The Privacy Raccoon

Welcome to the The Privacy Raccoon!

We aim to help people defending their rights in the era of surveillance capitalism.

Recommendations

This is our list of privacy tools that will help you to remain private online. It has been carefully handcrafted by a group of privacy activists. There is no silver bullet when it comes to privacy, but these tools will make tracking you a very difficult task.

Operative System

Web Browser

Private Communications

Privacy Service Providers

Essential Privacy Tools

Miscellaneous


Operative Systems

For less advanced users

MX Linux

Warning: Home page is Cloudflared

MX Linux, based on Debian, is probably the most user friendly distro of this list and the one that we recommend for complete Linux beginners. It comes with handy tools for newcommers. The only disadvantage is that it comes with a lot of things preinstalled, but that's probably good for new users anyway.

Void Linux

An independent Linux distribution, it comes in two flavors, glibc and musl. It has a home-made package manager and decent repos. It uses Runit as it's init system. Runit is a blazing fast and simple init. Probably one of the best Linux distros out there.

Artix

Warning: Home page is Cloudflared

Arch but with different init systems to choose from. Nice and easy to use GUI installer, friendly community and has the full potential of Arch Linux. Decent distro and probably the best one in this list for less advanced users.

For advanced users

FreeBSD

FreeBSD is the most popular of the *BSD family (which are totally independent from one each other). It's often used for servers because it's rock solid and stable. It also comes with a great init and daemon management. But most importantly, FreeBSD's ports have almost every package you'll ever need.

If you're concerned with security and you love FreeBSD, consider HardenedBSD instead

OpenBSD

OpenBSD is a UNIX-like OS which emphasize portability, standardization, correctness, proactive security and integrated cryptography. The popular OpenSSH software comes from OpenBSD, as other cryptography and security related software does.

CRUX

An old school, independent linux distribution. It has the beauty that Arch had in it's first days. It has a port system which can be used to easily maintain your custom repository and it doesn't force you to do almost anything. Very nice distro to use, although not beginner friendly

Mobile Operative Systems

Remember that mobile phones are a privacy nightmare, by design. Even if these OSs are far better than the stock ones, they aren't a silver bullet. Consider moving most of your online activity to your desktop or laptop.

PostmarketOS

Based on Alpine Linux and with a variety of Desktop Environments to choose from it's probably the best mobile experience you can get. At the end you have the flexibility of desktop linux because it's that but ported to mobile. Every privacy tool available for desktop can be used. It supports full disk encryption.

UBports

Warning: Home page is Cloudflared

UBports is a community maintained GNU/Linux distribution based on Ubuntu for mobile phones. Although PostmarketOS is generally better, UBports may have support for your device so consider checking their supported devices list.

Replicant

Replicant is the only fully free Android distribution. Every other Custom ROM has proprietary blobs in it. Unfortunately, it only supports a few very specific devices. It's also the only custom ROM that does no unsolicited connections.

LineageOS

LineageOS is a custom ROM which removes most of Google's spyware. They maintain their ROM for a extensive catalog of devices.

Graphene OS

Graphene OS is a custom ROM for Android with a strong focus in security. They only support newer Pixel phones.

Router Firmware

OpenWRT

A linux distribution prepared to be used as the firmware for your router. It supports a wide variety of routers, you should check if your router is supported and if not, consider buying one that is supported. A properly configured router is key for your privacy.

OpenBSD

OpenBSD is a great, portable and security focused OS and one of it's best usecases is using it as a router. The site Openbsdrouterguide.net is a great resource to get started.

Pfsense

Great Firewall solution, based in FreeBSD but it's probably more suited for enterprises or large networks. In any case, it's a fully featured firewall with a lot of options and additional packages

LibreCMC

Based on OpenWRT, it's FSF endorsed and it's focused on low powered machines.

Web browser

Librewolf

Librewolf is Firefox but private by default. Tweaking Firefox yourself may seem overwhelming for less advanced users or people who just want something out of the box. Librewolf provides the hardened Firefox experience without the need of changing anything.

Tor Browser

The Tor Browser Bundle is a modified version of Firefox which is hardened against fingerprinting taking the approach of blending in, trying to make every user look the same. That's why they don't recommend installing add-ons in the Tor Browser or using other browser through the Tor Network.

Pale Moon

Warning: If security is a priority in your threat model, Pale Moon is not for you. Pale Moon has inferior sandboxing compared to Firefox/Chromium. If you're going to enable JS, run it inside Firejail.

Pale Moon is an independent browser. It's the only independent browser that is able to browse most of the modern web. It also provides very nice privacy options. Properly tweaked, Pale Moon is probably one of the best browsers in terms of privacy.

Hardening: Pale Moon can be tweaked for further privacy, fingerprinting resistance and more. Read here

We recommend avoiding Chromium based browsers because we don't want a Chromium monopoly over the web. But if you desperately need a Chromium based browser for certain pages, avoid Brave and use Ungoogled Chromium

Browser Addons

eMatrix/uMatrix

eMatrix/uMatrix is the superior content blocker. There's nothing that provides the user the ability to choose what to block and what to allow the same way eMatrix does. uBlock Origin's advanced mode can't replace uMatrix/eMatrix. uMatrix is deprecated but it still works flawlessly. eMatrix is an active fork for Pale Moon and other XUL compatible browsers.

URL rewriter

This addon will let you redirect malicious URLs to their respective privacy friendly frontends, eg YouTube links to Invidious. You may find other usecases for it, since with the help of regex you can redirect anything. URL rewriter is only available for Pale Moon, for Librewolf you may use Libredirect or Redirector.

--- WIP ---

Mobile Browsers

Remember that being private in mobile phones is nearly impossible by design! Try to move your browsing habits to your laptop or desktop

Mull

Mull is a privacy focused Firefox fork which has been deblobbed and hardened with the Tor Uplift project and with the arkenfox userjs. It's recommended over Chromium browsers because you are able to install uBlock Origin which outclass any other content blocker.

Note that Chromium based browsers are more secure in Android than Firefox based ones.

Tor Browser

The Tor Browser Bundle is available for Android. It's also based on Firefox and connects exclusively through the Tor network.

Bromite

Bromite is a chromium based browser for Android which have removed Google's spyware and have patched other privacy issues. It's the only recommended chromium browser for Android although it's adblock doesn't even come close to the much more powerful uBlock Origin.

Email

The fundamental requirements for a good and private email provider are two: sign in without providing personal information and support for mail clients. This means that if they are paid and don't accept cash/Monero or if they block Tor, it isn't even considered. Other important requirement is a good Privacy Policy. Others taken into account are .onion onion domain, no JavaScript necessary, etc.

RiseUp

Probably the best email provider in terms of privacy. It has an .onion domain, great privacy policy, maintained by donations, in operations for more than 20 years and support for mail clients. Highly recommended, it is invitation only tho.

Posteo

Posteo is a paid provider and although you can't pay with Monero, you're able to pay with cash. It has been independently audited and it does not recollect IPs either when visiting their website or when retrieving/sending mails with your mail client. And it's completely powered by renewable energies.

Email clients

We recommend you to choose POP3 when configuring your email client. This will save your emails in your computer for offline use and you might be able to delete them from the server once downloaded.

Claws Mail

Best GUI email client by far. Ligthweight, nice UI, excellent PGP support, no unsolicited connections and multi-account.

Neomutt

The terminal wizard's email client. Probably the best terminal mail client in existence.

Instant Messengers

XMPP

XMPP has existed for a long time. It's federated, it supports multiple encryption methods, it's easy to self-host, there are various implementations and there isn't a corporation behind. Probably the best Instant Messenger available.

Go here for our recommendation of XMPP clients

Deltachat

Deltachat uses email. Yes, email. You can use it with any email provider and don't worry because your messages will be end to end encrypted. It's an interesting approach to a decentralized instant messenger.

Anonymous IM

XMPP

XMPP is able to federate through Tor and I2P, making it a perfect candidate as an anonymous instant messenger, since you would be able to host your own server without revealing personal information or just join a darknet XMPP server operated by someone you trust.

Briar

Briar is a peer to peer messenger which can work without a SIM card in the phone, just through WiFi or Bluetooth. That's the main advantage it offers. It's onion routed and end 2 end encrypted. The desktop client isn't good, but you may find it useful for certain situations like riots.

Cwtch

Built to be metadata resistant, works over Tor and it's end to end encrypted. It's also self-hostable. Although there's only one implementation right now. It looks good.

Voice & Video

Mumble

Voice only

Mumble is a free, open source, low latency, high quality voice chat application. Encrypted by default, Mumble is the gold standard as a private, secure and libre voice chat

Jitsi

Jitsi is a set of free software projects that allows you to easily build and deploy secure videoconferencing solutions. It's really easy to self-host or you can use a public instance

Jami

GNU Jami is a peer to peer messenger which supports voice and video. It's end to end encrypted it doesn't need any server to work.

Group chat

IRC

IRC is the perfect tool for group communication. Simple, fast, well supported and there are a lot of clients to choose from. You don't need an account to access an IRC channel, which is nice. It can work over I2P if you need anonymity. If you need more advanced features like voice or video, look in this section. IRC is just enough for group communication and it has been the gold standard for more than 20 years.

Social Networks

The best social network is your own blog with an RSS feed. Please consider that if you have something to say. In Social Media, even the free software ones, posts are ephemeral and they will stop reaching people after they are a few days old. This is by design. It is good for trivial conversations or for sharing your cat pics but it should never replace blogs.

Mastodon

Microblogging platform, similar to Twitter, but decentralized. It is not owned by anyone since there are multiple servers operated by different people and you could set up your own. It's free software and it's part of the Fediverse.

Pleroma

Pleroma is another microblogging platform, with a different UI and more features than Mastodon, like reactions, private chats and more. Since it's part of the Fediverse, you can interact with people in Mastodon without any problem.

Pixelfed

Also part of the Fediverse, Pixelfed is image focused, being a good alternative to Instagram. Even if Pixelfed is more "Instagram-like", it federates with Pleroma and Mastodon. This means that you can follow and interact with people in Mastodon or Pleroma from your Pixelfed account.

Blog software

--- WIP ---

Search Engines

Read our in depth comparison of search engines for a more detailed analysis.

SearX / SearXNG

SearX and it's fork SearXNG are a self-hosted metasearch engine which fetch results from other search engines. This allows you to be private while getting results from different sources and avoiding censorship. It's probably the best option when it comes to search engines because any other search engine you like, it may be added to SearX.

Be sure to avoid Cloudflared instances or even better: use a .onion instance.

Note that SearX results may vary depending on the configuration of the instance, you'll have to test a few to choose the best one

Metager

Use only the .onion service, the clearnet one stores your IP

Possibly the best search engine that uses the Bing results. It's free software, there's an option to open the sites in an "anonymous" or sanitized way, and decent privacy policy if you use the .onion domain.

Mojeek

An independent search engine with it's own index, decent privacy policy and acceptable quality of results. A decent overall option, although better used through SearX.

Alexandria

Other independent search engine with it's own index, based on common crawl. The engine is free software and written in C++. The results quality is surprisingly decent. They don't seem to store anything by default.

DNS resolver

Mullvad

Mullvad provides their DNS services for free. They claim to store no logs

BlahDNS

A hobby Adblock DNS project with DoH, DoT, DoQ, DNSCryptv2 support, DNSSEC ready, Yggdrasil, OpenNIC support, prevents CNAME Cloacking and claims to store no logs.

VPN provider

VPNs shouldn't be blindly trusted! They are good for hiding your traffic from your ISP. But you can't really know if they're keeping logs or not, they may be analysing your whole traffic. So be careful and consider using Tor instead.

Mullvad

Mullvad is always the recommended VPN for privacy. They claim to store no logs, that they not share any data with third parties and they accept Monero and cash payments. Probably the closest you can get to a good VPN provider.

IVPN

They claim to store no logs and they accept Monero and cash. They support Wireguard and IPv6. It seems to be a good VPN provider overall.

Xeovo

Warning: Home page is Cloudflared

Xeovo can also be considered a good VPN provider: Monero is available for payment, they claim to no store logs and that they don't share data. The main advantage is that they provide shadowsocks proxies for countries that block VPNs. But it's Cloudflared, so better avoid it if you don't need any of it's exclusive features

Hosting & Domain

Hosting

Njalla

Njalla requires non personal information to sign up, it has an onion domain and they allow payment in Monero. But their site requires JavaScript and their VPSs are expensive

1984

Icelandic hosting provider. Their prices are good and they accept Monero as a payment. No onion domain.

Domain

We encourage you to also host your site in Tor and I2P. Those require no domain!

Njalla

Njalla is also a domain registrar. Remember to use their onion domain.

"Cloud" Storage

--- WIP ---

Video Hosting

--- WIP ---

Private frontends

If you use Librewolf or Ungoogled Chromium, try Libredirect which will automatically manage privacy frontends and redirections for you. If you use Pale Moon you may need to setup custom rules in URL rewriter.

Invidious

Invidious is a private frontend for Youtube which can work without JS.

Nitter

JavaScript-less private frontend for Twitter

Bibliogram

Private frontend for Instagram, even if most content in that site is worthless

Teddit

Private frontend for Reddit without JS. It also looks even better than the old Reddit.

Rimgo

Private frontend for the image hosting site Imgur.

Wikiless

Yes, Wikipedia also spies on you. Wikiless is a private frontend with an older (and better) UI.

Scribe

A private frontend for Medium. Medium has been trying to centralize the blog ecosystem which has always been decentralized. Please, do not use Medium.

Librarian

A private frontend for the bloated and spyware Odyssey.

Password Managers

--- WIP ---

DNS clients

--- WIP ---

Anon Networks

--- WIP ---

File Encryption

--- WIP ---

File Sharing & Sync

--- WIP ---

Taking Notes

--- WIP ---

XMPP Clients

--- WIP ---

Torrent Clients

Torrenting is prosecuted in some countries. Consider using a VPN to avoid legal problems if you're torrenting. Remember that VPNs do not provide anonymity!

Qbittorrent

A multiplatform Bittorrent client with a lot of features. It has a uTorrent like UI but without the adware or the spyware that uTorrent has. Probably the best torrent client for those that have only used uTorrent.

Transmission

A lightweight and feature complete Bittorrent client. It has a GTK frontend for those that prefer GUI clients, but it also has a CLI version.

BTPD

The Bittorrent Protocol Daemon. If you were looking for a minimal Bittorrent CLI client, you'll love BTPD

Download Managers

--- WIP ---

RSS readers

--- WIP ---

Backups

--- WIP ---

Gemini

--- WIP ---

Gopher

From Wikipedia: The Gopher protocol is a communication protocol designed for distributing, searching, and retrieving documents in Internet Protocol networks. The design of the Gopher protocol and user interface is menu-driven, and presented an alternative to the World Wide Web in its early stages, but ultimately fell into disfavor, yielding to HTTP.

Gopher Browsers

Gopherus

Gopherus is a free, multiplatform, console-mode gopher client that provides a classic text interface to the gopherspace. Gopherus is published under the '2-clause' BSD license.

Gopher servers

Gophernicus

Gophernicus is a modern, full-featured and secure gopher daemon. It has special security features for OpenBSD and it supports encryption.

Motsognir

Motsognir, a robust, reliable and easy to install gopher server. Written in ANSI C, will run in any POSIX OS, all the configuration is done in a single config file.