iOS

Warning: Apple iOS devices are affected by PRISM. Even using the software tools we recommend here, your privacy may be compromised by iOS itself. The operating system of any device can unfortunately lever out any privacy protection that a program tries to offer you. The latter has to run in the confines of the OS after all. We strongly recommend replacing your iOS device with an Android-compatible device running Replicant.

DNS
Notes

Google Public DNS permanently logs your ISP and location information for analysis. Your IP address is also stored for 24 hours.

OpenNIC has not adopted an official policy concerning log query privacy/anonymization. More information here.

Avoid
Google Public DNS
OpenDNS
Email Accounts
Notes

For more email providers, take a look at Privacy-Conscious Email Services. Please decide for yourself whether if you trust them with your data. For more discussion about safe email providers, please see issue #461.

MyKolab is hosted in Switzerland and benefits from the strong Swiss privacy laws. It is run exclusively with free software and using the service supports the development of Kolab. Also, it lets you export all your data at any time.

Riseup’s services may also be accessed via their Tor Hidden Service addresses. A list is available here.

Why not Hushmail? See 'compromises to email privacy'.

If you have the technical aptitude, consider running your own mail server.

Avoid
Gmail
Outlook.com
Yahoo! Mail
Yandex.Mail
Email Alternatives
Notes

Bitmessage is a promising alternative to email, but it has not yet been audited by security professionals. Use at your own risk. If you decide to try out Bitmessage, make sure to generate a completely random ID to greatly reduce the probability of ID collisions.

RetroShare has not been thoroughly audited by security professionals for possible security issues.

Avoid
Enterprise Suite
Notes
The enterprise suite category is for solutions for organizations that cover more than 10 categories in an integrated fashion (ex.: logins work throughout all apps, etc.)
Avoid
G Suite
Office 365
Zoho Office Suite
File Storage & Sync
Notes

This section has been carefully curated to only include software that encrypts data on the client. That means your data should be secure even if servers it's stored on are compromised.

Avoid
Dropbox
Google Drive
iCloud
Microsoft OneDrive
Instant Messaging
Notes

“Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing.”

The Guardian Project hosts a fantastic how-to guide to chatting securely on Android with ChatSecure.

Threema is not recommend by PRISM Break as it is closed source software. Freely available source code is a necessary condition for privacy and security.

Avoid
Discord
Facebook Messenger
Google Allo
Google Hangouts
iMessage
LINE
Skype
Snapchat
Tencent QQ
Trillian
Viber Messenger
WeChat
WhatsApp
Mail Servers
Notes

A beginner’s guide to running your own mail server is available here: “NSA-proof your e-mail in 2 hours”.

Kolab integrates Roundcube into its webclient and offers desktop clients as well. Recent versions also feature a file cloud turning it into a complete solution for personal information management.

What is an MTA?

“Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. An MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol.

The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.”

Avoid
Mesh Networks
Notes

A mesh network is a decentralized peer-to-peer network, with user-controlled physical links that are usually wireless.

“Mesh networking (topology) is a type of networking where each node must not only capture and disseminate its own data, but also serve as a relay for other nodes, that is, it must collaborate to propagate the data in the network.”

Avoid
Operating Systems (Mobile)
Notes

iOS and WP are proprietary operating systems whose source code are not available for auditing by third parties. You should entrust neither your communications nor your data to a black box device.

Avoid
BlackBerry 10
iOS
Social Networks
Notes

If you have system administration knowledge, please strongly consider running an instance of pump.io (or something else) for your friends, family, or favorite community. Many of them would be willing and grateful to escape Facebook if you provide them a way out.

For those of you without your own server, RetroShare is the easiest way to start your own encrypted social network.

Avoid
Facebook
Google+
LinkedIn
Snapchat
Twitter
Web Browsers
Notes

Try to use Tor Browser for all of your web surfing. It will offer you far better anonymity than any other browser. Make sure to learn the basics of Tor before using it. If the site you want to visit will not work in Tor Browser, try Firefox intead, but realize these browsers do not anonymize your ip by default.

Tor Browser notes: Using Tor Browser to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node.

Firefox notes: This browser uses Google search by default: replace it with a more private alternative. Iceweasel is a rebranded version of Firefox that does not have to follow Mozilla Trademark Policy.

Why are Chromium, SRWare Iron, et al. not recommended on PRISM Break? More info here.

Warning for mobile devices & Tor: Websites using HTML5 <video> tags will leak <video>-related DNS queries and data transfer outside of Tor.

Avoid
Google Chrome
Opera
Safari
Yandex.Browser
Web Search
Notes

DuckDuckGo is a software-as-a-service (SaaS) hosted around the world that provides you with anonymous search results from these sources. DDG open source components are available here.

There is also a DuckDuckGo hidden service at 3g2upl4pq6kufc4m.onion for Tor users.

MetaGer is a SaaS by the German non-profit SUMA e.V. that provides you with anonymous meta search results.

Startpage is a SaaS hosted in the USA and the Netherlands that provides you with anonymous Google search and image results through a free proxy.

Avoid
Google Search
Microsoft Bing
Yahoo Search
Yandex Search
World Maps
Notes

“If you spend time contributing to OpenStreetMap you are helping a good cause, and building a geographic database of the world which is free and open for all and forever.”

Avoid
Apple Maps
Bing Maps
Google Earth
Google Maps