We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please ask on our forum and don’t assume we didn’t consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
I may be being overly pedantic here but that statement, whilst I don’t doubt its good intent, always reads to me like a bit of a get out of jail free card.
I’m not sure how much weight you can place on a recommendation when the full criteria isn’t know and can be changed on a whim. And yes, I’m aware I can browse the forum, ask and see for myself but I’m not sure your average user is going to feel confident enough to do that.
Disclaimer: not a security expert at all, just a working knowledge. However, what I read 18 months or so after reading that github thread was enough to reassure me.
A recent PG forum thread is discussing it. PG deemed it not secure enough almost three years ago, based on solid reasoning.
However, that was three years ago and the product has altered dramatically. I just don’t think it’s been resuggested/evaluated since then.
PG forum users (and PG itself) are pretty inconsistent with how they judge stuff. Not trusting one company (Filen) because there were issues three years ago (and are now, as I understand it, fully addressed) but totally trusting another company (Brave browser) despite repeated actions that erode trust is odd behaviour.
I’m a filen user myself, just in the interests of full disclosure.
When I went to trade school in 2010 for automotive repair our instructors told us this was going to happen. At the time, I thought they were just grumpy old men who didn’t like that cars were becoming more and more electronic. How wrong I was
I’m In the need of an offline calendar and gallery now that simplemobiletools got sold off
This doesn’t sound reasonable. Why can’t you keep using existing apps? Are they underdeveloped and you’re waiting for some features? If so, it’d be helpful to see what these features are in order to suggest a suitable replacement.
Im not a big crypto person, but ive owned some in the past.
Isnt any reputable wallet pretty much the same? From my understanding, especially when using something like monero, the privacy falls apart at the exchange, not the wallet.
Most people use custodial wallets (they don’t really hold the coins) and multiple wallets have had hacks (or ““hacks””) where a lot of user funds were stolen.
I personally like
Electrum for Bitcoin
Feather for Monero
Guarda for Ethereum based coins because it allows you to generate a new address each time.
You’re right. Use a centralized exchange (CEX), and you’ll be KYCed and de-anonymized. That’s why most privacy-coin users prefer DEX. For normal persons, if privacy is important, using anonymous gift cards or prepaid credit cards, which you can easily buy without ID, is more practical, much better than KYC’ed crypto.
If you can somehow get KYC-free coin, maybe from DEX, i.e. if you can get it personally from your friend or peer without showing ID etc., then and only then, you have real private crypto. There are two popular ways for this (Bisq and LocalMonero). Another option called Haveno is hopefully usable soon, but that is still iffy.
Using DEX is not essentially difficult, much safer than you might imagine due to a mechanism called multisig, but maybe this option is not for normal people. When you feel experimental, you might want to try to buy a small amount via DEX, to see what it’s like. If you’re a popular programmer or artist, accepting donations in crypto is also an easy way to get no-KYC coin. Another option is p2pooling—you can get a few Euro worth of XMR relatively easily; yet this last option is time-consuming and not very effective. Many of p2pool users or full-node people are privacy-advocating volunteers, maintaining/participating the Monero network for philosophical reasons, fully aware it’s not profitable in terms of money. This might be part of the reason why Monero tx fees are almost zero (like 1/100 of that of BTC). At the same time, there are many sketchy people around crypto too 😟 Be careful and stay safe!
Let’s say I’m selling you a book B and accepting a crypto payment. What if you sent me your crypto C trusting me, but I exit-scammed, vanishing without sending you B you’re trying to buy? That’d be bad. But what if I sent you B first, trusting you’ll send me C as soon as you receive B? Now you could cheat and vanish without paying. That’d be bad too.
To prevent any of those things from happening, there are a few methods. One is a 2-of-3 escrow service. Another is 2-of-2. Both based on multisig. A simplified example follows.
The book costs you 100€. You’ll send, say, 200€ to address A controlled by both you and me via multi-signature. I too will send 100€ to A. Now Wallet A has 300€. When 2 persons (you and I) sign, there will be a 2-output transaction from A to you (100€) and to me (200€), but any single person can’t move fund from A. That’s multisig.
Now I must send you the book in a good condition, because I don’t want to lose my 100€. So I’ll act carefully and honestly, and sign when I ship the book. You too will be willing to sign when you receive the book, because otherwise you can’t retrieve your 100€ (you deposited 200, when the book only costs 100). Sometimes an unexpected accident may happen, but usually something like this will work pretty well. This is one way how a P2P platform works (not very accurate, but I hope you get the idea).
I speak under correction, but I believe that whilst yes adding any add-on can potentially alter your fingerprint, it’s also true that a site has to test for the presence of that particular add-on you’ve added. I don’t believe there’s a way to test generally for the presence of add-ons and report back which add-ons a visitor is using.
For me, no. I used it for several years but their linux support is not good enough for me. The linux vpn client depends on networkmanager, but I use iwd, so I was sol (loading wireguard profiles is not a good enough solution, too much of a hastle). They also don’t support ipv6 for vpn. Their linux email client doesn’t exist, and on android their app depends on google play services and they refuse to put a degoogled version on fdroid or host their own fdroid repo.
i switched to mullvad for vpn (linux app works great, they have ipv6, and since I don’t use vpn that often I save money on the months I don’t use it) and tuta for email (they have a decent email app on linux and android, works great without google play services and is on fdroid, and their servers use green energy)
for pass, I’ve used keepass with syncthing and keepassxc on linux and keepassdx on android so proton pass wasn’t a bonus for me anyways
The VPN is decent enough. The new linux app is decent enough as well. The best privacy-respecting VPNs are $5 a month anyway.
Mail is great, Calendar is solid and great for my needs. Though I would much prefer calendar integration with Thunderbird.
Drive is new and underbaked, but it is improving. Once it gets a Linux client and Auto photo upload I’ll be happy.
Proton Pass is solid and I like having passwords and 2FA wrapped into one.
I am also grandfathered in for the $6.60/month for 24 months plan. For that price and combination of services (And even at $8/month) it cannot be beat.
I had the unlimited plan for a few months but downgraded only to the mail plan, that way I can try different providers for VPN, Drive, and password manager.
For password manager I’ve had Bitwarden for years now and it works great for me. VPN currently with AirVPN because of easy port forwarding, and drive with Nextcloud self hosted because I can, and also works fine for me.
Can’t answer, really.
i’m ok with Tutanota for mail, although Proton does have an .onion address whereas Tutanota does not.
Bitwarden for passwords.
No VPN but i’d go for IVPN.
privacyguides
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.