Firefox is the most fully-featured open source browser available. In late 2017 an update increased the performance of Firefox to make it much faster than Chrome. Firefox is also the most configurable web-browser (via the about:config menu), and has a huge number of extensions. Most importantly, it is not built from the ground up to spy on you.

Brave is a relative of Chrome but built from the ground up to protect your privacy and anonymity. It's open source and has ad-blocking, tracking and fingerprint protection built in directly (check the "shields" menu). An excellent project.

Tor isn't like a normal browser. It redirects your traffic through three layers of servers, so that it's extremely difficult to tell where in the world you are when you're accessing something online. Some websites are only accessible through Tor. It's slow, but does a great deal to protect privacy, as long as you follow advice about how to use it wisely.

Websites track everything you do and advertise to you all the time. uBlock Origin is a free and open source browser extension (all major browsers) that blocks all that stuff. Because it blocks ads from loading, you use less data (pay less for it too, perhaps) and the internet becomes faster. Developed by the Electronic Frontier Foundation, who fight for your online privacy rights, amongst other things.

Control your cookies! This extension is inspired by Self-Destructing Cookies. When a tab closes, any cookies not being used are automatically deleted. Prevent tracking by other cookies and add only the ones you trust.

Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.

If you connect to a website via http only, the traffic between your computer and that website is visible to others. If you connect via https, it travels encrypted and is very difficult for outside people to spy on. Many websites have both options. This browser add-on ensures https is used wherever it's available. (Hint: https connections usually give rise to a little green padlock symbol to the left of the website address in your browser.)

Start page actually gives you Google results. They anonymize your searches so that Google doesn't know it's you that's searching. So overall: Google levels of accuracy, except for anything that's location-based.

DDG is a privacy-focused search engine that does particularly well for US- and Canadian users. They are huge champions of privacy, support many excellent privacy-related causes.

If you want a quick guide on what is wrong with common search engines, like Google, visit DuckDuckGo's own page on the topic over at donttrack.us

A meta search engine (it aggregates results from other search engines). Free, open-source and doesn't track you or collect data that violates your privacy.

Qwant is an ambitious French project to offer a Google search alternative. It's private and closed source, but promises and seems not to track its users. It makes a solid contribution to the mix of privacy-respecting search engines required to replace Google's power.

A Swiss email service that encrypts your inbox so that governments, hackers and not even Protonmail themselves can see it, steal it, use it to profile you or sell it to others. You can send encrypted emails to both Protonmail and non-Protonmail users (the latter via pre-agreed passwords). Being based in Sweden puts PM outside US and EU law, meaning they can't be forced to give up any user data to outsiders without Swiss court approval - an extra level of confidence inspiring protection. PM offers 1GB free accounts. Paid users get to use their own domains and Bridge, a Windows, Mac and Linux app that lets you sync your emails locally to an email client (e.g. Thunderbird, so you can search it and back it up.

A German email service that encrypts your inbox so that governments, hackers and not even Protonmail themselves can see it, steal it, use it to profile you or sell it to others. You can send encrypted emails to both Tutanota and non-Tutanota users (the latter via pre-agreed passwords). Perhaps Tutanota's best feature is their search: despite the privacy-enhancing encryption, you can still search your emails by body text. Amazing.

Feature-rich email, calendar, contacts, notes, (simple) file storage and even document processing based in Germany. Email encryption (via PGP), 2-factor authentication (inc. Yubikey) makes it a particularly attractive service. You get the choice whether you store your encryption keys or they do. Hugely more private than the likes of Gmail, but not as secure as Protonmail. An excellent compromise.

A free, open-source way to send end-to-end encrypted SMS messages, pics and voicemails via mobile, Windows, Mac or Linux. You install it and forget about it, but mass surveillance programs can't read the messages you send. If you heard that WhatsApp is encrypted, you're right: they do it using Signal's protocol. Except that Signal implement it in a much more secure way.

Based in Germany, Stackfield offers end-to-end encrypted Slack-type functionality. They can't read what your team is discussing, can't give it away and even successful hackers won't be able to make head nor tail of it. Stackfield is good for sharing messages, files and even calendaring across projects. Their support staff are also very responsive.

An open-source, end-to-end encrypted (private/secure), affordable Slack-type way to chat via chatrooms/channels, manage team projects, share files, etc. Available on Windows, Mac, Linux and Mobile. Well-featured free version.

A free, open-source, end-to-end encrypted password manager with strong features and that syncs your passwords, notes, attachments between devices, including mobile. It's easily the best LastPass-like service, except that it encrypts everything, which LastPass does not. Bitwarden is easy to use, supports various 2-factor authentication methods and has excellent browser plugins. The developer is extremely responsive. The paid version is only $10/year, which means it's better value than LastPass, Dashlane and the others. Bitwarden is an absolutely excellent offering.

The best cross-platform, open-source, offline desktop password manager (if you want sync, you have to use another service, like Tresorit or Spideroak). Very consistent experience across Windows, Mac and Linux and compatibility wtih several mobile apps.

An open-source and free password manager by the people behind SpiderOak. It syncs your database between Mac, Windows, Linux and mobile. It's also very simple and very easy to use. This is the password manager to recommend to people who aren't too comfortable using computers, perhaps.

A small USB device that plugs into your computer. There's nothing to install: you just press a button when asked and it delivers a unique code used to authenticate you when logging into many different websites and services (including Gmail, Fastmail, Mailbox.org, Facebook, Bitwarden, LastPass, Dashlane, Tutanota, Keepass, MS Windows, Linux). Extremely durable and easy to use. Most services allow you to configure multiple Yubikeys (a good idea), you can use the same Yubikey for different services and you can even share them with trusted people (in face you lose it). It's a brilliant way of improving your online security.

If you use Google Authenticator on your phone, why not use this open source app instead? It does the same thing, but doesn't come from that nasty, privacy-disrespecting company. Works the same in all other respects, however.

Cryptomator creates and encrypted version of your data in a "vault", which you sync to the cloud using any service you like (even Dropbox or Google Drive). You can generate many such vaults and use them with different services, as you like. On your computer, they are ordinarily locked in a way that makes them inaccessible to anyone without the password. Cryptomator is free, open source and uses time-tested, reliable cryptography. It's the easiest way to add privacy to your existing service.

A Swiss, Dropbox-like service that syncs your files across Windows, Mac, Linux and mobile with zero-knowledge encryption, 2-factor authentication, and strong features. It's expensive but might be worth it; even Tresorit cannot see your data and it doesn't sit on their servers in any way that a hacker could make sense of, even if they did break in. The technical implementation of Tresorit's security is particularly impressive, and superior to just about any other service I know.

A Canadian, service that very much resembles Dropbox and its functionality. It uses end-to-end encryption to provide waaay more privacy than you get from Dropbox, Google Drive, Box.com, Sugarsync, iCloud, etc. Works on Windows, Mac and mobile (not Linux). Attractive pricing.

What: A VPN provider. Makes your online browsing much more anonymous. Why: Without a VPN, your ISP (internet company) knows everything you do online and can track and sell info about your every move. In the US it became legal in 2017 for ISPs to profile their customers and sell their private data to the highest bidder. So if you searched for "nasty rash", every advertiser out there might know that. Using a trustworthy VPN will keep that information from your ISP. Private Internet Access are one of the most trustworthy out there (for too many reasons to mention here), they don't keep logs and in 2018 have promised to open source their code. They are also cheap. A good alternative is [ProtonVPN].(https://www.alternativeto.net/software/protonvpn)

What: A Swiss VPN service run by the folks behind ProtonMail. It's on the pricey side, but it's one of the better, more trustworthy services out there (important!) and you get a discount if you buy it with a premium ProtonMail account. Why? A VPN helps you keep your internet activity hidden from the prying eyes of ISPs, who can sell it (in the US), or be forced to give it away to governments who want to profile their citizens. If you're not using a VPN, your ISP knows everything about what you do online. A VPN can also be used to appear as though you're in a different country, which can be useful for going around location-based restrictions.

What: A DNS service. When you type in "www.whatever.com", it figures out how to convert that into computer speak and connect you to it. Why: 1.1.1.1 are owned by Cloudflare. Their technology makes 1.1.1.1 blazing fast. Moreover, if you don't use them, you're using either Google's DNS servers or the DNS provided by your internet company. In that case, everything you search for is being tracked and can be sold to advertisers. Cloudflare promise to delete all records of what you've been doing online within 24 hours and never to sell it. Oh, and it's free, just see the instructions page: https://1.1.1.1

What: An encrypted, zero-knowledge productivity app that's about as good as Evernote for key note-taking functionality, but with much more security and privacy. Why? Because Evernote, OneNote and their ilk don't store user data in a secure enough or privacy-respecting way, are under the jurisdiction of the NSA and FBI who can subpoena your notes and data without telling you, and because they don't offer Linux clients. Cryptee offers a lot already, and it's only very fresh to the game. Check it out!

Open source, markdown-based note taking that syncs to desktop and mobile. Crucially, your notes are encrypted with a password only you have, so Standard Notes, governments and hackers can't read them. The paid version allows you to extend functionality through a growing list of add-ons.

What: A very promising, multi-platform, open-source (and free!) markdown-based note-taking app. Why? On Mac, Windows and Linux, Boostnote stores your data in any folder you designate, which you can then sync using whichever service you like (see below for syncing software). So you can have your notes everywhere, using end-to-end encryption. It also has tagging, instant search, cross-note links and code highlighting. It's open-source, trustworthy and developing quickly. Syncing to mobile needs development, but Boostnote is the best note-taking app I know so far.

Summary:

• Veracrypt creates encrypted 'containers' for your files to hide them from anyone who has physical access to your computer.
• Works on: Windows, Mac, Linux
• Free and open source
• Replaces: Nothing, really. Unique and amazing.
• Also consider: Nothing comes close. SOME of what VeraCrypt does can be done using Cryptomator in a very limited way. In reality, they complement each other though.

Veracrypt can create encrypted containers for files or even encrypt whole hard drives or USB sticks. This is so no one except you can open and view the contents. It is built on the old TrueCrypt project, which was very popular. Somehow people are still recommending TrueCrypt (even though it's outdated), even though Veracrypt is newer, has had a number of security audits and improvements and has had more functionality added. It is an excellent, free and open source project run by academics in France.

Enter a password and your mounted (opened) contained or drive behaves just like any other hard disk on your system (e.g. copy/paste files with no noticable lag.) You can choose from various different (or even multiple) encryption protocols. You can even create hidden containers so that you can deny your secrets exist, even to authorities. One password opens up a drive with boring files, a different password opens your secrets. No one can prove the one with secrets even exists. Very clever. (This is called "Plausible deniability" under US law; read about it on Veracrypt's webpage.)

Veracrypt is for protecting data from prying eyes (e.g. so that no one can read it of your computer is lost, stolen or confiscated) or if your kids go snooping on your computer. Know, however, that encrypted containers are not good for syncing data; for that you want something like Cryptomator (or a service like Tresorit, Spideroak or Sync.com). These and Veracrypt complement each other, so you can (and probably should) use both. Veracrypt works on Windows, Mac and Linux (and probably BSD, I should imagine.)

What: Free and open-source way to send large files to another person privately without anyone else's servers in the middle storing your data. Both sender and recipient should be online at the same time. Why: Easy to use, allows larger files than email, makes it difficult for anyone else to see what you are sending. Files are transfered using SSL encryption. Also consider: Syncthing (especially if you have many files to transfer)

Install on two devices, and type in the codes. Then wait a bit whilst it comes to its senses. Once it's ready, you can transfer files between the two devices at very fast speeds (I got up to 90 MB/s on my own Wi-Fi network, but you can do it between two computers in different locations. The file transfer is encrypted by SSL. Syncthing is free, open source and multi-platform, although it's very slightly counter-intuitive for beginners. But not in a way that should stop you trying it.