Table of Contents

• Definitions
• Universal Requirements
• Backup & Cloud Storage
• Books & Documentaries
• Browser Extensions
• Desktop Settings & Apps
• Email Aliasing
• Encrypted Messaging
• Links & Resources
• Mobile Settings & Apps
• Multifactor Authentication
• Password Managers
• Payment Masking
• Podcasts & Videos
• Voice-over-IP (VoIP)
• Virtual Private Networks (VPNs)
• Web Browsers

Criteria

Every service we recommend must meet at least the following criteria.

Definitions

Because many words and phrases can be subjective, we have clarified some of our usage here to avoid confusion.

• Actively maintained - A developer (or development team) who is regularly updating and improving the project, and who engages with user feedback such as bug reports, feature requsts, etc. We do not impose specific timelines on this definition as different projects require different update frequencies, and different development teams have different resources available in terms of time and expertise. However it should be easy to prove that the project is still being maintained to qualify.

• All operating systems - Debian, Fedora, Mac, Windows, Android, and iOS.

• Anonymous sign up - Sign up does not require possibly identifying information such as a SIM phone number, real name, or credit card. VoIP numbers, masked email address, and cryptocurrency are acceptable forms of verification.

• Big Tech - Large technology companies that engage in privacy-averse practices, such as collecting more data than necessary, selling targeting ads, and more. Companies include but are not limited to Google, Amazon, Facebook, Apple, Microsoft, Discord, Snapchat, TikTok, etc.

• Ephemeral messaging - the ability to set messages to automatically delete from your device (and usually recipient devices) after a certain period of time.

• Metadata resistant - The service has taken significant steps to reduce the amount of metadata can be collected by an inside actor, legal order, or adversary who intercepts traffic in a default state (that is, without exploiting any additional zero days, vulnerabilities, or other significant efforts outside the typical operation of the service). This could include (but is not limited to) things like using multi-hop architecture to hide the sender’s IP address or not logging message history. IMPORTANT NOTE: This is a broad criteria. Exactly what metadata is obfuscated and how varies from service to service. Readers should never assume that all metadata is protected or even that all services obfuscate the same metadata. Please consult the service in question for more details about what metadata they protect and how.

• Recently audited - code was examined by a qualified, independent, third-party auditor within the last 5 years and results were publicly released in a complete, comprehensible form

• Source available - the overwhelming majority of the source code is available for review by anyone to audit, suggest improvements, or report vulnerabilities. Any proprietary bits should be kept to a minimum and should have a valid reason for keeping them proprietary, such as licensing requirements of the code being used or for security reasons (ex, Signal keeping their anti-spam features hidden to slow down spammers finding workarounds).

Universal Requirements

• Must be actively maintained
• Must be available on all operating systems (where applicable). Web apps acceptable for desktop, though not preferred.
• Mobile apps must be available through the Google Play and/or Apple App stores (where applicable). F-Droid and/or APKs preferred for Android devices.
• Recommendations must be source available (at least on the client side) unless few or no such alternatives exist.
• Proprietary recommendations must have an established history or assurance of respecting user privacy and data sovereignty, or must offer significant features not found in their source available counterparts that would be beneficial for a typical threat model
• Services should be accessible to individual end-users. Services like realtime messaging, password managers, or email often have a B2B component. This is fine, but they must also have a consumer-facing arm for individual end users to easily join and use the service.

Backup & Cloud Storage

• Must offer a free plan
• Must be zero knowledge
• Must target consumers (ex, there should not be an abundance of talk on the main pages of the website about APIs, compliance, and other topics that would not be of interest to an average consumer)

Books & Documentaries

• May be exempt from the “must be actively maintained” rule, however must be no older than 5 years or must be provably still relevant and accurate
• Non-fiction only
• Educational content only

Browser Extensions

• Must improve user privacy and/or security significantly to the point of offsetting the risk of additional browser fingerprinting enabled

Desktop Settings & Apps

• Recommended settings changes must reduce the amount of data submitted to the developers or must improve device security against common threats
• Recommended settings changes must not break functionality

Email Aliasing

• Email aliasing is not the same as temporary or burner emails. Email aliases must offer persistent email addresses that forward to an existing inbox for long-term use and easy management
• Must allow users to initiate a new email conversation from an alias
• Must allow users to create a realistically large number of aliases (at least hundreds)
• Must at least offer a web portal to manage the account and aliases
• Must support PGP encryption

Encrypted Messaging

• Must have end-to-end encrypted one-to-one messaging enabled by default
• Ability to export messages (email-only, realtime messengers encouraged)
• Must support custom domains (e-mail only)
• Must support ephemeral messaging (realtime messaging only)
• Must be metadata-resistant (realtime messaging only)

Links & Resources

• Must be directly relevant to individual data privacy and/or cybersecurity

Mobile Settings & Apps

• Recommended settings changes must reduce the amount of data submitted to the device manufacturer, cell carrier, and/or app developers and/or must improve device security against common threats
• Recommended settings changes must not break functionality

Multifactor Authentication

• Hardware keys are excempt from the “must be actively maintained” rule due to the fact that many obtain security by not pushing updates
• Must offer the ability to export seeds

Password Managers

• For the user-friendliness of the target audience, stateless password managers are not permitted
• Must support creating, storing, importing, and exporting passkeys
• Must offer tools to help identify potential password vulnerabilities such as weak, reused, or breached passwords
• Must be recently audited

Payment Masking

• Must allow the creation of at least one credit or debit card that allows the user’s real banking information to be protected against card skimming or theft

Podcasts & Videos

• Must be actively producing content
• Educational focus on content
• Non-fiction content only

Voice-over-IP (VoIP)

• Must be capable of making and receiving calls, SMS, and MMS to “regular” phone numbers
• Must have a first-party mobile app
• Must target consumers (ex, there should not be an abundance of talk on the main pages of the website about APIs, compliance, and other topics that would not be of interest to an average consumer)
• Excempt from “all operating systems” requirement, only required to be available for mobile devices (desktop apps preferred)

Virtual Private Networks (VPNs)

• Must not keep logs
• Must have source-available clients
• Must offer ad/tracker/malware blocking in some reasonable capacity
• Must offer at least one form of anonymous payment (cash, Monero, or ZCash)
• Apps must be available on all operating systems

Web Browsers

• Must be capable of auto-update
• Recommended settings changes must improve user privacy and/or security while causing little or no breakage on commonly used sites