My Privacy Toolkit


Page sections:

These are some notes on technology I use to improve my daily security and privacy.


  • Stay away from services that reap benefits from using my personal data
  • Make my communications private
  • Avoid location tracking
  • Prevent my ISP or others on wireless networks from sniffing my traffic
  • Use encryption whenever reasonably possible
  • Remain a functional member of public society

General technology used on multiple devices

Mullvad VPN- One of the few honest VPN services that respect your privacy.

Bitwarden password manager (self hosted)- I use the docker image vaultwarden/server to host my own Bitwarden instance on a VPS.

Criptext email- Criptext is great because it only saves your email locally on your devices, it is not saved on a server. If I didn’t already have an existing email setup that works securely I would seriously consider this for my primary email as well.

Vivaldi web browser- I like this browser for several reasons:

  • Based on Chromium
  • Apps for the multiple operating systems I use (Android, MacOS, Linux) so I get a consistent browsing experience
  • Compatible with Chrome extensions
  • Encrypted sync- I can see all the tabs I have open on all other devices, bookmarks and extensions are synced across devices
  • Extensions used: uBlock Origin, NoScript, DuckDuckGo Privacy Essentials, Decentraleyes, PrivacyBadger, Bitwarden

Tutanota email- Encrypted email service for a low price. I use this as a secondary email account. Also has custom domains, 2FA, email aliases, sending encrypted email to non-Tutanota users, full mailbox encryption.

Codeberg Git repositories- excellent free alternative to Github

PGP public key encryption- for email or other information to keep private

XMPP with OMEMO encryption over Tor- Secure decentralized messaging. I use Snikket on Android, BeagleIM on MacOS and Dino on Linux.

AdGuard or Quad9 (IBM) backup normal DNS provides protection against malicious domains.

DuckDuckGo search engine

Authy 2FA- I know this may not be the best choice since it syncs from the cloud, but I need access to 2FA from multiple devices. All data is encrypted.

Shaarli Self hosted bookmarks manager- If you remember, this is similar for saving any urls you want to reference later. Make your bookmarks either public or private. second phone number- This gives you a phone number based in North America and any text messages or voicemails to it are forwarded to your XMPP address. You can also use this for VOIP calls but I haven’t done that yet. This is a great way to add 2FA to websites or signup for accounts that require a phone number but you don’t want to give out your primary number.

MEGA encrypted cloud storage- Very reasonably priced plans. I use this to have a cloud backup of important files. There is also an ecrypted chat function. FreshRSS docker image to manage all the RSS feeds I subscribe to.

Usually whatever built-in system-wide drive encryption is included natively is what I use. I also may use individual password protected virtual drives.

Android devices

Phone ROM: I’ve been using this since 2017 first on an LG Nexus 5X and now on a Pixel 4a. Many Google parts of Android have been removed and this runs MicroG. Support for devices tends to last much longer with these ROMs than the (greatly appreciated) volunteers that maintain LineageOS.

Tablet: LineageOS- There is no /e/ ROM for my NVidia Shield tablet, so I am using the last version of LineageOS built for it.

FDroid- Open source apps that are mostly free from any tracking

Obtainium- Monitor Android app sources for updates- useful for apps that aren’t on F-Droid

Threema encrypted messenger- Uses the open source and tested NaCl Box encryption model

Molly FOSS open source Signal encrypted messenger fork- Only with people who I trust with my phone number though.

Snikket XMPP messenger with OMEMO encryption

Tusky (Mastodon)- Federated social platform

AntennaPod- Podcasts

FeedMe- RSS feed reader (syncing to my self-hosted FreshRSS server)

TorBrowser- Safe web browsing

Orbot- Allows other apps to use Tor

UntrackMe- Redirect links to Nitter or Invidious, unshorten URLs and remove UTM tracking codes

Exodus Privacy- Scan Android apps for trackers

OpenKeychain- PGP key management

Sophos Intercept X- A free anti-virus and security suite for mobile devices. Includes device security audit, password manager, TOTP Authenticator, QR code scanner, app permissions audit and app access protections.

Termux- A shell running familiar linux commands

Yet Another Call Blocker- An excellent app to block spam phone calls

No email on my phone! Data can’t be leaked if it’s not on my device in the first place. Also it saves my sanity.


I’ve been an Apple/Mac guy since the 80s. I also used BeOS in the late 90s and was very disappointed Apple didn’t choose them for their next OS. I used Mac Mini machines as my primary device until a few years ago when Apple stopped being privacy friendly. My last Mac Mini is used now only as a networked storage device.


I have an Intel PC running Fedora KDE on a quad core i5 from 2012. I do most of my fun computing on this device including web browsing, email, chat programs, and it runs some World Community Grid research with spare cycles.

Several laptops of various ages which I usually run Manjaro KDE or Ubuntu.


OK this may seem a little misplaced but I think this is an important category. Your finances are something that must be protected. I have the following systems in place to help with that.

  • Instant text alerts on credit card charges. This way I can know immediately if something suspicious is happening with my card. Also I don’t need to bother my wife to provide receipts after every purchase.
  • Separate email account where all my financial accounts send info to. This account is totally seperate from my personal email accounts and used for nothing else. Email aliases provide some level of seperation, so IF one of my aliases got leaked or compromised I would have only a few accounts that I used that alias for so can quickly track down the compromised system.