What are the Best privacy software & practises for everyone?

e Foundation’s mission is to provide essential information and tools to users, enabling them to understand personal and professional data collection and privacy concerns. This empowers them to start utilizing software and services that offer enhanced protection.

Our focus so far has primarily been on the operating system with /e/OS and cloud services through Murena.io. However, we aim to broaden our scope by aggregating information on the best tools, services, and practices. These resources should help users break free from the digital surveillance imposed by major tech companies and governments.

We are particularly interested in solutions that do not require a steep learning curve and can be easily adopted by a wide audience. Our goal is to find tools that even your grandmother could use without hassle.

To this end, we look for recommendations on the following topics to safeguard privacy:

• Desktop operating systems
• Web browsers
• VPNs (Virtual Private Networks)
• Email software and services
• Office software and services
• Productivity software and services
• Payment & financial software and services
• Cloud storage options
• Enhanced privacy settings for commercial Android or iOS devices
• Password managers
• DNS (Domain Name System) services
• Good practises for everyone
• …

We appreciate any suggestions that can help users protect their privacy with minimal effort and technical knowledge.

Ready? Go!

Capture d’écran 2024-03-07 à 17.26.131770×646 72.7 KB

Regain your privacy! Adopt /e/OS the unGoogled mobile OS and online services

• Desktop OS: Obviously Linux, but which distro is a personal preference. Easiest thing to do is to just start with a mainstream distro like Ubuntu.
• Web Browser: I personally use Firefox with uBlock origin and some other extensions like LibRedirect (which redirects to privacy friendly frontends for platforms like YouTube) and Cookie Autodelete (name speaks for itself)
• VPN: I use Mullvad, because they’ve proven that they don’t keep any logs and even had a police raid their servers, which revealed that they don’t store any user data on their servers.
• Email software: I use Thunderbird as my desktop client and for my email provider I use Proton Mail with Proton Bridge (I’m a paid user)
• Office Software: I self-host Nextcloud (which is basically a FOSS alternative to Microsoft Office 365) together with a Collabora server (community edition) which works pretty well for all my documents. On my PC I use LibreOffice to edit documents and on my phone I simply use the Nextcloud app. In my experience, Nextcloud’s clients have worked pretty well with basically no issues at all.
• Productivity: Not sure what’s meant with this category, so I’ll leave this blank.
• Payment & financial software: I may get criticism for this, but I don’t really have any ‘privacy-friendly’ payment / financial software. I have PayPal, and a separate bank account and don’t really have any budgeting software.
• Cloud storage: I have my own NAS (Synology DS918+) and it has about 16TB of data. I use Docker to run various services on there, including Nextcloud (which I primarily use for documents) and Immich (which I use to backup my photos and videos).
• Enhanced privacy settings: You could use a custom DNS server like Quad9 or AdGuard to block any ads / tracker requests on your phone.
• Password managers: I have a self-hosted version of Bitwarden on my NAS, but I don’t use the official server. Instead, I use Vaultwarden, which is an unofficial alternative; its API is completely compatible with the Bitwarden clients and the main difference is that Vaultwarden is written in Rust and it a lot of paid features that are unavailable for free in the official Bitwarden version. The clients work pretty well and I’ve encountered no problems after using it for ~2 years.
• DNS: I’ve mentioned Quad9 and AdGuard home before, maybe there are some better alternatives?

I’m happy to weigh in, Gael!

…and I’ll start by weighing in on “the problem”: ‘Security’, ‘Convenience’, and ‘Privacy’ are all spectrums (spectra?), and one person’s “secure” is another person’s "insecure, and still another person’s “correct balance”. “Privacy” implies a “from whom?”, which again, is going to be different. A good friend of mine is certainly distrustful of his government, but trusts Google with basically every detail and opts in to every bit of their data collection…but doesn’t trust Facebook/Meta. One person’s “acceptably inconvenient” is another person’s “not worth the hassle”. There’s just going to be a lack of consensus, because everyone’s “sweet spot” is going to be different…and if we can’t agree on a problem scope, we won’t achieve true consensus on a solution. That said…

Desktop operating systems

I run Windows. It’s heresy, I know, and I’m not saying it should be a true recommendation, but W10 Privacy and Windows 10 Decrapifier help mitigate some of the more egregious, user-facing issues. I’d submit that those are some recommendations for users who need to run Windows-only software, rather than a recommendation for an OS directly. In terms of a truly security-focused OS, of course QubesOS is the first thing that came to mind, but I would pay to watch anyone attempt to explain the sandboxing paradigm to 99% of the end users for whom I provide tech support, let alone get any of them to use it. In practice, I’d probably say either Linux Mint or PCLinuxOS would be viable improvements for most people who are willing to sacrifice the ability to run Windows or MacOS Software for the sake of improving privacy.

This comes with a major caveat, though: Part of the problem with moving beyond Windows software is that the most common way of dealing with the loss of that software is to use cloud-based applications instead. It’s super easy to leave desktop software behind if the software ultimately runs on someone else’s computer…and while GNU/Linux and the BSDs can run browsers and LibreOffice well enough, if there aren’t enough desktop applications that rival Windows and OSX to do a good job, then running a desktop OS whose primary task is to run software on someone else’s computer defeats the purpose of running a privacy focused desktop OS…bringing me all the way back to why I’m still running Windows.

The rest of my points will be shorter, promise =).

Web browsers

I’m still a Firefox fan. I run Opera, too (old habits die hard; been using them since they still used the Presto engine), but Firefox, for all its flaws, is still the only browser that isn’t window dressing on Webkit/Blink, and I think that’s important.

Of course, any browser’s security is going to quickly end up devolving into a discussion about extensions. My favorite one to use is AdNauseam, which doesn’t deal with browser fingerprinting or any of the other functions…but it does my favorite thing which is 1.) hide ads, and 2.) click on them. I don’t see the ads, but every ad is clicked, meaning that websites get revenue and the tracking that does happen is useless, because I ‘click’ everything.

VPNs (Virtual Private Networks)

I have an inherent distrust of commercial VPN services, plus I think that they end up being more snake oil than anything else. I VPN home and then use RDP to do whatever browsing I was going to do from my home computer. Is it any more or less safe than using Surfshark or NordVPN or NortonVPN or ExpressVPN? I mean, if I were really pressed to point to one I’d use…I’d probably go to a company whose primary product is ehm…automated, high bandwidth, Linux Distro Downloading…but that’s because the people interested in them tend not to be interested in VPN traffic, and vice versa. Again, ‘scope definition’ starts getting messy…

Email software and services

Murena.io, of course =). In addition, I think ProtonMail seems to strike a decent balance for most, although the relatively small sizes for free accounts might be a barrier to those used to the functionally-infinite mailbox sizes offered by Google and Yahoo. If we’re talking about self-hosting, I’ve had fairly good success with Mailcow, which I like because it is actually mostly-compatible with Activesync, which is extremely helpful if one is running a mail server for those who aren’t yet running /e/OS on their phone.

In terms of a mail client…Two recommendations, problematically, neither compatible with Linux: Postbox and eM Client. Both have pretty-good-for-commercial-products privacy policies, but we’re back to the balancing act - it’s difficult to recommend Claws or Thunderbird if they’re limited to POP and IMAP services, so it’s a bit of a catch-22 to recommend a privacy-centric mail client independent of a murena.io account to back it.

Office software and services

I mean, LibreOffice is the 800lb. gorilla in the room on the desktop side of things, though I submit that from a purely privacy-centric side of things, the still-existent WordPerfect does way less snooping and cloud-integration drama than Microsoft365 or Apple iWork does. That being said, if we’re looking on the cloudy side of things, OnlyOffice and Collabora seem to be the names worth mentioning, and honestly, the Murena-hosted instances are the only ones I’m aware of that have any meaningful amount of privacy, unless one is going to self-host (and those are not fun to self-host if you’re a beginner or intermediate in the space).

Productivity software and services

Depends a bit on what one considers ‘productivity’ software. Most discussions on the topic tend to center around Word Processors and Spreadsheets, maybe a database or presentation title, but most of those are already covered. If there’s another category worth addressing, I submit it’s worth describing.

Payment & financial software and services

Well…I really don’t think there’s much to be said here. Money has been tracked more meticulously than anything else going back to the Greeks and Egyptians and Assyrians; if you’re exchanging government-backed money or accepting Visa or Mastercard…you’re not getting privacy.

That said, if we’re stretching it a bit, there’s Firefly and ActualBudget, and a few open source point-of-sale software options, though again, i’m not sure how much privacy is involved once credit card companies start getting involved.

Cloud storage options

pCloud seems to be getting a bit of traction, and Mega has operated in the space for some time as well. Of course, Murena does this also, though we start running into scope definition problems for ‘privacy’ in this context.

Enhanced privacy settings for commercial Android or iOS devices

Actually, can’t help with this one…I just run /e/ =).

Password managers

I may move to VaultWarden/BitWarden soon, but for years I’ve been using Team Password Manager with great success. As much as I’m not big on the developer’s use of the Ioncube Loaders, it’s solid, reasonably priced, has 2FA/F2B integrated, and I haven’t seen any sketch internet traffic from it…

DNS (Domain Name System) services

NextDNS seems like it’s got a solid privacy policy, though I personally run AdGuard Home and forward my traffic to Quad9, which is hopefully better than using my ISP or Google DNS.

Good practises for everyone

Poison the well. ‘No information’ is extremely difficult to consistently maintain; ‘wrong information’ is way easier, and makes you a far less lucrative target.

Basically, we (users) are trying to access and manage (permissions, change,…) our data.
This should be possible from any device (platform), any location, while considering security and privacy.
The tools (OS, Apps,…) should helps me to achieve those objectives.

• Desktop operating systems
  For PC - Linux OS, without any questions. OS itself focuses on security aspects and in recent years the major distros did awesome job in terms of usabilty and compatibility. Therefore Fedora Workstation (Gnome) or Ubuntu would be my recomendations.

For mobile - Android with e/OS, can work, but I would consider here iOS (usability/stability on devices) as well.

• Web browsers
  Properly configured Firefox, with privacy add-ons (EFF…)

• VPNs (Virtual Private Networks)
  Personally using TOR, but there might be issues accessing some web sites/services.

• Email software and services
  Thunderbird, or Evolution.

• Office software and services
  It can be device dependent (LibreOffice on Linux), or collabartion oriented (Collabora instance accessing Nextcloud). Mobile clients can be challenge here.

• Productivity software and services
  I have simplyfied my workflow, so the same as above. I am not using any Project/Planner/To Do app.
  For my productivity, Joplin app is crucial.

• Payment & financial software and services
  Spreadsheet currently. But thinking about something little bit powerfull.

• Cloud storage options
  Nextcloud.

• Enhanced privacy settings for commercial Android or iOS devices
  Something like what is e/OS doing with their Advanced Privacy. In iOS there is AdGuard.

• Password managers
  Self-hosted Vaultwarden.

• DNS (Domain Name System) services

• Good practises for everyone
  For one time services use temp email service.
  Trust, but verify.
  Don’t get locked in one platform/subscription/service, but try to use (open) standards as much as possible.

Hi,

I don’t really speak for myself, and i speak with the exception of 1st install. I’m a FLOSS user since more than 25 years now, and mother and wife don’t like technic part of computer as user, then i try to speak with this experience.

• Destop OS : my mother are on Debian 11 : it work without any issue (but need someone to update when needed). Maybe need an better autoupdate system for security here.
• Phone OS : LineAgeOS or /e/os : it’s OK. For some people : even more simplicity can be great (but comparing with OS by company : it’s still better (less App, only needed App)
• VPNs : N/A, i know murana initail setup (but disable some time ago), AirVPN and proton. Maybe need only a browser VPN ?
• Web browser : Firefox + Privacy Badger+Ublock origin OR Fennec + Privacy Badger+Ublock origin (on phoneOS)
• Emails : Thunderbird for client, FairEmail on Phone (Better than Mail, really better. Mail work with multi-account)
• Office : Loo on desktop for sure. Don’t know on phone
• Productivity software and services: no opinion
• Payment & financial software and services : something exist ? Don’t know
• Cloud storage options : Nextcloud (or murena integrated nextcloud) is great (i have 3 nextcloud on my own)
• Enhanced privacy settings for commercial Android or iOS devices : didn’t know. I like to have a real solution to separate each system (show fake contact list for example to whats-app) , i like to have too a working solution for French identity … (i have an ld id card, and la poste didn’t work).
• Password managers: keepasx ? I have a shared keepassx file on nextcloud (prefilling work on desktop and on mobile). maybe add keepasxweb to nextcloud ?
• no opinion (maybe after)

Desktop operating systems: Any GNU+Linux distro from a team/country you trust.

Web browsers: LibreWolf (community-built Firefox fork that improves privacy of default Firefox) with privacy extensions like NoScript, uBlockOrigin, Privacy Badger,etc.; avoid chromium-based, privacy-abusing browsers, especially Chrome itself.

VPNs (Virtual Private Networks): Non-logging VPN services like AirVPN, one of the few independent VPN providers; TOR; avoid “free” VPN providers, or paid providers that have been purchased for the purpose of commercial consolidation by one company. If your VPN provider offers DNS filtering (against tracking), activate it.

Email software and services: Startmail and/or Proton Mail with IMAP (e.g. Thunderbird) if desired; avoid “free” providers, with one or two exceptions. Avoid services from privacy-abusing companies

Office software and services: Any available through Linux distro, e.g. LibreOffice; avoid commercial services from privacy-abusing companies.

Productivity software and services: Any available through Linux distro; avoid commercial services from privacy-abusing companies.

Payment & financial software and services: Avoid privacy-abusing companies, especially those with history of security failures. If your credit card issuer offers virtual card numbers, use them when paying online.

Cloud storage options: Avoid commercial services from privacy-abusing companies.

Enhanced privacy settings for commercial Android or iOS devices: Tracker-blocking apps, privacy extensions with a Firefox derivative, VPN; use Android without creating or signing into a Google account; lock down privacy settings; disable Google, social media, bloatware apps. (But switch to /e/OS, iodéOS, etc., if possible.) For iOS… (?)

Password managers: Keepass (various versions for different platforms); be wary of integrating with browser; access across your home network; copy updated password data to all your devices.

DNS (Domain Name System) services: Quad9

Good practices for everyone: Always use extremely complex passwords and a password manager (preferably local only); try not to use default user names such as “admin;” keep devices updated with security patches; protect your personal information from needless exposure; don’t have accounts with privacy-abusing social media companies; don’t click on questionable links in email or online; avoid allowing IoT devices free access to your network. Do not bring commercial listening devices from privacy-abusing companies into your home.

Edit: Before installing a mobile app, check its privacy profile (or lack thereof) here: https://exodus-privacy.eu.org/en/

Maybe you won’t want to install it, or maybe you can use a browser instead, where you have more privacy protections available.

We (from grandchild to grandfather/grandmother) are not professionals. Our demands / requirements are correspondingly lower.

Smartphones

We prefer Google Pixel devices with Android custom ROMs that support Verified Boot | Locked Bootloder along with integrated firewall and offline backup to microSD card and USB stick using SeedVault. The only exceptions: Ubuntu Touch Linux Phones Google Pixel 3a and 3a XL

Desktop, Labtop, Notebook, Tablet OS

For everyday use we use the privacy friendly Zorin OS 17.1 Core and Education (based on Ubuntu 22.04.4 LTS the latest HWE stack from Ubuntu 23.10). Zorin OS is developed in the EU country Ireland in compliance with the European General Data Protection Regulation (EU-DSGVO).

Zorin OS 17.1 has all the applications we need: Firewall, Firefox web browser, Libre Office and a large app store. Zorin Connect (F-Droid Store) is integrated into the Zorin OS desktop to merge the experience between your computer and Android device. It works over an encrypted connection on your local network, so your data stays private and doesn’t reach the cloud.

VPN & Email Software

Proton Mail & Proton VPN are easy to use and are completely sufficient for us.

Messenger

Swiss TeleGuard Messenger for chat, telephony, video telephony (free of charge) and IP telephony (subject to a fee)

Payment & financial software and services

Online bank transfer via TAN generator (chiptan manual method) - without smartphone

Censorship-free DNS server

Digitale Gesellschaft (CH), Censurfridns Denmark (aka. UncensoredDNS, dn3.digitalcourage .de

Smartphones
e/OS , linux phones are at the moment to “beta” state

Desktop OS
Linux (rolling release) on any private desktop, laptop and notebook

VPNs
TOR

Webbrowser
Firefox no Add-ons , Tor-Browser

Email-software and services
Thunderbird no Add-ons

Office software and services
OnlyOffice

Password managers
no pw-manager → unstored leetspeech based passwords and writing on paper is still not hackable

Tor Browser Version 115.2.1-release (13.0.11)

(3) Trackers | 24 Permissions | /e/ AppLounge Privacy policy 6/10

• Google Firebase Analytics
• Mozilla Telemetry
• Sentry (crash reporting)

Smartphones
e/OS

Desktop OS
Linux

VPNs
TOR

Webbrowser
Firefox, Torbrowser

Email-software and services
Thunderbird

Messenger
Signal

Payment & financial software and services
Online bank transfer via TAN generator(manual) and smartphone
PayPal for convenience

Office software and services
OnlyOffice

Password managers
keePassXC

Hosting every service that I need on my own so I am independent and perfectly synchronized on all my devices. This contains NFS, SMTP, webDAV,…
It took over a year to get used to all of it and configure things the way I wanted. And there a still things I want to enhance or change.

I’m a bit surprised reading that Mega could be a privacy-safe service. To me it’s really not trustable. Do you have links to privacy-related information/facts about Mega?

Which OS with Linux ?

https://mega.io/security
https://mega.io/developers

They at least make claims of implementing E2EE, and they publish their source code…so while I don’t trust them as much as Murena, I trust them a bit more than Google Drive.

Yes, Mega is a KimDotCom service.

Should it not be ‘…was a KimDotCom service’? He is not the owner anymore right?

Desktop, Labtop, Notebook, Tablet OS

I agree. The ZorinOS distribution is really great to discover and use Linux on a daily basis, especially for beginners migrating from Windows or macOS. It’s very easy to use while retaining customisation options for advanced users.
All the software needed for normal use is present. Integration with Nextcloud (for example, the instance hosted by Murena) is done natively.

Password managers

Keepass (or alternatives such as KeepassXC, etc.) is an option. The database file can be stored in Nextcloud to keep backups and synchronize the password database with other devices such as an e/OS/ phone.
I also suggest Passbolt (https://www.passbolt.com) or Bitwarden (https://bitwarden.com/) that can be self-hosted and offer more features than Keepass (multiple users management, collaborative passwords sharing, MFA, etc.).

Desktop: Xubuntu and Puppy Linux (frugal install) form the australian developer Barry Kauler.
Normally I use Puppy Linux.
Webbrowser: Firefox with the following addons: Privacy Badger, Disconnect and Startpage Privacy Protection.
Email: from my provider and Murena.
Office Software: Libre Office.
Payment & Financial: None.
Password Manager: I wrote a script, hidden somewhere in the system.
No cloud: except from Murena.
Laptop: EasyOS, an experimental system from Barry Kauler.
This system offers: possibilities like to put program’s or the whole system in containers and to run the system in ram with every time a fresh start.
Smartphones: both from Murena (FP3 and Murena One)

I have written a post with some relevant points, in my opinion.

It may be a bit “advanced” and perhaps not what you are looking for. However, developing simple solutions that address these needs is an interesting, useful and viable challenge.

If possible, use DNS over TLS (DoT), if not then DNS over HTTPS (DoH). DoT is fast and offers several advantages. Modern Android operating systems and home routers offer DoT. DoH should only be set for web browsers if no system-wide configuration of DoT is possible.

When combining VPN and non-default DNS: In general, it can be said that you are often more anonymous if you use the standard DNS of the VPN provider, because since almost all users use the standard setting, your own traffic (or your own surfing behavior) is mixed with the mass of VPN-users.

Security is more important than privacy. I myself usually use Quad9 DNS, even via VPN, as the security gain is more important than the possibility of standing out from the mass of default setting users.

Advertising, malware and trackers are easily blocked at the DNS level if you use the Mullvad DNS revolver base.dns.mullvad.net (194.242.2.4 / 2a07:e340::4). Mullvad also offers other DNS versions, e.g. with blocking of gambling and social media. I am not adding them here. Mullvad also operates the DNS servers in RAM, i.e. without hard disks, and also makes a very strong data protection promise. If you simply want to do something good, you should set up base.dns.mullvad.net with friends and family, ideally for the entire home network in the router. For me personally, Quad9 DNS is still the first choice, I block ads/trackers or other things locally, depending on my needs.

And this also brings me to the web browser. Every Android device should have the DuckDuckGo browser installed with “app tracking protection” enabled. This browser is more than just a browser, because once this function is activated, it protects the entire Android device from trackers that are integrated in all kinds of apps. This excellent DuckDuckGo browser is also available or planned for other operating systems.

VPN: ProtonVPN (Switzerland)
Browser setting: HTTPS only
Browser addons:
JShelter https://jshelter.org
Decentraleyes https://decentraleyes.org/

Install Firefox only if desired, but follow the other recommendations even if Firefox is not wanted! Example: Your wife uses a different web browser. You can of course let her continue to use it, but still carry out the other recommendations here for her device. For example, install the browser add-ons mentioned and adjust the DNS.

Messenger: SimpleXchat is decentralized and can be used without registration/phone number. Users connect with each other or join a group via an invitation link or QR code.

Desktop operating system: Whonix
Android devices: eOS

Install Quad9DNS App if the private DNS mode is not supported (for older devices, on iOS) or if the manual entry of DNS addresses is too complicated (for the mostly ignorant user)

** Desktop operating systems**
In this day and age, unless you are doing anything very very specific, e.g. that requires a specific OS, then I would automatically go with any number of modern GNU/Linux desktop setups. I even installed Fedora on my 72 year old mother’s desktop. I personally have Tuxedo OS 2 running out of convenience and couldn’t be happier with it (3 years now).
I won’t go too far into it though, b/c there are certainly people here with far more insights than what I have to offer.

** Web browsers**
This is where it gets more interesting. I keep one version of firefox (Librewolf) running as my daily driver, but if I ever encounter a sight that it breaks due to my settings, but want/need to access it, then I jump over to Brave (Opera is fine, as well).

** VPNs (Virtual Private Networks)**
A dime a dozen nowadays. However, for all of my desktops and notebooks, I have Safing’s Portmaster with their "S"PN network activated in the background. It’s open source, an absolute powerhouse for network transparancy, protection and centralized monitoring of bi-directional connection/data flows - making it easier than ever to control the connection abilities of individual apps.
For mobile devices, I just use Protonmail’s basic VPN connection services
(I wanted to like Mysterium Dark, but they seem to be shifting to a new/different service style that I haven’t become too familiar with, yet)

Email software and services
I had been a dedicated user of Skiff Mail (*which I found through unstoppable domains), but since they are closing down their services in the near future, I migrated to ProtonMail.

Office software and services

LibreOffice all day long

Productivity software and services
Notesnook is my be all, end all for organization and information storage. I had enough of Evernote and the new revamp dropped Linux support, while the webapp completely left off the main features.
I have been with Notesnook for a long time now (even writing this using it) and I scan all important mail/documents here, it is open source and has a robust development team behind it.
It is still an unsung hero, but is supported on ALL platforms, both desktops and mobile.

I am also a fan of Aegis authenticator app for non-token 2FA

Payment & financial software and services
I haven’t found an adequate solution for this since switching to /e/. I use the bank services/authentification apps + services, which is nice and fine; but I haven’t yet found an adequate solution for nft payments when in stores/restaurants after ditching google services…

Cloud storage options
Nextcloud - or Murena Cloud (which is the same thing under a different name, but without the admin panel)

Enhanced privacy settings for commercial Android or iOS devices

Password managers
Bitwarden

DNS (Domain Name System) services
I’ve been using nextDNS for a while now and it seems to be doing well.
I’m not an expert in this area, so I can’t be certain, but like I said, so far, so good.

Good practises for everyone
regularly read updates and sources for best practices. Spend a little time every couple of months to reflect and review how you are connecting to different services. Draw it out, look at the individual points where data is exchanged or handed-off to a third party service.
Review where and how you have online accounts - does you password manager include a service for monitoring data breaches at the site of the account? Do you receive updates about changing passwords?
How is your browser setup? Does it block trackers? Does it automatically regularly “really” delete cookies/cache?