Privacy-enhancing software I trust / recommend
What: Feature-rich email, calendar, contacts, notes and (simple) file storage, based in Germany, supports encryption (PGP), 2-factor authentication (inc. Yubikey)
Why: Gmail's business relies on selling out your privacy to advertisers (same as Facebook), they don't store your data securely, don't support encrypted emails. Yahoo are even worse (all 3 billion of their accounts were exposed). Such companies also comply with government surveillance; they are not "free". You pay with your privacy. Mailbox is an alternative. Other good alternatives include Protonmail, Tutanota and Fastmail.
What: Free, open-source way to send end-to-end encrypted SMS messages, pics and voicemails via mobile, Windows, Mac or Linux.
Why: "Normal" text messages are subject to mass surveillance, so is Google 'Allo, etc. Signal is very easy to use.
What? Open-source, end-to-end encrypted (private/secure), affordable Slack-type way to chat via chatrooms/channels, manage team projects, share files, etc. Available on Windows, Mac, Linux and Mobile. Well-featured free version.
Why: Messages on Slack (and many like it) are not encrypted and can be read by Slack's admins, govt agencies, any hackers that breach their systems. Peerio's encryption protects against this.
What: Free, open-source, end-to-end encrypted password manager with strong features and that syncs your passwords, notes, attachments between devices, including mobile.
Why: You should be using a password manager. Bitwarden is more trustworthy than closed-source alternatives like Dashlane, Lastpass and 1Password. Lastpass (and maybe the others) doesn't encrypt domains you have accounts with, which could be used to profile where you go online/who you are. Bitwarden is easy to use, supports 2-factor authentication and has good browser plugins. Paid version is only $10/year.
What: A small USB device that plugs into your computer. You press a button when asked and it delivers a unique code used to authenticate you as your 2nd factor when logging into many different websites and services.
Why: You should have 2nd factor authentication enabled for as many services as possible. Yubikeys are cheap, extremely durable and contain no private information. They're extremely easy and quick to use. You can have multiple Yubikeys and use a friend's as a backup option. There's nothing to install, either. They work on all operating systems for logging into many services and apps, including: Bitwarden (see below), Lastpass, Keepass, Dashlane, Gmail (via Chrome), Mailbox.org, Fastmail, Tutanota, Microsoft Windows... it goes on and on...
What: Creates and encrypted version of your data in a "vault", which you sync to the cloud.
Why: Dropbox, Google Drive, iCloud and others can't read your private data, can't give it away to government surveillance requests and can't lose it in a readable format to hackers. Cryptomator is free, open source (trustworthy), uses the best encryption there is for this sort of thing and works on all platforms.
What: Swiss-based Dropbox-like service that syncs your files across Windows, Mac, Linux and mobile with zero-knowledge encryption, 2-factor authentication, and strong features for business. Expensive but might be worth it.
Why: Unlike Google Drive, OneDrive, Dropbox, Sugarsync, iCloud, Box.com etc., Tresorit cannot see or share (with governments) or leak (to hackers) the contents of your files. The other services I mentioned are subject to mass surveillance, and at least Google's case, make money from trawling through your private content for infomation to profile you, sell to advertisers. Where will that data be in 20 years? Who will incriminate you, dox or blackmail you or increase your insurance premiums using it? No one if you take precautions now to make sure it's not out there to begin with.
What: Canadian, Dropbox-like service that uses end-to-end encryption to provide waaay more privacy than you get from Dropbox, Google Drive, Box.com, Sugarsync, iCloud, etc. Works on Windows, Mac and mobile (not Linux).
Why: Dropbox, Google Drive, Box.com, Sugarsync, iCloud and most other similar services can see the contents of everything you store with them and hand it over to governmet(s) on request. Zero-knowledge encryption means Sync.com cannot see your stuff, can't give it to govt agencies or lose it to hackers who breach their servers. Very competitive price.
What: A VPN provider. Makes your online browsing much more anonymous.
Why: Without a VPN, your ISP (internet company) knows everything you do online and can track and sell info about your every move. In the US it became legal in 2017 for ISPs to profile their customers and sell their private data to the highest bidder. So if you searched for "nasty rash", every advertiser out there might know that. Using a trustworthy VPN will keep that information from your ISP. Private Internet Access are one of the most trustworthy out there (for too many reasons to mention here), they don't keep logs and in 2018 have promised to open source their code. They are also cheap. A good alternative is [ProtonVPN].(https://www.alternativeto.net/software/protonvpn )
What: A DNS service. When you type in "www.whatever.com " , it figures out how to convert that into computer speak and connect you to it.
Why: 126.96.36.199 are owned by Cloudflare. Their technology makes 188.8.131.52 blazing fast. Moreover, if you don't use them, you're using either Google's DNS servers or the DNS provided by your internet company. In that case, everything you search for is being tracked and can be sold to advertisers. Cloudflare promise to delete all records of what you've been doing online within 24 hours and never to sell it. Oh, and it's free, just see the instructions page: https://184.108.40.206
What: Japan-based note-taking app. Uses markdown format, but has many convenient shortcuts built in. Uses end-to-end encryption (developer, hackers can't get your data) and syncs to Windows, Mac, Linux and mobile. Free for 2 months, then $5/month.
Why: Evernote, Bear and OneNote can read your notes, give them to others under subpoena, and lose them to hackers. Evernote has been hacked multiple times, lost people's data and have very poor judgement on privacy. Evernote and OneNote don't support Linux, Bear only works on Mac/iOS. Additionally, Inkdrop recognizes and colors programming syntax, is in active development and has growing support and feature sets.
Veracrypt can create encrypted containers for files or even encrypt whole hard drives or USB sticks. This is so no one except you can open and view the contents. It is built on the old TrueCrypt project, which was very popular. Somehow people are still recommending TrueCrypt (even though it's outdated), even though Veracrypt is newer, has had a number of security audits and improvements and has had more functionality added. It is an excellent, free and open source project run by academics in France.
Enter a password and your mounted (opened) contained or drive behaves just like any other hard disk on your system (e.g. copy/paste files with no noticable lag.) You can choose from various different (or even multiple) encryption protocols. You can even create hidden containers so that you can deny your secrets exist, even to authorities. One password opens up a drive with boring files, a different password opens your secrets. No one can prove the one with secrets even exists. Very clever. (This is called "Plausible deniability" under US law; read about it on Veracrypt's webpage.)
Veracrypt is for protecting data from prying eyes (e.g. so that no one can read it of your computer is lost, stolen or confiscated) or if your kids go snooping on your computer. Know, however, that encrypted containers are not good for syncing data; for that you want something like Cryptomator (or a service like Tresorit, Spideroak or Sync.com). These and Veracrypt complement each other, so you can (and probably should) use both. Veracrypt works on Windows, Mac and Linux (and probably BSD, I should imagine.)
What: Free, open-source, browser extension (Firefox, Chrome, Vivaldi, Opera, related) that forces connections to websites to use the more secure (and private) https protocol, where available.
Why: Http connections to websites make it possible for others (hackers, ISPs) to see what content you're looking at online. Https makes this hard. Some websites offer https but this extension forces the connection to go the more secure route. Extremely easy to use: add it to your browser and forget it.
What: Websites track everything you do and advertise to you all the time. uBlock Origin is a free and open source browser extension (all major browsers) that blocks all that stuff.
Why: Because privacy. And because adds are annoying. And because it makes websites load faster. And because it's free, open source and developed by the good folks at the Electronic Frontier Foundation (one of the internet's few good guys who fight for your online rights).
What: Free and open-source way to send large files to another person privately without anyone else's servers in the middle storing your data. Both sender and recipient should be online at the same time.
Why: Easy to use, allows larger files than email, makes it difficult for anyone else to see what you are sending. Files are transfered using SSL encryption.
Also consider: Syncthing (especially if you have many files to transfer)
When picking an app, any app, ask yourself:
Glad to see that your back! Have been missing your comments / reviews. Nice that you found the list feature!
[Edited by Ola, March 25]
Thanks. Nice to be back.
Well-researched, informative and ample list from a trustworthy source. Thumbs up, John!
One question, on bitwarden's entry, you don't mention Encryptr. Do you still recommend it as a good password manager alternative? Cheers.
[Edited by carmelapedinni, April 19]
Encryptr meets some of my favourite criteria: open source and good encryption. (It's made by the folks at SpiderOak.)
However, Encryptr is very simple. It lacks two-factor authentication (2FA), so that makes it less safe (or as safe as Bitwarden without 2FA on). You should aim to have 2FA if you can, particularly for important things. Encryptr has no browser plugin, and so you have to copy/paste your login credentials into a browser. Generally, it's not the best idea to have passwords stored in your copy/paste clipboard as, in principle, that could be read by mailcious apps.
I would say that Encryptr is best to recommend to people who are really not used to using computers (e.g. my grandma); few apps are simpler. It's better to have than nothing, but it doesn't have enough features for me. But it's free (as in beer) and you can just download it and play with it for 10 minutes to see if it's for you.
Thanks so much for the through answer. I've been using Encryptr for a while now but I'm also missing some of the features you mentioned, especially on mobile. I'll definitely look into your other suggestions, then! Cheers.