What are /r/PrivacyGuides' favorite Products & Services?

From 3.5 billion Reddit comments

Yeah pretty much all of those.

https://www.deviceinfo.me/

On firefox most of my info is either spoofed or unknown. I'm in strict mode with ublock origin (medium), localcdn, canvasblocker, and temp containers, no about:config settings.

I use: https://mailbox.org/en/ You can get an e-mail ending with @mailbox.org but I have bought a domain some where else which I am pointing at Mailbox. I really like the way the calendar, mail, text editor and tasks work. I use this mail for personal communications. I also have a free Outlook mail which I use for subscriptions and stuff like that.

In /r/privacytoolIO, before the move, I saw Posteo & mailbox.org recommended all of the time actually. I don't know about "no love".

That being said, Tutunota and ProtonMail gets recommended more often because they have free accounts, making it easier for people to transition from another free account.

This is great, but I hope browser devs make their settings tweakable like HTTPSE is. The Chromium version of Decentraleyes needs "force encrypted connections" disabled on their supported CDNs to prevent conflicts.

From the GrapheneOS website :

>LTE-only mode
>
>If you have a reliable LTE connection from your carrier, you can reduce attack surface by disabling 2G / 3G connectivity in Settings ➔ Network & Internet ➔ Mobile network ➔ Preferred network type. Traditional voice calls will only work in the LTE-only mode if you have either an LTE connection and VoLTE (Voice over LTE) support or a Wi-Fi connection and VoWi-Fi (Voice over Wi-Fi) support. VoLTE / VoWi-Fi works on GrapheneOS for most carriers unless they restrict it to carrier phones. US carriers other than T-Mobile tend to be missing these features due to us not including their proprietary apps.
>
>This feature is not intended to improve the confidentiality of traditional calls and texts, but it might somewhat raise the bar for some forms of interception. It's not a substitute for end-to-end encrypted calls / texts or even transport layer encryption. LTE does provide basic network authentication / encryption, but it's for the network itself. The intention of the LTE-only feature is only hardening against remote exploitation by disabling an enormous amount of legacy code.

As a general rule, it's best to avoid relying on normal calls and SMS.

Buy a tablet supported by LineageOS. Here's the list:

https://download.lineageos.org/

They have a good number of supported tablets. I don't see how you could be compromised by any of these vendors if you use a custom ROM, they should all behave the same. If you must use Google Play services, preferably use microG.

Any calendar app will do, just remove its internet access and it should work fine.

I recommend https://play.google.com/store/apps/details?id=com.simplemobiletools.calendar and their other amazing apps (can get all PRO versions on F-Droid for free) https://www.simplemobiletools.com/

Yes, and while the other reply provides a good explanation, I'll provide a bit more. Currently, ProtonVPN is funding its free plan with its paid users, but their free plan is quite limited. You cannot stream on it, you cannot use P2P on it, and you can't use their Tor-over-VPN feature or secure core (as well as a handful of other paid features). Additionally, the free servers are always receiving incredibly high traffic, leading to low bandwidth for each user. They basically offer the free option as a stepping stone to their paid plans, because the price of their privacy in the free plan is the traffic of their servers.

It actually can hurt in regards to fingerprinting. If you're using a VPN you would preferably be using the DNS they provide. As for non-VPN users, one should preferably be using none or a popular resolver.

https://grapheneos.org/faq#ad-blocking

If you're using a hardened browser, your fingerprint will be spoofed and changed with each session refresh. You can check out a site like https://coveryourtracks.eff.org to see what goes into a fingerprint, as well as confirm that your fingerprint has changed following a session refresh. However, don't get hung up on the various numerical values displayed because they most likely don't mean what you think they mean, and they won't help you accomplish anything. I've watched people get sucked into that website, obsessing over all the header fields, and the numeric values associated with them, and at the end of the day they accomplish nothing. You'll probably find the most value is the About section of the site. They go into detail about how fingerprinting works, and how their testing works. The tests themselves are mostly useless, but understanding how those tests work, and why is invaluable.

I think the problem is even worse - apparently they aren't respecting their privacy policy. They state:

> In order to function properly, Canary Mail for Mac, iOS and Android accesses your name, email address, credentials (such as OAuth access tokens for email servers which support them), and email content. All of this information is stored on your device and is never transferred to our servers.

> To communicate with you about the Services: If you sign up to receive news from Canary, we may send you emails regarding our latest products and services.

However, your email address will be *automatically* sent to their server upon adding your email account to the app. The process doesn't ask for explicit user consent as they only ask you to agree with their privacy policy.

Note: This happens even when I set up my account with "fetch" mode.

https://web.archive.org/web/20211116063142/https://canarymail.io/privacy-policy.html

Chrome puts Safari in their user agent due to the complex history of user agent.

It seems the OS detection in deviceinfo.me is broken, my very common OS is clearly listed in the user agent yet they can't see it. So does the browser build detection, your user agent clearly shows the version. I doubt the reliability of their other detections, just compare the output of https://coveryourtracks.eff.org/ to a vanilla install or ask your friend to load it on their machine.

https://bitwarden.com/help/article/about-send/

Bitwarden Send

You can upload the file and it’s encrypted of course, share a link with someone and can control how many times the link is accessed and when it expires. You can also add a password to be used after following the link before getting the file

1. Yes on most smartphones.
2. It is way better to use Lineage or some variation of AOSP. It's fully open-source and it doesn't ship with Google / manufacturer tracking and bloat.
3. Yes, but that would be difficult. If you stick to a tutorial, there won't be a problem.
4. I don't understand how warranty has anything to do with privacy... Anyways, using open-source apps and using a tracker blocker are already good ways to improve privacy.

Another alternative you could consider is Zulip. Unlike Element/Matrix it does not support E2EE (at least as far as I know) but it is fully open source software with a pretty active community. Also unlike Mattermost they provide free cloud hosting and don't lock certain features behind non-OSS enterprise versions.

Zulip/Mattermost are probably a bit more full featured than Matrix/Element but Matrix/Element are built around E2EE and federation.

FWIW Element/Matrix is the only one of these identified on the site connected to this subreddit: https://privacyguides.org/software/real-time-communication/

I've used both K-9 and FairEmail. I prefer FairEmail.

If you have privacy concerns with auth2 in FairEmail you can manually setup an account and use IMAP or POP.

FairEmail attempts to recognize and disable tracking images.

>K9 has options for disallowing any picture or graphical or HTML content

One of my favorite things about FairEmail is the developer, Marcel Bokhorst. I contacted him about a bug I found in Audio Recorder that wasn't working as expected with FairEmail and he successfully got both apps updated in 24 hours. I made a suggestion on making a small adjustment to how delayed messages are sent and he said he would consider it as a low priority item, he implemented it in one week. He responds to most emails in one day, updates/improvements are pushed out several times a month, and the Pro version of FairEmail is a "buy once" monetization model - totally worth it.

It's a fully sandboxed app following the same rules as every other app. It can't do anything that Google Camera or another app can't do themselves. The whole point is that you aren't making sacrifices compared to simply installing any other app. Google Camera only requires GSF, not Play services and the Play Store. You can take away the Network permission via the toggle added by GrapheneOS for both GSF and Google Camera. You should try our modern GrapheneOS camera app first. There's a detailed guide:

https://grapheneos.org/usage#camera

You only need Google Camera if you need the particularly fancy features and we'll have many of those including Night Sight and Portrait mode likely within the next year via CameraX extensions.

GrapheneOS has a great modern camera app included out-of-the-box. It has far less need for Google Camera than CalyxOS. Our documentation has an extensive guide on using our camera app and a comparison to Google Camera listing the additional features it provides.

https://grapheneos.org/usage#camera

Google Camera only requires GSF. It doesn't require Play services (GMS) or the Play Store. Network access can be removed for both GSF and Google Camera.

Our recommendation for most people is using the modern GrapheneOS Camera app which replaced the legacy AOSP Camera app.

I know you've probably read it, but it's worth reading about why from the GrapheneOS team. Phones are a serious expense for some people, and I understand the desire to make the most out of your devices, but I'd recommend buying one of the supported devices if you can... second-hand they can be quite reasonable.

OpenKeychain is what you want. It does public key cryptography and support multiple recipients so you should not have to share any keys after everyone imports everyone else's keys.

It makes files conforming to the popular OpenPGP standard so you can use the files on almost any existing platform. Not just Android or even smart phones.

Yes you can definitely run whonix without qubes, it is just supposed to run in a VM, it can run even on windows:

https://www.whonix.org/

Qubes is often coupled with whonix because it is a good match. Qubes run all of your applications in different VMs (Qubes) in different so called "domains". So you would have a "whonix domain" that runs everything through tor. It uses the Xen hypervisor which makes it very secure, and completely separate from other applications.

>How is Graphene able to re-lock the bootloader?

Because you install GrapheneOS's custom signing keys during the install process. It's something any ROM can do, but basically only Pixel devices can do it, so other ROMs seem to ignore this basic security feature because 99% of the phones they support can't do this.

>How does Sandboxed Play Services work?

In my experience, they pretty much don't ;)

To be fair, they are quite new and have probably improved a bit in even the last month since I last tried them. Basically you install the official Google Play applications, but Google Play isn't given any special system-level integration into GrapheneOS, making their security pretty great. You can read about them here: https://grapheneos.org/usage#sandboxed-play-services

The problem is that unlike MicroG which can use non-Google providers for a lot of data, like location APIs for example, you are still using official Google Play clients and connecting to Google, which is probably a no-no when it comes to privacy.

>But there are some apps that I want to stay, those apps are Twitter, Reddit, Snapchat, and Bitmoji. I want to know, are they safe?

Twitter can be acessed from Fritter app for android or Nitter website

Reddit can be acessed from Infinity/Slide app for android or Teddit website.

idk about snapchat or bitmogi.

​

>should I use Firefox Focus or switch to normal firefox with extensions?

Neither. Use bromite or Mull.

​

> is ProtonVPN in your opinion a good VPN?

I believe so. Watch techlore's youtube video about best VPNs. This guy tested most, if not all of them.

Privacy browser on F-Droid is excellent and opensource with adblocking built in and allowing you to block javascript in a site-dependent manner with a simple toggle at the top of the page - for when sites break too badly with no javascript.

It also has a good full screen mode and dark/light mode for webpages.

I also have Bromite, but almost never use it since the above is so good.

Bruh just use this filter list for uBlock Origin. One less extension and have never seen a cookie warning in a long time.

https://www.i-dont-care-about-cookies.eu/abp/

You can also try Ferdi (hard fork of Franz with all features enabled always without payment) as an alternative to a paid Franz account.

(Full disclosure: I am a git comitter to Ferdi.)

>I’m aiming at a moderate to high level of privacy and security out of principle, general privacy, [...]

You're missing the second part of this statement, which is who you desire moderate/high privacy/security from. For example:

1. If you are concerned about the Swiss government wanting to know the IP address you use to connect to ProtonMail, then you should not use ProtonVPN. If that is not a concern for you, then it doesn't matter.

As far as the other questions:

1. I don't believe there is if you use Bluetooth. I wouldn't really be worried about Bluetooth-related attacks if you keep your machine up to date, but there's pretty much no avoiding your device being detected by things like beacons if you are transmitting anything wirelessly.

2. Is an antivirus client worth considering? You already use two, I think you should be covered. Without knowing what your "needs" are I don't see how anyone would be able to give you input on your Tor/Whonix/Tails problem.

Bro did you get this off a carding forum or something? Lmao you don't need to have any of this unless your doing illegal shit.

Use a VPN like Mullvad, ProtonVPN, or iVPN. Use multiple browsers like Hardened Firefox, Librewolf, and Brave to compartmentalize your online identity.

Honestly everything you need to know is on

RDP to another computer is basically adding another hop to your internet traffic. This is only effective at slowing down three letter agencies if its not in their jurisdiction. Anyone else does not have the capability of monitoring all ISPs. This RDP computer is called a jump box in the case your thinking of using it.

AntiDetect is mainly used for online fraud because of its ability to mimic other peoples browsers. You don't need to pay for this and if you got it for free your PC is infected. The browsers listed above work for standard online privacy. Tor with JavaScript disabled is your next best step.

Those apps work fine on GrapheneOS. In fact, most apps which work on stock Android will work on GrapheneOS thanks to sandboxed Play services. To ask about specific app compatibility, I'd recommend asking in the community Matrix rooms in the off-topic channel - the community is friendly and helpful, and the devs often pop in to answer questions.

From what I read, graphene does not allow microg, instead there is a sandboxed layer with profiles https://grapheneos.org/usage#sandboxed-play-services

I tested graphene and it is slightly difficult to switch profiles and some apps didn't start.

I am not saying one is better than other. Just saying OP to try it and if its fits his usecase, fine.

- From what I have heard, uMatrix is no longer being supported unfortunately, so I haven't used it.

- Anti-XSS is supposed to be "cross-site scripting attack" defense. More and better info is available on the NoScript website. They claim that NoScript is the only proper solution to protect against XSS. I'm not all that knowledgeable on this topic, so you may be right that uBlock covers this specifically.

If you just want Google results have you considered using Whoogle instead? There are several public instances.

> gives me results as good as google

If this is your expectation going in you might have a bad time. Google's results are only as good as they are because of all the data they gather on you.

If you're just proxying the results, even if they come from Google, they'll never be as good at the end of the day. Though they should still be serviceable 99% of the time.

The best solution is to write the text in your text editor and then copy it into your browser. There are also other solutions, but they don't work really well:

• https://github.com/vmonaco/kloak
• https://www.whonix.org/wiki/Keystroke_Deanonymization

> You're spreading misinformation

I could say the same to you.

> Qubes is Linux. How do you not even know such a basic fact?

Qubes is not a Linux distro. Read their FAQ https://www.qubes-os.org/faq/#is-qubes-just-another-linux-distribution

> Security is really complicated!

It is, and security is more than simply being open source.

Linux does not have CFI, verified boot, sandboxed apps and more.

Also, the server security model and the desktop security model are completely different.

> BSD is among the most widely recognized OSes for security

BSD is not a single OS. Each BSD variant is completely different.

https://www.irfanview.com/

It can change formats, change sizes, change the names all automatically. And a lot more.

It’s free. I’ve been using it for years.

And there’s a portable version.

https://portableapps.com/apps/graphics_pictures/irfanview_portable

But it only does pictures not video.

Few months ago I was thinking about the same thing, how do i encrypt my files before I upload them in cloud storage, and the result of the search I found this.

BoxCryptor

It would be nice if someone can tell us if they have tried this service,

>Your Posteo account credit is always added anonymously – regardless of whether you pay by bank transfer, PayPal, credit card or in cash. The data that we receive with payments is not connected to the email accounts.

Source

So the only traceable thing is that you paid for an account at some point. Not for which one in particular. If your threat model allows this minor info then you can choose any payment method you want.

I wouldn't recommend it over Logseq unless you need a seriously hyperminimalist text editor that can support a small window size - I use it for creative writing and non-distracting note-taking. But if anyone wants, it's here.

I find FeedMe app on android very useful. It doesn't have any trackers or analytics collection. On desktop I use NewsFlash (Linux). Having a self hosted miniflux instance .. Both client communicate through fever api of miniflux

Thanks for letting me know. It can't be rest. They automatically deleted my other email data when the account was approved. So my password reset is going to my disroot.org email which I can't log in to in the first place.

Well each case is pretty different and i cant really give you any meaningful advise outside of general ones because im missing a lot of info which for sure you should not share with me, like where you live, what areas you frequent, websites you visit etc.

Honestly try to confirm whether someone you know is relaying info to them. Basically cross out any real world factors, all you can think of.

With that taken care you should try anything you can to limit your online activity. I guess you dont really know why and how they are finding out stuff about you so just start using signal, use a different email such as tutanota or protonmail. You should also definitely change your phone, its about time i think if you can. 4 years is a lot!

Maybe these family members of yours have some ties with someone at your workplace? Its not unusual for companies to spy on people, mine started using a software packager some time back when covid hit. Unfortunately for those fuckers they forgot that their workers are all software engineers so it was quite easy to find what they were tryna pull. Ive seriously seen way to many companies spy on workers nowadays, check if yours is doing the same.

Tldr ; start small and change WA with signal, use alternative email providers and see if your family members know anything they should not. If they dont you can rest easy, if they do change isp‘s, phone, check out these guys and learn how to use Wireshark so you can start analyzing your connections on your laptop/pc whatever you use. Cheers and keep calm, dont let these people take even an inch.

Firefox does by default but you can change all the telemetry through about:config, including changing url addresses

Chromium doesn’t let you do that

Ungoogled chromium really is the best option for a chromium based browser. Pretty easy to use but you will have to install extensions store. The chrome://flags are awesome and this list includes most of the ones to change. I would personally add in the “Clear data on exit” flag and some like remove “show avatar button”

https://avoidthehack.com/how-to-install-configure-ungoogled-chromium

https://github.com/Eloston/ungoogled-chromium/blob/master/docs/flags.md

The best thing I have found so far is Multcloud. Even tho their privacy policy seems relatively good, I'd still prefer to have foss dektop/mobile software for it. I really did not understand why some users of this sub insist on downvoting this question post but thank you for your effort and time to tring to help me out, much appreciated.

• Disable google history, ads, location, etc. This slightly decrease google data collection.
• Add Decentraleyes and ClearURLs extension. This block cdn and tracker on URL.
• Use ProtonVPN on phone. This hide your ip address. Don't use closed source vpn liks samsung.
• Set private DNS on your settings. Adguard and Nextdns are the popular one. This hide the site you visit from isp.
• Don't use google/fb apps, use them in browser, with different profiles or in a container. This block local cookies to track you. Or else, just use foss alternative

I'm too lazy to provide links, just duck it, it should not that complicated. I guess those already an infant step to become less-non-privacy-concerned user

I dropped them after they got bought by Kape ().

I'd just go with Mullvad, Proton or IVPN. Those are regarded as the good VPN's.

Not sure how others feel about this VPN provider, but I did visit a datacenter they operated out of. The datacenter employees even said they don't store logs, and had to tell claimants the same.

Private Internet Access

Sorry to hear that. I had the same issues with SurfShark, plus their speeds were bad. I've had a much better experience with ProtonVPN. Speeds are much better, streaming from any region hasn't been an issue at all. They said they were introducing their "Stealth VPN protocol" that hides that you're using a VPN, but I haven't seen it in practice yet.

With the rise of VPN usage, I don't understand sites that block VPN traffic still. They're just making it more difficult for everyday users.

1. Unless something has changed recently, the iPhone/iPad version of DDG is, afaik, just a browser with built-in ad and tracker blocking. It won’t do system-wide filtering like it does on Android. Apple’s own Safari tracker blocking is pretty weak. For decent ad/tracker blocking in Safari, you should install a content blocking app/extension like AdGuard (my recommendation), Wipr or 1Blocker.

2. For something that works with a VPN, it would depend on what options/features your VPN provider offers with their own iOS app. Providers like Mullvad and IVPN offer some blocking toggles in their official apps. You can also set up a DNS filtering service (like NextDNS) and have it work with your VPN by inputting the address in the “Custom DNS” option in the apps (Mullvad requires the IPv6 address while IVPN supports DNS-over-HTTPS url strings). DNS filtering works system-wide and not just within Safari, although there are limitations (won’t work with the Youtube app).

There aren't really any good options without a VPN of some kind, honestly. You can change your timezone, user agent, block canvassing, etc., but that IP is going to give you away every time.

ProtonVPN does have a free tier--it is slow and limited, but it is free, logless, and from a very reputable provider.

If you are open to paying, Mullvad is a great option. It's ~$5/mo., logless, extremely reputable, performs well, and they do not collect ANY info on sign up (no email, phone number, name, etc.) except your card info. So you could pay with a card or even go pay cash for a Visa giftcard and use that for payment, you'd be pretty well obscured.

If you want to, NextDNS can function with a DNS and is highly configurable. AdGuard’s DNS takes up your VPN slot on iOS. If you aren’t using a VPN, AdGuard could be a great option. If you are using a VPN, NextDNS works at the expense of trusting another 3rd party. Just pros and cons to weigh.

If my main concern was adblocking I would probably just use a VPN (Proton or Mullvad), NextDNS, and Adguard Pro.

One thing that can cause fluctuations is the amount of people using a given server. So let's say a company offers a free tier, you can expect a lot more people trying to use it at the same time, versus having servers exclusive to paying customers.
Yes, Mozilla VPN is just rebranded Mullvad. You can argue it's worse to choose Mozilla VPN from a privacy standpoint, since you're subject to their privacy policy & practices.

Mullvad offers anonymous payment options and it generates an anonymous, random account so you never give them any personally identifiable information.
Additionally, I noticed users say that the official Mullvad client has more features (not sure personally, as I haven't used it in a long long time).
I choose to support Mozilla, and it was actually cheaper (than Mullvad) when I purchased a year's subscription.

One really cool feature you get by choosing Mozilla is automatically choosing a server based on the container you're in (in Firefox (desktop), ofc).

You can run tests on Mullvad site, when I’ve run them, it only ever shows that my DNS is ‘leaking’ because it’s using NextDNS rather than Mullvad, but no IP leaks, etc.

You can even use other VPN sites and use their test for leak option to see if your real IP leaks, mine never has.

SO these are my findings... I already previously had DNS-over-TLS setup on my router using NextDNS, uninstalled YogaDNS and custom dns browser configs, and tested without connectivity to VPN to verify it was truly encrypted by clearing logs and running some queries *Check*.

Now, in Mullvad I did configure the custom DNS to use my router gateway as you stated, interestingly when I ran the DNS leak test it shows my VPN address (like we want) and only using NextDNS server (like we want, awesome!)*Check*.

The interesting part is that NextDNS shows the queries coming from my public IP instead of the VPN IP (as it did when using YogaDNS with NextDNS configs). With that being said, I would be worried my public IP would be leaking somehow elsewhere. Would you agree?

It took some tinkering on my end too lol. I remember being happy when I got it working.

Wish I could recall step by step what I did. Did you try adding NextDNS to your router & just adding your home IP in the custom DNS field on Mullvad like I said?

If you can set up your router to use dns over https/tls, I don’t see why setting your Mullvad then to your routers dns wouldn’t work.

I don’t remember what I did exactly as it was 2 years ago, but I definitely encrypted my DNS. NextDNS tells you when your traffic isn’t encrypted.

Iirc, I downloaded a firmware update for my router (Merlin I think it was) that allowed me to use encrypted DNS with Mullvad.

Don’t really remember how I did it, but I know 100% fact it’s possible.

Not True, I have NextDNS set up on my router & I have it configured in my Mullvad as well to use my custom DNS settings rather than the Mullvad DNS.

Just go into Mullvad settings, go to use custom DNS & use your IPs DNS.

Works like a charm, been running it this way for 2 years now.

To my understanding your device, once connected to the VPN, will use the VPNs DNS servers by default unless explicitly changed within the VPN itself. You can also verify this by using DNS Leak Test.

Mullvad does not support custom DNS-over-TLS or DNS-over-HTTPS servers within the app iirc so to use those you'd have to change it in your device/browser.

If they rebranded a little and finally got audited (this one seems is actually coming soon), I think that they would be as highly regarded as IVPN, Mullvad, and Proton.

I do already but understand they need to present themselves more professionally before more people do as well.

I'm not an expert by any means, but I don't think that data on ExpressVPN is any more secure just because it uses RAM-based storage. It doesn't matter what the storage medium is if the servers would have to stay online all the time to provide the VPN services.

If the server stays on all the time, it means that data can be accessed at any time regardless of whether it's stored in RAM or physical hard drives.

The only way, in my opinion, to prevent data access would be to shut down the servers, which will also erase the data stored on RAM disks. I doubt ExpressVPN would do that.

At this point one is only safe running their own mail address on their own home server and routing everything through ExpressVPN (because it has no physical data storage but everything is RAM based). Right?

ExpressVPN is owned by Kape technologies, which has a recognised history of being involved in malware distribution. It also owns several other VPN companies such as CyberGhost, Private Internet Access, Zenmate, and a bunch of VPN review websites.

If that isn't a red flag, I don't know what is. IMO the best VPN services right now are Mullvad, Proton, and IVPN.

Tried the "big" one, NordVPN, SurfShark, ExpressVPN andCyberghostVPN. Firstly, all they were lying about geoblocking stuff on Netflix and alike. Secondly, some applications can’t work at all with VPN on and some site were either inaccessible or vpnblocked :( Thirdly, big company of the GAFAM and even Quora knowned everything I did only under the VPNs so that’s pretty bad :’(

If, one day, I will give another chance to VPN, I think I will try Mullvad

I mean their branding, literally. Their branding is not unprofessional but it’s not professional either. Compare their apps and website to those of IVPN&co. They were born as the Reddit Meme VPN. They are a little better now but they don’t present themselves as professional as they actually are.

I’m a happy Windscribe and ControlD user as you are. I just think that they should change their app and website look a little bit, to be taken more seriously by more users.

I'm a ProtonVPN and also Adguard Premium user. Adguard has better ad-blocking capabilities (includes tracking protection, malware etc) than ProtonVPN.

I usually set up ProtonVPN on my Flint (gl-in router) and use Adguard on my other devices at the system level (all major platforms). My routersupports Adguard Home (Open source DNS level ad blocking from Adguard), but I cannot use them when I use 's a bummer!

If outdoors, then I'll reply on Netshield from ProtonVPN.

ProtonVPN. I managed to get my email plan with them grandfathered into their new payment plans so now I just... have their VPN at no extra cost to my email plan, as long as I don't need to change it. Good deal haha.

Still, been waiting on Mozilla VPN to come to Aus since its release (long before i got lucky with Proton, per above) and no dice.

I think you could go around and use IKEv2 as from ProtonVPN with lockdown, custom DNS on top of that. But wireguard has less impact on battery use and better speeds. Also not recommended to have different DNS from VPNs

Proton Suite: Using Proton Unlimited Plan that includes a VPN, email, calendar and drive. Initially started with VPN but they upgraded my account to Proton Unlimited with this bundle. Moved from Posteo emai to ProtonMail. Using Proton Calendar as my primary calendar. I use ProtonVPN for security stuff including P2P, streaming etc.

Routers: Flint & Beryl from , I use Flint as my primary router that supports OpenVPN & Wireguard. Using Beryl as a travel router with ProtonVPN.

Password Manager: Bitwarden Premium with TOTP

I would gladly go back to Mullvad if they implement a protocol like protons new STEALTH. That protocol made a huge difference keeping my vpn up through corporate firewalls and content filtering.

I used Mullvad for several years without any noticeable issues. I’ve used proton mail for several years also but never used proton VPN until recently.

Switching from Mullvad to ProtonVPN, I immediately noticed the blacklisted issues. I run ProtonVPN on 2 devices about 10 hours per day, 5 days each week. I used Mullvad the same amount but noticed much fewer instances of being unable to access a website.

I don't know of any VPNs that are known to be reputable and properly rotate their IPs avoid getting blocked. I only know of two actually reputable VPNs, Proton and Mullvad, and from what I understand neither rotates.

In all probability you're likely better off spinning your own as an AWS/Alibaba instance for normal surfing since they can't block AWS/Alibaba and still have internet connectivity (those two run almost 80% of all internet services). As long as you're not doing a ton of large downloading, I don't think you'd even exceed the free intro credits in 6 months.

So, Mullvad would be around 124$ for 24 months and tutanota would be 24$. So, around 148$ for these 2. Proton is giving the same thing for 173$ with storage as cherry on top. Although, I hadn't thought of cloud storage but it would definitely be useful. A price difference is 30$ is significant but not that much if proton is actually worth it.

But seems like their server IPs are blacklisted by many websites which is less than ideal.

Strange, I've actually had the complete opposite experience. I used to use Mullvad and had issues with reliability. Speeds would vary significantly between servers, and the connections were typically unreliable. They would drop out, or in most cases, show that it's connected, yet my internet would not work until I disconnect and connect again (sometimes multiple times). It would happen sporadically.

I've been using Proton and the VPN for some time now on 5 different devices with zero issues and very fast connection speeds.

I would stick with a mix of different providers, especially if you use Linux. Proton treats Linux users terribly, and they also haven't been treating their paying customers particularly well, with how they shafted many of them to the inferior business plan when they introduced their newer plans (see here marketing with the recent Black Friday sale and I can't wholeheartedly support the company anymore.

​

Their VPN service isn't amazing either and pales greatly in comparison to Mullvad and IVPN, lacking features such as SOCKS5 proxy support. Not to mention, I wouldn't want to associate my VPN service with my email. Their mobile apps aren't even on F-Droid either.

Proton so so over priced it never makes sense and to get anything approaching more reasonable have to sing up for 2 years. Mullvad isnt a cheap vpn and yet they charge the same price per month with NO contract as proton charge per month if you have a 24 month contract! no thanks. tutanota + mullvad.

Proton Unlimited (grandfathered) subscriber here and I must say that ProtonVPN is the worst VPN service I’ve ever used. It’s very unstable (for me, anyway) on Mac, Windows iOS and multiple servers I’ve attempted to use it on.

Sticking to Mullvad for now. I have been using them for many years and the experience have been flawless on every platform.

Furthermore I’m not using ProtonDrive and won’t be until they’ve proven they can create a sync client without sync issues. Until then I’m sticking with Tresorit.

ProtonMail is really good though.

It depends on what you actually need: Proton Unlimited offers mainly [mail + VPN + could]. I you need all three services I think it's a very good deal, if you don't need the cloud you will probably save some money by using a separate VPN like Mullvad + Tutanota /

• Opt out any tracking option
• Reject as much authorization as possible
• Never sign in any Google, Samsung, <insert any data harvester here>
• Install fdroid - and use as much apps from there as possible (many are nice really) - and aurora stores
• Use privacy concerned services : Signal, Tutanota, Mullvad...

I honestly don’t know what VPN's bypass Google Home, good overall VPN provider are Proton VPN or Mullvad though. You could get your hands on a license of them and if they doesn’t work either, just get your money back (both providers offer a free month as far ad I remember).

If that VPN turns out to be not a viable option either, you could try to get a good, unflagged proxy instead of a VPN.

Well that's what kills it for me.

I learned from this post that Mozilla VPN was rebranded Mullvad so I was interested in supporting them even with the trackers and the Mozilla account.

But if I can't download the Wireguard conf then I can only stick to Mullvad.

The Proton bf sale isn't just an email alias, but an actual email (ie, with its own storage and you, can send directly from it, etc) which also comes with full e2ee assuming you're conversing with someone also in Proton Mail, and cloud storage too.

However, for the VPN part itself, Mullvad took far more effort to insulate themselves from any user information, no email, password, or even payment info is kept (thus no recurring subscription). On the other hand, that comparison isn't really valid if you're buying through Mozilla bundle because you'll be giving them your email and card info.

DNS level adblocking (E.g. NextDNS) can be helpful and more robust than some other options. A good combo can be something like NextDNS + AdGuard Pro in my opinion. You can also just go for the built in adblocking inside Proton VPN or Mullvad, or even layer it on top. Personally I often use all 3 layers on iOS devices.

I looked at using Lockdown, but it replaces your VPN slot, which is not ideal if you want to use a reputable provider. AdGuard DNS has the same problem on iOS.

I would just go with Mullvad. You can create the account anonymously and pay with cash or Monero. With Mozilla, you have to provide your email address and pay with more traditional payment methods, so no option for cash or Monero payments. Also, Mozilla uses trackers on its app while Mullvad doesn’t. Moreover, at least Mozilla’s Android app requires more permissions than Mullvad’s (13 vs 4).

OS: Any debian derivative I feel like using for my device.

Browser: Firefox + uBlock, uMatrix, Decentraleyes, and Privacy Badger. I also use Tor Browser.

VPN: Mullvad

Office tools: LibreOffice

Email: Protonmail + Thunderbird

Media: VLC

Music: Clementine

Cloud: I have my own hard drives that I have collected over the years, so I store things locally. If I will be away from home for a while, I set up a method of accessing them remotely.

Phone: LineageOS, no GAPPS. Most utilities are from the SMT suite.

Search Engine: DuckDuckGo, Searx, and Google as a last resort

IDE: Monodevelop

Unfortunately, I still have to use software like Discord, Unity, and Windows 10 frequently.

Anything else, I'll look up and use the most popular open source option for completing the task or use a tool provided by my OS.

Reddit: Sync (TestFlight Beta), I wish Slide was still being maintained though

Note: Joplin Notes

EMail: ProtonMail, Tutanota

Calendar: Proton Calender (TestFlight Beta), Tutanota

Photos:

Offline Maps: OrganicMaps

Podcasts: Podverse

AudioBook Player: BookPlayer

Cloud Encryption: Cryptomator Invidious/Piped frontend: Yattee

Video Player: VLC File

Sync: Mobius Sync (Syncthing Client)

Jellyfin Client: Swiftfin (TestFlight Beta)

AirDrop Alternative: KDE Connect

VPN: Mullvad, ProtonVPN

Safari Extensions: Amplosion, NextDNS

Email Alias: SimpleLogin

Hey, spent a lot of time on this myself. Here are some apps I would recommend you consider/evaluate. Generally I’ve steered away from self-hosting, and this list reflects that.

Reddit: Sync (TestFlight Beta) Note: Joplin Notes

EMail: ProtonMail, Tutanota Calendar: Proton Calender (TestFlight Beta), Tutanota Photos:

Offline Maps: OrganicMaps Podcasts: Podverse AudioBook Player: BookPlayer Cloud Encryption: Cryptomator Invidious/Piped front end: Yattee Video Player: VLC File Sync: Mobius Sync (Syncthing) Jellyfin Client: Swiftfin (TestFlight Beta) Airdrop Alternative: KDE Connect VPN: Mullvad, ProtonVPN Safari Extensions: Amplosion, NextDNS Email Alias: SimpleLogin

Not FOSS, but I still like them for privacy: Hello Weather QuickScan FoodNoms

ProtonVPN has been really solid for performance for long running processes for me, but their servers clearly get heavily abused and almost all of them are on VPN blocklists. I can't use them as day to day VPNs because so many sites blank screen responses during regular web surfing, but they work great for P2P traffic.

I haven't tried Mullvad, but with ExpressVPN (questionable after recent purchase by the VPN megalith that owns most other VPN services and all the VPN review sites) I didn't have the issue because it didn't let you pick your single server and they rotated to new server IPs regularly.

Unfortunately it seems it's a minimum requirement of VPNs to regularly change their server IPs or they become useless, and ProtonVPN isn't doing that. They're only useful for niche services now and streaming hasn't worked on any of them for a couple years.

The main product of Nord: NordVPN is a full out scam. Nord is really absolutely everything but a trusted company. Their marketing is full of lies and they sell a product that they simply do not provide.

Nice Black Friday Advert.

That said they made a good choice by going with Mullvad instead of trying to build their own. For those wondering it's essentially a white label resell.

/r/Windscribe is $29 for 1 Year. So $2.42 a month.

There's a similar app for Android, Safe Camera, which I've been using for a while now. Good to hear there's something similar for iOS users!

I typically provide specific recommendations for reputable VPN services to my friends and family who I have helped out with this stuff. I didn't do that here because that can change and whatever is updated on Privacy Guides will be mostly trustworthy as the times change. Everybody has the responsibility to do their own research if they actually want privacy. Signal is a no-brainer, password managers require research and it's shooter's preference. Browser and system settings depend on people's use cases and how they balance security and convenience.

Personally, currently, for VPNs I use Proton and recommend it Nord, and Mullvad for people who don't want to think too hard about it but also don't want their ISP's selling their "not actually anonymized" data. Will that always be the case? No. Times change, everybody should stay current with what services they rely on.

I’d recommend Proton Unlimited.

I was a Mullvad VPN customer for a bit and it’s very unreliable. Connection cuts out or drops, and I’ll have to disconnect and reconnect. Sometimes it’ll show I know connected but I have no connection and I’ll have to disconnect and reconnect again. Proton VPN stays connected and has faster and more consistent speeds. It’s also more rich.

Also Proton Unlimited includes SimpleLogin premium, and allows you to use custom domains on both SimpleLogin and Proton. You can also Create up to 15 emails on Proton.

Much thanks for the detailed reply. Looks like I’ll need to do a lot more reading since even my preliminary assumptions (next paragraph) were already wrong.

Always assumed that supervised mode was different from MDM, but after skimming some of ManageEngine’s documentation, it turns out they’re quite similar, which is a bit of a bummer.

I do have experience provisioning an On-Demand VPN back when I had a Mac and subscribed to a provider that offered IPSec/IKEv2, but ManageEngine’s documentation confirmed that it’s about as far as I can go since the per-app VPN profiles are only available for the corporate providers, like you stated.

I had hoped that, since I no longer have a Mac now, there was a service out there that I could employ to create and manage a per-app VPN profile pointing to a WireGuard instance I’ve rolled myself on a VPS, or ideally a provider’s server like Mullvad or IVPN (both of which I already have accounts with). Looks like it’s not a feasible option, based on what little reading I’ve done so far at least.

My ideal scenario for this iPad (my only Apple device) would be to tunnel my browsing (Safari) and some other apps through the VPN while leaving system/Apple apps and services out. Basically split tunneling like on Android, but with the additional enforcement abilities afforded by a supervised/managed profile to ensure the two are never mixed.

I’ve rambled enough. Apologies for making you read through all that.

Really appreciate the guidance you provided, sincerely.

It should be noted (if it already hasn't) that Proton bought out SimpleLogin. So if you get the Proton Unlimited, then you also get full access to premium SimpleLogin features. You'll also have access to paid and free ProtonVPN servers, which solves your Mullvad problem.

I have Proton Unlimited and I love it.

When it comes to streaming media, Proton is probably better as they offer specific servers that aren't blocked by streaming services. With Mullvad there isn't that guarantee. Also, since you are a student, the 500GB of encrypted cloud storage that comes with Proton Unlimited is definitely going to be helpful for storing assignments and other files securely.

In regards to torrenting, I don't remember how Mullvad worked. However, Mullvad doesn't really work for streaming services. There was maybe one US server that would work with Netflix. So if that is important to you, go with Proton unlimited. Proton VPN also works well with torrents, as long as you're using the servers that are made for torrenting (they are clearly tagged in the apps).

I tried this on Mullvad > Advanced > Use custom DNS server

But it only takes IP addresses? So I tried 100.64.0.3 which is recommended on the Mullvad website. But I'm still getting ads on some apps (like social media ones).

I use GraphenOS with Mullvad. I've enabled mullvads ad + tracker blocking by adding their custom dns server.

Have you tried that?

If not, just add 100.64.0.3 under Settings > Advanced > Use custom DNS server.

Is your phone rooted? I ask because it appears that AdAdway can run locally without a VPN configuration, which I'm guessing is the reason it can run alongside Mullvad? Otherwise, would it be one or the other? I just tried the VPN option for AdAdaway but nothing happens. And when trying the rooted option, it says that my phone is not rooted.

About the PiHole, would it cause any issues with smart TVs or other devices for my family members?

On the computer I am currently typing from this, I use ProtonVPN and have the killswitch enabled, so other than once or twice in the last three years, I always access the Internet through a VPN on the machine I'm using.

My main use case/threat model is not allowing the ISPs I use to see any of my Internet traffic.

Could Proton by lying about it's no logs policy/practice? Maybe. But ultimately *someone* is going to have access to your Internet activity, and I trust Proton far more than the ISPs that I connect with.

There's not many VPNs Id trust outside of 1 or 2 that I feel are the best options. Mullvad VPN doesn't require a name or any info. Your login is just a unique account number. You can pay w usual methods and even crypto if you prefer. Multiple options including monero. Can pay month to month too so no contract. Once I found mullvad I've never switched after that.

Others have already spoken to the privacy, i'll mention the performance, it sucks. I used it for years as my first VPN and i figured thats just how things were, going through servers in another country. Nope. When i switched to Mullvad i realized you don't actually have to have disconnects every week and terrible performance, and servers going down constantly.

To be fair, i was using it with a firewall, not the app, so i'm sure the servers changing all the time wouldn't have been as much of an issue.