Cube's Privacy Masterdoc
A collection of reputable guides, tools and services for improving your online privacy
E-mail clouds [at] cubes [dot] link for help, clarification or suggestions
This page is a major WIP! The list is incomplete and everything may be rewritten or re-phrased, and there may be missing links.
Navigation
- Alternative Frontends
- Android
- Fingerprinting
- General Tools
- Instsant Messaging
- Minecraft
- VPNs
- Web Browsers
Alternative Frontends
Access pages from social media sites and other services without having to go to the service directly.
Benefits: No tracking from the original service, no bombardment of "sign up!" prompts, no personally tailored recommendations designed to keep you hooked on the service, the identity the original service sees is the collective identity of everyone using that specific instance, URLs follow the same format as the original service meaning links from the source can easily be converted to the alternative.
Drawbacks: No direct interaction with the service e.g. making posts or uploading videos, no logging into the service directly therefore private pages cannot be viewed.
- Invidious (YouTube) [Instances] - Videos can be downloaded as video or audio, if enabled by the instance host (yewtu.be is a popular instance that doesn't allow downloads). Also allows sign up and login for saving/importing subscriptions, but only applies to the instance you signed up with.
- Nitter (Twitter) [Instances] - Allows RSS, if enabled by the instance host
- Libreddit (Reddit) [Instances]
- Bibliogram (Instagram) [Instances] - Allows RSS, if enabled by the instance host
Android
Useful Android specific tools
- F-Droid - App store for FOSS (Free and Open Source) apps
- Aurora Store - Privacy respecting alternative to the Google Play Store
- NewPipe (YouTube) - Allows browsing YouTube without directly accessing it, no account required. It will also open videos links from similar sites such as Peertube, and it allows videos to be downloaded as either the full video or audio only. Captions/Subtitles, where available, can also be downloaded. Videos can be played in the background, while the phone is locked, and as a floating player on top of other apps. No ads.
- Fritter (Twitter) - Allows for searching Twitter and following public Twitter accounts in a feed without signing up to Twitter itself
- Infinity (Reddit) - Much like Fritter, but for Reddit
- Orbot - Routes all mobile traffic through the Tor network. May require some configuration.
E-Mail services and related tools
- Proton Mail - Encrypts all incoming e-mails, based in Switzerland. Things to note: If whoever e-mails a Proton Mail address doesn't also secure their own e-mails or use Proton Mail, their side of the communication leaves the e-mail vulnerable. E-mail is inherently the least secure form of communication, but it is still better to use Proton than Google, Microsoft, etc.
- SimpleLogin - E-mail aliasing service. Requires some configuration, but allows users to use an alias in place of their real e-mail address, protecting the real address from breaches and/or spam should the alias e-mail address be leaked. Things to note: Many services prevent the use of "throwaway" e-mail domains, aleeas.com included. However this can be circumvented by configuring a custom domain.
Fingerprinting
Fingerprinting is a general term for collecting data from users with the intention of using it to personally identify them later, or elsewhere on the internet. There are lots of different ways to be identified across the internet, all with varying degrees of accuracy, by far the most accurate being a process known as canvas fingerprinting. Another form of fingerprinting is browser fingerprinting.
General Tools
Tools to help navigate the good, the bad, and the ugly
- TOS;DR (Terms of Service; Didn't Read) - A community based effort to break down the ToS (Terms of Service) and privacy policies of online services and give them a grade according to how they manage user data. They also have a browser extension that will alert you if you come across any particularly alarming websites. Things to note: it doesn't account for trackers or past records, and it doesn't have a particularly vast database. It is a useful tool but it can't be depended on. Also, using a lot of browser extensions may make you more identifiable.
- LibRedirect - A browser extension that will automatically redirect you away from social media sites and other sites with poor privacy practices to an instance of an alternative frontend for that service. Things to note: updates tend to break the extension and/or require the settings to be reset, and recent updates have required more permissions than seems necessary. It is essentially URL injection, requiring you to place a significant amount of trust in the extension, however, it is possible to verify the source code and build from source.
- Privacy Redirect - More or less the same idea as Libredirect, only requiring less permissions and seemingly more stable. However, there are far less redirect options available.
- HaveIBeenPwned - More of a security tool than a privacy one, although this aspect of security is important in remaining private as well. It primarily allows users to check whether an e-mail address or phone number has been leaked in some way, as well as logging and explaining in detail the various user account and data breaches that occur across the internet. If an e-mail address you own has been "pwned", it's time to get a new one.
- Pi-hole - Software that blocks all incoming advertisements on a home network. Requires a significant amount of setup, as well as privileges to modify the router settings. The default list contains telemetry requests, and queries can be monitored allowing users to add domains to the blacklist/whitelist at their will.
Instant Messaging
Privacy respecting real time communication services
- Signal - Reliable end-to-end encryption for all communications, no ads, no trackers. Free and Open Source.
Minecraft
Information and tools regarding the recent developments in Minecraft
- Minecraft's New "Rules" Are Terrible (FitMC) - Well rounded informative explanation of new Minecraft "features"
- No Prying Eyes - "a simple Minecraft mod that aims to give the user control over the collection of their data and attempts to free the game of Microsoft's control."
- Simply No Report - "This mod gives the option to server admins to disable chat reporting, in a non-intrusive way"
- antimsban - "Fabric mod to (maybe) ignore global bans while still using the auth server". This mod leaves the user prone to man-in-the-middle attacks.
Search Engines
Search engines for use in any type of web browser. Using multiple, especially different instances of decentralized ones, spreads out your search history across more platforms than just a single central one.
- DuckDuckGo - The most well known of all privacy respecting search engines. It doesn't show personalized results, and it also doesn't show results from content farms.
- searX [Instances] - Free and open source, queries other search engines in order to obtain results. It does not share user's IP addresses with the search engines it queries. Users can run their own instances of searX, allowing more privacy hardened users to spread their search history across multiple instances.
- StartPage - Acts as a proxy to Google search, based in the Netherlands, doesn't store user data and removes trackers. Generates revenue by providing advertisements based on search keywords, but not personally targeted ads. Does not show personalized news articles.
VPNs
A VPN routes your traffic through a server somewhere else in the world in order to add a degree of separation between you and your internet activity.
Contrary to popular belief, a VPN does not instantly make everything you do completely anonymous and untraceable. It is one piece of a very complex puzzle, that requires time and effort to solve. Some facets to consider are, what do you log into? If you are logging into Google, Microsoft, etc. accounts you are immediately proving who you are. It is also worth considering how your browser and/or browsing activity might give your identity away.
It is also important to consider what a VPN service actually offers, and what they're otherwise tied to. Many mainstream VPN services that are advertised will be willing to hand over internet activity logs to law enforcement or governments, if not located in jurisdictions that legally obligate them to. Free VPN services will be using internet activity logs for marketing or other exploitation. A good rule of thumb is to look for a VPN that is based outside of the 14 eyes and is open and transparent about how they handle user data. Preferably, claiming not to save logs. You should also avoid VPNs involved in affiliate schemes or "top 10 lists". Finally, it is worth avoiding services that require an inordinate amount of identifiable information, such as your full name or even personal e-mail address.
At the end of the day, it is up to who you personally trust to handle your real IP address and associated activity logs
For the particularly paranoid, or just privacy conscious, the best way to pay for a VPN is with cryptocurrency, especially Monero. This in itself is a moderately complicated ordeal that I will not be explaining here, but it means that the payment for a VPN does not show up on Paypal or bank statements, adding a layer of protection to the trail. Instead, all your bank and/or Paypal knows is that you bought Bitcoin. If you use Monero, the trail dies once you have converted from Bitcoin as Monero is a privacy coin.
Finally, as mentioned before, there is no such thing as a free VPN. Read it again! And then read it again. Do you understand? If a VPN is offering its services for free, you are not being protected you are being exploited. Your data/activity is likely being logged and sold on or used for marketing purposes.- VPN Companies Are Lying To You (Kitboga) - A well rounded introduction into VPNs, what they are good for, and what you should still consider
- IVPN - A privacy conscious, no nonsense, VPN service. They also produce their own privacy guides which go into more detail about web related privacy.
- Mullvad -
Web Browsers
- Firefox - Better than using Google Chrome
- LibreWolf - Based on Firefox with a significant privacy focus. Supports only privacy respecting search engines such as DuckDuckGo and SearX, plus advanced protection against fingerprinting techniques and more features than regular Firefox.
- Brave - Based on Chrome with a significant privacy focus. Things to note: It has obvious ties to cryptocurrency, although those features can be disabled and ignored
- Tor Browser - Based on Firefox, routes browsing traffic through multiple 'nodes' to make the source (you) harder to locate. Things to note: it is slow, it is not intended for streaming or torrenting, it does not in itself make you instantly anonymous