Recommended software and hardware for privacy and security

Home Auditing closed-source software Setting Up and Hardening Windows 11 Setting Up and Hardening Windows 10

Of relevancy: Asus Vivobook X515JA review FORCED UPGRADE PREVENTION: Microsoft Windows 11 - Forced Upgrade Scheme

Alternatives to Google Chrome/Brave/Safari

Naver Whale - offers a zero-Google experience with the Chromium browser underneath, offers a plethora of quality-of-usage improvements (such as automatic website translation. Availible for Windows, Linux, OSX (macOS, apparently), Android, and iOS*. Download Naver Whale.

Mozilla Firefox/GNU IceCat/other FOSS variants - better modifiability, can be easily hardened, but does by default set Google Search as the default search engine, and communicate with American servers. Availible on Windows, Linux (most FOSS variants are Linux-only), OSX, Android, and iOS*. Download Mozilla Firefox. Download GNU IceCat for Linux-based systems.

Stock Chromium - 100% stock Chromium, a fork with Google services actively blocked is availible. Availible on Windows, Linux, OSX, and Android. Download Chromium.

Samsung Internet - modified version of mobile Chromium, by default is not private, but offers great security enhancements, extensions, and even more features if you use a Samsung smartphone (such as a keyboard that can't even pull from the dictionary, and enhanced "Knox" security). Availible for Android (preinstalled on all Samsung Android devices). Download Samsung Internet.

Bromite - ADVISORY: Bromite has not had a security patch since December of 2022. Do not use Bromite for any sensitive tasks (i.e. banking, e-mail, or other 'secured' activities). Modified version of Chromium, has many privacy and usability enhancements, and is one of the fastest browsers I've tested. Availible for Android. Download Bromite.

*Why the asterisk by iOS? All web browsers on iOS are just reskinned WebKit wrappers, much like Safari itself is. Therefore, there is nothing to gain aside from basic sync functionality, UI changes (which can be beneficial for some users, for example, those with disabilities), and extra storage space consumed. If you want browser choice, Android is the only viable route. However, if you must use iOS, then I recommend installing Orion, which does allow for the installation of Mozilla Firefox and Chromium extensions, such as UBlock Origin.

Alternatives to Whatsapp/Facebook Messenger/whatever spyware IM the kids are using now

Telegram Messenger - a relatively private option, with a 2GB file upload limit (important with larger images and videos), also insanely popular with furries for some reason. The first party client supports Windows, Linux, OSX, Android, and iOS, however, many third party clients (such as Nekogram) also exist for various platforms, an official web client exists, which functions best on desktop browsers. Sign up for/download Telegram.

Signal - a by-default E2EE (end-to-end-encrypted) messaging service, which in spite of being based in the USA has previously provided the minimal data it has, which is not enough to identify a user, normally American services turn over everything they know about you, your neighbor, your mother, and your father's mistress (to name a few); however, Signal lacks a username-type application (to compare, Telegram allows you to use your cell phone number for identifying yourself to known individuals, while allowing you to use a screenname "@" to communicate in channels, with unvetted individuals, and in groupchats), instead, they mandate the use of a cell phone number (which Telegram only requires for user sign-up) as both your 2FA for signing up, and your way of communicating with other Signal users. In spite of this, Signal is still one of the better options, with clients for Windows, Linux, OSX, Android, and iOS. Sign up for/download Signal.

KakaoTalk - For non-Koreans, this is a good option, since Korea's government pulls comparatively (to the USA, PRC, or Russia) little weight in the global legal sphere. Additionally, Kakao/Daum seems non-intent on scanning foreign user's messages in non-secret chats for adult (18/19+) pornography (pornography is illegal in the Republic of Korea). As an advantage over Signal, KakaoTalk (much like Telegram) does allow you to use either a screename or telephone number (a telephone number is required for signing up and logging in). Availible for Windows, OSX, Android, and iOS. Sign up for/download KakaoTalk.

Tox - Possibly the least palletable of the bunch, it is peer-to-peer (mitigating possible outages that aren't caused by either user's internet service provider. I'm looking at you, Discord.), and E2EE. Users are not bound by accounts stored on servers, though, they are bound by locally generated and stored user IDs, only once you're logged in does it display actual screennames. No "official" client exists, but several are recommended by the developers; I personally recommend qTox, since it is the most universal of the recommended clients. Download a Tox client.

Alternatives to Google Search

DuckDuckGo - the "defacto" replacement for most. Although, I have my personal gripes with it, such as using Apple Maps instead of OpenStreetMap, being partially dependent on Bing's index, and downranking results that they don't agree with politically. I get it. I hate Russian propaganda as well, but much like hate speech laws, censorship of one thing is a slippery slope towards becoming the next Google. However, DDG does have rather consistent results, a website for low-bandwidth connections, and Bangs, which supposedly allow you to search on sites like Google, Yahoo, and Amazon more privately. DuckDuckGo.

Naver - a popular Korean search engine with zero interest in surveilling western users, however, English results beyond translations (into Korean) and simple searches net virtually nothing. If it is of relevancy to you, Naver does not censor inherently hateful results, but in compliance with laws in the ROK, pornography is censored. NAVER.

Daum - a less popular Korean search engine, again, pornography is censored, zero interest in surveilling western users, English results sometimes are useless. Daum.

Alternatives to Microsoft Office/Google GSuite

LibreOffice - comes preinstalled on many Linux OSes, supports Windows, Linux, and OSX. This is probably the most full-featured and stable alternative; it also handles Office documents (*.DOCX, *.PPTX, *.XLSX) with minimal formatting issues, and opening Office documents created in LibreOffice have zero issues being parsed by Microsoft Office (tested in Office 1997, 2003, 2007, and 2016). Download LibreOffice.

OpenOffice - debatably a predecessor to LibreOffice, although it is still supported. Functions roughly the same in all aspects. Supports Windows, Linux, and OSX. Download OpenOffice.

Hardware alternatives: smartphones

LG - in spite of being dead, LG is apparently pushing updates to some newer models, however, newer LG devices are/were increasingly dependent on Google services out of the box. Overall, I recommend.

Xiaomi/Redmi - if you live in a country where these devices will work, and you can obtain and flash either a Chinese MIUI ROM (and debloat it) or a 3rd party ROM withaout Google services (GApps from hereafter), you can get a relatively private experience.

Huawei/Honor - I strongly recommend this, if you live in a market where these will work, a Huawei will likely be a better option, due to the lack of GApps. I am hesitant to recommend Honor, since those devices are identical and ship with GApps. Newer Huawei devices ship with HarmonyOS, which effectively functions as a black-box, similar to iOS. Honor is now owned by a Chinese government enterprise.

OnePlus/Oppo/Realme - I also recommend this, provided that you can debloat the ROMs. UPDATE: 06/15/2022 - OxygenOS 12 (used on OnePlus devices OUTSIDE of China) includes invasive, non circumventable telemetry, including, but not limited to: forced communication with OnePlus servers, and the ability to block network connections for applications OUT OF THE BOX has been removed. DO NOT ADVISE.

Google Pixel/Nexus - only recommended if you intend to flash a ROM such as GrapheneOS, as the stock ROMs are 100% Google-developed.

Samsung Galaxy - generally a no-go without intense hardening, however, if you intend to use a Korean "ecosystem" (the Samsung ecosystem), Samsungs remain a more private option.

Motorola - provided that you can debloat, Motorolas are a good option, since out of the box they are loaded with Google junk.

TCL/Alcatel - effectively stock Android with a light (iOS-like) skin (TCL UI). In the USA, TCL/Alcatel devices may be sold by cellular carriers with added bloatware.

For hardening/debloating Androids, I advise using this script (you will need ADB for this). I also advise reading this guide for what to remove/install for enhanced usability, security, and privacy.

Why not iOS? - Because iOS is ultimately an unmodifiable walled garden, complete with 1984-like scanning technology. This can easily be circumvented by using an Android device with a privacy-respecting or no cloud service.

Privacy-respecting software keyboards for Android

Simple Keyboard - appears to be based on the AOSP keyboard. Lacks autocorrect, autocapitalization (except for the first letter of a sentence), and predictive input. Overall, one of the lightest weight options. Download Simple Keyboard from Google Play Download Simple Keyboard from F-Droid

AnySoftKeyboard - Privacy respecting, lightweight, customizable. Has autocorrect, autocapitalization, and predictive input. I recommend this one over Simple Keyboard. Download AnySoftKeyboard from Google Play Download AnySoftKeyboard from F-Droid

Cloud services

Mega.NZ - in the absence of just using your own hard drives, Mega.NZ is probably the best option for cloud services. New accounts only get 10 GB of storage, though. There is a sync client for Windows, Linux, OSX, Android, and iOS. Proof-of-concept exploit says otherwise.

Email services

Protonmail - in spite of its IP logging policy, Proton remains a good option for a more secure email accout. A client does exist for Android and iOS, in order to use Proton with 3rd party clients (or with a desktop client) you do need to subscribe to a "premium" plan. Sign up for ProtonMail.

On-device encryption software

VeraCrypt - a robust whole-device encryption program, I recommend using the AES cypher, as it seems to be a good combination of efficiency and security. Availible for Windows, Linux, and OSX. Download VeraCrypt.

Tachyon File Cryptor - a slightly more minimal piece of software, doesn't support encrypting your whole drive, its more-so meant for encrypting *.ZIP (or other compressed file) archives, word documents, spreadsheets, images, etc. In this case, the Korean-developed ARIA cypher is a slightly better option than AES. Availible for Windows. Download Tachyon File Cryptor (click "무료 다운로드", then in the popup, click the checkbox [after reading the disclaimer], then click "무료 다운로드").

Antimalware/antivirus software

AhnLab V3 Lite - a relatively privacy-respecting option, which does offer realtime scanning for no added cost. Availible for Windows. Download V3 Lite (scroll to the bottom and click "새로워진 V3 Lite 무료 다운로드").

ClamWin - an open-source antivirus solution, with active support for Windows 98, Me, 2000, XP, Vista, 7, 8.x, 10, and 11, as well as respective server counterparts. Detection of malware is notably worse than AhnLab. Download ClamWin.

Making Windows more private

O&O Shut Up 10/11 - a hardening utility which can disable telemetry in Windows itself, Microsoft Edge & Internet Explorer, as well as manage (block/allow at a system-wide level) Windows Update, advertising, device hardware access, and application access to files. Download OOSU10. Download my OOSU10 config.

Recommended reading: Econobox_'s guide to setting up & hardening Windows 10. Econobox_'s guide to setting up & hardening Windows 11.

More-to-come. Stay tuned.

Copyright 2022, Econobox_ (d.b.a