The Tin-Foil-Hat List

A list of privacy-respecting alternatives to apps and services that track you around.

First and foremost, understand that the point of this list is to improve your privacy, and not to make you "disappear" online. If you're exposed to a higher threat model, you should look elsewhere, like: privacytools.io or /r/privacy to name a few.

Anyway, as you're likely aware, tech giants like Google, Facebook, Amazon and many others follow you around the web and use your data to profile, lock you into a "Filter Bubble", and worst of all, sell all your moves to advertisers and other third-parties.

In the following list, you'll find a few privacy-respecting alternatives to services, apps and devices I use the most. Most of them are open source, or at the very least companies that have my personal trust.

It's worth reminding: Choose whatever suits you better and consider your options, because there’s no warranty here. If it breaks, you get to keep both parts. ?

Chapters

1. Google Chrome

   1.1. Mozilla Firefox

   1.2. Brave

   1.3. DNS Level ad blocking

2. DNS Resolver

3. VPN

4. Google Search

5. YouTube

6. Gmail

7. Dropbox

   7.1. Clients

   7.2. Alternatives

8. News Aggregators (Feedly, Flipboard, Twitter, etc)

Google Chrome

Mozilla Firefox →

With a few tweaks and extensions, Firefox is known as one of the most secure web browsers.

Recommended Extensions and Tweaks

• uBlock Origin: Block Ads and Trackers.
• Privacy Badger: Some extra protection to uBlock Origin.
• HTTPS Everywhere: Encrypts your communications with many websites, making your browsing more secure.
• Cookie AutoDelete: Automatically delete cookies. Highly customizable to your needs.
• Firefox Multi-Account Containers: Firefox Multi-Account Containers lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Which means, if you really want to keep using Facebook for example (but you shouldn't!), you can at least isolate it from your normal browsing.

Brave →

Brave automatically block ads and trackers, has built-in support for HTTPS Everywhere and fingerprinting protection.

Recommended Extensions

Brave is built on top of Chromium, so it supports extensions too. You should be able to find some of the extensions—or at least good alternatives to the ones I listed in the Mozilla Firefox section.

Bonus: DNS Level Ad Blocking

This is something I really recommend you invest your money and time on. Why? Because it will protect all your devices on your network, especially those you cannot install extensions or tweaks, like your Smart TV, Streaming Boxes, Smart Speakers, Smart Fridges (lol), etc.

There are mainly 2 options I recommend:

1. Buy a Raspberry Pi if you don't have one already laying around, and install Pi-Hole on it. It only requires a few commands to get it running.

2. If you want to save the trouble from messing around with code and maintaining everything up-to-date, subscribe to NextDNS. It's basically a Pi-hole in the Cloud, with a ton more of features — that's what I use BUT it goes without saying you'll be trusting a third-party here.

DNS Resolver

From Pi-hole's documentation:

Recently, more and more small (and not so small) DNS upstream providers have appeared on the market, advertising free and private DNS service, but how can you know that they keep their promises? Right, you can't.

Furthermore, from the point of an attacker, the DNS servers of larger providers are very worthwhile targets, as they only need to poison one DNS server, but millions of users might be affected. Instead of your bank's actual IP address, you could be sent to a phishing site hosted on some island. This scenario has already happened and it isn't unlikely to happen again...

When you operate your own (tiny) recursive DNS server, then the likeliness of getting affected by such an attack is greatly reduced.

Basically, when you type a URL in your browser (e.g. example.com) and then hit return, your DNS resolver will essentially try to figure out a few things:

• Who is handling .com?
  • The root server answers with a referral to the TLD servers for .com.
• Then, your recursive server will send a query to one of the TLD DNS servers for .com and ask: Who is handling example.com?
  • From there, the authoritative server will answer with the IP address of the domain example.com.

All of this happens in just a fraction of a second.

With Unbound, you can run your own validating, recursive, and caching DNS resolver locally in your Raspberry Pi, and alongside Pi-Hole. It's a great alternative to your ISP or a third-party resolver like Cloudflare's 1.1.1.1.

• Installation guide →

VPN

Even after setting up some ad blockers, extensions and taking the other privacy measures, companies and your own ISP can still snoop on your traffic.

Though, about your ISP, they might very well be your worst enemy depending on where you live: They know all yours steps and many also sell your stuff to advertisers and who knows what else. For instance, this is a common and regulated practice in the U.S. Go figure…

And that's where a good VPN comes in for help. VPNs are mainly used to circumvent geo-restrictions and censorship, but another benefit of using them is that you'll be assigned a shared IP, so the websites you visit cannot see your real and private IP. By doing that, profiling you becomes significantly harder.

Choosing a good VPN is all about trust. Although some of them are audited, you cannot be 100% sure that they will not log your activity, even if they explicitly say they won't. And at the end of the day, you'll be basically trading a party (your ISP) by another (a VPN service)—it's up to you to decide who you trust the most and what you're trying to protect yourself from.

One very valuable advice: DO NEVER use a free VPN service. The chances they will mine your data the way it pleases is higher than you can imagine. In fact, if you were to use a free VPN, I'd just say you'd be better off not using anything.

The following are considered respectable services that have a solid reputation:

• Mullvad: You don't even need to create an account with them, all you'll get is an account number and nothing else. They claim not to log your activity and offer several payment options.
• ProtonVPN: Built by the Protonmail team. Highly recommended too.

For a comprehensive list of other VPN services, take a good look at That One Privacy Site.

Google Search

There are many alternatives out there but my two favorites are:

• DuckDuckGo: Integrates with most desktop and mobile browsers, offers some very handy shortcuts (a.k.a. !Bang), and best of all, you get unbiased results outside the "Filter Bubble" since they don't keep records of your past searches.
• Startpage: A solid alternative too if you can't get used to DuckDuckGo's results. Startmail displays Google Search results but act as a middle-man between you and Google, which means the latter cannot directly interact with you. Bonus points: They're based in Europe, where privacy laws are taken more seriously.

YouTube

Youtube is a tricky one to be replaced, and its alternatives are not great. Still, there's a way to a improve things a bit by using a third-party client.

~Invidio.us is an open source front-end to YouTube with playlists support, ability to download videos, and no ads or trackers (mostly). I say mostly because Google will still log your IP address while you watch a video, since they will still come from their server.~ **edit: Deprecated, you may find some instances live but this project is slowly phasing out :(

Gmail

If you asked me a few years back, I'd blindly suggest Fastmail as it's the most user friendly email provider you can find while compared to Gmail but… Australia approved this bill that allows the government to demand tech companies to create a back door to users’ data, so yeah… No-no.

Thankfully, there are many alternatives but I'm not going through each of the following services because it really depends on what exactly you need feature-wise and the level of security you're looking for (as secure as an email can be anyway). Comparing features and limitations is my best advice here. E.g. Some providers support the IMAP protocol, others you have to stick to their own apps for enhanced security; Some you have to stick to their domain names, and others you can use your own.

• Protonmail →
• Tutanota →
• Mailfence →
• Posteo →
• StartMail →

Dropbox

This is a complicated topic depending on what you do for a living, as your company may require you to use Dropbox. So I'll split this section in two:

Clients

• Transmit (Mac): For a long time I've been using Panic's Transmit as a Dropbox file browser. Files are kept remotely, and you can open and save them on demand.
• Dropbox (Web): Alternatively, you can also use the web version of Dropbox. It's decent, but inconvient as you'll have to download and upload your files manually.

Alternatives

• NextCloud: A full-featured Dropbox replacement with a handful number of extensions to install. Specific folders can be end-to-end encrypted, they support for CalDav/CardDav, so you can sync your Contacts and Calendars to any of your devices, and even run your server locally.
• Syncthing: If all you need is a simple way to sync files between devices or colleagues, this is a very lightweight solution that I couldn't recommend enough.

News Aggregators (Feedly, Flipboard, Twitter, etc)

I know it's too tempting to use any of these services as a way to consume your news, but they're generally aggressive at building a profile based on what you click and interact to. Aside from that, these apps are pretty good at keeping you on a "Filter Bubble" by sorting entries by whatever the machine learning thinks you'll like better. A good old-fashioned RSS service is usually a fantastic antidote to that.

• Feedbin: You can subscribe not only to RSS feeds, but also Twitter accounts and email newsletters. On top of that, there are options to set up mute filters based on keywords, so matched entries will be automatically marked as read (ahem Trump, Kardashian, Bieber, Pancakes?). Feedbin works with a bunch of mobile and desktop apps, and their web interface is very well designed too.
• Tiny Tiny RSS: It's also a solid alternative if you want to run your own RSS aggregator. It supports the Fever API, making it possible to use with many third party apps like Unread and Reeder for iOS.