anonymous services and tools

operating system:

if you want to use Windows, use 10 Enterprise IoT LTSC. activate it using MAS and apply the privacy tweaks you need. Windows 7, 8 and 11 are not recommended over 10 as they are either outdated or useless.

UPDATE: Microsoft has since released the Enterprise IoT LTSC version of Windows 11. i haven't tested it yet in details compared to the W10 version, so at the moment you should stick with the Windows 10 version of Enterprise IoT LTSC.

if you want to use Linux, look at the huge paragraphs below the other OSes.

if you want to use a BSD distribution, use OpenBSD for extra security, or FreeBSD. be warned that the desktop experience isn't as great as with Linux distros, but they're perfect choices for servers. DragonflyBSD is also interesting.

for the three Plan 9 from Bell Labs fans out here, 9front is the only good fork (9front is not secure by default, see this to disable the poorly-documented "none" user, thanks to the 0x19 anon for telling me). if you want Plan 9 programs on another Unix-like OS like Linux, use plan9port.

don't use macOS. even with privacy tweaks applied it's still a big pile of shit.

linux:

before anything: DO NOT USE THE SNAP STORE/FLATPAK TO INSTALL PACKAGES. especially the Snap Store:

it's a closed-source package/software manager made by Canonical and being pushed on Ubuntu as a replacement to APT (Debian's package manager).
some packages in the Ubuntu APT repositories will require you to have snap currently installed on your computer to install the package (e.g. Firefox, Thunderbird, Chromium...).
even worse, Ubuntu will prioritize snap applications over .deb files, to the point where it will search for the software on the snap store and install it instead of the deb file.

flatpak is not as worse as the snap store, but still a big pile of shit.

try prioritizing actual APT packages, PPAs, .deb files or even AppImages over snaps and flatpaks. if software is only available on those two, it's probably shit.

for all of you Ubuntu users, here's a guide on how to annihilate snap entirely from your system.

if you're a new user, start with a distro based on Debian/Ubuntu. an overall great choice would be Linux Mint. if you need lighter system requirements, you can use either Lubuntu or Xubuntu, both are derivatives of Ubuntu but they use smaller desktop environments (LxQt and Xfce). you can also try other Debian/Ubuntu distros: classic Ubuntu, Kubuntu, Pop!_OS, Zorin OS, but at that point Linux Mint should cover all of your needs. these distros may have problems with games. some RHEL based distros are also great for new users, for example openSUSE or Fedora. beware that some "commercial" distros like Ubuntu and RHEL include telemetry, so their forks may have some if they're not already removed by the developers. check guides online to remove all potential telemetry from your Linux system.

if you're an intermediate user, you can try switching to rolling-release distros. where Debian and Ubuntu are "stable" distros, other distros like Arch are called "rolling-release", because their software releasing model is based on continuous delivery (bleeding-edge), basically you get the latest software instead of the most stable. rolling-release distros are considered better for gaming because latest software comes with better performance, but remember that this approach comes with the risk of latest software breaking your install.

if you want a rolling-release distro, you should use something based on Arch Linux: either classic Arch (requires a manual tty installation that can take an hour or the new automatic one), or EndeavourOS if you prefer a graphical installation. if you do not want systemd as your init system for good reasons, you can use Artix Linux, but be warned that troubleshooting on this is a nightmare. Manjaro is not recommended as their security practices are horrendous.

if you wish to stay on stable distros, you can either stick with distros cited previously, or try other ones, like Alma Linux, which is more focused on enterprise usage, but is still very good.

if you're an experienced user, at that point just use whatever distro pleases you and covers your needs. you can try using Gentoo, but only if you're prepared enough and have a lot of free time: the installation process is very long (you need to manually partition your drive, extract a stage3 tarball, extract a portage (package manager) snapshot, compile the Linux kernel (if you're not downloading the binary one), install the bootloader of your choice, and configure a shit-ton of files). be warned: this will be the longest operating system install of your life (excluding LFS). plus, on Gentoo, software is not downloaded as binaries but instead compiled according to the user preferences via USE flags, making it optimized for your computer, therefore it can take hours for big packages like Firefox/Chromium, LibreOffice, Qt, or your graphical interface (if you're not using a minimalist one like dwm).

entracte:

i'm not gonna make a whole article about it, but personally, i do consider Gentoo to be a meme distro. a lot of Gentoo users (or normies that only know it by name and never dared to install it) love to sell it as the "best distro" for low-spec computers because of how minimalist you can make it. yeah, it's true, but now, try compiling a big software (e.g. Chromium, X11...) or a software with big dependencies (e.g. some software want Rust for no reason) with the same low-spec computer, and let's see if it's made for these kind of computers. i remember trying to install KeePassXC on my X220, for some reason it wanted to emerge/update gcc, when i started sleeping it was compiling gcc (~30%), and when i woke up around 10 hours later it was still compiling gcc (~40%). pretty much all linux users, just want to work out of the box, and not spend hours, even days or weeks depending on their hardware specifications just compiling all of their needed packages when it could have been done in 10 to 20 minutes on Debian or Arch. also, we're not in 1990 where computers had so little specs you actually had to compile software yourself to make it optimized for your machine anymore: the difference in performance between an already-compiled binary and a freshly-compiled by your computer package is almost non-existant for 99.9% of users. in December 2023, Gentoo introduced binary packages, which, totally breaks the point of emerge, and also misses a lot of big packages for people using alternative/experimental stages3 (e.g. musl, hardened...). in conclusion, Gentoo is still a good distro, having the 2nd best Linux wiki behind Arch, having an interesting gimmick, being customizable as you want, but for me it's not truly made for all computers. pretty much only high-end computers can only benefit from the compilation times.

NOTE FOR GPUS:
for NVIDIA GPUs, use the binary NVIDIA drivers. they do not provide open-source drivers. an open-source alternative for the NVIDIA GPU driver is currently in development, called Nouveau, but it isn't recommended. for AMD GPUs, use the open-source AMDGPU driver.

here's a list of good linux distros (with or without systemd):

Devuan: a fork of Debian without systemd. uses sysvinit by default but you can change it.
(NOTE: no idea if this is an issue with my computer or with Devuan itself, but everytime i tried upgrading the Linux kernel on Devuan, i always end up with an unresolvable boot error in GRUB. those updates were made using the Excalibur (testing) repos of Devuan, i'll maybe try one day with the stable repos to see if this problem is still occuring.)

Artix: a fork of Arch without systemd. comes in multiple graphical flavors and init systems. note that it will be an absolute pain to troubleshoot, probably the worst troubleshooting i've ever experienced over the 100s of distros i have tested.

Gentoo: a highly flexible source-based distro. can be made very minimal. comes by default with OpenRC but you can change it. i do consider it to be kind of a meme distro, see above paragraph about distros for experienced users.

Alpine: a very small and secure distro. replaces glibc, coreutils and systemd with musl, busybox and OpenRC. also a very good choice for servers.

Mint: the best starter distro. comes in three diffrent flavors (Cinnamon, MATE or Xfce). uses systemd.

Arch: a very minimal bleeding-edge distro. textual installation only. uses systemd.

Debian: an excellent stable distro. also used in servers. uses systemd.

openSUSE: another very good choice for beginners. comes in two release models: rolling-release (Tumbleweed) like Arch, or stable (Leap) like Debian. some good (YaST, OBS...) and bad (zypper is one of the slowest package managers) features. uses systemd.

NixOS: good distro that offers over +90k packages, and allows the user to create reproducible systems. only problem is that it requires you to learn an arcane programming language (Nix) only used here that can be a pain to manage your whole system: installed packages, users, groups, even program configuration. uses systemd.

internet browser:

for Chromium-based browsers, use ungoogled-chromium. it removes all Google integrations of the Chromium codebase, especially the telemetry. you'll need this addon to download addons from the Chrome Web Store (set the "Handling of extension MIME type requests" flag to "Always prompt for install", otherwise it will just throw out an error). i've heard Brave was good, but for me it's just ungoogled-chromium with a built-in adblocker.

for Firefox-based browsers, either use Firefox ESR (or Nightly, depending on which you prefer) with the arkenfox user.js (or make it yourself), or LibreWolf. Tor Browser is ok, just not a fan of auto-updates and the fact that it uses LibreJS (be sure to replace it with a better addon like uBlock Origin). GNU IceCat is also good, but be sure to replace the default addons, and be reminded that you won't be able to access/audio will be extremely glitchy on pages with DRM content (Netflix, some piracy streaming websites...) since Widevine is removed. the only repos with up-to-date (or very close) IceCat versions are Arch's AUR (src and bin), Parabola, Guix and Fedora, otherwise you'll need to compile it yourself for your distro.

for minimal browsers, use surf or qutebrowser. remember that you won't be able to use addons or other features that Chromium or Firefox browsers have.

privacy browser addons:

uBlock Origin: the most important addon of this list. basically it's uMatrix but automatic. whenever you install a new browser on a computer, ALWAYS add this extension. every month, remember to update your filter lists.

uMatrix: NOTE: this addon isn't as important anymore, just use uBlock Origin. uMatrix divides web requests in 8 categories: cookies, CSS, images, media (audio, video), scripts, XHR (requests made by scripts), frames (embedding other sites), and the other stuff, then displays them all onto a grid. finally, you use that grid to enable or disable third-party requests, so that you don't finish with a complete broken website, nor one that spies on you with third-party trackers. only use it if you don't mind manual filtering.

LocalCDN: a fork of Decentraleyes (outdated) that protects you against third-party trackers.

KeePassXC-Browser: integrates your KeePassXC database directly in your browser, basically replacing the integrated password manager with a better one.

Violentmonkey: provides userscripts support for browsers. open-source and better compared to Tampermonkey or Greasemonkey.

LibRedirect: redirects popular websites (YouTube, Twitter, Reddit) to privacy-respecting frontends.

FastForward: bypasses link shorteners by directly redirecting you to the final link.

TWP: allows in-page translation similar to Google Chrome.

other privacy addons not listed here (AdBlock, Privacy Badger, Ghostery, LibreJS...) are either bad or useless and shouldn't be used.

search engine:
use SearXNG. SearXNG is a frontend/mass aggregator for many search engines like Google, DuckDuckGo, etc. you can either use public instances, or host your own. other search aggregators/proxies include 4get and LibreY (a fork of now-dead LibreX).

password manager:
there's only one good answer to this question, and it is KeePassXC. basically it's a fork of KeePass but better, gets audits regularly, with browser integration and it doesn't leak your passwords in clear in systemd's journalctl. for Android, use KeePassDX, it's compatible with KeePassXC databases. ALL ONLINE PASSWORD MANAGERS (Dashlane, LastPass, NordPass, 1Password...) ARE ABSOLUTE TRASH. if your passwords aren't stored on YOUR hard drive, then they aren't yours. don't use your browser integrated password manager, it's not secure enough.

vpn:
remember that VPNs do not provide anonymity like Tor or I2P would. but they're recommended if you torrent stuff like movies on public trackers.
if you really want a good "anonymous" VPN, buy a VPS and setup WireGuard (better and faster than OpenVPN) on it. you can buy a VPS for 5 bucks a month on Hetzner, or if you want a privacy-respecting server provider: NiceVPS or Privex. the only good public solutions are Mullvad and AirVPN. IVPN used to be great, until they removed port forwarding. if you download or seed torrents from public trackers, activating your VPN killswitch is obligatory, because in the case the VPN tunnel fails, it will instantly disconnect your internet (and remove you from the swarm) thus making sure your actual IP doesn't appear clearly for a few seconds.

email service:
emails aren't recommended for privacy, but if you need one: host it yourself. there is no good (free or paid) public/private email service. not even "privacy-oriented" ones like riseup, disroot, cock.li, etc. remember that this isn't easy and can be a mess to troubleshoot. buy a vps using the links above, and setup a mail server using whatever good solution you find. always use strong end-to-end encryption.

email client:
if you want a GUI, use Claws Mail, otherwise use Neomutt. they are the only good choices as they are the only two mail clients that weren't vulnerable to the EFAIL vulnerability (see this paper). Thunderbird is just another web browser: why would i need tabs, a search engine, a task manager, etc. for Android, use K9-Mail (if you're using an encrypted mailbox, you'll also need OpenKeychain).

code editors:

for Visual Studio Code users, use VSCodium. this is a build of VSCode's open-source base with telemetry and closed-source extensions removed by default.
a good VSCode alternative is Lite XL, it's made in C instead of JS and TypeScript.
Sublime Text is freeware but will harass you sometimes when you save a file to reminder you to buy a (useless) license, unless you modify the binary to change this.
for terminal code editors, if you want a modal one, use classic vi, Vim, Neovim, or Vis. nano is only useful for editing config files as admin, and shouldn't be used as a full-on code editor. recommended is Neovim with some addons.
if you want Emacs, either use classic Emacs, or a custom config, like Spacemacs.
all commercial IDEs and code editors (Visual Studio, JetBrains, Eclipse...) shouldn't be used.