36

An Introduction To Privacy-Friendly Services

by Grey One •

Private Search Engines

DuckDuckGo: Private Search Engine

Search engines like Google, Bing and Yahoo record your web searches and link your web searches together.

The Solution: Use a non-tracking search engine like DuckDuckGo (with StartPage as a backup).

Cost: Free DuckDuckGo is a search engine with a focus on privacy. This search engine often produces better quality search results than Google. However, with more obscure searches Google is more comprehensive. So as a backup, you can use StartPage which allows you to search privately on Google, Bing or Yahoo.

Private Web Browsers

Screen Shot 2016-05-13 at 3.23.35 PM The Problem: Web browsers like Internet Explorer, Google Chrome and Safari are not privacy-friendly.

The Solution: Use a secure, open-source web browser like Firefox with privacy-mode turned on.

Cost: Free Firefox is a reliable browser that protects your privacy. I recommend using it with these add-ons installed: HTTPs Everywhere and uBlock Origin.

Alternatively, you can use Chromium, which is an open-source browser similar to Google’s Chrome.

If you want to browse anonymously, you can use the Tor Browser Bundle. It is a free application that is available for Windows, Macs and Linux. See my article on Tor for more details.

Private Email

Fastmail (screenshot) The Problem:Gmail, MS Outlook and Yahoo Mail automatically scan your email.

The Solution: Use FastMail instead, and use MailDrop to generate temporary email addresses. You can use an independent email service like FastMail. Based in Australia, the service has been running for 15 years, and they have a good privacy policy regarding email storage. Their prices start at $10 per year. Fastmail is designed for email privacy not email anonymity. The company states:

  • we use encrypted SMTP for sending your mail when the receiving server supports it
  • we mandate encrypted access for webmail, IMAP and POP
  • we use Perfect Forward Secrecy where possible for all encrypted connections
  • we encrypt all email while at rest on our servers
  • we encrypt communications between our data centers

For most people Fastmail is good enough. However, if you need more privacy and security, you may want to look into the providers listed below.

Encrypted Email Providers

ProtonMail is a good encrypted email provider based in Switzerland.

Avoiding Spam

MailDrop is an open-source service that allows you to create temporary emails, thus allow you to control spam. You can give these emails out companies that you don’t yet trust. Trashmail is similar to MailDrop — but it offers a paid service with additional filtration features.

Private Cloud Storage

Tresorit is an encrypted cloud stroage provider, based in Switzerland. See this article for more information.

Virtual Private Networks (VPNs)

The Problem: Your ISP and other organizations can monitor your online activities.

The Solution: Use a virtual private network (VPN) service like ExpressVPN. ExpressVPN is a virtual private network (VPN) service that is fast and reliable. It’s my top pick for a VPN (see more details here). Prices are $58 per year, or $9 per month.

Private Instant Messaging

The Problem: Your text messages are not encrypted and may be recorded.

The Solution: Use Wire instead — a private messaging application.

Cost: Free

Password Managers

blog-1

Password managers allow you to create strong, unique passwords for all your website accounts. They can also automatically log you into websites, thus preventing key-logging (attempts to capture your keystrokes and hence your passwords). Bitwarden is an excellent open source password manager.

Privacy-Friendly Operating Systems

Elementary OS Screenshot

I recommend the Linux operating system. This free OS has many useful privacy features and applications. If you’ve never used Linux before, I recommend using the Elementary OS distribution. It was designed to replicate features found in Windows and OS X. Linux distributions are maintained by technical users around the world, so they tend to be less vulnerable to malware. You can get a computer with Linux pre-installed from a vendor such as ThinkPenguin (just tell them to install Elementary OS on your computer).

Privacy-Friendly Mobile Devices

The Blackphone 2 (Screenshot)

Most mobile devices are not designed with privacy in mind. If you need an extra level of security, you can make use of a device like the Blackphone. This smartphone has it’s own privacy-centric operating system. Thus, the phone does not leak data to a carrier. It has comes with an encrypted phone service, secure messaging and many other security-oriented features. It sells for around $800.

Other Information Sources

  • Prism Break provides a well-researched list of software that can help you opt of of surveillance.
  • AlternativeTo provides lists of software that can replace your existing software with better, more open substitutes. This well-organized site allows people to vote on the software choices.
  • The Best Self Hosted Alternatives provides a list of cloud software that your can run yourself
  • The book Data and Goliath (by Bruce Schneier) provides a great overview of the companies and organization tracking you.

Comments 36

  1. Tresorit features end to end encryption. What about Amazon’s storage offering? I thought it had end to end encryption as well.

    A friend of mine is working for a company you might be interested in (hardware for crypto): https://www.crypto4a.com/
    They are still a startup, but they have designs for chips which you deploy a CA on and if anyone opens them, X-rays them, tries to scan them in some other ways, will zeroize the contents. They are working on a universal cybersecurity platform.

    Said friend uses Amazon for cloud storage but pointed out you can’t be sure if they are actually safely encrypting your data (and that’s not unique to Amazon, it’ll be true just about with any service) so you provide them with a well-encrypted blob to store and you dencrypt it locally once you get it back to your machine if you really want a higher grade of security. It’s nice that Amazon or Tresorit would encrypt your data, but you still have to consider the possibility they aren’t doing what they say (or aren’t doing it well) and the best security is thus encrypting your data before uploading yourself (with lots of entropy).

    1. Crypto4a sounds interesting, I will check it out.

      Amazon offering is not designed to be a syncing cloud storage service for personal use. Amazon Cloud Drive is their consumer product and doesn’t have client-side encryption.

      In regards to trusting that Tresorit doesn’t have any backdoors — this is a common question about encrypted services. The answer is basically that ultimately you do have the trust the company to some extent. If trust that Tresorit doesn’t have any backdoors, then your data is safe they have no way to access to you data. Tresorit ha a reputation — their software is used by thousands of individuals and businesses. If they did anything questionable or risky they would be out of business. Here is an article were they address this issue to some extent: https://tresorit.com/blog/we-care-about-your-privacy-you-should-too/

      For an added layer of security, you can encrypt your own files (with open-source software before). You would not have to trust a cloud storage provider in this case.

  2. I appreciate your efforts in preparing this post. I really like your blog articles. Well thanks for posting such an outstanding idea. I like this blog & I like the topic and thinking of making it right.

  3. the prices for ThinkPenguin notebooks are between 700-900 us dollars before tax and the desktops are 500 u.s dollars before tax. does that seem pricey just to be sure Linux is installed on your computer?

    1. You are not paying that much to have Linux installed, you are paying for the machine itself.

  4. For me duck and go can surpass google in future. The quality of the results is at a really high level, and for that they care about privacy. I wonder how it will be in the future but for the time being they manage.

  5. really good article covering all the bases. I think the use of Linux solves so many threats that are tied to Windows and it is a constant arms race trying to keep windows secure.

  6. I like the idea of the Tails OS but am not overly fond of its UI. Instead, could running elementary on a Live USB achieve close to the same?

      1. Why do you prefer FastMail and Kolab over Proton in some of your other articles? What do you see as the pros/cons / advantages/disadvantages? Great site! Thanks for openly sharing all your knowledge, research and recommendations!

        1. I still recommend all three.

          I recommend Fastmail as a reliable (non-encrypted) email provider.

          Protonmail is a reliable encrypted email provider. They just started supporting Bitcoin as a payment option.

          Kolab is a more business-oriented solution — it is a combination of an encrypted email and an encrypted cloud service.

          Hope this helps.

  7. the prices for ThinkPenguin notebooks are between 700-900 us dollars before tax and the desktops are 500 u.s dollars before tax. does that seem pricey just to be sure Linux is installed on your computer?

    1. Installing Linux is difficult for many people, so it might be worth it for the convenience. Perhaps someone can let me know of Linux vendor with better prices?

  8. ‘Blur’ has many of the functions that are recommended on this site. Any comments on this operation?

    1. I used to recommend Blur, but I found that their products often didn’t work correctly, and their customer service was awful.

  9. really good article covering all the bases. I think the use of Linux solves so many threats that are tied to Windows and it is a constant arms race trying to keep windows secure.

  10. I discovered GREYCODER about a month ago and I definitely appreciate all the research and thought that has been expended on a great many privacy and security topics … plus all contributions by many others in the comments! Thank you!

  11. I was wondering is it still worthwhile to use a VPN when I read on endgaget that NSA had special tools to monitor encrypted VPN messages?

    1. It is possible that the NSA has sophisticated de-encryption abilities. If you are concerned about this, I’d advise you to look for providers that offer high levels of encryption, and read up on other methods of obfuscation.

  12. Can you provide a little more background on the comment about SPider Oak’s apps being problematical? Is it the app or the security that is an issue? Also, what is your opinion of CrashPlan? I’ve seen lots of good reviews about it as a backup service. Although it is not zero knowledge like SpiderOak or Seafile, it appears that you can generate an encryption key. Thanks, as always, for your good work!

  13. What’s your opinion of 1Password as compared to LastPass? I haven’t used KeyPass, but one issue I have with LastPass is that it’s not intuitive in terms of ensuring that you are completely logged off when you close the browser window. It took me awhile to figure out how to set it up so that a login was required each time I re-opened the browser and even then it hasn’t been consistent in shutting down the app — which then leads to a security flaw.

    1. I like 1Password but it only recently became available for Windows and Android. I like Keypass but it requires technical knowledge to sync it correct.

      Are you using Lastpass with a browser? It shuts down when the browser shuts down.

      1. Thanks for the reply; I’m on a Mac so have used 1Password for almost 10 years and love both the security and the support from the company itself. I like that it has a full featured app for mobile devices — recently my computer AND wireless external backup were stolen (along with all my credit cards) and having 1Password on my mobile was what enabled me to easily contact all the card companies, banks, etc., and get online access to my accounts.

        I do use LastPass with Firefox on a friend’s computer where I occasionnally work. My experience has been that, when I reopen the browser, LP is still running, even if it’s been weeks since I accessed it before. Could just be that computer/browser, but I now manually log out each time before I close the browser itself. Apart from that I enjoy LP’s functionality, but feel a bit uncertain about it’s security.

  14. Thanks for this info!

    For password management, I like Keepass http://keepass.info/, possibly with the relevant browser add-on to connect it to the browser.

    As a mail provider, I recommend Posteo (http://www.posteo.de). It’s a German mail provider (Berlin) that takes privacy (and sustainability) very seriously. Cost: from 1 EUR/month (you can even pay cash).

  15. When I was looking for a new email provider, I checked out Fastmail. One thing that I did not like about the service is that when using Thunderbird, they showed my real IP address (both my private IP address on my network as well as my public IP address) in the header information. For this reason, I would not recommend Fastmail.

    1. Thanks for the feedback. Fastmail is not designed to be an anonymous email provider. I recommend it as a privacy-friendly provider that doesn’t scan you emails.

Leave a Reply

Your email address will not be published.