awesome-privacy.yml

#################################################################################
# Welcome to Awesome Privacy!                                                   #
# This file contains all data for all listed categories, sections and services  #
# It's used to generate both the README.md and the website, awesome-privacy.xyz #
#                                                                               #
# USAGE COMMANDS                                                                #
# `make validate` - Check this file is valid YAML and fits the schema           #
# `make generate` - Generate + insert content into the README.md                #
#                                                                               #
# EDITING                                                                       #
# Please read the CONTRIBUTING.md before submitting any changes to this file    #
#                                                                               #
# ADDING SERVICE                                                                #
# If you're adding a new listing, the following fields are accepted:            #
#  - name: string (required) - The name of the service                          #
#  - description: string (required) - A brief description of the service        #
#  - url: string (required) - The URL of the service                            #
#  - github: string - The GitHub repository of the service (user/repo-name)     #
#  - icon: string - The URL of the service's icon                               #
#  - followWith: string - Some categories need a prefix (e.g. platform)         #
#  - securityAudited: boolean - Has the service has been publicly audited       #
#  - openSource: boolean - Whether the service is fully open source             #
#  - acceptsCrypto: boolean - Whether the service accepts anonymous payment     #
#  - tosdrId: string - The ID of the service on ToS;DR  (find at tosdr.org)     #
#                                                                               #
#################################################################################
# Licensed under CC0-1.0 (C) Alicia Sykes <https://aliciasykes.com> 2019 - 2024 #
#################################################################################

categories:
  - name: Essentials
    sections:
    ###############################
    ###### Password Managers ######
    ###############################
    - name: Password Managers
      alternativeTo: ['LastPass', '1Password', 'Dashlane', 'NordPass', 'RoboForm']
      services:
      - name: Bitwarden
        url: https://bitwarden.com
        followWith: Self-Hosted
        github: bitwarden/server
        tosdrId: 1348
        androidApp: com.x8bit.bitwarden
        iosApp: https://apps.apple.com/us/app/bitwarden-password-manager/id1137397744
        subreddit: Bitwarden
        description: |
          Fully-featured, open source password manager with cloud-sync. Bitwarden is
          easy-to-use with a clean UI and client apps for desktop, web and mobile. See
          also [Vaultwarden](https://github.com/dani-garcia/vaultwarden), a self-hosted,
          Rust implementation of the Bitwarden server and compatible with [upstream
          Bitwarden clients](https://bitwarden.com/download/).

      - name: KeePass
        url: https://keepass.info
        openSource: true
        subreddit: KeePass
        description: |
          Hardened, secure and offline password manager. Does not have cloud-sync baked
          in, deemed to be [gold standard](https://keepass.info/ratings.html) for secure
          password managers. KeePass clients: [Strongbox](https://apps.apple.com/us/app/strongbox-keepass-pwsafe/id897283731)
          *(Mac & iOS)*, [KeePassDX](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
          *(Android)*, [KeeWeb](https://keeweb.info) *(Web-based/ self-hosted)*,
          [KeePassXC](https://keepassxc.org) *(Windows, Mac & Linux)*, see more KeePass
          clients and extensions at [awesome-keepass](https://github.com/lgg/awesome-keepass)
          by @lgg.

      - name: LessPass
        url: https://lesspass.com
        followWith: Self-Hosted
        github: lesspass/lesspass
        description: |
          LessPass is a little different, since it generates your passwords using a hash
          of the website name, your username and a single main-passphrase that you reuse.
          It omits the need for you to ever need to store or sync your passwords. They
          have apps for all the common platforms and a CLI, but you can also self-host it.

      - name: Padloc
        url: https://padloc.app
        github: padloc/padloc
        androidApp: app.padloc
        iosApp: https://apps.apple.com/us/app/padloc/id1478877043
        description: |
          A modern, open source password manager for individuals and teams. Beautiful,
          intuitive and dead simple to use. Apps available for all platforms and you can
          self-host it as well.

      - name: ProtonPass
        url: https://proton.me/pass
        openSource: true
        tosdrId: 491
        androidApp: proton.android.pass
        iosApp: https://apps.apple.com/us/app/proton-pass-password-manager/id6443490629
        subreddit: ProtonPass
        description: |
          From the creators of ProtonMail, ProtonPass is a new addition to their suite of
          services. They have a full collection of user-friendly native mobile and desktop
          apps. ProtonPass is one of the few "trustworthy" providers that also offers a
          free plan.

      - name: Pass
        url: https://www.passwordstore.org/
        icon: https://www.zx2c4.com/favicon.ico
        description: The Standard Unix Password Manager
        openSource: true

      notableMentions:
      - name: Password Safe
        url: https://www.pwsafe.org
        # tosdrId: 3342
        # iosApp: https://apps.apple.com/us/app/proton-pass-password-manager/id6443490629
        # androidApp: com.jefftharris.passwdsafe
        description: >
          An offline, open source password manager designed by
          [Bruce Schneier](https://www.schneier.com/academic/passsafe/), with native
          applications for Windows, Linux, MacOS, Android and iOS, and support for
          YubiKey. The UI is a little dated, and there is no official browser extension,
          making is slightly less convenient to use compared with other options
      - name: PassBolt
        url: https://www.passbolt.com
        # iosApp: https://apps.apple.com/us/app/passbolt-password-manager/id1569629432
        # androidApp: com.passbolt.mobile.android
        description: >
          A good option for teams. It is free, open source, self-hosted, extensible
          and OpenPGP based. It is specifically good for development and DevOps usage,
          with integrations for the terminal, browser and chat, and can be easily
          extended for custom usage, and deployed quickly with Docker
      - name: 1Password
        url: https://1password.com
        # tosdrId: 1572
        # iosApp: https://apps.apple.com/us/app/1password-password-manager/id1511601750
        # androidApp: com.onepassword.android
        description: >
          (proprietary) A fully-featured cross-platform password manager with sync.
          Free for self-hosted data (or $3/ month hosted). Be aware that 1Password
          is not fully open source, but they do regularly publish results of their
          independent [security audits](https://support.1password.com/security-assessments),
          and they have a solid reputation for transparently disclosing and fixing vulnerabilities     
      furtherInfo: >
        **Other Open Source PM**: [Buttercup](https://buttercup.pw), [Clipperz](https://clipperz.is),
        [Pass](https://www.passwordstore.org), [Padloc](https://padloc.app), [TeamPass](https://teampass.net),
        [PSONO](https://psono.com), [UPM](http://upm.sourceforge.net), [Gorilla](https://github.com/zdia/gorilla/wiki),
        [Seahorse](https://gitlab.gnome.org/GNOME/seahorse) (for GNOME),
        [GNOME Keyring](https://wiki.gnome.org/Projects/GnomeKeyring),
        [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager).
        <br /><br />
        If you are using a deprecated PM, you should migrate to something actively maintained.
        This includes: [Firefox Lockwise](https://www.mozilla.org/en-US/firefox/lockwise),
        [Encryptr](https://spideroak.com/personal/encryptr?ref=awesome-privacyr),
        [Mitro](https://www.mitro.co), [Rattic](https://spideroak.com/encryptr),
        [JPasswords](http://jpws.sourceforge.net/jpasswords.html), [Passopolis](https://passopolis.com),
        [KYPS](https://en.wikipedia.org/wiki/KYPS), [Factotum](http://man.9front.org/4/factotum).

    #####################################
    ###### 2-Factor Authentication ######
    #####################################
    - name: 2-Factor Authentication
      alternativeTo: ['Google Authenticator', 'Authy', 'Microsoft Authenticator', 'LastPass Authenticator', 'Duo Mobile']
      services:
      - name: 2FAS
        url: https://2fas.com/
        followWith: Android & iOS
        github: twofas/2fas-server
        tosdrId: 8201
        iosApp: https://apps.apple.com/us/app/2fa-authenticator-2fas/id1217793794
        androidApp: com.twofasapp
        discordInvite: q4cP6qh2g5
        icon: https://avatars.githubusercontent.com/u/18189374
        description: |
          Free, secure and open source authenticator app for both iOS and Android.
          Supports creating encrypted backups and syncing between devices without the need for an account.

      - name: Aegis
        url: https://getaegis.app
        followWith: Android
        github: beemdevelopment/Aegis
        tosdrId: 4076
        androidApp: com.beemdevelopment.aegis
        icon: https://raw.githubusercontent.com/beemdevelopment/Aegis/master/metadata/en-US/images/icon.png
        description: |
          Free, secure and open source authenticator app for Android. Has a backup/
          restore feature and a customisable UI with dark mode

      - name: Authenticator Pro
        url: https://authenticatorpro.jmh.me/
        icon: https://authenticatorpro.jmh.me/img/icon.svg
        followWith: Android
        github: jamie-mh/AuthenticatorPro
        androidApp: me.jmh.authenticatorpro
        description: |
          Free and open-source two factor authentication app for Android. It features
          encrypted backups, icons, categories and a high level of customisation. It
          also has a Wear OS companion app

      - name: Tofu
        url: https://www.tofuauth.com
        followWith: iOS
        icon: https://www.tofuauth.com/images/icon.svg
        github: iKenndac/Tofu
        iosApp: https://apps.apple.com/us/app/tofu-authenticator/id1082229305
        tosdrId: 5414
        description: |
          An easy-to-use, open-source two-factor authentication app designed specifically
          for iOS

      - name: Authenticator
        url: https://mattrubin.me/authenticator
        github: mattrubin/Authenticator
        icon: https://i.ibb.co/dLqS8ZH/Screenshot-from-2024-02-19-20-47-48.png
        iosApp: https://apps.apple.com/us/app/authenticator/id766157276
        followWith: iOS
        description: |
          Simple, native, open source 2-FA Client for iOS, which never connects to the
          internet - built by @mattrubin.me

      - name: WinAuth
        url: https://winauth.github.io/winauth
        github: winauth/winauth
        icon: https://winauth.github.io/winauth/favicon.ico
        followWith: Windows
        description: |
          Portable, encrypted desktop authenticator app for Microsoft Windows. With
          useful features, like hotkeys and some additional security tools, WinAuth is a
          great companion authenticator for desktop power-users. It's open source and
          well-established (since mid-2010)

      - name: Authenticator GNOME
        url: https://gitlab.gnome.org/World/Authenticator
        icon: https://gitlab.gnome.org/World/Authenticator/-/avatar?width=48
        openSource: true
        followWith: Linux
        description: |
          Rust-based OTP authenticator. Has native With GNOME Shell integration. Also
          available through [flathub](https://flathub.org/apps/details/com.belmoussaoui.Authenticator).

      - name: Authenticator CC
        url: https://authenticator.cc
        icon: https://authenticator.cc/assets/logo/logo.svg
        github: Authenticator-Extension/Authenticator
        followWith: BrowserExtension
        description: |
          Authenticator Extension is an in-browser One-Time Password (OTP) client,
          supports both Time-Based One-Time Password (TOTP, specified in [RFC 6238](https://tools.ietf.org/html/rfc6238))
          and HMAC-Based One-Time Password (HOTP, specified in [RFC 4226](https://tools.ietf.org/html/rfc4226)).

      - name: Ente Auth
        url: https://ente.io/auth/
        icon: https://raw.githubusercontent.com/ente-io/ente/main/auth/assets/icons/auth-icon.ico
        openSource: true
        github: ente-io/ente
        tosdrId: 5256
        iosApp: https://apps.apple.com/us/app/ente-auth/id6444121398
        androidApp: io.ente.auth
        description: |
          Ente Auth is a free and open-source app which stores and generates TOTP tokens. 
          It can be used with an online account to backup and sync your tokens across your 
          devices (and access them via a web interface) in a secure, end-to-end encrypted 
          fashion. It can also be used offline on a single device with no account necessary.

      furtherInfo: >
        Check which websites support multi-factor authentication: [2fa.directory](https://2fa.directory/)
      notableMentions: >
        [OTPClient](https://github.com/paolostivanin/OTPClient) *(Linux)*,
        [gauth](https://github.com/gbraadnl/gauth) *(Self-Hosted, Web-based)*,
        [Etopa](https://play.google.com/store/apps/details?id=de.ltheinrich.etopa) *(Android)*<br>
        For KeePass users, [TrayTop](https://keepass.info/plugins.html#traytotp)
        is a plugin for managing TOTP's -  offline and compatible with Windows, Mac and Linux.
    
    #############################
    ###### File Encryption ######
    #############################
    - name: File Encryption
      alternativeTo: ['VeraCrypt', 'BitLocker', 'FileVault', 'AxCrypt', 'WinRAR']
      services:
      - name: VeraCrypt
        url: https://www.veracrypt.fr
        icon: https://veracrypt.fr/favicon.ico
        github: veracrypt/VeraCrypt
        description: |
          VeraCrypt is open source cross-platform disk encryption software. You can use
          it to either encrypt a specific file or directory, or an entire disk or
          partition. VeraCrypt is incredibly feature-rich, with comprehensive encryption
          options, yet the GUI makes it easy to use. It has a CLI version, and a portable
          edition. VeraCrypt is the successor of (the now deprecated) TrueCrypt.

      - name: Cryptomator
        url: https://cryptomator.org
        icon: https://avatars.githubusercontent.com/u/11850518
        github: cryptomator/cryptomator
        tosdrId: 4403
        iosApp: https://apps.apple.com/us/app/cryptomator/id1560822163
        androidApp: org.cryptomator
        description: |
          Open source client-side encryption for cloud files - Cryptomator is geared
          towards using alongside cloud-backup solutions, and hence preserves individual
          file structure, so that they can be uploaded. It too is easy to use, but has
          fewer technical customizations for how the data is encrypted, compared with
          VeraCrypt. Cryptomator works on Windows, Linux and Mac - but also has excellent
          mobile apps.

      - name: age
        url: https://age-encryption.org
        github: FiloSottile/age
        icon: https://i.ibb.co/H7hHddf/logo-white.png
        description: |
          `age` is a simple, modern and secure CLI file encryption tool and Go library.
          It features small explicit keys, no config options, and UNIX-style composability

      - name: Picocrypt
        github: Picocrypt/Picocrypt
        icon: https://avatars.githubusercontent.com/u/171401041
        description: |
          Picocrypt is a very small (hence Pico), very simple, yet very secure encryption tools
          that you can use to protect your files. It's designed to be the go-to tool for encryption, 
          with a focus on security, simplicity, and reliability.

      wordOfWarning: >
        Where possible, choose a cross-platform and well established encryption method,
        so that you are never faced with not being able to access your files using your current system.<br>
        Although well-established encryption methods are usually very secure,
        if the password is not strong, then an adversary may be able to gain access to your files,
        with a powerful enough GPU.
        If your system is compromised, then the password may also be able to be
        skimmed with a keylogger or other similar malware, so take care to follow
        good basic security practices
      notableMentions:
      - name: AES Crypt
        url: https://www.aescrypt.com/
        description: >
          A light-weight and easy file encryption utility.
          It includes applications for Windows, Mac OS, BSD and Linux, all of which can be
          interacted with either through the GUI, CLI or programatically though an API
          (available for Java, C, C# and Python). Although it is well established,
          with an overall positive reputation, there have been some
          [security issues](https://www.reddit.com/r/privacytoolsIO/comments/b7riov/aes_crypt_security_audit_1_serious_issue_found/)
          raised recently.

      - name: CryptSetup
        url: https://gitlab.com/cryptsetup/cryptsetup
        description: >
          is a convenient
          layer for use on top of [dm-crypt](https://wiki.archlinux.org/index.php/Dm-crypt).
          [EncFS](https://github.com/vgough/encfs) is a cross-platform file-based encryption module,
          for use within user local directories. [geli](https://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8)
          is a disk encryption subsystem included with FreeBSD.


      - name: BitLocker
        url: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-overview
        description: >
          is popular among Microsoft Windows and enterprise users, and provides fast,
          efficient and (if correctly configured) reasonably secure full drive encryption.
          However it is not open source, has poor compatibility with other operating systems,
          and has some very dodgy [defaults](https://www.diskcryptor.org/why-not-bitlocker/),
          which could lead to your system being compromised. Similarly, Apple's
          [FileVault](https://support.apple.com/en-us/HT204837) on MacOS is easy and secure,
          but again, the source code is proprietary.

      - name: DiskCryptor
        url: https://www.diskcryptor.org/
        description: |
          Windows-only, open source, file and volume encryption solution,
          that makes a good alternative to BitLocker.

    ######################
    ###### Browsers ######
    ######################
    - name: Browsers
      alternativeTo: ['Chrome', 'Safari', 'Firefox', 'Edge', 'Opera']
      services:
      - name: LibreWolf
        icon: https://librewolf.net/icon.svg
        url: https://librewolf.net
        openSource: true
        tosdrId: 6389
        description: |
          LibreWolf is an independent fork of Firefox that aims to provide better default
          settings to improve on privacy, security and user freedom. Mozilla telemetry is
          disabled, ties with Google (Safe Browsing) are severed, the content blocker
          [uBlock Origin](https://github.com/gorhill/uBlock) is included and privacy
          defaults are guided by research like the
          [Arkenfox project](https://github.com/arkenfox/user.js/).

      - name: Brave Browser
        url: https://brave.com
        icon: https://brave.com/static-assets/images/brave-logo-sans-text.svg
        github: brave/brave-browser
        tosdrId: 1487
        description: |
          Brave Browser, currently one of the most popular private browsers - it provides
          speed, security, and privacy by blocking trackers with a clean, yet fully-featured
          UI. It also pays you in [BAT tokens](https://basicattentiontoken.org/) for using it.
          Brave also has Tor built-in, when you open up a private tab/ window.

      - name: Firefox
        url: https://www.mozilla.org/firefox
        icon: https://www.mozilla.org/media/protocol/img/logos/firefox/logo.fedb52c912d6.svg
        openSource: true
        tosdrId: 188
        description: |
          Significantly more private, and offers some nifty privacy features than Chrome,
          Internet Explorer and Safari. After installing, there are a couple of small tweaks
          you will need to make, in order to secure Firefox. For a though config, see
          [@arkenfox's user.js](https://github.com/arkenfox/user.js/). You can also follow
          one of these guides by: [Restore Privacy](https://restoreprivacy.com/firefox-privacy/)
          or [12Bytes](https://codeberg.org/12bytes/firefox-config-guide)

      - name: Tor Browser
        url: https://www.torproject.org/
        icon: https://www.torproject.org/static/images/favicon/favicon.ico
        openSource: true
        tosdrId: 2845
        androidApp: org.torproject.torbrowser
        description: |
          Tor provides an extra layer of anonymity, by encrypting each of your requests, then
          routing it through several nodes, making it near-impossible for you to be tracked by
          your ISP/ provider. It does make every-day browsing a little slower, and some sites
          may not work correctly. As with everything there are
          [trade-offs](https://github.com/Lissy93/personal-security-checklist/issues/19)

      - name: Cromite
        url: https://www.cromite.org/
        icon: https://camo.githubusercontent.com/fc003f5ff33669908e7b929692fdbb8d10ec7df5ffa5e02e4d9becf405dd7804/68747470733a2f2f7777772e63726f6d6974652e6f72672f6170705f69636f6e2e706e67
        github: uazo/cromite
        description: |
          Cromite is a Chromium fork based on Bromite with built-in support for ad blocking and an eye for privacy.

      notableMentions: >
        **Mobile Browsers**: [Mull](https://f-droid.org/en/packages/us.spotco.fennec_dos/) Hardened fork of FF-Fenix (Android),
        [Firefox Focus](https://support.mozilla.org/en-US/kb/focus) (Android/ iOS),
        [DuckDuckGo Browser](https://help.duckduckgo.com/duckduckgo-help-pages/mobile/ios/) (Android/ iOS),
        [Orbot](https://guardianproject.info/apps/orbot/) + [Tor](https://www.torproject.org/download/#android) (Android),
        [Onion Browser](https://onionbrowser.com/) (iOS)<br><br>
        **Additional Desktop**: [Nyxt](https://nyxt.atlas.engineer/), [WaterFox](https://www.waterfox.net), [Epic Privacy Browser](https://www.epicbrowser.com), [PaleMoon](https://www.palemoon.org), [Iridium](https://iridiumbrowser.de/), [Sea Monkey](https://www.seamonkey-project.org/), [Ungoogled-Chromium](https://github.com/Eloston/ungoogled-chromium), [Basilisk Browser](https://www.basilisk-browser.org/) and [IceCat](https://www.gnu.org/software/gnuzilla/)
        12Bytes also maintains a list privacy & security [extensions](https://12bytes.org/articles/tech/firefox/firefox-extensions-my-picks/)
      wordOfWarning: >
        New vulnerabilities are being discovered and patched all the time - use a browser
        that is being actively maintained, in order to receive these security-critical updates.<br>
        Even privacy-respecting browsers, often do not have the best privacy options enabled by default.
        After installing, check the privacy & security settings, and update the configuration to
        something that you are comfortable with. 12Bytes maintains a comprehensive guide on
        [Firefox Configuration for Privacy and Performance](https://codeberg.org/12bytes/firefox-config-guide)
    
    ############################
    ###### Search Engines ######
    ############################
    - name: Search Engines
      alternativeTo: ['Google', 'Bing', 'Yahoo', 'Baidu', 'Yandex']
      services:
      - name: DuckDuckGo
        url: https://duckduckgo.com
        icon: https://duckduckgo.com/favicon.png
        openSource: true
        tosdrId: 222
        iosApp: https://apps.apple.com/us/app/duckduckgo-private-browser/id663592361
        androidApp: com.duckduckgo.mobile.android
        subreddit: duckduckgo
        description: |
          DuckDuckGo is a very user-friendly, fast and secure search engine. It's totally
          private, with no trackers, cookies or ads. It's also highly customisable, with
          dark-mode, many languages and features. They even have a [.onion](https://3g2upl4pq6kufc4m.onion)
          URL, for use with Tor and a [no Javascript version](https://duckduckgo.com/html/)

      - name: Qwant
        url: https://www.qwant.com
        icon: https://avatars.githubusercontent.com/u/1692504
        iosApp: https://apps.apple.com/us/app/qwant-private-search/id924470452
        androidApp: com.qwant.liberty
        subreddit:  Qwant
        tosdrId: 527
        description: |
          French service that aggregates Bings results, with its own results. Qwant doesn't
          plant any cookies, nor have any trackers or third-party advertising. It returns
          non-biased search results, with no promotions. Qwant has a unique, but nice UI.

      - name: Startpage
        url: https://www.startpage.com
        icon: https://www.startpage.com/favicon.ico
        tosdrId: 418
        openSource: false
        description: |
          Dutch search engine that searches on Google and shows the results (slightly
          rearranged). It has several configurations that improve privacy during use
          (it is not open source)

      - name: Brave Search
        url: https://search.brave.com/
        icon: https://i.ibb.co/GH1n4wf/Brave-Search-Icon.png
        description: >-
          Brave Search is a privacy-focused search engine that does not track users or
          their searches, does not use secret algorithms or user profiling, and is
          based on its own search index.
        github: brave/brave-browser
        tosdrId: 1487
        iosApp: https://apps.apple.com/us/app/brave-private-browser-adblock/id1052879175
        androidApp: com.brave.browser
        discordInvite: ''
        subreddit: brave_browser
        openSource: true
        securityAudited: true
        acceptsCrypto: false

      - name: Mojeek
        url: https://mojeek.com
        icon: https://www.mojeek.com/favicon.png
        openSource: false
        tosdrId: 2432
        iosApp: https://apps.apple.com/gb/app/mojeek/id1505807785
        androidApp: mojeek.app
        subreddit: mojeek
        description: |
          British search engine providing independent and unbiased search results using
          its own crawler. Has a zero tracking policy (it is not open source)
      notableMentions:
      - name: MetaGear
        url: https://metager.org
      - name: YaCy
        url: https://yacy.net
      - name: Searx
        url: https://github.com/searxng/searxng
        description: >
          Self-hostable search engines that use the results of multiple other
          engines (such as Google and Bing) at the same time. They're open source
          and self-hostable, although using a [public instance](https://searx.space)
          has the benefit of not singling out your queries to the engines used.
          A fork of the original [Searx](https://searx.github.io/searx/).
      
  
  - name: Communication
    sections:
    #################################
    ###### Encrypted Messaging ######
    #################################
    - name: Encrypted Messaging
      alternativeTo: ['whatsapp', 'facebook messenger', 'wechat', 'telegram', 'snapchat', 'viber', 'line', 'discord']
      services:
      - name: Signal
        url: https://signal.org
        openSource: true
        github: signalapp/Signal-Server
        tosdrId: 528
        iosApp: https://apps.apple.com/us/app/signal-private-messenger/id874139669
        androidApp: org.thoughtcrime.securesms
        icon: https://signal.org/assets/images/favicon/android-chrome-192x192.png
        subreddit: signal
        description: |
          Probably one of the most popular, secure private messaging apps that combines
          strong encryption (see [Signal Protocol](https://en.wikipedia.org/wiki/Signal_Protocol))
          with a simple UI and plenty of features. It's widely used across the world, and
          easy-to-use, functioning similar to WhatsApp - with instant messaging, read-receipts,
          support for media attachments and allows for high-quality voice and video calls.
          It's cross-platform, open-source and totally free. Signal is
          [recommended](https://twitter.com/Snowden/status/661313394906161152)
          by Edward Snowden, and is a perfect solution for most users.

      - name: Session
        url: https://getsession.org
        icon: https://getsession.org/favicon.ico
        openSource: true
        tosdrId: 3015
        github: oxen-io/lokinet
        subreddit: Session_Messenger
        androidApp: network.loki.messenger
        iosApp: https://apps.apple.com/us/app/session-private-messenger/id1470168868
        description: |
          Session is a fork of Signal, however unlike Signal it does not require a mobile
          number (or any other personal data) to register, instead each user is identified
          by a public key. It is also decentralized, with servers being run by the community
          though [Loki Net](https://loki.network), messages are encrypted and routed through
          several of these nodes. All communications are E2E encrypted, and there is no
          meta data.

      - name: XMPP
        url: https://xmpp.org
        icon: https://xmpp.org/favicon.ico
        openSource: true
        github: xsf/xmpp.org
        description: |
          XMPP, also known as Jabber, is an open standard for decentralized messaging that
          has been widely used for decades. It has actually been the basis upon which
          WhatsApp, Facebook's Chat and Google's Talk were built, but these companies
          (eventually) chose to remove the interoperability with other servers. Prominent
          XMPP clients support [OMEMO end-to-end encryption](https://en.wikipedia.org/wiki/OMEMO),
          which is based on the [Double Ratchet Algorithm](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm)
          that is used in Signal. For more hands-on information and to register an account
          you can visit [JoinJabber](https://joinjabber.org).

      - name: Matrix
        url: https://matrix.org
        icon: https://matrix.org/assets/favicon.ico
        openSource: true
        tosdrId: 2455
        github: matrix-org/dendrite
        description: |
          Matrix is a decentralized open network for secure communications, with E2E
          encryption with Olm and Megolm. Along with the [Element](https://element.io/)
          client, it supports VOIP + video calling and IM + group chats. Since Matrix has
          an open specification and Simple pragmatic RESTful HTTP/JSON API it makes it easy
          to integrates with existing 3rd party IDs to authenticate and discover users, as
          well as to build apps on top of it.
      notableMentions: 
        - name: Chat Secure
          url: https://chatsecure.org
        - name: KeyBase
          url: https://keybase.io/
          description: >
            Allows encrypted real-time chat, group chats, and public and
            private file sharing. It also has some nice features around cryptographically
            proving social identities, and makes PGP signing, encrypting and decrypting messages easy.
            However, since it was [acquired by Zoom](https://keybase.io/blog/keybase-joins-zoom) in 2020,
            it has no longer been receiving regular updates.
        - name: OpenPGP
          url: https://www.openpgp.org
          description: >
            can be used over existing chat networks (such as email or message boards).
            It provides cryptographic privacy and authentication, PGP is used to encrypt messages.<br />
            **Note/ Issues with PGP**  PGP is [not easy](https://restoreprivacy.com/let-pgp-die/)
            to use for beginners, and could lead to human error/ mistakes being made,
            which would be overall much worse than if an alternate, simpler system was used.
            Do not use [32-bit key IDs](https://evil32.com/) - they are too short to be secure.
            There have also been vulnerabilities found in the OpenPGP and S/MIME,
            defined in [EFAIL](https://efail.de/), so although it still considered
            secure for general purpose use, for general chat, it may be better to
            use an encrypted messaging or email app instead.
      wordOfWarning: >
        Many messaging apps claim to be secure, but if they are not open source,
        then this cannot be verified - and they **should not be trusted**.
        This applies to [Telegram](https://telegram.org), [Threema](https://threema.ch),
        [Cypher](https://www.goldenfrog.com/cyphr), [Wickr](https://wickr.com/),
        [Silent Phone](https://www.silentcircle.com/products-and-solutions/silent-phone/)
        and [Viber](https://www.viber.com/), to name a few - these apps should not
        be used to communicate any sensitive data.
        [Wire](https://wire.com/) has also been removed, due to
        a [recent acquisition](https://blog.privacytools.io/delisting-wire/)
    
    ###########################
    ###### P2P Messaging ######
    ###########################
    - name: P2P Messaging
      intro: >
        With [Peer-to-Peer](https://en.wikipedia.org/wiki/Peer-to-peer) networks,
        there are no central server, so there is nothing that can be raided,
        shut-down or forced to turn over data. There are P2P networks available
        that are open source, E2E encrypted, routed through Tor services,
        totally anonymous and operate without the collection of metadata.
      services:
      - name: Oxen
        url: https://oxen.io/
        github: oxen-io/lokinet
        tosdrId: 6622
        icon: https://oxen.io/favicon.ico
        description: |
          Oxen (previously Loki) is an open source set of tools that allow users to transact
          and communicate anonymously and privately, through a decentralised, encrypted,
          onion-based network.
          Session is a desktop and mobile app that uses these private routing protocols to
          secure messages, media and metadata.

      - name: Briar
        url: https://briarproject.org
        icon: https://briarproject.org/img/briar_logo_circle.png
        androidApp: org.briarproject.briar.android
        openSource: true
        tosdrId: 2559
        description: |
          Tor-based Android app for P2P encrypted messaging and forums. Where content is
          stored securely on your device (not in the cloud). It also allows you to connect
          directly with nearby contacts, without internet access (using Bluetooth or WiFi).

      - name: Ricochet Refresh
        url: https://www.ricochetrefresh.net
        openSource: true
        github: blueprint-freespeech/ricochet-refresh
        icon: https://www.ricochetrefresh.net/apple-touch-icon.png
        followWith: Desktop
        description: |
          Desktop instant messenger, that uses the Tor network to rendezvous with your
          contacts without revealing your identity, location/ IP or meta data. There are
          no servers to monitor, censor, or hack so Ricochet is secure, automatic and easy
          to use.

      - name: Jami
        url: https://jami.net
        icon: https://jami.net/assets/images/favicon/apple-touch-icon-57x57.png
        github: savoirfairelinux/jami-project
        iosApp: https://apps.apple.com/ca/app/jami/id1306951055
        androidApp: cx.ring
        description: |
          P2P encrypted chat network with cross-platform GNU client apps. Jami supports
          audio and video calls, screen sharing, conference hosting and instant messaging.

      - name: Tox & qTox client
        url: https://tox.chat
        icon: https://tox.chat/theme/img/favicon.ico
        openSource: true
        subreddit: projecttox
        followWith: Desktop
        description: |
          Open source, encrypted, distributed chat network, with clients for desktop and
          mobile - see [supported clients](https://tox.chat/clients.html). Clearly documented
          code and multiple language bindings make it easy for developers to integrate with
          Tox.
      notableMentions:
      - name: Cwtch
        url: https://cwtch.im
      - name: BitMessage
        url: https://github.com/Bitmessage/PyBitmessage
      - name: RetroShare
        url: https://retroshare.cc
    
    #############################
    ###### Encrypted Email ######
    #############################
    - name: Encrypted Email
      alternativeTo: ['gmail', 'outlook', 'yahoo mail', 'icloud mail', 'aol mail', 'zoho mail']
      intro: >
        Email is not secure - your messages can be easily intercepted and read.
        Corporations scan the content of your mail, to build up a profile of you,
        either to show you targeted ads or to sell onto third-parties.
        Through the [Prism Program](https://en.wikipedia.org/wiki/PRISM_(surveillance_program)),
        the government also has full access to your emails (if not end-to-end encrypted) -
        this applies to Gmail, Outlook Mail, Yahoo Mail, GMX, ZoHo, iCloud, AOL and more.<br><br>
        For a more details comparison of email providers, see
        [email-comparison.as93.net](https://email-comparison.as93.net/)
      services:
      - name: ProtonMail
        url: https://protonmail.com
        icon: https://proton.me/favicons/android-chrome-192x192.png
        openSource: false
        github: ProtonMail/WebClients
        tosdrId: 491
        androidApp: ch.protonmail.android
        iosApp: https://apps.apple.com/us/app/proton-mail-encrypted-email/id979659905
        subreddit: ProtonMail
        description: |
          An end-to-end encrypted anonymous email service. ProtonMail has a
          modern easy-to-use and customizable UI, as well as fast, secure native mobile
          apps. ProtonMail has all the features that you'd expect from a modern email
          service and is based on simplicity without sacrificing security. It has a free
          plan or a premium option for using custom domains (starting at $5/month).
          ProtonMail requires no personally identifiable information for signup, they have
          a [.onion](https://protonirockerxow.onion) server, for access via Tor, and they
          accept anonymous payment: BTC and cash (as well as the normal credit card and PayPal).
      - name: Tuta
        icon: https://tuta.com/resources/favicon/logo-favicon.svg
        openSource: true
        github: tutao/tutanota
        tosdrId: 157
        url: https://tuta.com
        subreddit: tutanota
        androidApp: de.tutao.tutanota
        iosApp: https://apps.apple.com/us/app/encrypted-email-tuta/id922429609
        description: |
          Free and open source email service based in Germany. It has a basic intuitive UI,
          secure native mobile apps and desktop email clients, anonymous signup, and an encrypted calendar. Tuta has a
          full-featured free plan and premium subscription plans allowing for
          custom domains (starting at $3/month). Tuta
          [does not use OpenPGP](https://tuta.com/blog/posts/differences-email-encryption/)
          like other encrypted mail providers, instead they use a standardized, hybrid method
          consisting of symmetrical and asymmetrical algorithms (with AES256, and RSA 2048 
          or ECC (x25519) and Kyber-1024). This causes compatibility issues when communicating with contacts
          using PGP. But it does allow them to encrypt much more of the header data (body,
          attachments, subject lines, and sender names etc) which PGP mail providers cannot do. The recent upgrades
          to Tuta's encryption algorithm makes data stored and sent with their service safe against attacks 
          posed by quantum computers.
      - name: Forward Email
        url: https://forwardemail.net
        icon: https://forwardemail.net/img/android-chrome-192x192.png
        github: forwardemail/free-email-forwarding
        openSource: true
        description: |
          An open source, privacy-focused, encrypted email service supporting SMTP, IMAP, and API access
      - name: Mailfence
        url: https://mailfence.com?src=digitald
        icon: https://mailfence.com/c/mailfence/images/favicon/android-chrome-192x192.png
        openSource: false
        tosdrId: 1694
        subreddit: Mailfence
        androidApp: com.contactoffice.mailfence
        iosApp: https://apps.apple.com/us/app/mailfence/id1628808776
        description: |
          Mailfence supports OpenPGP so that you can manually exchange encryption keys
          independently from the Mailfence servers, putting you in full control. Mailfence
          has a simple UI, similar to that of Outlook, and it comes with bundled with
          calendar, address book, and files. All mail settings are highly customizable,
          yet still clear and easy to use. Sign up is not anonymous, since your name, and
          prior email address is required. There is a fully-featured free plan, or you can
          pay for premium, and use a custom domain ($2.50/ month, or $7.50/ month for 5
          domains), where Bitcoin, LiteCoin or credit card is accepted.
      - name: MailBox.org
        url: https://mailbox.org
        icon: https://i.ibb.co/zJtHBTZ/mailfence.png
        openSource: false
        tosdrId: 1517
        subreddit: Mailbox_org
        description: |
          A Berlin-based, eco-friendly secure mail provider. There is no free plan, the
          standard service costs €12/year. You can use your own domain, with the option of
          a [catch-all alias](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain).
          They provide good account security and email encryption, with OpenPGP, as well as
          encrypted storage. There is no dedicated app, but it works well with any standard
          mail client with SSL. There's also currently no anonymous payment option.
      notableMentions:
      - name: HushMail
        url: https://www.hushmail.com
      - name: Soverin
        url: https://soverin.net
      - name: StartMail
        url: https://www.startmail.com
      - name: Posteo
        url: https://posteo.de
      - name: Disroot
        url: https://disroot.org/en
      wordOfWarning: |
        - When using an end-to-end encryption technology like OpenPGP, some metadata
        in the email header will not be encrypted.
        - OpenPGP also does not support Forward secrecy, which means if either
        your or the recipient's private key is ever stolen, all previous messages
        encrypted with it will be exposed. You should take great care to keep your
        private keys safe.

    ###########################
    ###### Email Clients ######
    ###########################
    - name: Email Clients
      alternativeTo:  ['microsoft outlook', 'apple mail', 'thunderbird', 'em client', 'mailbird', 'postbox']
      intro: >
        Email clients are the programs used to interact with the mail server.
        For hosted email, then the web and mobile clients provided by your email
        service are usually adequate, and may be the most secure option.
        For self-hosted email, you will need to install and configure mail clients for web, desktop or mobile.
        A benefit of using an IMAP client, is that you will always have an offline backup of all email messages
        (which can then be encrypted and archived), and many applications let you aggregate multiple mailboxes
        for convenience. Desktop mail clients are not vulnerable to the common browser attacks, that their web
        app counterparts are.
      services:
      - name: Mozilla Thunderbird
        url: https://www.thunderbird.net
        icon: https://www.thunderbird.net/media/img/thunderbird/ios-icon-180.png
        subreddit: Thunderbird
        openSource: true
        tosdrId: 3365
        description: |
          Free and open source email application developed and backed by Mozilla -it's secure,
          private easy and customizable. As of V 78.2.1 encryption is built in, and the
          [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy) extension routes
          all traffic through the Tor network. Forks, such as
          [Betterbird](https://github.com/Betterbird/thunderbird-patches) may add additional features.

      - name: eM Client
        url: https://www.emclient.com
        icon: https://www.emclient.com/favicon.ico
        tosdrId: 432
        androidApp: com.emclient.mailclient
        iosApp: https://apps.apple.com/us/app/em-client/id1561166404
        description: |
          Productivity-based email client, for Windows and MacOS. eM Client has a clean user
          interface, snappy performance and good compatibility. There is a paid version, with
          some handy features, including snoozing incoming emails, watching for replies for a
          specific thread, message translation, send later, and built-in Calendar, Tasks,
          Contacts and Notes. Note, eM Client is proprietary, and not open source.

      - name: SnappyMail
        url: https://snappymail.eu
        icon: https://snappymail.eu/static/img/logo-256x256.png
        github: the-djmaze/snappymail
        description: |
          Simple, modern, fast web-based mail client. This is an IMAP-only fork of
          [RainLoop](http://www.rainloop.net) that mitigates a severe
          [RainLoop vulnerability](https://thehackernews.com/2022/04/unpatched-bug-in-rainloop-webmail-could.html)
          and adds several new [features](https://snappymail.eu/comparison).

      - name: RoundCube
        url: https://roundcube.net
        icon: https://roundcube.net/images/roundcube_logo_icon.svg
        github: roundcube/roundcubemail
        description: |
          Browser-based multilingual IMAP client with an application-like user interface. It
          provides full functionality you expect from an email client, including MIME support,
          address book, folder manipulation, message searching and spell checking.

      - name: FairEmail
        url: https://email.faircode.eu
        icon: https://raw.githubusercontent.com/M66B/FairEmail/master/app/src/main/ic_launcher-web.png
        github: M66B/FairEmail
        androidApp: eu.faircode.email
        description: |
          Open source, fully-featured and easy mail client for Android. Supports unlimited
          accounts and email addresses with the option for a unified inbox. Clean user
          interface, with a dark mode option, it is also very lightweight and consumes minimal
          data usage.

      - name: K-9 Mail
        url: https://k9mail.app
        icon: https://k9mail.app/assets/img/k9-logo.svg
        github: thunderbird/thunderbird-android
        tosdrId: 3624
        androidApp: com.fsck.k9
        description: |
          K-9 (or Thunderbird for Android) is open source,
          very well supported and trusted - k9 has been around for nearly
          as long as Android itself! It supports multiple accounts, search, IMAP push email,
          multi-folder sync, flagging, filing, signatures, BCC-self, PGP/MIME & more. Install
          OpenKeychain along side it, in order to encrypt/ decrypt emails using OpenPGP.

      wordOfWarning: >
        One disadvantage of mail clients, is that many of them do not support 2FA,
        so it is important to keep your device secured and encrypted

    #############################
    ###### Mail Forwarding ######
    #############################
    - name: Mail Forwarding
      intro: >
        Revealing your real email address online can put you at risk.
        Email aliasing allows messages to be sent to [anything]@my-domain.com and
        still land in your primary inbox. This protects your real email address
        from being revealed.
        Aliases are generated automatically, the first time they are used.
        This approach lets you identify which provider leaked your email address,
        and block an alias with 1-click.
      services:
      - name: Addy
        url: https://addy.io
        icon: https://addy.io/apple-touch-icon.png
        github: anonaddy/anonaddy
        tosdrId: 2220
        iosApp: https://apps.apple.com/us/app/addymanager/id1547461270
        androidApp: com.khalidwar.anonaddy
        description: |
          An open source anonymous email forwarding service, allowing you to
          create unlimited email aliases. Has a free plan.

      - name: 33Mail
        url: http://33mail.com
        icon: https://33mail.com/favicon.ico
        openSource: false
        tosdrId: 8301
        description: |
          A long-standing aliasing service. As well as receiving, 33Mail also lets you reply
          to forwarded addresses anonymously. Free plan, as well as Premium plan ($1/ month)
          if you'd like to use a custom domain. Note that 33Mail usese Google Analytics.

      - name: SimpleLogin
        url: https://simplelogin.io
        openSource: true
        icon: https://simplelogin.io/favicon.ico
        tosdrId: 2552
        androidApp: io.simplelogin.android
        iosApp: https://apps.apple.com/us/app/simplelogin-email-alias/id1494359858
        description: |
          Fully open source (view on [GitHub](https://github.com/simple-login)) alias service
          with many additional features. Can be self-hosted, or the managed version has a free
          plan, as well as hosted premium option ($2.99/ month) for using custom domains.

      - name: Firefox Private Relay
        url: https://relay.firefox.com
        icon: https://relay.firefox.com/favicon.svg
        openSource: true
        github: mozilla/fx-private-relay
        tosdrId: 4158
        description: |
          Developed and managed by Mozilla, Relay is a Firefox addon, that lets you make an
          email alias with 1 click, and have all messages forwarded onto your personal email.
          Relay is totally free to use, and very accessible to less experienced users, but also
          [open source](https://github.com/mozilla/fx-private-relay), and able to me self-hosted
          for advanced usage.

      - name: ForwardEmail
        url: https://forwardemail.net
        icon: https://forwardemail.net/img/android-chrome-192x192.png
        github: forwardemail/free-email-forwarding
        description: |
          Simple open source catch-all email forwarding service. Easy to self-host (see on
          [GitHub](https://github.com/forwardemail/free-email-forwarding)), or the hosted version
          has a free plan as well as a ($3/month) premium plan.

      - name: ProtonMail
        followWith: Professional plan or higher
        url: https://protonmail.com/pricing
        icon: https://proton.me/favicons/android-chrome-192x192.png
        tosdrId: 491
        openSource: true
        description: |
          If you already have ProtonMail's Professional (€8/month) or Visionary (€30/month) package,
          then an implementation of this feature is available via the Catch-All Email feature.

    ##################################
    ###### Mail Security Tools ######
    #################################
    - name: Email Security Tools
      alternativeTo:  ['boomerang', 'mailtrack', 'grammarly for email', 'wisestamp', 'hubspot sales']
      services:
      - name: Enigmail
        url: https://www.enigmail.net
        icon: https://upload.wikimedia.org/wikipedia/commons/5/50/Enigmail_logo_2018.svg
        description: |
          Mail client add-on, enabling the use of OpenPGP to easily encrypt, decrypt,
          verify and sign emails. Free and open source, Enigmail is compatible with Interlink
          Mail & News and Postbox. Their website contains thorough documentation and
          quick-start guides, once set up it is extremely convenient to use.

      - name: Email Privacy Tester
        url: https://www.emailprivacytester.com/
        openSource: true
        github: mikecardwell/email-privacy-tester
        tosdrId: 9837
        description: |
          Quick tool, that enables you to test whether your mail client "reads" your emails
          before you've opened them, and also checks what analytics, read-receipts or other
          tracking data your mail client allows to be sent back to the sender. The system is
          open source ([on GitLab](https://gitlab.com/mikecardwell/ept3)), developed by
          [Mike Cardwell](https://www.grepular.com/) and trusted, but if you do not want to
          use your real email, creating a second account with the same provider, should yield
          identical results.

      - name: DKIM Verifier
        url: https://addons.thunderbird.net/en-US/thunderbird/addon/dkim-verifier/?collection_id=a5557f08-eafd-7a39-81c6-09127da790f7
        icon: https://addons.thunderbird.net/user-media/addon_icons/438/438634-64.png
        github: lieser/dkim_verifier
        description: |
          Verifies DKIM signatures and shows the result in the e-mail header, in order to help
          spot spoofed emails (which do not come from the domain that they claim to).

      notableMentions: >
        If you are using ProtonMail, then the [ProtonMail Bridge](https://protonmail.com/bridge/thunderbird)
        enables you to sync & backup your emails to your own desktop mail client.
        It works well with Thunderbird, Microsoft Outlook and others

    ##########################
    ###### VOIP Clients ######
    ##########################
    - name: VOIP Clients
      alternativeTo: ['skype', 'zoom', 'google meet', 'microsoft teams', 'cisco webex', 'gotomeeting']
      services:
      - name: Mumble
        url: https://www.mumble.info/
        github: mumble-voip/mumble
        tosdrId: 3640
        icon: https://www.mumble.info/css/apple-touch-icon.png
        androidApp: se.lublin.mumla
        iosApp: https://apps.apple.com/us/app/mumble/id443472808
        description: |
          Open source, low-latency, high quality voice chat software. You can host your
          own server, or use a hosted instance, there are client applications for Windows,
          MacOS and Linux as well as third-party apps for Android and iOS.
      - name: Linphone
        url: https://www.linphone.org
        openSource: true
        icon: https://f-droid.org/repo/org.linphone/en-US/icon_G0LG_yfcg9OhsnG4KMctTmcSa71iC8v2lFsDerfB_9s=.png
        github: BelledonneCommunications/linphone-desktop
        androidApp: org.linphone
        iosApp: https://apps.apple.com/us/app/linphone/id360065638
        description: |
          Open source audio, video and IM groups with E2E encryption and built-in media
          server. [SIP](https://en.wikipedia.org/wiki/Session_Initiation_Protocol)-based
          evolving to [RCS](https://en.wikipedia.org/wiki/Rich_Communication_Services).
          Native apps for Android, iOS, Windows, GNU/Linux and MacOS.
      notableMentions:
      - name: SpoofCard
        url: https://www.spoofcard.com
        description: >
          Lets you make anonymous phone calls + voicemail, but not open source
          and limited information on security (avoid sending any secure info).
      - name: MicroSip
        url: https://www.microsip.org
        description: An open source portable SIP softphone for Windows based on PJSIP stack

    ###################################
    ###### Virtual Phone Numbers ######
    ###################################
    - name: Virtual Phone Numbers
      alternativeTo: ['google voice', 'grasshopper', 'ringcentral', 'sideline', 'burner']
      services:
      - name: SMSPool
        url: https://www.smspool.net
        icon: https://i.ibb.co/2t4MBFj/apple-touch-icon.png
        description: |
          Don't feel comfortable giving out your phone number? Protect your online identity by using our one-time-use non-VoIP phone numbers. 
          We support over 50+ countries and support over 300+ services.
        androidApp: com.smspool.app
        iosApp: https://apps.apple.com/app/smspool/id6474617801
        tosdrId: 10033
        acceptsCrypto: true
      - name: Silent.link
        url: https://silent.link/
        icon: https://silent.link/static/favicon/apple-icon-114x114.png
        description: |
          Anonymous eSIM for sending / receiving SMS, incoming calls and 4G / 5G internet
          + world-wide roaming. No data is required at sign-up. Affordable pricing, with
          payments and top-ups accepted in BTC. Requires an eSim-compatible device.

      - name: Crypton.sh
        url: https://crypton.sh/
        icon: https://crypton.sh/assets/shared/icons/favicon-32x32.png
        github: rinzlerch/user-encryption-wrapper
        description: |
          Physical SIM card in the cloud, for sending + receiving SMS messages. Messages
          are encrypted using your chosen private key. Includes a web interface, as well
          as an API for interacting with it from any device. Pricing is around €7.00/month,
          and payment is accepted in BTC, XMR or credit card.

      - name: Jmp.chat
        url: https://jmp.chat/
        icon: https://jmp.chat/static/jmp.svg
        androidApp: com.cheogram.android.playstore
        description: |
          Phone number for incoming + outgoing calls and messages, provided by Soprani.
          Works with Jabber, Matrix, Snikket, XMPP or any SIP client. Pricing starts at
          $4.99 / month. Only available in the US and Canada (as of 2024).
          See alternate instances at [soprani.ca](https://soprani.ca/)

      - name: MoneroSMS
        url: https://monerosms.com
        icon: https://i.ibb.co/Dgwr4Z0/monero-sms.png
        description: |
          Anonymous SMS service able to activate accounts. Accessible over web, CLI, or
          email. Pricing starts at $3.60 / month. The service is in beta as of 2022.

    ################################
    ###### Team Collaboration ######
    ################################
    - name: Team Collaboration
      alternativeTo: ['slack', 'microsoft teams', 'google chat', 'discord', 'asana', 'trello', 'basecamp']
      intro: >
        Now more than ever we are relying on software to help with team collaboration.
        Unfortunately many popular options, such as
        [Slack](https://www.wired.co.uk/article/slack-privacy-settings-notifications),
        [Microsoft Teams](https://www.wired.co.uk/article/microsoft-teams-meeting-data-privacy),
        [Google for Work](https://www.wired.com/story/google-tracks-you-privacy/) and
        [Discord](https://cybernews.com/privacy/discord-privacy-tips-that-you-should-use-in-2020/)
        all come with some serious privacy implications.<br>
        Typical features of team collaboration software includes:
        instant messaging, closed and open group messaging, voice and video conference calling,
        file sharing/ file drop, and some level or scheduling functionality.
      services:
      - name: Rocket.Chat
        url: https://rocket.chat
        github: RocketChat/Rocket.Chat
        tosdrId: 6533
        icon: https://play-lh.googleusercontent.com/wGn6UxVJUVWBOEAR_864Y_TG42iCsr8Ls3xmLoT4oOimSo6lk2_2gfBATqNDNmArKzQ
        openSource: true
        iosApp: https://apps.apple.com/us/app/rocket-chat/id1148741252
        androidApp: chat.rocket.android
        description: |
          Easy-to-deploy, self-hosted team collaboration platform with stable, feature-rich
          cross-platform client apps. The UI is fast, good looking and intuitive, so very
          little technical experience is needed for users of the platform. Rocket.Chat's
          feature set is similar to Slack's, making it a good replacement for any team
          looking to have greater control over their data.

      - name: RetroShare
        url: https://retroshare.cc/
        icon: https://retroshare.cc/img/retroshare-symbol.png
        github: RetroShare/RetroShare
        openSource: true
        description: |
          Secure group communications, with the option to be used over Tor or I2P. Fast
          intuitive group and 1-to-1 chats with text and rich media using decentralized
          chat rooms, with a mail feature for delivering messages to offline contacts.
          A channels feature makes it possible for members of different teams to stay
          up-to-date with each other, and to share files. Also includes built-in forums,
          link aggregations, file sharing and voice and video calling. RetroShare is a
          bit more complex to use than some alternatives, and the UI is quite *retro*,
          so may not be appropriate for a non-technical team.

      - name: Element
        url: https://element.io/
        github: element-hq/element-web
        tosdrId: 2498
        icon: https://element.io/images/favicon.png
        iosApp: https://apps.apple.com/us/app/element-messenger/id1083446067
        androidApp: im.vector.app
        description: |
          Privacy-focused messenger using the Matrix protocol. The Element client allows
          for group chat rooms, media sharing voice and video group calls.

      - name: Internet Relay Chat
        icon: https://www.dlf.pt/dfpng/middlepng/60-606143_internet-relay-chat-irc-logo-hd-png-download.png
        openSource: true
        url: https://en.wikipedia.org/wiki/IRC
        description: |
          An IRC-based solution is another option, being decentralized there is no point
          of failure, and it's easy to self-host. However it's important to keep security
          in mind while configuring your IRC instance and ensure that channels are properly
          encrypted - IRC tends to be better for open communications. There's a variety of
          clients to choose from - popular options include: The Longe (Web-based), HexChat
          (Linux), Pidgin (Linux), WeeChat (Linux, terminal-based), IceChat (Windows),
          XChat Aqua (MacOS), Palaver (iOS) and Revolution (Android).

      - name: Mattermost
        url: https://mattermost.org/
        github: mattermost/mattermost
        tosdrId: 2994
        icon: https://avatars.githubusercontent.com/u/9828093
        androidApp: com.mattermost.rn
        iosApp: https://apps.apple.com/us/app/mattermost/id1257222717
        description: |
          Mattermost has an open source edition, which can be self-hosted. It makes a good
          Slack alternative, with native desktop, mobile and web apps and a wide variety of
          integrations.

      notableMentions: >
        Some chat platforms allow for cross-platform group chats, voice and video
        conferencing, but without the additional collaboration features.
        For example, [Tox](https://tox.chat/), [Session](https://getsession.org/),
        [Ricochet](https://ricochet.im/), [Mumble](https://www.mumble.info/)
        and [Jami](https://jami.net/).<br>
        For Conferences, [OSEM](https://osem.io) is an open source all-in-one
        conference management tool, providing Registration, Schedules, Live and
        Recorded Sessions, Paper Submissions, Marketing Pages and Administration.

  - name: Security Tools
    sections:
    ################################
    ###### Browser Extensions ######
    ################################
    - name: Browser Extensions
      intro: >
        The following browser add-ons give you better control over what content
        is able to be loaded and executed while your browsing.<br>
        Before installing anything, you should read the Word of Warning section below.
      services:
      - name: Privacy Badger
        url: https://privacybadger.org/
        icon: https://i.ibb.co/8Y1ds5X/privacy-badger.png
        github: EFForg/privacybadger
        tosdrId: 682
        openSource: true
        description: |
          Blocks invisible trackers, in order to stop advertisers and other third-parties
          from secretly tracking where you go and what pages you look at. **Download**:
          [Chrome](https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp) -
          [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/privacy-badger17/)

      - name: uBlock Origin
        url: https://ublockorigin.com
        tosdrId: 682
        github: gorhill/uBlock
        icon: https://raw.githubusercontent.com/gorhill/uBlock/master/src/img/ublock.svg
        description: |
          Block ads, trackers and malware sites. **Download**:
          [Chrome](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en-GB) -
          [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/)

      - name: ScriptSafe
        url: https://www.andryou.com/scriptsafe
        github: andryou/scriptsafe
        icon: https://lh3.googleusercontent.com/c5co_NoLmEt48VC_yVp0JgKcgd83yiq_CdekGaOlBBfD5WII5mjxngERgikcQd4P56uoX9epiknU5ktXadPqj2EEVsE
        description: |
          Allows you to block the execution of certain scripts. **Download**:
          [Chrome](https://chromewebstore.google.com/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf) -
          [Opera](https://addons.opera.com/en/extensions/details/scriptsafe-2/)

      - name: Firefox Multi-Account Containers
        github: mozilla/multi-account-containers
        icon: https://addons.mozilla.org/user-media/addon_icons/782/782160-64.png
        url: https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
        description: |
          Firefox Multi-Account Containers lets you keep parts of your online life separated into
          color-coded tabs that preserve your privacy. Cookies are separated by container, allowing
          you to use the web with multiple identities or accounts simultaneously. **Download**:
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/)

      - name: WebRTC-Leak-Prevent
        url: https://diafygi.github.io/webrtc-ips
        github: aghorler/WebRTC-Leak-Prevent
        icon: https://lh3.googleusercontent.com/n4XZC3SfmhMnrIwR1256Cmx5d51OaJImxBtJqaTQnNuWD7xqAgGI2LmAXQk6O1CffLzFNSiTqIO-ZxMCJIGTuKcG=s60
        description: |
          Provides user control over WebRTC privacy settings in Chromium, in order to prevent WebRTC leaks.
          **Download**: [Chrome](https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml?hl=en-GB).
          For Firefox users, you can do this through [browser settings](https://www.privacytools.io/browsers/#webrtc).
          Test for WebRTC leaks, with [browserleaks.com/webrtc](https://browserleaks.com/webrtc)

      - name: Canvas Fingerprint Blocker
        url: https://add0n.com/canvas-fingerprint-blocker.html
        icon: https://cdn.webextension.org/icons/canvas-fingerprint-blocker128.png
        github: joue-quroi/canvas-fingerprint-blocker
        description: |
          Block fingerprint without removing access to HTML5 Canvas element. Canvas fingerprinting is
          commonly used for tracking, this extension helps to mitigate this through disallowing the browser
          to generate a true unique key **Download**: [Chrome](https://chrome.google.com/webstore/detail/canvas-blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd) -
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/canvas-blocker-no-fingerprint/) -
          [Edge](https://microsoftedge.microsoft.com/addons/detail/ahiddppepedlomdleppkbljnmkchlmdc)

      - name: ClearURLs
        url: https://gitlab.com/KevinRoebert/ClearUrls
        icon: https://addons.mozilla.org/user-media/addon_icons/839/839767-64.png
        openSource: true
        tosdrId: 7192
        github: ClearURLs/Addon
        description: |
          This extension will automatically remove tracking elements from the GET parameters of URLs to
          help protect some privacy **Download**: [Chrome](https://chrome.google.com/webstore/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk) -
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/clearurls/) / [Source](https://gitlab.com/KevinRoebert/ClearUrls)

      - name: CSS Exfil Protection
        url: https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
        icon: https://www.mike-gualtieri.com/favicon.ico
        github: mlgualtieri/CSS-Exfil-Protection
        description: |
          Sanitizes and blocks any CSS rules which may be designed to steal data, in order to guard against
          Exfil attacks **Download**: [Chrome](https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo) -
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection/) - [Source](https://github.com/mlgualtieri/CSS-Exfil-Protection)

      - name: First Party Isolation
        url: https://github.com/mozfreddyb/webext-firstpartyisolation
        github: mozfreddyb/webext-firstpartyisolation
        icon: https://addons.mozilla.org/user-media/addon_icons/865/865865-64.png?modified=1520892249
        description: |
          Enables the First Party isolation preference (Clicking the Fishbowl icon temporarily disables it)
          **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/first-party-isolation/)

      - name: Privacy-Oriented Origin Policy
        url: https://claustromaniac.github.io/poop
        github: claustromaniac/poop
        icon: https://addons.mozilla.org/user-media/addon_icons/1012/1012731-64.png?modified=e97aa3af
        description: |
          Prevent Firefox from sending Origin headers when they are least likely to be necessary, to protect
          your privacy **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/privacy-oriented-origin-policy/) -
          [Source](https://github.com/claustromaniac/poop)

      - name: LocalCDN
        url: https://www.localcdn.org/
        icon: https://codeberg.org/repo-avatars/5014-6cc14ee9c85003bda3adb1d71762c306
        openSource: true
        description: |
          Emulates remote frameworks (e.g. jQuery, Bootstrap, Angular) and delivers them as local resource.
          Prevents unnecessary 3rd party requests to tracking CDNs **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/localcdn-fork-of-decentraleyes/)

      - name: Decentraleyes
        url: https://decentraleyes.org
        icon: https://addons.mozilla.org/user-media/addon_icons/521/521554-64.png
        openSource: true
        description: |
          Similar to LocalCDN, Serves up local versions of common scripts instead of calling to 3rd-party CDN.
          Improves privacy and load times. Works out-of-the-box and plays nicely with regular content blockers.
          **Download**: [Chrome](https://chrome.google.com/webstore/detail/decentraleyes/ldpochfccmkkmhdbclfhpagapcfdljkj) -
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes) -
          [Opera](https://addons.opera.com/en/extensions/details/decentraleyes) -
          [Pale Moon](https://addons.palemoon.org/addon/decentraleyes) -
          [Source](https://git.synz.io/Synzvato/decentraleyes)

      - name: Privacy Essentials
        url: https://duckduckgo.com/app
        github: duckduckgo/duckduckgo-privacy-extension
        openSource: true
        tosdrId: 222
        icon: https://avatars.githubusercontent.com/u/342708
        description: |
          Simple extension by DuckDuckGo, which grades the security of each site. **Download**:
          [Chrome](https://chrome.google.com/webstore/detail/duckduckgo-privacy-essent/bkdgflcldnnnapblkhphbgpggdiikppg?hl=en-GB) \
          [Firefox](https://addons.mozilla.org/en-GB/firefox/addon/duckduckgo-for-firefox/)

      - name: Privacy Redirect
        url: https://github.com/SimonBrazell/privacy-redirect
        github: SimonBrazell/privacy-redirect
        icon: https://lh3.googleusercontent.com/pC5a_u12RlaLQhJ-5Jz87rtju2s0tCksUfZHvr3JYzAaiYZJfJapmuftodT7wuAedFOHtgxR2BGh_GmKijgiK5bJyA
        description: |
          A simple web extension that redirects Twitter, YouTube, Instagram & Google Maps requests to privacy friendly alternatives
          **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/privacy-redirect/) - [Chrome](https://chrome.google.com/webstore/detail/privacy-redirect/pmcmeagblkinmogikoikkdjiligflglb)

      - name: User Agent Switcher
        url: https://add0n.com/useragent-switcher.html
        icon: https://i.ibb.co/hyb1SGK/useragent-switcher128.png
        github: ray-lothian/UserAgent-Switcher
        description: |
          Spoofs browser's User-Agent string, making it appear that you are on a different device, browser and version to
          what you are actually using. This alone does very little for privacy, but combined with other tools, can allow you
          to keep your fingerprint changing, and feed fake info to sites tracking you. Some websites show different content,
          depending on your user agent. **Download**:
          [Chrome](https://chrome.google.com/webstore/detail/user-agent-switcher/bhchdcejhohfmigjafbampogmaanbfkg) -
          [Firefox](https://addons.mozilla.org/firefox/addon/user-agent-string-switcher/) -
          [Edge](https://microsoftedge.microsoft.com/addons/detail/cnjkedgepfdpdbnepgmajmmjdjkjnifa) -
          [Opera](https://addons.opera.com/extensions/details/user-agent-switcher-8/) -
          [Source](https://github.com/ray-lothian/UserAgent-Switcher/)

      - name: PrivacySpy
        url: https://privacyspy.org
        github: politiwatch/privacyspy
        tosdrId: 4346
        icon: https://privacyspy.org/static/img/favicon-32x32.png
        description: |
          The companion extension for PrivacySpy.org - an open project that rates, annotates, and archives privacy policies.
          The extension shows a score for the privacy policy of the current website. **Download**:
          [Chrome](https://chrome.google.com/webstore/detail/privacyspy/ppembnadnhiknioggbglgiciihgmkmnd) -
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/privacyspy/)

      - name: HTTPZ
        url: https://github.com/claustromaniac/httpz
        github: claustromaniac/httpz
        icon: https://addons.mozilla.org/user-media/addon_icons/1018/1018256-64.png?modified=9b273331
        description: |
          Simplified HTTPS upgrades for Firefox (lightweight alternative to HTTPS-Everywhere) **Download**:
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/httpz/)

      - name: Skip Redirect
        url: https://github.com/sblask/webextension-skip-redirect
        github: sblask/webextension-skip-redirect
        icon: https://addons.mozilla.org/user-media/addon_icons/642/642100-64.png?modified=1597226821
        description: |
          Some web pages use intermediary pages before redirecting to a final page. This add-on tries to extract the final url
          from the intermediary url and goes there straight away if successful **Download**:
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/skip-redirect/) -
          [Source](https://github.com/sblask/webextension-skip-redirect)

      - name: Web Archives
        icon: https://i.imgur.com/H9zwf8l.png
        url: https://github.com/dessant/web-archives
        github: dessant/web-archives
        description: |
          View archived and cached versions of web pages on 10+ search engines, such as the Wayback Machine, Archive.is, Google etc
          Useful for checking legitimacy of websites, and viewing change logs **Download**:
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/view-page-archive/) -
          [Chrome](https://chrome.google.com/webstore/detail/web-archives/hkligngkgcpcolhcnkgccglchdafcnao) -
          [Edge](https://microsoftedge.microsoft.com/addons/detail/apcfghlggldjdjepjnahfdjgdcdekhda) -
          [Source](https://github.com/dessant/web-archives)

      - name: Flagfox
        url: https://flagfox.wordpress.com/
        icon: https://flagfox.files.wordpress.com/2014/02/flagfoxlogowithname1.png
        tosdrId: 6150
        description: |
          Displays a country flag depicting the location of the current website's server, which can be useful to know at a glance.
          Click icon for more tools such as site safety checks, whois, validation etc **Download**:
          [Firefox](https://addons.mozilla.org/en-US/firefox/addon/flagfox/)
      
      - name: Lightbeam
        url: https://mozilla.github.io/lightbeam/
        github: mozilla/lightbeam-we
        icon: https://mozilla.github.io/lightbeam/img/lightbeam_logo-only_32x32.png
        description: >
          Visualize in detail the servers you are contacting when you are surfing on the Internet.
          Created by Gary Kovacs (former CEO of Mozilla), presented in his [TED Talk](https://www.ted.com/talks/gary_kovacs_tracking_our_online_trackers).
          **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/lightbeam-3-0/)
          - [Source](https://github.com/mozilla/lightbeam-we)

      - name: Track Me Not
        url: http://trackmenot.io
        github: vtoubiana/TrackMeNot
        icon: https://static.wixstatic.com/media/654565_824403a4d02548d783f8ca81f9e6bf48~mv2.png/v1/fill/w_268,h_264,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/Logo_Button_TMN.png
        description: >
          Helps protect web searchers from surveillance and data-profiling, through creating
          meaningless noise and obfuscation, outlined in their [whitepaper](http://trackmenot.io/resources/trackmenot2009.pdf).
          Controversial whether or not this is a good approach **Download**: [Firefox](https://addons.mozilla.org/en-US/firefox/addon/trackmenot/) -
          [Source](https://github.com/vtoubiana/TrackMeNot)

      - name: AmIUnique Timeline
        url: https://amiunique.org/timeline
        icon: https://amiunique.org/favicon.ico
        tosdrId: 4202
        description: >
          Enables you to better understand the evolution of browser fingerprints (which is what
          websites use to uniquely identify and track you). **Download**: [Chrome](https://chrome.google.com/webstore/detail/amiunique/pigjfndpomdldkmoaiiigpbncemhjeca)
          - [Firefox](https://addons.mozilla.org/en-US/firefox/addon/amiunique)

      - name: Netcraft Extension
        url: https://www.netcraft.com/apps/browser
        icon: https://lh3.googleusercontent.com/c78SvSl7OD2thLmgX5irlo1tvxGVtkziKTKmp7VByjvvrw2czkP2cFbbRASmopQBV9-PpNBD_NOqt8WIC4JVc0WB3A=s60
        description: >
          Notifies you when visiting a known or potential phishing site, and detects suspicious
          JavaScript (including skimmers and miners). Also provides a simple rating for a given
          site's legitimacy and security. Great for less technical users. Netcraft also has a
          handy online tool: [Site Report](https://sitereport.netcraft.com/) for checking what
          any given website is running. **Download**: [Chrome](https://chrome.google.com/webstore/detail/netcraft-anti-phishing-ex/bmejphbfclcpmpohkggcjeibfilpamia)
          \ [Firefox](https://addons.mozilla.org/en-us/firefox/addon/netcraft-toolbar?src=external-apps-hero)
          \ [Opera](https://addons.opera.com/en/extensions/details/netcraft-anti-phishing-extension/)
          \ [Edge](https://microsoftedge.microsoft.com/addons/detail/netcraft-extension/ngjhgbnmdjjnmejmpamalgnlnmopllkm)

      - name: HTTPS Everywhere
        url: https://eff.org/https-everywhere
        github: EFForg/https-everywhere
        tosdrId: 682
        description: |
          **NOTE** On modern browsers, this is [no longer needed](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere)
          Forces sites to load in HTTPS, in order to encrypt your communications with websites,
          making your browsing more secure (Similar to [Smart HTTPS](https://mybrowseraddon.com/smart-https.html)).
          Note this functionality is now included by default in most modern browsers. **Download**:
          [Chrome](https://www.eff.org/https-everywhere) \
          [Firefox](https://www.eff.org/files/https-everywhere-latest.xpi)

      notableMentions:
      - name: Extension source viewer
        url: https://addons.mozilla.org/en-US/firefox/addon/crxviewer
        description: >
          A handy extension for viewing the source code of another browser extension,
          which is a useful tool for verifying the code does what it says 
      wordOfWarning: |
        - Having many extensions installed raises entropy, causing your fingerprint to be more unique, hence making tracking easier.
        - Much of the functionality of the above addons can be applied without installing anything, by configuring browser settings yourself. For Firefox this is done in the user.js
        - Be careful when installing unfamiliar browser add-ons, since some can compromise your security and privacy. At the time of writing, the above list were all open source, verified and 'safe' extensions.
        - In most situations, only a few of the above extensions will be needed in combination.
        - See the [arkenfox wiki](https://github.com/arkenfox/user.js/wiki/4.1-Extensions) for more information on the obsolescence and purposelessness of many popular extensions, and why you may only need a very limited set.



    #########################
    ###### Mobile Apps ######
    #########################
    - name: Mobile Apps
      services:
      - name: Orbot
        url: https://support.torproject.org/glossary/orbot/
        github: guardianproject/orbot
        icon: https://play-lh.googleusercontent.com/dIIbpr1fh-w7ykJJmfLyu6UH1HJ8bpFKEmyUlKqYHSEinG8v_B7mlqgeTzlFRhs0Uw=s48
        description: |
          System-wide Tor proxy, which encrypts your connection through multiple nodes.
          You can also use it alongside Tor Browser to access .onion sites.

      - name: NetGuard
        url: https://netguard.me/
        github: M66B/NetGuard
        icon: https://play-lh.googleusercontent.com/XEd1PsXgOSNNpD2hlZMvigIOJ9e5JCL2KhCJ4X984Az5EFw6YiecDebqdsZ12VNU2kPu=w240-h480
        androidApp: org.torproject.android
        description: |
          A firewall app for Android, which does not require root. NetGuard provides simple
          and advanced ways to block access to the internet, where applications and addresses
          can individually be allowed or denied access to your Wi-Fi and/or mobile connection.

      - name: Island
        url: https://island.oasisfeng.com/
        github: oasisfeng/island
        icon: https://play-lh.googleusercontent.com/ywvaxXcH90yttClJvgHR5UsfDnGS_YNtFiW6fQJm1p7_6HX9Dbn0v2J9gIzOOKFYQOnA=w240-h480
        androidApp: com.oasisfeng.island
        description: |
          A sandbox environment, allowing you to clone selected apps and run them in an isolated
          box, preventing it from accessing your personal data, or device information.

      - name: Insular
        url: https://gitlab.com/secure-system/Insular
        github: oasisfeng/island
        icon: https://gitlab.com/uploads/-/system/project/avatar/18237274/ic_launcher-playstore.png?width=48
        description: |
          An actively-maintained fork of the Island project with additional enhancements

      - name: Exodus
        url: https://exodus-privacy.eu.org/en/page/what/#android-app
        icon: https://exodus-privacy.eu.org/img/favicons/apple-touch-icon.png
        tosdrId: 3843
        androidApp: org.eu.exodus_privacy.exodusprivacy
        description: |
          Shows which trackers, each of your installed apps is using, so that you can better
          understand how your data is being collected. Uses data from the Exodus database of scanned APKs.

      - name: Bouncer
        url: https://play.google.com/store/apps/details?id=com.samruston.permission
        icon: https://play-lh.googleusercontent.com/QbgM-Vgqp32sNMgwC0kD4kJW3YVp7xiPcVIHNcbSQgrkTIDqSfTqSBXKEvoZ9SNSjxw=w240-h480
        androidApp: com.samruston.permission
        description: |
          Gives you the ability to grant permissions temporarily, so that you could for example
          use the camera to take a profile picture, but when you close the given app, those permissions
          will be revoked.

      - name: XPrivacyLua
        url: https://lua.xprivacy.eu/
        icon: https://raw.githubusercontent.com/M66B/XPrivacyLua/master/app/src/main/ic_launcher-web.png
        github: M66B/XPrivacyLua
        description: |
          Simple to use privacy manager for Android, that enables you to feed apps fake data when
          they request intimate permissions. Solves the problem caused by apps malfunctioning when
          you revoke permissions, and protects your real data by only sharing fake information. Enables
          you to hide call log, calendar, SMS messages, location, installed apps, photos, clipboard,
          network data plus more. And prevents access to camera, microphone, telemetry, GPS and other sensors.

      - name: SuperFreezZ
        url: https://superfreezz.gitlab.io/
        icon: https://f-droid.org/repo/icons-640/superfreeze.tool.android.1000.png
        description: |
          Makes it possible to entirely freeze all background activities on a per-app basis.
          Intended purpose is to speed up your phone, and prolong battery life, but this app is
          also a great utility to stop certain apps from collecting data and tracking your actions
          while running in the background. See on [F-Droid](https://f-droid.org/en/packages/superfreeze.tool.android)

      - name: Haven
        url: https://guardianproject.github.io/haven/
        icon: https://play-lh.googleusercontent.com/PdE-P3oTwa6fFKqQrSuYS1S7Aa_bIq-GECLhj8kvTzXdSc6S_hUtW2hUx0aCP-3h0pQ=w240-h480
        github: guardianproject/haven
        androidApp: org.havenapp.main
        tosdrId: 682
        description: |
          Allows you to protect yourself, your personal space and your possessions - without
          compromising on security. Leveraging device sensors to monitor nearby space, Haven was
          developed by The Guardian Project, in partnership with Edward Snowden.

      - name: Secure Task
        url: https://play.google.com/store/apps/details?id=com.balda.securetask
        icon: https://play-lh.googleusercontent.com/Xb_KbjGC3J8xrj1QmZqYhUq1A6aww5ikFuXfCqJonww-vz38y6xUjHzvH65AGrQU9P4=s48
        androidApp: com.balda.securetask
        description: |
          Triggers actions, when certain security conditions are met, such as multiple failed login
          attempts or monitor settings changed. It does require Tasker, and needs to be set up with
          ADB, device does not need to be rooted.

      - name: Cryptomator
        url: https://cryptomator.org/android/
        icon: https://avatars.githubusercontent.com/u/11850518?s=200&v=4
        github: cryptomator/android
        androidApp: org.cryptomator
        iosApp: https://apps.apple.com/us/app/cryptomator/id1560822163
        tosdrId: 4403
        description: |
          Encrypts files and folders client-side, before uploading them to cloud storage (such as Google
          Drive, One Drive or Dropbox), meaning none of your personal documents leave your device in plain text.

      - name: 1.1.1.1
        url: https://1.1.1.1/
        icon: https://1.1.1.1/favicon.ico
        tosdrId: 893
        iosApp: https://apps.apple.com/us/app/1-1-1-1-faster-internet/id1423538627
        androidApp: com.cloudflare.onedotonedotonedotone
        description: |
          Lets you use CloudFlares fast and secure 1.1.1.1 DNS, with DNS over HTTPS, and also has the option
          to enable CloudFlares WARP+ VPN.

      - name: Fing App
        icon: https://avatars.githubusercontent.com/u/62335928?s=200&v=4
        url: https://www.fing.com/products/fing-app
        androidApp: com.overlook.android.fing
        iosApp: https://apps.apple.com/us/app/fing-network-scanner/id430921107
        description: |
          A network scanner to help you monitor and secure your WiFi network. The app is totally free,
          but to use the advanced controls, you will need a Fing Box.

      - name: DPI Tunnel
        github: nomoresat/DPITunnel-android
        icon: https://raw.githubusercontent.com/nomoresat/DPITunnel-android/main/assets/logo.webp
        url: https://f-droid.org/packages/ru.evgeniy.dpitunnelcli/
        description: |
          An application for Android that uses various techniques to bypass DPI (Deep Packet Inspection)
          systems, which are used to block some sites (not available on Play store).

      - name: Blokada
        url: https://blokada.org/
        icon: https://blokada.org/favicon.png
        github: blokadaorg/blokada
        androidApp: org.blokada.sex
        iosApp: https://apps.apple.com/us/app/blokada/id1508341781
        tosdrId: 8557
        description: |
          This application blocks ads and trackers, doesn't require root and works for all the apps on your
          Android phone. Check out how it works here.

      - name: SnoopSnitch
        url: https://opensource.srlabs.de/projects/snoopsnitch
        github: srlabs/snoopsnitch
        icon: https://f-droid.org/repo/icons-640/de.srlabs.snoopsnitch.50.png
        androidApp: de.srlabs.snoopsnitch
        description: |
          Collects and analyzes mobile radio data to make you aware of your mobile network security and to
          warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates.
          Get from [F-Droid](https://f-droid.org/en/packages/de.srlabs.snoopsnitch/)

      - name: TrackerControl
        url: https://trackercontrol.org/
        github: TrackerControl/tracker-control-android
        icon: https://trackercontrol.org/images/logo.png
        androidApp: net.kollnig.missioncontrol.play
        description: |
          Monitor and control hidden data collection in mobile apps about user behavior/ tracking.
          Get from [F-Droid](https://f-droid.org/en/packages/net.kollnig.missioncontrol.fdroid/)

      - name: Greentooth
        url: https://gitlab.com/nbergman/greentooth
        icon: https://f-droid.org/repo/com.smilla.greentooth/en-US/icon_8WaREJ2f7uFLdL9QGDL4xSqsIRB7wgdwv9BY_ET0WEg=.png
        description: |
          Auto-disable Bluetooth, then it is not being used. Saves battery, and prevent some security risks.
          Get from [F-Droid](https://f-droid.org/en/packages/com.smilla.greentooth/)

      - name: PrivateLock
        url: https://github.com/wesaphzt/privatelock
        github: wesaphzt/privatelock
        icon: https://f-droid.org/repo/com.wesaphzt.privatelock/en-US/icon_c5gFGZ7VhAR-kLihEfLVrStxIushKtWADc7pR1hQ6b4=.png
        description: |
          Auto lock your phone based on movement force/ acceleration.
          Get from [F-Droid](https://f-droid.org/en/packages/com.wesaphzt.privatelock/)
          See also [PluckLock](https://github.com/SyntaxBlitz/PluckLock)

      - name: CamWings
        url: https://schiffer.tech/camwings-mobile.html
        icon: https://schiffer.tech/img/logo.png
        openSource: false
        androidApp: com.schiffertech.camwings
        description: |
          Prevent background processes gaining unauthorized access to your devices camera. Better still,
          use a webcam sticker.

      - name: ScreenWings
        url: https://schiffer.tech/screenwings-mobile.html
        icon: https://schiffer.tech/img/logo.png
        openSource: false
        androidApp: com.schiffertech.screenwings
        description: |
          Prevent background processes taking unauthorized screenshots, which could expose sensitive data.

      - name: AFWall+
        url: https://github.com/ukanth/afwall/
        github: ukanth/afwall
        icon: https://play-lh.googleusercontent.com/LGMnS6aiFUxTLMlDQ4VYaJG0V2lY3lr_ru9QZ3OiCp-YZlsCz3F_v0oWQnqrN-giBA=s48
        androidApp: dev.ukanth.ufirewall
        description: |
          Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices,
          which provides very fine-grained control over which Android apps are allowed to access the network.
          Get from [F-Droid](https://f-droid.org/packages/dev.ukanth.ufirewall/)

      - name: Catch the Man-in-the-Middle
        url: https://play.google.com/store/apps/details?id=me.brax.certchecker
        icon: https://play-lh.googleusercontent.com/hMhLdDNBR_rBIDctJ5yCPbyPy0fi_6FHp9MdgaOIPPedyqgwr6tsZq_AO3W1z4Zb8HJ_=w240-h480
        androidApp: me.brax.certchecker
        description: |
          Simple tool, that compares SHA-1 fingerprints of the the SSL certificates seen from your device,
          and the certificate seen from an external network. If they do not match, this may indicate a
          man-in-the-middle modifying requests.

      - name: RethinkDNS & Firewall
        url: https://rethinkdns.com
        github: celzero/rethink-app
        tosdrId: 4691
        icon: https://f-droid.org/repo/com.celzero.bravedns/en-US/icon_AwgyVcHjczoaNxANCvUeSJrEfOWsIIeIpCgBaUKoXuY=.png
        androidApp: com.celzero.bravedns
        description: |
          An open-source ad-blocker and firewall app for Android 6+ (does not require root).

      - name: F-Droid
        url: https://f-droid.org/
        openSource: true
        tosdrId: 2182
        icon: https://f-droid.org/assets/apple-touch-icon_ypJwtCrcixeH_qV6LdcMYk1anFIR9o-_ufR__1wNdJY=.png
        description: |
          F-Droid is an installable catalogue of FOSS applications for Android. The client enables you
          to browse, install, and keep track of updates on your device.

      wordOfWarning: |
        Too many installed apps will increase your attack surface - only install applications that you need.
        Be sure to check the permissions, and what data an app has access to prior to installation.
        Only install from official sources.
      notableMentions: |
        For more open source security & privacy apps, check out these publishers:
        [The Guardian Project](https://guardianproject.info) ([Play Store](https://play.google.com/store/apps/dev?id=6502754515281796553), [F-Droid](https://search.f-droid.org/?q=guardianproject)),
        [The Tor Project](https://www.torproject.org/) ([Play Store](https://play.google.com/store/apps/developer?id=The+Tor+Project), [F-Droid](https://search.f-droid.org/?q=torproject)),
        [Oasis Feng](https://github.com/oasisfeng) ([Play Store](https://play.google.com/store/apps/dev?id=7664242523989527886)),
        [FairCode (Marcel Bokhorst)](https://www.faircode.eu/) ([Play Store](https://play.google.com/store/apps/dev?id=8420080860664580239), [F-Droid](https://search.f-droid.org/?q=faircode)),
        [SECUSO Research Group](https://secuso.aifb.kit.edu/english/105.php) ([Play Store](https://play.google.com/store/apps/developer?id=SECUSO+Research+Group&hl=en_US), [F-Droid](https://search.f-droid.org/?q=secuso)),
        and [Fossify](https://www.fossify.org) ([Play Store](https://play.google.com/store/apps/dev?id=9070296388022589266), [F-Droid](https://search.f-droid.org/?q=fossify)) -
        all of which are trusted developers or organisations, who've done amazing work.

        For offensive and defensive security, see
        The Kali [Nethunter Catalogue](https://store.nethunter.com/en/packages) of apps

        For *advanced* users, the following tools can be used to closely monitor
        your devise and networks, in order to detect any unusual activity.
        [PortDroid] for network analysis, [Packet Capture] to monitor network
        traffic, [SysLog] for viewing system logs, [Dexplorer] to read .dex or .apk files
        for your installed apps, and [Check and Test] to check status and details of devices hardware.


    ##########################
    ###### Online Tools ######
    ##########################
    - name: Online Tools
      intro: >
        A selection of free online tools and utilities, to check, test and protect your security
      services:
        - name: Have i been pwned
          url: https://haveibeenpwned.com
          icon: https://i.ibb.co/XxmfTyw/haveibeenpwnd.png
          tosdrId: 3435
          description: |
            Checks if your credentials (Email address or Password) have been compromised in a data breach.
            See also Firefox Monitor.

        - name: εxodus
          url: https://reports.exodus-privacy.eu.org
          icon: https://i.ibb.co/Vvq8XrM/Exodus.png
          github: Exodus-Privacy/website
          tosdrId: 3843
          description: |
            Checks how many, and which trackers any Android app has. Useful to understand how data is being
            collected before you install a certain APK, it also shows which permissions the app asks for.

        - name: Am I Unique?
          url: https://amiunique.org/fingerprint
          icon: https://amiunique.org/favicon.ico
          tosdrId: 4202
          description: |
            Show how identifiable you are on the Internet by generating a fingerprint based on device information.
            This is how many websites track you (even without cookies enabled), so the aim is to not be unique.

        - name: Panopticlick
          url: https://panopticlick.eff.org/
          icon: https://coveryourtracks.eff.org/static/favicon.ico
          github: EFForg/cover-your-tracks
          description: |
            Check if your browser safe against tracking. Analyzes how well your browser and add-ons protect you
            against online tracking techniques, and if your system is uniquely configured—and thus identifiable.

        - name: Phish.ly
          url: https://phish.ly/
          icon: https://phish.ly/images/logo.svg
          description: |
            Analyzes emails, checking the URLs and creating a SHA256 and MD5 hash of attachments, with a link to VirusTotal.
            To use the service, just forward a potentially malicious or suspicious email to scan@phish.ly, and an automated
            reply will include the results. They claim that all email data is purged after analysis, but it would be wise to
            not include any sensitive information, and to use a forwarding address.

        - name: Browser Leak Test
          url: https://browserleaks.com
          icon: https://browserleaks.com/favicon.ico
          tosdrId: 7967
          description: |
            Shows which of personal identity data is being leaked through your browser, so you can better protect yourself
            against fingerprinting.

        - name: IP Leak Test
          url: https://ipleak.net
          icon: https://ipleak.net/favicon.ico
          tosdrId: 7968
          description: |
            Shows your IP address, and other associated details (location, ISP, WebRTC check, DNS, and lots more).

        - name: EXIF Remove
          url: https://www.exifremove.com
          icon: https://www.exifremove.com/favicon.ico
          description: |
            Displays, and removes Meta and EXIF data from an uploaded photo or document.

        - name: Redirect Detective
          url: https://redirectdetective.com
          icon: https://redirectdetective.com/redirect-detective.png
          description: |
            Check where a suspicious URL redirects to (without having to click it). Lets you avoid being tracked by not being
            redirected via adware/tracking sites, or see if a shortened link actually resolves a legitimate site, or see if
            link is an affiliate ad.

        - name: Blocked.org
          url: https://www.blocked.org.uk
          icon: https://www.blocked.org.uk/assets/images/blocked/socialmedia/blocked_result.jpg
          description: |
            Checks if a given website is blocked by filters applied by your mobile and broadband Internet Service Providers (ISP).

        - name: Virus Total
          url: https://www.virustotal.com
          icon: https://www.virustotal.com/gui/images/manifest/icon-192x192.png
          tosdrId: 1886
          description: |
            Analyses a potentially-suspicious web resources (by URL, IP, domain or file hash) to detect types of malware
            (*note: files are scanned publicly*).

        - name: Hardenize
          url: https://www.hardenize.com/
          icon: https://www.hardenize.com/favicon/android-chrome-192x192.png
          description: |
            Scan websites and shows a security overview, relating to factors such as HTTPS, domain info, email data, www protocols
            and so on.

        - name: Is Legit?
          url: https://www.islegitsite.com/
          icon: https://www.islegitsite.com/apple-touch-icon.png
          description: |
            Checks if a website or business is a scam, before buying something from it.

        - name: Should I Remove It?
          url: https://www.shouldiremoveit.com
          icon: https://www.shouldiremoveit.com/favicon.ico
          description: |
            Ever been uninstalling programs from your Windows PC and been unsure of what something is? Should I Remove It is a
            database of Windows software, detailing whether it is essential, harmless or dangerous.

        - name: 10 Minute Mail
          url: https://10minemail.com/
          icon: https://10minemail.com/blog/content/images/size/w256h256/2021/05/10min_mobile_icon@2x.png
          tosdrId: 838
          description: |
            Generates temporary disposable email address, to avoid giving your real details.

        - name: MXToolBox Mail Headers
          url: https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx
          icon: https://mxtoolbox.com/favicon.ico
          description: |
            Tool for analyzing email headers, useful for checking the authenticity of messages, as well as knowing what info
            you are revealing in your outbound messages.

        - name: Am I FloCed?
          url: https://amifloced.org/
          icon: https://amifloced.org/favicon.ico
          description: |
            Google testing out a new tracking feature called Federated Learning of Cohorts (aka "FLoC"). It currently effects
            0.5% of Chrome users, this tool developed by the EFF will detect if you are affected, and provide additional info
            on how to stay protected.

        - name: Site Report
          url: https://sitereport.netcraft.com/
          icon: https://static.netcraft.com/images/favicon.ico
          description: |
            A tool from Netcraft, for analysing what any given website is running, where it's located and information about its
            host, registrar, IP and SSL certificates.

      wordOfWarning: >
        Browsers are inherently insecure, be careful when uploading, or entering personal details.


  - name: Networking
    sections:
    ######################################
    ###### Virtual Private Networkd ######
    ######################################
    - name: Virtual Private Networks
      alternativeTo: ['nordvpn', 'expressvpn', 'cyberghost', 'surfshark', 'ipvanish', 'hotspot shield']
      services:
      - name: Mullvad
        url: http://mullvad.net/en
        github: mullvad/mullvadvpn-app
        securityAudited: true
        icon: https://mullvad.net/apple-touch-icon.png
        tosdrId: 641
        androidApp: net.mullvad.mullvadvpn
        iosApp: https://apps.apple.com/us/app/mullvad-vpn/id1488466513
        description: |
          Mullvad is one of the best for privacy, they have a totally anonymous sign up process,
          you don't need to provide any details at all, you can choose to pay anonymously too
          (with Monero, BTC or cash).

      - name: Azire
        url: https://www.azirevpn.com/
        icon: https://www.azirevpn.com/assets/img/apple-icon-57x57.png
        tosdrId: 6639
        openSource: false
        androidApp: com.azirevpn.android
        iosApp: https://apps.apple.com/us/app/azirevpn/id6444623166
        description: |
          Azire is a Swedish VPN provider, who owns their own hardware with physically removed
          storage and a no logging policy. Pricing starts at €3.25/mo, with crypto (including XMR)
          supported. Note that they've not yet been audited, and client applications are not open
          source, for more info, see #140.

      - name: IVPN
        url: https://www.ivpn.net/
        github: ivpn/desktop-app
        openSource: true
        securityAudited: true
        tosdrId: 2748
        icon: https://avatars.githubusercontent.com/u/38857113
        androidApp: net.ivpn.client
        iosApp: https://apps.apple.com/us/app/ivpn-secure-vpn-for-privacy/id1193122683
        description: |
          Independently Security Audited VPN with anonymous signup, no logs, no cloud or customer
          data stored, open-source apps and website. Strong ethics: no trackers, no false promises,
          no surveillance ads. Accepts various payment methods including cryptocurrencies.

      - name: ProtonVPN
        url: https://protonvpn.com
        icon: https://protonvpn.com/favicons/apple-touch-icon.png
        github: ProtonVPN/android-app
        securityAudited: true
        tosdrId: 1745
        iosApp: https://apps.apple.com/us/app/proton-vpn-fast-secure/id1437005085
        androidApp: ch.protonvpn.android
        description: |
          From the creators of ProtonMail, ProtonVPN has a solid reputation. They have a full suite
          of user-friendly native mobile and desktop apps. ProtonVPN is one of the few "trustworthy"
          providers that also offer a free plan.

      - name: OVPN
        url: https://www.ovpn.com
        icon: https://www.ovpn.com/favicon.ico
        tosdrId: 2981
        securityAudited: false
        androidApp: com.ovpn.android
        iosApp: https://apps.apple.com/us/app/ovpn-unlimited-vpn-wifi-proxy/id1520543719
        description: |
          A court-proven VPN service with support for Wireguard and OpenVPN support, and optional
          ad-blocking. Running on dedicated hardware, with no hard drives.

      wordOfWarning: |
        - *A VPN does not make you anonymous - it merely changes your public IP address to that of your VPN provider, instead of your ISP. Your browsing session can still be linked back to your real identity either through your system details (such as user agent, screen resolution even typing patterns), cookies / session storage, or by the identifiable data that you enter. [Read more about fingerprinting](https://pixelprivacy.com/resources/browser-fingerprinting/)*
        - *Logging - If you choose to use a VPN because you do not agree with your ISP logging your full browsing history, then it is important to keep in mind that your VPN provider can see (and mess with) all your traffic. Many VPNs claim not to keep logs, but you cannot be certain of this ([VPN leaks](https://vpnleaks.com/)). See [this article](https://gist.github.com/joepie91/5a9909939e6ce7d09e29) for more*
        - *IP Leaks - If configured incorrectly, your IP may be exposed through a DNS leak. This usually happens when your system is unknowingly accessing default DNS servers rather than the anonymous DNS servers assigned by an anonymity network or VPN. Read more: [What is a DNS leak](https://www.dnsleaktest.com/what-is-a-dns-leak.html), [DNS Leak Test](https://www.dnsleaktest.com), [How to Fix a DNS Leak](https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html)*
        - *Stealth - It will be visible to your adversary that you are using a VPN (usually from the IP address), but other system and browser data, can still reveal information about you and your device (such as your local time-zone, indicating which region you are operating from)*
        - *Many reviews are sponsored, and hence biased. Do your own research, or go with one of the above options*
        - *Using [Tor](https://www.torproject.org) (or another [Mix Network](/5_Privacy_Respecting_Software.md#mix-networks)) may be a better option for anonimity*

      furtherInfo: |
        *While choosing a VPN, consider the following: Logging policy (logs are bad),
        Jurisdiction (avoid 5-eyes), Number of servers, availability and average load.
        Payment method (anonymous methods such as BTC, Monero or cash are better),
        Leak protection (1st-party DNS servers = good, and check if IPv6 is supported),
        protocols (OpenVPN and WireGuard = good). Finally, usability of their apps,
        user reviews and download speeds.*

      notableMentions:
        If you don't trust a VPN provider not to keep logs, then you could self-host your own VPN.
        This gives you you total control, but at the cost of anonymity
        (since your cloud provider, will require your billing info).
        See [Streisand](https://github.com/StreisandEffect/streisand), to learn more, and get started with running a VPN.
        [Digital Ocean](https://m.do.co/c/3838338e7f79) provides flexible,
        secure and easy Linux VMs, (from $0.007/hour or $5/month),
        Here is a [1-click install script](http://dovpn.carlfriess.com/)for 
        on [Digital Ocean](https://m.do.co/c/3838338e7f79), by Carl Friess.

        Recently distributed self-hosted solutions for running your own VPNs have
        become more popular, with services like [Outline](https://getoutline.org/)
        letting you spin up your own instance and share it with friends and family.
        Since it's distributed, it is very resistant to blocking, and gives you
        world-wide access to the free and open internet. And since you have full
        control over the server, you can be confident that there is no logging or monitoring happening.
        However it comes at the cost of anonymity, especially if it's only you using your instance.


    ##################################
    ####### SH Network Security ######
    ##################################
    - name: Self-Hosted Network Security
      intro: >
        Fun little projects that you can run on a Raspberry Pi, or other low-powered computer.
        In order to help detect and prevent threats, monitor network and filter content

      services:
      - name: Pi-Hole
        url: https://pi-hole.net
        github: pi-hole/pi-hole
        tosdrId: 9079
        icon: https://wp-cdn.pi-hole.net/wp-content/uploads/2016/12/cropped-Vortex-R-192x192.png
        description: |
          Network-level advertisement and Internet tracker blocking application which acts as a DNS
          sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware.
          It comes with a nice web interface and a mobile app with monitoring features, it's open
          source, easy to install and very widely used.

      - name: Technitium
        url: https://technitium.com/dns
        icon: https://technitium.com/favicon.ico
        github: TechnitiumSoftware/DnsServer
        description: |
          Another DNS server for blocking privacy-invasive content at its source. Technitium doesn't
          require much of a setup, and basically works straight out of the box, it supports a wide
          range of systems (and can even run as a portable app on Windows). It allows you to do some
          additional tasks, such as add local DNS addresses and zones with specific DNS records.
          Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that
          Pi-Hole provides, and has a significantly smaller community behind it.

      - name: IPFire
        url: https://www.ipfire.org
        github: ipfire/ipfire-2.x
        icon: https://www.ipfire.org/static/img/apple-touch-icon-192x192-precomposed.png
        description: |
          A hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of
          use, high performance and extensibility make it usable for everyone.

      - name: PiVPN
        url: https://pivpn.io
        icon: https://www.pivpn.io/images/pivpnlogo.png
        github: pivpn/pivpn
        description: |
          A simple way to set up a home VPN on any Debian server. Supports OpenVPN and WireGuard
          with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and
          custom DNS providers - works nicely along-side PiHole.

      - name: E2guardian
        url: http://e2guardian.org
        icon: http://e2guardian.org/cms/images/banners/logo-guardian.png
        github: e2guardian/e2guardian
        description: |
          Powerful open source web content filter.

      - name: PF Sense
        url: https://www.pfsense.org
        icon: https://www.pfsense.org/img/apple-touch-icon.png
        github: pfsense/pfsense
        tosdrId: 6291
        description: |
          Widely used, open source firewall/router.

      - name: Zeek
        url: https://www.zeek.org
        github: zeek/zeek
        icon: https://zeek.org/wp-content/uploads/2019/09/favicon.ico
        description: |
          Detect if you have a malware-infected computer on your network, and powerful network
          analysis framework and monitor.

      - name: Firezone
        url: https://www.firezone.dev/
        github: firezone/firezone
        icon: https://www.firezone.dev/favicon.ico
        description: |
          Open-source self-hosted VPN and firewall built on WireGuard®.

    ##########################
    ###### Mix networks ######
    ##########################
    - name: Mix Networks
      services:
      - name: Tor
        url: https://www.torproject.org
        icon: https://www.torproject.org/static/images/favicon/favicon.ico
        github: torproject/tor
        tosdrId: 2845
        description: |
          Tor provides robust anonymity, allowing you to defend against surveillance, circumvent
          censorship and reduce tracking. It blocks trackers, resists fingerprinting and implements
          multi-layered encryption by default, meaning you can browse freely. Tor also allows access
          to OnionLand: hidden services.

      - name: I2P
        url: https://geti2p.net
        icon: https://geti2p.net/_static/favicon.ico
        openSource: true
        description: |
          I2P offers great generic transports, it is well geared towards accessing hidden services,
          and has a couple of technical benefits over Tor: P2P friendly with unidirectional short-lived
          tunnels, it is packet-switched (instead of circuit-switched) with TCP and UDP, and continuously
          profiles peers, in order to select the best performing ones.
          I2P is less mature, but fully-distributed and self-organising, its smaller size means that it
          hasn't yet been blocked or DOSed much.

      - name: Freenet
        url: https://freenetproject.org
        icon: https://www.hyphanet.org/favicon.ico
        github: hyphanet/fred
        description: |
          Freenet is easy to setup, provides excellent friend To Friend Sharing vs I2P, and is great for
          publishing content anonymously. It's quite large in size, and very slow so not the best choice
          for casual browsing.

      notableMentions:
      - name: GNUnet
        url: https://gnunet.org/en
      - name: IPFS
        url: https://ipfs.io
      - name: ZeroNet
        url: https://zeronet.io
      - name: Panoramix
        url: https://panoramix-project.eu
      - name: Nym
        url: https://nymtech.net
      wordOfWarning: |
        To provide low-latency browsing, Tor does not mix packets or generate cover traffic.
        If an adversary is powerful enough, theoretically they could either observe the entire network,
        or just the victims entry and exit nodes. It's worth mentioning, that even though your ISP
        can not see what you are doing, they will be able determine that you are using a mix net,
        to hide this - a VPN could be used as well.
        If you are doing anything which could put you at risk, then good OpSec is essential,
        as the authorities have traced criminals through the Tor network before,
        and [made arrests](https://techcrunch.com/2019/05/03/how-german-and-us-authorities-took-down-the-owners-of-darknet-drug-emporium-wall-street-market).
        Don't let Tor provide you a false sense of security - be aware of information leaks through DNS, other programs or human error.
        Tor-supported browsers may might lag behind their upstream forks, and include exploitable unpatched issues.
        See [#19](https://github.com/Lissy93/personal-security-checklist/issues/19)

        Note: The Tor network is run by the community.
        If you benefit from using it and would like to help sustain uncensored internet access for all,
        consider [running a Tor relay](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide)

      furtherInfo: |
        Tor, I2P and Freenet are all anonymity networks - but they work very differently and each is good for specific purposes.
        So a good and viable solution would be to use all of them, for different tasks.
        *You can read more about how I2P compares to Tor, [here](https://blokt.com/guides/what-is-i2p-vs-tor-browser)*
    
    
    #####################
    ###### Proxies ######
    #####################
    - name: Proxies
      intro: |
        A proxy acts as a gateway between you and the internet, it can be used to
        act as a firewall or web filter, improves privacy and can also be used to
        provide shared network connections and cache data to speed up common requests.
        **Never use a [free](https://whatismyipaddress.com/free-proxies) proxy.**
      services:
      - name: ShadowSocks
        url: https://shadowsocks.org
        github: shadowsocks/shadowsocks-rust
        icon: https://avatars.githubusercontent.com/u/3006190
        description: |
          Secure socks5 proxy, designed to protect your Internet traffic. Open source, superfast,
          cross-platform and easy to deploy, see [GitHub repo](https://github.com/shadowsocks).

      - name: Privoxy
        url: https://www.privoxy.org
        icon: https://www.privoxy.org/images/privoxy.png
        openSource: true
        description: |
          Non-caching web proxy with advanced filtering capabilities for enhancing privacy,
          modifying web page data and HTTP headers, controlling access, and removing ads and
          other obnoxious Internet junk.

      notableMentions: |
        [V2ray-core](https://github.com/v2ray/v2ray-core) is a platform for building
        proxies to bypass network restrictions and protect your privacy.
        See [more](https://github.com/hugetiny/awesome-vpn)
      wordOfWarning: |
        [Malicious Proxies](https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-edward_zaborowski-doppelganger.pdf) are all too common.
        Always use open source software, host it yourself or pay for a reputable cloud service.
        Never use a free proxy; it can monitor your connection, steal cookies and contain malware.
        VPNs are a better option, better still - use the Tor network.

    ###########################
    ###### DNS Providers ######
    ###########################
    - name: DNS Providers
      alternativeTo: ['google dns', 'cloudflare', 'quad9', 'opendns', 'norton connectsafe']
      intro: |
        Without using a secure, privacy-centric DNS all your web requests can be
        seen in the clear. You should configure your DNS queries to be managed by
        a service that respects privacy and supports DNS-over-TLS, DNS-over-HTTPS or DNSCrypt.
      services:
      - name: CloudFlare
        url: https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1
        icon: https://developers.cloudflare.com/assets/icon-512x512-fe4c8fe4.png
        securityAudited: true
        tosdrId: 893
        description: |
          One of the most performant options, Cloudflare's DNS supports DoH and DoT, and has a Tor
          implementation, providing world-class protection. They have native cross-platform apps,
          for easy set-up.

      - name: AdGuard
        url: https://adguard.com/en/adguard-dns/overview.html
        icon: https://cdn.adguard.info/website/adguard-dns.io/favicon.svg
        tosdrId: 2776
        description: |
          Open-source DNS provider, specialising in the blocking of ads, trackers and malicious domains.
          They have been independently audited and do not keep logs.

      - name: NextDNS
        url: https://nextdns.io
        icon: https://nextdns.io/favicon.ico
        tosdrId: 1959
        description: |
          An ad-blocking, privacy-protecting, censorship-bypassing DNS. Also comes with analytics, and
          the ability to shield kids from adult content.
      wordOfWarning: |
        Using an encrypted DNS resolver will not make you anonymous, it just makes
        it harder for third-partied to discover your domain history.
        If you are using a VPN, take a [DNS leak test](https://www.dnsleaktest.com/),
        to ensure that some requests are not being exposed.
      furtherInfo: |
        #### DNS Protocols

        DNS-over-TLS was proposed in [RTC-7858](https://tools.ietf.org/html/rfc7858)
        by the IETF, then 2 years later, the DNS-over-HTTPS specification was outlined
        in [RFC8484](https://tools.ietf.org/html/rfc8484) in October '18.
        [DNSCrypt](https://dnscrypt.info/), is a protocol that authenticates communications
        between a DNS client and a DNS resolver. It prevents DNS spoofing, through
        using cryptographic signatures to verify that responses originate from the
        chosen DNS resolver, and haven't been tampered with. DNSCrypt is a well
        battle-tested protocol, that has been in use since 2013, and is still widely used.
      notableMentions:
      - name: Quad9
        url: https://www.quad9.net
        description: >
          A well-funded, performant DNS with a strong focus on privacy and security
          and easy set-up, however questions have been raised about the motivation
          of some of the financial backers.
      - name: BlahDNS
        url: https://blahdns.com
        description: (Japan, Finland or Germany) is an excellent security-focused DNS
      - name: OpenNIC
        url: https://www.opennic.org/
        description: >
          [NixNet DNS](https://nixnet.services/dns) and [UncensoredDNS](https://blog.uncensoreddns.org)
          are open source and democratic, privacy-focused DNS
      - name: Unbound
        url: https://nlnetlabs.nl/projects/unbound/about
        description: >
          A validating, recursive, caching DNS resolver, designed to be fast and lean.
          Incorporates modern features and based on open standards
      - name: Clean Browsing
        url: https://cleanbrowsing.org
        description: >
          A good option for protecting kids, they offer comprehensive DNS-based Content Filtering
      - name: Mullvad
        url: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls
        description: >
          Mullvads public DNS with QNAME minimization and basic ad blocking.
          It has been audited by the security experts at Assured.
          You can use this privacy-enhancing service even if you don't use Mullvad.
    
    #########################
    ###### DNS Clients ######
    #########################
    - name: DNS Clients
      services:
      - name: DNScrypt-proxy 2
        followWith: Desktop [BSD, Linux, Solaris, Windows, MacOS & Android]
        url: https://dnscrypt.info
        icon: https://dnscrypt.info/favicon.ico
        github: DNSCrypt/dnscrypt-proxy
        description: |
          A flexible DNS proxy, with support for modern encrypted DNS protocols including DNSCrypt V2,
          DNS-over-HTTPS and Anonymized DNSCrypt. Also allows for advanced monitoring, filtering, caching
          and client IP protection through Tor, SOCKS proxies or Anonymized DNS relays.

      - name: Unbound
        url: https://nlnetlabs.nl/projects/unbound
        icon: https://nlnetlabs.nl/extra/favicons/favicon-196x196.png
        github: NLnetLabs/unbound
        tosdrId: 2519
        followWith: Desktop [Linux, Mac, OpenWrt & Windows]
        description: |
          Validating, recursive, caching DNS resolve with support for DNS-over-TLS. Designed to be fast,
          lean, and secure Unbound incorporates modern features based on open standards. It's fully open
          source, and recently audited. (For an in-depth tutorial, see this article by DNSWatch.)

      - name: Nebulo
        github: Ch4t4r/Nebulo
        url: https://nebulo.app
        icon: https://raw.githubusercontent.com/Ch4t4r/Nebulo/master/app/src/main/res/mipmap-xxhdpi/ic_launcher.png
        openSource: true
        followWith: Android
        description: |
          Non-root, small-sized DNS changer utilizing DNS-over-HTTPS and DNS-over-TLS. (Note, since this
          uses Android's VPN API, it is not possible to run a VPN while using Nebulo.)

      - name: RethinkDNS & Firewall
        url: https://rethinkdns.com/app
        github: celzero/rethink-app
        icon: https://rethinkdns.com/ico/app_icon.svg
        followWith: Android
        tosdrId: 4691
        androidApp: com.celzero.bravedns
        description: |
          Free and open source DNS changer with support for DNS-over-HTTPS, DNS-over-Tor, and DNSCrypt v3
          with Anonymized Relays. (Note, since this uses Android's VPN API, it is not possible to run a
          VPN while using RethinkDNS + Firewall.)

      - name: DNS Cloak
        url: https://apps.apple.com/us/app/dnscloak-secure-dns-client/id1452162351
        github: s-s/dnscloak
        followWith: iOS
        icon: https://github.com/s-s/dnscloak/blob/master/src/images/logo.png?raw=true
        description: |
          Simple all that allows for the use for dnscrypt-proxy 2 on an iPhone.

      - name: Stubby
        url: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
        icon: https://dnsprivacy.org/images/favicon.png
        github: getdnsapi/stubby
        followWith: Desktop [Linux, Mac, OpenWrt & Windows]
        description: |
          Acts as a local DNS Privacy stub resolver (using DNS-over-TLS). Stubby encrypts DNS queries sent
          from a client machine (desktop or laptop) to a DNS Privacy resolver increasing end user privacy.
          Stubby can be used in combination with Unbound - Unbound provides a local cache and Stubby manages
          the upstream TLS connections (since Unbound cannot yet re-use TCP/TLS connections),
          see example configuration.


    #######################
    ###### Firewalls ######
    #######################
    - name: Firewalls
      intro: |
        A firewall is a program which monitors the incoming and outgoing traffic
        on your network, and blocks requests based on rules set during its configuration.
        Properly configured, a firewall can help protect against attempts to
        remotely access your computer, as well as control which applications
        can access which IPs.
      services:
      - name: NetGuard
        followWith: Android
        github: M66B/NetGuard
        url: https://netguard.me
        icon: https://raw.githubusercontent.com/M66B/NetGuard/master/app/src/main/res/mipmap-hdpi/ic_launcher.png
        description: |
          Provides simple and advanced ways to block access to the internet. Applications and addresses
          can individually be allowed or denied access to Wi-Fi and/or mobile connection.

      - name: NoRoot Firewall
        followWith: Android
        openSource: false
        url: https://play.google.com/store/apps/details?id=app.greyshirts.firewall
        icon: https://play-lh.googleusercontent.com/Eo7y02OP6nsOqTx-MsYORxLsIXltk-_0DQUkNztdPUrr_2ZIoR_RgaDXt3y6qrcdIT4=w240-h480
        description: |
          Notifies you when an app is trying to access the Internet, so all you need to do is just Allow
          or Deny. Allows you to create filter rules based on IP address, host name or domain name, and
          you can allow or deny only specific connections of an app.

      - name: AFWall+
        url: https://xdaforums.com/t/5-0-root-3-6-0-afwall-iptables-firewall-28-aug-2023.1957231
        github: ukanth/afwall
        icon: https://play-lh.googleusercontent.com/LGMnS6aiFUxTLMlDQ4VYaJG0V2lY3lr_ru9QZ3OiCp-YZlsCz3F_v0oWQnqrN-giBA=s48
        followWith: Android - Rooted
        description: |
          Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices,
          which provides very fine-grained control over which Android apps are allowed to access the network.

      - name: RethinkDNS & Firewall
        url: https://rethinkdns.com/app
        followWith: Android
        github: celzero/rethink-app
        icon: https://rethinkdns.com/ico/app_icon.svg
        androidApp: com.celzero.bravedns
        tosdrId: 4691
        description: |
          An open-source ad-blocker and firewall app for Android 6+ (does not require root).

      - name: Lockdown
        url: https://lockdownprivacy.com
        openSource: false
        followWith: iOS
        description: |
          Firewall app for iPhone, allowing you to block any connection to any domain.

      - name: SimpleWall
        url: https://simplewall.en.lo4d.com
        icon: https://cdn.lo4d.com/t/icon/128/simplewall.png
        github: henrypp/simplewall
        followWith: Windows
        description: |
          Tool to control Windows Filtering Platform (WFP), in order to configure detailed network activity on your PC.
          (Windows)

      - name: LuLu
        followWith: MacOS
        github: objective-see/LuLu
        icon: https://objective-see.org/images/LL/icon.png
        url: https://objective-see.com/products/lulu.html
        tosdrId: 3069
        description: |
          Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user.

      - name: Little Snitch
        followWith: MacOS
        url: https://obdev.at/products/littlesnitch/index.html
        icon: https://obdev.at/Images/product-icons/littlesnitch_340.png
        tosdrId: 4121
        openSource: false
        description: |
          A very polished application firewall, allowing you to easily manage internet connections on a per-app basis.
          (Mac OS)

      - name: OpenSnitch
        followWith: Linux
        url: https://github.com/evilsocket/opensnitch
        github: evilsocket/opensnitch
        icon: https://raw.githubusercontent.com/evilsocket/opensnitch/master/ui/opensnitch/res/icon.png
        description: |
          Makes internet connections from all apps visible, allowing you to block or manage traffic on a per-app basis.
          GNU/Linux port of the Little Snitch application firewall.

      - name: Gufw
        followWith: Linux
        openSource: true
        github: costales/gufw
        icon: https://raw.githubusercontent.com/costales/gufw/master/data/icons/48x48/apps/gufw.png
        url: https://en.wikipedia.org/wiki/Uncomplicated_Firewall
        description: |
          Open source GUI firewall for Linux, allowing you to block internet access for certain applications.
          Supports both simple and advanced mode, GUI and CLI options, very easy to use, lightweight/ low-overhead,
          under active maintenance and backed by a strong community.

      - name: Uncomplicated Firewall
        openSource: true
        followWith: Linux
        url: https://wiki.ubuntu.com/UncomplicatedFirewall
        description: |
          The ufw (Uncomplicated Firewall) is a GUI application and CLI, that allows you to configure a firewall
          using `iptables` much more easily.

      - name: IPFire
        url: https://www.ipfire.org
        followWith: Hardware
        github: ipfire/ipfire-2.x
        icon: https://www.ipfire.org/static/img/apple-touch-icon-192x192-precomposed.png
        description: |
          IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Easy to install
          on a raspberry Pi, since it is lightweight and heavily customizable.

      - name: Shorewall
        url: https://shorewall.org
        icon: https://shorewall.org/favicon.ico
        openSource: true
        followWith: Hardware
        description: |
          An open source firewall tool for Linux that builds upon the Netfilter system built into the Linux kernel,
          making it easier to manage more complex configuration schemes with iptables.

      - name: OPNSense
        url: https://opnsense.org
        followWith: Hardware
        openSource: true
        icon: https://opnsense.org/wp-content/themes/OPNsense/assets/ico/favicon.png
        description: |
          Enterprise firewall and router for protecting networks, built on the FreeBSD system.

      wordOfWarning: |
        There are different [types](https://www.networkstraining.com/different-types-of-firewalls)
        of firewalls, that are used in different circumstances.
        This does not omit the need to configure your operating systems defences.
        Follow these instructions to enable your firewall in
        [Windows](https://support.microsoft.com/en-us/help/4028544/windows-10-turn-windows-defender-firewall-on-or-off),
        [Mac OS](https://support.apple.com/en-us/HT201642), [Ubuntu](https://wiki.ubuntu.com/UncomplicatedFirewall)
        and other [Linux distros](https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall).

        Even when properly configured, having a firewall enabled does not guarantee
        bad network traffic can not get through and especially during boot if you
        don't have root privileges.

    #########################
    ###### Ad-Blockers ######
    #########################
    - name: Ad Blockers
      alternativeTo:  ['adblock', 'adblock plus', 'ublock', 'ghostery', 'privacy badger']
      intro: |
        There are a few different ways to block ads - browser-based ad-blockers,
        router-based / device blockers or VPN ad-blockers.
        Typically they work by taking a maintained list of hosts,
        and filtering each domain/ IP through it. Some also have other methods to
        detect certain content based on pattern matching
      services:
      - name: Pi-Hole
        url: https://pi-hole.net/
        github: pi-hole/pi-hole
        followWith: Server/ VM/ Pi
        icon: https://wp-cdn.pi-hole.net/wp-content/uploads/2016/12/cropped-Vortex-R-192x192.png
        description: |
          Incredibly powerful, network-wide ad-blocker. Works out-of-the-box, light-weight with an intuitive
          web interface, but still allows for a lot of advanced configuration for power users. As well as
          blocking ads and trackers, Pi-Hole speeds up your network speeds quite significantly. The dashboard
          has detailed statistics, and makes it easy to pause/ resume Pi-Hole if needed.

      - name: Diversion
        url: https://diversion.ch
        icon: https://diversion.ch/files/theme-src/images/favicon/favicon-16x16.png
        followWith: Router
        description: |
          A shell script application to manage ad-blocking, Dnsmasq logging, Entware and pixelserv-tls installations
          and more on supported routers running Asuswrt-Merlin firmware, including its forks.

      - name: BlockParty
        url: https://github.com/krishkumar/BlockParty
        icon: https://user-images.githubusercontent.com/425580/202258429-28da1274-2fb6-49dc-930c-3833f929b65e.png
        github: krishkumar/BlockParty
        followWith: iOS/ MacOS
        description: |
          Native Apple (Swift) apps, for system-wide ad-blocking. Can be customized with custom host lists,
          primarily aimed for just ad-blocking.

      - name: hBlock
        url: https://hblock.molinero.dev
        icon: https://raw.githubusercontent.com/hectorm/hblock/master/resources/logo/bitmaps/logo-shield-ffffff-h512.png
        github: hectorm/hblock
        followWith: Unix
        description: |
          A POSIX-compliant shell script, designed for Unix-like systems, that gets a list of domains that serve ads,
          tracking scripts and malware from multiple sources and creates a hosts file (alternative formats are also supported)
          that prevents your system from connecting to them. Aimed at improving security and privacy through blocking advert,
          tracking and malware associated domains.

      - name: Blokada
        url: https://blokada.org/
        github: blokadaorg/blokada
        followWith: Android/ iOS
        androidApp: org.blokada.sex
        iosApp: https://apps.apple.com/us/app/blokada/id1508341781
        tosdrId: 8557
        description: |
          Open source mobile ad-blocker that acts like a firewall. Since it's device-wide, once connected all apps will
          have ads/ trackers blocked, and the blacklist can be edited. The app is free, but there is a premium option,
          which has a built-in VPN.

      - name: RethinkDNS & Firewall
        url: https://rethinkdns.com/app
        github: celzero/rethink-app
        followWith: Android
        tosdrId: 4691
        icon: https://rethinkdns.com/ico/app_icon.svg
        androidApp: com.celzero.bravedns
        description: |
          Free and open source ad-blocker and a firewall for Android 6+ (no root required).

      - name: Ad Block Radio
        url: https://github.com/adblockradio/adblockradio
        github: adblockradio/adblockradio
        followWith: Sound
        description: |
          Python script that uses machine learning to block adverts in live audio streams, such as Radio, Podcasts,
          Audio Books, and music platforms such as Spotify. See live demo.

      - name: uBlock Origin
        url: https://github.com/gorhill/uBlock
        github: gorhill/uBlock
        icon: https://raw.githubusercontent.com/hectorm/hblock/master/resources/logo/bitmaps/logo-shield-ffffff-h512.png
        followWith: Browser
        description: |
          Light-weight, fast browser extension for Firefox and Chromium (Chrome, Edge, Brave Opera etc), that blocks
          tracking, ads and known malware. uBlock is easy-to-use out-of-the-box, but also has a highly customisable
          advanced mode, with a point-and-click firewall which can be configured on a per-site basis.

      notableMentions: |
        [AdGuardHome](https://github.com/AdguardTeam/AdGuardHome) is a cross-platform DNS Ad Blocker,
        similar to Pi Hole, but with some additional features, like parental controls,
        per-device configuration and the option to force safe search.
        This may be a good solution for families with young children.

        Some VPNs have ad-tracking blocking features, such as
        [TrackStop with PerfectPrivacy](https://www.perfect-privacy.com/en/features/trackstop?a_aid=securitychecklist).
        
        [Private Internet Access](https://www.privateinternetaccess.com/),
        [CyberGhost](https://www.cyberghostvpn.com/),
        [PureVPN](https://www.anrdoezrs.net/click-9242873-13842740),
        and [NordVPN](https://www.kqzyfj.com/l5115shqnhp4E797DC8467D69A6D) also have ad-block features.
        But do not meet security/privact requirements to be included.

    ##############################
    ###### Host Block Lists ######
    ##############################
    - name: Host Block Lists
      services:
      - name: SomeoneWhoCares/ Hosts
        url: https://someonewhocares.org/hosts
        icon: https://someonewhocares.org/favicon.ico
        description: |
          An up-to-date host list, maintained by Dan Pollock - to make the internet not suck (as much).

      - name: Hosts by StevenBlack
        url: https://github.com/StevenBlack/hosts
        icon: https://i.ibb.co/WzGDCx6/hosts-by-steven-black.png
        github: StevenBlack/hosts
        description: |
          Open source, community-maintained consolidated and extending hosts files from several well-curated
          sources. You can optionally pick extensions to block p0rn, Social Media, gambling, fake news and other categories.

      - name: No Google
        url: https://github.com/nickspaargaren/no-google
        icon: https://i.ibb.co/878BLq2/GAFAMSPLATTEXTNOGgit.png
        github: nickspaargaren/no-google
        description: |
          Totally block all direct and indirect content from Google, Amazon, Facebook, Apple and Microsoft (or just some).

      - name: EasyList
        url: https://easylist.to
        github: easylist/easylist
        description: |
          Comprehensive list of domains for blocking tracking, social scripts, bad cookies and annoying stuff.

      - name: iBlockList
        url: https://www.iblocklist.com
        icon: https://d3pkfiqitivr8j.cloudfront.net/sitefiles/images/favicon.ico
        description: |
          Variety of lists (free and paid-for) for blocking content based on certain topics, inducing: spam, abuse,
          political, illegal, hijacked, bad peers and more.

    #############################
    ###### Router FirmWARE ######
    #############################
    - name: Router Firmware
      intro: |
        Installing a custom firmware on your Wi-Fi router gives you greater
        control over security, privacy and performance
      services:
        - name: OpenWRT
          url: https://openwrt.org
          icon: https://openwrt.org/_media/favicon.ico
          github: openwrt/openwrt
          tosdrId: 1603
          description: |
            Plenty of scope for customization and a ton of supported addons. Stateful firewall, NAT, and dynamically-configured
            port forwarding protocols (UPnP, NAT-PMP + upnpd, etc), Load balancing, IP tunneling, IPv4 & IPv6 support.

        - name: DD-WRT
          url: https://dd-wrt.com
          icon: https://dd-wrt.com/favicon.ico
          github: mirror/dd-wrt
          description: |
            Easy and powerful user interface. Great access control, bandwidth monitoring and quality of service.
            IPTables is built-in for firewall, and there's great VPN support as well as additional plug-and-play
            and wake-on-lan features.

      notableMentions:
      - name: Tomato
        url: https://www.polarcloud.com/tomato
      - name: Gargoyle
        url: https://www.gargoyle-router.com
      - name: LibreCMC
        url: https://librecmc.org
      - name: DebWRT
        url: http://www.debwrt.net
      wordOfWarning: |
        Flashing custom firmware may void your warranty.
        If power is interrupted mid-way through a firmware install/ upgrade it
        is possible for your device to become bricked. So long as you follow a
        guide, and use a well supported system, on a supported router, than it
        should be safe

    ##############################
    ###### Network Analysis ######
    ##############################
    - name: Network Analysis
      intro: |
        Whether you live in a country behind a firewall, or accessing the internet
        through a proxy - these tools will help you better understand the extent
        of blocking, deep packet inspection and what data is being analysed
      services:
      - name: OONI
        url: https://ooni.org
        icon: https://ooni.org/images/favicon.png
        github: ooni/probe
        followWith: Android, iOS, Linux
        tosdrId: 6241
        description: |
          Open Observatory of Network Interference - A free tool and global observation network, for detecting censorship,
          surveillance and traffic manipulation on the internet. Developed by The Tor Project, and available for Android,
          iOS, and Linux.

      - name: Goodbye DPI
        url: https://ntc.party/c/community-software/goodbyedpi/8
        icon: https://ntc.party/uploads/default/original/1X/3bdcdffa0d2f06e15ee4c02f4dd2ada9e771e642.png
        github: ValdikSS/GoodbyeDPI
        followWith: Windows
        description: |
          Passive Deep Packet Inspection blocker and Active DPI circumvention utility, for Windows.

      - name: DPITunnel
        url: https://github.com/zhenyolka/DPITunnel
        github: nomoresat/DPITunnel-android
        icon: https://raw.githubusercontent.com/nomoresat/DPITunnel-android/main/assets/logo.webp
        followWith: Android
        description: |
          An Android app to bypass deep packet inspection.

      - name: Proxy Checker
        url: https://ping.eu/proxy/
        icon: https://ping.eu/favicon.ico
        followWith: Web
        description: |
          You can quickly check if a given IP is using a proxy, this can also be done through the command line.


    #################################
    ###### Intrusion Detection ######
    #################################
    - name: Intrusion Detection
      intro: |
        An IDS is an application that monitors a network or computer system for
        malicious activity or policy violations, and notifies you of any unusual
        or unexpected events. If you are running a server, then it's essential to
        know about an incident as soon as possible, in order to minimize damage.
      services:
      - name: Zeek
        url: https://zeek.org/
        icon: https://zeek.org/wp-content/uploads/2019/09/favicon.ico
        github: zeek/zeek
        followWith: Server/ VM/ Pi
        description: |
          Zeek (formally Bro) Passively monitors network traffic and looks for suspicious activity.

      - name: OSSEC
        url: https://www.ossec.net/
        icon: https://i.ibb.co/23CNVCk/ossec.png
        github: ossec/ossec-hids
        followWith: Server
        description: |
          OSSEC is an Open Source host-based intrusion detection system, that performs log analysis, integrity checking,
          monitoring, rootkit detection, real-time alerting and active response.

      - name: Kismet
        url: https://www.kismetwireless.net
        icon: https://avatars.githubusercontent.com/u/22322275?v=4
        github: kismetwireless/kismet
        followWith: Hardware
        description: |
          An 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.

      - name: Snare
        url: https://www.snaresolutions.com/products/snare-central
        icon: https://www.snaresolutions.com/wp-content/uploads/cropped-Snare-Logo-2022-Icon-Lockup-Original-Color-32x32.png
        followWith: Server
        openSource: false
        description: |
          SNARE (System iNtrusion Analysis and Reporting Environment) is a series of log collection agents that facilitate
          centralized analysis of audit log data. Logs from the OS are collected and audited. Full remote access, through
          a web interface easy to use manually, or by an automated process.

      - name: picosnitch
        url: https://elesiuta.github.io/picosnitch
        github: elesiuta/picosnitch
        followWith: Linux
        description: |
          picosnitch helps protect your security and privacy by "snitching" on anything that connects to the internet,
          letting you know when, how much data was transferred, and to where. It uses BPF to monitor network traffic per
          application, and per parent to cover those that just call others. It also hashes every executable, and will
          complain if some mischievous program is giving it trouble.


    ###########################
    ###### Cloud Hosting ######
    ###########################
    - name: Cloud Hosting
      intro: |
        Whether you are hosting a website and want to keep your users data safe,
        or if you are hosting your own file backup, cloud productivity suite or
        VP - then choosing a provider that respects your privacy and allows you
        to sign up anonymously, and will keep your files and data safe is be
        important.
      services:
      - name: Njalla
        url: https://njal.la
        icon: https://njal.la/favicon.ico
        acceptsCrypto: true
        tosdrId: 3688
        description: |
          Njalla is a privacy and security-focused domain registrar and VPN hosting provider. They own and manage all their
          own servers, which are based in Sweden. They accept crypto, for anonymous payments, and allow you to sign up with
          OTR XMPP if you do not want to provide an email address. Both VPS and domain name pricing is reasonable, with
          packages starting at $15/ month.

      - name: Private Layer
        url: https://www.privatelayer.com
        acceptsCrypto: true
        description: |
          Offers enterprise-grade, high-speed offshore dedicated servers, they own their own data centres, have a solid
          privacy policy and accept anonymous payment.

      - name: Servers Guru
        url: https://servers.guru
        acceptsCrypto: true
        tosdrId: 8079
        description: |
          Servers Guru provides affordable and anonymous VPS and cloud servers with dedicated cpu resources. They accept
          crypto-currencies (Bitcoin, Monero, Ethereum etc..) and don't require any personal informations. They resell from
          reputable providers.

      notableMentions: |
        See also: [1984](https://www.1984.is) based in Iceland.
        [Shinjiru](http://shinjiru.com?a_aid=5e401db24a3a4), which offers off-shore dedicated servers.
        [Orange Website](https://www.orangewebsite.com) specialises in protecting online privacy and free speech, hosted in Iceland.
        [RackBone](https://rackbone.ch) (previously DataCell) provides secure and ethical hosting, based in Switzerland.
        And [Bahnhof](https://www.bahnhof.net) offers high-security and ethical hosting, with their data centres locates in Sweden.
        Finally [Simafri](https://www.simafri.com/anonymous) has a range of packages, that support Tor out of the box
      wordOfWarning: |
        The country that your data is hosted in, will be subject to local laws and regulations.
        It is therefore important to avoid a jurisdiction that is part of the
        [5 eyes](https://en.wikipedia.org/wiki/Five_Eyes) (Australia, Canada, New Zealand, US and UK)
        and [other international cooperatives](https://en.wikipedia.org/wiki/Five_Eyes#Other_international_cooperatives)
        who have legal right to view your data.
    
    ###############################
    ###### Domain Registrars ######
    ###############################
    - name: Domain Registrars
      alternativeTo: ['godaddy', 'namecheap', 'tucows', 'bluehost', 'hostgator', 'google domains']
      services:
      - name: Njal.la
        url: https://njal.la
        icon: https://njal.la/favicon.ico
        acceptsCrypto: true
        tosdrId: 3688
        description: |
          Privacy-aware domain service with anonymous sign-up and accepts cryptocurrency.

      - name: Orange Website
        url: https://www.orangewebsite.com/domain-registration.php
        securityAudited: true
        acceptsCrypto: true
        icon: https://orangewebsite.com/fav.ico
        description: |
          Anonymous domain registration, with low online censorship since they are based outside the
          14-eyes jurisdiction (in Iceland).


    #########################
    ###### DNS Hosting ######
    #########################
    - name: DNS Hosting
      services:
      - name: deSEC
        url: https://desec.io
        icon: https://desec.io/favicon.svg
        openSource: true
        github: desec-io/desec-stack
        followWith: Web
        description: |
          Free DNS hosting provider designed with security in mind, and running
          on purely open source software. deSEC is backed and funded by SSE. 


    ###########################
    ###### Mail Servers ######
    ##########################
    - name: Mail Servers
      services:
      - name: Mail-in-a-box
        url: https://mailinabox.email
        github: mail-in-a-box/mailinabox
        icon: https://mailinabox.email/static/logo.png
        description: |
          Easy-to-deploy fully-featured and pre-configured SMTP mail server. It includes everything from
          webmail, to spam filtering and backups.

      - name: Docker Mailserver
        url: https://docker-mailserver.github.io/docker-mailserver/latest
        icon: https://docker-mailserver.github.io/docker-mailserver/latest/assets/logo/favicon-32x32.png
        github: tomav/docker-mailserver
        followWith: Docker
        description: |
          A full-stack but simple mailserver (smtp, imap, antispam, antivirus, ssl...) using Docker. Very
          complete, with everything you will need, customizable and very easy to deploy with docker.

      - name: mailcow
        url: https://mailcow.email/
        icon: https://mailcow.email/images/cow_mailcow.svg
        github: mailcow/mailcow-dockerized
        followWith: Docker
        description: |
          A mail server with everything you need (SMTP, IMAP, webmail, NextCloud support..) using Docker.

      wordOfWarning: |
        Self-hosting your own mail server is not recommended for everyone, it can
        be time consuming to setup and maintain and securing it correctly is critical


  - name: Productivity
    sections:
    ###########################
    ###### Digital Notes #####
    ##########################
    - name: Digital Notes
      alternativeTo: ['evernote', 'microsoft onenote', 'google keep', 'apple notes', 'simplenote', 'notion']
      services:
      - name: Standard Notes
        url: https://standardnotes.com
        github: standardnotes/app
        followWith: Web, Windows, Mac OS, Linux, Android, iOS
        openSource: true
        securityAudited: true
        icon: https://standardnotes.com/favicon.ico
        tosdrId: 2116
        androidApp: com.standardnotes
        iosApp: https://apps.apple.com/us/app/standard-notes/id1285392450
        subreddit: StandardNotes
        description: |
          S.Notes is a free, open-source, and completely encrypted private notes app. It has a simple UI,
          yet packs in a lot of features, thanks to the Extensions Store, allowing for: To-Do lists, Spreadsheets,
          Rich Text, Markdown, Math Editor, Code Editor and many more. You can choose between a number of themes
          (yay, dark mode!), and it features built-in secure file store, tags/ folders, fast search and more.
          Standard Notes is actively developed, and fully open-source.

      - name: Turtle
        url: https://turtlapp.com
        icon: https://turtlapp.com/images/logo.svg
        followWith: Linux, MacOS, Windows, Android (iOS and web in development)
        securityAudited: true
        github: turtl/desktop
        androidApp: com.lyonbros.turtl
        description: |
          A secure, collaborative notebook. Self-host it yourself, or use their hosted plan (free edition
          or $3/ month for premium).

      - name: Notable
        url: https://notable.md
        followWith: Windows, MacOS, Linux
        github: notable/notable
        icon: https://notable.app/favicon.ico
        securityAudited: false
        subreddit: Notable
        description: |
          An offline markdown-based note editor for desktop, with a simple, yet feature-rich UI.
          All notes are saved individually as .md files, making them easy to manage.
          No mobile app, built-in cloud-sync, encryption or web UI. But due to the structure of the files,
          it is easy to use your own cloud sync provider, and additional features are provided through extensions.
      
      - name: Joplin
        url: https://joplinapp.org
        github: laurent22/joplin
        followWith: Windows, MacOS, Linux, Android, iOS
        icon: https://joplinapp.org/images/favicon.png
        securityAudited: true
        androidApp: net.cozic.joplin
        iosApp: https://apps.apple.com/gb/app/joplin/id1315599797
        tosdrId: 9477
        subreddit: JoplinApp
        description: |
          Cross-platform desktop and mobile note-taking and todo app. Easy organisation into notebooks and
          sections, revision history and a simple UI. Allows for easy import and export of notes to or from
          other services. Supports synchronisation with cloud services, implemented with E2EE.

      - name: Logseq
        url: https://logseq.com/
        followWith: Windows, MacOS, Linux, Android, iOS, Web
        icon: https://logseq.com/logo-with-border.a30e7bd0.png
        securityAudited: false
        github: logseq/logseq
        iosApp: https://apps.apple.com/us/app/logseq/id1601013908
        subreddit: Logseq
        description: |
          Privacy-first, open-source knowledge base that works on top of local plain-text Markdown and
          Org-mode files.
          Supports lots of different note modes, including task management,
          PDF annotation, flashcards, whiteboards strong markdown support and more.
          Includes themes and extensions, backed by a strong community

      - name: Obsidian
        url: https://obsidian.md/
        github: obsidianmd/obsidian-releases
        followWith: Windows, MacOS, Linux, Android, iOS, Web
        icon: https://obsidian.md/favicon.svg
        openSource: false
        securityAudited: true
        tosdrId: 3870
        androidApp: md.obsidian
        iosApp: https://apps.apple.com/us/app/obsidian-connected-notes/id1557175442
        subreddit: ObsidianMD
        description: |
          A powerful knowledge base that works on top of local plain-text Markdown files. It has a strong
          community, and a lot of plugins and themes. Generally privacy-respecting, but no
          encryption out of the box, and some of the code is obfuscated or not fully open source

      - name: AFFiNE
        url: https://affine.pro
        github: toeverything/AFFiNE
        followWith: Windows, MacOS, Linux
        securityAudited: false
        subreddit: AFFiNE
        description: |
          Privacy first, open-source alternative to Notion, monday.com and Miro.
          It is a knowledge management tool that allows you to create, organize and share your knowledge.

      - name: Cryptee
        url: https://crypt.ee/
        openSource: false
        github: cryptee/web-client
        securityAudited: false
        tosdrId: 5047
        followWith: Web, Windows, Mac OS, Linux, PWA
        icon: https://raw.githubusercontent.com/cryptee/web-client/v3/source/assets/logo-b.svg
        description: |
          Private & encrypted rich-text documents. Cryptee has encryption and anonymity at its core,
          it also has a beautiful and minimalistic UI. You can use Cryptee from the browser, or download
          native apps. Comes with many additional features, such as support for photo albums and file storage.
          The disadvantage is that only the frontend is open source. Pricing is free for starter plan, $3/
          month for 10GB, additional plans go up-to 2TB.

      notableMentions: |
        If you are already tied into Evernote, One Note etc, then [SafeRoom](https://www.getsaferoom.com)
        is a utility that encrypts your entire notebook, before it is uploaded to the cloud. 

        [Org Mode](https://orgmode.org) is a mode for [GNU Emacs](https://www.gnu.org/software/emacs/)
        dedicated to working with the Org markup format. Org can be thought of as
        a more featureful Markdown alternative, with support for keeping notes,
        maintaining todo lists, planning projects, managing spreadsheets, and
        authoring documents -all in plaintext.

        For a simple plain text note taking app, with strong encryption, see
        [Protected Text](https://www.protectedtext.com), which works well with the
        [Safe Notes](https://play.google.com/store/apps/details?id=com.protectedtext.android) Android app.
        [Laverna](https://laverna.cc/) is a cross-platform secure notes app,
        where all entries are formatted with markdown.

    ######################
    ###### Calendar ######
    ######################
    - name: Calendar
      alternativeTo: ['google calendar', 'microsoft outlook calendar', 'apple calendar', 'yahoo calendar']
      services: []

    ###########################
    ###### Backup & Sync ######
    ###########################
    - name: Backup and Sync
      services:
      - name: SeaFile
        url: https://www.seafile.com
        followWith: Windows, Mac, Linux, Android, iOS, Outlook, CLI
        github: haiwen/seafile
        icon: https://www.seafile.com/media/img/favicon.png?t=3
        tosdrId: 4322
        description: |
          An open source cloud storage and sync solution.
          Files are grouped into Libraries, which can be individually encrypted,
          shared of synced. Docker image available for easy deployment, and native
          clients for Windows, Mac, Linux, Android and iOS.

      - name: Syncthing
        url: https://syncthing.net
        icon: https://syncthing.net/img/favicons/apple-touch-icon-152x152.png
        github: syncthing/syncthing
        followWith: Windows, Mac, Linux, BSD, Android
        description: |
          Continuous file synchronization between 2 or more clients. It is simple,
          yet powerful, and fully-encrypted and private.
          Syncthing can be deployed with Docker, and there are native clients
          for Windows, Mac, Linux, BSD and Android.

      - name: NextCloud
        url: https://nextcloud.com
        icon: https://nextcloud.com/c/uploads/2022/03/favicon.png
        followWith: Web, Windows, Mac, Linux, Android, iOS
        tosdrId: 707
        description: |
          Feature-rich productivity platform, that can be used to backup and
          selectively sync encrypted files and folders between 1 or more clients.
          A key benefit the wide range of plug-ins in the NextCloud App Store,
          maintained by the community. NextCloud was a hard fork off OwnCloud.

      notableMentions: |
        Alternatively, consider a headless utility such as [Duplicacy](https://duplicacy.com)
        or [Duplicity](http://duplicity.nongnu.org).
        Both of offer an encrypted and efficient sync between 2 or more locations,
        using the [rsync](https://linux.die.net/man/1/rsync) algorithm.

        [SpiderOak](https://spideroak.com), [Tresorit](https://tresorit.com) and
        [Resilio](https://www.resilio.com/individuals)
        are good enterprise solutions, all with solid encryption baked-in

        [FileRun](https://filerun.com) and [Pydio](https://pydio.com)
        are self-hosted file explorers, with cross-platform sync capabilities.
      wordOfWarning: |
        You should always ensure that any data stored in the cloud is encrypted.
        If you are hosting your own server, then take the necessary precautions
        to [secure the server](https://med.stanford.edu/irt/security/servers.html).
        For hosted solutions - use a strong password, keep your credentials safe and enable 2FA.

    ###########################
    ###### Cloud Suites ######
    ##########################
    - name: Cloud Productivity Suites
      alternativeTo: ['microsoft office 365', 'google workspace', 'zoho office suite', 'libreoffice online']
      services:
      - name: CryptPad
        url: https://cryptpad.org/
        github: xwiki-labs/cryptpad
        icon: https://cryptpad.fr/customize/CryptPad_logo.svg
        followWith: Web
        tosdrId: 2584
        description: |
          A zero knowledge cloud productivity suite. Provides Rich Text,
          Presentations, Spreadsheets, Kanban, Paint a code editor and file drive.
          All notes and user content, are encrypted by default, and can only be
          accessed with specific URL. The main disadvantage, is a lack of Android,
          iOS and desktop apps - CryptPad is entirely web-based. You can use their
          web service, or you can host your own instance. Price for hosted: free
          for 50mb or $5/ month for premium.

      - name: NextCloud
        url: https://nextcloud.com
        icon: https://nextcloud.com/c/uploads/2022/03/favicon.png
        followWith: Web, Windows, Mac OS, Linux, Android, iOS
        github: nextcloud/server
        tosdrId: 707
        description: |
          A complete self-hosted productivity platform, with a strong community
          and growing app store. NextCloud is similar to (but arguably more complete
          than) Google Drive, Office 365 and Dropbox. Clear UI and stable native
          apps across all platforms, and also supports file sync. Supports encrypted
          files, but you need to configure this yourself. Fully open source.

      - name: Disroot
        url: https://disroot.org
        icon: https://disroot.org/user/themes/disroot/images/favicon.png
        followWith: Web
        tosdrId: 1826
        description: |
          A platform providing online services based on principles of freedom,
          privacy, federation and decentralization. It is an implementation of
          NextCloud, with strong encryption configured - it is widely used by
          journalists, activists and whistle-blowers. It is free to use, but
          there have been reported reliability issues of the cloud services.

      - name: Sandstorm
        url: https://sandstorm.io
        icon: https://sandstorm.io/favicon.ico
        github: sandstorm-io/sandstorm
        followWith: Web
        description: |
          An open source platform for self-hosting web apps. Once you've set it up,
          you can install items from the Sandstorm App Market with -click,
          similar to NextCloud in terms of flexibility.

      - name: Vikunja
        url: https://vikunja.io
        icon: https://vikunja.io/favicon.ico
        github: go-vikunja/vikunja
        followWith: Web, Android Linux
        description: |
          Vikunja is an open-source to-do application. It is suitable for a wide
          variety of projects, supporting List, Gantt, Table and Kanban views to
          visualize all tasks in different contexts. For collaboration, it has
          sharing support via private teams or public links. It can be self-hosted
          or used as a managed service for a small fee.


    ###########################
    ###### Cloud Storage ######
    ###########################
    - name: Encrypted Cloud Storage
      alternativeTo: ['dropbox', 'google drive', 'microsoft onedrive', 'icloud', 'box']
      intro: |
        Backing up important files is essential, and keeping an off-site copy is recommended.
        But many free providers do not respect your privacy, and are not secure enough for
        sensitive documents.
        Avoid free mainstream providers, such as Google Drive, cloud, Microsoft Overdrive, Dropbox.

        It is recommended to encrypt files on your client machine, before syncing to the cloud.
        [Cryptomator](https://cryptomator.org) is a cross-platform, open source encryption app, designed for just this.

      services:
      - name: Tresorit
        url: https://tresorit.com
        tosdrId: 1696
        description: |
          End-to-end encrypted zero knowledge file storage, syncing and sharing provider, based in Switzerland.
          The app is cross-platform, user-friendly client and with all expected features. £6.49/month for 500 GB.

      - name: IceDrive
        url: https://icedrive.net
        tosdrId: 3118
        description: |
          Very affordable encrypted storage provider, with cross-platform apps. Starts as £1.50/month for 150 GB
          or £3.33/month for 1 TB.

      - name: Sync.com
        url: https://www.sync.com
        tosdrId: 698
        description: |
          Secure file sync, sharing, collaboration and backup for individuals, small businesses and sole practitioners.
          Starts at $8/month for 2 TB.

      - name: pCloud
        url: https://www.pcloud.com
        description: |
          Secure and simple to use cloud storage, with cross-platform client apps. £3.99/month for 500 GB.

      - name: Peergos
        url: https://peergos.org/
        description: |
          A peer-to-peer end-to-end encrypted global filesystem with fine grained access control. Provides a secure
          and private space online where you can store, share and view your photos, videos, music and documents.
          Also includes a calendar, news feed, task lists, chat and email client. Fully open source and self-hostable
          (or use hosted solution, from £5/month for 100 GB).

      - name: Internxt
        url: https://internxt.com/
        icon: https://internxt.com/favicon.ico
        tosdrId: 4176
        description: |
          Store your files in total privacy. Internxt Drive is a zero-knowledge cloud storage service based on best-in-class
          privacy and security. Made in Spain. Open-source mobile and desktop apps. 10GB FREE and Paid plans starting from
          €0.99/month for 20GB.

      - name: FileN
        url: https://filen.io/
        tosdrId: 6820
        description: |
          Zero knowledge end-to-end encrypted affordable cloud storage made in Germany. Open-source mobile and desktop apps.
          10GB FREE with paid plans starting at €0.92/month for 100GB.

      notableMentions: |
        An alternative option, is to use a cloud computing provider, and implement
        the syncing functionality yourself, and encrypt data locally before
        uploading it - this may work out cheaper in some situations.
        You could also run a local server that you physically own at a secondary location,
        that would mitigate the need to trust a third party cloud provider.
        Note that some knowledge in securing networks is required.


    ########################
    ###### File Drop ######
    #######################
    - name: File Drop
      alternativeTo: ['wetransfer', 'send anywhere', 'filemail', 'smash']
      services:
      - name: FileSend
        url: https://filesend.standardnotes.org
        followWith: Web
        description: |
          Simple, encrypted file sharing, with a 500mb limit and 5-day retention. Files are secured with client-side AES-256
          encryption and no IP address or device info is logged. Files are permanently deleted after download or after specified
          duration. Developed by StandardNotes, and has built-in integration with the SN app.

      - name: OnionShare
        url: https://onionshare.org/
        github: micahflee/onionshare
        followWith: Windows, Mac OS, Linux
        description: |
          An open source tool that lets you securely and anonymously share a file of any size, via Tor servers. OnionShare does
          require installing, but the benefit is that your files are transferred directly to the recipient, without needing to be
          hosted on an interim server. The host needs to remain connected for the duration of the transfer, but once it is complete,
          the process will be terminated.

      notableMentions: |
        [Instant.io](https://github.com/webtorrent/instant.io), is another peer-to-peer based solution,
        using [Web Torrent](https://webtorrent.io).

        For specifically transferring images, [Up1](https://github.com/Upload/Up1) is a good self-hosted option, with client-side encryption.
        
        Finally [PsiTransfer](https://github.com/psi-4ward/psitransfer) is a feature-rich, self-hosted file drop, using streams.


    ###########################
    ###### Browser Sync ######
    ##########################
    - name: Browser Sync
      alternativeTo: ['google chrome sync', 'firefox sync', 'microsoft edge sync', 'opera sync']
      services:
      - name: Floccus
        url: https://floccus.org
        github: marcelklehr/floccus
        description: |
          Simple and efficient bookmark syncing using either NextCloud Bookmarks, a WebDAV server (local or remote)
          or just a local folder through LoFloccus. Browser extensions available for Chrome, Firefox, and Edge.

      - name: XBrowserSync
        url: https://www.xbrowsersync.org
        github: xbrowsersync/app
        description: |
          Secure, anonymous and free browser and bookmark syncing. Easy to setup, and no sign up is required, you can
          either use a community-run sync server, or host your own with their docker image. Extensions are available for
          Chrome, Firefox, and on Android.

      - name: Unmark
        url: https://unmark.it
        github: cdevroe/unmark
        tosdrId: 9301
        description: |
          A web application which acts as a todo app for bookmarks. You can either self-host it, or use their managed
          service which has a free and paid-for tier.

      - name: Reminiscence
        url: https://github.com/kanishka-linux/reminiscence
        github: kanishka-linux/reminiscence
        description: |
          A self-hosted bookmark and archive manager. Reminiscence is more geared towards archiving useful web pages
          either for offline viewing or to preserve a copy. It is a web application, that can be installed with Docker
          on either a local or remote server, although it has a comprehensive and well-documented REST API, there is
          currently no browser extension.

      - name: Shiori
        url: https://github.com/go-shiori/shiori
        icon: https://avatars.githubusercontent.com/u/41993376?s=200&v=4
        github: go-shiori/shiori
        description: |
          Simple bookmark manager written in Go, intended to be a clone of Pocket, it has both a simple and clean web
          interface as well as a CLI. Shiori has easy import/ export, is portable and has webpage archiving features.
      
      notableMentions: |
        [Ymarks](https://ymarks.org) is a C-based self-hosted bookmark synchronization
        server and [Chrome](https://chrome.google.com/webstore/detail/ymarks/gefignhaigoigfjfbjjobmegihhaacfi) extension.

        [syncmarx](https://syncmarx.gregmcleod.com) uses your cloud storage to sync
        bookmarks ([Chrome](https://chrome.google.com/webstore/detail/syncmarx/llcdegcpeheociggfokjkkgciplhfdgg)
        and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/syncmarx/)).

        [NextCloud Bookmarks](https://apps.nextcloud.com/apps/bookmarks) has several community browser extensions,
        inducing [FreedomMarks](https://addons.mozilla.org/en-US/firefox/addon/freedommarks/) (Firefox) and
        [OwnCloud Bookmarks](https://chrome.google.com/webstore/detail/owncloud-bookmarks/eomolhpeokmbnincelpkagpapjpeeckc) (Chrome).

        Finally, [Turtl Notes](https://turtlapp.com) has excellent link saving functionality built-in

        [RainDrop](https://raindrop.io) is a fully-featured all-in-1 bookmarking and web-snip suite.
        It has a beautiful UI, good data controls and some very handy integrations and features.
        Available on desktop, mobile, web and through a browser extension.
        The catch is that it is not open source, there is a free and premium plan, but no option for self-hosting.

    ##############################
    ###### Conference Calls ######
    #############################
    - name: Secure Conference Calls
      alternativeTo: ['zoom', 'microsoft teams', 'google meet', 'skype', 'cisco webex']
      intro: |
        With the [many, many security issues with Zoom](https://www.tomsguide.com/uk/news/zoom-security-privacy-woes),
        and other mainstream options, it becomes clear that a better, more private and secure alternative is required.
        As with other categories, the "best video calling app" will be different
        for each of us, depending on the ratio of performance + features to
        security + privacy required in your situation.

      services:
      - name: Jami
        url: https://jami.net
        github: savoirfairelinux/jami-project
        icon: https://jami.net/assets/images/favicon/favicon-196x196.png?v=565055118b
        followWith: Windows, MacOS, Linux, Android, Android TV, iOS
        description: |
          A free and open source, distributed video, calling and screenshare platform with a focus on security. Jami is
          completely peer-to-peer, and has full end-to-end encryption with perfect forward secrecy for all communications,
          complying with the X.509 standard. Supported natively on Windows, macOS, iOS, GNU/Linux, Android and Android TV.
          Video quality is quite good, but very dependent on network speeds, some of the apps are lacking in features.

      - name: Jitsi
        url: https://jitsi.org
        github: jitsi/jitsi-meet
        icon: https://jitsi.org/wp-content/uploads/2020/04/Jitsi-favicon-196-50x50.png
        followWith: Web, Windows, MacOS, Linux, Android, iOS
        tosdrId: 2201
        description: |
          Encrypted, free and open source video calling app, which does not require creating an account/ providing any personal
          details. Available as a web app, and native app for Windows, MacOS, Linux, Android and iOS. You can use the public
          Jitsi instance, self-host your own, or use a community hosted instance.

      notableMentions: |
        [Apache OpenMeetings](https://openmeetings.apache.org) provides self-hosted
        video-conferencing, chat rooms, file server and tools for meetings.
        
        [together.brave.com](https://together.brave.com) is Brave's Jitsi Fork.

        For remote learning, [BigBlueButton](https://bigbluebutton.org) is self-hosted conference call software,
        aimed specifically at schools and Universities.
        It allows for the host/ teacher to have full control over the session,
        and provides high-quality video streaming, multi-user whiteboards,
        breakout rooms, and instant chat.

  - name: Utilities
    sections:
    ##############################
    ###### Virtual Machines ######
    ##############################
    - name: Virtual Machines
      intro: |
        A virtual machine (VM) is a sandboxed operating system, running within your
        current system. Useful for compartmentalisation and safely testing software,
        or handling potentially malicious files
      services:
      - name: VirtualBox
        url: https://www.virtualbox.org
        icon: https://www.virtualbox.org/favicon.ico
        openSource: true
        description: |
          Open source, powerful, feature-rich virtualization product, supporting x86 and AMD64/Intel64 architectures.
          Available for Windows, MacOS, Linux and BSD, and free for both personal and enterprise use. VirtualBox is
          backed by a strong community, and has been under active development since 2007.

      - name: Xen Project
        url: https://xenproject.org
        icon: https://gitlab.com/uploads/-/system/group/avatar/1147069/pngegg.png?width=48
        openSource: true
        followWith: Servers
        description: |
          Open source virtual machine monitor intended to serve as a type-1 hyperviser for multiple operating systems
          using the same hardware - very useful for servers, as it allows for fully independent virtual Linux machines.

      - name: UTM
        url: https://mac.getutm.app
        github: utmapp/UTM
        icon: https://mac.getutm.app/images/logo.png
        followWith: Mac
        tosdrId: 8038
        description: |
          Open source, feature rich, powerful type 2 hypervisor for Mac, can emulate x86-64 OSes on Apple Silicon Macs.
          There's also an [iOS](https://getutm.app/) version (so you can run Windows on your iPhone!)

      notableMentions: |
        [QEMU](https://wiki.qemu.org/Main_Page) is a virtual hardware emulation tool,
        meaning it is less appropriate for creating fully independant sandboxes,
        but performance is considerable better than that of a traditional virtual machine.

        [VMWare](https://www.vmware.com/) is popular in the enterprise world,
        it is not open source, and although there is a free version, a license
        is required to access all features. VMWare performs very well when running
        on a server, with hundreds of hosts and users.
        
        For Mac users, [Parallels](https://www.parallels.com/uk/) is a popular
        option which performs really well, but again is not open source.
        
        For Windows users, there's
        [Hyper-V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v),
        which is a native Windows product, developed by Microsoft.

    ##########################
    ###### PGP Managers ######
    ##########################
    - name: PGP Managers
      intro: |
        Tools for signing, verifying, encrypting and decrypting text and files using [GnuPG](https://www.gnupg.org) standard

      services:
      - name: SeaHorse
        url: https://wiki.gnome.org/Apps/Seahorse
        icon: https://wiki.gnome.org/Apps/Seahorse?action=AttachFile&do=get&target=seahorse-icon.png
        openSource: true
        followWith: Linux/ GNOME
        description: |
          Application for managing encryption keys and passwords, integrated with the GNOME Keyring.

      - name: Kleopatra
        url: https://apps.kde.org/kleopatra
        icon: https://apps.kde.org/app-icons/org.kde.kleopatra.svg
        openSource: true
        followWith: Linux/ KDE
        description: |
          Certificate manager and a universal crypto GUI. It supports managing X.509 and OpenPGP certificates in the GpgSM
          keybox and retrieving certificates from LDAP servers.

      - name: GPG4Win
        url: https://www.gpg4win.org
        icon: https://www.gpg4win.org/favicon.png
        github: gpg/gpg4win
        followWith: Windows
        tosdrId: 8276
        description: |
          Kleopatra ported to Windows.

      - name: GPG Suite
        url: https://gpgtools.org
        followWith: MacOS
        icon: https://gpgtools.org/favicon-152.png
        description: |
          Successor of MacGPG. Plays nice with MacOS apps, including Finder, Appple Mail, Keychain and Spotlight.
          Makes encrypting files, emails, and messages / data very easy.
          As well as GUI for generating keys, verifying signatures, etc.
        openSource: false

      - name: OpenKeychain
        url: https://www.openkeychain.org
        securityAudited: true
        github: open-keychain/open-keychain
        followWith: Android
        tosdrId: 7378
        description: |
          Android app for managing keys, and encrypting messages.
          Works both stand-alone, and as integrated into other apps, including k9-Mail.
          Everything can be done through a simple yet powerful GUI.
          Open source, security audited, transparent permissions, and activley maintained.

      - name: PGP Everywhere
        url: https://www.pgpeverywhere.com
        followWith: iOS
        icon: https://www.pgpeverywhere.com/i/favicon/favicon-16x16.png
        openSource: false
        description: |
          iOS app for encrypting/ decrypting text.
          Has native keyboard integration, keychain support and app integrations which makes it quick to use in any app.
          

      - name: FlowCrypt
        url: https://flowcrypt.com
        icon: https://flowcrypt.com/img/favicons/apple-touch-icon.png?version=69
        github: FlowCrypt/flowcrypt-browser
        followWith: Gmail
        description: |
          Browser extension for using PGP within Gmail, for Chrome and Firefox.
          Mobile version supported on Android and iOS.

      - name: EnigMail
        url: https://enigmail.net
        followWith: Thunderbird
        icon: https://enigmail.net/favicon.ico
        openSource: true
        description: |
          OpenPGP extension for Thunderbird and PostBox, integrates natively within mail app.

      - name: Mailvelope
        url: https://www.mailvelope.com
        followWith: Email
        securityAudited: true
        github: mailvelope/mailvelope
        tosdrId: 6210
        description: |
          Mailvelope is an addon for email applications, that makes using PGP very easy for beginners. You can use the hosted
          version for free, or opt to host your own instance.
          Works with Gmail, Yahoo, Outlook, GMX, Posteo, Web.de, FreeNet.de, Mailbox.org and [many others](https://mailvelope.com/en/faq#mailer_list).


    ##############################
    ###### Metadata Removal ######
    ##############################
    - name: Metadata Removal
      intro: |
        [Exif](https://en.wikipedia.org/wiki/Exif)/ [Metadata](https://en.wikipedia.org/wiki/Metadata)
        is "data about data", this additional information attached to files can
        lead us to
        [share significantly more information than we intended](https://gizmodo.com/vice-magazine-just-accidentally-revealed-where-john-mca-5965295) to.

        For example, if you upload an image of a sunset to the internet, but don't remove the metadata,
        it [may reveal the location](https://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html?_r=1) (GPS lat + long)
        of where it was taken, the device is was taken on, precise camera data, details about modifications and the
        picture source + author. Social networks that remove metadata from your photos, often collect and store it,
        for their own use.
        This could obviously pose a security risk, and that is why it is recommended to strip out this data from a file before sharing.
      services:
      - name: ExifCleaner
        url: https://exifcleaner.com
        github: szTheory/exifcleaner
        icon: https://exifcleaner.com/images/favicon.ico
        description: |
          Cross-platform, open source, performant EXIF meta data removal tool. This GUI tool makes cleaning media files really
          easy, and has great batch process support. Created by @szTheory, and uses ExifTool.

      - name: ExifTool
        url: https://exiftool.org
        github: exiftool/exiftool
        followWith: CLI
        description: |
          Platform-independent open source Perl library & CLI app, for reading, writing and editing meta data. Built by Phill
          Harvey. Very good performance, and supports all common metadata formats. An official GUI application is available
          for Windows, implemented by Bogdan Hrastnik.

      - name: ImageOptim
        url: https://imageoptim.com/mac
        followWith: MacOS
        github: ImageOptim/ImageOptim
        icon: https://imageoptim.com/icon.png
        description: |
          Native MacOS app, with drag 'n drop image optimization and meta data removal.

      notableMentions: |
        It's possible (but slower) to do this without a third-party tool.
        For Windows, right click on a file, and go to: `Properties --> Details --> Remove Properties --> Remove from this File --> Select All --> OK`.

        Alternatively, with [ImageMagic](https://imagemagick.org) installed, just run
        `convert -strip path/to/image.png` to remove all metadata.
        
        If you have [GIMP](https://www.gimp.org) installed, then just go to `File --> Export As --> Export --> Advanced Options --> Uncheck the "Save EXIF data" option`.

        Often you need to perform meta data removal programmatically, as part of a script or automation process.  
        - GoLang: [go-exif](https://github.com/dsoprea/go-exif) by @dsoprea
        - JS: [exifr](https://github.com/MikeKovarik/exifr) by @MikeKovarik
        - Python: [Piexif](https://github.com/hMatoba/Piexif) by @hMatoba
        - Ruby: [Exif](https://github.com/tonytonyjan/exif) by @tonytonyjan
        - PHP: [Pel](https://github.com/pel/pel) by @mgeisler

    ##########################
    ###### Data Erasers ######
    ##########################
    - name: Data Erasers
      intro: |
        Simply deleting data, does
        [not remove it](https://uk.norton.com/internetsecurity-privacy-is-my-personal-data-really-gone-when-its-deleted-from-a-device.html)
        from the disk, and recovering deleted files is a
        [simple task](https://www.lifewire.com/how-to-recover-deleted-files-2622870).
        
        Therefore, to protect your privacy, you should erase/ overwrite data from
        the disk, before you destroy, sell or give away a hard drive.
      services:
      - name: Eraser
        url: https://eraser.heidi.ie
        followWith: Windows
        icon: https://eraser.heidi.ie/wp-content/uploads/2015/06/favicon.ico
        github: gtrant/eraser
        description: |
          Allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully
          selected patterns.

      - name: Hard Disk Scrubber
        url: http://www.summitcn.com/hdscrub.html
        followWith: Windows
        description: |
          Easy to use, but with some advanced features, including custom wipe patterns. Data Sanitation Methods: AFSSI-5020,
          DoD 5220.22-M, and Random Data.

      - name: SDelete
        url: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
        followWith: Windows
        icon: https://learn.microsoft.com/favicon.ico
        description: |
          Microsoft Secure Delete is a CLI utility, uses DoD 5220.22-M.

      - name: OW Shredder
        url: https://schiffer.tech/ow-shredder.html
        icon: https://schiffer.tech/img/logos/ow.jpg
        followWith: Windows
        description: |
          File, folder and drive portable eraser for Windows. Bundled with other tools to scan, analyze, and wipe, and other
          traces that were left behind. Includes context menu item, recycle bin integration.

      - name: DBAN
        url: https://dban.org
        followWith: bootable
        openSource: false
        description: |
          Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers.
          DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an
          appropriate utility for bulk or emergency data destruction. DBAN is the free edition of Blanco, which is an enterprise
          tool designed for legal compliance.

      - name: nwipe
        url: https://github.com/martijnvanbrummelen/nwipe
        github: martijnvanbrummelen/nwipe
        followWith: Cross-platform
        description: |
          C-based secure light-weight disk eraser, operated through the easy-to-use CLI or a GUI interface.

      - name: shred
        url: https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html
        followWith: Unix
        openSource: true
        icon: https://www.gnu.org/favicon.ico
        description: |
          A CLI utility that can be used to securely delete files and devices, to make them extremely difficult to recover.

      - name: Secure Remove
        url: https://www.systutorials.com/docs/linux/man/1-srm/
        followWith: Unix
        openSource: true
        description: |
          CLI utility for securely removing files, directories and whole disks, works on Linux, BSD and MacOS.

      - name: Mr. Phone
        url: https://drfone.wondershare.com
        openSource: false
        followWith: Android/ iOS
        icon: https://drfone.wondershare.com/favicon.ico
        description: |
          Proprietary, closed-source suite of forensic data tools for mobile. The data eraser allows for both Android and iOS to
          be fully wiped, through connecting them to a PC.

      notableMentions: |
        There's no need to use a third-party tool. You can boot into a UNIX-based
        system, mount the disk you need to erase, and use a command to write it
        with arbitrary data. For best results, this process should be repeated
        several times. This is a good way to wipe a disk, before selling or
        destroying it, to protect your data.

        Such as the [`dd`](https://en.wikipedia.org/wiki/Dd_%28Unix%29) command,
        is a tool to convert and copy files, but running
        `sudo dd if=/dev/zero of=/dev/sdX bs=1M` will quickly overwrite the whole disk with zeros.
        Or [badblocks](https://linux.die.net/man/8/badblocks) which is intended to search for all bad blocks,
        but can also be used to write zeros to a disk,
        by running `sudo badblocks -wsv /dev/sdd`.
        
        An effective method of erasing an SSD, it to use [hdparm](https://en.wikipedia.org/wiki/Hdparm)
        to issue a [secure erase](https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security)
        command, to your target storage device,
        for this, see step-by-step instructions via: [wiki.kernel.org](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase).
        
        Finally, [srm](https://www.systutorials.com/docs/linux/man/1-srm/) can be
        use to securely remove files or directories, just run `srm -zsv /path/to/file`
        for a single pass over.



  - name: Operating Systems
    sections:
    ########################
    ###### Mobile OS ######
    ########################
    - name: Mobile Operating Systems
      alternativeTo: ['android', 'ios']
      intro: |
        If you are an Android user, your device has Google built-in at its core.
        [Google tracks you](https://digitalcontentnext.org/blog/2018/08/21/google-data-collection-research/),
        collecting a wealth of information, and logging your every move.
        
        A [custom ROM](https://en.wikipedia.org/wiki/List_of_custom_Android_distributions),
        is an open source, usually Google-free mobile OS that can be flashed to your device.
      services:
      - name: GrapheneOS
        url: https://grapheneos.org/
        github: GrapheneOS/hardened_malloc
        icon: https://grapheneos.org/apple-touch-icon.png
        description: |
          GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility. Developed by Daniel Micay. 
          GrapheneOS is a young project, and currently only supports Pixel devices, partially due to their strong hardware security.

      - name: CalyxOS
        url: https://calyxos.org
        icon: https://calyxos.org/assets/images/favicon/apple-touch-icon.png
        github: CalyxOS/calyxos
        tosdrId: 2558
        description: |
          CalyxOS is an free and open source Android mobile operating system that puts privacy and security into the hands of everyday users. 
          Plus, proactive security recommendations and automatic updates take the guesswork out of keeping your personal data personal. Also currently 
          only supports Pixel devices and Xiaomi Mi A2 with Fairphone 4, OnePlus 8T, OnePlus 9 test builds available. Developed by the Calyx Foundation.

      - name: DivestOS
        url: https://divestos.org
        icon: https://divestos.org/images/favicon.png
        github: Divested-Mobile/DivestOS-Build
        tosdrId: 2550
        description: |
          DivestOS is a vastly diverged unofficial more secure and private soft fork of LineageOS. DivestOS primary goal is prolonging the life-span of 
          discontinued devices, enhancing user privacy, and providing a modest increase of security where/when possible. Project is developed and maintained 
          solely by Tad (SkewedZeppelin) since 2014.

      - name: LineageOS
        url: https://www.lineageos.org
        icon: https://www.lineageos.org/images/logo.png
        github: LineageOS/android
        tosdrId: 7188
        description: |
          A free and open-source operating system for various devices, based on the Android mobile platform - Lineage is light-weight, well maintained, 
          supports a wide range of devices, and comes bundled with Privacy Guard.

      notableMentions: |
        [Replicant OS](https://www.replicant.us/) is a fully-featured distro,
        with an emphasis on freedom, privacy and security.
        
        [OmniRom](https://www.omnirom.org/),
        [Resurrection Remix OS](https://resurrectionremix.com/)
        and [Paranoid Android](http://paranoidandroid.co/) are also popular options.
        
        Alternatively, [Ubuntu Touch](https://ubports.com/) is a Linux (Ubuntu)- based OS.
        It is secure by design and runs on almost any device, - but it does fall short when it comes to the app store.

        To install apps on the Play Store without using the Play Store app see
        [Aurora Store](https://gitlab.com/AuroraOSS/AuroraStore).
        For Google Play Service see [MicroG](https://microg.org/)

      wordOfWarning: |
        It is not recommended to root, or flash your device with a custom ROM if you are not an advanced user.
        There are risks involved
        - Although the above ROMs omit Google, they do open up other security issues: Without DM-verity on the system partition, the file system *could* be tampered with, and no verified boot stack, the kernel/initramfs also *could* be edited. You should understand the risks, before proceeding to flash a custom ROM to your device
        - You will need to rely on updates from the community, which could be slower to be released - this may be an issue for a time-urgent, security-critical patch
        - It is also possible to brick your device, through interrupted install or bad software
        - Finally, rooting and flashing your device, will void your warranty

    ########################
    ###### Desktop OS ######
    ########################
    - name: Desktop Operating Systems
      alternativeTo: ['windows', 'macos', 'ubuntu', 'fedora', 'debian', 'arch', 'centos', 'red hat', 'suse']
      intro: |
        Windows and MacOS have many features that violate your privacy.
        Microsoft and Apple are able to collect all your data (including, but not
        limited to: keystrokes, searches and mic input, calendar data, music,
        photos, credit card information and purchases, identity, passwords, contacts,
        conversations and location data). Microsoft Windows is also more susceptible
        to malware and viruses, than alternative systems.

        Switching to Linux is a great choice in terms of security and privacy -
        you don't need necessarily need to use a security distro, any well-maintained
        stable distro is going to be considerably better than a proprietary OS
      services:
      - name: Qubes OS
        url: https://www.qubes-os.org/
        followWith: containerized apps
        tosdrId: 2258
        description: |
          Open-source security-oriented operating system for single-user desktop computing. It uses virtualisation,
          to run each application in its own compartment to avoid data being leaked. It features Split GPG, U2F Proxy,
          and Whonix integration. Qubes makes is easy to create disposable VMs which are spawned quickly and destroyed
          when closed. Qubes is recommended by Edward Snowden.

      - name: Whonix
        url: https://www.whonix.org/
        followWith: VM
        description: |
          Whonix is an anonymous operating system, which can run in a VM, inside your current OS. It is the best way to
          use Tor, and provides very strong protection for your IP address. It comes bundled with other features too:
          Keystroke Anonymization, Time Attack Defences, Stream Isolation, Kernel Self Protection Settings and an Advanced
          Firewall. Open source, well audited, and with a strong community - Whonix is based on Debian, KickSecure and Tor.

      - name: Tails
        url: https://tails.boum.org/
        followWith: live
        description: |
          Tails is a live operating system (so you boot into it from a USB, instead of installing). It preserves your
          privacy and anonymity through having no persistent memory/ leaving no trace on the computer. Tails has Tor
          built-in system-wide, and uses state-of-the-art cryptographic tools to encrypt your files, emails and instant
          messaging. Open source, and built on top of Debian. Tails is simple to stop, configure and use.

      - name: Parrot
        url: https://www.parrotsec.org/
        followWith: security
        tosdrId: 8267
        description: |
          Parrot Linux, is a full Debian-based operating system, that is geared towards security, privacy and development.
          It is fully-featured yet light-weight, very open. There are 3 editions: General Purpose, Security and Forensic.
          The Secure distribution includes its own sandbox system obtained with the combination of Firejail and AppArmor
          with custom security profiles. While the Forensics Edition is bundled with a comprehensive suite of security/
          pen-testing tools, similar to Kali and Black Arch.

      - name: Discreete Linux
        url: https://www.privacy-cd.org/
        followWith: offline
        description: |
          Aimed at journalists, activists and whistle-blowers, Discreete Linux is similar to Tails, in that it is booted
          live from external media, and leaves no/ minimal trace on the system. The aim of the project, was to provide
          all required cryptographic tools offline, to protect against Trojan-based surveillance.

      - name: Alpine Linux
        url: https://www.alpinelinux.org/
        followWith: Docker
        description: |
          Alpine is a security-oriented, lightweight distro based on musl libc and busybox. It compiles all user-space
          binaries as position-independent executables with stack-smashing protection. Install and setup may be quite
          complex for some new users.

      notableMentions: |
        [Septor](https://septor.sourceforge.io/) is a Debian-based distro with the
        KDE Plasma desktop environment, and Tor baked-in. Designed for surfing the
        web anonymously, and completing other internet-based activities (with
        Thunderbird, Ricochet IM, HexChat, QuiteRSS, OnionShare).
        Septor is light-weight, but comes bundled with all the essential privacy +
        security utilities (including: Gufw, Ark, Sweeper, KGpg, Kleopatra,
        KWallet, VeraCrypt, Metadata Anonymisation Toolkit and more).

        [Subgraph OS](https://subgraph.com) is designed to be an *adversary resistant
        computing platform*, it includes strong system-wide attack mitigations,
        and all key applications run in sandbox environments. Subgraph is still
        in beta (at the time of writing), but still is well tested, and has some
        nice anonymization features

        For defensive security, see [Kali](https://www.kali.org) and [BlackArch](https://blackarch.org),
        both are bundled with hundreds of security tools, ready for pretty much any job
        (not reccomended as a daily driver!)

        Other security-focused distros include: [TENS OS](https://www.tens.af.mil/),
        [Fedora CoreOS](https://getfedora.org/coreos?stream=stable),
        [Kodachi](https://www.digi77.com/linux-kodachi/) and [IprediaOS](https://www.ipredia.org)
        (Avoid systems that are not being actively maintained)

      furtherInfo: |

        #### General Purpose Linux Distros
        If you do not want to use a specalist security-based distro, or you are
        new to Unix - then just switching to any well-maintained Linux distro,
        is going to be significantly more secure and private than Windows or Mac OS.
        Since it is open source, major distros are constantly being audited by
        members of the community. Linux does not give users admin rights by default -
        this makes is much less likely that your system could become infected with malware.
        And of course, there is no proprietary Microsoft or Apple software constantly
        monitoring everything you do.

        Some good distros to consider would be: **[Fedora](https://getfedora.org/)**,
        **[Debian](https://www.debian.org/)**, or **[Arch](https://www.archlinux.org/)**-
        all of which have a large community behind them. **[Manjaro](https://manjaro.org/)**
        (based of Arch) is a good option, with a simple install process, used by new comers,
        and expers alike.
        **[POP_OS](https://pop.system76.com/)** and **[PureOS](https://www.pureos.net/)**
        are reasonably new general purpose Linux, with a strong focus on privacy, but also
        very user-friendly with an intuitive interfac and install process.
        See [Detailed Comparison](https://en.wikipedia.org/wiki/Comparison_of_Linux_distributions).

        #### BSD
        BSD systems arguably have far superior network stacks.
        **[OpenBSD](https://www.openbsd.org)** is designed for maximum security —
        not just with its features, but with its implementation practices.
        It's a commonly used OS by banks and critical systems.
        **[FreeBSD](https://www.freebsd.org)** is more popular, and aims for high
        performance and ease of use.

        #### Windows
        Two alternative options for Windows users are Windows 10 AME (ameliorated)
        project and the LTSC stream.
        - **[Windows 10 AME](https://ameliorated.info/)** AME project aims at delivering
        a stable, non-intrusive yet fully functional build of Windows 10 to anyone,
        who requires the Windows operating system natively. Core applications, such
        as the included Edge web-browser, Windows Media Player, Cortana, as well as
        any appx applications (appx apps will no longer work), have also been successfully
        eliminated. The total size of removed files is about 2 GB. Comes as a pre-built
        ISO or option to build from scratch with de-bloat scripts. Strong, supportive
        community on Telegram.
        - **[Windows 10 LTSC](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/)**
        LTSC provides several security benefits over a standard Win 10 Installation.
        LTSC or Long Term Servicing Channel is a lightweight, low-cost Windows 10
        version, that is intended for specialized systems, and receives less regular
        feature updates. What makes it appealing, is that it doesn't come with any
        bloatware or non-essential applications, and needs to be configured from the
        ground up by the user. This gives you much better control over what is running
        on your system, ultimately improving security and privacy. It also includes
        several enterprise-grade
        [security features](https://docs.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#security),
        which are not available in a standard Windows 10 instance. It does require
        some technical knowledge to get started with, but once setup should perform
        just as any other Windows 10 system. Note that you should only download the
        LTSC ISO from the Microsoft's
        [official page](https://www.microsoft.com/en-in/evalcenter/evaluate-windows-10-enterprise) 


        #### Improve the Security and Privacy of your current OS
        After installing your new operating system, or if you have chosen to stick
        with your current OS, there are a couple of things you can do to improve security.
        See: [Windows 10 security guide](https://heimdalsecurity.com/en/windows-10-security-guide/privacy),
        [Mac OS security guide](https://spreadprivacy.com/mac-privacy-tips/) or
        [Linux security guide](https://spreadprivacy.com/linux-privacy-tips/).

    ############################
    ###### Linux Defenses ######
    ############################
    - name: Linux Defenses
      services:
      - name: Firejail
        url: https://github.com/netblue30/firejail
        github: netblue30/firejail
        description: |
          Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment
          of untrusted applications using Linux namespaces and seccomp-bpf. Written in C, virtually no dependencies, runs on any
          modern Linux system, with no daemon running in the background, no complicated configuration, and it's super lightweight
          and super secure, since all actions are implemented by the kernel. It includes security profiles for over 800 common
          Linux applications. FireJail is recommended for running any app that may potential pose some kind of risk, such as
          torrenting through Transmission, browsing the web, opening downloaded attachments.

      - name: Gufw
        url: https://man.archlinux.org/man/gufw.8.en
        followWith: Linux
        description: |
          Open source GUI firewall for Linux, allowing you to block internet access for certain applications. Supports both simple
          and advanced mode, GUI and CLI options, very easy to use, lightweight/ low-overhead, under active maintenance and backed
          by a strong community. Installable through most package managers, or compile from source.

      - name: ClamTk
        url: https://gitlab.com/dave_m/clamtk/-/wikis/home
        github: dave_m/clamtk
        description: |
          ClamTk is basically a graphical front-end for ClamAV, making it an easy to use, light-weight, on-demand virus scanner
          for Linux systems.

      - name: chkrootkit
        url: http://www.chkrootkit.org
        description: |
          Locally checks for signs of a rootkit.

      - name: Snort
        url: https://www.snort.org
        description: |
          Open source intrusion prevention system capable of real-time traffic analysis and packet logging.

      - name: BleachBit
        url: https://www.bleachbit.org
        description: |
          Clears cache and deletes temporary files very effectively. This frees up disk space, improves performance, but most
          importantly helps to protect privacy.

      notableMentions: |
        [SecTools.org](https://sectools.org) is a directory or popular Unix security tools.

    ##############################
    ###### Windows Defenses ######
    ##############################
    - name: Windows Defences
      services:
      - name: Windows Spy Blocker
        url: https://github.com/crazy-max/WindowsSpyBlocker
        github: crazy-max/WindowsSpyBlocker
        description: |
          Capture and interprets network traffic based on a set of rules, and
          depending on the interactions certain assignments are blocked.
          Open source, written in Go and delivered as a single executable.

      - name: HardenTools
        url: https://github.com/securitywithoutborders/hardentools
        github: securitywithoutborders/hardentools
        description: |
          A utility that disables a number of risky Windows features. These "features"
          are exposed by the OS and primary consumer applications,
          and very commonly abused by attackers, to execute malicious code on a
          victim's computer. So this tool just reduces the attack surface by
          disabling the low-hanging fruit.

      - name: ShutUp10
        url: https://www.oo-software.com/en/shutup10
        icon: https://www.oo-software.com/oocontent/themes/oo2017/images/icons/front/oosu10.png
        description: |
          A portable app that lets you disable core Windows features (such as Cortana,
          Edge) and control which data is passed to Microsoft.
          (Note: Free, but not open source).

      - name: WPD
        url: https://wpd.app
        icon: https://wpd.app/assets/favicon/apple-touch-icon.png
        description: |
          Portable app with a GUI, that makes it really easy to safely block key
          telemetry features, from sending data to Microsoft and other third parties
          (It uses the Windows API to interact with key features of Local Group
          Police, Services, Tasks Scheduler, etc).

      - name: GhostPress
        url: https://schiffer.tech/ghostpress.html
        icon: https://schiffer.tech/img/logos/gp.png
        description: |
          Anti low-level keylogger: Provides full system-wide key press protection,
          and target window screenshot protection.

      - name: KeyScrambler
        url: https://www.qfxsoftware.com
        icon: https://www.qfxsoftware.com/wp-content/uploads/2018/11/cropped-KS_icon-32x32-px.jpg
        description: |
          Provides protection against software keyloggers. Encrypts keypresses at
          driver level, and decrypts at application level, to protect against
          common keyloggers.

      - name: SafeKeys V3.0
        url: http://www.aplin.com.au
        icon: https://www.aplin.com.au/wp-content/themes/aplin/images/favicon.ico
        description: |
          Portable virtual keyboard. Useful for protecting from keyloggers when
          using a public computer, as it can run of a USB with no administrative
          permissions.

      - name: RKill
        url: https://www.bleepingcomputer.com/download/rkill
        icon: https://www.bleepstatic.com/download/product-logos//2012/05/18/icon1337347931.png
        description: |
          Useful utility, that attempts to terminate known malware processes,
          so that your normal security software can then run and clean your
          computer of infections.

      - name: IIS Crypto
        url: https://www.nartac.com/Products/IISCrypto
        icon: https://www.nartac.com/favicon.png
        description: |
          A utility for configuring encryption protocols, cyphers, hashing methods,
          and key exchanges for Windows components. Useful for sysadmins on Windows
          Server.

      - name: NetLimiter
        url: https://www.netlimiter.com
        icon: https://www.netlimiter.com/favicon.ico
        tosdrId: 9043
        description: |
          Internet traffic control and monitoring tool.

      - name: Sticky-Keys-Slayer
        url: https://github.com/linuz/Sticky-Keys-Slayer
        github: linuz/Sticky-Keys-Slayer
        description: |
          Scans for accessibility tools backdoors via RDP.

      - name: SigCheck
        url: https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck
        description: |
          A CLI utility that shows file version number, timestamp information,
          and digital signature details.

      - name: BleachBit
        url: https://www.bleachbit.org
        icon: https://www.bleachbit.org/sites/default/files/zen_classic_logo_0.png
        description: |
          Clears cache and deletes temporary files very effectively.
          This frees up disk space, improves performance, but most importantly
          helps to protect privacy.

      - name: Windows Secure Baseline
        url: https://github.com/nsacyber/Windows-Secure-Host-Baseline
        github: nsacyber/Windows-Secure-Host-Baseline
        description: |
          Group Policy objects, compliance checks, and configuration tools that
          provide an automated and flexible approach for securely deploying and
          maintaining the latest releases of Windows 10.

      - name: USBFix
        url: https://www.usb-antivirus.com
        icon: https://www.usb-antivirus.com/wp-content/uploads/2015/12/logo-usbfix-80x80.png.webp
        description: |
          Detects infected USB removable devices.

      - name: GMER
        url: http://www.gmer.net
        icon: http://www2.gmer.net/favicon.ico
        description: |
          Rootkit detection and removal utility.

      - name: ScreenWings
        url: https://schiffer.tech/screenwings.html
        icon: https://schiffer.tech/img/logos/sw.png
        description: |
          Blocks malicious background applications from taking screenshots.

      - name: CamWings
        url: https://schiffer.tech/camwings.html
        description: |
          Blocks unauthorized webcam access.

      - name: SpyDish
        url: https://github.com/mirinsoft/spydish
        github: mirinsoft/spydish
        description: |
          Open source GUI app built upon PowerShell, allowing you to perform a quick and easy privacy check, on Windows 10 systems.

      - name: SharpApp
        url: https://github.com/mirinsoft/sharpapp
        github: mirinsoft/sharpapp
        description: |
          Open source GUI app built upon PowerShell, for disabling telemetry functions in Windows 10, uninstalling preinstalled apps, installing software packages and automating Windows tasks with integrated PowerShell scripting.

      - name: Debotnet
        url: https://github.com/Mirinsoft/Debotnet
        github: Mirinsoft/Debotnet
        description: |
          Light-weight, portable app for controlling the many privacy-related settings within Windows 10- with the aim of helping to keep private data, private.

      - name: PrivaZer
        url: https://privazer.com/
        description: |
          Good alternative to CCleaner, for deleting unnecessary data - logs, cache, history, etc.

      wordOfWarning: |
        (The above software was last tested on 01/05/20).
        Many of the above tools are not necessary or suitable for beginners,
        and can cause your system to break - only use software that you need,
        according to your threat model. Take care to only download from an
        official/ legitimate source, verify the executable before proceeding,
        and check reviews/ forums.
        Create a system restore point, before making any significant changes to
        your OS (such as disabling core features).
        
        From a security and privacy perspective, Linux may be a better option.  

      notableMentions: |
        See also these lists:
        - [github.com/Awesome-Windows/Awesome#security](https://github.com/Awesome-Windows/Awesome#security)
        - [github.com/PaulSec/awesome-windows-domain-hardening](https://github.com/PaulSec/awesome-windows-domain-hardening)
        - [github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses](https://github.com/meitar/awesome-cybersecurity-blueteam#windows-based-defenses)

    ############################
    ###### MacOS Defenses ######
    ############################
    - name: Mac OS Defences
      services:
      - name: LuLu
        url: https://objective-see.com/products/lulu.html
        icon: https://objective-see.org/images/logoApple.ico
        github: objective-see/LuLu
        tosdrId: 3069
        description: |
          Free, open source macOS firewall. It aims to block unknown outgoing connections, unless explicitly approved by the user.

      - name: Stronghold
        url: https://github.com/alichtman/stronghold
        icon: https://i.ibb.co/jVmsrYp/stronghold.png
        github: alichtman/stronghold
        description: |
          Easily configure macOS security settings from the terminal.

      - name: Fortress
        url: https://github.com/essandess/macOS-Fortress
        followWith: Mac OS
        github: essandess/macOS-Fortress
        description: |
          Kernel-level, OS-level, and client-level security for macOS. With a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers; with On-Demand and On-Access Anti-Virus Scanning.


    ##########################
    ###### Anti-Malware ######
    ##########################
    - name: Anti-Malware
      alternativeTo: ['norton antivirus', 'mcafee antivirus', 'kaspersky antivirus', 'bitdefender antivirus', 'avast antivirus']
      intro: |
        Cross-platform, open source malware detection and virus prevention tools

      services:
      - name: ClamAV
        url: https://www.clamav.net
        icon: https://www.clamav.net/assets/clamav-trademark.png
        description: |
          An open source cross-platform antivirus engine for detecting viruses, malware & other malicious threats. It is versatile, performant and very effective.

      - name: VirusTotal
        url: https://www.virustotal.com
        icon: https://www.virustotal.com/gui/images/manifest/icon-192x192.png
        tosdrId: 1886
        description: |
          Web-based malware scanner, that inspects files and URLs with over 70 antivirus scanners, URL/domain services, and other tools to extract signals and determine the legitimacy.

      notableMentions: |
        For 1-off malware scans on Windows, [MalwareBytes](https://www.malwarebytes.com)
        is portable and very effective, but [not open source](https://forums.malwarebytes.com/topic/5495-open-source)
      wordOfWarning: |
        For Microsoft Windows, Windows Defender provides totally adequate virus
        protection in most cases. These tools are intended for single-use in
        detecting/ removing threats on an infected machine, and are not recommended
        to be left running in the background, use portable editions where available.

        Many anti virus products have a history of introducing vulnerabilities themselves,
        and several of them seriously degrade the performance of your computer, as well as
        decrease your privacy. Never use a free anti-virus, and never trust the companies
        that offer free solutions, even if you pay for the premium package.
        This includes (but not limited to) Avast, AVG, McAfee and Kasperky.
        For AV to be effective, it needs intermate access to all areas of your PC,
        so it is important to go with a trusted vendor, and monitor its activity closely. 


  - name: Development
    sections:
    - name: Code Hosting
      alternativeTo: ['github', 'gitlab', 'bitbucket', 'sourceforge', 'aws codecommit']
      services:
      - name: SourceHut
        url: https://sourcehut.org
        icon: https://sr.ht/static/logo.svg
        tosdrId: 1607
        description: |
          Git and mercurial code hosting, task management, mailing lists, wiki hosting and Alpine-based build pipelines. Can be self-hosted, or used through the managed instance at sr.ht.

      - name: Codeberg
        url: https://codeberg.org
        icon: https://codeberg.org/assets/img/favicon.svg
        tosdrId: 3370
        description: |
          A fully-managed instance of Forgejo.

      - name: GitLab
        url: https://gitlab.com
        tosdrId: 514
        description: |
          Fully-featured git, CI and project management platform. Managed instance available, but can also be self-hosted.

      - name: Gitea
        url: https://gitea.io/
        description: |
          Lightweight self-hosted git platform, written in Go.

      - name: Gogs
        url: https://gogs.io/
        description: |
          Lightweight self-hosted git platform, written in Go.

    - name: IDEs
      alternativeTo: ['visual studio code', 'intellij idea', 'eclipse', 'pycharm', 'atom']
      services: []

    - name: Terminal Emulators
      alternativeTo: ['putty', 'iterm2', 'gnome terminal', 'hyper', 'powershell']
      services: []

  - name: Smart Home & IoT
    sections:
    - name: Voice Assistants
      alternativeTo: ['alexa', 'google assistant', 'siri', 'cortana', 'bixby']
      intro: |
        Google Assistant, Alexa and Siri don't have the best
        [reputation](https://srlabs.de/bites/smart-spies) when it comes to protecting
        consumers privacy, there have been
        [many recent breaches](https://www.theverge.com/2019/10/21/20924886/alexa-google-home-security-vulnerability-srlabs-phishing-eavesdropping).
        
        For that reason it is recommended not to have these devices in your house.
        The following are open source AI voice assistants, that aim to provide a
        human voice interface while also protecting your privacy and security
      services:
      - name: Mycroft
        tosdrId: 1824
        description: |
          An open source privacy-respecting AI platform, compatible with a wide range of
          devices including Raspberry Pi, desktop computers, or dedicated Mycroft hardware.
          Actively developed, with extensive documentation and a broad skill set. Facilitates
          easy development of new skills.
        url: https://mycroft-ai.gitbook.io/mark-ii
        github: MycroftAI/mycroft-core
        icon: https://avatars.githubusercontent.com/u/14171097?s=200&v=4

      - name: Kalliope
        description: |
          A modular, always-on, voice-controlled personal assistant geared towards home automation.
          Optimized for Raspberry Pi, Debian, or Ubuntu. Skills are easily programmable in YAML,
          though the library of pre-built add-ons is not as extensive.
        url: https://kalliope-project.github.io
        github: kalliope-project/kalliope

      notableMentions: |
        If you choose to continue using Google Home/ Alexa, then check out
        **[Project Alias](https://github.com/bjoernkarmann/project_alias)**.
        It's a small app that runs on a Pi, and gives you more control over your smart assistants, for both customisation and privacy.

        For a desktop-based assistant, see
        [Dragonfire](https://github.com/DragonComputer/Dragonfire) for Ubuntu,
        and [Jarvis](https://github.com/sukeesh/Jarvis) for MacOS.

        [LinTO](https://linto.ai), [Jovo](https://www.jovo.tech) and [Snips](https://snips.ai)
        are private-by-design voice assistant frameworks that can be built on by developers,
        or used by enterprises.
        
        [Jasper](https://jasperproject.github.io),
        [Stephanie](https://github.com/SlapBot/stephanie-va) and
        [Hey Athena](https://github.com/rcbyron/hey-athena-client) are Python-based voice assistant, but neither is under active development anymore.
        See also [OpenAssistant](https://openassistant.org).
      wordOfWarning: |
        If you are building your own assistant, you may want to consider a hardware-switch
        for disabling the microphone. Keep tabs on issues and check the code, to ensure
        you are happy with how it works, from a privacy perspective.

    - name: Smart Home
      alternativeTo: ['philips hue', 'nest', 'samsung smartthings', 'ecobee', 'ring']
      services:
      - name: Gladys Assistant
        description: |
          An open source privacy-respecting Home Assistant, compatible with a wide range of
          devices including Raspberry Pi, desktop computers, or NAS systems.
          Actively developed, with good french community and various integrations 
          (Zigbee, Philips, Camera, Tuya, MQTT, Telegram, ...).
        url: https://gladysassistant.com/
        github: gladysassistant/gladys
        icon: https://avatars.githubusercontent.com/u/7365162?s=200&v=4

  - name: Finance
    sections:
    - name: Cryptocurrencies
      alternativeTo: ['bitcoin', 'ethereum', 'ripple', 'litecoin', 'bitcoin cash']
      services:
      - name: Monero
        url: https://www.getmonero.org
        github: monero-project/monero
        tosdrId: 8279
        description: |
          One of the most private cryptocurrencies, since no meta data is available
          (not even the transaction amount). It uses complex on-chain cryptographic
          methods such as Ring signatures, RingCT, Kovri, and Stealth addresses all
          of which help protect the privacy of users.

      - name: ZCash
        url: https://z.cash
        github: zcash/zcash
        tosdrId: 8258
        description: |
          Uses zero-knowledge proofs to protect privacy cryptographic technique,
          that allows two users to transact without ever revealing their true identity
          or address. The Zcash blockchain uses two types of addresses and transactions,
          Z transactions and addresses are private and T transactions and addresses
          are transparent like Bitcoin.
      furtherInfo: |
        It is still possible to use currencies that have a public ledger 'privately',
        but you will need to take great care not to cause any transactions to be
        linked with your identity or activity. For example, avoid exchanges that
        require KYC, and consider using a service such as
        [Local Bitcoins](https://localbitcoins.net).
        If you use a [Bitcoin ATM](https://coinatmradar.com), then take care to not
        be physically tracked (CCTV, phone location, card payments etc)

      notableMentions: |
        Other privacy-focused cryptocurrencies include:
        [PIVX](https://pivx.org),
        [Verge](https://vergecurrency.com), and [Piratechain](https://pirate.black/). 
      wordOfWarning: |
        Not all cryptocurrencies are anonymous, and without using a privacy-focused coin,
        a record of your transaction will live on a publicly available distributed ledger, forever.
        If you send of receive multiple payments, ensure you switch up addresses or use a mixer,
        to make it harder for anyone trying to trace your transactions.
        Cryptocurrencies that allow private and public transactions may reveal meta
        data about your transactions and balances when funds are moving from
        private to public addresses which can compromise your privacy with methods
        similar to a knapsack problem.

        Always store private keys somewhere safe, but offline

        Note: Cryptocurrency prices can go down. Storing any wealth in crypto may result in losses.
        If you are new to digital currencies - do your research first, don't invest more than you can afford to loose,
        and be very weary crypto-related scams are very common. as is and cryptocurrency-related malware.

        **This is NOT financial advice**


    - name: Crypto Wallets
      alternativeTo: ['coinbase wallet', 'blockchain.com wallet', 'trust wallet', 'exodus', 'ledger live']
      services:
      - name: Wasabi Wallet
        url: https://www.wasabiwallet.io
        icon: https://wasabiwallet.io/img/favicon.ico
        description: |
          An open source, native desktop wallet for Windows, Linux, and MacOS. Wasabi implements trustless CoinJoins over the Tor network. Neither an observer nor the participants can determine which output belongs to which input. This makes it difficult for outside parties to trace where a particular coin originated from and where it was sent to, which greatly improves privacy. Since it's trustless, the CoinJoin coordinator cannot breach the privacy of the participants. Wasabi is compatible with cold storage and hardware wallets, including OpenCard and Trezor.
        followWith: Bitcoin
        github: zkSNACKs/WalletWasabi

      - name: Trezor
        url: https://trezor.io
        icon: https://trezor.io/favicon/apple-touch-icon.png
        github: trezor/trezor-firmware
        description: |
          Open source, cross-platform, offline, crypto wallet, compatible with 1000+ coins. Your private key is generated on the device, and never leaves it, all transactions are signed by the Trezor, which ensures your wallet is safe from theft. There are native apps for Windows, Linux, MacOS, Android, and iOS, but Trezor is also compatible with other wallets, such as Wasabi. You can back the Trezor up, either by writing down the seed, or by duplicating it to another device. It is simple and intuitive to use, but also incredibly customizable with a large range of advanced features.
        followWith: All Coins

      - name: ColdCard
        url: https://coldcardwallet.com/
        description: |
          An easy-to-use, super secure Bitcoin hardware wallet, which can be used independently as an air-gapped wallet. ColdCard is based on partially signed Bitcoin transactions following the BIP174 standard. Built specifically for Bitcoin, and with a variety of unique security features, ColdCard is secure, trustless, private, and easy-to-use. Companion products for the ColdCard include: BlockClock, SeedPlate, and ColdPower.
        followWith: Bitcoin
        github: Coldcard/firmware

      - name: Electrum
        url: https://electrum.org/
        description: |
          Long-standing Python-based Bitcoin wallet with good security features. Private keys are encrypted and do not touch the internet and balance is checked with a watch-only wallet. Compatible with other wallets, so there is no tie-in, and funds can be recovered with your secret seed. It supports proof-checking to verify transactions using SPV, multi-sig, and add-ons for compatibility with hardware wallets. A decentralized server indexes ledger transactions, meaning it's fast and doesn't require much disk space. The potential security issue here would not be with the wallet, but rather your PC - you must ensure your computer is secure and your wallet has a long, strong passphrase to encrypt it with.
        followWith: Bitcoin
        github: spesmilo/electrum
        tosdrId: 2761

      - name: Sparrow Wallet
        url: https://sparrowwallet.com/
        description: |
          Sparrow is a Bitcoin wallet for those who value financial self-sovereignty. Sparrow’s emphasis is on security, privacy, and usability. Sparrow does not hide information from you - on the contrary, it attempts to provide as much detail as possible about your transactions and UTXOs, but in a way that is manageable and usable.
        followWith: Bitcoin
        github: sparrowwallet/sparrow

      - name: Atomic Wallet
        url: https://atomicwallet.io/
        description: |
          Atomic is an open-source desktop and mobile-based wallet, where your private keys are stored on your local device, and do not touch the internet. Atomic has a great feature set, and supports swapping, staking, and lending directly from the app. However, most of Atomic's features require an active internet connection, and Atomic does not support hardware wallets yet. Therefore, it may only be a good choice as a secondary wallet, for storing small amounts of your actively used currency.
        followWith: All Coins
        github: Atomicwallet/bip38

      - name: CryptoSteel
        url: https://cryptosteel.com/how-it-works
        description: |
          A steel plate, with engraved letters which can be permanently screwed - CryptoSteel is a good fire-proof, shock-proof, water-proof, and stainless cryptocurrency backup solution.
        followWith: All Coins

      - name: BitBox02
        url: https://shiftcrypto.ch/
        description: |
          Open source hardware wallet, supporting secure multisig with the option for making encrypted backups on a MicroSD card.
        followWith: Bitcoin or Ethereum & ERC-20 tokens
        github: digitalbitbox/bitbox-wallet-app

      notableMentions: |
        [Metamask](https://metamask.io/) (Ethereum and ERC20 tokens) is a bridge
        that allows you to visit and interact with distributed web apps in your browser.
        Metamask has good hardware wallet support, so you can use it to swap, stake,
        sign, lend and interact with dapps without you're private key ever leaving your device.
        However the very nature of being a browser-based app means that you need to stay vigilant with what services you give access to.
      wordOfWarning: |
        Avoid using any online/ hot-wallet, as you will have no control over
        the security of your private keys.

        Offline paper wallets are very secure, but ensure you store it
        properly - to keep it safe from theft, loss or damage.


    - name: Crypto Exchanges
      alternativeTo: ['coinbase', 'binance', 'kraken', 'bitfinex', 'huobi']
      services:
      - name: Bisq
        url: https://bisq.network
        description: |
          An open-source, peer-to-peer application that allows you to buy and sell
          cryptocurrencies in exchange for national currencies. Fully decentralized,
          and no registration required.

      - name: LocalBitcoins
        url: https://localbitcoins.com/
        tosdrId: 3645
        description: |
          Person-to-person exchange, find people local to your area, and trade
          directly with them, to avoid going through any central organization.
          Primarily focused on Bitcoin, Ethereum, Ripple, and LiteCoin,
          as it gets harder to find people near you selling niche alt-coins.

      - name: AtomicDEX
        url: https://atomicdex.io/
        description: |
          Person-to-person cryptocurrency exchange with no KYC or registration
          required and uses atomic swaps to perform trustless trades.
          The orderbook uses a modified libp2p protocol to prevent censorship and maintain decentralization.
          Fiat currencies are not supported, but hundreds of alt-coins and major cryptocurrencies are supported.
        github: KomodoPlatform/atomicDEX-Pro

      - name: RoboSats
        url: https://learn.robosats.com
        github: RoboSats/robosats
        description: |
          RoboSats is an easy way to privately exchange Bitcoin for national currencies.
          It simplifies the peer-to-peer experience and makes use of lightning hold
          invoices to minimize custody and trust requirements.
          The deterministically generated avatars help users stick to best privacy practices.

      notableMentions: |
        For traders, [BaseFEX](https://www.basefex.com/) doesn't require ID and has a good privacy policy.

        [BitMex](https://www.bitmex.com/) has more advanced trading features,
        but ID verification is required for higher value trades involving Fiat currency.
        
        For buying and selling alt-coins, [Binance](https://www.binance.com/en/register?ref=X2BHKID1) has a wide range of currencies,
        ~and ID verification is not needed for small-value trades~ but ID verification is required in most countries.

    - name: Virtual Credit Cards
      alternativeTo: ['visa', 'mastercard', 'american express', 'discover', 'capital one']
      intro: |
        Virtual cards generated provide an extra layer of security, improve privacy
        and help protect from fraud. Most providers have additional features,
        such as single-use cards (that cannot be charged more than once),
        card limits (so you can be sure you won't be charged more than you expected)
        and other security controls.

        In most countries KYC is required. The bank will of course be able to see all your transactions.
        Be sure to read their privacy policy and terms of service beforehand.
        Not all services are available in all countries.
      services:
      - name: Privacy.com
        url: https://privacy.com
        tosdrId: 3262
        description: |
          Privacy.com has a good reputation, and is the largest virtual card provider
          in the US. Unlike other providers, it is free for personal use (up to 12 cards
          per month) with no fees, apps and support is good. There is a premium plan
          for $10/month, with 1% cashback and 36 cards/month.

      - name: Revolut Premium
        url: https://www.revolut.com/
        tosdrId: 2310
        description: |
          Revolut is more of a digital bank account, and identity checks are required
          to sign up. Virtual cards are only available on Premium/ Metal accounts, which
          start at $7/month.

      - name: MySudo
        url: https://mysudo.com
        tosdrId: 1351
        description: |
          Much more than just virtual cards, MySudo is a platform for creating
          compartmentalised identities, each with their own virtual cards, virtual phone
          numbers, virtual email addresses, messaging, private browsing, and more. There
          is a free plan for up to 3 identities, and premium plans start at $0.99/month.


    - name: Other Payment Methods
      services:
      - name: Cash
        icon: https://i.ibb.co/GWcPjYs/cash.png
        url: ''
        description: |
          Actual physical cash is still the most private option, with no chance of leaving
          any transactional records.
      - name: Gift Cards
        icon: https://i.ibb.co/dKBV5Xq/gift-card.png
        url: ''
        description: |
          Gift cards can be purchased for cash in many convenience stores, and redeemed
          online for goods or services. Try to avoid CCTV as best as possible.
      - name: Pre-paid Cards
        icon: https://i.ibb.co/hm1gPsG/pre-paid.png
        url: ''
        description: |
          Similarly to gift cards, buying a pre-paid card for cash can enable you to
          purchase goods and services in stores that only accept card payments.
      wordOfWarning: |
        Note that credit card providers heavily track transaction metadata, which build
        up a detailed picture of each persons spending habits. This is done both to
        provide improved fraud alerts, but also because the data is extremely valuable
        and is often 'anonymized' and sold to 3rd parties. Hence your privacy is degraded
        if these cards are used for daily transactions
      furtherInfo: |
        Paying for goods and services is a good example of where privacy and security conflict;
        the most secure option would be to pay with credit card, since most providers include
        comprehensive fraud protection, whereas the most private option would be to pay using
        crypto currency or cash, since neither can be easily tied back to your identity.


    - name: Secure Budgeting
      alternativeTo: ['mint', 'you need a budget (ynab)', 'pocketguard', 'quicken', 'goodbudget']
      services:
      - name: Firefly III
        description: |
          A free and open source personal finance manager. Firefly III features a clean
          and clear UI, is easy to set up and use, and is backed by a strong community.
          Regular updates bring new features, improvements, and fixes. There's also a hass.io
          addon, and compatibility with Home Assistant. Ensure your server is securely configured.
        followWith: Self-hosted
        github: firefly-iii/firefly-iii
        url: https://www.firefly-iii.org

      - name: GnuCash
        description: |
          A full-featured cross-platform accounting application suitable for personal
          and small business finance. Stable and reliable, GnuCash offers a comprehensive
          suite of financial management tools. Available for Windows, Mac, Linux, and
          Android.
        followWith: Desktop
        github: Gnucash/gnucash
        url: https://www.gnucash.org
        icon: https://www.gnucash.org/images/gnc-download.png

      - name: Plain Text Accounting
        github: plaintextaccounting/plaintextaccounting
        description: |
          Utilizes plain text files and scriptable, command-line-friendly software for
          bookkeeping/accounting, offering full control over data. Popular tools include
          Ledger, hledger, and Beancount among others, providing a flexible and vendor-independent
          approach to accounting.
        url: https://plaintextaccounting.org


      notableMentions: |
        Spreadsheets remain a popular choice for managing budgets and financial planning.
        [Collabora](https://nextcloud.com/collaboraonline) or
        [OnlyOffice](https://nextcloud.com/onlyoffice) (on [NextCloud](https://nextcloud.com)),
        [Libre Office](https://www.libreoffice.org) and [EtherCalc](https://ethercalc.net)
        are popular open source spread sheet applications. [Mintable](https://github.com/kevinschaich/mintable)
        allows you to auto-populate your spreadsheets from your financial data,
        using publicly accessible API - mitigating the requirement for a dedicated budgeting application.

        Other notable open source budgeting applications include:
        [Smart Wallet](https://apps.apple.com/app/smart-wallet/id1378013954) (iOS),
        [My-Budget](https://rezach.github.io/my-budget) (Desktop),
        [MoneyManager EX](https://www.moneymanagerex.org),
        [Skrooge](https://skrooge.org),
        [kMyMoney](https://kmymoney.org) and
        [Budget Zen](https://budgetzen.net) (a simple E2E encrypted budget manager)


  - name: Social
    sections:
    - name: Social Networks
      alternativeTo: ['facebook', 'twitter', 'instagram', 'linkedin', 'snapchat']
      intro: |
        Over the past decade, social networks have revolutionized the way we communicate
        and bought the world closer together - but it came at the
        [cost of our privacy](https://en.wikipedia.org/wiki/Privacy_concerns_with_social_networking_services).
        
        Social networks are built on the principle of sharing - but you, the user
        should be able to choose with whom you share what, and that is what the
        following sites aim to do.
      services:
      - name: Aether
        description: |
          Offers self-governing communities with auditable moderation, akin to Reddit but
          prioritizing privacy, democracy, and transparency. Aether is peer-to-peer and open
          source, available for Windows, Mac, and Linux.
        url: https://getaether.net
        github: getaether/aether-community-firmware

      - name: Discourse
        description: |
          A fully open-source, self-hostable discussion platform usable as a mailing list,
          discussion forum, or long-form chat room.
        url: https://www.discourse.org
        github: discourse/discourse
        tosdrId: 1340

      - name: Mastodon
        description: |
          An open-source, distributed social media platform functioning similarly to Twitter,
          without algorithmic timeline manipulations. It operates across independent servers.
        url: https://mastodon.social
        github: mastodon/mastodon
        tosdrId: 639

      - name: Minds
        description: |
          A social media platform designed to foster open conversations and community
          engagement. Rewards content creation.
        url: https://www.minds.com
        github: minds/minds

      notableMentions: |
        - [diaspora\*](https://diasporafoundation.org), [Pleroma](https://pleroma.social), [Friendica](https://friendi.ca) and [Hubzilla ](https://hubzilla.org) - distributed, decentralized social networks, built on open protocols
        - [Tildes](https://tildes.net), [Lemmy](https://dev.lemmy.ml) and [notabug.io](https://notabug.io) - bulletin boards and news aggregators (similar to Reddit)
        - [Pixelfed](https://pixelfed.org) - A free, ethical, federated photo sharing platform (FOSS alternative to Instagram)
      furtherInfo: |
        The content on many of these smaller sites tends to be more *niche*.
        To continue using Twitter, there are a couple of
        [tweaks](https://www.offensiveprivacy.com/blog/twitter-privacy),
        that will improve security. For Reddit, use a privacy-respecting client -
        such as [Reditr](http://reditr.com/).
        Other main-stream social networking sites do not respect your privacy,
        so should be avoided, but if you choose to keep using them see
        [this guide](https://proprivacy.com/guides/social-media-privacy-guide) for tips on protecting your privacy

    - name: Video Platforms
      alternativeTo: ['youtube', 'tiktok', 'vimeo', 'dailymotion', 'twitch']
      services:
      - name: PeerTube
        description: |
          A federated video platform leveraging peer-to-peer technology to decrease server
          load during video streaming. Supports self-hosting or joining existing instances,
          enabling video viewing from any PeerTube server.
        url: https://joinpeertube.org
        tosdrId: 1596

      - name: DTube
        description: |
          A decentralized, ad-free video platform emphasizing minimal moderation. It rewards
          users with cryptocurrency, leveraging blockchain technology.
        url: https://d.tube
        tosdrId: 2798

      - name: BitChute
        description: |
          Established in 2017, BitChute is a video hosting service that offers a platform for
          uploaders to evade the content restrictions found on other sites like YouTube.
        url: https://www.bitchute.com
        icon: https://i.ibb.co/gvxXK0Z/bitchute.png
        tosdrId: 513

      wordOfWarning: |
        Without moderation, some of these platforms accommodate video creators
        whose content may not be appropriate for all audiences
      furtherInfo: |
        #### YouTube Proxies
        The content on many of the smaller video sites, often just doesn't compare to YouTube.
        So another alternative, is to access YouTube through a proxy client, which reduces what Google can track.
        - Good options are: [Invidious](https://invidious.io/) (web), [Piped](https://piped.kavin.rocks) (web), [FreeTube](https://freetubeapp.io/) (Windows, Mac OS, Linux), [NewPipe](https://newpipe.schabi.org/) (Android), [YouTube++](https://iosninja.io/ipa-library/download-youtube-plus-ipa-ios) (iOS)
        - Or download videos with [youtube-dl](https://ytdl-org.github.io/youtube-dl/) (cli) or [youtube-dl-gui](https://github.com/MrS0m30n3/youtube-dl-gui) (gui). For just audio, there is [PodSync](https://podsync.net/)

        #### Video Search Engines
        [Petey Vid](https://www.peteyvid.com) is a non-biased video search engine.
        Unlike normal search engines it indexes videos from a lot of sources,
        including Twitter, Veoh, Instagram, Twitch, MetaCafe, Minds, BitChute,
        Brighteon, D-Tube, PeerTube, and many others.

    - name: Blogging Platforms
      alternativeTo: ['wordpress', 'medium', 'blogger', 'tumblr', 'wix']
      services:
      - name: Write Freely
        description: |
          A minimalist, federated blogging platform offering a clean UI. It's free, open source,
          and caters to writers seeking simplicity and federation capabilities. For hosted options,
          visit Write.as.
        url: https://writefreely.org
        github: writeas/writefreely

      - name: Telegraph
        description: |
          A quick, anonymous blogging platform by Telegram. It's designed for simplicity and speed,
          allowing for straightforward content publishing without registration.
        url: https://telegra.ph

      - name: Mataroa
        description: |
          A minimalist blogging platform focused on privacy and simplicity. It's open source and
          eschews complex features for a straightforward writing and publishing experience.
        url: https://mataroa.blog
        github: mataroa-blog/mataroa

      - name: Bear Blog
        description: |
          A no-nonsense, super-fast blogging platform prioritizing privacy. It strips back
          unnecessary features to focus on straightforward blogging. The platform is open source.
        url: https://bearblog.dev/
        github: HermanMartinus/bearblog

      - name: Movim
        description: |
          A web frontend for XMPP, offering decentralized blogging and chatrooms. Movim is open source,
          integrating social and communication tools in a unified platform.
        url: https://movim.eu/
        github: movim/movim

      - name: Pico
        description: |
          Web services over SSH, including blogging with Prose, microsites with Pages, and a pastebin with
          Pastes. The services use public-key cryptography by default with no browser-based tracking and
          minimal logging.
        url: https://pico.sh/
        github: picosh/pico
        openSource: true

      notableMentions: |
        If you use [Standard Notes](https://standardnotes.com/?s=chelvq36),
        then [Listed.to](https://listed.to) is a public blogging platform with
        strong privacy features.
        It lets you publish posts directly through the Standard Notes app or web interface.
        
        Other minimalistic platforms include [Notepin.co](https://notepin.co) and [Pen.io](http://pen.io).

        Want to write a simple text post and promote it yourself?
        Check out [telegra.ph](https://telegra.ph), [txt.fyi](https://txt.fyi) and [NotePin](https://notepin.co).
        For seriously anonymous platforms, aimed at activists, see [noblogs](https://noblogs.org/)
        and [autistici](https://www.autistici.org).
        It is also possible to host a normal [WordPress](https://wordpress.com) site,
        without it being linked to your real identity, although WP does not have
        the best reputation when it comes to privacy.

        Of course you could also host your blog on your own server,
        using a standard open source blog platform, such as
        [Ghost](https://ghost.org) and configure it to disable all trackers, ads and analytics.

    - name: News Readers
      alternativeTo: ['google news', 'flipboard', 'feedly', 'apple news', 'reddit']
      services:
      - name: Tiny RSS
        description: |
          A web-based news feed reader and aggregator, supporting RSS/Atom feeds. It's free, open source,
          and offers a customizable and self-hostable platform for managing your news feeds.
        url: https://tt-rss.org

      - name: RSSOwl
        description: |
          A powerful, desktop-based RSS reader offering extensive organization features. It facilitates
          managing and curating news feeds from various sources.
        url: http://www.rssowl.org

      - name: Feedly
        description: |
          Offers a premium news aggregation experience, presenting news from chosen sources in a clean,
          modern interface. Beyond RSS, it integrates with various news outlets, ensuring a tailored
          news feed without manipulated content. Parts of the service are open source.
        url: https://feedly.com
        tosdrId: 405

    - name: Proxy Sites
      intro: |
        These are websites that enable you to access existing social media platforms,
        without using their primary website - with the aim of improving privacy &
        security and providing better user experience. The below options are open
        source (so can be self-hosted, if you wish), and they do not display ads
        or tracking (unless otherwise stated).
      services:
      - name: Nitter
        description: |
          A privacy-centric alternative to Twitter's front-end, focusing on preventing user tracking.
          It's free, open source, lightweight, supports multiple themes, and offers customizable RSS feeds.
          All client requests are proxied, enhancing privacy. No JavaScript required.
        url: https://nitter.net
        followWith: Twitter

      - name: Invidious
        description: |
          An open source, privacy-focused YouTube frontend. It minimizes Google tracking, supports audio-only mode,
          integrates Reddit comments, and offers advanced playback options. Lightweight and can function without
          JavaScript. Supports import/export of subscriptions and feed customization.
        url: https://invidious.io
        followWith: YouTube
        tosdrId: 1471

      - name: Libreddit
        description: |
          A private, fast Reddit frontend written in Rust. Excludes ads, trackers, and bloat, making it much faster
          than the official site. Can be self-hosted via Docker or other methods. Implements most Reddit features
          for anonymous browsing.
        url: https://libreddit.spike.codes
        followWith: Reddit

      - name: WebProxy
        description: |
          A free proxy service offering a Tor mode for evading censorship and accessing geo-restricted content.
          Claims to encrypt traffic, but caution is advised for personal information. Managed by DevroLabs.
        url: https://weboproxy.com

      notableMentions:
      - name: NewPipe
        url: https://newpipe.schabi.org
        description: An open source, privacy-respecting YouTube client for Android.
        # tosdrId: 2568
      - name: FreeTube 
        url: https://freetubeapp.io
        description: |
          An open source YouTube client for Windows, MacOS and Linux, providing
          a more private experience, with a native-feel desktop app.
          It is built upon the [Invidious](https://invidious.io/) API.
        # tosdrId: 3996
      wordOfWarning: |
        When proxies are involved - only use reputable services, and **never** enter any personal information


  - name: Media
    sections:
    - name: Gaming
      alternativeTo: ['steam', 'epic games store', 'origin', 'ubisoft connect', 'battle.net']
      services: []
    - name: Media Servers
      alternativeTo: ['plex', 'emby', 'kodi', 'jellyfin', 'universal media server']
      services: []
    - name: Music Players
      alternativeTo: ['spotify', 'apple music', 'google play music', 'amazon music', 'pandora']
      services: []
    - name: Video Players
      alternativeTo: ['vlc', 'windows media player', 'quicktime', 'mplayer', 'kmplayer']
      services: []
    - name: Photo Viewers
      alternativeTo: ['google photos', 'windows photo viewer', 'adobe lightroom', 'apple photos', 'irfanview']
      services: []
    - name: E-Book Readers
      alternativeTo: ['kindle', 'google play books', 'apple books', 'adobe digital editions', 'calibre']
      services: []
    - name: Podcast Players
      alternativeTo: ['apple podcasts', 'spotify', 'google podcasts', 'pocket casts', 'overcast']
      services: []
    - name: Torrent Downloaders
      alternativeTo: ['utorrent', 'bittorrent', 'qBittorrent', 'deluge', 'transmission']
      services: []
    - name: File Converters
      alternativeTo: ['format factory', 'handbrake', 'freemake video converter', 'any video converter', 'online-convert.com']
      services: []

  - name: Creativity
    sections:
    - name: Image Editors
      alternativeTo: ['adobe photoshop', 'paint.net', 'corel paintshop pro', 'affinity photo']
      services:
      - name: Gimp
        followWith: Windows, Mac OS, Linux
        description: |
          A free, open source, cross-platform image editor. GIMP is a powerful tool for
          photo retouching, image composition, and image authoring. It is highly customizable,
          and supports a wide range of file formats.
        url: https://www.gimp.org
        github: GNOME/gimp
        icon: https://www.gimp.org/images/frontpage/wilber-big.png
        openSource: true
      - name: InkScape
        followWith: Windows, Mac OS, Linux
        description: |
          A free, open source, professional vector graphics editor. It is a powerful tool
          for creating illustrations, icons, logos, diagrams, maps, and web graphics.
        url: https://inkscape.org
        github: inkscape/inkscape
        icon: https://media.inkscape.org/static/images/inkscape-logo.svg
        openSource: true
        tosdrId: 6568
      - name: Paint.NET
        followWith: Windows
        description: |
          A more advanced take on Microsoft Paint. Suitable for basic image editing,
          with support for basic layers, unlimited undo/redo, and extendable via plugins
        url: https://www.getpaint.net
        github: paintdotnet/release
        icon: https://i.ibb.co/PmNGFmh/Paint-NET.png
        openSource: true
      - name: PixlrX
        followWith: Web
        url: https://pixlr.com/express
        description: |
          A free web-based image editor, with a modern UI.
          Also offers premium/paid features, such as AI-powered generation, touchup and editing
        icon: https://pixlr.com/apple-touch-icon.png
        tosdrId: 3240
        openSource: false
        securityAudited: false
        acceptsCrypto: false
      - name: RawTherapee
        followWith: Windows, Mac OS, Linux
        description: |
          A powerful raw photo processing system and editor, for non-destructive editing
          of raw digital photos
        url: https://rawtherapee.com
        github: Beep6581/RawTherapee
        icon: https://icons.iconarchive.com/icons/papirus-team/papirus-apps/256/rawtherapee-icon.png
        openSource: true
      - name: PhotoPea
        followWith: Web
        description: |
          A free online image editor, for both  raster and vector graphics,
          with a very wide range of supported formats
        url: https://photopea.com
        icon: https://www.photopea.com/promo/icon512.png
        github: photopea/photopea
        openSource: false
        securityAudited: false
        acceptsCrypto: true
        tosdrId: 4105
      - name: Krita
        followWith: Windows, Mac OS, Linux
        icon: https://i.ibb.co/TqtRH52/Krita.png
        openSource: true
        description: |
          Digital painting application.
          Free and open source (backed by KDE), with cross-platform support,
          Krita is popular among both professional and amateur artists
          due to it's comprehensive feature set, and intuitive UI
        url: https://krita.org/en
        github: KDE/krita
      - name: DarkTable
        followWith: Windows, Mac OS, Linux
        description: |
          A photography workflow application (similar to Adbobe Lightroom)
          Includes a  non-destructive raw developer for raw images and managing digital negatives.
        url: https://www.darktable.org
        github: darktable-org/darktable
        icon: https://i.ibb.co/09PfHbG/darktable.png
        openSource: true

    - name: Video Editors
      alternativeTo: ['adobe premiere pro', 'final cut pro', 'davinci resolve', 'imovie', 'sony vegas pro']
      services: 
      - name: Shotcut
        followWith: Windows, Mac OS, Linux
        description: |
          A free, open source, cross-platform video editor, using FFmpeg
          Shotcut supports a wide range of formats, and has a comprehensive feature set,
          including 4K & 8k resolution, webcam + audio capture, batch opperations and
          [much more](https://shotcut.org/features/)
        url: https://shotcut.org
        github: mltframework/shotcut
        icon: https://www.shotcut.org/assets/img/media/shotcut-logo-512x512.png
        openSource: true
      - name: OpenShot
        followWith: Windows, Mac OS, Linux
        description: |
          A free, simple, cross-platform video editor.
          Great for trimming/slicing, video effects, adding titles, scene animations
          and [more](https://www.openshot.org/features/)
        url: https://www.openshot.org
        github: OpenShot/openshot-qt
        icon: https://www.openshot.org/static/img/favicon.png
        openSource: true
      - name: Kdenlive
        followWith: Windows, Mac OS, Linux
        description: |
          KDE Non-Linear Video Editor, is an editor based on the MLT Framework, KDE and Qt,
          written using C++ and using FFmpeg
        url: https://kdenlive.org
        github: kdenlive/kdenlive
        icon: https://seeklogo.com/images/K/kdenlive-logo-CAAD792F3F-seeklogo.com.png
        openSource: true
      - name: FlowBlade
        followWith: Linux
        description: |
          A multitrack non-linear video editor with a simple interface
        url: https://jliljebl.github.io/flowblade
        github: jliljebl/flowblade
        icon: https://i.ibb.co/WkBKN6r/flowblade.png
        openSource: true
      - name: Cinelerra GG Infinity
        followWith: Linux
        description: |
          Simple video editor, for applying transitions, effects and text as well
          as splicing video clips
        url: https://www.cinelerra-gg.org
        github: cinelerra-gg/cinelerra-gg
      - name: VitCutter
        followWith: Windows, Mac OS, Linux
        description: |
          A simple Python-based cross-platform tool for cutting and splicing videos
        url: https://sourceforge.net/projects/vidcutter/
        github: ozmartian/vidcutter
        icon: https://a.fsdn.com/allura/p/vidcutter/icon?1624427151
      - name: Natron
        followWith: Windows, Mac OS, Linux
        description: |
          Free & open desktop node-graph based video compositing software.
          Similar in functionalities to Adobe After Effects.
          Features flexible rotoscoping, 2D & planner tracking, keying tools,
          curve & dope-shift editor, GPU & network rendering, and is
          easily extendable via community plugins, or by writing Python scripts
        url: https://natrongithub.github.io
        github: NatronGitHub/Natron
        icon: https://natrongithub.github.io/img/Natron_icon.svg
        openSource: true
    
    - name: Audio Editors & Recorders
      alternativeTo: ['adobe audition', 'garageband', 'fl studio', 'ableton live']
      services:
      - name: Audacity
        followWith: Windows, Mac OS, Linux
        description: |
          An easy-to-use, multi-track audio editor and recorder for desktops,
          great free alternative to Adobe Audition.
          Features recording from real and virtual devices,
          import/export to a wide range of formats, high-quality processing
          advanced multi-track editing, noise reduction, pitch correction, 
          audio restoration and much more.
          It's easily extendable via community plugins, and 
          also supports cusotm macros and many scripting options
        url: https://www.audacityteam.org
        github: audacity/audacity
        icon: https://www.audacityteam.org/_astro/Audacity_Logo.63b57726.svg
        openSource: true
        tosdrId: 4516
    
    - name: Casting & Streaming
      alternativeTo: ['xsplit', 'streamlabs obs', 'twitch studio', 'wirecast']
      services:
      - name: OBS Studio
        followWith: Windows, Mac OS, Linux
        description: |
          Powerful desktop software for live streaming and screen recording.
          Free and open source software for video recording and live streaming.
          Features real-time video/audio capturing, scene composition, encoding,
          recording, and broadcasting. It supports a wide range of formats,
          and is easily extendable via community plugins
        url: https://obsproject.com
        github: obsproject/obs-studio
        icon: https://obsproject.com/assets/images/new_icon_small-r.png
        openSource: true
        tosdrId: 4227
    
    - name: Screenshot Tools
      alternativeTo: ['snagit', 'greenshot', 'lightshot', 'gyazo', 'sharex']
      services: []
    
    - name: 3D Graphics
      alternativeTo: ['blender', 'autodesk maya', 'cinema 4d', '3ds max', 'sketchup']
      services:
      - name: Blender
        followWith: Windows, Mac OS, Linux
        description: |
          Free desktop 3D creation suite, with a wide range of tools for
          modeling, sculpting, texturing, rigging, animation, rendering, compositing,
          motion tracking, and video editing. It's easily extendable via community plugins
        url: https://www.blender.org
        github: blender/blender
        icon: https://www.blender.org/wp-content/themes/bthree/assets/icons/apple-touch-icon.png
        openSource: true
        securityAudited: true
        tosdrId: 8114
      - name: Wings3D
        followWith: Windows, Mac OS, Linux
        description: |
          A simple and easy-to-use subdivision 3D modeler
          with AutoUV facility for unfolding a models surface for painting/texturing.
          Unlike Blender, it has no built-in animation capabilites, and it's feature set
          is more limited, but it's a good choice for beginners.
        url: https://wings3d.com
        github: dgud/wings
        icon: https://upload.wikimedia.org/wikipedia/commons/thumb/e/e9/Wings3d.png/120px-Wings3d.png
    
    - name: Animation
      alternativeTo: ['adobe after effects', 'animate cc', 'toon boom harmony', 'moho (anime studio)', 'pencil2d']
      services:
      - name: Aseprite
        url: https://www.aseprite.org/
        icon: https://upload.wikimedia.org/wikipedia/commons/2/24/Logo_Aseprite.png
        description: An animated sprite editor & pixel art tool for Windows, macOS and Linux.
        github: https://github.com/aseprite/aseprite
        openSource: true