My Privacy, Anonymity, & Security List
December 12, 2021
The alternatives that keep my personal information private from prying eyes.
As you might know already by looking at my previous blog posts, I'm heavily invested in privacy and anonymity and I enjoy learning new ways to keep my personal data private.
Privacy organizations and cyber-pirates
Consider joining and donating to one, several or all of the listed organizations, they actually fight for your digital freedom.
- ASIC (French Association of Internet Community Services)
- Association Electronique Libre
- Association for Progressive Communications
- Australian Privacy Foundation
- Big Brother Watch
- Bits of Freedom
- Canadian Internet Policy and Public Interest Clinic
- Center for Democracy and Technology
- Computers, Freedom and Privacy Conference
- Czech Pirate Party
- Data Security Council of India
- Data protection authorities
- Defunct privacy organizations
- Digital Rights Ireland
- Digital Rights Watch
- Digitalcourage
- Digitale Gesellschaft
- Electronic Frontier Canada
- Electronic Frontier Finland
- Electronic Frontier Foundation
- Electronic Frontiers Georgia
- Electronic Privacy Information Center
- Estonian Pirate Party
- European Digital Rights
- European Pirate Party
- Free Knowledge Institute
- Free Software Movement of India
- Freedom to Read Foundation
- French Data Network
- Future of Privacy Forum
- Go FOSS – A dedicated guide and website to privacy, data ownership & sustainable tech
- Global Network Initiative
- Global Privacy Enforcement Network
- Global Privacy control
- IT-Political Association of Denmark
- Identity Commissioner
- International Association of Privacy Professionals
- Internet Security Research Group
- LAIM Working Group
- La Quadrature du Net
- Libre Las Vegas: GNU/Linux Free Software Users Group
- Mandat International
- NOYB
- Network Advertising Initiative
- Online Rights Canada
- Pirate Parties International
- Pirate Party
- Pirate Party UK
- Pirate Party of Latvia
- Pirate parties
- Privacy International
- Riseup
- Seattle Privacy Coalition
- StopBadware
- The Journal of Open Source Software
- Trans Atlantic Consumer Dialogue
- Winston Smith Project
- Woodhull Freedom Foundation
Reduce Your Footprint
- YourDigitalRights – Delete your account or access the personal data organizations have on you using this free service.
- Go Incognito (Premium) – The homepage for Go Incognito Premium – A guide to security, privacy & anonymity.
- Go Incognito (Free) – Techlore is spreading spreading privacy and security to the masses. Home of Go Incognito, Surveillance Report, VPN reviews, video tutorials, software/hardware reviews, communities, and more; join us today!
- Hitchhiker’s Guide – The Hitchhiker’s Guide to Online Anonymity.
- Techlore Anonymity Quiz – Techlore is spreading spreading privacy and security to the masses. Home of Go Incognito, Surveillance Report, VPN reviews, video tutorials, software/hardware reviews, communities, and more; join us today!
- AuditMyPC – Free Web tools include firewall test and speed test plus sitemap generator and other online tools for webmasters and home users.
- BrowserSpy – BrowserSpy.dk is the place where you can see just how much information your browser reveales about you and your system. Privacy to the ultimate test.
- AlternativeTo – AlternativeTo lets you find apps and software for Windows, Mac, Linux, iPhone, iPad, Android, Android Tablets, Web Apps, Online, Windows Tablets and more by recommending alternatives to apps you already know.
- Do I need a VPN? – Share your privacy and security concerns, and they help you decide whether you need a commercial VPN. In some cases you don't, or Tor might be a better choice for you.
- TheNewOil – This site is designed to help readers take back control of their data and regain their privacy online. Whether you think the digital panopticon is immoral, or whether you simply find companies stalking your every digital move creepy, this site will help you learn the basics about protecting your identity, your safety, and your data.
- PrivacyTools – You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. privacytools.io provides services, tools and knowledge to protect your privacy against global mass surveillance.
- PrivacyGuides – Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.
- European Alternatives – Helping you find european alternatives for digital service and products, like cloud services and SASS products.
- AccountKiller – A directory of direct links to delete your account from web services.
- DeleteMe – DeleteMe gets professionals to delete your data from data broker sites and scans them for you and your family. It is very expensive.
- PrivacyDuck – Privacy Duck provides the complete manual, comprehensive removal of your personally identifying information on over 163 data mining sites.
- ComputerWorld – How to get your personal data removed from people search websites. Read more here!
- ThinkPrivacy – It's your data. It's time you take control of it.
- Redact – Mass delete your messages, posts and comments on Twitter, Reddit, Discord, Facebook, and more, all from one free app.
- SayMine – Mine helps you discover where your personal data is and manage your digital footprint. You decide where your data should or shouldn't be, they'll make it happen.
- DeseatMe – Instantly get a list of all your accounts, delete the ones you are not using.
- CyberToolBank – Best And Reliable Services In One Place For Free, Including Privacy Services, Doxing Tips, Hacking Tips, And Other Cybersecurity. Cybertoolbank.cc 2019-2021.
- JustDeleteMe – A directory of direct links to delete your account from web services.
- JustGetMyData – A directory of direct links for you to obtain your data from web services.
JustDeleteMe has a firefox and google extension support which can be added down below for your browser: Firefox Extension or Google Extension
Incase the main website goes down, You can try this instance: https://backgroundchecks.org/justdeleteme/
They also show you how to remove it all for free: https://joindeleteme.com/help/diy-free-opt-out-guide/
Projects
- Remix Icons – Remix Icon is a set of open source neutral style system symbols elaborately crafted for designers and developers. All of their icons are free to use for both personal and commercial.
- Search My Site – The open source search engine and search as a service for user-submitted personal and independent websites.
- ResizePixel – Come and try their free, easy to use and mobile-friendly online photo editor. Image editing has never been easier with ResizePixel!
- Online Background remover – Online audio/video background remover.
Security
- MalwareTips – MalwareTips is a global community of people helping each other with their Security, Technology and Technical Support questions.
Deep Fake Software
- avatarify – Avatars for Zoom, Skype and other video-conferencing apps.
- DeepFaceLab – DeepFaceLab is the leading software for creating deepfakes.
- faceswap – Deepfakes Software For All.
- omg.lol – Browser based deep fakes in pure JavaScript.
Deep Fake Protection
- DeepPrivacy – GANs for Face Anonymization.
Reverse Image Lookup
- TinyEye – Find where images appear online.
- Labnol – Reverse Google Image Search will help you find the original source of photographs, forwarded Internet memes and profile pictures on your Android mobile phone, iPhone or iPad.
Virtual Machine
- Browser.cool – Use browser.cool: The internet, as it is supposed to be. Without restrictions by your provider, your hotel or third parties. Easier than a VPN: No setup or configuration required, directly in your browser. Ready to use in 3 minutes.
- VirtualBox – VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL) version 2. See “About VirtualBox” for an introduction.
Open Source Router Firmware
- OpenWRT – The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.
- FreshTomato – A system based on Linux, dedicated for routers with Broadcom chipset and distributed on the GPL license. This advanced system consists of a particularly friendly interface, thanks to which even inexperienced users can easily work with it.
Detect Trackers in Apps
- Exodus Privacy – Easily detect tracker before you install random apps.
- Plexus – Remove the fear of Android app compatibility on de-Googled devices.
Open Source RSS Feed Reader
- Raven – Raven is a desktop news reader with flexible settings to optimize your experience. No login is required, and no personal data is collected. Just select the websites you want to curate articles from and enjoy!
- NetNewsWire – NetNewsWire is a free and open source RSS reader for iOS.
- Feeder – Feeder is a Android fully free/libre feed reader. It supports all common feed formats, including JSONFeed. It doesn't track you. It doesn't require any setup. It doesn't even need you to create an account! Just setup your feeds, or import them from your old reader via OPML, then get on with syncing and reading.
Open Source eBook Reader
- Sigil – Sigil was designed to make it easy to create great ebooks using the EPUB format. If you are formatting books for your own use, or you are a professional editor publishing books on multiple platforms, then Sigil is for you. You can use Sigil to format and package your books into an EPUB that looks exactly the way you want it to using an advanced set of features that have made Sigil one of most popular EPUB editors available. This open-source and completely free software is written and supported entirely by volunteers.
Debit Card Aliases
- Privacy – Make a unique debit card number for every single purchase online with just 1 click. Never worry again about credit card breaches, shady merchants, or sneaky subscription billing.
Private Cell Phone Plan
- Mint Mobile – Mint Mobile re-imagined the wireless shopping experience and made it easy and online-only. No stores. No salespeople. Just huge direct to you savings on nationwide phone plans.
Private Hotspot
- Calyx Institute – They mission is to educate the public about privacy in digital communications and to develop tools that anyone can use. By embracing “privacy by design,” we help make digital security and privacy more accessible to everyone.
Phone Number Aliases
- SMSActivate – SMS activator, combining disposable virtual numbers and numbers for rent in 200 countries of the world, for registering accounts through receiving SMS.
- SMSPva – Virtual numbers for account activations via SMS. SMS for any services: Facebook, Gmail, Instagram, Microsoft, Bing, Hotmail, Twitter, Steam, Uber.
- 5Sim – 5SIM provides the opportunity to bypass SMS verification procedure with the help of a temporary virtual phone number without using the personal one. By purchasing virtual numbers for SMS receiving and for activating any site or app, you will register many profiles on websites by receiving a confirmation code online.
- OnlineSim – Virtual numbers, SMS activation, activation service, SMS reception, free reception, temporary numbers, disposable numbers.
- SMSPool – SMS verification service online from SMSPool using our non voip mobile numbers for SMS Verification worldwide. Sign up now for the highest quality SMS verifications for your accounts.
- MySudo – Send private messages, manage multiple phone numbers and email addresses, and create custom personal identities that last as long as you need them.
- Burner – Get a 7-day free phone number trial now with unlimited calling & texting! Use a temporary phone number for dating or online selling. Sign-up today to get a 7-day free phone number trial.
- Silent.link – Get global mobile 4G/5G Internet access and burner UK +44 SMS number instantly and privately on any modern eSIM-compatible smartphone.
Privacy Friendly Desktop/Laptop Operating Systems
- Solus OS – Solus is an operating system that is designed for home computing. Every tweak enables us to deliver a cohesive computing experience.
- Serpent OS – Serpent OS is building a pioneering new Linux distribution based on modern technologies, enabling stellar features for everyone, without the price tag.
- Ghost Spectre – Ghost Spectre makes windows 7, 8, 8.1, 10, and even 11 with great privacy and security features. Removes bloatware, privacy optimizations and performance, And has his own custom toolbox to install back certain apps. You can also install android subsystem on windows 11 with this tutorial. https://www.youtube.com/watch?v=BZDcrX4TS1Q
- Ghost Spectre Windows 11 Activation Fix – https://pastebin.com/raw/FPAWx85d
Privacy Friendly Mobile Operating Systems
- GrapheneOS – The private and secure mobile operating system with Android app compatibility. Developed as a non-profit open source project.
Anti-Virus for Windows 10/11
⚠️ You do not need Bit-defender or Kaspersky on your Ghost Spectre Windows version as it will detect everything as false positive. Making Ghost Toolbox being deleted or even worst. All you need is Windows Defender, Shadow Defender, And your brain.
- Malwarebytes – Malwarebytes protects your home devices and your business endpoints against malware, ransomware, malicious websites, and other advanced online threats. Download Malwarebytes for free and secure your PC, Mac, Android, and iOS, or take a free business trial now. It is also ranked Grade D, Read more here!
- Bit-Defender – Bitdefender is a cybersecurity software leader delivering best-in-class threat prevention, detection, and response solutions worldwide. It is also ranked Grade B, Read more here!
- Kaspersky – Feel truly safe online with AI-driven protection against hackers and the latest viruses, ransomware and spyware. This is also graded with B, Read more here! I also have some cracked keys if you guys want to try them out: Download Cracked Keys
- ClamWin – Looking for free Open Source Antivirus for Windows? Download ClamWin Free Antivirus and get free virus scanning and free virus definition updates.
- GuardedID – GuardedID eliminates your vulnerability to data theft due to keylogging attacks, a leading cause of cyber crime. Unlike anti-virus and anti-malware software, GuardedID protects your data from both known and unknown keylogger threats.
⚠️ Me and My homie cracked keys for premium access, If the key doesn’t work oh well. If you want some keys, You contact me by email and we can talk payment to gain a new key.
- Shadow Defender – Shadow Defender is an easy-to-use PC/laptop security and privacy protection tool for Windows operating systems. Download Cracked Key
Privacy and Security Tools for Windows 10 and 11
- O&O ShutUp10++: Free antispy tool for Windows 10 and 11 – With the freeware O&O ShutUp10++, unwanted Windows 10 and 11 features can be disabled and the transfer of sensitive personal data onto Microsoft prevented.
- Simplewall: Free and lightweight Firewall – Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
- Safing Portmaster: Monitor and control all network activity – Safing is a software that protects your privacy online. It's so easy, anyone can use it.
- Glasswire – GlassWire is a modern personal firewall and network monitor with over 26 million downloads. Download GlassWire free!
- ContextMenuForWindows11 – Add Context Menu For Windows 11.
- DefenderUI – Freeware alternative to Simple Windows Hardening, it is not FOSS and not as advanced as HC or simple HC.
- ExplorerPatcher – This project aims to bring back a productive working environment on Windows 11.
- Hard_Configurator – GUI to Manage Software Restriction Policies and harden Windows Home OS – or alternative Simple Windows Hardening.
- HardenKitty – Checks and hardens your Windows configuration.
- HardeningAuditor - Scripts for comparing Microsoft Windows compliance with the Australian ASD 1709 & Office 2016 Hardening Guides.
- Sophia Script – The most powerful PowerShell module on GitHub for Windows fine-tuning and tweaking.
- WSA Toolbox – A Windows 11 application to easily install and use the Windows Subsystem For Android™ package on your computer.
- WSAGAScript – Install Google Apps (Play Store) on WSA (Windows Subsystem Android)
- Windows11Upgrade – Windows 11 Upgrade tool that bypasses Microsoft´s requirements.
- privacy.sexy – Enforce privacy & security best-practices on Windows and macOS.
- windows_hardening.cmd – Script to perform some hardening of Windows 10/11.
- wsa_pacman – A GUI package manager and package installer for Windows Subsystem for Android (WSA).
- Bulk Crap Uninstaller – Remove large amounts of unwanted applications quickly.
- Geek Uninstaller – Efficient and Fast, Small and Portable. 100% Free.
- W10Privacy – Privacy made easy
- WindowsSpyBlocker – Block spying and tracking on Windows.
- Eraser – Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
- Recuva – Accidentally deleted an important file? Lost files after a computer crash? No problem – Recuva recovers files from your Windows computer, recycle bin, digital camera card, or MP3 player!
Windows 11 Desktop Shell
- BlackBox – Blackbox has specific design goals, and some functionality is provided only through other applications. One example is the bbkeys hotkey application.
- Cairo Shell – The Cairo taskbar preserves desktop area for your wallpaper and applications.
- LiteStep – A replacement #desktop interface for Windows.
- ReactOS Explorer – ReactOS Explorer is the default graphical shell that comes with ReactOS from version 0.2.0 forward. It is meant to be the equivalent of Windows Explorer on Windows operating systems.
- Talisman Desktop – Talisman Desktop is a configurable Windows shell replacement introduced in 1997 by Lighttek Software.
- win3wm – A Native Tiling Window Manager for Windows 10, Inspired by I3wm.
- xoblite – An advanced “extended shell” for Microsoft® Windows® 10 and 11, part of the Blackbox for Windows family.
Disk & File Cleaners with Privacy Features
- BleachBit – Shredding files and wiping unallocated disk space to minimize data remanence.
- ExifCleaner – Removes metadata for the most popular image and video formats. It also supports PDF files and comes with batch-processing to process multiple files at once. Drag and Drop interface, easy to use.
- Mat2 – mat2 is a metadata removal tool, supporting a wide range of commonly used file formats, written in python3: at its core, it's a library, used by an eponymous command-line interface, as well as several file manager extensions.
- Metapho – iOS photo metadata manager app.
- ScrambledExif - This Android app will remove all this data before sharing. Just share a picture like you'd normally do and choose Scrambled Exif. A moment later, the share 'dialog' will reappear. Just share with the app you intended to share with in the first place. Et voilà!
- ImagePipe – This Android app reduces image size by changing the resolution and quality of the image. It also removes exif data before sending the image. The modified image is saved in a separate folder in jpeg, png or webp format. The original image remains unchanged.
Recipes
- No Nonsense Recipes – An ad-free recipe database with a freemium business model. Browse for free or create an account to save, search, upload your own recipes, leave comments, and more.
- Based Cooking – Only Based cooking. No ads, no tracking, nothing but based cooking.
Browsers
- Brave – Not a popular choice within the privacy community, But it offers a complete package out of the box on all platforms and is suitable for beginners or if setup time is a factor at the given situation. Wikipedia offers more information about it's controversies. I use this for mainly all my devices and sense i am advanced i added some flags, extensions, and tweak some settings for maximum privacy. A researcher done a trace of when you open brave to see what's the first thing it connects to. This is to confirm if it really phones home to google or not.
- Tor – Tor Browser is your choice if you need an extra layer of anonymity. It's a modified version of Firefox, which comes with pre-installed privacy add-ons, encryption, and an advanced proxy. It's not recommended to install additional browser addons. Plugins or addons may bypass Tor or compromise your privacy. This also if your interested in hacking related subjects like, Darkweb, Deepweb, Database Dumps, Doxes, Cracks, Leaks, And many more. It is not ideal to use it for your everyday needs, Unless you don't mind loading websites slow.
- I2P – Anonymous peer-to-peer distributed communication layer built with open source tools and designed to run any traditional Internet service such as email, IRC or web hosting.
- IPFS – The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data in a distributed file system. IPFS uses content-addressing to uniquely identify each file in a global namespace connecting all computing devices. Try out Pinata for free!
Search Engine
- Startpage – Search and browse the internet without being tracked or targeted. Startpage is the worlds most private search engine. Use Startpage to protect your personal data.
Torrent Search Engines
- Cleanbay – Torrent metasearch engine.
- Giga – Torrent search engine but the database is fetched locally from IPFS.
- rats-search – BitTorrent search engine.
- I Know What Your Downloading – Watch people downloading any torrent.
Exploit & Leaks Search Engines
- Shodan Search Engine – Search Engine for the Internet of Everything.
- Have I Been Pwned – Allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
- dnstwister – The anti-phishing domain name search engine and DNS monitoring service.
- ProtonMail – Based in Switzerland, founded in 2013. Free and paid plans include all security features, including end-to-end encryption, zero-access encryption, anti-phishing, anti-spam and 2FA. Own Android, iOS Apps and web interface. Paid plans enable custom domains. Accessible via Tor Network.
- ProtonMail Bridge – ProtonMail Bridge is an application available to all paid users that enables the integration of your ProtonMail account with popular email clients, such as Microsoft Outlook, Mozilla Thunderbird, or Apple Mail. Bridge runs in the background by seamlessly encrypting and decrypting messages as they enter and leave your computer. The app is compatible with most email clients supporting IMAP and SMTP protocols.
Email Clients
- Canary Mail – Canary's security suite is second to none with Seamless End-To-End Encryption, Full PGP Support, Biometric App Lock, On-Device Fetch, No Ads, No Data Mining & Open Source Mail Sync Engine. Also available for Mac.
Email Aliases
- SimpleLogin – With email aliases , you can be anonymous online and protect your inbox against spams and phishing. Open-source. Made and hosted in Europe.
Temp Email
- Temp Mail – Keep spam out of your mail and stay safe. Just use a disposable temporary email address, Protect your personal email address from spam with Temp-mail.
Encrypted Video & Voice Messengers
- Jitsi – A free open-source video conferencing software for web & mobile. Make a call, launch on your own servers, integrate into your app, and more.
Encrypted Digital Notebooks
- StandardNotes – Standard Notes is an easy-to-use encrypted note-taking app for digitalists and professionals. Capture your notes, documents, and life’s work all in one place.
Productivity & Collaboration Privacy Tools for Work
- CryptPad – Collaboration suite end-to-end encrypted and open-source.
- Skiff – Everything on Skiff is end-to-end encrypted. Your most sensitive data is private, decentralized, and truly owned by you.
Encrypted and Secure Instant Messaging
- Revolt – A open-source privacy-respective discord lookalike.
- Keybase – Keybase is for keeping everyone's chats and files safe, from families to communities to companies. MacOS, Windows, Linux, iPhone, and Android.
- Signal – Say “hello” to a different messaging experience. An unexpected focus on privacy, combined with all of the features you expect.
- Session – Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.
- Briar – Briar doesn't rely on a central server – messages are synchronized directly between the users' devices via Bluetooth or Wi-Fi. Online sync via the Tor network is possible, too. Protecting users from surveillance.
- Tox – Whether it's corporations or governments, there's just too much digital spying going on today. Tox is an easy to use application that connects you with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free and comes without advertising forever.
- Element – Element is a Matrix-based end-to-end encrypted messenger and collaboration app. It’s decentralised for digital sovereign self-hosting, or through a hosting service such as Element Matrix Services. Element operates on the open Matrix network to provide interoperability and easy connections.
- XMPP – XMPP powers emerging technologies like IoT, WebRTC, and social. No one owns XMPP. It's free and open for everyone since 1999. It's a living standard.
- Telegram – Telegram is not end-to-end encrypted by default unless you enable secret chats. But it is good for news and to stay up to date.
Password Manager
- Bitwarden – Bitwarden is an integrated open source password management solution for individuals, teams, and business organizations. Your private information is protected with end-to-end encryption before it ever leaves your device.
Temp File Uploading
- AnonFiles – Upload your files anonymously and free on AnonFiles.
- OneTime – Files are uploaded on the server in an encrypted form. Only the one who has a correct URL can decrypt them (even the site owner can't). Files are permanently deleted from the server after the first view. No logs are recorded.
- Send – Send let’s you share files with end-to-end encryption and a link that automatically expires to ensure your important documents don’t stay online forever.
- AnonArchive – AnonArchive is a 100% free to use, anonymous and private file storage, distribution and sharing platform. The road to a more private tomorrow.
- OnionShare – OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
- Syncthing – Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it's transmitted over the internet.
- Bitwarden Send – Bitwarden Send is a trusted way to securely share information directly with anyone with end-to-end encryption.
- sql.gg – Fully anonymous Resilient file hosting.
Authenticator 2FA (TOTP)
- Raivo OTP – A native, lightweight, non-commercial and secure time-based (TOTP) & counter-based (HOTP) two-factor client that syncs your tokens across all of your Apple devices.
- Aegis Authenticator – Aegis Authenticator is a free, secure and open source app for Android to manage your 2-step verification tokens for your online services.
Hardware Authenticator 2FA (Security Key)
- OnlyKey – OnlyKey is an open source alternative to YubiKey. OnlyKey natively supports: a hardware password manager, multiple two-factor methods (FIDO2, TOTP, and Yubico® OTP), passwordless SSH login, and OpenPGP.
Pastebin
- Privatebin – PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data.
- 0bin – 0bin is a client-side-encrypted open source alternative pastebin. You can store code/text/images online for a set period of time and share with the world. Featuring burn after reading, history, clipboard.
File Encryption
⚠️ Always use Full Disk Encryption on all your drives instead of encrypting folders.
- VeraCrypt – VeraCrypt is free open-source disk encryption software for Windows, Mac OS X and Linux. In case an attacker forces you to reveal the password, VeraCrypt provides plausible deniability. In contrast to file encryption, data encryption performed by VeraCrypt is real-time (on-the-fly), automatic, transparent, needs very little memory, and does not involve temporary unencrypted files.
- GNU Privacy Guard: Email Encryption – GnuPG allows you to encrypt and sign your email data and communications.
- 7-Zip – File archiver with a high compression ratio and built-in encryption functionality.
- Cryptomator – Cryptomator encrypts your data quickly and easily. Afterwards you upload them protected to a cloud service.
- Hat – Client-side browser encryption to encrypt your data quickly and easily. Afterwards you upload them protected to a cloud service.
- Picocrypt - Uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security, even from three-letter agencies like the NSA. Simply drop your files, enter a password, and hit Start to encrypt.
Desktop/Laptop/Server Backup Application
- Déjà Dup – A personal backup tool to protect against accidental data loss.
Photo & Video Storage
- Ente – Ente is an encrypted data storage provider that provides a safe space to store your personal memories.
File Cloud Storage
- MEGA – Zero Knowledge Encryption (User-Controlled End-to-End Encryption). All your data on MEGA is encrypted with a key derived from your password; in other words, your password is your main encryption key. MEGA does not have access to your password or your data. Using a strong and unique password will ensure that your data is protected from being hacked and gives you total confidence that your information will remain just that – yours. MEGA recommends generating a unique strong password and storing it using a password manager such as: Bitwarden Keepass
VPN
This article is not sponsored by any entity.
⚠️ A VPN is not a bulletproof solution and should not be used for anonymity, but rather privacy. Read VPNs Aren't Magical—Here's Why for more details.
- Mullvad VPN – Mullvad is a VPN service that helps keep your online activity, identity, and location private. Only €5/month – They accept Bitcoin, cash, bank wire, credit card, PayPal, and Swish.
DNS
- NextDNS – NextDNS protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids — on all devices and on all networks.
Torrent Clients
- qBittorrent – The qBittorrent project aims to provide an open-source software alternative to µTorrent.
Github & Gitlab Alternatives
- Codeberg – Codeberg is founded as a Non-Profit Organization, with the objective to give the Open-Source code that is running our world a safe and friendly home, and to ensure that free code remains free and secure forever.
Netflix, Disney+, Hulu, Amazon Prime Video Alternatives
- Plex – Plex is a one stop destination to stream movies, tv shows, sports & music. Check good movies to watch on Plex and stream all your personal media libraries on every device.
YouTube Alternatives
- Invidious – Alternative frontend for YouTube without ads and tracking.
- Piped – An alternative privacy-friendly YouTube frontend which is efficient by design.
- NewPipe – The lightweight YouTube experience for Android. A forked of NewPipe with SponsorBlock + Return YouTube Dislike.
- FreeTube – FreeTube is a YouTube client for Windows, Mac, and Linux built around using YouTube more privately. You can enjoy your favorite content and creators without your habits being tracked. All of your user data is stored locally and never sent or published to the internet. FreeTube grabs data by scraping the information it needs (with either local methods or by optionally utilizing the Invidious API). With many features similar to YouTube, FreeTube has become one of the best methods to watch YouTube privately on desktop.
- Odysee – Explore a whole universe of videos on Odysee from regular people just like you!
- Open Video Downloader – A cross-platform GUI for youtube-dl made in Electron and node.js.
Decentralized Social Networks
- Mastodon: Twitter Alternative – Mastodon is an open source decentralized social network – by the people for the people. Join the federation and take back control of your social media!
- PixelFed: Instagram Alternative – PixelFed is an activitypub based image sharing platform.
Privacy Friendly Translation Tools
- Lingva Translate – Alternative front-end for Google Translate, serving as a Free and Open Source translator with over a hundred languages available
- Libre Translate – Free and Open Source Machine Translation API. 100% self-hosted, no limits, no ties to proprietary services. Run your own API server in just a few minutes.
Privacy-Friendly World Maps Alternatives
- OpenStreetMap – OpenStreetMap is a map of the world, created by people like you and free to use under an open license. Try out the mobile alternatives for iOS & Android: OsmAnd or Organic Maps
Android Keyboard Alternatives That Respect Your Privacy
- Simple Keyboard – Super lightweight (<1MB) and minimal features.
Cryptocurrency: A privacy-enhanced cryptocurrency for anonymity
- Coinbase – Coinbase is a secure online platform for buying, selling, transferring, and storing cryptocurrency.
- Robinhood – Commission-free Stock Trading & Investing App.
- CakeWallet – Monero.com by Cake Wallet allows you to safely store, send, receive, and exchange your XMR.
- CoinJoin – CoinJoin is an open-source way to mix bitcoins. They believe financial privacy is possible and necessary. The CoinJoin system allows anyone to send bitcoin and receive fresh bitcoins in return at another address. No logs, no surveillance, just complete privacy.
- Bitcoin Blender – Bitcoin Blender is a Tor hidden service that uses smart technology to erase your Bitcoin history and make your transactions 100% anonymous. Bitcoin Blender completely removes any connection you have with the coins you buy or sell, meaning nobody can use Blockchain Analysis to track you down.
Become a System Administrator
- LandChad – A site dedicated to turning internet peasants into Internet Landlords by showing them how to setup websites, email servers, chat servers and everything in between.
Blog Software for Self and Managed Hosting
- Write.as – Simple writing platform built to preserve and spread your words. Start writing and publishing now & no signup required.
Secure Web Hosting & Domain Provider
- Namecheap – Register domain names at Namecheap. Buy cheap domain names and enjoy 24/7 support. With over 13 million domains under management, you know you’re in good hands.
- 1984Hosting – 1984 is green, ethical web hosting that protects it's user's privacy. 1984 offers: VPS & shared hosting services, FreeDNS, and unlimited storage & bandwidth.
Privacy and Security for ShareX Image & File Host
⚠️ The ShareX Image Host Community is incompetent and cannot secure a server or their sources. Some of which these image has gotten data breached or source got leaked by one of their old admins or a random user. They also like to be in drama and ddos. The average developer in the sharex image host community is between ages 13-16. They also can’t afford actual VDS/VPS, Which that means is they use free credits VPS that offers that like Vultr, Digital Ocean, Google Cloud, Azure, And Linode. Probably some of them have ip logging in their source as some of them do. I will provide the ones with the best list of security and that will respect your privacy.
Join the Image Host Community Discord Servers:
- Main: https://discord.gg/feTmxMsfZE
- Copycat: https://discord.gg/WnTyg6rs
Reliability
⚠️ Imgur.com had a databreach on November 24, 2017.
- Imgur – Imgur is an American online image sharing and image hosting service with a focus on social gossip that was founded by Alan Schaaf in 2009. The service has hosted viral images and memes, particularly those posted on Reddit. I will recommend to use Imgur for reliability due to some people having money issues or Just not being up for years. (Also they require phone number, So use the phone number alias list.)
⚠️ E.Z.Host had a databreach and it is ran by a 16 year african-american kid. But it is still up and he hired some developers to add some cool features..
- E.Z.Host – E-Z.Host is a private image host that you can get access to by either paying, or applying for free.
Reliability & Security
- Tixte – Tixte is a place to store and share your best moments – screenshots, game replays, family photos, and everything else
- Upload.Systems – The superior image hosting, with support for Windows, macOS and Linux via a variety of applications. 700+ premium domains and climbing. A strong team of developers and support staff to help you along the way.
- Tesla.sexy – tesla.sexy is a high-quality, private image host with many features.
- ShareX Hosting – Effortlessly deploy custom ShareX file uploaders using your own domain name. Simple, yet powerful with no advanced technical or coding skills required.
- Catbox – The cutest free file host you've ever seen.
- Image Uploader – A sharex compatible image uploader built for speed.
Privacy, Reliability, & Security
- Horizon.pics – A fast, zero knowledge end-to-end encrypted, privacy-friendly, reliable and highly-customizable invite-only sharex image & file host.
- File.Glass – Fileglass is a blazing fast, privacy-centric and free file host with focus on speed, reliability and security. With support for ShareX and more.
- sxcu – sxcu.net is a free anonymous cloud based file uploader and link shortener service for ShareX and similar screen capturing platforms, with a variety of custom vanity domains to choose from.
- Tiny.rip – Fast, Easy, and beautiful image sharing.
Self-Host Your Own
- Ass – The superior self-hosted ShareX server.
- xBackBone – XBackBone is a simple and lightweight PHP file manager that support the instant sharing tool ShareX and *NIX systems. It supports uploading and displaying images, GIF, video, code, formatted text, pdf, and file downloading and uploading. Also have a web UI with multi user management, media gallery and search support.
- PHP-Uploader – A PHP uploader with Discord embed and Twitter card support.
- PHP-Uploader – A php sharex uploader with discord embed function/twitter card support.
- Zipline – Zipline is a ShareX/file upload server that is easy to use, packed with features and can be setup in one command!
- Share – Simple yet advanced uploader. Allows users to upload files,images, and text with moderation tools for admins. Can be used for friends and family or just for you. Built with integration, like ShareX but more uploaders will be officially supported.
Privacy Policies Analysis Tools
- airsend – Privacy Policies of Top Messaging Apps reviewed.
- Privacy Parrot – AI tool reads privacy policies, tells you which sites sell your info.
- Privee – Google Chrome extension using machine learning to summarize privacy policies.
- Terms of Service; Didn't Read – Quickly analyze / review or explain ToS to the community which gets listed.
MAC Address Changer
- Technitium MAC Address Changer – Technitium MAC Address Changer (TMAC) is a freeware utility to instantly change or spoof MAC Address of any network card (NIC).
- BAT script – Randomly change the Mac Address on Windows.
- easymacchanger – Change the network identity of your device.
- MAC Address Tool – Windows tool allowing users to change the MAC-address of network adapters through a registry key.
- macchanger – A Bash based MAC address changer.
- Spoof – Easily spoof your MAC address in macOS, Windows, & Linux!
- SpoofMAC – Change your MAC address for debugging for OS X, Windows, and Linux.
Online Leak and Fingerprint tests
- Add unique variable to cached script
- Canvas Fingerprint Test
- CrookedStyleSheets – Webpage tracking only using CSS (and no JS).
- DNS Spoof test
- Decentraleyes Testing Utility
- Device Info
- Etag Check
- Firefox addon detector
- Firefox storage test
- JA3 SSL Fingerprint
- No-JavaScript Fingerprinting Test page, see how it works here
- Privacytests.org – Open-source tests of web browser privacy.
- Spectre & Meltdown checker – Script to check security of your Linux distribution, Android devices too. Run as root.
- Test Browser Referer
- Test if Third-Party Cookies are Enabled
- Torrent check – This tool will test whether or not your torrent client is leaking your own IP.
- Trace email address
- Traffic leaks detector
- Vision
- WebRTC leak Test
- Whoer
- amiunique – Is you browser signatures unique across the web?
- antcpt – ReCaptcha score as well as some interesting notes on how to optimize captcha solving costs
- Audio Fingerprint – Possible to detect you on the same PC if you use different browsers / virtual environment.
- browserleaks
- browserspy
- canvasblocker – Test you canvas in the different browsers, if they all have the same signature you are in trouble.
- css-exfil-vulnerability-tester
- dnscookie – DNS cookies use DNS caches as a side-channel to identify related network flows.
- dnsleaktest
- doileak
- email-checker – Check if email exists or not.
- emailipleak
- emailprivacytester
- fingerprintjs– Good for basic tests, from people who believe and claim can create unique fingerprints “99.5%” of the time.
- grc fingerprints
- HTML Mocker Demo – Randomize HTML content to test your defensive CSS.
- haveibeenpwned – Is you account compromised?
- howsmyssl – How secure HTTPS/SSL/TLS in your browser test.
- html5test
- ipduh anonymity check
- ipleak
- ipqualityscore
- ipv6leak
- is-chrome-100-yet.glitch.me) – See here how it works.
- jShelter Test Page
- ja3er – JA3 SSL Fingerprint test.
- key-event-viewer
- kitchensink
- Mullvad torrent check
- Panopticlick or the new version Cover Your Tracks - controversial
- permission
- pixelscan
- privacy proxy test
- privacycheck
- rel-noopener test
- thunderspy – Thunderspy targets devices with a Thunderbolt port. If your computer has such a port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.
- uniquemachine
- whatleaks
- webcamtests – Webcam Test Web Utility.
- whotracks – Statistic about trackers on websites.
- Winston Fingerprinting Demo – This page demonstrates cookieless tracking technologies which can be used to uniquely identify your browser.
- XSinator – XS-Leak Browser Test Suite
Online Virus Scanners
Virus Total Scanners
⚠️Keep in mind that Virus Total is owned by Google.
- VTSCAN – Scan a file directly from your terminal using VirusTotal API.
- VTHC – A Windows Explorer context menu extension that allows you to query the Virus Total malware scanning service simply by right-clicking on a file.
URL shorteners
- Btfy – A Privacy-focused custom URL shortener and branded links.
- Cuttly – Makes link management easier than ever, and advanced analytics allow you to understand what is happening with your links.
- Goshorly – Fast and easy URL shortener to self-host.
- Kutt – A free and open source URL shortener with custom domains and stats.
- LSTU – An open source URL shortening service.
- Pauperial – Simple website for make short link.
- Polr – A quick, modern, and open-source link shortener.
- SmallLinks – URL Shortener Built with PostgreSQL, Redis and Kafka.
- Teknik – Teknik was created to provide our users free services that they can trust.
- YoURLs – A small set of PHP scripts that will allow you to run your own URL shortening service.
URL Unshortener
- Link Unshortener – Mac app that expands shortened web links, following redirects until it reveals the destination URL. Never again click a link before you know where it's going!
- URL Shortener Unshortener Userscript – Adds small button next to shortened URLs on eg. Twitter and other sites that will replace the shortened URLs with their real locations and vice-versa. Useful for when you don't want to blindly click links.
TLS/SSL ciphers
- testssl.sh – A free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
- BlackLight – A Real-Time Website Privacy Inspector.
- TLS support – Tool for debugging client TLS version and cipher support issues.
Plagiarism Checker
Well worth searching your GitHub URL with Google Scholar, which is a great way to find out if your code has made it into any academic publications.
- https://1text.com/plagiarismchecker
- https://copyleaks.com/
- https://myassignmenthelp.com/plagiarism-checker.php
- https://onlineplagiarismchecker.net/
- https://plagiarismcheck.org/
- https://plagiarismcheckerx.com/
- https://plagiarismsearch.com/
- https://pltext.com/
- https://unicheck.com/
- https://writer.com/plagiarism-checker/
- https://www.duplichecker.com/
- https://www.grammarly.com/plagiarism-checker
- https://www.plagiarismchecker.co/
- https://www.plagium.com/en/plagiarismchecker
- https://www.plagscan.com/
- https://www.quetext.com/
Browser Fingerprinting
Canvas Fingerprinting
- AdTechMadness – “Overview of Google’s Picasso”.
- Antoinevastel – “Picasso based canvas fingerprinting”.
- Dali.js – Dali.js, Picasso-like device attestation payload.
- FingerprintJS – “How Does Canvas Fingerprinting Work?”.
- Google Research – Picasso: Lightweight Device Class Fingerprinting for Web Clients.
Fingerprinting measurement
- Am I Unique – Basic information a user's browser configuration and how trackable it is.
- BrowserLeaks – Gallery of testing tools that show what browser data can be leaked.
- Cookie-Editor – Extension to quickly create, edit and delete cookies without leaving your tab.
- DeviceInfo – Web browser security testing, privacy testing, and troubleshooting tool.
- EFF CoverYourTracks – EFF project that allows you to understand how easy it is to identify and track your browser.
- HUMAN Security – “Inside Anti-Detection Browsers and Account Takeovers”.
- Privacy Analyzer – Tool lists information that any website, advertisement, and widget can collect from your web browser.
- User-Agent Switcher – Spoofs & Mimics User-Agent strings.
Other Fingerprinting
- FingerprintJS – “Incognito Mode Detection: Detecting Visitors Who Browse in Private Mode”.
- Jesse Li – “Detecting incognito mode in Chrome 76 with a timing attack”.
Passive Fingerprinting
TLS Fingerprinting
- Salesforce Blog – “TLS Fingerprinting with JA3 and JA3S”.
- ja3 – JA3 is a method for creating SSL/TLS client fingerprints for threat intelligence.
- ja3er – ja3er is a project about collecting and sharing JA3 hashes.
- jarm – JARM is an active Transport Layer Security (TLS) server fingerprinting tool.
Literary Archives & Libraries
- Adelaide University – Contains Classic books on Literature, Philosophy, Science, History, Exploration and Travel in ePUB format or for reading online.
- The Anarchist Library – An archive focusing on anarchism, anarchist texts, and texts of interest for anarchists, in PDF, plaintext, and EPUB formats.
- Bookyards library – Has ebooks and other items. eBooks are PDF.
- Classic Reader – Online library of thousands of free books by authors such as Dickens, Austen, Shakespeare and many others.
- Century Past Library – A site aggregating links to many public domain books of historical and scientific interest, as well as magazines and other periodicals. While we cannot recommend the books and articles that make use of the Internet Archive's DRM-restricted borrowing service, the majority of the works listed here are available free of charge as PDF downloads.
- DigiLibraries – No cost eBooks library, with over 20.000 Free eBooks.
- The Dunyazad Digital Library – A personal collection of DRM-free ebooks of history and adventure.
- Ebooks.com – Has DRM-free ebooks as well as ones restricted with DRM. However, you can filter search results to only show you the DRM-free ones.
- E-Books Directory – No cost eBooks, documents, and lectures from all over the internet, available in PDF format and organized by subjects.
- Free-ebooks.net – Free eBooks in various formats.
- Free Tamil eBooks – No cost eBooks in the Tamil language.
- Global Grey – DRM-free libre and public domain eBooks in several formats.
- Internet Archive – Free Books from a variety of sources, most available as scanned PDFs and OCRed plain text. More that 2,000,000 books available. Please note that we do not recommend their eBook lending program, which is DRM-encumbered and managed through a non-free client.
- Internet Sacred Text Archive – Books about religion, mythology, folklore and the esoteric.
- Library of Congress – Historical books, images, and music from America. Books are normally scanned to PDF but the text is often available on-line.
- ManyBooks.net – No charge eBooks, in a variety of formats, mostly from Project Gutenberg. They provide excerpts and sometimes a book description. They allow readers to leave book reviews.
- Marxists Internet Archive – Books and articles by hundreds of writers, Marxist and non-Marxist. Some of the books have an option of PDF download, but the PDF version is the webpage printed to a PDF file and thus not very suitable for most ebook readers.
- Mutopia – Hosts thousands pieces of music – free to download, modify, print, copy, distribute, perform, and record – all in the Public Domain or under Creative Commons licenses, in PDF, MIDI and other formats.
- OBOOKO – Hundreds of ebooks for direct download at no charge. Fiction and non-fiction. Authors may publish books on the site free of charge.
- Planet eBook – Free classic literature that has fallen out of copyright. Available in PDF format.
- PDFBooksWorld – Distributes public domain books in PDF format.
- Project Gutenberg – Is the original purveyor of DRM-free eBooks. The project aims to encourage the creation and distribution of eBooks that will be readable on any device you choose. When you obtain an eBook, you should not be locked into using one particular eBook reader. Instead, you should have the freedom to read that book on any device. All of the material available through Project Gutenberg is free of charge, including the complete works of William Shakespeare, Peter Pan, and the United States Declaration of Independence.
- Project Gutenberg Australia – Provides books that are public domain in Australia.
- Project Gutenberg Canada – Canada has different copyright laws than the US. These eBooks are public domain in Canada. Content is HTML and TXT.
- Project Runeberg – A volunteer effort to create free electronic editions of classic Nordic (Scandinavian) literature and make them openly available over the Internet.
- PublicBookshelf – Over 540 books to read using a built-in, easy-to-read book format, specializing in all types of romance books including classics and contemporary.
Renascence Editions specializes in English works written between 1477 and 1799. PDF or HTML, generally, and an excellent source for works in Early Modern English.
- Snewd – A great source of professionally edited public domain texts in a variety of ebook formats.
- Standard Ebooks – Produces new and attractive editions of ebooks sourced from Project Gutenberg with additional proofing, using modern typography, updated font kerning, and in the latest ebook formats.
- Smart Study – Post with more than 1,000 open textbooks and learning resources for various subjects
- epubBooks – Offers gratis books, with a focus on high-quality formatting and images that work reliably on a variety of devices.
eBook Publishers
- 0s&1s – Both a digital publisher and a distributor of e-books published by twenty-seven different independent presses in the United States and Canada—including Black Balloon Publishing, Coach House Books, Red Hen Press, and Tin House Books.
- Angry Robot – Sells a variety of DRM-free science fiction and fantasy novels
- Apress – Publisher of IT-related technical books. .
- Baen Ebooks – Sells DRM-free ebooks from an assortment of science fiction and fantasy publishers, including Baen Books, Del Rey, and Tor. They also offer a number of no-cost downloads in their “Free Library”.
- Le Bélial – A French publishing platform free of DRM.
- Blackstone Publishing – Releases DRM-free books through a variety of retailers.
- BookRefine – A DRM-free publisher that takes a strong stance against copyright trolling and sending DMCA takedown notices.
- Bragelonne – A DRM-free download of their ebooks for customers who first purchased it through a DRM service.
- BWB Texts – A New Zealand-based publisher.
- Carina Press – A digital-first imprint from Harlequin covering many genres.
- Flat World Knowledge – The world's largest publisher of free and open college textbooks.
- Goal Publications – A queer-owned publisher of young adult literature, catering specifically to the furry fandom.
- Homeless Book – DRM-free publisher offering a wide range of books on politics and political theory in Italian.
- Inside Outsider Publications – Specializes in publishing fiction which deals with environmental and social issues.
- Liber Liber – A non-profit publisher of Italian-language ebooks.
- Lost Art Press – A small Midwestern publishing company that seeks to help the modern woodworker learn traditional hand-tool skills. They sell boutique hard copies as well as DRM-free PDF downloads of nearly all of their books.
- Manning eBooks – Publishes computer books for professionals—programmers, system administrators, designers, architects, managers and others.
- New Internationalist – A not-for-profit cooperative to report on the issues of world poverty and inequality; to focus attention on the unjust relationship between the powerful and powerless worldwide; to debate and campaign for the radical changes necessary to meet the basic needs of all; and to bring to life the people, the ideas and the action in the fight for global justice.”
- No Starch Press – Publishes and sells DRM-free ebooks, on a wide range of non-fiction topics and howto guides.
- OR Books – A progressive anti-DRM publisher
- Packt Publishing – Offers DRM-free books for IT professionals.
- The Pragmatic Bookshelf – Has DRM-free books by and for programmers in a variety of formats.
- Propaganda Yayınları – An independent publishing house specializing in Turkish languages works on political and socioeconomic issues, including feminism, anarchism, economics, and philosophy.
- Publie.net – A French publisher that offers most titles DRM-free displaying a smiley face icon.
- Rocky Nook – Is digital photography-focused publisher that offers all ebooks without DRM.
- Rosenfeld Media – Sells DRM-free ebooks about user experience design and also includes a DRM-free digital copy with every physical book they sell.
- Saga Press – A sci-fi and fantasy imprint of Simon & Schuster. Their ebooks are all DRM-free.
- Sher Music Co. – Publishes jazz and Latin music real books and method books, and their ebooks are DRM-free.
- SIGNAL 8 PRESS – A publishing company focusing on East Asia and the Pacific Rim which publishes engaging novels, short story collections, and nonfiction written in English.
- Sophia Institute Press – Publishes faithful Catholic classics and new Catholic books by the enduring figures of the Catholic intellectual tradition.
- Springer Science+Business Media – An international publisher of books on science, technology, and medicine.
- Star Trek Books – A subsidiary of Simon & Schuster. Their ebooks are all DRM-free.
- Take Control Books – Offers highly practical, tightly focused ebooks covering Apple products.
- Tor/Forge/Tom Doherty Associates – Science fiction and fantasy publisher of Macmillan, sells DRM-free books.
- XML Press – A publisher of technical communications books whose ebooks are all DRM-free.
- Zubaan Books – An Indian feminist publishing house that sells DRM-free materials.
Individual Authors and Books
- An Anarchist FAQ – A comprehensive introduction into the philosophy of anti-authoritarianism and anarchism. Licensed under the GNU FDL.
- Anna Galore – A french writer who offers most of her novels and short stories DRM-free.
- Blake Crouch – A suspense writer who has made it to the top ten Kindle bestseller list.
- Craphound – Author's site. Fiction and non-fiction by Cory Doctorow.
- Diane Duane – Wrote the 'So You Want to be a Wizard' series and sells copies of not only the original published version but also a new updated version which is only available at her site.
- Green Comet – A novel of love and adventure on an inhabited comet, and its sequel, Parasite Puppeteers, are available to download in various formats, including ePub and OGG under the free culture CC-BY-SA license.
- IPv6-Handbuch – Is a small German ebook shop selling books on IPv6.
- J.A. Konrath – An author of detective novels and suspense novels.
- Kanika G – Self-publishes DRM-free children's books.
- Libreleft Books – Publishes Laurel L. Russwurm's free culture licensed mystery novels.
- Philippe Aigrain – An internet activist involved with La Quadrature du Net.
- Lessig.org – Lawrence Lessig's author page, whereat his eBooks may be freely downloaded.
- Rory Price – Has written a DRM-free novel with software freedom as a major theme.
- Simon Hayes – Writes the popular comedic space opera ‘Hal Spacejock’ and the 'Hal Junior' series.
- Stories for My Little Sister – Free original kids' books written and illustrated by a team of two sisters. These are available for children of all ages.
- Sustainable Energy – Without the Hot Air by David MacKay — A readable discussion (with actual metrics!) of our options for energy development.
- Thomas A. Knight – An independent, self-publishing author of fantasy novels, all available for purchase DRM Free.
- Thomas Galvin – Is self-described as being “an author who spends far too much time thinking about vampires” and you can find his works on his website.
Graphic Novels & Comic Books
- Comic Book Plus – Comic books in CBR/CBZ. Requires free registration.
- Comics Fu – A platform for creating digital comic stores.
- comiXology – Sells comics and offers DRM-free backups on select titles.
- Dynamite Entertainment – Sells DRM-free comics and graphic novels.
- Panel Syndicate – A pay-what-you want website for comics by artist Marcos Martin and writer Brian K. Vaughan.
- Rebellion Publishing – A digital publisher of ebooks, graphic novels, and comic books.
- Thrillbent – A digital comics site created by award-winning comics writer Mark Waid and television writer/producer extraordinaire John Rogers.
Educational materials and Books for students and researchers
- BookBoon – Publishes over 200 textbooks that students can download totally for free.
- Light and Matter – Introductory physics textbooks in available in HTML and PDF. Released under both Creative Commons and the GFDL.
- Linear Algebra – A first course – A free linear algebra textbook available in PDF and released under the GFDL.
- Michael Willems Photography – DRM-free photography teaching books. Use discount code “FSF” for a 15% checkout discount.
- Linear Algebra – A free linear algebra textbook in PDF format. Licensed under both Creative Commons and the GFDL.
- Motion Mountain – Free physics textbook available in PDF. Released under Creative Commons.
- OpenEdition – Free academic books and journals in HTML format
- OpenStax College – A nonprofit organization committed to improving student access to quality learning materials. They provide free textbooks, developed and peer-reviewed by educators to ensure they are readable and accurate.
- TechBooksForFree.com – Free programming and computer science books.
- Wikiversity – A Wikimedia Foundation project devoted to learning resources, learning projects, and research for use in all levels, types, and styles of education from pre-school to university, including professional training and informal learning.
Guides connected to privacy, security or anonymity
Security Guides
- .NET Runtime Security Mitigations
- Adding E2E Encryption for Proxied Data
- ANSSI – Hardware security requirements for x86 platforms – Recommendations for security features and configuration options applying to hardware devices (CPU, BIOS, UEFI, etc) (Nov 2019).
- Apples Personal Safety User Guide
- asecure.cloud – Build a Secure Cloud – A free repository of customizable AWS security configurations and best practices.
- Australian Cyber Security Center Publications
- Basic and practical security tips for Linux by Jesse Smith
- Beginner's Guide to Social Media Verification
- CIS Benchmarks
- CUPS Server Security
- Cyber security in the public cloud – A brief guide to the network, infrastructure, data, and application security capabilities AWS, Microsoft Azure, and Google Cloud provide to prevent cyber-attacks and protect your cloud-based resources and workloads.
- Cyber Security Trends of 2021
- DISA DoD Cloud Computing Security
- Encryption with Gnu Privacy Guard
- FIPS Compliant Crypto in Golang
- GitHub Advisory Database for CVEs
- Guide to De-Google and privacy on android
- How to find and remove spyware from your phone
- How to get the best out of your Yubikey with GPG
- How you can auto-renew and forget about TLS certificates with cert-manager
- Linux NFS-HOWTO – Security and NFS – Overview of NFS security issues and some mitigation.
- Lissy93's Personal Security Checklist
- NSA Cybersecurity Resources for Cybersecurity Professionals and NSA Cybersecurity publications
- NSA Info Sheet: Cloud Security Basics (August 2018)
- NSA Security Configuration Guidance
- OpenSCAP Security Policies
- OWASP Mobile Security Testing Guide
- Reasonable Security Checklist for Personal Information
- Security Headers: Scan your site
- Security in a Box – Tutorials on how to stay private online and install privacy-preserving apps.
- Setup your SSH security key in less than two minutes
- systemd service sandboxing and security hardening 101
- The Crypto Paper
- The DevOps: A Concise Understanding to the DevOps Philosophy and Science
- Tips to build a Content Security Policy (CSP) without breaking your site
- US DoD DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Using a Yubikey for GPG and SSH
- Using GPG to Encrypt Your Data
- Zebra Crossing – An easy-to-use digital safety checklist.
IoT Security
iOS Privacy Guides
- Apple iOS 15 Privacy Guide
- Securing Mobile: Settings
- iOS privacy and security checklist
- iOS-Privacy-Guide
Privacy Guides
- A Guide to Using RSS to Replace Social Media
- Android Privacy Guide – Take Control Of Your Data
- Big Ass Data Broker Opt-Out List
- Compute Freely – Is a website designed to be approachable and friendly for people curious about free and open source operating systems and Linux distributions.
- Crank up the volume on that Pixies album: Time to exercise your Raspberry Pi with an... alternative browser
- Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
- Decentralized Thoughts
- Device Privacy Tips
- Differential Privacy: A Primer for a Non-technical Audience
- DuckDuckGo's privacy newsletter
- EFF: Surveillance Self-Defense
- EPIC – Online Guide to Practical Privacy Tools
- eMail security and privacy
- Encrypted Email 101: How to Encrypt Your Emails and Protect Your Company Data
- Everything You Need to Know About Password Managers
- Firefox: Privacy Related “about:config” Tweaks
- Four Methods to Create a Secure Password You'll Actually Remember
- Freedom Privacy over Internet (FPoI) – How to maintain freedom and privacy using technology and Internet
- Google Tag Manager (Server-Side Tagging), la nouvelle arme anti adblock?
- Guide to building the android source
- Guide to privacy settings for Google, Facebook, Windows 10, Android, Firefox, Brave, Signal and more
- HTTP vs. HTTPS: What's the Difference and Why Should You Care?
- Hacks4Pancakes – Thwart my OSINT Efforts while Binging TV!
- How to Replace Gmail
- How to create a strong password (and remember it)
- How to delete remembered passwords
- How to disable Telemetry and Data Collection in Windows 10
- How to get companies to delete your personal data that they are hoarding
- How to permanently delete a Facebook account
- How to permanently delete a Facebook account
- IntelTechniques – Personal Data Removal Workbook & Credit Freeze Guide
- Internet Privacy Guide – Keeping Your Data Safe Online
- Keystroke tracking, screenshots, and facial recognition: The boss may be watching long after the pandemic ends
- Lectures on Data Security – Modern Cryptology in Theory and Practice
- List of best privacy practices provided by SpiderOAK
- Location history: How your location is tracked and how you can limit sharing it
- MacOS privacy guide
- Manage Windows 10 Telemetry and Data Collection settings
- Mobile privacy: a better practice guide for mobile app developers
- Mozilla’s Privacy Not Included buyer’s guide
- Multi-factor authentication
- New tool reveals ultimate owners of companies
- OWASP User Privacy Protection Cheat Sheet
- Open source, experimental, and tiny tools roundup
- Opting Out of TurnItIn
- Permanent Record by Edward Snowden
- Practical Privacy: A Guide for Everyone
- Privacy Crash Course
- Privacy Rights Clearinghouse – Online Privacy: Using the Internet Safely
- Privacy by Design by Nishant Bhajaria
- Pro Privacy: Encryption for Privacy Guide
- Public Information Opt-Out Guide
- Reddit privacy Wiki
- Reflections on Apple's iCloud Private Relay: Does it Really Improve Privacy?
- Remove bloatware from Android without root
- Sandworm Book by Andy Greenberg
- Search Encrypt – Beginner’s Guide to Internet Safety & Privacy
- Secured.fyi – A ranking of paid and free services based on security and privacy attributes.
- Securing Personal Information: A Self-Assessment Tool for Organizations
- Security in-a-box – Keep your digital communication private
- Set Up a Home Server
- Spread Privacy – The Official DuckDuckGo Blog
- Stay Safe Online – Managing Your Privacy
- Switching.software – Is a collection of ethical, easy-to-use and privacy-conscious alternatives to well-known software.
- The Algorithmic Foundations of Differential Privacy
- The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
- The Beginner’s Guide To Online Privacy
- The Complexity of Differential Privacy
- The Definitive Guide To Privacy Online
- The New Oil
- The ProtonMail guide to taking control of your online privacy – You can't export all your emails without a paid plan.
- The Ultimate Guide to Smartphone Privacy
- The what, why, and when of multi-factor authentication
- They Track You: A website to raise awareness of online privacy
- Think Like the Internet – or How to Fight Facebook, and Win
- Tor, Practical Privacy, and Censorship Resistance
- Troy Hunt – Going dark: online privacy and anonymity for normal people
- US-CERT – Privacy Tips
- Ultrasonic beacons: A silent threat to your privacy
- Web Hosting Geeks – A Beginner’s Guide to Online Privacy
- Web browser privacy: What do browsers say when they phone home?
- What Police Get When They Get Your Phone
- What are 5-eyes, 9-eyes, and 14-eyes?
- What is GDPR and how will it affect you?
- World Privacy Forum – Top Ten Opt Outs
Hardening Guides
- ACSC – Hardening Microsoft Windows 10 (Workstation)
- Apache Config – Apache Security Hardening Guide
- Applied Crypto Hardening: bettercrypto.org - TLS/SSL, PGP, SSH and other cryptographic tools.
- Awesome Windows Domain Hardening
- Browser and Client-Side Hardening
- CIS Benchmarks
- ERNW – IPv6 Hardening Guide for Linux Servers, OS-X and Windows Servers
- GeekFlare – Apache Web Server Hardening and Security Guide
- Harden the World - A collection of hardening guidelines for devices, applications and OSs.
- Hardening Network Devices: Service Security Recommendations (2020)
- Hardening Firefox – September 2021 Update
- Hardening OpenLDAP on Linux with AppArmor and systemd
- Jetty hardening (2015)
- LDAP: Hardening Server Security (so administrators can sleep at night)
- Linux Audit – OpenSSH security and hardening
- Lisenet – CentOS 7 Server Hardening Guide (2017)
- macOS Hardening Guide – © 2016 Jonathan Levin, NewOSXbook.com [pdf]
- nixCraft – 40 Linux Server Hardening Security Tips (2019 edition)
- NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs
- Positron Security SSH Hardening Guides (2017)
- pyllyukko user.js – Firefox configuration hardening.
- Short, Gentle Intro to NSA's Kubernetes Hardening Guide
- Smartphone Hardening Guide
- Some settings to harden Mastodon against scraping
- SUSE Linux Enterprise Server 12 Security and Hardening Guide
- Ubuntu wiki – Security Hardening Features
- Windows 10 Hardening - A collective resource of settings modifications (mostly opt-outs) that attempt to make Windows 10 as private and as secure as possible.
- Windows 11 Security Book
Anonymity Guides
- ARX – Open Source Data Anonymization Software
- Amnesia
- Anonymizer
- Cornell Anonymization Toolkit
- Open Anonymizer
- The Hitchhiker's Guide to Online Anonymity
- UTD Anonymization Toolbox
- anonymize-it
- sdcMicro
- µArgus
Data Collection and Telemetry Studies
- A study of data collection by Android devices + paper
- Analysis of the Telemetry Component of Windows 10
- Android and iOS data collection
- Apple will require apps to have “Privacy Labels” summarizing data collection
- EFF’s “Spying on Students” Report Highlights Tech Companies’ Data Collection
- Facebook will ignore data collection ban issued in Germany over WhatApp rules
- Forensic analysis of the Windows telemetry for diagnostics
- France: Windows 10 collects 'excessive personal data'
- Google misled consumers about the collection and use of location data
- Matrix and Element: a case study of funding an open protocol for real time chat
- Microsoft adds Telemetry to Windows 7 and 8.1 with an update
- Microsoft finally reveals what data Windows 10 really collects
- Microsoft lists data endpoint fields
- New study reveals iPhones aren't as private as you think
- Telemetry functions of Windows 10
- Text entered into Windows' Run dialogue gets sent to Microsoft's telemetry
- Windows 10 China Government Edition allows to control encryption and telemetry
- Windows 10 Enterprise telemetry network traffic analysis, part 1
- Windows 10: HOSTS file blocking telemetry is now flagged as a risk
- You want to get an idea what your Android sends to Google APIs? Decoded some traffic for you!
“Best practice” Guides
- 5 Best Practices for Securing SSH
- A cookbook with the best practices for working with Kubernetes
- A collection of best practices to consider when building user interfaces
- ANSSI – Configuration recommendations of a GNU/Linux system
- ANSSI Best Practices
- Applied Crypto Hardening – Reference on how to configure the most common services’ crypto settings (TLS/SSL, PGP, SSH and other cryptographic tools)
- auditd – Best Practice Auditd Configuration
- Beginner guide: How to secure your self-hosted services
- Best Practices for Azure Container Registry
- Best Practices for Letting Go of a Remote Team Member
- Best Practices to optimize query costs in BigQuery
- Best practices for writing faster SQL queries
- Best practices for adopting and designing IPv6-based networks on AWS
- CIS Benchmark for Red Hat Linux
- Container Security Best Practices
- Create your own Git server using Raspberry Pi and GitLab
- Database Security Best Practices in 2022
- Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML
- Digital Security for Filmmakers
- DISA STIGs – Red Hat Enterprise Linux 7 (2019)
- Endpoint Isolation with the Windows Firewall, talk from Ignite 2016 based on Jessica Payne’s Demystifying the Windows Firewall
- Enforcing best practice on self-serve infrastructure with Terraform
- ERNW – IPv6 Hardening Guide for Windows Servers
- FDA: Best Practices for Communicating Cybersecurity Vulnerabilities to Patients
- FIRST Best Practice Guide Library
- Git Commit Good Practice
- Guide for GitLab and I2P self-hosting
- Guidance on Software Development and Open Source Software
- Guide to DRM-Free Living: Literature
- Hashes and ETags: Best Practices
- Install a self-hosted Git server with Gitea on a VPS
- Linux workstation security checklist
- Microsoft – How to detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
- Microsoft recommended block rules – List of applications or files that can be used by an attacker to circumvent application whitelisting policies.
- Mozilla Guidelines to Secure SSH
- Netherlands NCSC – IT Security Guidelines for Transport Layer Security (TLS) (2019)
- NIST SP 800-41 Rev 1 – Guidelines on Firewalls and Firewall Policy (2009)
- NIST SP800-52 Rev 2 (2nd draft) – Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (2018)
- nixCraft – How to set up a firewall using FirewallD on RHEL 8
- NSA – A Guide to Border Gateway Protocol (BGP) Best Practices
- NSA – AppLocker Guidance – Configuration guidance for implementing application whitelisting with AppLocker.
- NSA – BitLocker Guidance – Configuration guidance for implementing disk encryption with BitLocker.
- NSA – Event Forwarding Guidance – Configuration guidance for implementing collection of security relevant Windows Event Log events by using Windows Event Forwarding.
- NSA – Pass the Hash Guidance – Configuration guidance for implementing Pass-the-Hash mitigation's (Archived).
- Please don't use Discord for FOSS projects
- Privacy Settings for major softwares
- Protect Yourself: Commercial Surveillance Tools
- Push Notification Best Practices You Should Follow in 2021
- Red Hat – A Guide to Securing Red Hat Enterprise Linux 7
- RFC 7540 Appendix A TLS 1.2 Cipher Suite Black List
- Security Checklist – Checklist of resources designed to improve your online privacy and security.
- Security Guidance for 5G Cloud Infrastructures. Part II: Securely Isolate Network Resources (2021)
- Small Mailserver Best Current Practice
- SSL/TLS Recommender
- TeamViewer Security Best Practices
- trimstray – Linux Hardening Checklist - Most important hardening rules for GNU/Linux systems which is a summarized version of The Practical Linux Hardening Guide.
- Top 10 Best Practices for Azure Security in 2021 (YT Video)
- trimstray – Iptables Essentials: Common Firewall Rules and Commands
- Windows Defense in Depth Strategies
- Your home router sucks! Replace it with pfSense!
- WebGPU Best Practices
- When to self-host critical application components
- Zero Trust Architecture by NIST
Anti-censorship Guides
- A closer look at the Great Firewall of China – Tor Blog
- Analyzing China's Blocking of Unpublished Tor Bridges
- Building Permanent and Censorship-Resistant Blog with Ethereum ENS and IPFS
- Course info – ECEN 5003: Censorship Circumvention
- Format-Transforming Encryption
- How the Great Firewall of China is Blocking Tor
- Learning more about the GFW's active probing system
- My Experience With the Great Firewall of China
- ScrambleSuit
- Selected Research Papers in Internet Censorship
- stegotorus
- Towards a Censorship Analyser for Tor
Opsec
- Account and mobile security
- Digital minimalism, developing a simple threat model
- Linux hardening guide
- Opsec 101
- Personal Security Checklist
- Privacy and security advice
- Your Security Plan
Other interesting guides and books
- How to Create a Cold Storage Crypto Wallet with a USB Memory Stick
- It's Always DNS. Filtering with PiHole and Podman
- Using Gitea as a Blog Management Tool
- whotracks.me – Data from the largest and longest measurement of online tracking.
Book Resources
Dev Books
- 40k HN comments mentioning books, extracted using deep learning.
- Attacking Network Protocols – A Hacker's Guide to Capture, Analysis, and Exploitation
- Beej's Guide to Network Programming – A free digital book about socket programming by Brian Hall.
- Cisco Press – Cisco authorized book publisher where you can get all books and official guides for Cisco certifications.
- Computer Networking: A Top-Down Approach (7th Edition) – A book for beginners (and advanced people) in networking.
- Data Science Bookcamp (2021) – Learn data science with Python by building five real-world projects.
- Designing Data-Intensive Applications (2014) – Data is at the center of many challenges in system design today. Difficult issues need to be figured out, such as scalability, consistency, reliability, efficiency, and maintainability.
- Effective Data Science Infrastructure (2021) – How to make data scientists more productive.
- Fighting Churn With Data (2020) – The science and strategy of customer retention.
- freeCodeCamp – Open-source codebase and curriculum. Learn to code for free.
- Internetworking with TCP/IP Volume One (6th Edition) – A rich introduction book to the TCP/IP protocols and Internetworking.
- IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6, 2nd Edition
- Network Security Essentials: Applications and Standards (6th Edition) – A practical survey of network security applications and standards.
- Practical Packet Analysis (3rd Edition) – A Book about analyzing network packets using Wireshark.
- Red Hat Enterprise Linux 7 Networking Guide – The official Red Hat's networking guide for Red Hat Enterprise Linux.
- Software Engineer Books – Collection of Software Engineer Books.
Privacy relevant books and papers
- Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World
- Differential Privacy: A Primer for a Non-technical Audience
- Lectures on Data Security – Modern Cryptology in Theory and Practice
- Permanent Record (by Edward Snowden)
- Privacy by Design (by Nishant Bhajaria)
- Sandworm (by Andy Greenberg)
- The Algorithmic Foundations of Differential Privacy
- The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
- The Complexity of Differential Privacy
DRM Free Book Stores
- Beam Book Store – Sells DRM-free books in German. Some books are distributed with a buyer-unique watermark, although this watermark does not limit book usage.
- Book View Café – Sells ebooks without DRM or an EULA
- The Bundle of Holding – Is a DRM-free bookselling site that sells time-limited, DRM-free offers of tabletop roleplaying game rulebook .PDFs and RPG-related ebooks.
- Chicago Shorts – DRM-free ebooks, passages and short stories selected by the University of Chicago.
- Closed Circle – Small DRM-free ebook store, direct from the authors themselves. Specializing in fantasy.
- Delphi Classics – sells copies of classic texts edited and formatted as ebooks. All epub files are – DRM-free, but not the .mobi files.
- Ediciones Babylon – Spanish books and ebooks free of DRM.
- Editions Fleurus – A French publishing house with over 1000 titles available.
- Elegant Solutions Software and Publishing Company – eBooks in a few portable formats.
- The Fifth Imperium – CD-ROM images, mostly the images are of the free CD-ROMs included with some Baen Books. Baen Books allows the CD-ROMs to be copied and distributed for free. Every CD-ROM contains several complete novels in HTML format, and some have extras, like MP3 readings. All CD-ROMs also contain artwork for the CD-ROM itself.
- Girlebooks – A resource for classic and contemporary ebooks by female writers.
- Humble Bundle (Books) – Sells collections of DRM-free ebooks, with two bundles available at any point in time.
- Immatériel.fr – A French distributor of ebooks that indicates DRM-free titles with smiley faces.
- Lektu – A Spanish-language DRM-free ebook store. In addition to books, it has audiobooks, ecomics, and music.
- U.S. Government Bookstore – Offers both print and DRM-free digital publications from across the entire US federal government, ranging from art and travel to business, education, and history.
- Weightless Books – An independent DRM-free ebooksite devoted to ebooks of all sorts.
Scanning and Pentesting
- ACSTIS – ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
- BruteShark – A Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files, but it also capable of directly live capturing from a network interface).
- DroneSploit – A pen-testing console framework dedicated to drones.
- Infection Monkey – A semi automatic pen testing tool for mapping/pen-testing networks. Simulates a human attacker.
- Is website Vulnerable – Finds publicly known security vulnerabilities in a website's front-end JavaScript libraries.
- OWASP Testing Checklist – List of some controls to test during a web vulnerability assessment. Markdown version may be found here.
- PTF – The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
- Pentest Tool LITE, OS tool to analyse page for most common issues – You can use it as command line utility installed as global package through npm or yarn, or you can use web app.
- KeyCDN Tools – Verify if a URL is delivered through the HTTP/2 network protocol.
- PhpSploit – Full-featured C2 framework which silently persists on web server via evil PHP oneliner. Built for stealth persistence, with many privilege-escalation & post-exploitation features.
- Recon-ng – Recon-ng is a full-featured Web Reconnaissance framework written in Python. Recon-ng has a look and feel similar to the Metasploit Framework.
- Spyse – Spyse is an OSINT search engine that provides fresh data about the entire web. All the data is stored in its own DB for instant access and interconnected with each other for flexible search.
- padding-oracle-attacker – Padding-oracle-attacker is a CLI tool and library to execute padding oracle attacks (which decrypts data encrypted in CBC mode) easily, with support for concurrent network requests and an elegant UI.
- sqlmap – SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
- w3af – W3AF is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
- ZAP – The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
HTTPS News
This section is not finished.
- HTTPS wrongly gets advertised as secure, which is not the case, there are bunch of scenarios in which HTTPS fails to protect the users. Self-hosting won't solve much because even self-hosted setup would have to talk to the outside world in the end.
- Proxies like Squid can do HTTPS intercepting. Certificate transparency effectively solves this because certain browsers, currently only Safari and Chrome require all new certificates be submitted to multiple certificate transparency lists - if it encounters a certificate that isn't, it’ll show a warning page before establishing the TLS session. This doesn’t stop interception at all, but the first time it happens that some huge website notices a certificate they didn’t authorize and/or should be blocked by their CAA records, it’ll be a large event with disastrous consequences for the CA, likely triggering immediate within under <48 hours removal from publicly trusted CA lists. This happened already, see here. Countries could ban HTTPS.
- Tor network helps against many vulnerabilities HTTPS has. With Tor, every domain generates their own public/private key pair (which represents the domain itself) hence making it impractical for actors to break all of them (in fact, breaking even one of the 128-bit ed25519 keys would be a breakthrough in cryptography).
Tor News
This section is not finished.
- Tor is not perfect same like any other protocol it has weaknesses but depending on how you count far less than most other known protocols. This argument makes it worth alone to suggest using the tor network.
- JavaScript among some other old and outdated web-standard are among the highest threat to the tor network, this is not really a tor network issue because tor simply need to fallback to older standards to not entirely breaking the web as we know it.
- Tor does not encrypted inbound traffic, for this you would need I2P. You can use I2P together with Tor but it is more configuration trouble.
- Content is encrypted between client and nodes but not from exit relay to server. The anonymity relies on servers, the more servers the more anonymous the user is because he can easily hide in the mass. However, if someone compromise hundreds of Tor Relays the entire privacy aspect will be lowered or even compromised.
- HTTPS redirects can be blocked so Tor isn't a fail-safe alternative.
- Using a browser add-on that rewrites the URL request before it's sends a GET request is paramount to security. If relying on the initial request to redirect after the fact the resulting method could be overwritten by an exploited endpoint.
- Combining Invisible Internet Project alias I2P and Freenet for file-sharing could help solve some, but not all problems.
- The biggest problem with Tor is that it is not really usable in the real world due to how it works, most websites simply ban Tor traffic, or you get spammed with CAPTCHAs. Some ISPs directly flag you if you use the tor network which means you are classified as possible threat which makes you more unique among – normal – users.
Major problems while using Tor
- Constantly reCaptcha requests, which you need to solve. Almost every captcha system is at some point privacy invasive by design.
- Lots of providers throttle your internet connection once they detect, unusual, traffic. This can make you more likely a target because you stick out like a needle from the mass.
- Security pages, like banking often entirely block connections coming from Tor users which makes it impossible to use Tor on eg. your banking page. Trying to workaround this often results in more fingerprinting and restrictions.
Tools
- Nipe – Nipe is a script to make Tor Network your default gateway.
iOS Privacy, Anonymity, & Security List
iOS Shell
- ish – Simple Linux Shell for iOS.
- more coming soon…
Amazon FireTV (Android Based) Privacy, Anonymity, & Security List
- coming soon…
Amazon FireHD (Android Based) Privacy, Anonymity, & Security List
- coming soon…
Conclusion
You've reached the end of my list—I hope you were able to discover an alternative or two along the way! If you disagree with any of my choices or just want to talk to me, feel free to send me an email.