.
.
TL;DR - if you read nothing else, please visit thatoneprivacysite.net and look at their VPN and e-mail service comparison pages. The Excel spreadsheet link lower on the page is HIGHLY recommended. Not only is it easier to view... it lists the specific reasons for the good/bad ratings.
-------------
When it comes to privacy you can pay twice. You get what you pay for... and you pay the price for not researching what you pay for.
My subjective goals: I want services that have decent compatibility and reasonable inconvenience. I am not looking for Cheyenne Mountain Complex-level protection for black hat activities. Just a good privacy plan and tools worth the learning curve and hassle. At this point I am only running Android and Windows on a daily basis.
Here are my notes and choices.
E-mail provider
Best comparison of alternative/privacy e-mail providers is
this e-mail comparison. Stellar.
My choice
ProtonMail paid account. A simple, direct user interface. One web login for all e-mail addresses. Ability to use 3rd party e-mail client and separately access each Proton e-mail address. Dedicated apps or “bridge” for Windows, MacOS, iOS and Android. Encryption keys can be retrieved. Available dual authentication for online login - requires your choice of one of several 3rd party apps running on a separate device (such as your phone) to receive a second, generated authentication code.
Inconveniences
1. Thunderbird, MS Outlook and Apple Mail are the only supported desktop OS e-mail clients.
2. Desktop OS requires a background process “bridge” from Proton. Step-by-step instructions on website.
3. Calendar sync works if you use Tbird/Outlook/Apple Mail. However there is NO external calendar support (Google Calendar, Outlook Calender, CalDAV, WebDAV, etc.) if you only use the web interface.
Web Browser
Desktop computers
Firefox for daily use convenience. While it is not ultra secure, privacy is one of the developer core considerations. Firefox is widely supported by major add-ons and extensions such as LastPass, AdBlock, etc. Open source allows quick patches from a huge community. Default settings require tweaking for best privacy.
Epic browser is arguably the most secure mainstream option. However it completely deletes history and browsing trails on app exit. There is a limited range of add-ons and extensions but LastPass is supported. You may gain some browsing speed due to blocked data mining scripts. You will have issues with sites that require ads and data mining to display content.
Android devices
Firefox Android for standard use. Chrome is disabled unless I can’t view content on Firefox.
Firefox Focus is the Android version of Epic desktop browser – except it doesn’t even store login info. Everything is erased on app exit.
Compatibility Note
I have found some of my work and home network-connected devices (new and legacy) require Internet Explorer, Edge or Chrome in order for me to access them directly or configure them for the first time. You can greatly safe these browsers by running the
Sandboxie app.
Search engines
Not as good as Google, but good alternatives are
DuckDuckGo and
Qwant.
VPN
The premier VPN comparison resource is
this VPN chart. Excel sheet link is best. Interesting to see how the zdnet, pcmag, etc. top recommendations stack up (or don’t and why they don’t).
Choice
Proton VPN is OK (not great), chosen for bundled billing with my Proton e-mail. Higher rated are IVPN and Mullvad but they have similar jurisdiction notes (they are operated in
Five Eyes or Fourteen Eyes territories).
Cloud storage/backup
SpiderOak is still my secure choice. They were one of the first to offer desktop and mobile apps for end-to-end encrypted data. There is no server-side encryption so they don't even have the encryption keys/password to hand over if court ordered. I don't use it for complete drive backup. Just online/offsite backup of personal work product, insurance inventory, legal, etc. 2GB free account.
I still use DropBox for ease of sharing between all computer and mobile devices. However I don’t store any privacy risk material there. I refuse to use Google Drive on personal devices.
Device encryption
Computers
VeraCrypt. While Bitlocker is a good, easy option I don’t have 100% faith in Microsoft.
VeraCrypt is the newer version of TrueCrypt. However some of my computers work better with old TrueCrypt, e.g., one Win7Pro laptop took 12 minutes to boot VeraCrypt to Windows login prompt. With TrueCrypt it takes 10 seconds to same login. TrueCrypt was rumored to have a backdoor for FedGod but it was eventally proven to not have one. However it is no longer supported.
Mobile devices
For now I use native encryption. SD card storage slows down if you are copying mass large files from a computer or from the phone to inserted encrypted SD card. But otherwise zero lag for app usage.
Inconveniences
1. With VeraCrypt I cannot login on a Microsoft Surface tablet without a keyboard attached. Don’t leave they keyboard at home…
2. Noticed larger (4TB) USB 3.0 encrypted drives transfer data at 20% speed of its non-encrypted self, but still fast enough for most work. *Note: there are no noticeable speed issues with encrypted system hard drives, just the USB-connected drives.
3. Vera/TrueCrypt’d USB drives require the respective app running on the host computer. Good idea to have your encryption software on thumb drive or in a DropBox folder.
Android phone/tablet OS
Sad to say the alternative/secure mobile OS scene for individuals is still fractured. There is no turnkey solution and some of the best options are limited to certain phones and tablets.
Lineage is an option but not without possibly giving up favorite apps… and learning enough to make it work and minimize security risks. Not every single Android device is supported; mostly phones and some tablets. The online Google Play store alternatives
Apkpure and
F-Droid do feature a lot of common apps. Even Strelok and other ballistic apps.
eelo seems to be the best developing attempt to completely replace Google-type architecture. It is no small feat to recreate the comprehensive modular system.
Rooting is an option and gives freedom to remove bloatware. However it requires the end user to be security savvy to help close resulting vulnerabilities.