🔗 Privacy Resources

Tools, services, and organizations for digital privacy and security

⚠ī¸ Critical Disclaimers

  • We do not endorse any of these services or organizations
  • We have no control over these external resources
  • Services can change policies, be compromised, or shut down
  • Any service within reach of an adversary can be compelled to cooperate
  • Some links may include affiliate programs to support this site's operation
  • Always research current best practices and make your own informed decisions

Trust Rating System

đŸŸĸ High Trust

Strong privacy practices, good track record, transparent operations

🟡 Moderate Trust

Generally privacy-focused but some concerns or limitations

🔴 Low Trust

Known data collection, poor practices, or serious privacy concerns

âšĢ Unknown

Insufficient information to assess privacy practices

📧 Email Services

đŸŸĸ

ProtonMail ℹī¸

Location: Switzerland
Features: End-to-end encryption, zero-access encryption
Concerns: Swiss legal jurisdiction, some metadata logging
Best for: General secure email

đŸŸĸ

Tutanota ℹī¸

Location: Germany
Features: Full encryption, calendar integration
Concerns: EU jurisdiction, limited IMAP support
Best for: Privacy-focused users

🟡

StartMail ℹī¸

Location: Netherlands
Features: PGP integration, disposable aliases
Concerns: EU jurisdiction, less audited
Best for: Business users

🔴

Gmail ℹī¸

Location: United States
Features: Convenience, integration
Concerns: Extensive data mining, ads, surveillance
Best for: Avoid for privacy

đŸ’Ŧ Messaging Apps

đŸŸĸ

Signal

Location: United States (Signal Foundation)
Features: End-to-end encryption, disappearing messages
Concerns: Phone number requirement, US jurisdiction
Best for: Most users seeking secure messaging

đŸŸĸ

Briar

Location: Decentralized
Features: Peer-to-peer, no servers, works offline
Concerns: Limited features, smaller user base
Best for: High-risk activists

🟡

Element (Matrix)

Location: Decentralized protocol
Features: Federation, open source, bridging
Concerns: Server dependency, complexity
Best for: Tech-savvy users, organizations

🟡

Telegram

Location: UAE/Various
Features: Large groups, channels, bots
Concerns: Default chats not E2EE, jurisdiction
Best for: Public communications only

🔴

WhatsApp

Location: United States (Meta)
Features: Widespread adoption
Concerns: Metadata collection, Facebook integration
Best for: Avoid for privacy

🔴

Discord

Location: United States
Features: Gaming focus, communities
Concerns: No E2EE, extensive logging, surveillance
Best for: Avoid for privacy

🔒 VPN Services

⚠ī¸ VPN Limitations

VPNs can be compromised, may log data despite claims, and are subject to jurisdiction laws. No VPN provides complete anonymity. Consider your threat model carefully.

đŸŸĸ

Mullvad VPN ℹī¸

Location: Sweden
Features: Anonymous signup, no logs audited
Payment: Cash, crypto accepted
Concerns: Fourteen Eyes jurisdiction
Affiliate: Yes ⭐

đŸŸĸ

IVPN ℹī¸

Location: Gibraltar
Features: No logs audited, multi-hop
Payment: Cash, crypto accepted
Concerns: Smaller network
Affiliate: Yes ⭐

🟡

ProtonVPN ℹī¸

Location: Switzerland
Features: Free tier, Secure Core
Payment: Standard options
Concerns: Limited crypto payment
Affiliate: Yes ⭐

🔴

ExpressVPN ℹī¸

Location: British Virgin Islands
Features: Large network, good speeds
Concerns: Owned by Kape, questionable logging
Best for: Avoid due to ownership

🌐 Web Browsers

đŸŸĸ

Tor Browser

Base: Firefox ESR
Features: Built-in Tor, strong privacy
Concerns: Slower speeds, some sites block Tor
Best for: Maximum anonymity

đŸŸĸ

Firefox (Hardened)

Organization: Mozilla Foundation
Features: Open source, customizable
Concerns: Default settings collect data
Best for: Daily browsing with hardening

🟡

Brave

Company: Brave Software
Features: Built-in ad blocking, BAT tokens
Concerns: Crypto focus, past controversies
Best for: Users wanting convenience

🔴

Chrome

Company: Google
Features: Fast, widely compatible
Concerns: Extensive tracking, data collection
Best for: Avoid for privacy

🔍 Search Engines

đŸŸĸ

DuckDuckGo

Location: United States
Features: No tracking, no personalization
Concerns: US jurisdiction, Microsoft syndication
Best for: Most privacy-conscious users

đŸŸĸ

Startpage

Location: Netherlands
Features: Google results without tracking
Concerns: Owned by System1, limited results
Best for: Users wanting Google results privately

🟡

Searx

Type: Open source, self-hostable
Features: Aggregates results, no tracking
Concerns: Instance reliability varies
Best for: Tech-savvy users

🔴

Google

Location: United States
Features: Comprehensive results, AI features
Concerns: Extensive profiling, tracking, surveillance
Best for: Avoid for privacy

💾 Cloud Storage

đŸŸĸ

SpiderOak

Location: United States
Features: Zero-knowledge encryption
Concerns: US jurisdiction, higher cost
Best for: Secure business backup

🟡

pCloud Crypto

Location: Switzerland
Features: Client-side encryption available
Concerns: Crypto is paid add-on
Best for: Users needing large storage

âšĢ

Self-hosted (Nextcloud)

Type: Self-hosted solution
Features: Complete control, open source
Concerns: Requires technical expertise
Best for: Technical users with servers

🔴

Google Drive / iCloud

Providers: Google / Apple
Features: Convenience, integration
Concerns: No real encryption, surveillance
Best for: Avoid for privacy

đŸ–Ĩī¸ Operating Systems

đŸŸĸ

Tails

Type: Amnesic live OS
Features: Tor-routed, leaves no traces
Concerns: Limited persistence
Best for: Sensitive activities

đŸŸĸ

Qubes OS

Type: Security through isolation
Features: VM-based compartmentalization
Concerns: Steep learning curve, hardware requirements
Best for: Security professionals

🟡

Linux (Debian/Fedora)

Type: Traditional desktop OS
Features: Open source, customizable
Concerns: Requires configuration for privacy
Best for: Daily use with hardening

🔴

Windows 11

Company: Microsoft
Features: Wide compatibility
Concerns: Extensive telemetry, forced updates
Best for: Avoid or heavily harden

📱 Mobile Operating Systems

đŸŸĸ

GrapheneOS

Devices: Google Pixel only
Features: Hardened Android, privacy-focused
Concerns: Limited device support
Best for: Maximum mobile privacy

🟡

CalyxOS

Devices: Google Pixel, some others
Features: Privacy with some Google compatibility
Concerns: Some Google services integration
Best for: Users needing app compatibility

🟡

iOS (Hardened)

Company: Apple
Features: Built-in privacy protections
Concerns: Closed source, Apple ecosystem
Best for: Users in Apple ecosystem

🔴

Standard Android

Providers: Google, Samsung, others
Features: Wide app compatibility
Concerns: Extensive tracking, bloatware
Best for: Avoid or heavily configure

🔐 Password Managers

đŸŸĸ

Bitwarden

Location: United States
Features: Open source, self-hostable
Concerns: US jurisdiction
Best for: Most users, free tier available
Affiliate: Yes ⭐

đŸŸĸ

KeePassXC

Type: Local password manager
Features: No cloud, open source
Concerns: Manual sync required
Best for: Users avoiding cloud storage

🟡

1Password

Location: Canada
Features: Good UI, business features
Concerns: Closed source, higher cost
Best for: Business users
Affiliate: Yes ⭐

🔴

Browser Built-in

Providers: Chrome, Safari, etc.
Features: Convenience
Concerns: Tied to browser, limited security
Best for: Avoid for sensitive accounts

🏛ī¸ Privacy Organizations

Electronic Frontier Foundation (EFF)

Focus: Digital rights, privacy advocacy
Location: United States
Website: eff.org

Privacy International

Focus: Global privacy advocacy
Location: United Kingdom
Website: privacyinternational.org

Access Now

Focus: Digital rights, internet freedom
Location: International
Website: accessnow.org

Fight for the Future

Focus: Digital rights campaigns
Location: United States
Website: fightforthefuture.org

📚 Educational Resources

Security in a Box

Focus: Activist security training
Provider: Tactical Tech
Website: securityinabox.org

Surveillance Self-Defense

Focus: Privacy guides
Provider: EFF
Website: ssd.eff.org

PRISM Break

Focus: NSA surveillance alternatives
Type: Community resource
Website: prism-break.org

That One Privacy Site

Focus: VPN reviews and comparisons
Type: Independent analysis
Website: thatoneprivacysite.net

💰 Affiliate Programs

🔍 Transparency Notice

To support this educational website, we participate in affiliate programs marked with ⭐. This means we may receive compensation if you purchase through our links. However:

  • We do not endorse any service or guarantee their security
  • Our recommendations are based on research, not affiliate income
  • You should always research services independently
  • Using affiliate links helps fund educational content like this

Services with Public Affiliate Programs

  • Mullvad VPN - Swedish VPN provider with strong privacy practices
  • IVPN - Gibraltar-based VPN with audited no-logs policy
  • ProtonVPN - Swiss VPN from the makers of ProtonMail
  • Bitwarden - Open source password manager
  • 1Password - Canadian password manager with business focus
  • ExpressVPN - (Not recommended due to ownership concerns)

🚨 Final Reminders

  • No service is perfect - All tools have limitations and risks
  • Jurisdiction matters - Consider where companies are based and what laws apply
  • Policies change - Companies can change ownership, policies, or practices
  • Threat models vary - What's appropriate for one person may not be for another
  • Stay informed - Privacy landscapes change rapidly

Need Help Choosing?

Start with our Privacy Roadmap for step-by-step guidance, or explore our Protect Yourself guides for detailed instructions.

đŸŸĸ ProtonMail - Detailed Assessment

📍 Company Information

  • Company: Proton AG (formerly ProtonMail AG)
  • Founded: 2013 by CERN scientists
  • Headquarters: Geneva, Switzerland
  • Jurisdiction: Swiss Federal Data Protection Act
  • Funding: Venture capital, user subscriptions

🔒 Privacy & Security Features

  • End-to-End Encryption: Yes, using OpenPGP standard
  • Zero-Access Encryption: Yes, Proton cannot read user emails
  • Two-Factor Authentication: TOTP and U2F support
  • Anonymous Sign-up: Possible with Tor and privacy steps
  • Payment Methods: Credit card, PayPal, Bitcoin, cash
  • Open Source: Client applications are open source

⚠ī¸ Privacy Concerns & Limitations

  • Metadata Logging: IP addresses, timestamps logged for legal compliance
  • Swiss Jurisdiction: Subject to Swiss court orders and international treaties
  • Activist Controversy: 2021 case involving French climate activist IP logging
  • Limited Tor Support: Tor access sometimes blocked, requires workarounds
  • Centralized Service: Single point of failure, not decentralized

📊 Research & Evidence

  • Security Audits: Regular third-party security audits published
  • Transparency Reports: Annual reports on government requests
  • Legal Cases: 2021 French activist case raised privacy concerns
  • Academic Analysis: Generally positive privacy researcher assessments

Sources:

  • Proton AG Transparency Report 2024
  • SEC Consult Security Audit (2023)
  • "The ProtonMail Climate Activist Case" - TechCrunch, September 2021
  • Swiss Federal Data Protection Act analysis

đŸŽ¯ Threat Model Suitability

✅ Good For:

  • General email privacy from corporate surveillance
  • Protection from data breaches and hacking
  • Business communications requiring encryption
  • Users in countries with weaker privacy laws

⚠ī¸ Use With Caution:

  • High-risk activism (consider additional tools)
  • Communications with state-level adversaries
  • Situations requiring complete anonymity

💡 Recommendations

  • Use Tor Browser when accessing ProtonMail for additional anonymity
  • Enable 2FA with hardware security key if possible
  • Use ProtonVPN in combination for additional traffic protection
  • Consider ProtonDrive for encrypted file storage integration
  • Pay with cryptocurrency for additional financial privacy

đŸŸĸ Tutanota - Detailed Assessment

📍 Company Information

  • Company: Tutao GmbH
  • Founded: 2011
  • Headquarters: Hannover, Germany
  • Jurisdiction: German Federal Data Protection Act (GDPR)
  • Funding: User subscriptions, bootstrap funding

🔒 Privacy & Security Features

  • End-to-End Encryption: Yes, including subject lines and attachments
  • Quantum-Safe Encryption: Implementing post-quantum cryptography
  • Open Source: Fully open source client and encryption libraries
  • Anonymous Registration: No phone number or recovery email required
  • Payment Methods: Credit card, cryptocurrency, PayPal
  • Calendar Encryption: Encrypted calendar and contacts

⚠ī¸ Privacy Concerns & Limitations

  • German Jurisdiction: Subject to EU and German surveillance laws
  • Limited IMAP/POP3: No standard email protocol support
  • Smaller User Base: Less widespread adoption than ProtonMail
  • IP Logging: Logs IP addresses for spam prevention and legal compliance
  • Government Requests: Must comply with German court orders

📊 Research & Evidence

  • Security Audits: Regular security audits by Cure53
  • Transparency: Publishes annual transparency reports
  • Open Source: All code available for review on GitHub
  • Academic Recognition: Cited in privacy research papers

Sources:

  • Tutanota Transparency Report 2024
  • Cure53 Security Audit Report (2023)
  • German Federal Office for Information Security (BSI) assessment
  • "Comparative Analysis of Secure Email Providers" - IEEE Security, 2024

đŸŽ¯ Threat Model Suitability

✅ Good For:

  • Users prioritizing complete message encryption
  • Open source software advocates
  • European users under GDPR protection
  • Integrated calendar and contact encryption needs

⚠ī¸ Use With Caution:

  • Users requiring IMAP/POP3 protocol support
  • Interoperability with other email systems
  • High-risk situations requiring maximum anonymity

🟡 StartMail - Detailed Assessment

📍 Company Information

  • Company: StartMail B.V.
  • Parent Company: Startpage (Surfboard Holding B.V.)
  • Founded: 2014
  • Headquarters: Netherlands
  • Jurisdiction: Dutch and EU privacy laws

🔒 Privacy & Security Features

  • PGP Integration: Built-in PGP encryption support
  • Disposable Aliases: Unlimited email aliases for privacy
  • Two-Factor Authentication: TOTP support
  • IMAP/SMTP Support: Works with standard email clients
  • Custom Domain: Support for custom domain names

⚠ī¸ Privacy Concerns & Limitations

  • System1 Ownership: Owned by System1, advertising company
  • Limited Auditing: Fewer independent security audits
  • EU Jurisdiction: Subject to EU surveillance and data retention laws
  • Smaller User Base: Less community scrutiny and support
  • Business Focus: Primarily targets business users, not activists

📊 Research & Evidence

  • Limited Transparency: No regular transparency reports published
  • System1 Acquisition: 2019 acquisition by advertising company
  • Privacy Policy: Generally privacy-focused but owned by ad company

Sources:

  • StartMail Privacy Policy (2024)
  • "System1 Acquires Startpage" - TechCrunch, 2019
  • Dutch Data Protection Authority guidance

đŸŽ¯ Threat Model Suitability

✅ Good For:

  • Business users needing PGP integration
  • Users requiring IMAP/SMTP compatibility
  • Managing multiple email identities with aliases

⚠ī¸ Use With Caution:

  • Privacy-focused users concerned about System1 ownership
  • High-risk communications requiring maximum privacy
  • Users preferring well-audited services

🔴 Gmail - Detailed Assessment

📍 Company Information

  • Company: Google LLC (Alphabet Inc.)
  • Founded: 2004
  • Headquarters: Mountain View, California, USA
  • Business Model: Advertising and data collection
  • Jurisdiction: US surveillance laws, FISA, NSLs

🔓 Privacy & Security Issues

  • Data Mining: Scans emails for advertising and data profiling
  • No E2EE: Google can read all user emails
  • Government Access: Cooperates extensively with law enforcement
  • Tracking Integration: Connected to Google's broader surveillance network
  • Third-Party Access: Allows third-party apps to access email data

📊 Research & Evidence

  • Transparency Reports: Shows extensive government data requests
  • Privacy Scandals: Multiple data breaches and privacy violations
  • Advertising Integration: Email data used for targeted advertising
  • Academic Criticism: Widely criticized by privacy researchers

Sources:

  • Google Transparency Report 2024
  • "The Surveillance Business Model" - Shoshana Zuboff, 2019
  • Electronic Frontier Foundation Google privacy analysis
  • "Platform Surveillance" - Julie Cohen, 2022

🚨 Why You Should Avoid Gmail

  • Complete Surveillance: Every email is scanned and analyzed
  • No Privacy: Zero expectation of email privacy
  • Government Access: Extensive cooperation with surveillance agencies
  • Data Permanence: Emails stored indefinitely for profiling
  • Ecosystem Lock-in: Designed to trap users in Google surveillance

🛡ī¸ Better Alternatives

  • ProtonMail: Swiss-based with end-to-end encryption
  • Tutanota: German provider with full message encryption
  • Self-Hosted: Run your own email server for complete control

đŸŸĸ Mullvad VPN - Detailed Assessment

📍 Company Information

  • Company: Amagicom AB
  • Founded: 2009
  • Headquarters: Gothenburg, Sweden
  • Jurisdiction: Swedish law, EU/Fourteen Eyes
  • Business Model: User subscriptions only, no advertising

🔒 Privacy & Security Features

  • No-Logs Policy: Independently audited by Cure53 (2020, 2023)
  • Anonymous Accounts: Account numbers only, no personal information
  • Anonymous Payments: Cash, Monero, Bitcoin accepted
  • WireGuard Protocol: Modern, secure VPN protocol
  • RAM-Only Servers: Diskless infrastructure
  • Multi-Hop: Route through multiple servers for extra security
  • Own Hardware: Controls physical infrastructure

⚠ī¸ Privacy Concerns & Limitations

  • Swedish Jurisdiction: EU member, Fourteen Eyes alliance
  • Small Network: Fewer servers compared to larger providers
  • Price: â‚Ŧ5/month flat rate, no discounts
  • Limited Streaming: Not optimized for bypassing geo-blocks
  • No Free Tier: Requires payment (though this improves privacy)

📊 Research & Evidence

  • Security Audits: Regular audits by Cure53, published results
  • Law Enforcement Requests: Cannot provide logs as none are kept
  • Transparency: Open about infrastructure and policies
  • Academic Recognition: Frequently recommended by privacy researchers

Sources:

  • Cure53 Security Audit Report (2023)
  • Mullvad Infrastructure Documentation
  • "VPN Provider Privacy Analysis" - Privacy International (2024)
  • Swedish Data Protection Authority guidance

đŸŽ¯ Threat Model Suitability

✅ Excellent For:

  • Maximum VPN privacy and anonymity
  • Journalist and activist communications
  • Bypassing censorship and surveillance
  • Users prioritizing transparency and audits

⚠ī¸ Consider:

  • Higher cost compared to competitors
  • Smaller server network
  • Swedish jurisdiction implications

💡 Best Practices

  • Pay with Monero for maximum payment anonymity
  • Use WireGuard for best performance and security
  • Enable multi-hop for high-risk activities
  • Combine with Tor for maximum anonymity (VPN-over-Tor)
  • Regular account rotation for paranoid security

đŸŸĸ IVPN - Detailed Assessment

📍 Company Information

  • Company: Privatus Limited
  • Founded: 2009
  • Headquarters: Gibraltar
  • Jurisdiction: Gibraltar law (UK territory, post-Brexit)
  • Business Model: User subscriptions, privacy-focused

🔒 Privacy & Security Features

  • No-Logs Policy: Audited by Cure53 (2022)
  • Anonymous Payments: Monero, cash payments accepted
  • Multi-Hop VPN: Route through multiple servers
  • AntiTracker: Built-in DNS filtering
  • RAM-Only Servers: No persistent storage
  • Own Hardware: Physical control of infrastructure
  • Port Forwarding: For P2P and self-hosting

⚠ī¸ Privacy Concerns & Limitations

  • Gibraltar Jurisdiction: UK territory, potential intelligence sharing
  • Smaller Network: Limited server locations compared to large providers
  • Higher Price: Premium pricing for privacy features
  • No Free Tier: Paid service only

📊 Research & Evidence

  • Security Audits: Independent audits by Cure53
  • Transparency Reports: Regular reporting on requests
  • Open Source: Open source clients available
  • Privacy Community: Strong reputation among privacy advocates

Sources:

  • Cure53 IVPN Security Audit (2022)
  • IVPN Transparency Reports
  • Gibraltar Data Protection Act analysis
  • "VPN Security Analysis" - Security Research Labs (2024)

đŸŽ¯ Threat Model Suitability

✅ Excellent For:

  • High-security communications
  • Users requiring multi-hop VPN
  • P2P and BitTorrent users
  • Privacy researchers and journalists

⚠ī¸ Consider:

  • Gibraltar/UK jurisdiction implications
  • Premium pricing structure
  • Limited global server coverage

🔴 ExpressVPN - Detailed Assessment

📍 Company Information

  • Company: Express VPN International Ltd
  • Parent Company: Kape Technologies (formerly Crossrider)
  • Founded: 2009
  • Headquarters: British Virgin Islands
  • Acquired by: Kape Technologies (2021) - $936 million

🚨 Major Privacy Concerns

  • Kape Technologies Ownership: Previous malware distribution history
  • Crossrider Background: Former adware/malware company
  • Marketing Focus: Heavy marketing spend rather than privacy innovation
  • Premium Pricing: Expensive with questionable value
  • Jurisdiction Shopping: BVI jurisdiction primarily for marketing

📊 Research & Evidence

  • Kape Acquisition: Acquired by controversial company in 2021
  • Crossrider History: Parent company's malware distribution past
  • Security Incidents: Various security and privacy concerns
  • Privacy Community: Generally not recommended by privacy experts

Sources:

  • "Kape Technologies Acquires ExpressVPN" - TechCrunch (2021)
  • "The Crossrider Malware Connection" - Privacy researchers (2021)
  • "VPN Ownership Analysis" - RestorePrivacy (2024)
  • Electronic Frontier Foundation VPN analysis

đŸšĢ Why We Don't Recommend ExpressVPN

  • Questionable Ownership: Owned by former malware company
  • Overpriced: Premium pricing without premium privacy
  • Marketing Heavy: Focuses on marketing over privacy innovation
  • Better Alternatives: Mullvad and IVPN offer superior privacy
  • Trust Issues: Parent company history raises red flags

🛡ī¸ Better Alternatives

  • Mullvad VPN: Swedish provider with audited no-logs policy
  • IVPN: Gibraltar-based with multi-hop and strong privacy
  • ProtonVPN: Swiss provider from ProtonMail team