
Curated List of Privacy Respecting Services and Software - nikivi
https://github.com/nikitavoloboev/privacy-respecting#readme
======
oarsinsync
> WhatsApp - WhatsApp feature means some encrypted messages could be read by
> third party.

> Alternatives:

> Signal - Uses Signal Protocol.

Pretty sure both WhatsApp and Signal both use the Signal's crypto for
encryption, and both "suffer" from the same "design defect" / "usability
improvement".

That said, I still think WhatsApp only encrypts text messages E2E, and doesn't
bother for videos/photos/anything else, based on how efficiently it forwards
videos compares to sending them for the first time (accounting for video
conversion time), so I'd still put WhatsApp in the bad list, but not for that
reason.

Being owned by Facebook is enough of a good reason in itself at this point
too, mind.

EDIT: Just read through the full list. This is superb. Thank you for putting
this together!

EDIT AGAIN: Just read through some of the comments, Iridium in particular is
what got my attention as awesome, prior to learning that it's not been updated
in 5 months, which is beyond dangerous given the number of security fixes that
will have come out in that timeframe. Sad times :-(

~~~
nikivi
I removed Iridium from the list. You are right, 5 months is too long for no
updates in a browser.

Also I agree with you on WhatsApp. I mention now that it does use Signal
protocol. However WhatsApp sends user's entire contact books to their servers
as well as them logging all the metadata around messages which is very
revealing.

~~~
pasbesoin
Sometime in the past year, a contact required that I sign up for WhatsApp. At
least on Android mobile, I didn't find how one could complete the sign up
without giving them access to one's Android/Google contact db.

------
udp
"You are the product" seems a bit strong for Dropbox. Pretty sure Dropbox is
the product and I pay for it.

Same goes for Siri AFAIK - I don't personally have any use for it, but it's a
feature of the iPhone that you pay for and isn't ad/targeted ad supported.

~~~
nikivi
You are right. I have changed it.

------
gruez
It's ironic how the term for non privacy respecting services is "You are the
product", but the same is true for half the alternatives. Are you somehow not
the product for DuckDuckGo? Are they operating as some sort of non-profit or
charging a fee to use them?

Also, the last update for iridum (one of your browser recommendations) was
over 5 months ago. That's dangerously out of date for something as exposed as
a web browser.

> \- Windows - [Microsoft shares Windows 10 telemetry data with third
> parties]([https://betanews.com/2016/11/24/microsoft-shares-
> windows-10-...](https://betanews.com/2016/11/24/microsoft-shares-
> windows-10-telemetry-data-with-third-parties/)).

In the citation:

>Update: Microsoft says that the deal with FireEye doesn't involve the sharing
of telemetry data.

Maybe fully check through your sources next time?

~~~
carapace
> Are you somehow not the product for DuckDuckGo? Are they operating as some
> sort of non-profit or charging a fee to use them?

[https://www.quora.com/How-does-DuckDuckGo-make-
money](https://www.quora.com/How-does-DuckDuckGo-make-money)

~~~
gruez
They're still showing you advertisements. You (or your eyeballs) are still the
product to advertisers. Not tracking you doesn't somehow negate that.

------
mobitar
Standard Notes for private, encrypted notes :) (Alternative to Evernote I work
on) [https://standardnotes.org](https://standardnotes.org)

~~~
vongomben
Also tagspaces it is an interesting evernote alternative

------
sandyapple
Needs an explanation of the vetting process or standards required for
inclusion.

~~~
nikivi
I agree. Currently each of the entries links to some 'proof' on why the
service is either privacy respecting or privacy breaching.

But I am open to ideas on how to improve the list.

~~~
udp
_> I am open to ideas on how to improve the list._

You could start by making _all_ of the entries link to some 'proof' on why the
service is either privacy respecting or privacy breaching.

------
ekianjo
It's a good effort, but it is lacking in many places. For example OS does not
list FreeBSD and many other alternatives that still exist on the market. And
"Linux" is not an OS, it is a kernel (and you even refer to it as such) so
you'd rather talk about distributions of Linux as full OS replacements
(Ubuntu, Debian, OpenSUSE, Solus, etc...).

On top of that, some alternatives require significant efforts to set up and
you should order them by technical level and resources required.

You should also include the license of each solution proposed.

Note that self hosted software is already compiled in a much more extensive
list:

[https://github.com/Kickball/awesome-
selfhosted](https://github.com/Kickball/awesome-selfhosted)

~~~
solarkraft
But "Linux compatibility" describes the binary format and that's what I care
about: Whether it's runnable on my Linux- _based_ operating system.

------
zackelan
I've been very happy with Wallabag as a Pocket / Instapaper replacement. Self-
hostable, with an option to pay 9 EUR/year for a hosted version.

------
squarefoot
What about spam on non Gmail free accounts? Google might violate users privacy
in multiple ways, but one thing they do well is fighting spam. I'd like to get
rid of Gmail for a free service or a paid web+mail space to build one day a
very small blog (suggestions?) at some trusted vendor, but I fear having to
fiddle with spam like I had to do every day about 15 years ago, training my
firewall antispam filters (ipcop IIRC) every single day to get in the end a
decent detection ratio, though still not comparable with Google.

~~~
craftyguy
Don't use free email accounts. There are services you can get (e.g.
mailbox.org) that are cheap, and have decent spam filtering.

------
wukerplank
I'm wondering about Signal. They also harvest the phone number at signup. A
_very_ private information I'm not very keen on sharing.

------
4ad
There's bad stuff like Telegram and the Tor browser bundle in the alternatives
section. I feel that's somewhat misleading and possibly dangerous to someone
not tech savvy enough to do his own vetting.

I like these kinds of list, though, as I sometimes I learn about things I
didn't know existed.

~~~
zaphod4prez
What is wrong with Tor?? And Telegram? I don't know much about telegram but am
very surprised to hear Tor described as "bad stuff." And my (admittedly
amateur) understanding was that Tor Browser Bundle was a perfectly good way to
run Tor (though of course not as secure as running Tor on a separate secure
OS).

~~~
4ad
[https://news.ycombinator.com/item?id=15735789](https://news.ycombinator.com/item?id=15735789)

[https://news.ycombinator.com/item?id=13798275](https://news.ycombinator.com/item?id=13798275)

~~~
mikaslanche
Both of these links are about Tor. Do you have any of those about Telegram?
I've been using it for 2 or 3 years now and I think it's great.

I will be so sad if it's as bad as Whatsapp in privacy department :(

~~~
theyinwhy
Telegram is using non encrypted chats by default and does not have e2e
encryption for group chats which is just unacceptable in this day and age.

~~~
mikaslanche
I don't get it...

From here [https://telegram.org/faq#q-how-are-secret-chats-
different](https://telegram.org/faq#q-how-are-secret-chats-different)

""" Q: Why not just make all chats ‘secret’? All Telegram messages are always
securely encrypted. Messages in Secret Chats use client-client encryption,
while Cloud Chats use client-server/server-client encryption and are stored
encrypted in the Telegram Cloud (more here). This enables your cloud messages
to be both secure and immediately accessible from any of your devices – even
if you lose your device altogether. """

They claim that it's encrypted, but that uses a different kind of encryption.

Maybe this has changed recently?

~~~
theyinwhy
The text is saying that only secret chats offer end 2 end encryption. With e2e
encryption the message can only be read by the original sender and the
receiver specified by the sender.

The quality of the text is btw very questionable and dubious as e2e encryption
has nothing todo with where the message is stored. See email where your gpg
encrypted message is stored on a lot of systems on its way to reach its final
destination. This text makes me distrust Telegram even more, thank you for
sharing this!

------
eeZah7Ux
There was already
[https://wiki.debian.org/FreedomBox/LeavingTheCloud](https://wiki.debian.org/FreedomBox/LeavingTheCloud)

------
mikaslanche
What are your thoughts about macOS? I noticed it isn't listed in neither "you
are the product" and "alternatives".

~~~
nikivi
I added it now to Alternatives. Because of Apple privacy stance
([https://www.apple.com/lae/privacy/](https://www.apple.com/lae/privacy/)).

~~~
asclepi
In that case, also consider adding iMessage to the Messengers section.

------
nimbius
sounds like: [https://prism-break.org/en/](https://prism-break.org/en/)

~~~
kevingrahl
That seems to be linked on that site.

------
devit
Here's an exhaustive list:

1\. localhost (depending on your OS)

