Contents:
Is security and privacy your priority this year?
We created this list of free security and privacy tools, all of them up-to-date with 2019 challenges. Use the links below to quickly navigate this guide and find the best security tool to add to your arsenal.
- Browsers: Firefox, Brave Browser, Tor, Netcraft anti-phishing toolbar
- Password managers: RoboForm, LastPass, KeePass, Password Safe, Bitwarden
- Adblockers and no tracking: uBlock Origin, NoScript, XPrivacyLua, DuckDuckGo, Startpage
- Private communications: HTTPS Everywhere, Email Privacy Tester, Wire App, ProtonMail
- Great PC security: Bleachbit, VeraCrypt, Eraser, Thor Free, Geek Uninstaller, TailsOS
- Smart home security: ShieldsUp, F-Secure Router Checker, Netcraft, Firefox Privacy Not Included
- Smartphone security and privacy: LineageOS, Signal app, Site Safety Center
- Tools to download your personal data
Considering the events of 2018 and the inherent risks of living in a hyper-connected, surveillance-heavy world, we know you’re probably wondering where to start with online security and privacy. Or maybe you’re looking to find more free security and privacy tools to add to your existing arsenal.
For each quick security tip we also included a more advanced option, so you can make positive changes that best fit your digital habits and level of technical know-how.
Secure and private web browsing
When it comes to security, Chrome is one of the most secure browsers in town, as it benefits from all the resources of the giant Google. However, on the privacy front, this is definitely the worst option, so here are three alternatives:
Firefox Browser
No doubt about it, Firefox is the best browser if you want the same amount of extensions and control that Chrome offers. By switching to Firefox you won’t be losing any features but you’ll be relying on a browser developed by the Mozilla Foundation, a company that has long championed for users’ privacy rights.
Recently, the great HaveIBeenPwned tool was embedded into the Firefox Monitor – simply input your email address and you can see if it was involved in a data breach.
With the reports feature, you can also get alerted if your accounts were compromised.
Brave Browser
Another option is the Brave Browser, which runs on Chromium and can handle most Chrome extensions. What’s the main selling point?
The Brave Browser acknowledges that publishers need advertising revenue to function and that users are kind of sick of seeing so many ads. To solve both issues, Brave lets users choose which ads they don’t mind and rewards their attention with the BAT token, their own cryptocurrency.
This is a system that’s in early stages but shows a lot of potentials, so we included it on this list.
Tor
For the best security and privacy in 2019, Tor (The Onion Router) is still king, protecting your location and personal data. Essentially, Tor routes your internet traffic to a lot of tunnels, so that you cannot be tracked. Used by the military and law enforcement agencies worldwide, Tor is the choice for maximum privacy as long as it’s used for browsing only (anonymity takes a hit for torrenting or streaming sites).
However, it’s worth noting that, due to its traffic redirection, browsing the web through Tor is much slower than with regular browsers. You should also take into account the fact that, because of its ties to law enforcement, Tor does not guarantee bulletproof privacy.
Netcraft anti-phishing toolbar
One thing is for sure: it’s hard to find a free anti-phishing solution that can provide you with a modicum of protection. The reason for this is simple: phishing is one of the most common attack methods hackers employ and security companies have to invest a lot of resources into keeping one step ahead of the threats. We should know, as our own Heimdal™ Threat Prevention Home is designed to tackle this particular issue.
However, we know that not everyone can afford to buy a specialized security solution, so we strive to find the best free ones. Out of everything we looked at, the Netcraft anti-phishing toolbar worked best. Not only it shows overall trust levels in a website, it even warns of websites with SSL certificates that have been compromised by the Heartbleed vulnerabilities.
This is how it works:
“The Netcraft anti-phishing community is effectively a giant neighborhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing attacks. Once the first recipients of a phishing mail have reported the target URL, it is blocked for community members as they subsequently access the URL.”
[Tweet “Found a great AND free anti #phishing tool and a list of free security and privacy tools”]Getting strong passwords and protecting your accounts
All experts agree that choosing strong passwords that are unique for each account is an essential security measure. However, we do know how complicated that is, so password managers are a great option.
Here’s what we recommend for maximum security with the least amount of effort.
RoboForm
A blend of robust security and unparalleled functionality, RoboForm was the very first password management solution to hit the market.
Seasoned and versatile, it boasts a plethora of features – from AES256 bit encryption keys and all the way to 2FA and unlimited password storage. What sets apart RoboForm from LastPass, Bitwarden or Password Safe is its password generator: whereas LastPass caps your passes at 100 characters, RoboForm allows for 500+ characters.
The free version of RoboForm can de be deployed on a single device, but still has the unlimited password storage function. However, if you choose to upgrade, it’s still cheaper compared to Dashlane or LastPass (only $48 per year for five devices). Technically speaking, RoboForm can be used with any type of data types (i.e. email addresses, financial info, physical addresses, phone numbers, etc.) and has a very low false-positive filling error rate.
Other features: true cross-platformer (compatible with Mac, iOS, Windows, and supports tall major browsers), bookmarking, offline access & local-only storage, Emergency Access (a feature that quickly allows you to recover account info in case of a life-threatening situation), and full compatibility with all Windows applications.
Get RoboForm Everywhere with 30% OFF!
LastPass
We’ve been LastPass customers for years simply because it works so great. It salts and hashes the passwords, lets you generate strong passwords with a simple click and works across devices.
The security tradeoff here is the fact that you are handing over access to all of your accounts to a single service. In theory, if it gets hacked, you run the risk of compromising them all. However, if you pair LastPass with 2-factor authentication for every account that allows it, there’s a slim chance a hacker could get into an account.
For those who really want the most secure password manager, these three solutions require a bit more technical knowledge but are as bulletproof as they come.
Reviewing what social media and Internet giants know about you
We get asked a lot what type of information social media platforms and Google have on you and why it matters. We could go over all the risks but the best way for people to understand the scope of the problem is by experiencing the data collection themselves. Why not see exactly what various websites know about you and what they do with that information?
Tools to download your personal data
Before we give you privacy and security tips for social media and trackers, here are the links to download your data and review it:
Download your data from Facebook
Go to your Settings, navigate to the bottom of the General tab and choose “Download a copy of your Facebook data”. You can choose which information you want to receive and, after waiting for the data to be compiled, you will receive a download link.
Download your data from Google
Visit your Google Account and click Data & personalization, then on the Download, delete or make a plan for your data panel, choose “Download your data”. The process is similar to Facebook’s and it can take a few hours for your personal information to be compiled (expect large archives).
Download your data from Instagram
To get your Instagram data on the web, go to your profile and click the gear icon, then choose Privacy & Security and scroll until you find Data download. After you enter your email address and Instagram password, you’ll get an email with a link to download your information. The process is almost identical on mobile.
Download your data from Linkedin
On Linkedin, you will find the download your data option by clicking your profile picture and selecting Settings & Privacy. Then, in Settings & Privacy, you’ll find a tab called “How Linkedin uses your data”, where you can select which information you want to archive and download.
Download your data from Snapchat
You can only download your Snapchat data on a computer, not in the mobile app. to do so, visit your Snapchat account at accounts.snapchat.com and click My Data, then choose “Submit Request”. You’ll receive an email containing a link with your data.
Hiding from various trackers and stopping ads
uBlock Origin
There are other great tools like PrivacyBadger but uBlock Origin is the best adblocker we tested so far. It has incredibly granular controls and a nifty “Element blocker” which lets you zap any part of a website you dislike.
Its tracker-blocking features are so strong it can even let you block the most common-place script, Google Analytics, from gathering information about you.
Disconnect
Another great option for stopping web tracking is Disconnect, an extension or downloadable software that, just like uBlock Origin, lets you see exactly what’s happening when you browse.
It conveniently separates social media trackers and e-commerce once, so you can choose which services you’re comfortable with getting access to your data. The Disconnect is available as a “pay what you want” subscription and even lets you how much of your contribution goes to the developers or to charity.
NoScript
For true control over tracking NoScript is unparalleled. This little plugin disables Javascript and, with it, most trackers, and can also be found embedded in the Tor Browser. However, NoScript can also break most modern websites, so this tool should only be used by those extremely concerned about privacy. For a reasonable amount of privacy, uBlock Origin is more than enough.
DuckDuckGo
If you don’t want your search results information going to Google or want unfiltered information not based on your history, DuckDuckGo is the best search engine.
DuckDuckGo uses Google’s search results, so you can expect the same quality of results, but doesn’t track you or your search history. It’s also amazing for quickly searching other websites by adding so-called “bangs” before your query.
StartPage
If DuckDuckGo’s search results don’t work for you, try StartPage.com, a search engine that used to be the default choice in the Tor Browser.
What makes it different from both DuckDuckGo and Google is the fact that it shows results from multiple search engines. It also lets you do an Anonymous View on the websites you click from search results, stopping cookies from being downloaded on your device. Trust us, getting search results with no ads is an amazing experience in this day and age.
XPrivacyLua
Nowadays, it’s almost impossible to stop app trackers on an Android smartphone but XPrivacyLua does a good job.
Too many things to keep track off when trying to keep trackers off your back? This awesome tool takes the complete opposite approach for protecting your privacy. Instead of stopping trackers, it feeds them junk data to throw them off your trail.
You probably tried to disable location access for some apps and saw a dire warning that the apps in question might crash. XPrivacyLua lets you go around that issue. Instead of disabling permissions for apps and risking their crash, it feeds them fake data. XPrivacyLua works with Android 6.0 and higher version.
Essentially, you get privacy through obfuscation, not by traditional hiding.
Keeping your communications private
HTTPS Everywhere
To prevent snooping and data theft, encryption is essential. Unfortunately, there are still a lot of websites that do not feature secure connections, so this extension is a must-have. HTTPS Everywhere handles all HTTP websites and encrypts your connection with them and their adjacent websites. Even though it consumes a bit of memory, it’s a great extension to simply leave on and ensure a boost of security. Oh, and it’s also on mobile!
Email privacy tester
One of the ways online criminals and spammers snoop on users is by email tracking. To see exactly what type of info can be obtained by this, Email Privacy Tester is an incredible tool that can give you a report in just a few minutes.
“Several of these third-party email tracking technologies will try to share and correlate your email address across different emails that you open, and even across different websites that you visit, further shaping your invisible online profile. And since people often access their email from different devices, email address leaks allow trackers (and often network observers) to correlate your identity across devices.”
As EFF explained, email tracking is a pervasive problem, so consider running a test and use HTTPS Everywhere for added security.
Wire
On the desktop, the best chat app with end-to-end encryption we found is Wire.
This is a great tool for work environments with flexible pricing. For yourself and friends, Wire Personal is completely free and offers full encryption for messages, calls, and files of up to 25 MB in size, which is great for sending photos.
You don’t even need a phone number to sign up! The latest update also brought read receipts, so Wire has most functionalities you’d expect from a chat app.
ProtonMail
The choice of security and privacy advocates around the world, ProtonMail was developed by CERN researchers with end-to-end encryption in mind.
Even though the interface is not as intuitive as other email services, ProtonMail has the added benefit of being available on PCs and smartphones through dedicated iOS and Android apps. The best part? You can get a ProtonMail account without giving up any personal info and the company keeps no IP logs.
Tails OS
If you feel ready to start distancing yourself from Windows or macOS, Tails OS is a great, privacy-oriented operating system that’s really easy to use for those familiar with Linux.
Short for “The Amnesiac Incognito Live System”, Tails can be kept on a USB or a DVD and booted live. Because it boots live and leaves no digital footprint in the computer, it’s meant to be used on the go, not as a day-to-day main choice. This Reddit user described one of the best privacy setups with the least steps involved.
Smart home security
ShieldsUp
Smart home security and IoT security for users, in general, boils down to two things: how secure your router is and how strong your password is.
Don’t get scared by this site’s antiquated design because ShieldsUP is still a valuable tool. Use it to check the open ports on your router.
F-Secure Router Checker
The F-Secure Router Checker is also a great choice to find out if your router was DNS hijacked and if there are vulnerabilities in your setup.
As F-Secure explains, “a DNS hijack means that someone has intentionally modified the settings on your router without your consent”. This has the potential to let an attacker monitor and control your Internet traffic, sending you to fake versions of websites you generally use in order to steal your highly sensitive credentials.
Privacy Not Included
Want to know the best way to prevent smart home security issues? Doing a bit of research before buying an IoT device and considering its security and privacy rating, not just its features and price. One of the best places you can do this is through Mozilla’s Privacy Not Included, a 2018 holiday shopping guide that shows you the flaws in most popular devices.
Smartphone security and privacy
Signal app mobile
Looking for the best end-to-end encryption chat app? Look no further than Signal, a lightweight yet powerful app that uses the Signal Protocol.
It even features disappearing messages for added security. That’s a cryptographic protocol built by a nonprofit group and adopted by other chat apps like WhatsApp or Facebook Messenger.
What separates Signal from them is the fact that you don’t have to enable Secret Conversation to get encrypted chat, it’s on by default.
And, unlike direct competitors like Telegram, it hasn’t been pressured by interest groups to give up user data. Best of all, this encrypted chat app does not feature advertising, so you get is a truly clean chatting experience.
The Netcraft extension is a great way to minimize the risk of getting phished. This handy tool gives you a quick integrity check of a website, showing you its age, popularity and encryption status. It also includes a quick button letting you report possible phishing attempts.
LineageOS private OS for mobile
Want more privacy and better security than what Android offers? Look no further than LineageOS, a free, open-source operating system for mobile that actually receives monthly security updates.
Even though it does not have the same amount of apps as mainstream OSes, LineageOS does eliminate bloatware shipping with modern phones. It also has a host of essential open-source apps like messaging, recording, a file manager and a proprietary web browser.
Check out this guide written by Android experts if you want to install LineageOS.
Site safety center
Unfortunately, phishing remains one of the top threats. On the desktop, solutions like Heimdal™ Threat Prevention can make sure that, even if you click a suspicious link, your data won’t be stolen.
On mobile, few apps provide this, which means phishing flourishes in this environment. If you receive a suspicious link in a WhatsApp message but still want to open it, it’s best if you do a quick check on Trend Micro’s Site Safety Center. As its name indicates, the Site Safety Center will check a suspicious URL for you and show you if you have cause for concern.
Great PC security tools
VeraCrypt
Do you have a lot of sensitive files on your hard drive or invest in things like cryptocurrencies? For this scenario, keeping your data safe demands you encrypt and hide it, especially on a shared computer.
The best tool for this is Veracrypt, which lets you create hidden, encrypted and password protected volumes to keep your data safe from prying eyes.
It’s free, open-source software that’s easy to use and very well documented.
Bleachbit
Bleachbit helps your Antivirus perform. It’s a utility tool like CCleaner but the crucial difference is that it’s totally free and open source. Bleachbit also includes file shredding and Firefox cleanup.
As an added bonus, because you quickly clean unwanted temporary files, logs or browsing histories, your Antivirus will have a much easier time of scanning your PC (shorter scans = even less of an impact on the performance of your computer).
Eraser
If you want to erase your personal files from a work computer or an old hard drive and want to make sure those files are truly deleted, Eraser is the best free security tool we’ve tried so far. To account for the fact that data can still be recovered from a disk even after a delete, Eraser overwrites that data several times and effectively jumbles it before deletion.
GeekUninstaller
One of the most common vulnerabilities targeted by hackers is unused and outdated software. A good uninstaller that can even handle broken files or pesky software is GeekUninstaller.
Heimdal™ Free
For monitoring your computer apps and securely deploying updates as soon as they’re available, our own Heimdal™ Free does a great job. You can also install the most commonly used software from its interface, without having to find download pages through search engines (and risk landing on a malicious page!)
These are our suggestions for enhancing your security and privacy this year but we plan on updating this page with even more free resources.
Do you know a great free security tool or have a great privacy tip? Drop us a line below and share it with the community!