TL;DR: Part of a series of posts about tools, services, and packages that I use in day-to-day operations to boost efficiency and free up time for the things that really matter. This time around will be about privacy tools. Use at your own risk - happy to answer questions. For the full, continuously expanding list so far see here.

Disclaimer: I am not a security or privacy expert. Do your own due diligence and consider the following as pointers only.

With a lot of high profile data leaks (see e.g., here, here, here, here, here, and here), considerations to systematically weaken encryption via backdoors (see e.g., here, here, here, and here) to e.g., spy on your WhatsApp messages while still giving the impression of strong end-to-end encryption, GDPR coming into (full) effect (see e.g., here, here), and in general all types of issues with user tracking, selling data, etc., I thought it might be a good time to talk about privacy tools. There are tons of great tools out there, however I will only be able to touch upon a few, notably those that I have first-hand experience with. If there is a tool that you think should be here, drop me a line.

I will not dive into the question why privacy tools are useful/necessary; this has been done in many places elsewhere. However, I believe it is fair to say that it is quite hard to get a true grasp of what data is really collected how, where, when, and for what purpose (even ignoring higher-order cross-referencing etc). GDPR is not going to change that, with or without you clicking hundreds of “I accept/consent” buttons a day. In fact GDPR will likely amplify the current imbalance in favor of large tech companies as the invidual or smaller companies might outsource their data storage etc to big tech, rather than trying to navigate the complexities of GDPR themselves. All the more a reason to think about your data. Just to get a glimpse, if you have not done so yet: download your facebook or google data (how to download your facebook data or download your google data). Then take out half an afternoon browsing through the data trove; the experience might be quite sobering.

I would like to stress that the tools below do not guarantee privacy or safety etc. In particular, even with those tools in place your working assumption should be that there is always a risk of exploits and side channels etc. For example, suppose that through a backdoor, e.g., a keylogger is running on your phone or computer, then even the best tools cannot protect you; in the words of one of the articles from above:

The ability of encryption to shield a user’s communications rests upon the assumption that the sender and recipient’s devices are themselves secure, with the encrypted channel the only weak point.

Software

Signal

Secure open-source messenger.

Learning curve: ⭐️ Usefulness: ⭐️⭐️⭐️⭐️⭐️
Site: https://signal.org/

The messaging app Signal, which is available for iOS and Android (as well as on Mac/PC but requiring a phone with Signal), is considered one of the most secure messaging apps (see, e.g., here). There are several other messaging apps out there that also use the signal protocol, however Signal has the important advantage that it is open source. Moreover it has been scrutinized and reviewed by security experts and while some messengers like WhatsApp basically use the same protocol, you have no idea whether the app is trustworthy or whether it contains backdoors.

In terms of learning curve, it basically works like your favorite messaging app however lacking some of the bells and whistles. Signal also supports voice and video calls.

Threema

Secure messenger.

Learning curve: ⭐️ Usefulness: ⭐️⭐️⭐️⭐️⭐️
Site: https://threema.ch/en

Another choice is Threema. It is also considered a very good messenger with strong encryption, however the code is not open source. This is precludes public code review by security experts, which traditionally has led to harder code with fewer exploits. Apparently there has been some closed-door code review though.

Threema looks like your favorite messenger with a set of features comparable to Signal.

For more on secure messengers etc, the website securemessagingapps provides a general overview of the different messengers and their security/privacy features.

Brave

Privacy-aware web browser based on chromium.

Learning curve: ⭐️ Usefulness: ⭐️⭐️⭐️⭐️⭐️
Site: https://www.brave.com/

Based on the same Chromium backend as Google Chrome, Brave is a very fast webbrowser with extensive privacy tools, blocking various trackers, cookies, and finger printing. Moreover, it supports most of the Chrome extensions which is quite useful and basically you can change from Chrome to Brave with little to no work. Brave also supports an experimental model called Brave Rewards to support content creators not through ads but through a micro-payment like system:

Activate Brave Rewards (available on desktop only) and give a little back to the sites you frequent most. Help fund the content you love – even when you block ads.

Browsing the web with Brave is free: with Brave Rewards activated, you can support the content creators you love at the amount that works for you.

Finally Brave is very fast, in fact much faster than Chrome, probably due to blocking tons of scripts, trackers etc. Brave is also available on mobile (iOS and Android). Also, for the geeks, Brave supports IPFS and Tor directly out of the box.

Firefox

Browser with strong privacy features.

Learning curve: ⭐️⭐️ Usefulness: ⭐️⭐️⭐️⭐️⭐️
Site: https://www.mozilla.org/en-US/firefox/

Another great browser is Firefox, which also comes with extensive privacy tools and arguably one of the first browsers taking privacy seriously. Firefox is a great browser, however I opted for using Brave for compatibility reasons (see, e.g., this article on Verge for some discussion).

GnuPG

State-of-the-art open-source encryption suite.

Learning curve: ⭐️⭐️⭐️ Usefulness: ⭐️⭐️⭐️⭐️
Site: https://gnupg.org/

Last, but not least: encryption. This does not directly relate to privacy in the sense from above but is of no lesser importance. If you need state-of-the-art encryption both for emails and also files, then GnuPG is the answer. It takes some time to getting used to but both the tools and underlying protocols are rock solid and it is open source.

Services

DuckDuckGo

Search engine that respects your privacy.

Learning curve: ⭐️ Usefulness: ⭐️⭐️⭐️⭐️
Site: https://duckduckgo.com/

Complementing a privacy-enhanced webbrowser, it makes sense to consider a search engine that respects your privacy. A great choice is DuckDuckGo. While not perfect, for your normal day to day use it gets the job more than done and if you feel that you are missing out on something, you can always head over to google.