cross-posted from: https://lemmy.ml/post/20306561

Hi everyone! For... I guess over a year now? I've been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I've been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you!

I'm also looking for feedback. I haven't tried all the software on that list, and I'm sure there's software I've never heard of that needs added. I'm looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements.

Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees.

The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help!

My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback!

Thank you all for reading and taking the time to look through my list!

Hi everyone! For... I guess over a year now? I've been observing and trying out lots of software recommended by the privacy community and internet as a whole. With that time, I've been able to slowly put together a list of all the software I personally believe to be the best for their own various reasons. I finally have enough to be able to share it with all of you!

I'm also looking for feedback. I haven't tried all the software on that list, and I'm sure there's software I've never heard of that needs added. I'm looking for your feedback on what you think should be added, removed, or changed. That includes the list itself, if you think there are any design improvements.

Do note: Any software marked with a ⭐️ I am not looking for feedback on. This is software that I firmly believe is the best of the best in its category, and likely will not be changed. However, if there is a major issue with the software that you can provide direct proof of, then there is a chance it will be changed in the next release. There are no grantees.

The sections marked with ℹ️ are lacking, and can use your help! Some software there may not be the best one, or may have many software or sections missing. I am absolutely looking for help and feedback here, and would love your help!

My goal with this project is to help people find the best software from many standpoints, and to prove that there really are good open source alternatives for almost anything! I hope this helps someone, and I look forward to your feedback!

Thank you all for reading and taking the time to look through my list!

The codenames for every major Debian release are named after characters from Pixar's Toy Story franchise. Debian's unstable release is fittingly named after Sid, an unstable character from the Toy Story movies.

I am in the process of moving away from Spotify by downloading my music offline. The files vary in types (.webm, .m4a, etc.), and I would like a way to sort them into playlists on Android. What are your suggestions?

It is truly upsetting to see how few people use password managers. I have witnessed people who always use the same password (and even tell me what it is), people who try to login to accounts but constantly can't remember which credentials they used, people who store all of their passwords on a text file on their desktop, people who use a password manager but store the master password on Discord, entire tech sectors in companies locked to LastPass, and so much more. One person even told me they were upset that websites wouldn't tell you password requirements after you create your account, and so they screenshot the requirements every time so they could remember which characters to add to their reused password.

Use a password manager. Whatever solution you think you can come up with is most likely not secure. Computers store a lot of temporary files in places you might not even know how to check, so don't just stick it in a text file. Use a properly made password manager, such as Bitwarden or KeePassXC. They're not going to steal your passwords. Store your master password in a safe place or use a passphrase that you can remember. Even using your browser's password storage is better than nothing. Don't reuse passwords, use long randomly generated ones.

It's free, it's convenient, it takes a few minutes to set up, and its a massive boost in security. No needing to remember passwords. No needing to come up with new passwords. No manually typing passwords. I know I'm preaching to the choir, but if even one of you decides to use a password manager after this then it's an easy win.

Please, don't wait. If you aren't using a password manager right now, take a few minutes. You'll thank yourself later.

A while ago I reached a point in my privacy journey where I simply felt bored. It's not a result of going too far in privacy, but simply my threat model has caused me to let go of a lot of things that used to entertain me (games, movie streaming, short form video, etc.) The entertainment landscape in privacy seems pretty bleak, since you no longer own the movies you watch, the games you play, and lots of proprietary software along the way. I entertain myself through FreeTube, physical copies of movies, and offline installations of games like Minecraft, but it's still a step down from how it used to be.

What do you do to keep yourselves entertained in a privacy conscious way?

I was researching WebMail providers, and noticed that most WebMail providers recommended in privacy communities are labelled as proprietary by AlternativeTo.

I made a list of WebMail providers, private or not, to see which ones were actually open source:

Proprietary

AOL Mail: Free

Cock.li: Free

CounterMail: Paid

Fastmail: Paid

GMX Mail: Free

Gmail: Free

HEY Email: Paid

Hushmail: Paid

iCloud Mail: Free

Mail.com: Free

Mailbox.org: Paid

Mailfence: Freemium

Outlook.com: Freemium

Posteo: Paid

Rediffmail: Paid

Riseup: Free

Runbox: Paid

Soverin: Paid

StartMail: Paid

Yahoo! Mail: Freemium

Yandex Mail: Freemium

Zoho Mail: Freemium

Open source

Criptext: Free

Disroot: Free

Forward Email: Freemium

Infomaniak kMail: Freemium

Kolab Now: Paid

Lavabit: Paid

~~Mailpile: Free~~

Proton Mail: Freemium

~~Roundcube: Free~~

Skiff/Notion: Freemium

Tuta: Freemium

Unless I'm missing something, it seems like people overlook this when deciding on WebMail providers. Is it a distinction between a proprietary backend server and a proprietary app, or is there a different way to decide if a WebMail provider is proprietary vs. open source? Lavabit was labelled proprietary by AlternativeTo, but open source by Wikipedia.

Note

If I have labelled an open source WebMail provider as proprietary by mistake, please provide evidence by linking to the source code, and I will happily change it.

I'm looking for a way to have a private method for Tap to Pay on GrapheneOS. Ideally I would like compatibility with privacy.com, and if possible have the option for Monero. I don't mind going through an exhaustive setup process. What are my options?

Edit: The point of this is not for convenience, I am trying to avoid using my standard credit/debit card to provide privacy against my bank by using privacy.com or Monero when cash is unavailable.

9 months ago, Raivo OTP for iOS was sold to Mobime. Raivo was hailed highly in terms of privacy, but was dethroned to 2FAS Auth after that incident. Today, Raivo launched an update, and after updating all of my entries were completely wiped. I didn't have a backup, but even if I did you now have to pay in order to import/export TOTP codes. No thank you.

If you haven't already, create a backup right now for all of your 2FA apps, even if you think it won't break.

I never want to get a smart TV, but I found this exact TV (Toshiba FireTV) on the side of the road and decided it would be a fun project to try enhancing its privacy as much as I can. It did not come with the remote or any other accessories besides the TV, so if there is any way to pair an iPhone/Pixel as a remote that would also be good. Is there any way to replace the software with something open source, and anything else I can try?

Thank you all!

This is half a decade old news, but I only found this out myself after it accidentally came up in conversation at the DMV. The worker would not have informed me if it hadn't come into conversation. Every DMV photo in the United States is being used for AI facial recognition, and nobody has talked about it for years. This is especially concerning given that citizens are recently being required to update their ID to a "Real ID," which means more people than ever before are giving away the rights to their own face.

The biggest problem with privacy issues is that people talk about it for a while, but more often than not nothing ever happens to fix the problem, it simply gets forgotten. For example, in the next few years Copilot will simply become a part of people's lives, and people will slowly stop talking about the privacy implications. What can we even do to fight the privacy practices of giants?

In an effort to increase my privacy, I decided to buy a Pixel phone second hand to use with GrapheneOS. Due to some miscommunications, the phone ended up being carrier locked with T-Mobile. GrapheneOS's own website advises against buying carrier locked phones in order to avoid the hassle of carrier unlocking it.

I assumed that even if the support staff was unaware about OEM unlocking, I would at least be able to fairly effortlessly get the device carrier unlocked because it was bought second hand. My first call was to the T-Mobile support center, and the representative wanted the phone number of the device in order to unlock it. The device had no phone number, so we instead tried the IMEI. I was told that the IMEI was invalid because it was not the correct number of characters, and was told that there was nothing they could do without physical access to the device. As expected, the representative had never heard of OEM unlocking.

My next stop was at a T-Mobile store, to seek help there. The staff member there was very helpful and, despite not knowing what OEM unlocking was, was very aware of how to handle the situation regardless. He made a call to T-Mobile support (which has a different process if you are a staff member) and explained the situation to them.

Here is where things get interesting: T-Mobile had the ability to carrier unlock the phone, and had enough information to prove the device was mine, but refused to carrier unlock it because it has to be done by the original account holder. They wouldn't give any information about how to contact the original account holder, which is reasonable.

The in-person representative told me that if I was able to find a phone number linked with the original account holder that they would be able to do more, but after trying for over an hour to find any contact information with the seller, I couldn't find anything.

The in-person representative decided to try calling support one more time, and even went out of his way to try lying to the support team on my behalf, just to see what could be done.

After hanging up the phone, he told me that T-Mobile gave me 2 options:

1. Return the device entirely and buy a different one
2. Pay for T-Mobile for an entire year AND pay a $100 service fee

That's like telling someone they have to pay a year of rent before they can even step foot in a house they already paid for, and then pay $100 to get the doors unlocked. I knew it would be a bit of a process to get it carrier unlocked, but I didn't realize it would take me four hours to be told I had to pay T-Mobile for a year to be able to access a device I paid for.

I even tried using T-Mobile's own app to unlock the device, but the app is not functional as many reviewers have also noted.

Thankfully the seller accepted free returns, so the story has a happy ending, but any consideration of buying a carrier locked phone before has since evaporated.

It is truly dystopian how we live in a world where companies are allowed to get away with stuff like that, and yet people still give away their money and freedom to these companies.