I’m beginning this year caring a lot more about my data online than I did around this time in 2022. There seems to be a concerning trend of careless sharing of personal data online, fuelled by the normalisation of social media. Despite this, over the last few months, I’ve discovered and started to regularly use many new software products which have proved to me that privacy on the modern web is not dead.
I still have a long way to go but I wanted to share where my journey to a more private digital life has taken me thus far. Perhaps there is a service or two in this list that piques your interest and can help you strengthen your data privacy.
Keep in mind that my personal needs and opinions have influenced this selection and it is not exhaustive. However, all of these tools prioritize transparency and privacy in their marketing and practices. I will highlight the features that stood out to me the most when making my choices.
You will also find this list leans heavily towards SaaS and cloud services. Offloading security concerns to cloud providers is almost always a better idea than self-hosting but privacy is a different matter. Generally speaking, I trust (some) cloud providers to do a far better job than me in ensuring my data is kept safe from malicious, external actors, as they have a lot more expertise and resources than I ever will to achieve this. However, it’s harder to feel the same when the malicious actor might be the provider themselves.
It’d be fatally naive to take the claims from any 3rd party on the ethical and effective protection of their users’ precious data at face value, especially if they are a for-profit organisation. I have done my due diligence and researched every single service in this list to verify their claims are credible before trusting them with my data. Don’t take my word for it either, do your own research too.
tl;dr because busy people deserve privacy too
|Cloud Data Storage
Check out Privacy Guides for more recommendations, guides and detailed information on protecting your digital identity and belongings.
Enshrined by the impenetrable German data protection legislation, Tutanota is a SaaS email company operating out of Hanover that offers a range of encrypted services, primarily email. Some of the features of its email product that make it stand out from its competitors for me are:
- Email content and search are E2EE (end-to-end encrypted)
- It runs 100% on green energy
- Supports U2F (Universal Second Factor) authentication, such as Yubikey
- You can use Tutanota for free, although their inexpensive 1 EUR/mo subscription gives you some nice-to-have features like your own custom domain name and up to 5 email aliases
There are a couple of limitations about Tutanota worth pointing out though. These shortcomings are a direct result of the way Tutanota has been designed so I don’t anticipate them being addressed any time soon (if ever). Depending on what you look for in an email client, these may or may not be dealbreakers for you:
- No support for direct IMAP/POP3 interface: Tutanota argue that, for security reasons, they cannot support access to your Tutanota inbox via 3rd party email clients like Thunderbird or mutt. Access to your inbox is only possible through their official web client and mobile applications.
- Weak spam filters: the only part of your correspondence that is visible to Tutanota is the sender, destination email headers and the message timestamp, which are not fully encrypted. This limits the scope of the spam detection algorithms Tutanota can harness, rendering them less effective than the deep email scanning (and privacy-invading) features you’re used to getting from other services like Gmail.
Email Masking: Firefox Relay
Sticking to the subject of happy, safe emails, let’s talk about email masking next.
If you’ve ever used throw-away email inbox services like 10 Minute Mail but sometimes wish you could easily create a lot of those (maybe for different websites) and keep them around for as long as you want before disposing of them, email aliases are the way to go. Incidentally, Tutanota offer this service but you are only allowed to keep a small number of aliases active at any given point, which is why I think Firefox Relay is a better option.
Firefox Relay is a neat little email aliasing service created by, you guessed it, Mozilla. The gist of Firefox Relay is that you associate this service to one genuine email account you own (e.g. Outlook, Tutanota… 😉) and generate any number of random email aliases that look like this:
firstname.lastname@example.org. Emails sent to these addresses are automagically relayed to your inbox, thus allowing you to receive emails without exposing your real address.
Firefox Relay has many more nice features (most of them paid for), namely
- a browser extension that can generate new masks for you on the fly and auto-fill them in in various sign-up forms,
- support for custom human-friendly masks and subdomains,
- the ability to reply to emails via Relay, and more.
Firefox Relay has more uses than simply making one-off email addresses for dodgy websites; Relay allows you to configure email filters to dictate what type of emails they can forward to you. This can be an extremely effective way to manage a large array of subscriptions and mailing lists you’re enrolled to. If at any given point one of the newsletters you’re subscribed to gets too spammy, you can give them a “timeout” by blocking all inbound emails on their assigned Relay mask for a certain amount of time, without having to delete the address altogether.
Cloud Data Storage: Proton Drive
Launched in September 2022, Proton Drive is a fairly new proposition from the Geneva-based Proton AG, the makers of Proton Mail and Proton VPN.
Proton Drive is fairly basic as far as cloud file storage services go, with few of the bells and whistles their established competitors offer. However, unlike many of the leading cloud file storage providers, Proton Drive makes up for its succinct feature set with E2EE file encryption and the same solid guarantees around data protection you would expect from its siblings Proton Mail & VPN.
My primary use case for Proton Drive at the moment is to back up all the pictures in my phone to save space. Proton Drive has a native Android app, which looks nice although its UX is still a bit rough in some parts. For example, when the upload of a larger file (>1GB) completes, you’ll sometimes get a checksum/file size error saying the source and destination files don’t match, even though the file uploaded just fine. Furthermore, it is currently not possible to bulk upload more than 250 files from a mobile device, which is kind of annoying. I’m unsure if this limitation exists on the desktop version too.
Finally, Proton Drive’s storage capacity is significantly lagging behind competitors like Dropbox or Google Drive, which can readily accommodate requests for TBs of storage. With Proton Drive, 500 GB is the maximum amount of storage you get on the highest subscription tier. You need to contact Proton directly to purchase additional storage. I am confident the capacity limitations will be greatly alleviated over time though so I’m not too worried about it.
I’ve only been using Proton Drive for a few weeks thus far and I think that, while there is room for improvement in the features and overall UX, it is a very promising service. I am looking forward to seeing how many of the nitpicks I have right now are addressed, and complemented with new features as the product matures in 2023.
VPN: Mozilla/Mullvad VPN
Even though VPN usage has very few of the security and anonymity advantages it is often touted to offer, I do find it handy to switch my VPN on while connected to a public WiFi access point during a train journey, in a cafeteria or when I occasionally need to access region-locked content.
If you have similar, genuine use cases for a VPN too, both Mozilla & Mullvad VPN are solid options to consider. I’m mentioning Mozilla VPN here as, even though it’s basically a repackaged version of Mullvad, with little to no additional features of its own, Mozilla do provide a simpler, (arguably) better looking mobile app and their VPN is about $5 cheaper than Mullvad if you’re comfortable being locked in with them for 12 months. On the flip side, Mullvad charge a flat 5 EUR monthly subscription fee, which you can cancel anytime, so that’s worth considering if you’re not comfortable with long-term service subscriptions that lock you in for months or years.
The one major downside to Mozilla VPN compared to Mullvad is that their desktop VPN client currently doesn’t support any Linux distribution other than Ubuntu. Therefore, if this is a problem for you or you don’t care much for pretty mobile UIs, Mozilla or supporting them financially, Mullvad would be the better option.
Whatever you do, just stay away from any VPN provider that some random YouTube/Twitch/etc. content creator tries to sell you. More often than not, they utilise misleading marketing tactics to make you believe that using a VPN is inherently more secure than not using one when this is rarely the case. If anything, you may be further exposing your browsing activity by using one, as VPN vendors may be legally obliged to provide all details they have on you (hint: some of them know more about you than you’d think) to the authorities in their country of origin, or simply have them swiped by hackers.
Web Browsing: Tor
Roughly 20 years after being unleashed to the world, the onion routing protocol and the Tor proxy remain to this day as one of the best ways, if not the best way, to browse the web in complete anonymity. Tor has become more accessible and easier to use than ever before, thanks to all the significant UX/UI improvements made to the Tor browser and the Tor mobile apps. In addition to this, I’ve noticed a marked improvement in the speed of the Tor network since the first time I used it, probably a good decade ago.
Unfortunately, I’ve also seen myself completing a lot more captchas now than I used to, as a bit too many websites and CDNs nowadays implement blunt bot detection mechanisms which are often hostile towards traffic originating from this network.
Instant Messaging: Signal
Signal have proved time and time again their unwavering commitment to security and privacy by design. Adoption of Signal has been on a steep rise since 2021. I believe that a couple of key incidents that have contributed to its gains in popularity recently are:
- The global DNS outage Meta suffered in October 2021, which locked millions of people out of their Facebook, Instagram and, you guessed it, WhatsApp accounts, for a few hours.
Fortunately, Signal’s newfound success doesn’t entirely come from the misfortune and mistakes of their competitors, as the growing list of features around simplicity, user convenience and engaging communication gimmicks the non-profit have built into their IM (Instant Messaging) app is impressive. Signal have made huge strides over the last few years to prove security and convenience don’t always have to be at odds with each other. As well as providing the same basic features you would expect in a modern IM application, here are a few features I was able to use on Signal months before they arrived in WhatsApp:
- A cross-platform desktop client that doesn’t require your smartphone to be switched on and connected to the same network while you use it. As of the time of this writing, the only way to access WhatsApp from a Linux desktop is via their web client which doesn’t even support calls of any sort
- Custom emoji reactions
- Better visual cues to identify replies to messages
The one thing that keeps Signal from becoming the perfect instant messaging solution for me and many more people is that they require you to provide a phone number to set up an account; arguably, to allow for account verification, backup and device transfer services. Another —perhaps anecdotal— minor issue I have with Signal is that I’ve often experienced quality degradation and choppy video/audio during video calls, which hasn’t occurred under similar conditions on WhatsApp.
Despite these downsides, Signal is a solid privacy-centric alternative to instant messaging services such as WhatsApp, Telegram or Facebook Messenger. It is a shame the huge gravitational pull of the the network effect brandished by WhatsApp and other less privacy-inclined IM apps is slowing down the adoption of more privacy-respecting alternatives such as Signal.
Operating System: GNU/Linux
Unsurprisingly, GNU/Linux continues to be my favourite OS for a plethora of reasons, which includes privacy. The open nature of its development and the non-profit nature of its parent entity, The Linux Foundation, have earned the trust of users like me, who are given full control over their data and can fulfil their computing needs knowing they’re not being spied upon or having their computing habits mined to feed a data-hungry profiling system.
Tails has perhaps set the gold standard as to what a privacy-focused GNU/Linux distribution should be, although you’ll find even general-purpose distros like Fedora and OpenSUSE have sensible and transparent privacy policies.
However, not every GNU/Linux distribution is created equal when it comes to upholding the privacy of their user base. Canonical’s Ubuntu, for example, has fallen foul of irresponsible data handling practices in the past, capturing personal information without their users’ awareness or explicit consent. Running GNU/Linux doesn’t automatically protect people from having their data harvested, although its decentralised and open nature does mean it’s much harder for privacy-invading features to fly under the radar and take hold, as the community can create and distribute forks, which is exactly what the Audacity community did by creating Tenacity after the controversial inclusion of telemetry features in the popular audio manipulation software.
Privacy Knowledge Base: Privacy Guides
I didn’t want to end this article without giving Privacy Guides credit for their amazing tutorials and lists of recommendations, which have heavily informed some of my recommendations for this article. Check them out if you want even more privacy-conscious software recommendations or just want to learn more about how to keep yourself safe online.
I wish you a happy, private 2023!