privacytools / privacytools.io Goto Github PK
View Code? Open in Web Editor NEW🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
Home Page: https://www.privacyguides.org
License: Creative Commons Zero v1.0 Universal
🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
Home Page: https://www.privacyguides.org
License: Creative Commons Zero v1.0 Universal
In the email providers section (under "related information") there is a link OpenMailBox keeps one year logs of meta-data
with a link to a forum post. This link doesn't work any more (404 error).
Link in question: https://www.openmailbox.org/forum/viewtopic.php?id=390
The link is not archived in The Wayback Machine.
Relevant bits:
OmniROM was created in response to the perceived commercialization of CyanogenMod. The directors of Cyanogen Inc. refuse to make signature spoofing a default feature of Cyanogen OS, making it harder to stay anonymous, and in particular to hide your identity from Google. OmniROM has signature spoofing enabled as a default feature.
I think this information is unnecessary for the tagline. The OmniROM About page and their first blog post don't mention it at all:
Secondly, we love CM and immensely respect the entire team there and their contributions to the community at-large. It’s a great product, and if they can get 300 million users, that would be amazing for everyone. We are conscious of people who think we’re scavenging disgruntled developers from other projects. This is not our goal. We have positioned Omni as being about the community, and we will not abide bashing of other custom ROM projects. We will do our best to find common ground in the spirit of collaboration and cooperation.
With that said, I'm not sure how to summarize what differentiates OmniROM with a single sentence. Customizability seems to be a major goal?
Hi
"alt" parameter in fingerprint image it's wrong:
've phun!
re: https://www.privacytools.io/#dns
A couple issues here. First, they are an Australian company (Five Eyes)! Second, if you've tried to hit up their homepage since June, you were presented with an expired SSL certificate (https://cloudns.com.au/). Rookie.
How did they become the recommendation? Can we get that recommendation removed? There are plenty of other DNS and DNSCrypt providers out there.
Should we delete the other branches?
Hi guys,
I've been removing several Firefox addons in the past weeks because they were redundant with each other. We should not recommend several Firefox addons that are doing the same job. I'm not sure about these four addons at the moment: uBlock, Decentraleyes, uMatrix and NoScript.
Please help me out. Should we remove some more?
Thanks
In the source here, https://github.com/privacytoolsIO/privacytools.io/blob/master/index.html#L1361, the link to the Pond project is down. I don't know anything more about the project, but after a search for it, I found this repo https://github.com/agl/pond which explains the project is basically abandoned. Perhaps it'd be better to swap Pond and the current Honorable Mention, RetroShare?
This isn't really a big issue. I remember seeing a post it a while back but CanaryWatch was no longer maintained. You can check the links below:
https://canarywatch.org
https://www.eff.org/deeplinks/2016/05/canary-watch-one-year-later
Maybe we can either put a "Note: No Longer Maintained" or either remove it; it would not be that useful anymore because the last updated canary dates are in May/June.
Do you need help dealing with PR's etc? I am happy to help. Maybe the account should be migrated to an organization and you can get a few privacy advocates to help you manage the site? I'd be willing to contribute time/resources to help manage it.
Also, contribution guidelines could be fleshed out to include what you/we would consider a good tool, not just the technical constraints on logo size, etc.
Since I knew this great resource I tried to spread about it.
So I create a spanish translated version that I tried to mantain updated (last commits in the english version are not still done in spanish version :) )
Make sense add a link to the page I have translated and mantain hosted in GitLab?
Thanks for this great resource!
PS: translation is done for non profit, of course! so links to bitcoins, etc points to the original links.
As @johnnagro suggested in #90, I think the account should be turned into an organization.
I created a separate issue for this, as I think we should discuss this and choose some organization members.
It's important for a website like privacytools.io to be up-to-date. Keep an eye on software updates of the applications listed here. Follow recent news about providers that are recommended. We try our best to keep up but we're not perfect and the internet is changing fast. So if you find an error, or you think a provider should not be listed here, or a qualified service provider is missing or a browser plugin is not the best choice anymore or anything else...
Talk to us please. Join our subreddit and start a discussion. This is a community project and we're aiming to deliver the best information available for a better privacy. We are also using /r/privacy. Thank you for participating.
Don't submit suggestions here on GitHub. This is only for developing the website.
Hi.
In the "uBlock Origin" section you can read:
"OS: Firefox, Safari, Opera, Chromium."
In that sentence OS means Operative Sistems? If so, I think that those are not OS but web browsers, right?
've phun! ;)
At least "Google" does not show up in the DropDown box.
https://search.disconnect.me/
Current search engines are
I remember privacytools.io had a search bar for its instance of a searx engine. I want to include one like that on my site with my searx engine instance and i was hoping you could share the html\css\js. Also why isnt searx in the recommended list anymore?
Your web page currently reads ..
How to fix the WebRTC Leak in Google Chrome?
There is no known working solution, only a plugin that is easily circumvented. Please use Firefox instead.
Recommend ..
A suggestion to use Chromium builds from http://chromium.woolyss.com/
There are build options for 32 and 64 bit, with / without proprietary codecs and with / without Sync, WebRTC and Widevine
Have a good read of the site, a lot of good information / advice and a recommend for your site too.
It offers Chromium builds without any google additions, and is not a hack like some third parties would offer claiming they have removed Google features ( but then they add their own agenda "features" ).
Its just pure unsullied Chromium Dev builds
I'm not a native english speaker and might have done some mistakes on the website. Please help out.
The section about messengers is sadly very misleading in my opinion.
Have you ever used ChatSecure?
I suppose you recommend it becuase it runs on multiple mobile operating systems.
Are you aware that it is different on each of these, has different featuers?
Can it do http_upload, carbons? Do you tell people about how OTR can also be a pain if you have multiple devices? It doesn't seem so, which will result in users trying the software, seeing that it doesn't work as expected and saying its no good.
In my opinion the best XMPP client for mobile is Conversations, which is mentioned on the page too.
I think one should just mention XMPP in general and then link to a broader explanation of it. Explaining that behaviour of clients can differ depending on which XEPs they support. And listing a good pre selection for people who do not want to read all those details. Which in my opnion is: Conversations for Android, Gajim and Swift for desktop. I can't speak for iOS since I don't use it.
This would also give the user the right impression: it's not just for mobile but for all kinds of things. Currently in my opinion it looks like its a mobile only thing.
ownCloud has been forked to Nextcloud, many core developers have also moved on to Nextcloud. Wikipedia has more insight and references for the history and the reason of the fork https://en.wikipedia.org/wiki/Nextcloud.
If this issue is valid then I'm happy to make a PR to update the website.
I noticed in the Information section you have "Security Now!" included in the list of links. I would like to request the addition of the Tech Snap Podcast. The information is great, especially for those with technical knowledge as the hosts go in to great depth on the topics they cover. Very thorough, insightful and valuable security information for those who want to stay informed and aware.
CloudFlare is a major privacy issue to the users of a site protected by it.
Is there a good reason to use it for privacytools.io?
Hi,
I posted
https://reddit.com/r/privacytoolsIO/comments/4yjbi9/vpn_services_are_terrible_lt2p_ipsec_is/
I suppose we should make sure to warn people about LT2P and that pre-shared keys are not very secure.
Maybe we should add paste services too? I think it's a good idea to have paste services listed, as some people want to share code or simply plain text files with some privacy (and without pastebin captchas).
For example, ghostbin seems like a good candidate.
It's open source, supports expiration and encryption - perfect for privacy.
Supports code highlighting, having an account for managing pastes - like pastebin, gist.github.com, ....
Also
Ghostbin user accounts exist solely for keeping track of your own pastes.
No personally-identifying information is retained as part of your user account—even when you use Email. Promise.
See this issue on the Windows 10 privacy tool:
10se1ucgo/DisableWinTracking#147
We will need to find an alternative, or someone to take up maintenance of that app.
Epic is a Chromium based web browser that encrypts user identity, lets users browse privately on the internet and also protects users from tracking attempts made by other websites, scripts and other possible vulnerabilities. https://epicbrowser.com/
There are some problems with the email providers. For example, Tutanota says it's free, which it is. But it also says it accepts Bitcoin, but why does a free service accept Bitcoin? It also says it supports custom domains, which is does, but only if you pay. But wait, isn't it free?
It seems like there should be another column, like "Free option" with the choices "yes" or "no.
Also, there should be more options under "Custom domain": "Yes", "Yes (Paid accounts only)" and "No".
I think this would add clarity. I will make a PR if there's no disagreement.
Before suggestions were only welcome in our Subreddit but it makes sense to accept them here as well. I don't want to force users to sign up on reddit in order to participate.
Hi guys,
Recently I began searching for a search engine (pun intended). Certainly I came across DuckDuckGo and searched for information since a lot of people regard it as a search engine which respects privacy.
I came across a few problems (relevant source, sadly in german: http://www.zeit.de/digital/datenschutz/2014-01/duckduckgo-startpage-ixquick-nsa) :
I suggest removing DuckDuckGo from the list and maybe taking startpage.com as a candidate. I have not found information regarding startpage which shows that it is not trust worthy regarding privacy
EDIT: I would be delighted to create a PR if others agree
The Subrosa over. It is discontinued. Please remove this software. Using Google Translate.
Hey,
Great site and very useful for digisec trainings!
Just wanted to see can we space on the site for Umbrella App. It's free, open source on Android and contains tons of lessons on privacy related issues like digital and physical security - from how to send a secure email to dealing with being under physical surveillance.
Google Play Store:
https://play.google.com/store/apps/details?id=org.secfirst.umbrella
Amazon App Store:
https://www.amazon.com/Security-First-Umbrella-made-easy/dp/B01AKN9M1Y
F-Droid Repo:
https://secfirst.org/fdroid/repo
Github Repo:
https://github.com/securityfirst
Code Audit:
https://secfirst.org/blog.html
...
Hello,
I wondered why privacy badger is not on the recommended list of browser privacy plugins?
Many Thanks
Move "other OTR clients" from the ChatSecure description to the Worth Mentioning section.
I think we should add tutorials for some of the tools. How to install, use, secure the tools, ... I'm willing to help writing them.
Thoughts?
Hi.
In point 6, the text that explain every number start with a lower case letter.
And in point 7, the text starts with capital letter.
I think that would be better to start in the same way...
've phun!!
ChatSecure officially dropped support of Android platform and recommends ZomApp or Conversations. So Android should be removed (https://twitter.com/ChatSecure/status/780848326002429953)
With regards to your section ..
"Don't use Windows 10 - It's a privacy nightmare"
And recommendations for tools to download to assist locking down Privacy issues / settings not so easily accessed by the general public
Recommendation ( From the same people who we have all been trusting for many years who create SpyBot Search and Destroy )
https://www.safer-networking.org/spybot-anti-beacon/
👍
Just found out about Qwant:
Should we replace it with Disconnect?
Ghostmail makes Confusing claims like "the safest place on the Internet", "Once it’s deleted it’s gone forever." (although there is no forward security!), "Data is encrypted at all times."
There is no way to verify these claims as the service is based on proprietary, hardly documented encryption.
EDIT: I was wrong, Ghostmail is actually open source and there has been a security audit. I am Sorry.
Can I use IMAP/SMTP (external email client i.e. Thunderbird)?
GhostMail is built to offer our users the best privacy and security. Hence we don't allow usage of IMAP/SMTP etc. as emails then will be vulnerable in case your computer or smartphone gets compromised.
By disallowing SMTP (isn't that a requirement to be listed anyway?), Ghostmail hinders its users from using the encryption software of their choice. Using a shady webapp instead of a real mail client provides absolutely no protection in case the device gets compromised. Quite the contrary, this model introduces new attack vectors because users have to rely on the integrity of the website anytime it loads in addition to that of their devices.
Ghostmail accounts can only connect to other ghostmail accounts. Therefore, a ghostmail account cannot replace a real email account.
In short: Ghostmail only let's you send messages to other ghostmail users, it doesn't allow you to encrypt your messages with the software of your choice and the information on the website is misleading. Ghostmail shouldn't be listed as a Privacy-Conscious Email Provider.
Good starting point: http://alternativeto.net/software/evernote/?license=opensource
Criteria:
There can be exeptions if no software is available that meet the criteria.
Edit: My current favorites are: Turtl, Simplenote and Laverna. Not sure about the order yet.
What do you guys suggest?
CanvasBlocker is a Firefox addon to prevent canvas fingerprinting.
Does anyone have experience with this addon?
It should be 'browser.safebrowsing.phishing.enabled = false' not 'browser.safebrowsing.enabled = false'
GNUnet, Freenet or I2P may provide better anonymity, but popularity is important too.
Especially because of the
If you are currently browsing the Clearnet and you want to access the Dark web this section is for you.
Given most popular hidden services use Tor, I suggest moving Tor to the second place, leaving I2P first. Because unlike Tor, it's only a self-contained network, but unlike GNUnet and Freenet, it's also pretty popular.
I found these two threads about some about:config privacy enhancements that I thought might be of interest:
https://airvpn.org/topic/19582-hardening-of-firefox/
https://airvpn.org/topic/15769-how-to-harden-firefox-extreme-edition/
I especially found this part from the first link interesting:
network.http.send.RefererHeader"
- sends the next website that you visit information from which site you come (e.g. by clicking on a link)
standard-value is "2" which means it does send these informations.
setting the value to "1" is the same, only if you click on images, the RefererHeader won't be send anymore.
setting the value to "0" disables the RefererHeaders completely.
The correct entry is however network.http.sendRefererHeader
and I did not find the entry for HTTPS pages that the poster mentioned after that, so maybe they were merged into one entry?
Regarding https://www.privacytools.io/#vpn
The sorting of prices is all wrong. Some prices are in EUR others in USD. And even the sorting of the same currency doesn't work.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.