Maybe we should add paste services too? I think it's a good idea to have paste services listed, as some people want to share code or simply plain text files with some privacy (and without pastebin captchas).

For example, ghostbin seems like a good candidate.

It's open source, supports expiration and encryption - perfect for privacy.
Supports code highlighting, having an account for managing pastes - like pastebin, gist.github.com, ....

Also

Ghostbin user accounts exist solely for keeping track of your own pastes.
No personally-identifying information is retained as part of your user account—even when you use Email. Promise.

1. FlashBlock - Stops flash cookies (which is quite a privacy issue).
2. Search engines: DDG, Disconnect Search, Startpage etc.
3. Certificate Patrol - Stops potential MitM attacks.
4. Secure Sanitizer - Prevents malicious software and people from getting deleted browser data.
5. BetterPrivacy - Manages flash cookies from allowed flash content.
6. (?) Google Privacy - Replaces all Google search links with direct links.
7. URLFixer - Handy tool for prevent phising attacks without any external source.
8. (?) Webutation - WOT alternative.

The section about messengers is sadly very misleading in my opinion.
Have you ever used ChatSecure?
I suppose you recommend it becuase it runs on multiple mobile operating systems.
Are you aware that it is different on each of these, has different featuers?
Can it do http_upload, carbons? Do you tell people about how OTR can also be a pain if you have multiple devices? It doesn't seem so, which will result in users trying the software, seeing that it doesn't work as expected and saying its no good.

In my opinion the best XMPP client for mobile is Conversations, which is mentioned on the page too.

I think one should just mention XMPP in general and then link to a broader explanation of it. Explaining that behaviour of clients can differ depending on which XEPs they support. And listing a good pre selection for people who do not want to read all those details. Which in my opnion is: Conversations for Android, Gajim and Swift for desktop. I can't speak for iOS since I don't use it.
This would also give the user the right impression: it's not just for mobile but for all kinds of things. Currently in my opinion it looks like its a mobile only thing.

VPNArea:

• Is based in Bulgaria
• Uses encryption
• Accepts Bitcoin
• Supports OpenVPN
• Has a no logging policy

Hi guys,

I've been removing several Firefox addons in the past weeks because they were redundant with each other. We should not recommend several Firefox addons that are doing the same job. I'm not sure about these four addons at the moment: uBlock, Decentraleyes, uMatrix and NoScript.

Please help me out. Should we remove some more?

Thanks

Hi,

I posted
https://reddit.com/r/privacytoolsIO/comments/4yjbi9/vpn_services_are_terrible_lt2p_ipsec_is/

I suppose we should make sure to warn people about LT2P and that pre-shared keys are not very secure.

Hi

"alt" parameter in fingerprint image it's wrong:

• https://github.com/privacytoolsIO/privacytools.io/blob/master/index.html#L590

've phun!

Good starting point: http://alternativeto.net/software/evernote/?license=opensource

Criteria:

• Open Source
• Cross-platform
• Easy to use
• Privacy respecting

There can be exeptions if no software is available that meet the criteria.

Edit: My current favorites are: Turtl, Simplenote and Laverna. Not sure about the order yet.

What do you guys suggest?

As @johnnagro suggested in #90, I think the account should be turned into an organization.

I created a separate issue for this, as I think we should discuss this and choose some organization members.

ownCloud has been forked to Nextcloud, many core developers have also moved on to Nextcloud. Wikipedia has more insight and references for the history and the reason of the fork https://en.wikipedia.org/wiki/Nextcloud.

If this issue is valid then I'm happy to make a PR to update the website.

Hey,

Great site and very useful for digisec trainings!

Just wanted to see can we space on the site for Umbrella App. It's free, open source on Android and contains tons of lessons on privacy related issues like digital and physical security - from how to send a secure email to dealing with being under physical surveillance.

Google Play Store:
https://play.google.com/store/apps/details?id=org.secfirst.umbrella

Amazon App Store:
https://www.amazon.com/Security-First-Umbrella-made-easy/dp/B01AKN9M1Y

F-Droid Repo:
https://secfirst.org/fdroid/repo

Github Repo:
https://github.com/securityfirst

Code Audit:
https://secfirst.org/blog.html

See this issue on the Windows 10 privacy tool:

10se1ucgo/DisableWinTracking#147

We will need to find an alternative, or someone to take up maintenance of that app.

Ghostmail makes Confusing claims like "the safest place on the Internet", "Once it’s deleted it’s gone forever." (although there is no forward security!), "Data is encrypted at all times."
There is no way to verify these claims as the service is based on proprietary, hardly documented encryption.
EDIT: I was wrong, Ghostmail is actually open source and there has been a security audit. I am Sorry.

From their FAQ:

Can I use IMAP/SMTP (external email client i.e. Thunderbird)?

GhostMail is built to offer our users the best privacy and security. Hence we don't allow usage of IMAP/SMTP etc. as emails then will be vulnerable in case your computer or smartphone gets compromised.

By disallowing SMTP (isn't that a requirement to be listed anyway?), Ghostmail hinders its users from using the encryption software of their choice. Using a shady webapp instead of a real mail client provides absolutely no protection in case the device gets compromised. Quite the contrary, this model introduces new attack vectors because users have to rely on the integrity of the website anytime it loads in addition to that of their devices.

Ghostmail accounts can only connect to other ghostmail accounts. Therefore, a ghostmail account cannot replace a real email account.

In short: Ghostmail only let's you send messages to other ghostmail users, it doesn't allow you to encrypt your messages with the software of your choice and the information on the website is misleading. Ghostmail shouldn't be listed as a Privacy-Conscious Email Provider.

There are some problems with the email providers. For example, Tutanota says it's free, which it is. But it also says it accepts Bitcoin, but why does a free service accept Bitcoin? It also says it supports custom domains, which is does, but only if you pay. But wait, isn't it free?

It seems like there should be another column, like "Free option" with the choices "yes" or "no.

Also, there should be more options under "Custom domain": "Yes", "Yes (Paid accounts only)" and "No".

I think this would add clarity. I will make a PR if there's no disagreement.

I think we should add tutorials for some of the tools. How to install, use, secure the tools, ... I'm willing to help writing them.

Thoughts?

I noticed in the Information section you have "Security Now!" included in the list of links. I would like to request the addition of the Tech Snap Podcast. The information is great, especially for those with technical knowledge as the hosts go in to great depth on the topics they cover. Very thorough, insightful and valuable security information for those who want to stay informed and aware.

Tech Snap Security Podcast - By Jupiter Broadcasting

In the source here, https://github.com/privacytoolsIO/privacytools.io/blob/master/index.html#L1361, the link to the Pond project is down. I don't know anything more about the project, but after a search for it, I found this repo https://github.com/agl/pond which explains the project is basically abandoned. Perhaps it'd be better to swap Pond and the current Honorable Mention, RetroShare?

https://twitter.com/thegrugq/status/625173052783853568

Hi guys,

Recently I began searching for a search engine (pun intended). Certainly I came across DuckDuckGo and searched for information since a lot of people regard it as a search engine which respects privacy.

I came across a few problems (relevant source, sadly in german: http://www.zeit.de/digital/datenschutz/2014-01/duckduckgo-startpage-ixquick-nsa) :

• I don't know how up to date this is but DuckDuckGo uses Amazon Webservices for its service. Amazon works volunteerly together with the US government according to the source
• DuckDuckGo is based in the US. On privacytools.io it states that people should not use US services and explains why. To me this seems like a contradiction

I suggest removing DuckDuckGo from the list and maybe taking startpage.com as a candidate. I have not found information regarding startpage which shows that it is not trust worthy regarding privacy

EDIT: I would be delighted to create a PR if others agree

Regarding https://www.privacytools.io/#vpn
The sorting of prices is all wrong. Some prices are in EUR others in USD. And even the sorting of the same currency doesn't work.

GNUnet, Freenet or I2P may provide better anonymity, but popularity is important too.

Especially because of the

If you are currently browsing the Clearnet and you want to access the Dark web this section is for you.

Given most popular hidden services use Tor, I suggest moving Tor to the second place, leaving I2P first. Because unlike Tor, it's only a self-contained network, but unlike GNUnet and Freenet, it's also pretty popular.

I found these two threads about some about:config privacy enhancements that I thought might be of interest:
https://airvpn.org/topic/19582-hardening-of-firefox/
https://airvpn.org/topic/15769-how-to-harden-firefox-extreme-edition/

I especially found this part from the first link interesting:

network.http.send.RefererHeader"

• sends the next website that you visit information from which site you come (e.g. by clicking on a link)
  standard-value is "2" which means it does send these informations.
  setting the value to "1" is the same, only if you click on images, the RefererHeader won't be send anymore.
  setting the value to "0" disables the RefererHeaders completely.

The correct entry is however network.http.sendRefererHeader and I did not find the entry for HTTPS pages that the poster mentioned after that, so maybe they were merged into one entry?

I remember privacytools.io had a search bar for its instance of a searx engine. I want to include one like that on my site with my searx engine instance and i was hoping you could share the html\css\js. Also why isnt searx in the recommended list anymore?

Should we delete the other branches?

In the email providers section (under "related information") there is a link OpenMailBox keeps one year logs of meta-data with a link to a forum post. This link doesn't work any more (404 error).

Link in question: https://www.openmailbox.org/forum/viewtopic.php?id=390

The link is not archived in The Wayback Machine.

CanvasBlocker is a Firefox addon to prevent canvas fingerprinting.

Does anyone have experience with this addon?

Epic is a Chromium based web browser that encrypts user identity, lets users browse privately on the internet and also protects users from tracking attempts made by other websites, scripts and other possible vulnerabilities. https://epicbrowser.com/

With regards to your section ..

"Don't use Windows 10 - It's a privacy nightmare"

And recommendations for tools to download to assist locking down Privacy issues / settings not so easily accessed by the general public

Recommendation ( From the same people who we have all been trusting for many years who create SpyBot Search and Destroy )

https://www.safer-networking.org/spybot-anti-beacon/

👍

CloudFlare is a major privacy issue to the users of a site protected by it.

Is there a good reason to use it for privacytools.io?

The Subrosa over. It is discontinued. Please remove this software. Using Google Translate.

https://github.com/subrosa-io/subrosa-client

Just found out about Qwant:

• https://www.qwant.com/privacy
• https://www.qwant.com/about
• Based in France

Should we replace it with Disconnect?

I'm not a native english speaker and might have done some mistakes on the website. Please help out.

PureVPN:

• Is based in Hong Kong
• Supports encryption, but is not enabled by default
• Accepts Bitcoin
• Supports OpenVPN
• Has a no logging policy

This isn't really a big issue. I remember seeing a post it a while back but CanaryWatch was no longer maintained. You can check the links below:

https://canarywatch.org
https://www.eff.org/deeplinks/2016/05/canary-watch-one-year-later

Maybe we can either put a "Note: No Longer Maintained" or either remove it; it would not be that useful anymore because the last updated canary dates are in May/June.

Your web page currently reads ..

How to fix the WebRTC Leak in Google Chrome?
There is no known working solution, only a plugin that is easily circumvented. Please use Firefox instead.

Recommend ..

A suggestion to use Chromium builds from http://chromium.woolyss.com/

There are build options for 32 and 64 bit, with / without proprietary codecs and with / without Sync, WebRTC and Widevine

Have a good read of the site, a lot of good information / advice and a recommend for your site too.
It offers Chromium builds without any google additions, and is not a hack like some third parties would offer claiming they have removed Google features ( but then they add their own agenda "features" ).

Its just pure unsullied Chromium Dev builds

Since I knew this great resource I tried to spread about it.
So I create a spanish translated version that I tried to mantain updated (last commits in the english version are not still done in spanish version :) )

Make sense add a link to the page I have translated and mantain hosted in GitLab?

• https://victorhck.gitlab.io/privacytools-es/

Thanks for this great resource!

PS: translation is done for non profit, of course! so links to bitcoins, etc points to the original links.

Do you need help dealing with PR's etc? I am happy to help. Maybe the account should be migrated to an organization and you can get a few privacy advocates to help you manage the site? I'd be willing to contribute time/resources to help manage it.

Also, contribution guidelines could be fleshed out to include what you/we would consider a good tool, not just the technical constraints on logo size, etc.

re: https://www.privacytools.io/#dns

A couple issues here. First, they are an Australian company (Five Eyes)! Second, if you've tried to hit up their homepage since June, you were presented with an expired SSL certificate (https://cloudns.com.au/). Rookie.

How did they become the recommendation? Can we get that recommendation removed? There are plenty of other DNS and DNSCrypt providers out there.

Before suggestions were only welcome in our Subreddit but it makes sense to accept them here as well. I don't want to force users to sign up on reddit in order to participate.

It should be 'browser.safebrowsing.phishing.enabled = false' not 'browser.safebrowsing.enabled = false'

https://duckduckgo.com/?q=firefox+os+discontinued

At least "Google" does not show up in the DropDown box.
https://search.disconnect.me/

Current search engines are

• Bing
• Yahoo
• DuckDuckGo

Hi.

In point 6, the text that explain every number start with a lower case letter.
And in point 7, the text starts with capital letter.

I think that would be better to start in the same way...

've phun!!

Hi.
In the "uBlock Origin" section you can read:
"OS: Firefox, Safari, Opera, Chromium."
In that sentence OS means Operative Sistems? If so, I think that those are not OS but web browsers, right?

've phun! ;)

...

Relevant bits:

OmniROM was created in response to the perceived commercialization of CyanogenMod. The directors of Cyanogen Inc. refuse to make signature spoofing a default feature of Cyanogen OS, making it harder to stay anonymous, and in particular to hide your identity from Google. OmniROM has signature spoofing enabled as a default feature.

I think this information is unnecessary for the tagline. The OmniROM About page and their first blog post don't mention it at all:

Secondly, we love CM and immensely respect the entire team there and their contributions to the community at-large. It’s a great product, and if they can get 300 million users, that would be amazing for everyone. We are conscious of people who think we’re scavenging disgruntled developers from other projects. This is not our goal. We have positioned Omni as being about the community, and we will not abide bashing of other custom ROM projects. We will do our best to find common ground in the spirit of collaboration and cooperation.

With that said, I'm not sure how to summarize what differentiates OmniROM with a single sentence. Customizability seems to be a major goal?

Move "other OTR clients" from the ChatSecure description to the Worth Mentioning section.

It's important for a website like privacytools.io to be up-to-date. Keep an eye on software updates of the applications listed here. Follow recent news about providers that are recommended. We try our best to keep up but we're not perfect and the internet is changing fast. So if you find an error, or you think a provider should not be listed here, or a qualified service provider is missing or a browser plugin is not the best choice anymore or anything else...

Talk to us please. Join our subreddit and start a discussion. This is a community project and we're aiming to deliver the best information available for a better privacy. We are also using /r/privacy. Thank you for participating.

Don't submit suggestions here on GitHub. This is only for developing the website.

ChatSecure officially dropped support of Android platform and recommends ZomApp or Conversations. So Android should be removed (https://twitter.com/ChatSecure/status/780848326002429953)

Hello,

I wondered why privacy badger is not on the recommended list of browser privacy plugins?

Many Thanks