Personal Security & Privacy Tools I Recommend

Updated in December 2019 to account for recent changes in the product landscape. In summary, I switched from PIA to Mullvad for VPN, and no longer recommend StartPage for search.

Friends and family sometimes ask me for advice about security tools or practices they should use to improve their own security. Before long I had a decent set of canned responses for all levels of technical ability that I have compiled here.

Because I value personal data privacy so highly, I am very strict about the tools I adopt personally. Unfortunately, many of these tools also come with a learning curve and may require some level of technical configuration. Some of these tools trade off convenience for security. I firmly believe that some security is better than none, so in some areas, I have included a secondary suggestion for those who just want something simple to use that still respects their privacy and provides security.

Most people use Windows, so I try to suggest tools that are multi-platform. I almost never recommend Windows as a day to day operating system. If tools are keeping you on Windows, everything on this list supports Mac and Linux to make the switch that much easier.

Operating Systems

The OS I use: Linux / Ubuntu.

Linux is much easier to use, especially in the latest versions, than most people think. I know at least one non-technical person that uses it and is happy with it. For some, this is a non-starter due to missing software needed for work, but I personally have yet to find any task I couldn't do as well or better on Linux.

I dabble in 3D modeling, programming, video game design, and digital art. I also enjoy gaming from time to time, and have found that even VR and most windows games run just fine in Linux.

The OS I recommend for those not willing to jump to Linux: Mac OS

Apple has a decent security and privacy track record, and is built for non technical consumers. Some tasks that have strong alternatives in Linux may not run on a Mac, but I have used one professionally for years (in an office environment that does not allow Linux) without any problems.

Just don't use iCloud.

Laptop Vendor

I run a custom built desktop for most of my work, but there are a couple of laptops I like.

Linux Laptop: The system76 Darter Pro

For under $1600 you get a Linux laptop with an i7 processor, 32GB RAM, and 500GB SSD. Amazing value with components working on Linux out of the box. If you want to spend a little more, their Oryx pro line is also excellent.

General Laptop: Apple macbook pro

In my opinion, Apple's quality has gone down over the last few years. You will pay roughly double the above for similar or worse specs. However the software, security, and privacy make this worth it over the common windows laptops loaded with adware that are often sold.

The recently announced macbook pro seems to be making a better value proposition, although apple is still far behind Linux in terms of privacy and security.

Browser

I use FireFox for all my browsing. I don't like sending data to Google via my web browser.

I also use the following security plugins (note that some of these, in particular NoScript and uMatrix, will make some sites unusable without configuration)

If you just really like chrome, then I recommend switching to Chromium where possible.

Password Manager

Password managers are great for getting strong, unique passwords for all sites you visit. I recommend and use BitWarden. It's open source, free for users, syncs across many devices, and multi-platform.

If you are worried about using a cloud service, then they do offer a self hosting option so you can manage it yourself.

Email Provider

I use Proton Mail. It uses client side encryption, default email encryption between proton mail users, and claims all their code is open source and they do no logging. I have a paid account, which is not very expensive. They do have a free version, but since it is my primary mail provider I like having the extra capabilities.

I should note that EMail in general is not the most secure protocol, so don't depend on any email provider for your most sensitive documents or communications.

Encryption

Most users don't encrypt their hard drives. If you do, I would go with your OS providers encryption options to make it as easy as possible.

I also sometimes want to encrypt specific files, or create encrypted folders for things like financial data or other sensitive files.

For encrypted folders, I use VeraCrypt. It's very easy to use and offers the ability to create hidden drives.

For single file or secret storage, I use gpg. This is good more for when I have something like a sensitive configuration file I need to store in github or might leave lying around.

Mobile Phone

I currently use an iPhone, though I am likely to switch to LineageOS at some point. For most users, an iPhone offers good enough privacy and security - certainly when compared to standard Android.

Again, skip iCloud.

Antivirus

If you use OSX or Linux, you may not need Antivirus. For Windows users, I recommend using Microsoft's Windows Defender. Many AV companies are now just as bad as what they seek to prevent, so use caution when choosing.

VPN

ISP's frequently log traffic and build data profiles of their customers. They have experimented with injecting ads and redirecting valid web page requests to increase profit at their customers expense. Without net neutrality, they may shape traffic based on what you are doing for financial gain. VPN's can prevent all of these along with the data collection that comes with it. They also protect you when you connect outside the home, such as at coffee shops or airports.

I personally use Private Internet Access. They once showed in court that they did not keep logs, and I have near native throughput with them, along with many servers and locations around the world.

I recently switched to Mullvad VPN from PIA, due to the recent acquisition by Kape. Although some sources have claimed that Kape (and CrossRider in the past) have been moving towards privacy, I prefer to proactively move rather than take the risk of being compromised. There are many good choices with higher trust at this time. There are interesting discussions about this on HN and Reddit.

Solid alternatives include protonVPN (same as my email provider). and NordVPN.

Note that you cannot depend on a VPN to protect you from government or risky behavior. If you need to protect yourself from more serious threats, then use both a VPN and Tor.

Backups

I use a custom script that uses duplicity on Linux to locally encrypt files and then back up to BackBlaze B2 storage. Backblaze offers unlimited backup storage for $5/month, which is a steal compared to many other backup services.

I also keep an external hard drive which is my first line of defense, so my backup process is: local file -> external hard drive -> B2 cloud storage.

For my iphone, instead of iCloud I use PhotoBackup to sync my iPhone photos back to my local hard drive. PhotoBackup uses rsync, which is an open source and highly efficient file synchronizer. It only works with Mac and Linux though, so Windows users may have to find something else.

Here is a sample script you could run on linux after installing duplicity and the b2 driver. I schedule this using cron to run nightly:

#!/bin/sh
export PASSPHRASE=my_encryption_password
export B2_ID=my_b2_id
export B2_KEY=my_b2_key

#######
# copy important files to backup storage
# /media/user/backup is my external hardrive
#######
rsync -au /home/user/* /media/user/backup/

#######
# run backup to backblaze.
# this runs a full backup every 2 months, and incremental otherwise. 
# It deletes any backups after 4 fulls, so about 8 months old
#######

duplicity --full-if-older-than 60D /media/user/backup b2://$B2_ID:$B2_KEY@bucket_name/
duplicity remove-all-but-n-full 4 --force b2://$B2_ID:$B2_KEY@bucket_name/

For non-linux users, backblaze offers a complete and simple solution. If you want to encrypt data locally that backblaze has no access to, consider an alternate solution like Duplicati with a backblaze upload. I have never used Duplicati myself, but it is open source and seems to use good client side encryption.

Search Engine

My go-to search engine is DuckDuckGo. I can no longer recommend StartPage, due to an investment by an advertising company. Sometimes Google is the best for a given query, but 99.99% of my searches don't need it.

Synchronized Notebook

I combined a number of tools I use for programming to roll my own. This is an unusual solution, but it is amazing how well it works for me. It has the following components:

  • Self hosted, encrypted Gitlab instance
  • Each notebook is a Gitlab project, with a wiki
  • Git to checkout and version control the wiki
  • Sublime text with markdown to edit the wiki

This setup allows me to edit both locally on any device that supports git, and via the web through the gitlab markdown editor. I can also share any notebook with others via the gitlab permissions and get fine grained control. You could swap out Atom (or any other editor) for Sublime if you want to be fully open source.

For simpler solutions that also respect privacy, I have heard good things about standard notes.

What Else?

Notably missing from this list are social media and chat applications. I minimize my use of these, but due to their nature are hard to migrate without also bringing along friends and family.

What other tools do you use, or would you like to hear about?