar or the <a href="https://www.scuttlebutt.nz">Scuttlebutt</a> social networking protocol). Once a peer has found a route to its contact via any of these methods, a direct connection between them is made.</p>
{%
include cardv2.html
title="Briar"
image="/assets/img/svg/3rd-party/briar.svg"
description="Encrypted instant messenger that connects to contacts via Wi-Fi, Bluetooth, or Tor over the internet to synchronize messages. Technology such as this has proven to be useful when Internet availability is an issue, such as in times of crisis."
website="https://briarproject.org"
privacy-policy="https://briarproject.org/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-briar/2114"
gitlab="https://code.briarproject.org/briar/briar"
fdroid="https://f-droid.org/packages/org.briarproject.briar.android/"
@ -163,9 +166,10 @@
include cardv2.html
title="Jami"
image="/assets/img/svg/3rd-party/jami.svg"
description="Encrypted instant messaging and video calling software. Uses <a href=//jami.net/improving-performance-and-security-with-tls-1-3/>TLS 1.3</a> for encryption."
labels="success:VoIP"
description="Encrypted instant messaging and video calling software. All communications are E2EE using <a href=//jami.net/improving-performance-and-security-with-tls-1-3/>TLS 1.3</a> and never stored elsewhere than on user's devices, even when <a href=//jami.net/why-is-jami-truly-distributed/>TURN servers are used</a>."
labels="warning:<a href=//git.jami.net/savoirfairelinux/ring-project/issues/765>Warning</a>:This software is partially centralized but can be self-hosted.|success:VoIP"
website="https://jami.net/"
privacy-policy="https://jami.net/privacy-policy/"
forum="https://forum.privacytools.io/t/discussion-jami/2116"
gitlab="https://git.jami.net/savoirfairelinux"
windows="https://jami.net/download-jami-windows"
@ -176,30 +180,25 @@
ios="https://itunes.apple.com/app/ring-a-gnu-package/id1306951055?mt=8"
%}
{%
include cardv2.html
title="Tox"
image="/assets/img/svg/3rd-party/tox.svg"
image-dark="/assets/img/svg/3rd-party/tox-dark.svg"
description='Encrypted instant messaging and video calling software. Uses its <a href="https://toktok.ltd/spec.html"> own encryption protocol</a> that has not yet been officially audited by cryptographers.'
labels="warning:<a href=//tox.chat/download.html#warning>Experimental</a>:Encryption has not been audited by professional cryptographers|success:VoIP"
website="https://tox.chat"
forum="https://forum.privacytools.io/t/discussion-tox/2115"
windows="https://tox.chat/download.html#oses"
mac="https://tox.chat/download.html#oses"
linux="https://tox.chat/download.html#oses"
freebsd="https://tox.chat/download.html#oses"
openbsd="http://openports.se/search.php?so=tox"
netbsd="http://pkgsrc.se/search.php?so=tox"
fdroid="https://tox.chat/download.html#oses"
googleplay="https://tox.chat/download.html#oses"
ios="https://tox.chat/download.html#oses"
%}
<h4>Worth Mentioning</h4>
<ul>
<li><a href="https://status.im">Status.im</a> - Encrypted instant messenger with an integrated <a href="https://en.wikipedia.org/wiki/Ethereum">Ethereum</a> wallet (cryptocurrency) that also includes support for <a href="https://our.status.im/tag/dapps">DApps (decentralized apps)</a> (web apps in a curated store). Uses the <a href="https://blog.enuma.io/update/2018/08/08/decentralized-application-messaging-with-whisper.html">Whisper protocol</a> for P2P communication. <span class="badge badge-warning">Experimental</span></li>
<li><a href="https://retroshare.cc">Retroshare</a> - Encrypted instant messaging and voice/video call client. RetroShare supports both <a href="https://www.torproject.org/">Tor</a> and <a href="https://geti2p.net">I2P</a>.</li>
<li><a href="https://bitmessage.org">Bitmessage</a> is a decentralized, encrypted, peer-to-peer, trustless communications protocol that can be used by one person to send encrypted messages to another person, or to multiple subscribers.</li>
</ul>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Advantages</h3>
<ul>
<li>Minimal information is exposed to third parties.</li>
<li>Modern P2P platforms implement end-to-end encryption by default. There are no servers that could potentially intercept and decrypt your transmissions, unlike centralized and federated models.</li>
</ul>
</div>
<div class="col-md-6">
<h3>Disadvantages</h3>
<ul>
<li>Reduced feature set:</li>
<ul>
<li>Messages can only be sent when both peers are online, however, your client may store messages locally to wait for the contact to return online.</li>
<li>Generally increases battery usage on mobile devices, because the client must stay connected to the distributed network to learn about who is online.</li>
</ul>
<li>Your <a href="https://en.wikipedia.org/wiki/IP_address">IP address</a> and that of the contacts you're communicating with may be visible if you do not use the software in conjunction with a <a href="/software/networks">self contained network</a>, such as <a href="https://www.torproject.org">Tor</a> or <a href="https://geti2p.net/">I2P</a>. Many countries have some form of mass surveillance and/or metadata retention.</li>
</ul>
</div>
</div>
</div>

2
_includes/sections/key-disclosure-law.html
View File

@ -28,7 +28,7 @@
title="Key disclosure laws may apply"
body='
<ol class="card-ol">
<li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Belgium">Belgium *</a> <div class="float-right"><span class="flag-icon flag-icon-be"></span></div></li>
<li><a href="https://tweakers.net/nieuws/163116/belgische-rechter-verdachte-mag-verplicht-worden-code-smartphone-af-te-staan.html">Belgium</a> <div class="float-right"><span class="flag-icon flag-icon-be"></span></div></li>
<li><a href="https://www.riigiteataja.ee/akt/106012016019">Estonia</a> <div class="float-right"><span class="flag-icon flag-icon-ee"></span></div></li>
<li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#Finland">Finland *</a> <div class="float-right"><span class="flag-icon flag-icon-fi"></span></div></li>
<li><a href="https://en.wikipedia.org/wiki/Key_disclosure_law#New_Zealand">New Zealand</a> (unclear) <div class="float-right"><span class="flag-icon flag-icon-nz"></span></div></li>

35
_includes/sections/live-operating-systems.html
View File

@ -1,4 +1,4 @@
<h1 id="live_os" class="anchor"><a href="#live_os"><i class="fas fa-link anchor-icon"></i></a> Live CD Operating Systems</h1>
<h1 id="live_os" class="anchor"><a href="#live_os"><i class="fas fa-link anchor-icon"></i></a> PC Live Operating Systems</h1>
{% include cardv2.html
title="Tails"
@ -10,30 +10,17 @@ website="https://tails.boum.org/"
git="https://git-tails.immerda.ch/tails/"
%}
{% include cardv2.html
title="KNOPPIX"
image="/assets/img/svg/3rd-party/knoppix.svg"
image="/assets/img/svg/3rd-party/knoppix-dark.svg"
description='Knoppix is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. When starting a program, it is loaded from the removable medium and decompressed into a RAM drive. The decompression is transparent and on-the-fly.'
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://www.knopper.net/knoppix/index-en.html"
source="https://www.knopper.net/knoppix-info/index-en.html#license"
%}
{% include cardv2.html
title="Puppy Linux"
image="/assets/img/svg/3rd-party/puppy_linux.svg"
description='Puppy Linux operating system is a lightweight Linux distribution that focuses on ease of use and minimal memory footprint. The entire system can be run from RAM with current versions generally taking up about 210 MB, allowing the boot medium to be removed after the operating system has started.'
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="http://puppylinux.org/"
source="http://distro.ibiblio.org/puppylinux/"
%}
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://distro.ibiblio.org/tinycorelinux/">Tiny Core Linux</a> <span class="badge badge-info">GNU/Linux</span> <span class="badge badge-warning" data-toggle="tooltip" title="This software may depend on or recommend non-free software.">contrib <i class="far fa-question-circle"></i></span> - A minimal Linux operating system focusing on providing a base system using BusyBox and FLTK. The distribution is notable for its size (15 MB) and minimalism, with additional functionality
provided by extensions.</li>
<li>
<a href="https://getfedora.org/">Fedora Workstation</a>
<span class="badge badge-info">GNU/Linux</span>
- Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment.
</li>
<li>
<a href="https://debian.org/">Debian</a>
<span class="badge badge-info">GNU/Linux</span>
- Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.
</li>
</ul>

2
_includes/sections/mobile-operating-systems.html
View File

@ -22,6 +22,7 @@ description='LineageOS is a free and open-source operating system for smartphone
badges="info:AOSP"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://www.lineageos.org/"
privacy-policy="https://www.lineageos.org/legal/"
github="https://github.com/LineageOS"
%}
@ -32,6 +33,7 @@ description="Ubuntu Touch is a free and open-source operating system for smartph
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://ubuntu-touch.io/"
privacy-policy="https://ubports.com/privacy"
github="https://github.com/ubports"
%}

6
_includes/sections/notebooks.html
View File

@ -9,12 +9,13 @@ title="Joplin"
image="/assets/img/svg/3rd-party/joplin.svg"
description="Joplin is a free, open-source, and fully-featured note-taking and to-do application which can handle a large number of markdown notes organized into notebooks and tags. It offers end-to-end encryption and can sync through Nextcloud, Dropbox, and more. It also offers easy import from Evernote and plain-text notes."
website="https://joplinapp.org/"
privacy-policy="https://joplinapp.org/privacy/"
github="https://github.com/laurent22/joplin"
windows="https://joplinapp.org/#desktop-applications"
mac="https://joplinapp.org/#desktop-applications"
linux="https://joplinapp.org/#desktop-applications"
freebsd="https://www.npmjs.com/package/joplin"
googleplay="https://joplinapp.org/images/BadgeAndroid.png"
googleplay="https://play.google.com/store/apps/details?id=net.cozic.joplin"
android="https://joplinapp.org/#mobile-applications"
ios="https://itunes.apple.com/us/app/joplin/id1315599797"
firefox="https://addons.mozilla.org/en-US/firefox/addon/joplin-web-clipper/"
@ -26,6 +27,7 @@ title="Standard Notes"
image="/assets/img/svg/3rd-party/standard_notes.svg"
description='Standard Notes is a simple and private notes app that makes your notes easy and available everywhere you are. It features end-to-end encryption on every platform, and a powerful desktop experience with themes and custom editors. It has also been <a href="https://s3.amazonaws.com/standard-notes/security/Report-SN-Audit.pdf">independently audited (PDF)</a>.'
website="https://standardnotes.org/"
privacy-policy="https://standardnotes.org/privacy"
github="https://github.com/standardnotes"
windows="https://standardnotes.org/#get-started"
mac="https://standardnotes.org/#get-started"
@ -41,6 +43,7 @@ title="Turtl"
image="/assets/img/svg/3rd-party/turtl.svg"
description="Turtl lets you take notes, bookmark websites, and store documents for sensitive projects. From sharing passwords with your coworkers to tracking research on an article you're writing, Turtl keeps it all safe from everyone but you and those you share with."
website="https://turtlapp.com/"
privacy-policy="https://turtlapp.com/privacy/"
github="https://github.com/turtl"
windows="https://turtlapp.com/download/"
mac="https://turtlapp.com/download/"
@ -60,7 +63,6 @@ chrome="https://chrome.google.com/webstore/detail/turtl/dgcojenhfdjhieoglmiaheih
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://github.com/notable/notable">Notable</a> - The markdown-based note-taking app that doesn't suck.</li>
<li><a href="https://paperwork.cloud/">Paperwork</a> - An open-source and self-hosted solution. For PHP / MySQL servers.</li>
<li><a href="https://orgmode.org">Org-mode</a> - A major mode for GNU Emacs. Org-mode is for keeping notes, maintaining TODO lists, planning projects, and authoring documents with a fast and effective plain-text system. </li>
</ul>

3
_includes/sections/operating-systems.html
View File

@ -11,6 +11,7 @@ description='Qubes is an open-source operating system designed to provide strong
badges="info:Xen"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://www.qubes-os.org/"
privacy-policy="https://www.qubes-os.org/privacy/"
github="https://github.com/QubesOS"
tor="http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/"
%}
@ -22,6 +23,7 @@ description='Fedora is a Linux distribution developed by the Fedora Project and
badges="info:GNU/Linux"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://getfedora.org/"
privacy-policy="https://fedoraproject.org/wiki/Legal:PrivacyPolicy?rd=Legal/PrivacyPolicy"
git="https://src.fedoraproject.org/"
%}
@ -31,6 +33,7 @@ image="/assets/img/svg/3rd-party/debian.svg"
description='Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.'
badges="info:GNU/Linux"
website="https://www.debian.org/"
privacy-policy="https://www.debian.org/legal/privacy"
tor="http://sejnfjrq6szgca7v.onion"
gitlab="https://salsa.debian.org/qa/debsources"
%}

4
_includes/sections/participate.html
View File

@ -2,7 +2,7 @@
<h1 id="participate" class="anchor"><a href="#participate"><i class="fas fa-link anchor-icon"></i></a> Participate with suggestions and constructive criticism</h1>
</div>
<p>It's important for a website like {{ site.name }} to stay up-to-date. Keep an eye on software updates for the applications listed on our site. Follow recent news about providers that we recommend. We try our best to keep up, but we're not perfect and the internet is changing fast. If you find an error, or you think a provider should not be listed here, or a qualified service provider is missing, or a browser plugin is not the best choice anymore, or anything else... <strong>Talk to us please.</strong> You can also find us on <a rel="me" href="https://social.privacytools.io/@privacytools">our own Mastodon instance</a> or on <a href="https://chat.privacytools.io">Matrix</a> at <code class="highlighter-rouge">#general:privacytools.io</code>.</p>
<p>It's important for a website like {{ site.name }} to stay up-to-date. Keep an eye on software updates for the applications listed on our site. Follow recent news about providers that we recommend. We try our best to keep up, but we're not perfect and the internet is changing fast. If you find an error, or you think a provider should not be listed here, or a qualified service provider is missing, or a browser plugin is not the best choice anymore, or anything else... <strong>Talk to us please.</strong> You can also find us on <a href="https://chat.privacytools.io">several Matrix rooms</a> mainly <code class="highlighter-rouge">#general:privacytools.io</code>. XMPP users can join there through <a href="https://conversations.im/j/%23general%23privacytools.io@matrix.org">#general#privacytools.io@matrix.org</a>. When using our services, users should follow our <a href="https://wiki.privacytools.io/view/PrivacyTools:Code_of_Conduct">Code of Conduct</a>.</p>
<div class="row">
@ -18,7 +18,7 @@
{% include card.html color="primary"
title="Follow on Mastodon & Twitter"
image="/assets/img/svg/3rd-party/mastodon.svg"
url="https://social.privacytools.io/"
url="https://social.privacytools.io/@privacytools"
website="Mastodon"
extra_button='<a class="btn btn-primary mb-1" href="https://twitter.com/privacytoolsIO">Twitter</a>'
description="Get the latest privacy-related updates from our Mastodon Feed. Follow us today!"

6
_includes/sections/password-managers.html
View File

@ -10,6 +10,7 @@
image="/assets/img/svg/3rd-party/bitwarden.svg"
description="<strong>Bitwarden</strong> is a free and open-source password manager. It aims to solve password management problems for individuals, teams, and business organizations. Bitwarden is among the easiest and safest solutions to store all of your logins and passwords while conveniently keeping them synced between all of your devices. If you don't want to use the Bitwarden cloud, you can easily host your own Bitwarden server."
website="https://bitwarden.com/"
privacy-policy="https://bitwarden.com/privacy/"
forum="https://forum.privacytools.io/t/discussion-bitwarden/1343"
github="https://github.com/bitwarden"
web="https://vault.bitwarden.com/#/"
@ -35,6 +36,7 @@
image="/assets/img/svg/3rd-party/keepassxc.svg"
description="<strong>KeePassXC</strong> is a community fork of KeePassX, a native cross-platform port of KeePass Password Safe, with the goal to extend and improve it with new features and bugfixes to provide a feature-rich, fully cross-platform and modern open-source password manager."
website="https://keepassxc.org/"
privacy-policy="https://keepassxc.org/privacy/"
forum="https://forum.privacytools.io/t/discussion-keepassxc/1344/2"
github="https://github.com/keepassxreboot/keepassxc"
windows="https://keepassxc.org/download/#windows"
@ -55,6 +57,7 @@
image="/assets/img/svg/3rd-party/lesspass.svg"
description="<strong>LessPass</strong> is a free and open-source password manager that generates unique passwords for websites, email accounts, or anything else based on a master password and information you know. No sync needed. Uses PBKDF2 and SHA-256. It's advised to use the browser addons for more security."
website="https://lesspass.com/"
privacy-policy="https://addons.mozilla.org/en-US/firefox/addon/lesspass/privacy/"
forum="https://forum.privacytools.io/t/discussion-keepassxc/1344/2"
github="https://github.com/lesspass/lesspass"
windows="https://pypi.org/project/lesspass/"
@ -81,4 +84,7 @@
<li>
<a href="https://pwsafe.org/">Password Safe</a> - Whether the answer is one or hundreds, Password Safe allows you to safely and easily create a secured and encrypted username/password list. With Password Safe all you have to do is create and remember a single "Master Password" of your choice in order to unlock and access your entire username/password list.
</li>
<li>
<a href="https://www.passwordstore.org/">Pass</a> - Pass is a bare-bones password store that keeps passwords using gpg2 encrypted files inside a simple directory tree residing at <code>~/.password-store</code>. It has a simple terminal interface where the user can perform the usual actions, and it's functionality can be extended by plugins. It can also be used in scripts without having to input the actual password in plain text.
</li>
</ul>

1
_includes/sections/paste-services.html
View File

@ -15,6 +15,7 @@ title="CryptPad"
image="/assets/img/svg/3rd-party/cryptpad.svg"
description="CryptPad is an open-source, zero knowledge, and real-time collaborative editor. Data is encrypted/decrypted in the browser, using Salsa20 with Poly1305 to encrypt pads."
website="https://cryptpad.fr/pad/"
privacy-policy="https://cryptpad.fr/privacy.html"
forum="https://forum.privacytools.io/t/discussion-cryptpad/1270"
github="https://github.com/xwiki-labs/cryptpad"
%}

1
_includes/sections/privacy-resources.html
View File

@ -22,7 +22,6 @@
<li><a href="https://www.grc.com/securitynow.htm"><strong>Security Now!</strong></a> - Weekly Internet Security Podcast by Steve Gibson and Leo Laporte.</li>
<li><a href="https://www.jupiterbroadcasting.com/show/techsnap/"><strong>TechSNAP</strong></a> - Weekly Systems, Network, and Administration Podcast. Every week TechSNAP covers the stories that impact those of us in the tech industry.</li>
<li><a href="https://tosdr.org/"><strong>Terms of Service; Didn't Read</strong></a> - "I have read and agree to the Terms" is the biggest lie on the web. We aim to fix that.</li>
<li><a href="https://codeberg.org/crimeflare/cloudflare-tor"><strong>The Great Cloudwall</strong></a> - Critique and information on why to avoid Cloudflare, a big company with a huge portion of the internet behind it.</li>
</ul>
<h3>Tools</h3>

19
_includes/sections/productivity-tools.html
View File

@ -6,6 +6,7 @@
image="/assets/img/svg/3rd-party/cryptpad.svg"
description="<strong>CryptPad</strong> is a private-by-design alternative to popular office tools and cloud services. All content is end-to-end encrypted. It is free and open-source, enabling anyone to verify its security by auditing the code. The development team is supported by donations and grants. No registration is required, and it can be used anonymously via Tor Browser."
website="https://cryptpad.fr/"
privacy-policy="https://cryptpad.fr/privacy.html"
forum="https://forum.privacytools.io/t/discussion-cryptpad-productivity-tools/1537"
github="https://github.com/xwiki-labs/cryptpad"
web="https://cryptpad.fr/"
@ -35,6 +36,7 @@
image-dark="/assets/img/svg/3rd-party/writeas-dark.svg"
description="<strong>Write.as</strong> is a cross-platform, privacy-oriented blogging platform. It's anonymous by default, letting you publish without signing up. If you create an account, it doesn't require any personal information. No ads, distraction-free, and built on a sustainable business model."
website="https://write.as/"
privacy-policy="https://write.as/privacy"
forum="https://forum.privacytools.io/t/discussion-write-as-productivity-tools/1539"
tor="http://writeas7pm7rcdqg.onion"
git="https://code.as/writeas"
@ -56,7 +58,7 @@
<li><a href="https://dudle.inf.tu-dresden.de/anonymous/">dudle</a> - An online scheduling application, free and open-source. Schedule meetings or make small online polls. No email collection or the need of registration.</li>
<li><a href="https://framadate.org/">Framadate</a> - A free and open-source online service for planning an appointment or making a decision quickly and easily. No registration is required.</li>
<li><a href="https://www.libreoffice.org/">LibreOffice</a> - Free and open-source office suite.</li>
<li><a href="https://vscodium.com/">VSCodium</a> - Fork of Microsoft's Visual Studio Code editor without branding or telemetry.</li>
<li><a href="https://vscodium.com/">VSCodium</a> - Scripts to automatically build Microsoft's Visual Studio Code editor without branding or telemetry.</li>
</ul>
<h1 id="metadata-removal-tools" class="anchor">
@ -65,7 +67,6 @@
</a> Metadata Removal Tools
</h1>
<div class="row mb-2">
{%
include cardv2.html
title="MAT2"
@ -81,4 +82,16 @@
openbsd="https://pypi.org/project/mat2/"
netbsd="https://pypi.org/project/mat2/"
%}
</div>
{%
include cardv2.html
title="ExifCleaner"
image="/assets/img/svg/3rd-party/exifcleaner.svg"
description='<strong>ExifCleaner</strong> is a freeware, open source graphical app that uses <a href="https://exiftool.org/">ExifTool</a> to remove <a href="https://en.wikipedia.org/wiki/Exif">exif</a> metadata from images, videos, and PDF documents using a simple drag and drop interface. It supports multi-core batch processing and dark mode.'
website="https://exifcleaner.com"
forum="https://forum.privacytools.io/t/discussion-mat/TODOADDTHIS"
github="https://github.com/szTheory/exifcleaner"
windows="https://github.com/szTheory/exifcleaner/releases"
mac="https://github.com/szTheory/exifcleaner/releases"
linux="https://github.com/szTheory/exifcleaner/releases"
%}

14
_includes/sections/quotes.html
View File

@ -14,6 +14,16 @@
<footer class="blockquote-footer">Joshua in <cite title="The Crypto Paper"><a href="https://github.com/cryptoseb/CryptoPaper#let-me-explain-further">The Crypto Paper</a></cite></footer>
</blockquote>
<blockquote class="blockquote">
<p>[...] But saying that you don't need or want privacy because you have nothing to hide is to assume that no one should have, or could have, to hide anything -- including their immigration status, unemployment history, financial history, and health records. You're assuming that no one, including yourself, might object to revealing to anyone information about their religious beliefs, political affiliations, and sexual activities, as casually as some choose to reveal their movie and music tastes and reading preferences.</p>
<footer class="blockquote-footer">Edward Snowden in <cite title="Permanent Record"><a href="https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)">Permanent Record</a></cite></footer>
</blockquote>
<blockquote class="blockquote">
<p>Privacy is not a luxury [in America]: it is a right one that we need to defend in the digital realm as much as in the physical realm. We need to stay vigilant to maintain access to that right, though ... especially as technology continues to advance...</p>
<footer class="blockquote-footer">Chelsea Manning in <cite title="The Guardian"><a href="https://www.theguardian.com/commentisfree/2016/feb/22/privacy-is-a-right-not-a-luxury-and-its-increasingly-at-risk-for-lgbt-people">The Guardian</a></cite></footer>
</blockquote>
<h4>Read also:</h4>
<ul>
@ -25,8 +35,8 @@
<h1 id="quotes" class="anchor"><a href="#quotes"><i class="fas fa-link anchor-icon"></i></a> Quotes</h1>
<blockquote class="blockquote">
<p>Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.</p>
<footer class="blockquote-footer">Edward Snowden on <cite title="Just days left to kill mass surveillance under Section 215 of the Patriot Act. We are Edward Snowden and the ACLU's Jameel Jaffer. AUA."><a href="https://www.reddit.com/r/IAmA/comments/36ru89/just_days_left_to_kill_mass_surveillance_under/crglgh2">Reddit</a></cite></footer>
<p>Ultimately, saying that you don't care about privacy because you have nothing to hide is no different from saying you don't care about freedom of speech because you have nothing to say. Or that you don't care about freedom of the press because you don't like to read. Or that you don't care about freedom of religion because you don't believe in God. Or that you don't care about the freedom to peacably assemble because you're a lazy, antisocial agoraphobe. </p>
<footer class="blockquote-footer">Edward Snowden in <cite title="Permanent Record"><a href="https://en.wikipedia.org/wiki/Permanent_Record_(autobiography)">Permanent Record</a></cite></footer>
</blockquote>
<blockquote class="blockquote">

1
_includes/sections/router-firmware.html
View File

@ -19,6 +19,7 @@ description="pfSense is an open source firewall/router computer software distrib
badges="info:BSD"
labels="warning:contrib:This software may depend on or recommend non-free software."
website="https://www.pfsense.org/"
privacy-policy="https://www.pfsense.org/privacy.html"
github="https://github.com/pfsense/"
%}

54
_includes/sections/search-engines.html
View File

@ -1,60 +1,56 @@
<h1 id="search" class="anchor"><a href="#search"><i class="fas fa-link anchor-icon"></i></a> Privacy Respecting Search Engines</h1>
<div class="alert alert-warning" role="alert">
<strong> If you are currently using search engines like Google, Bing, or Yahoo, you should pick an alternative here. </strong>
<strong>If you are currently using search engines like Google, Bing, or Yahoo, you should pick an alternative here.</strong>
</div>
{% include cardv2.html
title="searx - Decentral"
{%
include cardv2.html
title="Searx"
image="/assets/img/svg/3rd-party/searx.svg"
description='searx is an <a href="https://github.com/asciimoo/searx">open-source</a> metasearch engine, aggregating the results of other search engines while not storing information about its users. No logs, no ads and no tracking. There is a <a href="https://github.com/asciimoo/searx/wiki/Searx-instances">list of public instances</a>, or you can try <a href="https://search.privacytools.io/">the PrivacyTools Search</a>'
description='Searx is an <a href="https://github.com/asciimoo/searx">open-source</a>, self-hostable, metasearch engine, aggregating the results of other search engines while not storing information about its users. There is a <a href="https://searx.space/">list of public instances</a> or you can try the <a href="https://search.privacytools.io/">PrivacyTools instance</a>.'
website="https://searx.me/"
tor="http://ulrn6sryqaifefld.onion"
forum="https://forum.privacytools.io/t/discussion-searx/283"
github="https://github.com/asciimoo/searx"
%}
{% include cardv2.html
title="DuckDuckGo - USA"
{%
include cardv2.html
title="DuckDuckGo"
image="/assets/img/svg/3rd-party/duckduckgo.svg"
description='DuckDuckGo is a "search engine that doesn\'t track you." Some of DuckDuckGo\'s code is free software hosted at GitHub, but the core is proprietary. <span class="flag-icon flag-icon-us"></span> <a href="../../providers/#ukusa">The company is based in the USA.</a>'
description='DuckDuckGo is a "search engine that doesn\'t track you." Some of DuckDuckGo\'s code is free software hosted at GitHub, but the core is proprietary. <span class="flag-icon flag-icon-us"></span> <a href="../../providers/#ukusa"> The company is based in the USA.</a>'
website="https://duckduckgo.com/"
privacy-policy="https://duckduckgo.com/privacy"
tor="http://3g2upl4pq6kufc4m.onion"
forum="https://forum.privacytools.io/t/discussion-duckduckgo/285"
github="https://github.com/duckduckgo"
%}
{% include cardv2.html
title="Qwant - France"
image="/assets/img/svg/3rd-party/qwant.svg"
description='Qwant is a search engine with its philosophy based on two principles: no user tracking and no filter bubble. Qwant was launched in France in February 2013.'
website="https://www.qwant.com/"
forum="https://forum.privacytools.io/t/discussion-qwant/286"
github="https://github.com/Qwant/"
%}
{% include cardv2.html
title="StartPage - Netherlands"
title="StartPage"
image="/assets/img/svg/3rd-party/startpage.svg"
description='StartPage is a search engine that provides Google search results with complete privacy protection. Behind StartPage is a European company that has been obsessive about privacy since 2006.'
description='StartPage is a search engine that provides Google search results with complete privacy protection. <span class="flag-icon flag-icon-nl"></span> Behind StartPage is a European company based in the Netherlands that has been obsessive about privacy since 2006.'
labels="warning:<a href=//support.startpage.com/index.php?/Knowledgebase/Article/View/1277/0/startpage-ceo-robert-beens-discusses-the-investment-from-privacy-one--system1>Warning</a>:StartPage was recently acquired by an advertising company."
website="https://www.startpage.com/"
forum="https://forum.privacytools.io/t/delisted-discussion-startpage/284"
%}
<h3>Firefox Addon</h3>
<ul>
<li>
<a href="https://addons.mozilla.org/firefox/addon/google-search-link-fix/">Google search link fix</a> - Firefox extension that prevents Google and Yandex search pages from modifying search result links when you click them. This is useful when
copying links but it also helps privacy by preventing the search engines from recording your clicks. (<a href="https://github.com/palant/searchlinkfix">Open Source</a>)
</li>
</ul>
{%
include cardv2.html
title="Qwant"
image="/assets/img/svg/3rd-party/qwant.svg"
description='Qwant is a search engine with its philosophy based on two principles: no user tracking and no filter bubble. <span class="flag-icon flag-icon-fr"></span> <a href="../../providers/#ukusa"> The company is based in France.</a>'
website="https://www.qwant.com/"
privacy-policy="https://about.qwant.com/legal/privacy/"
forum="https://forum.privacytools.io/t/discussion-qwant/286"
github="https://github.com/Qwant/"
%}
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://yacy.net/">YaCy</a> - A free-software P2P search engine powered by its users.</li>
<li><a href="https://metager.de/en/">MetaGer</a> - An open-source metasearch engine, which is based in Germany. It focuses on protecting the user's privacy.</li>
<li><a href="https://www.mojeek.com/">Mojeek</a> - Independent and unbiased search results with no user tracking.</li>
<li><a href="https://metager.org/">MetaGer</a> - An <a href="https://gitlab.metager.de/open-source/MetaGer">open-source</a>, metasearch engine run as a non-profit based in Germany. (<a href="https://metager.org/datenschutz">Privacy Policy</a>)</li>
<li><a href="https://www.mojeek.com/">Mojeek</a> - An independent search engine based in the UK, and the <a href="https://blog.mojeek.com/2018/10/search-that-does-not-follow-you-around.html">first search engine to have a policy of not tracking its users.</a> (<a href="https://www.mojeek.com/about/privacy/">Privacy Policy</a>)</li>
<li><a href="https://yacy.net/">YaCy</a> - An <a href="https://github.com/yacy/yacy_search_server">open-source</a>, peer-to-peer search engine powered by its users.</li>
</ul>

54
_includes/sections/selfhosted-cloud.html
View File

@ -5,35 +5,37 @@
</div>
{% include cardv2.html
title="Nextcloud"
image="/assets/img/svg/3rd-party/nextcloud.svg"
description="<strong>Nextcloud</strong> is a suite of client-server software for creating your own file hosting services on a private server you control. Nextcloud is free and open-source, and supports end-to-end encryption with many of its clients. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
website="https://nextcloud.com/"
forum="https://forum.privacytools.io/t/discussion-nextcloud/287"
windows="https://nextcloud.com/install/#install-clients"
mac="https://nextcloud.com/install/#install-clients"
linux="https://nextcloud.com/install/#install-clients"
freebsd="https://www.freshports.org/www/nextcloud/"
openbsd="http://openports.se/www/nextcloud"
netbsd="http://pkgsrc.se/www/php-nextcloud"
fdroid="https://f-droid.org/packages/com.nextcloud.client/"
googleplay="https://play.google.com/store/apps/details?id=com.nextcloud.client"
ios="https://itunes.apple.com/us/app/nextcloud/id1125420102?mt=8"
github="https://github.com/nextcloud"
title="Nextcloud"
image="/assets/img/svg/3rd-party/nextcloud.svg"
description="<strong>Nextcloud</strong> is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. The only limits on storage and bandwidth are the limits on the <a href=\"/providers/hosting\">server provider</a> you choose."
labels="warning:<a href=//github.com/nextcloud/end_to_end_encryption/issues/111>Experimental E2EE</a>:Regarding E2EE their description states 'End-to-end encryption is still in alpha state, don't use this in production and only with test data!'."
website="https://nextcloud.com/"
privacy-policy="https://nextcloud.com/privacy/"
forum="https://forum.privacytools.io/t/discussion-nextcloud/287"
windows="https://nextcloud.com/install/#install-clients"
mac="https://nextcloud.com/install/#install-clients"
linux="https://nextcloud.com/install/#install-clients"
freebsd="https://www.freshports.org/www/nextcloud/"
openbsd="http://openports.se/www/nextcloud"
netbsd="http://pkgsrc.se/www/php-nextcloud"
fdroid="https://f-droid.org/packages/com.nextcloud.client/"
googleplay="https://play.google.com/store/apps/details?id=com.nextcloud.client"
ios="https://itunes.apple.com/us/app/nextcloud/id1125420102"
github="https://github.com/nextcloud"
%}
{% include cardv2.html
title="Tahoe-LAFS"
image="/assets/img/svg/3rd-party/tahoe-lafs.svg"
image-dark="/assets/img/svg/3rd-party/tahoe-lafs-dark.svg"
website="https://www.tahoe-lafs.org/"
forum="https://forum.privacytools.io/t/discussion-tahoe-lafs/1662"
description="Tahoe-LAFS is a free and open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security."
windows="https://github.com/tahoe-lafs/tahoe-lafs#via-pip"
mac="https://github.com/tahoe-lafs/tahoe-lafs#via-pip"
linux="https://github.com/tahoe-lafs/tahoe-lafs#using-os-packages"
netbsd="http://pkgsrc.se/filesystems/tahoe-lafs"
git="https://www.tahoe-lafs.org/trac/tahoe-lafs/browser"
title="Tahoe-LAFS"
image="/assets/img/svg/3rd-party/tahoe-lafs.svg"
image-dark="/assets/img/svg/3rd-party/tahoe-lafs-dark.svg"
website="https://www.tahoe-lafs.org/"
forum="https://forum.privacytools.io/t/discussion-tahoe-lafs/1662"
description="Tahoe-LAFS is a free and open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security."
windows="https://github.com/tahoe-lafs/tahoe-lafs#via-pip"
mac="https://github.com/tahoe-lafs/tahoe-lafs#via-pip"
linux="https://github.com/tahoe-lafs/tahoe-lafs#using-os-packages"
netbsd="http://pkgsrc.se/filesystems/tahoe-lafs"
git="https://www.tahoe-lafs.org/trac/tahoe-lafs/browser"
%}
<h3>Worth Mentioning</h3>

22
_includes/sections/social-networks.html
View File

@ -59,17 +59,23 @@ web="https://pixelfed.org/"
%}
{% include cardv2.html
title="GNU social - Twitter Alternative"
image="/assets/img/svg/3rd-party/gnu_social.svg"
description="GNU social is social-communication software for both public and private communications. It is widely supported and has a large userbase. It is already used by the Free Software Foundation."
website="https://gnu.io/social/"
forum="https://forum.privacytools.io/t/discussion-gnu-social/292"
gitlab="https://git.gnu.io/gnu/gnu-social/"
web="https://gnu.io/social/"
title="Pleroma - Twitter Alternative"
image="/assets/img/svg/3rd-party/pleroma.svg"
description="Pleroma is a free, federated social networking server built on open protocols. It is compatible with Mastodon and many other ActivityPub and OStatus implementations."
website="https://pleroma.social"
forum="https://forum.privacytools.io/t/discussion-pleroma/2307"
gitlab="https://git.pleroma.social/pleroma/pleroma/"
windows="https://docs-develop.pleroma.social/backend/clients/#desktop"
mac="https://docs-develop.pleroma.social/backend/clients/#desktop"
linux="https://docs-develop.pleroma.social/backend/clients/#desktop"
android="https://docs-develop.pleroma.social/backend/clients/#handheld"
fdroid="https://docs-develop.pleroma.social/backend/clients/#handheld"
googleplay="https://docs-develop.pleroma.social/backend/clients/#handheld"
ios="https://docs-develop.pleroma.social/backend/clients/#handheld"
web="https://docs-develop.pleroma.social/backend/clients/#alternative-web-interfaces"
%}
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://www.minds.com/">Minds</a> - An <a href="https://gitlab.com/minds">open-source</a> and distributed social networking service, integrating the blockchain to reward the community.</li>
<li><a href="https://movim.eu/">Movim</a> - A federated social platform that relies on the XMPP standard and therefore allows you to exchange with many other clients on all devices.</li>
</ul>

3
_includes/sections/social-news-aggregator.html
View File

@ -9,6 +9,7 @@ title="Aether"
image="/assets/img/svg/3rd-party/aether.svg"
description='<a href="https://github.com/nehbit/aether/blob/master/LICENSE.md">Aether is a free and open-source</a> decentralized social news aggregator with a built-in voting system.'
website="https://getaether.net/"
privacy-policy="https://getaether.net/privacypolicy/"
forum="https://forum.privacytools.io/t/discussion-aether/1256"
github="https://github.com/nehbit/aether"
windows="https://getaether.net/download/"
@ -21,6 +22,7 @@ title="Tildes"
image="/assets/img/svg/3rd-party/tildes.svg"
description='Tildes is a web-based self-hostable online bulletin board. It is licensed under <a href="https://gitlab.com/tildes/tildes/blob/master/LICENSE">GPL 3.0</a>.'
website="https://tildes.net"
privacy-policy="https://docs.tildes.net/policies/privacy-policy"
forum="https://forum.privacytools.io/t/discussion-tildes/1257"
gitlab="https://gitlab.com/tildes/tildes"
web="https://tildes.net"
@ -31,6 +33,7 @@ title="Raddle"
image="/assets/img/png/3rd-party/raddle.png"
description="Raddle is a public Postmill instance focused on privacy and anti-censorship."
website="https://raddle.me"
privacy-policy="https://raddle.me/wiki/privacy_policy"
forum="https://forum.privacytools.io/t/discussion-raddle/1258"
gitlab="https://gitlab.com/postmill/"
web="https://raddle.me"

25
_includes/sections/teamchat.html
View File

@ -1,17 +1,22 @@
<h1 id="teamchat" class="anchor"><a href="#teamchat"><i class="fas fa-link anchor-icon"></i></a> Team Chat Platforms</h1>
<h1 id="teamchat" class="anchor">
<a href="#teamchat">
<i class="fas fa-link anchor-icon"></i>
</a> Team Chat Platforms
</h1>
<div class="alert alert-warning" role="alert">
<strong>If your project or organization currently uses a platform like <a href="https://tosdr.org/#discord">Discord</a> or <a href="https://drewdevault.com/2015/11/01/Please-stop-using-slack.html">Slack</a> you should pick an alternative here.</strong>
<strong>If your project or organization currently uses a platform like <a href="https://tosdr.org/#discord">Discord</a> or <a href="https://drewdevault.com/2015/11/01/Please-stop-using-slack.html">Slack</a> you should pick an alternative here.</strong>
</div>
{%
include cardv2.html
title="Matrix"
image="/assets/img/svg/3rd-party/matrix.svg"
image-dark="/assets/img/svg/3rd-party/matrix-dark.svg"
description='<a href="https://matrix.org/docs/guides/introduction">Matrix</a> is an open-source project that publishes the <a href="https://matrix.org/docs/spec">Matrix open standard</a> for secure, decentralized, real-time communication.<br />
<a href="https://en.wikipedia.org/wiki/Riot.im">Riot.im</a> is the popular reference client produced by the Matrix.org team. It offers optional E2EE for 1:1 and group conversations that <strong>must</strong> be turned on by the user. (This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security &amp; Privacy → Encrypted). In the future it will be <a href="https://github.com/vector-im/riot-web/issues/6779">on by default.</a>'
title="Riot"
image="/assets/img/svg/3rd-party/riotim.svg"
description='<a href="//about.riot.im">Riot.im</a> is the reference client for the <a href="//matrix.org/docs/guides/introduction">Matrix</a> network. The <a href="//matrix.org/docs/spec">Matrix open standard</a> is an open-source standard for secure, decentralized, real-time communication.<br />'
labels="warning:<a href=//github.com/vector-im/riot-web/issues/6779>Warning</a>:Riot offers optional E2EE for 1&#x3a;1 and group conversations that must be turned on by the user.
(This can be done by clicking on the toggle switch which is accessed by clicking the room name or user name of the chat → Security &amp; Privacy → Encrypted).|success:VoIP"
website="https://about.riot.im/"
privacy-policy="https://riot.im/privacy"
forum="https://forum.privacytools.io/t/discussion-riot-im/665/"
github="https://github.com/vector-im/riot-web/"
windows="https://riot.im/download/desktop/"
@ -28,8 +33,9 @@
title="Rocket.chat"
image="/assets/img/svg/3rd-party/rocketchat.svg"
description="Rocket.chat is an self-hostable open source platform for team communication. It has optional federation and experimental E2EE."
labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental E2EE</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. Federation was also added afterwards, potentially causing room for mistakes."
labels="warning:<a href=//rocket.chat/docs/user-guides/end-to-end-encryption/>Experimental E2EE</a>:Regarding E2EE their documentation states 'This feature is currently in alpha. It's also not yet supported on mobile'. There is no forward secrecy so compromised decryption password would leak all messages. Federation was also added afterwards, potentially causing room for mistakes.|success:VoIP"
website="https://rocket.chat/"
privacy-policy="https://rocket.chat/privacy"
forum="https://forum.privacytools.io/t/discussion-rocket-chat/1223"
github="https://github.com/rocketchat/"
windows="https://rocket.chat/install"
@ -44,9 +50,10 @@
include cardv2.html
title="Keybase"
image="/assets/img/svg/3rd-party/keybase.svg"
description='Keybase provides a hosted team chat with E2EE. Its protocol has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>. Keybase can help you prove you own social media accounts though the use of cryptographic signing of "<a href="https://en.wikipedia.org/wiki/Keybase#Identity_proofs">identity proofs</a>".'
description='Keybase provides a hosted team chat with E2EE. Its protocol has also been <a href="https://keybase.io/docs-assets/blog/NCC_Group_Keybase_KB2018_Public_Report_2019-02-27_v1.3.pdf">indepedently audited (PDF)</a>. Keybase can help you prove you own social media accounts through the use of cryptographic signing of "<a href="https://en.wikipedia.org/wiki/Keybase#Identity_proofs">identity proofs</a>".'
labels="warning:<a href=github.com/keybase/client/issues/6374>Warning</a>:This software relies on a closed-source central server."
website="https://keybase.io/"
privacy-policy="https://keybase.io/docs/privacypolicy"
forum="https://forum.privacytools.io/t/discussion-keybase/1224"
tor="http://keybase5wmilwokqirssclfnsqrjdsi7jdir5wy7y7iu3tanwmtp6oid.onion/"
github="https://github.com/Keybase"

5
_includes/sections/voice-video-messenger.html
View File

@ -1,13 +1,14 @@
<h1 id="voip" class="anchor"><a href="#voip"><i class="fas fa-link anchor-icon"></i></a> Video/Voice Calling</h1>
<div class="alert alert-warning" role="alert">
<strong>If you are currently using a Video/Voice Calling app like Skype, Viber or Google Hangouts, you should pick an alternative here.</strong> Please note that many of the above instant messengers also support <span class="badge badge-success">VoIP</span>. The software listed below are <em>primarily</em> Voice/Video focused.
<strong>If you are currently using a Video/Voice Calling app like Google Hangouts, Skype, Viber or <a href="https://blog.privacytools.io/protecting-your-privacy-while-using-zoom-at-home/">Zoom</a>, you should pick an alternative here.</strong> Please note that many of the above instant messengers also support <span class="badge badge-success">VoIP</span>. The software listed below are <em>primarily</em> Voice/Video focused.
</div>
{% include cardv2.html
title="Linphone"
image="/assets/img/svg/3rd-party/linphone.svg"
website="https://www.linphone.org/"
privacy-policy="https://www.linphone.org/terms-and-privacy"
description="Linphone is an open-source SIP Phone and a free voice over IP service, available on mobile and desktop environments and on web browsers. It supports ZRTP for end-to-end encrypted voice and video communication."
forum="https://forum.privacytools.io/t/discussion-linphone/751"
github="https://github.com/BelledonneCommunications"
@ -36,7 +37,7 @@ ios="https://apps.apple.com/us/app/mumble/id443472808?ls=1"
<h3>Worth Mentioning</h3>
<ul>
<li><a href="https://jitsi.org/">Jitsi Meet</a> - Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application. <span class="badge badge-warning" data-toggle="tooltip" title="Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.">Requires WebRTC</span></li>
<li><a href="https://jitsi.org/jitsi-meet/">Jitsi Meet</a> - Jitsi Meet is a free and open-source multiplatform voice (VoIP), video conferencing, and instant messaging application. <span class="badge badge-warning" data-toggle="tooltip" title="Our Firefox tweaks recommend disabling WebRTC as it can be used to leak your IP address even behind a VPN, which is why Tor Browser disables it.">Requires WebRTC</span> <a href="https://github.com/jitsi/jitsi-meet/blob/master/README.md#security"<span class="badge badge-warning" >Jitsi Meet streams are decrypted on the server.</span></a> See also <a href="https://github.com/jitsi/jitsi-meet/wiki/Jitsi-Meet-Instances">list of public Jitsi Meet instances</a>.</li>
</ul>
<h3>Related Information</h3>

113
_includes/sections/vpn.html
View File

@ -1,7 +1,7 @@
<h1 id="vpn" class="anchor"><a href="#vpn"><i class="fas fa-link anchor-icon"></i></a> Recommended VPN Service</h1>
<h1 id="vpn" class="anchor"><a href="#vpn"><i class="fas fa-link anchor-icon"></i></a> Recommended VPN Services</h1>
<div class="alert alert-success" role="alert">
<strong>Our recommended provider is outside the US, uses encryption, accepts Bitcoin, supports OpenVPN, and has a no logging policy. <a href="/providers/vpn/#criteria">Read our full list of criteria for more information</a>.</strong>
<strong>Our recommended providers are outside the US, use encryption, accept Bitcoin, support OpenVPN, and have a no logging policy. <a href="/providers/vpn/#criteria">Read our full list of criteria for more information</a>.</strong>
</div>
<div class="container-fluid">
@ -17,89 +17,96 @@
alt="Mullvad">
</div>
<div class="col">
<h2>Mullvad <span class="badge badge-info">EUR €60/Year</span></h2>
<p><strong>Mullvad</strong> is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since <strong>2009</strong>. It is the only VPN provider that currently meets our criteria for recommendation. Mullvad is based in <span class="flag-icon flag-icon-se"></span> Sweden and does not have a free trial. Visit <a href="https://mullvad.net/">mullvad.net</a> to create an account.</p>
<h5><span class="badge badge-success">406+ Servers</span></h5>
<p>Mullvad has 409 servers in 39 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.</p>
<h5><span class="badge badge-success">WireGuard Support</span></h5>
<p>In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
<h2 id="mullvad" class="anchor">
<a href="#mullvad"><i class="fas fa-link anchor-icon"></i></a> Mullvad
<span class="badge badge-info">EUR €60/y</span>
</h2>
<p><strong><a href="https://mullvad.net/">Mullvad.net</a> </strong> is a fast and inexpensive VPN with a serious focus on transparency and security. They have been in operation since <strong>2009</strong>. Mullvad is based in <span class="flag-icon flag-icon-se"></span> Sweden and does not have a free trial.</p>
<h5><span class="badge badge-success">35 Countries</span></h5>
<p>Mullvad has <a href="https://mullvad.net/en/servers/">servers in 35 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5><span class="badge badge-success">Independently Audited</span></h5>
<p>Mullvad's VPN clients have been audited by Cure53 and Assured AB in a pentest report <a href="https://cure53.de/pentest-report_mullvad_v2.pdf">published at cure53.de</a>. The security researchers concluded:</p>
<blockquote class="blockquote">
<p class="mb-0">...Cure53 and Assured AB are happy with the results of the audit and the software leaves an overall positive impression. With security dedication of the in-house team at the Mullvad VPN compound, the testers have no doubts about the project being on the right track from a security standpoint.</p>
</blockquote>
<h5><span class="badge badge-success">IPv6 Support</span></h5>
<p>Mullvad supports the future of networking <a href="https://en.wikipedia.org/wiki/IPv6">IPv6</a>. Their network allows users to <a href="https://mullvad.net/en/blog/2014/9/15/ipv6-support/">access services hosted on IPv6</a> as opposed to other providers who block IPv6 connections.</p>
<h5><span class="badge badge-success">Remote port forwarding</span></h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p>
<h5><span class="badge badge-success">Open Source Clients</span></h5>
<p>Mullvad provides the source code for their desktop and mobile clients in their <a href="https://github.com/mullvad/mullvadvpn-app">GitHub organization</a>.</p>
<h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
<p>Mullvad in addition to accepting credit/debit cards and PayPal, accepts <strong>Bitcoin</strong>, <strong>Bitcoin Cash</strong>, and <strong>cash/local currency</strong> as anonymous forms of payment. They also accept Swish and bank wire transfers.</p>
<h5><span class="badge badge-warning">No Mobile Clients</span></h5>
<p>While iOS and Android clients are reportedly in the works, mobile users will need to use a traditional OpenVPN client and configuration files, which are a bit more difficult to configure.</p>
<h5><span class="badge badge-success">WireGuard Support</span></h5>
<p>In addition to standard OpenVPN connections, Mullvad supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
<h5><span class="badge badge-success">IPv6 Support</span></h5>
<p>Mullvad supports the future of networking <a href="https://en.wikipedia.org/wiki/IPv6">IPv6</a>. Their network allows users to <a href="https://mullvad.net/en/blog/2014/9/15/ipv6-support/">access services hosted on IPv6</a> as opposed to other providers who block IPv6 connections.</p>
<h5><span class="badge badge-success">Remote Port Forwarding</span></h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is allowed on Mullvad, see <a href="https://mullvad.net/help/port-forwarding-and-mullvad/">Port forwarding with Mullvad VPN</a>.</p>
<h5><span class="badge badge-success">Mobile Clients</span></h5>
<p>Mullvad has published <a href ="https://apps.apple.com/app/mullvad-vpn/id1488466513">iOS</a> and <a href="https://play.google.com/store/apps/details?id=net.mullvad.mullvadvpn">Android</a> clients, both supporting an easy-to use interface as opposed to requiring users to manual configure their WireGuard connections.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>The Mullvad VPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. The Mullvad website is also accessible via Tor at <a href="http://xcln5hkbriyklr6n.onion/">xcln5hkbriyklr6n.onion</a>.</p>
</div>
</div>
</div>
<div class="alert alert-warning" role="alert">
<strong>Note: Using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.</strong>
</div>
<h1 id="vpn" class="anchor"><a href="#worth-mentioning"><i class="fas fa-link anchor-icon"></i></a> Other Providers Worth Mentioning</h1>
<div class="container-fluid">
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img src="/assets/img/svg/3rd-party/protonvpn.svg" height="70" width="200" class="img-fluid d-block mr-auto ml-auto align-middle" alt="ProtonVPN">
</div>
<div class="col">
<h2>ProtonVPN <span class="badge badge-info">Free</span> <span class="badge badge-info">USD $96/year</span></h2>
<p><strong>ProtonVPN</strong> is a strong contender in the VPN space, and they have been in operation since <strong>2016</strong>. ProtonVPN is based in <span class="flag-icon flag-icon-ch"></span> Switzerland and offers a limited free pricing tier, as well as premium options. Unfortunately due to its lack of an independent security audit it does not meet the complete criteria for recommendation, see our notes below.</p>
<h5><span class="badge badge-danger">Not Audited</span></h5>
<p>ProtonVPN has not undergone a security audit by an independent third party, and therefore cannot be strongly recommended at this time. We have still chosen to list it on this page with the assumption that an audit will be published soon:</p>
<blockquote class="blockquote">
<p class="mb-0">We are currently undergoing a complete security audit of our VPN applications by a reputable Swiss security company. The results of the audit will be summarized in a public report for cases like this.</p>
<footer class="blockquote-footer">Marc Loebekken, ProtonVPN AG Legal counsel</footer>
</blockquote>
<p>We will reevaluate this listing at the end of Q1 2020 or when the aforementioned report has been published, whichever is sooner.
<h5><span class="badge badge-success">526+ Servers</span></h5>
<p>ProtonVPN has 526 servers in 42 countries at the time of writing this page. Typically the more servers a provider offers, the better: With hundreds of servers in operation, you are far more likely to find a fast connection and a server geographically closest to you.</p>
<h2 id="protonvpn" class="anchor">
<a href="#protonvpn"><i class="fas fa-link anchor-icon"></i></a> ProtonVPN
<span class="badge badge-info">Free</span>
<span class="badge badge-info">Basic USD $48/y</span>
<span class="badge badge-secondary">Plus USD $96/y</span>
</h2>
<p><strong><a href="https://protonvpn.com/">ProtonVPN.com</a></strong> is a strong contender in the VPN space, and they have been in operation since <strong>2016</strong>. ProtonVPN is based in <span class="flag-icon flag-icon-ch"></span> Switzerland and offers a limited free pricing tier, as well as premium options. They offer a further 14% discount for buying a 2 year subscription.</p>
<h5><span class="badge badge-success">44 Countries</span></h5>
<p>ProtonVPN has <a href="https://protonvpn.com/vpn-servers">servers in 44 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5><span class="badge badge-success">Independently Audited</span></h5>
<p>As of January 2020 ProtonVPN has undergone an independent audit by SEC Consult. SEC Consult found some medium and low risk vulnerabilities in ProtonVPN's Windows, Android, and iOS applications, all of which were "properly fixed" by ProtonVPN before the reports were published. None of the issues identified would have provided an attacker remote access to a user's device or traffic. You can view individual reports for each platform at <a href="https://protonvpn.com/blog/open-source/">protonvpn.com</a>.
<h5><span class="badge badge-success">Open Source Clients</span></h5>
<p>ProtonVPN provides the source code for their desktop and mobile clients in their <a href="https://github.com/ProtonVPN">GitHub organization</a>.</p>
<h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
<p>ProtonVPN does technically accept Bitcoin payments; however, you either need to have an existing account, or contact their support team in advance to register with Bitcoin.</p>
<h5><span class="badge badge-success">Mobile Clients</span></h5>
<p>In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for iOS or Android allowing for easy connections to their servers.</p>
<p>In addition to providing standard OpenVPN configuration files, ProtonVPN has mobile clients for <a href="https://apps.apple.com/us/app/protonvpn-fast-secure-vpn/id1437005085">iOS</a> and <a href="https://play.google.com/store/apps/details?id=ch.protonvpn.android&hl=en_US">Android</a> allowing for easy connections to their servers.</p>
<h5><span class="badge badge-warning">No Port Forwarding</span></h5>
<p>ProtonVPN does not currently support remote port forwarding, which may impact some applications. Especially Peer-to-Peer applications like Torrent clients.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>The ProtonVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using the official Tor Browser for this purpose.</p>
<p>The ProtonVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. ProtonVPN also offers "Tor" servers allowing you to easily connect to onion sites, but we still strongly recommend using <a href="https://www.torproject.org/">the official Tor Browser</a> for this purpose.</p>
</div>
</div>
<div class="row mb-2">
<div class="col-lg-3 col-sm-12 pt-lg-5">
<img src="/assets/img/svg/3rd-party/ivpn.svg" height="70" width="200" class="img-fluid d-block mr-auto ml-auto align-middle" alt="IVPN">
</div>
<div class="col">
<h2>
IVPN
<span class="badge badge-info">Standard USD $60/Year</span>
<span class="badge badge-secondary">Pro USD $100/Year</span>
<h2 id="ivpn" class="anchor">
<a href="#ivpn"><i class="fas fa-link anchor-icon"></i></a> IVPN
<span class="badge badge-info">Standard USD $60/y</span>
<span class="badge badge-secondary">Pro USD $100/y</span>
</h2>
<p><strong>IVPN</strong> is another strong premium VPN provider, and they have been in operation since <strong>2009</strong>. IVPN is based in <span class="flag-icon flag-icon-gi"></span> Gibraltar and offers a 3 day free trial. Unfortunately, due to its lack of an independent security audit, it does not meet the complete criteria for recommendation, see our notes below.</p>
<h5><span class="badge badge-danger">No Security Audit</span></h5>
<p>IVPN has undergone a <a href="https://cure53.de/audit-report_ivpn.pdf">no-logging audit from Cure53</a> which concluded in agreement with IVPN's no-logging claim. However, IVPN has not undergone a more comprehensive security audit by an independent third party, and therefore cannot be strongly recommended at this time.</p><p>We have still chosen to list it on this page with the assumption that an audit will be published soon. <a href="https://nitter.net/ivpnnet/status/1181954975687163905">IVPN has hired Cure53</a> to undertake a comprehensive audit covering the IVPN website, public and internal server infrastucture. They expect the audit to begin in November 2019 and be completed by the 6 auditors in January 2020.</p>
<h5><span class="badge badge-success">77+ Servers</span></h5>
<p>IVPN has 77 servers in 31 countries at the time of writing this page. Typically the more servers a provider offers, the better. IVPN has a decent (but not exceptional) server count that will most likely provide adequate coverage to most users.</p>
<h5><span class="badge badge-success">Remote port forwarding</span></h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
<p><strong><a href="https://www.ivpn.net">IVPN.net</a></strong> is another premium VPN provider, and they have been in operation since <strong>2009</strong>. IVPN is based in <span class="flag-icon flag-icon-gi"></span> Gibraltar and offers a 3 day free trial.</p>
<h5><span class="badge badge-success">32 Countries</span></h5>
<p>IVPN has <a href="https://www.ivpn.net/server-locations">servers in 32 countries</a> at the time of writing this page. Picking a VPN provider with a server nearest to you will reduce latency of the network traffic you send. This is because of a shorter route (less hops) to the destination.</p>
<p>We also think it's better for the security of the VPN provider's private keys if they use <a href="https://en.wikipedia.org/wiki/Dedicated_hosting_service">dedicated servers</a>, instead of cheaper shared solutions (with other customers) such as <a href="https://en.wikipedia.org/wiki/Virtual_private_server">virtual private servers</a>.</p>
<h5><span class="badge badge-success">Independently Audited</span></h5>
<p>IVPN has undergone a <a href="https://cure53.de/audit-report_ivpn.pdf">no-logging audit from Cure53</a> which concluded in agreement with IVPN's no-logging claim. IVPN has also completed a <a href="https://cure53.de/summary-report_ivpn_2019.pdf">comprehensive pentest report Cure53</a> in January 2020. IVPN has also said they plan to have <a href="https://www.ivpn.net/blog/independent-security-audit-concluded">annual reports</a> in the future.</p>
<h5><span class="badge badge-success">Open Source Clients</span></h5>
<p>As of Feburary 2020 <a href="https://www.ivpn.net/blog/ivpn-applications-are-now-open-source">IVPN applications are now open source</a>. Source code can be obtained from their <a href="https://github.com/ivpn">GitHub organization</a>.</p>
<h5><span class="badge badge-success">Accepts Bitcoin</span></h5>
<p>In addition to accepting credit/debit cards and PayPal, IVPN accepts <strong>Bitcoin</strong> and <strong>cash/local currency</strong> (on annual plans) as anonymous forms of payment.</p>
<h5><span class="badge badge-success">WireGuard Support</span></h5>
<p>In addition to standard OpenVPN connections, IVPN supports WireGuard. WireGuard is an experimental protocol with theoretically better security and higher reliability, although it is not currently recommended for production use.</p>
<h5><span class="badge badge-success">Remote Port Forwarding</span></h5>
<p>Remote <a href="https://en.wikipedia.org/wiki/Port_forwarding">port forwarding</a> is possible with a Pro plan. Port forwarding <a href="https://www.ivpn.net/knowledgebase/81/How-do-I-activate-port-forwarding.html">can be activated</a> via the client area. Port forwarding is only available on IVPN when <a href="https://www.ivpn.net/knowledgebase/116/Port-forwarding-is-not-working-why.html">using OpenVPN and is disabled on US servers</a>.</p>
<h5><span class="badge badge-success">Mobile Clients</span></h5>
<p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for iOS or Android allowing for easy connections to their servers.</p>
<p>In addition to providing standard OpenVPN configuration files, IVPN has mobile clients for <a href="https://apps.apple.com/us/app/ivpn-serious-privacy-protection/id1193122683">iOS</a> and <a href="https://play.google.com/store/apps/details?id=net.ivpn.client">Android</a> allowing for easy connections to their servers.</p>
<h5><span class="badge badge-info">Extra Functionality</span></h5>
<p>The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "AntiTracker" functionality, which blocks advertising networks and trackers from the network level.</p>
<p>The IVPN clients have a built-in killswitch to block internet connections outside of the VPN. They also are able to automatically start on boot. IVPN also provides "<a href="https://www.ivpn.net/antitracker">AntiTracker</a>" functionality, which blocks advertising networks and trackers from the network level.</p>
</div>
</div>
</div>
<div class="alert alert-warning" role="alert">
<strong>Note: Using a VPN provider will not make you anonymous, but it will give you better privacy in certain situations. A VPN is not a tool for illegal activities. Don't rely on a "no log" policy.</strong>
</div>