1
0
Fork 0
9x0rg.com/content/posts/tech/my-privacy-tools.md

21 KiB
Raw Blame History

title date draft tags author hidemeta ShowReadingTime ShowPostNavLinks showtoc cover
My Privacy Tools 2024-04-16T14:12:00+02:00 false
Data Privacy
Tech
Tools
Software
Olivier Falcoz false true true false
image alt caption
/images/ <alt text> <text>

Let's leave planet GAFAM NATU BATX by David Revoy

Image credit: "Lets leave planet GAFAM NATU BATX" by David Revoy for Framasoft CC-BY 4.0

Why Privacy & Security Matter

Others wrote it much earlier and much better than I could:

Parce que vous vous foutez de vos libertés, ce sont les miennes qui disparaissent -- @aeris, 2014.

Everything Is Broken -- Quinn Norton, 2014. Available in French.

Most of us have nothing to hide but we all have something to lose -- Tommy Collison, 2014.

I need privacy, not because my actions are questionable, but because your judgement and intentions are -- u/starrywisdomofficial (alledgelly)

Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. -- Bruce Schneier, The Eternal Value of Privacy, 2006.

Why Privacy Matters Even if You Have Nothing to Hide -- Daniel J. Solove, 2011.

Looking at the materials described above, there are three things we should try to protect at all costs:

  • The data security itself. You don't want your data falling into the wrong hands;
  • The trust in the network. You want to be sure you're talking to the right person;
  • The confidentiality of exchanges. You don't want everyone to know who you've been talking to.

Funnily enough, the US has an anagram, for this (NSA1 was already taken): C.I.A. which stand for Confidentiality, Integrity and Availability of data.

Software I use

My privacy-focused tools are chosen primarily on the basis of security features, with an additional emphasis on decentralised and open source tools. They are applicable to a variety of threat models, from protecting against global mass surveillance programmes to avoiding big tech companies to mitigating attacks, but only you can determine what works best for your needs2. Balancing security, privacy and usability is one of the first and most difficult tasks we face on our privacy journey. Security, in particular, is a process rather than a product, and there is a trade-off: the more secure something is, the more restrictive or inconvenient it usually is. I suggest you familiarise yourself with the concept of threat modeling3 before making your own decisions.

  • What do I want to protect?
  • Who do I want to protect it from?
  • How likely is it that I will need to protect it?
  • How bad are the consequences if I fail?
  • How much trouble am I willing to go through to try to prevent potential consequences?

Once you've completed this assessment, you're free to choose the software that seems most appropriate for your specific use case.


Mobile Web Browsers

See a Browser Comparison Table by DivestOS to understand the key differences between all the mobile browsers available for Android.

Mull for Android

Mull browser logo

Mull is a Gecko based privacy hardened fork of Firefox developed by DivestOS, with proprietary blobs removed. It enables many features upstreamed by the Tor uplift project using preferences from the arkenfox user.js project.

Warning: Firefox-based browsers on Android lack per-site process isolation.

Cromite for Android (Chromium based)

Cromite browser logo

Cromite is a Chromium fork based on Bromite with built-in support for ad blocking and an eye for privacy.


Desktop Web Browsers

Firefox

Firefox browser logo

Firefox, Open Source, independent browser. It requires some hardening and tweaking using preferences from the arkenfox user.js project to achieve better privacy.

Tor Browser

Tor browser logo

Tor Browser defends against surveillance by preventing anyone monitoring a user's connection from knowing what websites they visit. Blocks trackers by isolating each website visited so that third-party trackers and ads can't follow. Resists fingerprinting by making all users look the same, making it difficult to be fingerprint users based on their browser and device information. Multi-layered encryption, the traffic is relayed and encrypted three times as it passes over the Tor network.


Web Browser Extension

I follow Arkenfox's position which recommends keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you stand out, and weaken site isolation. Therefore, I only use uBlock Origin.

uBlock Origin logo

uBlock Origin is an addon to Firefox (mobile) and Chrome/Chromium (desktop). It blocks ads, trackers and malware sites while conserving CPU and memory. Please read about what the addon does before installing, then choose one of the recommended modes to increase your privacy. If you don't understand what you're doing you could end up compromising your privacy.

In addition to the various blocklists that come pre-installed with the addon, I specifically use the Seb Sauvage DNS Block List, which comes in various formats:

Email Services

The two providers I have been long using - Mailfence since 2016 - support PGP/GnuPG and 2FA, custom domain names and aliases, are privacy-friendly. See Key disclosure laws for Belgium and Germany, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement.

Mailfence

Mailfence logo

Mailfence is an email services based in Belgium
About // Privacy policy // Transparency report

Mailbox

Mailbox.org logo

Mailbox.org is based in Germany
About // Privacy policy // Transparency report

Email Clients

Thunderbird

Thunderbir logo

Thunderbird is a free, open-source, cross-platform email, newsgroup, news feed, and chat (XMPP, IRC, Matrix) client developed by the Thunderbird community, and previously by the Mozilla Foundation.

GNOME Evolution

Gnome Evolution logo

Evolution is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive documentation to help you get started.

Fairemail (Android)

Fairemail logo

Fairemail is a fully-featured and easy mail client for Android, open-source email app, using open standards (IMAP, SMTP, OpenPGP). Supports unlimited accounts and email addresses with the option for a unified inbox. Clean user interface, with a dark mode option, it is also very lightweight and consumes minimal data usage

Encryption Tools

GnuPG/OpenPGP

GnuPG logo

Tools for signing, verifying, encrypting and decrypting text and files using GnuPG standard

GNU Privacy Guard (GnuPG) is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF specification of OpenPGP. The GnuPG project has been working on an updated draft in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major funding from the German government.

OpenKeychain (Android)

Openkeychain logo

OpenKeychain is one of the very few an Android implementation of GnuPG/OpenPGP. It works flawlessly with mail clients such as K-9 Mail and FairEmail in providing encryption support.

Veracrypt

Veracrypt logo

Veracrypt is a free open source disk encryption software for Windows, macOS and Linux. You can use it to either encrypt a specific file or directory, or an entire disk or partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption options, yet the GUI makes it easy to use. It has a CLI version, and a portable edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt

LUKS

LUKS logo

Linux Unified Key Setup (LUKS) is the default full disk encryption in Linux using dm-crypt. Securing a root file system is where dm-crypt excels, feature and performance-wise. Unlike selectively encrypting non-root file systems, an encrypted root file system can conceal information such as which programs are installed, the usernames of all user accounts, and common data-leakage vectors such as mlocate and /var/log/. Furthermore, an encrypted root file system makes tampering with the system far more difficult, as everything except the boot loader and (usually) the kernel is encrypted. I use LVM on LUKS with Arch Linux.

Password Management

KeypassXC

KeepassXC logo

KeepassXC is a hardened, secure and offline password manager. Does not have cloud-sync baked in, deemed to be gold standard for secure password managers.

KeypassDX (Android)

KeepassDX logo

KeepassDX is the Android client.

Search Engines

Startpage

Startpage logo

Startpage is a private search engine. One of Startpage's unique features is the anonymous view, which puts forth efforts to standardize user activity to make it more difficult to be uniquely identified. The feature can be useful for hiding some network and browser properties. Unlike the name suggests, the feature should not be relied upon for anonymity.

Warning: Startpage's majority shareholder is System1 who is an adtech company although they have a distinctly separate privacy policy.

SearchXNG

SearXNG logo

SearXNG is a metasearch engine that aggregates the results of other search engines while not storing any information itself. You can either self-host or use any of the multiple public instances of SearXNG.

I use searx.envs.net.

VPN Service

Mullvad logo

Mullvad is a Swedish based VPN provider that retains no logs, and uses a mostly open source and transparent infrastructure available to the public. Mullvad is one of the best for privacy, they have a totally anonymous sign up process, you don't need to provide any details at all, you can choose to pay anonymously too with Monero, BTC or cash.

Collaborative Tools

Nextcloud

Nextcloud logo

Nextcloud is is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. It's a feature-rich productivity platform, that can be used to backup and selectively sync encrypted files and folders between 1 or more clients. A key benefit the wide range of plug-ins in the NextCloud App Store, maintained by the community.

Cryptpad

Cryptpad logo

Cryptpad is a zero knowledge cloud productivity suite, alternative to popular office tools. All content is end-to-end encrypted (E2EE)4 and can be shared with other users easily. Provides Rich Text, Presentations, Spreadsheets, Kanban, Paint a code editor and file drive. All content is encrypted by default and can be accessed with specific URL. CryptPad is entirely web-based ans works in any browser, desktop and mobile. You can use their web service, or you can host your own instance.

LibreOffice

LibreOffice logo

LibreOffice is a free and open-source office suite with extensive functionality.

Send

Send logo

Send is a fork of Mozilla's Firefox Send that Mozilla discontinued. It's actively maintained. Self-host or public instances including the maintainer own public instance.

PrivateBin

PrivateBin logo

Privatebin self-hosted and public instances is minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

Real-Time Communication

Signal (centralized)

Signal logo

Signal has developed what's become the Gold Standard in message encryption. Developed by Signal Messenger LLC. The app provides instant messaging and calls secured with the Signal Protocol, an extremely secure encryption protocol which supports forward secrecy and post-compromise security.

Warning: requires a phone number for registration

Element/Matrix (decentralized)

Element logo

Element is the reference client for the Matrix protocol, an open standard for secure decentralized real-time communication.

Messages and files shared in private rooms (those which require an invite) are by default E2EE as are one to one voice and video calls.

Warning: No PFS (Perfect Forward Secrecy) and metadata-chatty


Sources:


  1. The US National Security Agency ↩︎

  2. Privacy Tools recommendations by privacyguides.org ↩︎

  3. A threat model is a list of the most probable threats to your security and privacy endeavors PrivacyGuides ↩︎

  4. End-to-end encryption - Wikipedia ↩︎