anonymous services and tools
operating system:
- if you want to use Windows, use 10 Enterprise IOT LTSC. activate it using MAS and apply the privacy tweaks you need. Windows 7, 8 and 11 are not recommended over 10 as they are either outdated or useless.
- if you want to use Linux, look at the big ass paragraphs below the other OSes.
- if you want to use a BSD distribution, use OpenBSD for extra security, or FreeBSD. be warned that the desktop experience isn't as great as with Linux distros, but they're perfect choices for servers. DragonflyBSD is also interesting.
- for the three Plan 9 from Bell Labs fans out here, 9front is the only good fork (9front is not secure by default, see this to disable the poorly-documented "none" user, thanks to the 0x19 anon for telling me). if you want Plan 9 programs on another Unix-like OS like Linux, use plan9port.
- don't use MacOS. even with privacy tweaks applied it's still a big pile of shit.
linux:
before anything: DO NOT USE THE SNAP STORE/FLATPAK TO INSTALL PACKAGES. especially the Snap Store:
- it's a closed-source package/software manager made by Canonical and being pushed on Ubuntu as a replacement to APT (Debian's package manager).
- some packages in the Ubuntu APT repositories will require you to have snap currently installed on your computer to install the package (e.g. Firefox, Thunderbird, Chromium...).
- even worse, Ubuntu will prioritize snap applications over .deb files, to the point where it will search for the software on the snap store and install it instead of the deb file.
flatpak is not as worse as the snap store, but still a big pile of shit.
try prioritizing actual APT packages, .deb files or even AppImages over snaps and flatpaks. if software is only available on those two, it's probably shit.
for all of you Ubuntu users, here's a guide on how to annihilate snap entirely from your system: [TBA]
- if you're a new user, start with a distro based on Debian/Ubuntu. an overall great choice would be Linux Mint. if you need lighter system requirements, you can use either Lubuntu or Xubuntu, both are derivatives of Ubuntu but they use smaller desktop environments (LxQt and Xfce). you can also try other Debian/Ubuntu distros: classic Ubuntu, Kubuntu, Pop!_OS, Zorin OS, but at that point Linux Mint should cover all of your needs. these distros may have problems with games. some RHEL based distros are also great for new users, for example openSUSE or Fedora.
- if you're an intermediate user, you can try switching to rolling-release distros. where Debian and Ubuntu are "stable" distros, other distros like Arch are called "rolling-release", because their software releasing model is based on continuous delivery (bleeding-edge), basically you get the latest software instead of the most stable. rolling-release distros are considered better for gaming because latest software comes with better performance, but remember that this approach comes with the risk of latest software breaking your install.
if you want a rolling-release distro, you should use something based on Arch Linux: either classic Arch (requires a manual tty installation that can take an hour or the new automatic one), or EndeavourOS if you prefer a graphical installation. if you do not want systemd as your init system for good reasons, you can use Artix Linux, but be warned that troubleshooting on this is a nightmare. Manjaro is not recommended as their security practices are horrendous.
if you wish to stay on stable distros, you can either stick with distros cited previously, or try other ones, like Alma Linux, which is more focused on enterprise usage, but is still very good.
- if you're an experienced user, at that point just use whatever distro pleases you and covers your needs. you can try using Gentoo, but only if you're prepared enough and have a lot of free time: the installation process is very long (you need to manually partition your drive, extract a stage3 tarball, extract a portage (package manager) snapshot, compile the Linux kernel (if you're not downloading the binary one), install the bootloader of your choice, and configure a shit-ton of files). be warned: this will be the longest operating system install of your life. plus, on Gentoo, software is not downloaded as binaries but instead compiled according to the user preferences via USE flags, making it optimized for your computer, therefore it can take hours for big packages like Firefox/Chromium, LibreOffice, Qt, or your graphical interface (if you're not using a minimalist one like dwm).
- NOTE FOR GPUS:
for NVIDIA GPUs, use the binary NVIDIA drivers. they do not provide open-source drivers. an open-source alternative for the NVIDIA GPU driver is currently in development, called Nouveau, but it isn't recommended. for AMD GPUs, use the open-source AMDGPU driver.
here's a list of good linux distros (with or without systemd):
- Devuan: a fork of Debian without systemd. uses sysvinit by default but you can change it.
- Artix: a fork of Arch without systemd. comes in multiple graphical flavors and init systems.
- Gentoo: a highly flexible source-based distro. can be made very minimal. comes by default with OpenRC but you can change it.
- Alpine: a very small and secure distro. replaces glibc, coreutils and systemd with musl, busybox and OpenRC. a very good choice for servers.
- Mint: the best starter distro. comes in three diffrent flavors (Cinnamon, MATE or Xfce). uses systemd.
- Arch: a very minimal bleeding-edge distro. textual installation only. uses systemd.
- Debian: an excellent stable distro. also used in servers. uses systemd.
- openSUSE: another very good choice for beginners. comes in two release models: rolling-release (Tumbleweed) like Arch, or stable (Leap) like Debian. uses systemd.
- NixOS: good distro that offers over +90k packages, and allows the user to create reproducible systems. only problem is that it requires you to learn an arcane programming language (Nix) only used here to manage your whole system. uses systemd.
internet browser:
- for Chromium-based browsers, use ungoogled-chromium. it removes all Google integrations of the Chromium codebase, especially the telemetry. you'll need this addon to download addons from the Chrome Web Store (set the "Handling of extension MIME type requests" flag to "Always prompt for install", otherwise it will just throw out an error).
- for Firefox-based browsers, either use Firefox ESR (or Nightly, depending on which you prefer) with the arkenfox user.js (or make it yourself), or LibreWolf. if you're on Linux, you can choose either, or use GNU IceCat (if you're on Arch you'll need to add the Parabola repo for the latest version of IceCat, the current version in the repos is extremely outdated. no idea if it's outdated on Debian distros.), but it will have problems on webpages with DRM-protected content since Widevine is removed, plus you'll need to remove the horrendous default addons. Tor Browser is ok, just not a fan of auto-updates and the fact that it uses LibreJS (be sure to replace it with a better addon like uBlock Origin).
- for minimal browsers, use surf or qutebrowser. remember that you won't be able to use addons or other features that Chromium or Firefox browsers have.
privacy browser addons:
- uBlock Origin: the most important addon of this list. basically it's uMatrix but automatic. whenever you install a new browser on a computer, ALWAYS add this extension. every month, remember to update your filter lists.
- uMatrix: uMatrix divides web requests in 8 categories: cookies, CSS, images, media (audio, video), scripts, XHR (requests made by scripts), frames (embedding other sites), and the other stuff, then displays them all onto a grid. finally, you use that grid to enable or disable third-party requests, so that you don't finish with a complete broken website, nor one that spies on you with third-party trackers. only use it if you don't mind manual filtering.
- LocalCDN: a fork of Decentraleyes (outdated) that protects you against third-party trackers.
- KeePassXC-Browser: integrates your KeePassXC database directly in your browser, basically replacing the integrated password manager with a better one.
- Violentmonkey: provides userscripts support for browsers. open-source and better compared to Tampermonkey or Greasemonkey.
- LibRedirect: redirects popular websites (YouTube, Twitter, Reddit) to privacy-respecting frontends.
- FastForward: bypasses link shorteners by directly redirecting you to the final link.
- TWP: allows in-page translation similar to Google Chrome.
other privacy addons not listed here (AdBlock, Privacy Badger, Ghostery, LibreJS...) are either bad or useless and shouldn't be used.
search engine:
use SearXNG. SearXNG is a frontend for many search engines like Google, DuckDuckGo, etc. you can either use public instances, or host your own.
password manager:
there's only one good answer to this question, and it is KeePassXC. basically it's KeePass but better, with browser integration and it doesn't leak your passwords in clear in systemd's journalctl. for Android, use KeePassDX, it's compatible with KeePassXC databases. ALL ONLINE PASSWORD MANAGERS ARE ABSOLUTE TRASH. if your passwords aren't stored on YOUR hard drive, then they aren't yours. don't use your browser integrated password manager, it's not secure enough.
vpn:
remember that VPNs do not provide anonymity like Tor or I2P would. but they're recommended if you torrent stuff like movies on public trackers.
if you really want a good "anonymous" VPN, buy a VPS and setup WireGuard (better and faster than OpenVPN) on it. you can buy a VPS for 5 bucks a month on Hetzner, or if you want a privacy-respecting server provider: NiceVPS or Privex. the only good public solutions are Mullvad and AirVPN. IVPN used to be great, until they removed port forwarding. if you download or seed torrents from public trackers, activating your VPN killswitch is obligatory, because in the case the VPN tunnel fails, it will instantly disconnect your internet (and remove you from the swarm) thus making sure your actual IP doesn't appear clearly for a few seconds.
email service:
emails aren't recommended for privacy, but if you need one: host it yourself. there is no good (free or paid) public/private email service. not even "privacy-oriented" ones like riseup, disroot, cock.li, etc. remember that this isn't easy and can be a mess to troubleshoot. buy a vps using the links above, and setup a mail server using whatever good solution you find. always use strong end-to-end encryption.
email client:
if you want a GUI, use Claws Mail, otherwise use Neomutt. they are the only good choices as they don't send telemetry like Thunderbird would, and are the only two mail clients that weren't vulnerable to the EFAIL vulnerability (see this paper). for Android, use K9-Mail (if you're using an encrypted mailbox, you'll also need OpenKeychain).
code editors:
- for Visual Studio Code users, replace it with VSCodium. this is a build of VSCode's open-source base with telemetry and closed-source extensions removed by default.
- a good VSCode alternative is Lite XL, it's made in C instead of JS and TypeScript.
- Sublime Text is freeware but will harass you sometimes when you save a file to reminder you to buy a (useless) license, unless you modify the binary to change this.
- for terminal code editors, if you want a modal one, use classic vi, Vim, Neovim, or Vis, Nano is only useful for editing config files as admin, and shouldn't be used as a full-on code editor.
- if you want Emacs, either use classic Emacs, or with custom configs, like Spacemacs.
- all commercial IDEs and code editors (Visual Studio, JetBrains, Eclipse...) shouldn't be used.