Privacy tools,
honestly compared.
The directory we wished existed when picking a private browser, encrypted messenger, no-logs VPN, or password manager you can actually trust. 31 tools across 10 categories. Audits, jurisdiction, source code, and trade-offs spelled out. No affiliate kickbacks.
Tor Browser without Tor. Built jointly by Mullvad and the Tor Project — same anti-fingerprinting hardening, but uses your VPN (or no VPN) instead of the Tor network. Ideal pair with Mullvad VPN.
Free, open source TOTP authenticator with E2EE cloud sync. Works across iOS, Android, desktop, and web. The cross-platform Aegis everyone wanted. Self-host the server if you really want to.
The first messenger with no user identifiers — not even random IDs. Connect via one-time invitation links. Self-hostable relays. Smaller user base than Signal but the privacy model is stricter.
Proton's E2EE cloud storage, bundled with Mail/VPN/Calendar/Pass. 5GB free, paid plans share storage with Mail. The Dropbox replacement if Proton is your privacy stack.
Paid search engine that aligns with the user, not advertisers. No ads, no profile, results you can downrank or block per domain. $10/month for unlimited. The premium pick for power searchers tired of SEO sludge.
First privacy search to ship its own independent index (no Bing). Optional AI summaries. Free tier with ads or $3/mo ad-free Premium. Solid Goggles feature lets you reweight result rankings.
Self-hosted metasearch that proxies queries to dozens of engines (Google, Bing, Brave, Wikipedia) without revealing your IP to them. Active fork of the original SearX. Many public instances if you don't want to host.
Firefox fork hardened with arkenfox-style user.js out of the box. Telemetry stripped, Pocket removed, uBlock Origin preinstalled. Auto-updates kept; everything else made boring.
Onion-routed messenger over the Session Network. No phone number, no email, no email recovery — just a generated 66-character account ID. Trades convenience for anonymity.
DNS-as-a-service with per-device profiles, ad/tracker/malware blocking, and detailed logs you can disable. Free up to 300K queries/month. Simpler than Pi-hole, works on cellular too.
Hardened Android build for Pixel devices. Removes Google Play Services by default, sandboxes them when re-enabled per-profile. Best mobile privacy you can run without giving up modern apps. Pixel-only.
Unofficial Rust rewrite of the Bitwarden server. Same client compatibility, way lighter resource use — runs on a Raspberry Pi. Lets you self-host the Bitwarden ecosystem without a license fee.
Peer-to-peer messenger that works over Tor, Bluetooth, or local Wi-Fi. No servers at all. Built for activists in censorship environments. Android + desktop Linux only.
Local-only TOTP authenticator for Android. Encrypts the vault with your password or biometrics, exports clean JSON for backup, scans QR codes from images. The default replacement for Google/Microsoft Authenticator.
Free recursive DNS run by a Swiss nonprofit. Blocks malware domains via threat intelligence, but does not block ads. The pick when you want safer DNS without the political baggage of bigger providers.
The only major VPN with a usable free tier and no bandwidth cap. Built on WireGuard. Includes Tor-over-VPN and Secure Core (multi-hop) on paid plans. Same Swiss legal protection as Proton Mail.
Local-first password manager. The .kdbx file is yours — sync via Syncthing, Nextcloud, Dropbox, USB stick, whatever. No cloud, no account, no telemetry. Built-in TOTP authenticator and YubiKey support.
Open source password manager with cloud sync, browser extensions, mobile apps, and a self-hostable server (Vaultwarden is the unofficial Rust rewrite). Free tier covers most personal use. $10/year premium.
Client-side encryption for any cloud — Dropbox, Google Drive, OneDrive, S3, anything. Files become encrypted vaults the cloud can't read. Free desktop, ~$15 one-time mobile. The bring-your-own-cloud answer to Tresorit.
Chromium fork that strips Google integrations and ships ad/tracker blocking by default. Tor windows built in. The lowest-friction switch from Chrome that keeps the same compatibility.
Network-wide ad blocker that runs on a $35 Raspberry Pi or any Linux box. Blocks at DNS level for every device on your LAN. Pair with Unbound for a full recursive resolver and you can stop using upstream DNS entirely.
End-to-end encrypted messenger with the Signal Protocol. Default for journalists, activists, and security pros. No ads, no tracking, no backdoors. Tied to a phone number which is the main complaint.
Swiss-based encrypted email with E2EE between Proton users and PGP for outside contacts. Free 1GB tier, paid plans add custom domains and Bridge for desktop clients. Largest privacy-mail provider.
Security-by-compartmentalization OS based on Xen. Each task runs in its own isolated VM (qube): banking in one, web browsing in another, untrusted email in a disposable third. Steep curve, paranoia-grade payoff.
German encrypted email that encrypts subject lines and metadata too, not just bodies. Uses a custom hybrid scheme over PGP. Free 1GB. Quantum-resistant since 2024.
Gibraltar-registered VPN, smaller and more boutique than Mullvad. Anonymous account IDs, AntiTracker DNS-level blocking, multi-hop. Pay with cash or Monero. The thinking person's pick when Mullvad is full.
Live OS on a USB stick. Boots into a Tor-only Linux session that leaves nothing on the host machine. Used by journalists, sources, and people in hostile environments. Optional persistent encrypted volume.
Swedish VPN with the strictest no-logs policy in the industry. Pay anonymously with cash, Monero, or BTC. Account is just a 16-digit number — no email, no name. Flat $5/month, no annual upsell.
The default privacy search for non-technical users. No search history, no profile, ad-supported via non-personalized ads. Mostly Bing results plus their own crawler. Companion browser app on every platform.
The browser that gave the privacy world its baseline. Routes traffic through three Tor relays for IP-level anonymity, and ships hardened Firefox defaults to defeat fingerprinting. Slow, by design.
The polished, paid alternative. Closed source but heavily audited; Secret Key requirement makes server-side compromise effectively useless. Best UX in the category, especially for families and SSH keys.
From the blog
Threat models and trade-offs, written plainly.
Use case guides
Step-by-step playbooks for real situations.
Head-to-head comparisons
When two tools are close, here is how to decide.
FAQs
What makes a privacy tool 'good' in 2026?+
Three things, weighted in this order: 1) End-to-end encryption with no plausible backdoor, verified by a published independent audit. 2) Open source code (or at least open clients) so the encryption claim can be checked. 3) A jurisdiction and funding model that doesn't pressure the operator to log or share. Marketing is irrelevant. If a tool only checks one of those boxes, treat it as a partial improvement, not a privacy solution.
Are open source privacy tools always better than closed source ones?+
Open source is necessary but not sufficient. Code being public means the encryption claim is verifiable — that's the floor. But you still need active maintenance, audits, and a real threat model. KeePassXC and 1Password both protect passwords well; KeePassXC wins on auditability, 1Password wins on family UX. The right answer depends on which trade-off you can live with.
Do I need a VPN if I already use Tor?+
Usually no. Tor provides IP-level anonymity through three relays; layering a VPN on top usually weakens, not strengthens, the threat model — your VPN provider sees your real IP and that you used Tor at the same minute. The exception: VPN-then-Tor (Mullvad → Tor) hides Tor use from your ISP. Tor-then-VPN (entry guard → VPN) is rarely useful.
Is Signal still safe in 2026?+
Yes. The Signal Protocol remains the gold-standard open E2EE design, audited multiple times. The standing complaint — that you must sign up with a phone number — was partially addressed by usernames in 2024, so contacts no longer have to see your number. The bigger threat model question is metadata about who you talk to, not message content; for that, SimpleX or Session reduce metadata further.
Why should I care about my DNS provider?+
Every domain you visit gets resolved by your DNS provider, in plaintext by default. Your ISP, hotel Wi-Fi, or coffee shop AP can read every DNS lookup. Switching to a privacy-respecting provider with DNS-over-HTTPS (NextDNS, Quad9, AdGuard, Cloudflare 1.1.1.1) closes that channel and on most networks also speeds you up.
What is end-to-end encryption (E2EE), really?+
Messages are encrypted on your device using a key only you and your recipient hold. The server in the middle stores ciphertext it cannot decrypt. Real E2EE means even a court order or full server compromise can't reveal message content. Counterfeits include 'encrypted at rest' (server has the key) and 'TLS' (encrypted in transit only). Always check what is encrypted: body? subject? metadata? attachments?
Are paid privacy tools more trustworthy than free ones?+
Paid means you, not advertisers, are the customer — that aligns incentives. But paid alone is not a guarantee (closed-source paid tools still have to be trusted blind). Free open-source tools backed by a foundation (Signal, Tor, Bitwarden) have a different but solid alignment: no advertiser pressure, sustained funding, and code you can verify. The worst case is free closed-source with ads.
How do I switch to GrapheneOS?+
You need a Pixel 6 or newer (Pixel 8/9 recommended in 2026). Boot the device, enable OEM unlocking in developer options, then run the official web installer at install.grapheneos.org. Installation takes about 10 minutes. Most banking apps work via sandboxed Google Play; some flag custom OS — test before committing.
What is a 'no-logs' VPN claim worth?+
A claim is worth nothing on its own. What matters: 1) Independent audit reports that examined the actual servers and code paths. 2) A history of legal pressure that produced no logs (Mullvad and Proton VPN both have these). 3) A payment system that doesn't tie your account to your identity. Mullvad and IVPN clear all three; most consumer VPNs clear zero.
Should I use a password manager or just memorize?+
Password managers are the single biggest improvement you can make to your security posture. Memorization caps you at 4-6 unique passwords; reuse is the leading cause of credential breaches. KeePassXC if you want full local control, Bitwarden if you want sync without giving up open source, 1Password if polish matters more than openness.
What is metadata privacy?+
Even when message content is encrypted, the fact that you talked to person X at time T from location Y is unencrypted metadata that a server can log. Signal collects the bare minimum (timestamp + nothing else thanks to Sealed Sender). SimpleX collects nothing — there are no user IDs to log. Session and Briar route over Tor or P2P to obscure the connection itself.
Are these tools legal everywhere?+
Most are legal in most countries. Tor and many VPNs are blocked or legally restricted in China, UAE, Iran, Belarus, Turkmenistan, and similar regimes. End-to-end encrypted messengers are legal in the EU, US, UK, Korea, and most democracies, though some governments (UK, Australia, India) have proposed legislation that would require backdoors. Check your local context before relying on a tool.
What is the difference between client-side and server-side encryption?+
Server-side encryption (most cloud storage default) encrypts data on the server with the server's key; the operator can decrypt at will. Client-side encryption (Cryptomator, Proton Drive, Tresorit) encrypts on your device with your key before upload; the server only sees ciphertext. Always choose client-side for sensitive files, even on a 'private' provider.
Can I really run the entire Signal protocol on my own server?+
No, Signal is intentionally federated only via the Signal Foundation servers — they do this so the protocol stays consistent and metadata-minimal. To self-host an encrypted chat server, look at SimpleX (self-hostable relays), Matrix (Synapse or Conduit), or XMPP with OMEMO.
How do I evaluate a new privacy tool I just heard about?+
Five-question test: 1) Is the source code public? 2) Has an independent third party audited it in the last 24 months? 3) What jurisdiction is the operator in and what's their data-retention legal regime? 4) What's their funding model (ads, subscription, donation, VC)? 5) What's their incident history when they faced legal pressure? If you can't answer four out of five, it's marketing, not a privacy tool.
How does this directory stay current?+
We update it manually as audits land, providers change ownership, or vulnerabilities are disclosed. Last reviewed May 2026. If a tool you trust is missing, or a fact needs correction, email [email protected].