With both governments and corporate entities trampling over the privacy rights of people throughout much of the world, choosing the right privacy tools is now more important than ever.
Why should you be using privacy tools in the digital age?
Let us answer this question by examining a few trends:
- Global surveillance – mass surveillance technology continues to strengthen and expand around the world – particularly in the United States, United Kingdom, Australia, and other Western countries. (See also the Five Eyes, Nine Eyes & 14 Eyes surveillance alliances.) This trend continues on, regardless of which political party is in office.
- ISP Spying – Internet providers often record connection times, metadata, and DNS requests, which gives them every website you visit (unless you’re using a good VPN). In many countries, this is not only legal, but required. See for example in the United Kingdom (with the Investigatory Powers Act), United States (Senate Joint Resolution 34), and now also in Australia (mandatory data retention). A VPN is now essential protection against your internet provider if you want to retain a basic level of online privacy.
- Censorship – The internet is also becoming less free due to censorship efforts and content blocking. Whether it is China, Germany, or the United Kingdom, authorities are working hard to censor content online. This is particularly the case in Europe. The UK is now considering 15 year jail sentences for people who view “offensive” websites.
- Malicious ads & tracking – Websites are increasingly hosting invasive advertisements that also function as tracking. Pop-ups and dangerous “click-bait” ads can also deliver malware and take your device over for ransom (ransomware). Malicious ads, which are delivered through third party ad networks, can even be hosted on major websites.
While the trends are alarming, there are relatively simple solutions to restore both your privacy and security.
But before we begin, one key consideration is your threat model. How much privacy and security do you need given your unique situation and the adversaries you may face?
Many people, such as every day internet surfers, are seeking protection against advanced tracking online through advertising networks as well as a higher level of online anonymity and security. Others, such as investigative journalists working with sensitive information, would likely opt for an even higher level of protection.
Here are some privacy and security tools to get you started.
Privacy Tools
Secure and privacy-friendly browser
Everyone needs to be using a secure and privacy-friendly browser for three important reasons:
- Browsers have a large attack surface and can be compromised in many ways.
- By default, most browser will contain lots of private information, including your browsing history, usernames, passwords, and autofill information, such as your name, address, etc.
- Browsers can reveal lots of identifying information about your location, system settings, hardware, and much more, which can be used to identify you through browser fingerprinting.
Secure Browsers: Based on my own tests and experience, here are the eight most secure browsers that will keep your data safe:
- Firefox (modified) – Firefox is a great browser for both privacy and security after doing some modifications. It is highly customizable to give you the level of security and privacy you desire, while also being compatible with many browser extensions. See my guide on how to modify Firefox for more privacy.
- Iridium – Iridium is a Chromium-based browser configured for privacy, with the source code published on Github. It might be a good option if you need a Chromium browser (don’t use Chrome).
- Gnu IceCat – GNU IceCat is another fork of Firefox, created by the people at the GNU free software project. IceCat meets the definition of “free software” and it also includes some privacy add-ons and tweaks by default.
- Tor browser – The Tor browser is hardened version of Firefox that also utilizes the Tor network by default (but this can be disabled). It should be noted that Tor was created by the US military and continues to be funded by the US government today. (See the in-depth Tor guide for more details.)
- Ungoogled Chromium – As the name suggests, Ungoogled Chromium is a stripped-down Chromium browser that has been “Ungoogled” for more privacy. Source code is here.
- Waterfox – Waterfox is a fork of Firefox, with telemetry and other items stripped out to give users more privacy. Among the different Firefox forks, it is one of the most popular.
- Brave – Brave is a chromium-based browser that is very privacy-focused right out of the box, unlike Firefox, which requires some customization. By default, it will block ads and trackers, and it’s also customizable, fast, and has built-in protection against browser fingerprinting.
- Pale Moon – Like Waterfox, Pale Moon is also a fork of Firefox. Although Pale Moon is customizable, it also feels a bit dated and runs on the Goanna engine (a fork of Firefox’s Gecko).
Of course, there are many browsers on the market and choosing the best one all comes down to your own needs and tastes. Chrome, Opera, Safari, and Vivaldi also get some attention, but they’re not the best choices from a privacy standpoint.
Browser add-ons worth considering – As discussed in the Firefox privacy guide, here are a few good browser add-ons that may be worth considering:
- uBlock Origin – A powerful blocker for advertisements and tracking.
- HTTPS Everywhere – This forces an HTTPS connection with the sites you visit.
- Decentraleyes – Protects against third-party tracking via content delivery networks (CDNs).
- Cookie AutoDelete – Deletes those unwanted tracking cookies.
- Privacy Badger – Another add-on from the Electronic Frontier Foundation, Privacy Badger blocks spying ads and trackers.
- uMatrix – While this may be overkill for many users, this powerful add-on gives you control over requests that may be tracking you on various websites.
- NoScript – This is a script blocker that allows you to control which scripts run on the sites you visit.
Worth mentioning: Don’t use a browser-based password manager, which will store your usernames and passwords in plaintext, thereby leaving them vulnerable to exploitation (discussed more below).
Virtual Private Network (VPN)
Using a good VPN (virtual private network) is one of the simplest and most effective ways to protect your privacy, secure your devices, and also access blocked/censored content online. A VPN is a critical tool with a growing number of cybersecurity threats, particularly targeted hacking of public WiFi users.
VPNs can range in price from $3.49 per month (NordVPN) up to $6.67 per month (ExpressVPN), and in some cases even more. When you purchase a VPN subscription you will be able to use the VPN on various operating systems and devices, from computers and tablets to phones and routers.
After testing and researching dozens of different VPN providers, here are what I consider to be the best VPN services (all based in privacy-friendly jurisdictions):
$6.67
(49% discount)
(30 day refund)
Review
(ExpressVPN)
€8.95
(7 day refund)
Review
(Perfect Privacy)
$3.49
(70% discount)
(30 day refund)
Review
(NordVPN)
$4.92
(7 day refund)
Review
(VPNArea)
$4.80
(7 day refund)
Review
(VPN.ac)
Keep in mind, the “best VPN” will likely vary for each person depending on your own unique needs and circumstances. And if you are new to VPNs, see my guide explaining everything you can do with a VPN.
Advertisement, tracking, and malware blocker
A good ad blocker is essential for privacy and security reasons. From a privacy perspective, it’s important to block ads because they also function as tracking by recording your online activity to create an intimate user profile, which is used for targeted ads. Ads are also risky from a security perspective because they are often malicious and can infect your device when a web page loads – no clicks required.
Effectively blocking all ads is the only way to go. Here are a few different options from the ad blocker guide:
- Browser ad blocker extensions – Browser-based ad blocker extensions, such as uBlock Origin are quite popular, but they also come with some tradeoffs. Online ads may still be using up resources and tracking you, even if the ads are not being displayed. Choose your ad blocker carefully – some ad blockers, such as Ghostery and Adblock Plus will collect user data for profit and/or show you “approved” ads.
- Ad blocker apps – A dedicated app will most likely do a very good job blocking ads on your device. One popular and well-regarded option is AdGuard.
- VPN ad blocker – Another option is to use a VPN that offers an ad blocking feature (VPN ad blocker). I tested various options for the VPN ad blocker guide and found Perfect Privacy to perform the best.
- Ad blocking on a router – Ad blocking on a router can be accomplished various ways – from using ad blocking DNS to loading custom filter lists onto your router.
- Pi-hole – Pi-hole is a network-wide ad blocker that functions as a DNS server and can be deployed in various ways. It is most often used on a Raspberry Pi, connected to your home router (but there are many other different setup options).
The best ad blocking setup will depend on your situation and needs. If you have numerous devices you use at home, setting up a network-wide ad blocker would be a good solution for blanket protection. uBlock Origin remains a popular option for browser-based ad blockers. I find Perfect Privacy’s TrackStop filters to also work the best.
Password manager
The topic of passwords is actually quite large, encompassing password strength, password management, and password storage. In this section we’ll focus on password management and storage. Many people store passwords in the web browser, but this is risky because your passwords could be hacked by third parties, since they are stored in cleartext. Instead, you would be better off using a dedicated password manager.
Best password managers:
- KeePass – KeePass is a free, open source password manager that stores all passwords locally, which are secured with a master key or key file. I like KeePass because it can still be used with different browsers through official extensions or plugins, and it works will with Firefox (see Kee).
- LessPass – LessPass is also a free and open source password manager that generates unique and secure passwords for you. LessPass can be used through browser extensions, see their site for more details.
- Bitwarden – Bitwarden is another great open source password manager that is secure and easy to use. Bitwarden supports all major operating systems and browsers.
Secure messaging apps
Secure messaging apps are a great alternative to email, which has numerous inherent flaws and vulnerabilities. The secure messaging apps below utilize strong encryption standards and work well for teams or individual use on various operating systems and devices.
Private search engine
The big search engines (Google, Yahoo, Bing) record and track your searches, which helps them to build a user profile for their advertising partners. Consider these alternatives instead:
- Searx – A very privacy-friendly and versatile metasearch engine.
- Qwant – A private search engine based in France.
- DuckDuckGo – This is a great privacy-friendly Google alternative that doesn’t utilize tracking or targeted ads. They also have a zero-sharing policy with other features, but they do record search terms.
- StartPage – StartPage gives you Google search results, but without the tracking.
- Metager – A private search engine based in Germany.
For more information, see the guide on private search engines.
Private Email
Many of the popular email providers, such as Gmail, Yahoo, and iCloud are not good choices when it comes to privacy. Would you want random people having full access to your emails, collecting data to for targeted ads, or passing the information on to third parties? If the answer to any of those questions is no, then you need to look for a private and secure email provider.
Here are some of the best private email services:
Email Service
Storage
Price/mo.
Website
20 GB+
€1.00
(Free to 1 GB)
Up to 20 GB
€2.50
(Free to 500 MB)
Up to 20 GB
€1.00
Up to 20 GB
$5.00
Up to 25 GB
$1.66
50 GB+
€1.00
4 GB+
$4.00
(Free 1 week trial)
2 GB+
€4.41
Up to 20 GB
€4.00
(Free to 500 MB)
Up to 100 GB
$1.95
Secure/encrypted router (with a VPN)
If you’re looking for a relatively simple way to secure your entire home network and all devices, a VPN on a router is an excellent option. A good VPN router will:
- extend the benefits of a VPN to all your devices without installing software
- protect your data from third-party snooping, such as from your internet provider
- secure your home network against attacks, hacking, and spying
- unlock the entire internet, allowing you to get around geographic restrictions, blocks, and censorship
The only brand that currently offers a large selection VPN-enabled routers is Asus. The default Asus firmware, which is called ASUSWRT, supports OpenVPN, PPTP, and L2TP, right out of the box (no flashing required).
When choosing a router, the biggest consideration is processing power (CPU). Running a VPN on a router is a very CPU-intensive task requiring the router to process lots of encrypted data. For these reasons, it’s typically good to go with a router that’s at least 800 Mhz or more.
For an in-depth overview of all the different VPN router options, see this VPN router guide.
Firewall and Network Monitor
Using a third-party firewall and network monitor is a good way to see what connections are being made by various apps in the background on your operating system. These apps can affect your privacy when they “phone home” to send third parties various data from your operating system. With Windows and Mac OS, for example, there are many applications that are connecting to various servers and sending data.
Here are a few good options worth considering:
GlassWire – GlassWire describes itself as a “network monitor & security tool with a built in firewall.” GlassWire offers a free Android app and a paid Windows app. The GlassWire Android app is purely a network monitor with no blocking features. However, the Windows app offers more features and full blocking capability.
Little Snitch – Similar to GlassWire, Little Snitch also gives you the ability to monitor all connections going through your Firewall. Little Snitch is only available for Mac OS, but it provides many different features and blocking options. It also has a feature to show you the geographic location different apps are connecting to. Check out Little Snitch here.
Operating system
Consider using the free and open source Linux operating system. There are many different versions of the Linux operating system designed for different types of users:
- If you want the look and feel of Mac OS or Windows, check out Elementary OS.
- Ubuntu and Mint are two other popular options.
Tails is another privacy-focused operating system that can be run live on a USB drive, CD, or SD card.
Problems with Windows and Mac OS
Windows – The latest version of Windows (Windows 10) is a platform built for total surveillance – giving corporations and governments complete access to everything you do on your machine. Aside from data collection concerns, most malware targets Windows users – another serious drawback and security risk.
Mac OS – While Apple may be slightly better in terms of privacy, it too has problems. Just like Microsoft, Apple has configured its operating systems to collect vast amounts of your private data, whether it is browsing history through Safari, connection data, location services, and more.
Antivirus software
While not necessarily a “privacy” tool, using good antivirus software is a necessary and critical step. After all, privacy is meaningless without security. The problem, however, is that many antivirus solutions abuse your privacy and may come with some invasive and “unwanted” additions.
Just like with sketchy free VPN services, free antivirus software can also be problematic. In testing eight popular free antivirus suites, Emsisoft discovered that seven of them were bundled with PUPs (potentially unwanted programs), which can be harmful and very annoying. Tip: avoid free antivirus software!
Another major issue is privacy. Many popular antivirus suites utilize invasive data collection, to include browsing history, “suspicious” files, metadata, and more. Carefully read through the privacy policy of your antivirus before installing.
Although Restore Privacy does not devote much attention to antivirus software, one solution that offers the highest levels of security (excellent ratings) while also respecting user privacy is Emsisoft. Another potentially good option, which is entirely FOSS, is Clam AV.
See also the antivirus privacy guide.
Restore your privacy
That’s all for now, although this guide will continue to be updated with more privacy tools and information.
Comments?
If you have any feedback, tips, or suggestions based on privacy and security tools you are using, feel free to drop a comment below!
Hi Sven Taylor,
Thank you for this article. I always find the information you provide to be very enlightening and helpful.
I was wondering if you have any suggestions for a privacy-conscious calling app for Android that would serve as a secondary phone number so i would not need to give out my real phone number.
I came across an app a few months ago but unfortunately i flashed my phone and i did not have a backup of that app and of course I can’t recall what it was called.
That app allowed me to choose a phone number starting with area codes f my choosing and it allowed me to make and receive both phone calls and text messages just like a normal phone number. The first 30 days were for free but then you would have to pay for a subscription which was not expensive.
I would appreciate it if you can suggest an app that does the same.
Thanks
Hi Oleg, you might check out Line2, which I’ve used and it works well. Other options include VOIP.ms and also OpenPhone. For privacy, you can also use a fictitious name and pay with a virtual card through privacy.com, which allows you to use a fictitious name and address.
Hey all !
A Worldwide Survey of Encryption Products (yes from 2016), but it’s something I’v not seen altogether broken down by country and OS amongst other categories.
You seen ???
“In 1999, a group of researchers from George Washington University attempted to survey the worldwide market for encryption products [HB+99]. The impetus for their survey was the ongoing debate about US encryption export controls.
By collecting information about 805 hardware and software encryption products from 35 countries outside the US, the researchers showed that restricting the export of encryption products did nothing to reduce their availability maround the world, while at the same time putting US companies at a competitive disadvantage in the information security market.
Seventeen years later, we have tried to replicate this survey.”
https://www.wired.com/wp-content/uploads/2016/02/A-Worldwide-Survey-of-Encryption-Products.pdf
EX: just a part of the listed
Germany—112
United States—304
Netherlands—19
Romania—4
Australia—21
–
See what your country had/has to offer.
Related ?
CRYPTOGRAPHY AND LIBERTY 1998
AN INTERNATIONAL SURVEY OF ENCRYPTION POLICY
http://gilc.org/crypto/crypto-survey.html
2019 CIGI-Ipsos Global Survey on Internet Security and Trust
https://www.cigionline.org/internet-survey-2019
for privacy messenger
may u should have a look on briar.
https://briarproject.org/
– decentralised
– uses the tor network
– fully end2end
– open source
plz. dont recommend Privacy Badger
it can be used to get fingerprinted
best regards
Awesome advice, can I ask for a review or recommended options on personal privacy such as personal files, IP on corporate computers. How to setup and protect yourself from big brother too ? Possible ?
Hi scollops
You’ve asked a lot without giving specifics of Operating system(s), device(s), etc…
Sven’s got pages of good stuff and to telling the dangers of being online.
Helpful guides and articles (I take from his own experience) in his use, testing, researching and exploring this field that’s a big loss to us in it’s vast knowledge to understand.
There’s to much lead-way in each’s own scenario for him to be specific to anyone personally unless it touches close to home for him, as he’s been there.
Thanks….just trying to get a handle on where to start Mac mainly then MS laptop. Really about personal files and IP. Protecting especially when you forget to remove your IP..i.get the whole policy and company line. But oddly doesn’t work both ways. Anyway good to learn also for home as a Mac user.
Hello scollops,
Surely it would began within the devices foundation you’d set. Any order you’d want in your research and implementation.
A/My devices Strong Foundation:
– Hardened OS. (Root access if possible)
– Third party FireWall. (Firewall that blocks everything’s contact to the web by default, and the first time anything tries to enter or leave your system, your alerted (pop-up) to set an action for it from that point onward regarding it’s role in your devices setup.
– VPN service. (Hides your true location and encrypts all your devices generated traffic – installed to the system / because browser extension(s) VPN’s ARE NOT CAPABLE OF THE SAME FUNCTIONS Device Wide or simply their being offered as a watered down version to mimic a real VPN’s functions.
– Private Secure Browser /W/ Private Search Engine. (Separate programs and Working in Tandem when going online).
– Ad blocker. (Install to the system, some do their work in blocking online ads, but also on your installed apps that display ads too when opened and ran on the system. Kudos for the ones (Ad Blockers) offering advanced settings that dials into the specifics of your devices privacy – Ex: hides search queries, strips tracking parameters, hides your user agent, hides your IP address, etc, etc…).
– Password Manager. (Besides securely storing passwords and other personal and accounts info [locally is my preference/never trusted cloud storage]. CS is basically for syncing same info to multiple devices you own and that would go online.
Password Managers are capable of your longer stronger passwords generation than the average person would normally use and retain on their own).
– Secure email /W/ Secure Messenger. (Separate programs again – Look to them offering end-to-end encryption of your data for a true zero-access provider. That would be the encryption happens locally on the device (browser – app) and it’s done (only with access) from the users end to decrypting said data / and never the only encryption offered is to happen on the servers end. ‘Employees and the company partners’ then may very well have access to the servers decryption key and then to accessing your data.
.
Todays Best Secure Email Providers
https://restoreprivacy.com/secure-email
Some there may offer a full office suite to alleviate your need for a separate program to share your personal files. If your needing a cloud file service for uploading files so people can download them, then look at comments on Alternatives to Google Products – the Complete List (2019)
https://restoreprivacy.com/google-alternatives/
.
Hell I could go on and on, least I’d try the outline I’ve given above. I’ve not named any specific programs here. Then I can’t really see that if any applications redundancy of the the others in your basic foundation (system armor) you’d set harming you. Systems and associated hardware are beefier than early units, so redundancy with regards to system resources not an issue.
SCROLL DOWN to the first comment left here for helpful Windows information – and then up a few for other info. too – yes most will be my comments.
Mac – not a lot to offer as Apple – well you know doesn’t want you melding there.
https://restoreprivacy.com/vpn-for-mac/
– – – If you’ve a small footprint web wise (devices -or-
accounts) I’d not link any of them to a same online account by an IP address. VPN services do allow for multiple devices use on one account – set your other devices to another servers location to change it’s reflected IP address.
As well as not letting all our devices sink to/from cloud services – keep it (your data) stored locally on the device, and update them (all devices) yourself. By coping contents of folders or the folders tree themselves to the other like folders of a same program installed on your other devices.
Hope this helps and your welcome : )
Why isn’t EteSync ( https://www.etesync.com ) on this list?
It’s the only secure contacts, calendars and tasks solution out there…
Hi Jess.
Just a few points:
-Sven’s just one man running the site that has grown in new content, and still has to be updated in the existing already covered guides and articles. (Sounds like I know him, guaranteed I don’t), BUT HE HAS A GOOD WELL as we’ve talked some over his Secure Communication Center here-
https://restoreprivacy.com/secure-communication-center/
-It takes people like you to give all readers a heads up here on the RestorePrivacy site or by making contact by the link above ^ to Sven.
.
He as I (*this I believe), quest for only clients and server(s) to be ran on an open source(d) code base. *Term ‘- open source’ refers to something (code in this case), where people can modify and share their results because of its design, (the code) is publicly accessible.
*Then being offered at it’s foundation (server) – a hardened Linux installation, updates in patching any vulnerabilities as they become known, using safety mechanisms like TLS, CSPA, HSTS and in making sure to disable their weak ciphers.
*Then the encryption being used of an account, is in a way that only the USER (ends) and not it’s SERVER have access to your stored data’s information. Unfortunately, most of the communication services we can use are not end-to-end encrypted.
.
While any strong assurances of privacy, encryption and safety for your personal information are thrown out and about by different programs/services on the web.
STOP and consider that data (yours), is being kept (stored) in someone else server(s). Especially, in a case where the server synchronizes the users data with an app/device – any one ! in the chain are vulnerable to get hacked, or a government forces the hosting provider to hand over their server.
– – Anyone give thoughts to – of, that in ten years (or less) up the road THIS AGE of encryption may be broken !!! In Ten years I’ll bet your still alive – to what wide repercussions if today’s encryption gets broken? Your in life?
Remember the server back-ups and the fact that your not controlling the server – you’ll simply have no ideal to the copy and back-up counts made on said server containing your data… When the account is deleted spelled out time when all your generated data is totally deleted?
Point I make, wouldn’t double or triple encryption of data be something for a communications programs/services to look at for storing any users data. Servers encryption, then users encryption twice of TWO separate passwords/paraphrases or keys.
.
-I don’t find info. to when ‘EteSync’ was founded except ‘Posted on Wed 05 April 2017’ here-
https://stosb.com/blog/introducing-etesync/
Looks like a nice find on the surface Sir.
“EteSync is a journaled end-to-end encrypted contacts and calendar provider for Android and the desktop. Or to put it more plainly, it’s an app that backs up and syncs your contacts and calendars across devices and to the cloud in a secure way while maintaining a full history of the changes.
Our servers are located in Austria and are hosted by EDIS, so our server is safe, but the beauty of EteSync is that you don’t need to trust the server.”
– – -Botom line:
How’s the EteSync TOS and PP read?
How’s Austria’s privacy policy as a country in Central Europe comprising nine federated states?
Journaled – your data’s full change history in a secure way while maintaining a complete history of your changes both locally, and securely on our servers – – “”may be a handicap to some if they can’t control the time set – ex: 2 year max versa forever as account remains open.””
It’s not only your money but data given up by you. When you delete your data and then would delete your account – what assurances do you get – that you indeed owned the data ON the server used to store and/or back-up the said data. Proof and guaranties are just words in that all the copies and back ups will get deleted as well…
Tom from EteSync here.
Not sure I understand what you are saying, but just wanted to clarify a few topics that weren’t clear from your comment.
1. You were talking about having both the client and the server open source. Almost none of the recommended tools above satisfy this requirement, so no idea why you said it. With that being said, EteSync *IS* open source, client and server.
2. We obviously patch our servers all the time and maintain them.
3. EteSync is end-to-end encrypted, it says that on the home page.
4. Your data is not encrypted on the EteSync servers, only the end-to-end encrypted data, which we can’t access. We use strong encryption, if it’s ever cracked (like you suggested), every service above would be vulnerable, not just EteSync.
5. If the above point is still a risk for you, you can just self-host: everything is open source.
6. EteSync was released around March 2017. The blog post you mentioned is my public announcement post. You can also see all of the source on github to see when code was originally pushed.
7. TOS and PP: very simple and legible, less than a page long. Have a read.
8. Austria is probably better than Germany and Switzerland nowadays.
Thanks for your comment, and I hope this answers some of your questions and clarifies things.
Hi Tom, thanks for stopping by and clarifying things.
Hello Tom from EteSync,
No I got a way of doing things that suites me, so sorry if I’m hard to follow.
I did give EteSync a thumbs up here just for whats in print and for the direction in a mission it has.
Couldn’t you tell by my words…
.
Basically in answering to Jess, as why not every good, worthy, and related privacy/security application/service isn’t listed somewhere herein, and where Sven’s time (I’VE SEEN) has been utilized for the site.
As well, I had thrown out some flags for people to look for in anyone’s research of the service/app (yours – or any other).
.
The ‘quest’ part is just a longing for everyone who is connected to the web in some fashion, and that be as you’ve done and confirmed by your reply in the #1 and #2 answers. Hey you might be the first on the site to offer this – to the user.
I’d have that in the first paragraph of anything printed about EteSync.
Besides in the section topic above all listed in the article are not offering their client and the server as open source that your right on this.
Sven should add note of that feature if their offered.
I can only say, if Sven’s the time to test yours – you might be listed on the site.
– Glad to see you’ve tied up some loose ends for me by your answers.
Though in #4 answer it mentions ” Your data is not encrypted on the EteSync servers”.
* What of the users/account holders data does the non-encrypted data consist of /and/or about the account / then it’s owner?
* As for offering the service/app on a fee basics – how else does EteSync support itself ? Worthy of an answer…
** Do you ever see (at present) EteSync to becoming a full fledged communication platform as an email service.
Thanks and greetings Sir
What do you think of the new ‘sign in with apple’ feature?
I wouldn’t use it, because Apple.
Did anyone test this secure message app: https://www.goldenfrog.com/cyphr ?
They are from the same company as VyprVPN, so maybe it is not a bad option…
Hello,
First, thank you for sharing your knowledge and making our life more private.
Have you already heard of dissenter browser? Currently, it’s a fork of Brave, but built for people. If I am not mistaken, he removed Brave rewards and add his dissenter extension that is focus on free speech.
I’ve heard of it, but have not tested/used it.
Hey Sven and readers,
Had some deep thoughts today that I didn’t like in what I could imagine happening.
But usually I can also see a silver-lining to any darkness I envision.
That silver-lining, would need to be a global entity of some form of a governing body grounded on and with a foundation of global personal user internet privacy laws that has some teeth enforcement’s action.
If you’d think about it we as governments and nations have rules and laws within our own borders for just about anybody on anything.
.
As mankind advances in life with technology we loose our borders, that it opens up our lands and people to be victims of lawless enforceable actions as it mostly stands now.
We’ve seen or herd of nations going after nations (it’s people-interstructure-elections) using the internet.
Then you have the representation of other nations within a host country where a special revisions of it’s own laws are given making them useless to enforcement to these visitors.
[Kind of like the internet it’s happening to be border-less crime that hits a country]
Stop – picture this, land and water touches somewhere there are borders – laws usually change crossing that physical boundary into the other.
Now – think of the internet as air, a vast ocean, even electricity of a small sense to strength/power/grand or in other words something to big for any one nation to police on it’s own.
Just as we join alliances in time of wars, friendly nations need to join and sponsor a global eninity foundation of personal user internet privacy laws. As we keep budgets for troops and war machinery so to a nation needs to budget for global internet defense.
.
Some dark future thoughts:
Big tech (you know them) all come out with the new wave virtual personal assistants.
You are now able to do everything from your assigned virtual personal assistant (think of your shadow with an ID or in USA your SSN).
So all the new devices, apps and software/firmware versions are now designed to use your assigned virtual personal assistant or you don’t have an electric identity or worst outlet to interact on the web.
– A nations government steps in and uses this “taps” the wealth of new information down to (.) in com you type.
Now in short time – this virtual personal assistant technology has ability to track groups of devices, people, auto’s, purchases down to the last 10 seconds.
Then can disable any electric device connected to the internet, able to turn it on or off at that moment or simply once it had been tracked within the hour. (good and bad use here)!
.
In US you know of traffic light cams for red light runners.
What if you thought your neighbor had just got some kind of security severance service as you’d seen the worker install a couple cameras.
Then you come to know it’s making them money every month – as it’s scans and monitors the neighborhood.
– If you’d get on some high value list I could see this happening (advertising co. – prospect for CEO or like job), even like with a crime stopper program in rough neighborhoods – where every other house is scanning all the time.
To many more dark thoughts !
Any merit to worry yet ?
Hi, Sven
What do youu think about “the next gen VPN”:
[https://impulse.com/sdp/]
I’d stick with OpenVPN as it has been thoroughly audited and proven over many years (safe and secure).
Hi Sven,
I wonder why the Epic Privacy Browser for desktop didn’t meet your ranking.
They are coming out soon with an android version.
Regards,
That’s discussed in the secure browser guide.
I wonder why Telegram (encrypted) app isn’t under “Secure messaging app”. Have you tried it and what are you thoughts on it?
Hey John, yep, that’s a good option too, I’ll add it with the next update.
How would you rate Qubes OS ?
For those of us who have to use Windows for Adobe CC, a future article suggestion: “How to keep Windows 10 from spying on you” (apart from not using it, of course 🙂
Quick answer: Download Virtualbox (free and open source) and run Windows inside a virtual machine. You can use Windows 10 for free and you never have to register it. (I do this for testing software.)
According to Adobe, CC with an individual license will not work with a virtual machine. PlayOnLinux no longer works, Crossover doesn’t work. Wine never works with anything. If Adobe would only make a Linux version (go here and vote!: https://adobe-video.uservoice.com/forums/911233-premiere-pro/suggestions/36257581-yes-please-support-linux-this-would-be-a-huge-m) then I think Linux might well get a lot more users seemingly overnight. Perhaps they have a deal with Microsoft . . . ? So anyway, unless I’m mistaken (which is entirely possible–I’d love to be wrong about this!) I’m pretty sure that CC users are stuck with Windows 10, at least for the moment.
I don’t believe that will ever happen. This kind of talk has been going on since Linux was introduced. If one’s intent is simply browsing the web, I’d agree.
There’s way too few Windows applications and sites eg. financial institutions, insurance plans, governments and so on that do not support Linus browsers.
Not many people know of Oracle’s Virtual machine. It’s not user-friendly whatsoever. In fact, it’s pretty darn complicated just to try to load your OS of choice and install an application. The website to find and choose the hyperlink is nothing short of frustrating.
I suppose the majority of people who would want to use that particular VM are the ones who live a complex life and have a similar mindset.
For a couple of months or so I’ve been trying Blokada ad blocker on my android phone. So far I’m really impressed. Recently, they even added VPN service (paid, but pretty affordable). Notably, for example, the battery life is SO Much improved! Mobile data usage is used for a much lower amount per month (killing ads obviously saves a lot of data). These guys are doing tremendous job, and quietly, without much fuss and bells. Hope they will develope a good privacy package. So far, so good!
Yeah, Bronco. I using blokada for a while and, I agree with you, but I would like what you guys tink. And you Sven Taylor, what you tink about Blokada? You know? Have tested?
Looks good. I have not tested it.
Hi Sven, I am blown away, but not really that surprised at all the comments/questions you’re receiving now on this topic. I just have a few as they relate to browsing confidentiality/releasing details and prevention.
I visited a site that lists all your devices (that name is part of the URL) including screen resolution, video card, OS and so, so much more. I was terribly shocked to see the results.
I opened up TorBrowser (as we know Tor is slow as molasses) and I can’t disable a la carte the encryption or settings to improve speeds. However, Tor browser blocked a LOT of the info which was revealed in Chrome. It blocked RAM quantity, Graphics Card Name / Driver and many more system details.
When I reviewed the info on screen, the test results indicated the info which was concealed was “blocked” by browser “extension”. Yet, I see no add-on in TorBrowser.
As such, I wonder if there’s an actual extension or means of blocking the system info which Tor blocked on Chrome or use another browser which is faster, but does the same in terms of blocking system details?
Hey there, this is a tricky issue, but there’s a lot you can do to improve browser fingerprinting. See my main guide on browser fingerprinting for more info.
Hi Sven,
I think you should add to this article suggested ad-blockers, AVs, VPNs etc for mobile users – ios and android. Reality is that most people today use mobiles predominantly.
He Bronco, thanks for the feedback.
What do you think of 1password as a password manager? I tried bitwarden, but 1password works so much better for me.
Did you use Bitwarden with the browser extensions? It works like a charm (for me at least). I have heard good things about 1password from a usability perspective, and it’s been around a while, but I have not tested it. Main drawbacks: closed source and expensive.
I think this extension should be included in the privacy kit, here’s why:
https://lifehacker.com/clean-up-urls-before-you-share-them-with-the-tracking-t-1826459457
Thanks for the article!
But i have one question, why do you choose for this article exactly this messengers? Signal is abandoned, Threema is not free and open source, and Wire isn’t free. On my phone i have Signal and recent Utopia beta next with telegram on my pc. It’s actually a lot of great private messengers over there, why you mention only 4?
Hey there, Wire messenger is 100% free for personal use, and I use it all the time (free plan). There are business plans, but you don’t need that unless you want to use the premium features. I do plan to update the guide with more options soon, and I’d also like to have a secure messenger guide up in the coming weeks. Riot is another option as well.
Telegram is not as secure as the company’s marketing campaigns might lead you to believe. I prefer Utopia ecosystem. I guess that in the near future this decentralized P2P app will completely replace Telegram. All my confidential data shared is safe via Utopia messenger.
In 2019 already the majority of VPN providers claim that they are not keeping logs at all. One question is sitting deep in my brain, how those providers are checking the maximum allowed devices / connections?!
Yeah that’s a convoluted question. There’s usually some form of authentication mechanism that authenticates active connections, ensuring an account does not go over, without logging anything to the server. The exact method of authentication varies with the VPN.
Hi everyone,
Any concerns about the Webroot Secure Anywhere product? It’s based in the US, so… Any reports of personal data misuse?
Thanks in advance,
Kimi.
I everyone,
Does anybody here have information about the ExpanDrive app? Any concerns on privacy leaks, personal information logging, and selling, etc.?
Is there any alternative to it?
Thanks in advance,
Kimi.
Given that Microsoft take most your data anyway, what are your thoughts on Windows 10 Defender as an AV solution. At least you are eliminating 1 additional (3rd party AV) company from the privacy feeding frenzy.
Yes, that’s actually not a bad choice.
Hi Sven,
Awesome blog. I appreciate the contents you publish.
One question: how safe are the aforementioned messengers, namely Signal, Wire and Threema? All of them use WebRTC/STUN, thus all leak your IP, right?
Is there any workaround?
Kindest regards.
Hi Kimi, I’m not certain about the use of WebRTC in messenger apps, but there shouldn’t be any issues with IP leaks if you are using the messenger app. Of course, this is very different from surfing the internet through a browser with WebRTC enabled, when a website you visit could hit your browser with STUN requests, so not really an issue.
Hi Sven, how are you? Need your opinion about the operating system issue.
Lately i’ve been worrying a lot about privacy, but still worry more about security. I use MacOS in my laptop but am considering changing to one of your suggestions. So, in terms of security, the Linux based systems are equal to/better than MacOS?
If not, do you think its a good solution to keep MacOS but use Tails through USB whenever i need more privacy?
Hello, yes, generally speaking, Linux offers more privacy and security than MacOS. That being said, everyone has their own unique needs and preferences, including applications for work and other needs, so it can be a tradeoff.
When you need more privacy and security, you may also want to run a virtual machine on your Mac OS. This is very easy to do, simply install VirtualBox (FOSS) and then install Ubuntu to start learning the ropes of Linux. This will be free and very easy to use. VirtualBox will just run from your dock like any app. You can use as many different VMs as you want, clone environments, run different VM operating systems, it’s a great tool. Tails also isn’t a bad option, but everything is routed through Tor, which has drawbacks.
Hi Sven,
I’ve been using a secure instant messenger client for a while now called qTox, which is at present the most polished client for Tox ( https://tox.chat/ ).
–
Simply put it’s a distributed (peer-to-peer) protocol supporting instant messaging, voice, video that offers end-to-end encryption.
–
There is also P2P file transfers and desktop viewing. The desktop viewing was a little quirky and I am unable to test the video calling since I have no camera.
–
It utilizes DHT swarms (like BitTorrent) to find and connect to your friends so it can be a bit heavy on a cellphone battery compared to centralized services like Wire and Signal. Tox has no signup, no account and no business entity.
–
All that is required is to download the Tox client of choice for your platform, run it to generate your ID, give your ID to someone and then people who know your ID can find you in the swarm.
JN
should we use debian or ubuntu for security in laptop.
It all boils down to personal preference, but Debian probably has an edge in terms of security.
Hi Sven,
will you make a guide for android users?
Hi John, I made a basic Android privacy guide a while back, but it is a bit outdated. I don’t spend too much time on Android, aside from occasionally testing Android VPN apps, but I’ll keep your feedback in mind for either updating that guide or coming out with something better.
Hello all.
I have a recommendation in the category “password managers”:
Password manager is more and more a must have, even more if you use 2FA’s in everyday life.
So, I work mainly with 1password and enpass. Enpass is a good alternitive to 1password.
Very important for me is the security, like “AES-256 Encryption” and “data are stored locally by default” (lesspass is only a online based password manager, I think). Bitwarden has some negative critics, because, there are lines in the code, who allows reload JavaScript from third party sources. In additional to this, in the app for iOS and Android are tracker included (Google Analytics, Google Firebase Analytics, HockeyApp).
An another recommendation in the cetagory “Advertisement, tracking, and malware blocker” is:
For the firefox user, Ghostery should be mentioned here as a very good add-on.
Thanks.
Hello, yes, a very in-depth password manager guide is upcoming (sometime in the next month or so). This page will get updated as well. Thanks for your feedback.
I have a question about Telegram message app. Is it still safe? I’ve researched a lot but haven’t found a decent answer
No, there is a reason why it is not included in the recommendations.
Messaging is not encrypted by default and even when enabling it, it is not end-to-end encrypted, allowing traffic to be intercepted at the server.
I would suggest using Signal, which is similar to WhatsApp (owned by Facebook), with the added privacy.
I looked at Signal, then wrote it off. They make big claims about being open source, but there’s no source on their web site, nor a pointer to anywhere it might be found. The only thing they have is a compiled binary, which is *only* available through the Google Store. Which involves creating a Google account, which is a deal-breaker in itself.
There’s a github project that claims to be the source for Signal, but since there’s nothing about it on the Signal page, it could be any random malware site looking for suckers.
Even if it’s all on the up-and-up, just looking at their web site showed an astonishing cluelessness about how trust and security work.
“Just say no.”
Interesting…Signal seemed to be one of the best, but from what you’re saying maybe I should rethink that. If not Signal, what would you suggest? Wire?
Signal website with links to source code
https://signal.org/docs/
“Over a billion monthly active users across the world are now using the Signal Protocol for end-to-end encryption.”
Over a billion monthly active users across the world are now using the Signal Protocol for end-to-end encryption.
Love your site/ blog!! Incredibly useful info here.
What about Whonix?
Any thoughts about the Whonix OS?
Vm inside a VM…..
F
Yep, Whoinx is a Debian Linux bistro that’s a good option for privacy and security.
Hi Sven, which operating system do you recommend of these? Mint, Elementary, or Zorin OS?
There are many factors to consider and nobody agrees lol. I’d opt for Mint, but that’s just me.
https://puri.sm/posts/purism-becomes-pia-first-oem-partner/
It seems that PIA is the new OEM partner of Purism and will be fully integrated in future Librem 5 phone. Sven, do you think that it is an advantage?
Hi Vector, I saw that. Well, they are both in the privacy business, but I’m not a fan of bundling unnecessary software on devices. I’m testing out PIA for a new review right now and I have to say it has certainly improved in the past year.
Hello all. I would like to purchase a laptop that still has Windows 7. This is obviously for reasons of privacy. However with support and updates ended for this OS is it still possible to set it up and still have safety and good performance? Thanks
If Windows 7 is no longer supported, and you need Windows, you could get a Linux laptop and run Windows inside VirtualBox.
Whatever happened to the ‘UnaPhone Zenith’ that Tutanota back in 2016-04-29 was thrilled enough to partner with?
https://tutanota.com/blog/posts/una-phone-zenith-crowdfunding/
–
How IT can spy on your iPhone or Android smartphone
https://www.computerworld.com/article/3259868/how-it-can-spy-on-your-smartphone.html
.
You Are the Product:
In an Internet world dominated by Facebook and Google, most people understand the phrase “If you aren’t paying for it, you are the product.” What people don’t understand is that this concept has also landed on the shores of the privacy industry. History has proven that as any industry becomes “hot,” marketers will inevitably enter it. Companies that have demonstrated little regard for privacy are now using misleading marketing messages to tout their free privacy services, all the while supporting themselves through advertising and selling user data. This leads to important questions, such as why did Facebook pay $120 million to buy a free VPN app? Why did a popular free browser proxy turn its free users into a botnet for hire? And, what’s next?
https://www.goldenfrog.com/blog/price-of-free-in-online-privacy-industry
What if I cant afford a new laptop? Any way to get security updates for Windows 7 from a third party or something after Microsoft stops putting out their own (And same question about Win7 support)?
Any other ideas?
I don’t think so as the code is not open source.
I have been using Mint and it has been great. A little learning curve.
Try different flavors and see what you like best.
Hi Miguel,
I’d say no to your security questions of Win 7, M$ not supporting patches any longer is like being dropped into a pit of lions or vipers.
– If you persist, try looking for just the Win 7 OS and add it to a partition on the laptop. (Duel boot w/ perhaps Win 10).
Being on the latest hardware will always be a performance driver.
Ebay has listings yet for Win7.
Win 7 wikipedia page mentions paid support for Windows 7 Professional and Enterprise for three years after the end of extended support.
See: Support lifecycle > https://en.wikipedia.org/wiki/Windows_7
Here’s an article mentioning more on end-of-life –
https://www.extremetech.com/computing/276582-microsoft-relents-confirms-extended-support-option-for-windows-7
–
If your not wanting go with Sven’s mention of Linux w/ Win 7.
Go with Win 10 and use some/all of these-
Edited Host file with every URL you can find calling out Windows telemetry. Still everything is doing telemetry today, drivers too.
.
Sphinx Win10FC = firewall that blocks everything by default, uses its own rules, it doesn’t set any in the Windows firewall, you can switch the WINDOWS Built-in Firewall ON or OFF at your option due to the completeness of Sphinx Win10FC products independence.
– Free version has limits, as it can not manage system applications (located in c:\windows\*) .
– Note: originally called the Windows Vista Firewall Control it updates to the latest name of Windows OS to sound current.
*From your computers stand point the Sphinx Win10 Firewall Control stops all the telemetry leaving your device.
https://www.sphinx-soft.com/Vista/
.
The Windows OS has plenty of it’s own telemetry going on, so the Blackbird (free-donation) program (no installation) takes care of
this and runs on all recent desktop editions (Home, Pro, etc.) and to the versions of Windows (Vista, 7, 8, 8.1, 10).
https://www.getblackbird.net/
–
Not knowing how you’ll go with an OS – anything Windows Updates are covered on this site (ex: safe, not, security only, risks, etc…) from the menu on the lower right.
https://www.askwoody.com/
Hope this is helpful : )
So, I should not trust a free AV, but trust a password-manager like the ones you mentioned above…. (??)
Anyone willing to put some light on this?
Recommended password managers = open source
Antivirus = closed source (and much more potential for invasive/malicious activity going on behind the scenes)
Hi Ghis,
You can see it this way –
Addon password managers = specific data stored securely in a vault area on your device accessible by a master password you’ve given.
*Browsers should never be used for saving login credentials…
**Local device storage is better than cloud storage that has the benefit to sync to your other devices – – but clouds are a bigger risk target to hacks, as not only yours but everybody’s data stored there.
Where as –
A / V security products have access to the whole device and it’s access to all sections data because it runs at a high system level privileges.
Think ‘administer’ versus ‘user’ privileges…
You can restrict it’s access by excluding drives, folders, files but unless that’s done it reach is the greatest of anything you’ll install to a device.
* It may even access the installed files of the ‘password manager’ but as I understand can not reach the vault area because your master password locks it out.
* * So if you’d consider both like dogs, a lap hound compared to a guard dog. Which bite impacts greater harm and who’s poop is more substantial…
Both you invite into a device but a wise choice of understanding and a research of the TOS and Privacy Policy, along of users experiences documented should weed out bad actors.
Hope my off the wall rendition – helps : )
What about AppMoat by Seventh Knight?
https://www.seventhknight.com/appmoat.html
https://www.seventhknight.com/eula.html
https://www.seventhknight.com/privacy.html
What about it – this an advertisement?
Since you can’t buy it yet – it’s to new to be trusted, no user reviews!
Why mention it then ???
Very Quick look seams similar in functions like VoodooShield.
What about Firefox Focus aka “Firefox Klar” ?
https://support.mozilla.org/en-US/kb/focus
https://blog.mozilla.org/blog/2016/11/17/introducing-firefox-focus-a-free-fast-and-easy-to-use-private-browser-for-ios/
Mainly on android and ios. Doesnt have as many downloads as the main firefox though.
It’d be cool to take a look at this browser and see if its worth all the hype or if its just another free tracking scheme like Opera.
Can it be configured just like normal firefox in your guides?
Hi Kevin, yes, that is a great solution for mobile devices (Android and iOS).
You have great confidence in Emsisoft antivirus. I have used Emsisoft antivirus in the past. It was fair in performance and it was not difficult to find better. At that point, I came to the conclusion that Emsisoft is itself, a virus. Have you tried to get that POS out of your computer? It invades everywhere and regenerates crap you remove. For months, elements keep cropping up everywhere. Emsisoft is a malignant hemorrhoid in a computer system.
Grover is it your cold and need to get your temperature going to warm up something. Without any facts and links in support of your proof, your just spouting useless and false tales around about your own opinions that are groundless and useless to anybody else otherwise… Lets be fair by proving some proof for everyone : )
–
As I see it, there is no best Antivirus marketed today and I’m a little put off by the AV industry as my research into it leads me to hope for better of them in 2019 onward. https://restoreprivacy.com/antivirus-privacy/
– But, at lest Emsisoft makes the point to tell people about their security and privacy practices. As Emsisoft is pushing the knowledge out about how both benefits you and other helpful articles in their Blog posts. https://blog.emsisoft.com/en/
–
Besides an A/V’s roll covering the whole system – this leads to infringing on users’ privacy. As they then can be a backdoor to devices of your personal data, documents, and files. As far to going in intercepting the web traffic run on it. You can’t block them by a firewall as need for verifying file maliciousness and updating itself exists.
– As A/V’s run it’s access with high system level privileges, then for an whoever entity that leverages them – they have to comply with the laws of the countries in which they are established.
– Not only do A/V security software’s reduce the HTTPS connections security, but also introduce vulnerabilities such as in a failure to validate sites certificates properly. https://zakird.com/papers/https_interception.pdf
–
So Emsisoft gets mentioned here, not as perfect but, as a conscientious antivirus provider who respects their users private data, and to only using it when absolutely necessary, while other A/V’s are much less scrupulous in the very same roll.
@ Sorry but it almost sounds like your torrenting or download pirated stuff that puts your infections there or it respawn from. With an A/V software turned off – is in NoWay going to protect the system it’s installed on. Excluding hacks, cracks with it = same…
https://blog.emsisoft.com/en/category/protection-guides/
Please don’t torment yourself without supplying the facts/links in making such further accusations about any A/V – friend : )
ON A WINDOWS BOX ? Give this a thought…
Should a local or a Microsoft account in Windows 8 and/or 10, be used?
–
What is a local offline account in Windows ?
A local account is a ‘username and password’ combination that you have likely used to log into any of the legacy Windows operating systems of the past – that is before 8 and 10 came to be.
It grants you access to the system’s resources and allows you to customize it of your settings and preferences. As a local user account in Windows 8, 10, it will allow you to install the traditional desktop apps, personalize your settings and use the operating system the old fashioned way (desktop) or limited somewhat in the Metro UI.
{Please offer knowledge on Metro, I’ve stripped most of it out long ago.}
Of course, in using a local offline account it must be created for a single system each time, so if you have any multiple of systems/devices, you will need to use a different local account for each of them.
–
What is a Microsoft account?
Starting with Windows 8, Microsoft has tried to push users to sign into Windows with a Microsoft linked account. Some features of Windows 8 and Windows 10 require access to the Microsoft cloud, and you therefore have to authenticate the device with a Microsoft account.
-[For a complete list, just type “sync” in the Start menu or Start screen.]-
A Microsoft account is the rebranding of any in the previous accounts for Microsoft products. If you have ever used services like Hotmail, Outlook.com, Skype, or devices like Xbox game consoles or Windows smartphones, then you are sure to have a Microsoft account already.
– By rebranding and combining all these different accounts, Microsoft allows for a complete integration of all their services into a single online account. This means that you can use it to get access to everything connected to the Microsoft ecosystem. It means M$ knows a lot about U.
–
The main difference – mostly it’s about trusting your privacy with M$.
The big difference from a local accounts stance, is that you use an email address instead of a username (in local account) to log into the operating system. So you must use either a Microsoft indentured email address (hotmail.com, live.com or outlook.com), or Gmail, and even your ISP specific email address to create your Microsoft account. This type of sign-in as the cloud process is meant that you cannot remove your system account password protection.
You can only change it.
– Also, signing in with Microsoft account allows you to configure a two-step verification system of your identity each time you sign in. This requires you to enter a security code each time you sign into a device that is not on your trusted list.
– Is this not as bad as using Google products for most everything as well ?
https://restoreprivacy.com/google-alternatives/
–
Some Pro’s and Con’s
This is all on top of Windows known Telemetry in it’s OS systems.
– You’ll likely have access to the Windows Store but, if you use Windows 8, 10 Home, you cannot download and install apps without a Microsoft account supplied. Windows 8, 10 Pro, Enterprise or Education, you can download and install apps from the Windows Store, but only if they’re free. You must sign in using a Microsoft account so that their paid licenses are associated with you.
– A local offline account in Windows, pertaining to your system settings will not be synchronized across any of the computers and devices you may also have.
– Ensure signing up/in Windows by creating a local account – simply disconnect your computer from the Internet when you install Windows 8, 10 it’s that easy to see a different menu.
– A downside of this Windows account feature is that whenever you log on to your Windows computer, you’ll also sign in to the Microsoft’s cloud. *This means that Redmond knows when you sign in, and from where. NOT everyone feels comfortable with this power given to M$ by itself.
Boa tarde Sven gostaria de usar o Starpage mais possuo problema com imagens sexy poderia me ajudar com indicação de um filtro para imagens ou até total remoção de imagens do Star page .
Good afternoon Sven would like to use the most possible Starpage with sexy images could help me with the indication of a filter for images or even the total removal of images from the Star page.
Hi dwg,
Try looking here for what your wanting to do or settings changed.
https://support.startpage.com/index.php?/Knowledgebase/Article/View/192/5/what-is-your-family-filter-and-how-does-it-work
or
https://support.startpage.com/index.php?/Knowledgebase/Article/View/1162/19/the-family-filter-is-blockingreturning-too-much-content-how-do-i-turn-it-off-or-tighten-it
or
https://support.startpage.com/index.php?/Knowledgebase/Article/View/1237/19/video-results
Great site Sven! Regarding another privacy site, privacytools.io, that site is contradictory. It says that “You need your browser to look as common as everyone else. Disabling JavaScript, using Linux, or even the TBB, will make your browser stick out from the masses.” And yet it advertises the like of NoScript and Linux systems. Does the person running it not know that making all the changes to Firefox’s about:config as shown, and installing the advertised browser extensions, will make a person’s browser stand out more?
Hi Paul, yes, that is the tricky issue with browser fingerprinting, it is a catch-22.
Hi Paul,
It’s comments like yours I keep hoping to see show up here as more people find the site. I try to offer insights that I understand as well.
Good points you’ve brought up – Sir : )
Hi Sven,
I currently use VoodooShield (VS) and it seems to me that the privacy terms related to product are not abusive – at least it looks like VS just collects very minimal information that is not aimed for re/selling.
https://voodooshield.com/
https://voodooshield.com/Privacy.aspx
https://voodooshield.com/Terms.aspx
VoodooShield is a kind of security software that complements the AV programs and it simply locks the system (something like a NoScript for Windows system) by preventing any process to run outside those who has been white-listed. It is not open source but it seems to me like a good option for security reason which impacts to certain extend the privacy. I was wondering have you ever tried VoodooShield and would you please share your opinion? In this regard, do you know any website similar to the one of https://thatoneprivacysite.net/ where the terms and conditions related to AV products have been analyzed? I am thinking that probably after the Kaspersky public issues maybe someone has publish some interesting article about the privacy aspects of the AV products. Thanks.
Hi Vector,
I’ve tried VoodooShield for a short time and couldn’t get the knack of my system running it. That was back some years ago…
You can see some favorable users opinions here about two years ago and beyond that – https://malwaretips.com/threads/voodooshield-have-you-tried-it-would-you-recommended-it.61800/page-4
Then an extensive users talk and time coverage of it here – https://www.wilderssecurity.com/threads/voodooshield.313706/
–
I use to used KIS by Kaspersky back 3 years ago till VPN.ac said not too as they said it’ll cause me problems with their clients. Same troubles I suppose happened with AdGuard, as it ran into priority problems with the order of some kind of KIS driver calls made in my system – in about the same time frame of events before loosing KIS.
Then I caught word that the US defense departments dropped it from their ‘to use list’ of software’s as it’s founders were suspected of KBG ties as reviled – all before the last presidential election scandal’s broke.
I completely moved over to Emsisoft Internet Security that’s gone now. It has since merged with Emsisoft Anti-Malware.
https://blog.emsisoft.com/en/28245/merging-emsisoft-internet-security-with-emsisoft-anti-malware/
–
AV products have been analyzed? About your metadata privacy you mean? Good point, what else has free run to every nook and cranny of your system. Even to whats known of VirusTotal, as I use it as a second opinion or first understanding to a lot of things.
There are others in this lineup of file uploads in online checking services, even the online scanners of the most popular anti-virus/malware vendor’s to run scans and check out your PC for free. What else do they find out about you?
–
Only one study I know of was done in 2014 by AV-Comparatives, for Data Transmission in Internet Security Products.
http://www.av-comparatives.org/wp-content/uploads/2016/12/avc_datasending_2014_en.pdf
Emsisoft Blog had a post JUNE 26, 2015 covering Antivirus software: protecting your files at the price of your privacy.
https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/
AV Comparatives did not include questions about data retention which is unfortunate. Some companies may use the transmitted data only to determine the correct course of action, while others may save it for a period of time or maybe even forever.
It has been suggested that users only download and install products of reputable companies, and that they read the End User Agreements before they do.
–
Despite claim’s they anonymize any user’s data that’s collected. If they anonymize your data, don’t you think they are able to un – or de-anonymize this same data just as easily on their end?
– Then when you do install something run the terms through the below program-
EULAlyzer Personal / Free for personal & educational use – https://www.brightfort.com/eulalyzer.html
Would be nice if thatoneprivacysite would branch out and cover the A/V likes there too…
Thanks : )
Disposable email addresses providers like Burner Mail and Blur are also privacy tools.
Good point Mark, I’ll consider that for the next update.
33MAIL is another one I can say works very well.
[ Create a new e-mail address whenever you need one. Maintain complete control over active addresses. Forwards all mail to your existing e-mail address. You can even reply anonymously to emails forwarded by 33Mail. Never receive unwanted e-mail again! ]
Hi Sven and Mark,
@Sven I don’t know if disposable email address are really a privacy tool, when Private Email >Best Secure Email Providers list on your site already, offers Aliases – through their services. Although most of the encrypted mail services offered there, you can’t easily delete an alias but only disable it from being active.
–
@Mark did you know Abine Blur recently compromised it users. I don’t believe this was out of wilful miss-conduct but more to a problem of gross negligence.
https://www.abine.com/blog/2018/blur-security-update/
–
Even my own mention of 33MAIL deserves scrutiny, as I don’t see a Privacy Policy offered on it’s site but only a TOS, and usually one or the other gives an indication to their actual address of location and/or jurisdiction.
And a whois look up doesn’t offer much to their location – https://www1.domain.com/whois/whois.bml
– FYI, the US may be headed to a recession as the trade wars and now General Motors layoffs lay the indications of more to come.
What is your opinion on Riot? It is based on the Matrix protocol.
https://about.riot.im/
How do you like the open-source XMPP clients like Gajim? Particularly Gajim may use the OMEMO protocol.
https://gajim.org/
Hi Vector, I like Riot quite a bit. I haven’t looked into Gajim much yet.
Unfortunately, Gajim is not multi-platform messenger (no iOS, no Android support).
I am not sure what’s happened with Jitsi and particularly with the support of OMEMO protocol. They implement the OTR protocol but I am not sure whether it is not a bit obsolete.
https://jitsi.org
is https://jitsi.org similar jabber ? thanks a lot
The most widely used privacy tool anyone has is setting right behind their eyes. Called common sense or that gut feeling, trust your instincts that your brain gives to you.
-One practice I find helpful is to limit the installed programs to what I need and use, uninstalling those that have had little use to me in 6 months of the year.
–
How many people actually read a ‘EULA’ license agreement of the software they install?
Or for that matter of a Website’s Privacy Policy to make sense of the nonsensical?
Don’t just write off the ‘EULA’ license agreements and Privacy Policies as too long and verbose to read…
And other similar documents, including language that deals with:
Advertising – Tracking – Data Collection – Privacy Related Concerns
Installation of Third-Party / Additional Software
Inclusion of External Agreements By Reference
Potentially Suspicious Clauses
–
You know in todays world that it’s important to know things like-
1. If the software you’re about to install, displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, or much more.
2. Of a website’s privacy policy for potentially interesting words and phrases, then what roll Third-Party External Agreements play.
–
Know What You’re Getting Into – Pop it into EULAlyzer .
This ones free as you do some work for the results.
http://www.brightfort.com/eulalyzer.html#Overview
–
EULAlyzer Pro for powerful and instant analysis using EULA-Watch, supports automatic license agreement detection and scanning for most major software installers.
http://www.brightfort.com/eulalyzerpro.html#EULAWatch
Note: This program does not provide legal advice.
You should always consult a lawyer for advice on legal issues.
http://www.brightfort.com/privacypolicy.html
The Good Trustworthy Antivirus programs should be in the Ranks above.
To thwart off malicious and unwanted software, and to reliably prevent phishing- and ransomware-attacks.
STAY away from the Free versions and you really don’t need their Internet Suites that some offer in all the bundled sub products.
I like to call these Jack of all Master of none…
–
Privacy – (taken from #5) https://blog.emsisoft.com/en/29702/choosing-antivirus-software-2018/
Some are extensively collecting data about your computer usage to improve their products. While simple product usage telemetry is usually anonymized, some products may also upload suspicious files from your computer to the vendor’s scanning cloud. You need to be able to fully trust that the vendor will handle your files responsibly, ethically and securely. After all, a private document could be part of such an upload, too.
–
Free Versions – “Has the antivirus industry gone mad?”
https://blog.emsisoft.com/en/11550/has-the-antivirus-industry-gone-mad/?ref=offer000012&utm_source=newsletter&utm_medium=newsletter&utm_content=mainnews&utm_campaign=offer000012
Fact: 7 out of 8 tested free antivirus suites bundle with PUPs
Comodo AV Free: changes home page and search engine provider to Yahoo during the installation process, unless the user unchecks the box.
–
Avast Free: offers Dropbox during installation by default, unless you uncheck the box.
–
Panda AV free: installs Panda Security toolbar, yahoo search takeover and MyStart (powered by Yahoo) home page takeover.
–
AdAware free: installs WebCompanion by default unless user unchecks the box. Also installs Bing Homepage takeover and Bing search takeover by default, unless opted out.
–
Avira free: offers Dropbox after installation. Takes over search with Avira Safe Search, which is a a white-labeled version of the Ask toolbar. Avira does disclose that it partners with Ask.
–
ZoneAlarm free AV + Firewall: with Custom Install: Zonealarm homepage and search takeover.This is a rebranded Ask toolbar, which is not mentioned on ZoneAlarm’s website.
–
AVG free: installs Web Tuneup, including AVG SafeGuard. Sets AVG Secure Search as homepage, new tab page and defaults search engine. Toolbar is Ask powered, although this is not explicitly stated. Also offers AVG Rewards, which displays popup advertisements with coupons and deals.
–
When the product is free the real product is YOU
Excellent points, Hard Sell, thank you. I’m going to update this guide with that information. Emsisoft is a solid choice and is one of the few AV’s that give you both security and privacy.
I agree about Emsisoft’s security and privacy practices, and then their always trying to get the word out about both.
Here’s some interesting facts you may find helpful to reference of anti-virus companies.
https://www.ivpn.net/blog/are-anti-malware-products-uploading-your-private-data
–
https://sanfrancisco.cbslocal.com/2017/03/08/wikileaks-cia-documents-antivirus-software-reviews/
–
https://blog.emsisoft.com/en/17153/antivirus-software-protecting-your-files-at-the-price-of-your-privacy/
Hello all
If – one key consideration is your digital threat model.
I’d definitely set the privacy bar HIGH there – as with all the Corporate, Government, and Web advertising entities collecting your data massively like never before.
A picture develops from all your collected data that can be like looking at a cross-cut of an adult tree growth rings, they’ll see an extended picture of your online life with all the collected data – just think of a two year period online what could be learnt of ourselves.
–
Did you know some advertisers attach the MAC address of a users devices to their demographic profiles so they can be retargeted even if the user clears their cookies and browsing history.
Clearing cookies doesn’t help you with web bugs and respawning cookies by the way.
–
If that old saying – Fruit doesn’t fall far from the tree – think about your offspring and relatives having similar likes as yourself, that your online habits and interests could most likely & will affect them.
How I try to guard my privacy and remember once it’s captured by one entity it can be shared, hacked in to, or go into a data base to live on for a very long time.
–
I’m running a 8.1 x64 Windows rig with IE 11 / Slimjet browsers, SSD and 16GB Ram. No Pen or Touch for display, no camera.
I’ve cleaned out most of the Metro crud for mostly a desktop experience as of the older Windows OS’s.
StartPage = my homepage and search engine.
Emsisoft = my main anti-malware.
Malwarebytes = 2nd line layer for malware defense.
RoboForm = (locally) not cloud, password manager for website logins with a strong password generator (usually at 20+ characters).
Maxa Cookie Manager = DATED / but still works covering many browsers – cleans cache, history, timed auto cookie deletion, w/ cookie evaluation – white/black lists, last update was 12 February 2014.
Adguard = ad blocker w/ personal privacy modules and stealth settings, really a lot more it has to offer than blocking ads.
VPN.ac = hides real IP – server side DNS, never surf without it.
VPNCheck Pro = DATED / DNS leak fix, changes your MAC address automatically but also your Hostname and Computer name, this also applies for all the Computer ID sniffer algorithms on networks.
Shadow Defender = runs your system in a virtual environment with no change to your real environment.
AOMEI Backupper Pro = is a complete yet simple backup software for Windows PCs and laptops, supports system/disk/files/partition backup & restore, file sync, and system clone as well as provides scheduling backup, merge images, dynamic volumes backup, UEFI boot, and GPT disk backup.
Sphinx Win10FC = firewall that blocks everything by default, uses its own rules, it doesn’t set any in the Windows firewall, you can switch the WINDOWS Built-in Firewall ON or OFF at your option due to the completeness of Sphinx Win10FC product independence – free version has limits as can not manage system applications (located in c:\windows\*) .
Note: originally called Windows Vista Firewall Control it updates to the name of current OS to sound current.
The most understandable detailed review I’ve seen here-
https://msfn.org/board/topic/174417-sphinx-windows-er-10-firewall-control/?tab=comments#comment-1107771
–
Most of the above have free versions but, all these I use are paid for except the web browsers – search engine.
Although free has more of a consequence to an individuals privacy, there is really no guarantee that a paid product by way of your paying for it, offers you any more of a guarantee that of your data won’t be collected and then sold on to others. From your computers stand point the Sphinx Win10 Firewall Control stops all the telemetry.
The Windows OS has plenty of it’s own telemetry going on, so the Blackbird (free-donation) program (no installation) takes care of
this and runs on all recent desktop editions (Home, Pro, etc.) and the in versions of Windows (Vista, 7, 8, 8.1, 10).
https://www.getblackbird.net/
–
I also run two system cleaners-
R-Wipe & Clean = automatically at browser close for browser / user set tasks, and at system shut down for full computer task list.
PrivaZer = automatic and manually at browser close for internet traces, and once weekly on the c\:drive.
HOPE this helps some people to know what steps I feel necessary in todays era of the internet.
I said ‘The most understandable detailed review I’ve seen’ about ‘Sphinx – Win10FC’ was with that above link, I forgot about this more detailed one.
Allowing network access to only trusted programs is a fundamental step in increasing your security and privacy. Windows 10 Firewall Control is a simple free/paid third party program to control and monitor the network activity of applications. It prevents undesired information leaks for incoming and outgoing connections for applications running locally or remotely on Windows.
–
Windows 10 Firewall Control puts you in control of all network communications your PC has. It can prevent applications from “phoning home”, sending “telemetry”, showing advertisements, checking for updates without your permission and so on. It’s very useful to detect and stop zero-day malware by blocking its network activity. By adopting a block-everything-by-default approach and allowing access to only whitelisted apps, Windows 10 Firewall Control gives you full control over network communication.
–
The application is very compact, has a small installer and low memory footprint. It’s compatible with Windows 7, 8, 8.1 and 10. The installer includes both 32-bit / 64-bit versions and automatically installs the appropriate version. Both IPv4 and IPv6 protocols are fully supported.
What’s special about Windows 10 Firewall Control is that it blocks connections by default, automatically detects when a program on your computer is trying to connect and shows a clear notification prompt asking your permission to allow or disallow it. Although the built-in Windows firewall includes a prompt for inbound connections, Windows 10 Firewall Control goes one step further and shows you prompts for outbound notifications too. The ease and transparency in setting up it’s firewall permissions for desktop and Store apps is what sets this program apart.
–
You can set the desired network permissions for any program easily with a single click. The most safe and reasonable permissions are advised automatically. A rich set of predefined permissions is available, you can choose and apply the chosen permission anytime.
It has an optional balloon notification that instantly pops up and includes detailed activity of each app and a description of why the app was blocked or allowed.
Both, already established and potential app connections are listed. In the paid versions, a predefined set of permissions (security zones) can be set for each program and activity type. A zone can be applied to any application with a single click. You can customize a predefined zone or create a new one that fits your needs precisely.
–
Many other features are included and the application is continuously being improved for many years. For instance, there is a way to automatically configure hardware routers/firewalls, create a safe virtual sub-network inside a single local network and control network permissions remotely. The application’s features are configurable such as disabling popup for new detected program trying to connect, suppress the log balloon, change the sound used for the prompt, import/export settings, password protect the settings panel and others. Windows 10 Firewall Control runs from the notification area (system tray) and also has taskbar integration.
–
The program has a simpler, free version but the advanced features are available in paid versions. All versions and editions are available in English, German and French. Very careful and personal support is available for free. You can compare the features available in the free version and the paid versions here: http://sphinx-soft.com/Vista/order.html