Privacy & Anonymity Resources

Tails (The Amnesic Incognito Live System)

Website: tails.net

Tails is a portable, Debian-based Linux distribution designed to run entirely from a USB drive or DVD. It routes all network traffic through the Tor network by default and leaves no trace on the host machine after shutdown — hence the term "amnesic." Every session starts fresh, which means any malware that may have been introduced during a session is wiped clean upon reboot. Tails includes a suite of built-in privacy tools such as the Tor Browser, Thunderbird with Enigmail for encrypted email, KeePassXC for password management, and OnionShare for anonymous file sharing. It is widely regarded as one of the most accessible entry points for high-security anonymous computing, and it was notably used by Edward Snowden during his communications with journalists. The persistent storage feature allows users to encrypt and retain specific files across sessions when needed, while still maintaining the amnesic properties for everything else.

Whonix

Website: whonix.org

Whonix takes a fundamentally different approach to anonymity by splitting the system into two virtual machines: a Gateway that handles all Tor routing, and a Workstation where the user performs their activities. This architecture means that even if the Workstation is fully compromised by malware, the attacker cannot discover the user's real IP address because the Workstation has no direct access to the network — it can only communicate through the Gateway. Whonix is designed to run inside VirtualBox or KVM on top of a host operating system, or natively within Qubes OS for even stronger isolation. It is particularly well-suited for users who need persistent workstations with strong anonymity guarantees, and its design makes IP leaks virtually impossible at the application level. The documentation on the Whonix wiki is among the most thorough in the privacy community, covering advanced topics such as stream isolation and time-based attack mitigation.

Qubes OS

Website: qubes-os.org

Qubes OS is a security-oriented operating system built on the Xen hypervisor that implements "security by compartmentalization." Instead of running applications side by side on a single operating system, Qubes isolates different activities into separate virtual machines called "qubes." A user might have one qube for browsing, another for email, another for work documents, and another running Whonix for anonymous activities. If one qube is compromised, the damage is contained within that compartment and cannot spread to others. Qubes is endorsed by privacy advocates including Edward Snowden and is considered one of the most secure desktop operating systems available. The tradeoff is hardware compatibility — Qubes requires specific hardware features (VT-x, VT-d, IOMMU) and has a steeper learning curve than Tails or Whonix. For users with compatible hardware and the willingness to invest time in setup, it provides an unparalleled level of desktop security.

Tor Browser

Website: torproject.org/download

GitHub: github.com/torproject/tor

The Tor Browser is a hardened fork of Mozilla Firefox that routes all traffic through the Tor anonymity network. It is configured to resist fingerprinting by making all users look identical — same screen size, same fonts, same browser features. It blocks third-party trackers, disables dangerous features like WebRTC (which can leak your real IP), and clears all session data on exit. The Tor Browser is the gold standard for anonymous web browsing and is the only browser that provides genuine anonymity rather than just privacy. It does come with tradeoffs: browsing speeds are slower due to the multi-hop Tor circuit, some websites block Tor exit nodes, and JavaScript-heavy sites may not function correctly at higher security levels. For accessing .onion services, the Tor Browser is the only appropriate tool.

Mullvad Browser

Website: mullvad.net/en/browser

The Mullvad Browser is a collaboration between the Tor Project and Mullvad VPN. It applies the same anti-fingerprinting technology used in the Tor Browser but without the Tor network, making it ideal for users who want strong browser-level privacy while using a VPN or their regular internet connection. It provides the fingerprint resistance that most "privacy" browsers lack, making it a superior choice to browsers like Brave or Firefox with custom configurations. The Mullvad Browser is designed to be used with a VPN (preferably Mullvad, though any trustworthy VPN works) and is an excellent choice for daily browsing when Tor's speed limitations are impractical.

Mullvad VPN

Website: mullvad.net

Mullvad is widely considered the most privacy-respecting commercial VPN available. It does not require an email address or any personal information to sign up — accounts are identified by a randomly generated number. It accepts cash payments sent by mail, as well as cryptocurrency, making truly anonymous purchases possible. Mullvad has undergone multiple independent security audits, runs a growing number of RAM-only (diskless) servers, and has been transparent about law enforcement requests. In 2023, Swedish police attempted to seize servers from Mullvad's offices and left empty-handed because no customer data existed to take. Mullvad supports WireGuard and OpenVPN protocols, offers a consistent flat-rate pricing model (no deceptive multi-year deals), and publishes its infrastructure details openly. If you are going to use a VPN, Mullvad is the benchmark against which all others should be measured.

ProtonVPN

Website: protonvpn.com

ProtonVPN is developed by the team behind ProtonMail and is headquartered in Switzerland, which has relatively strong privacy laws. It offers a free tier (uncommon among reputable VPNs), open-source clients, and a "Secure Core" feature that routes traffic through privacy-friendly countries before exiting to the destination. ProtonVPN has also undergone independent security audits. However, it is worth noting that ProtonVPN requires an email address for signup, and Proton as a company has complied with Swiss legal orders to provide user metadata in criminal investigations. This is not necessarily a criticism — all companies must comply with valid legal orders in their jurisdiction — but it is a reminder that "based in Switzerland" does not mean "beyond the reach of law enforcement." ProtonVPN is a solid choice for users who want a reputable VPN with a free tier, but users with high threat models should prefer Mullvad's account-number system and cash payment option.

GPG/PGP (GNU Privacy Guard)

Website: gnupg.org

GPG is the free, open-source implementation of the OpenPGP standard. It provides asymmetric (public-key) encryption for email, files, and digital signatures. Each user generates a key pair: a public key that others use to encrypt messages to you, and a private key that only you hold to decrypt them. GPG has been the gold standard for email encryption and software verification for decades. Its primary drawbacks are its complexity — key management, the web of trust model, and command-line usage present a steep learning curve — and the metadata problem (GPG encrypts message content but not the sender, recipient, subject line, or timestamps). Despite its age, GPG remains essential for verifying software signatures, encrypting sensitive files, and secure communication where both parties are technically competent. The Free Software Foundation's Email Self-Defense guide is an excellent tutorial for beginners.

VeraCrypt

Website: veracrypt.fr

GitHub: github.com/veracrypt/VeraCrypt

VeraCrypt is the successor to TrueCrypt and is the leading open-source tool for full-disk encryption and creating encrypted volumes. It supports AES, Serpent, Twofish, and cascaded combinations of these ciphers. One of VeraCrypt's most notable features is "hidden volumes" — an encrypted volume concealed within another encrypted volume, providing plausible deniability. If forced to reveal your encryption password, you can provide the password for the outer volume while the hidden volume remains undetectable. VeraCrypt works on Windows, macOS, and Linux, and is essential for protecting sensitive data on portable drives or for encrypting entire system partitions. It has been independently audited and continues to receive active development and security updates.

age

Website: age-encryption.org

GitHub: github.com/FiloSottile/age

age (pronounced "ah-geh") is a modern, minimalist file encryption tool designed by Filippo Valsorda, a well-known cryptographer who previously worked on Go's cryptography libraries at Google. age was created as a response to the complexity and foot-guns of GPG. It has a deliberately small feature set — encrypt and decrypt files, nothing else — which dramatically reduces the attack surface and the possibility of user error. age supports both public-key encryption (using X25519) and passphrase-based encryption (using scrypt). It can also use SSH keys for encryption, which is remarkably convenient for developers. If you need to encrypt files and GPG feels like overkill, age is the modern, opinionated alternative that makes it hard to do the wrong thing.

Signal

Website: signal.org

GitHub: github.com/signalapp/Signal-Android

Signal is the most widely recommended encrypted messaging application, and for good reason. It implements the Signal Protocol — the gold standard for end-to-end encryption that has been adopted by WhatsApp, Facebook Messenger, and Google Messages. Signal collects virtually no metadata: when subpoenaed by a US grand jury in 2021, Signal could only produce the date an account was created and the last connection date. No message content, no contact lists, no group information. Signal supports disappearing messages, sealed sender (which hides the sender's identity from Signal's servers), and group calls. Its primary limitation is that it requires a phone number for registration, which ties the account to a real-world identifier. For most threat models, Signal represents the best balance of security, usability, and adoption.

Session

Website: getsession.org

Session is a fork of Signal that removes the phone number requirement entirely. Accounts are identified by a randomly generated Session ID, and the application routes messages through a decentralized onion-routing network (Lokinet) rather than centralized servers. This means there is no single point of failure and no central server collecting metadata. Session does sacrifice some features compared to Signal — there are no voice or video calls on the decentralized network, and message delivery can be slower — but for users who need anonymity in addition to encryption, Session addresses Signal's primary weakness. It is particularly useful for situations where registering a phone number is a security risk.

Briar

Website: briarproject.org

Briar is designed for activists, journalists, and anyone who needs to communicate securely even when the internet is unreliable or under surveillance. Unlike other messengers, Briar can operate without internet infrastructure entirely — it supports peer-to-peer messaging over Wi-Fi, Bluetooth, and Tor. Messages are stored locally on each device rather than in the cloud, and contacts are verified through in-person QR code exchanges, eliminating the trust issues associated with centralized key servers. Briar is Android-only and has a deliberately limited feature set, but for its intended use case — resilient communication under hostile conditions — it is without equal. Briar is particularly valuable in protest scenarios, disaster zones, or regions where internet shutdowns are used as a tool of repression.

ProtonMail

Website: proton.me/mail

ProtonMail is the largest encrypted email provider, offering end-to-end encryption for messages between ProtonMail users and PGP-compatible encryption for external recipients. It is based in Switzerland, open-source, and has been independently audited. ProtonMail encrypts mailbox contents at rest, meaning even Proton's employees cannot read stored emails. The web client uses OpenPGP.js in the browser to handle encryption locally. ProtonMail offers free and paid tiers, custom domain support, and an onion address for Tor access. As noted in the VPN section, Proton has complied with Swiss legal orders to provide IP logs of targeted users. Users with high threat models should access ProtonMail exclusively through Tor or a trustworthy VPN to mitigate this risk.

Tutanota (Tuta)

Website: tuta.com

Tutanota (now rebranded as Tuta) is a German encrypted email provider that takes a slightly different approach from ProtonMail. Rather than using PGP, Tuta uses a custom encryption protocol based on AES-128 and RSA-2048. This allows Tuta to encrypt not only message bodies but also subject lines and contact data — something PGP-based providers cannot do. Tuta strips IP addresses from email headers, offers a free tier, and provides open-source clients for all platforms. The German jurisdiction is a consideration — Germany is part of the 14 Eyes intelligence alliance — though Tuta argues that end-to-end encryption makes jurisdiction less relevant since they cannot decrypt user data regardless of legal orders. Tuta is a strong alternative to ProtonMail, especially for users who value subject line encryption and a non-PGP approach.

Monero (XMR)

Website: getmonero.org

GitHub: github.com/monero-project/monero

Monero is the leading privacy-focused cryptocurrency. Unlike Bitcoin, where privacy is optional and rarely used, Monero enforces privacy by default for all transactions using three core technologies: ring signatures (which obscure the sender by mixing their transaction with decoys), stealth addresses (which generate one-time addresses for each transaction so the recipient's public address never appears on the blockchain), and RingCT (which hides the transaction amount). The result is that Monero transactions reveal neither the sender, the recipient, nor the amount to outside observers. Monero has withstood years of academic scrutiny and attempts at chain analysis, and it remains the only major cryptocurrency where privacy is a protocol-level guarantee rather than an optional feature. It is the standard for privacy-conscious transactions in both legitimate commerce and darknet markets.

Wasabi Wallet & CoinJoin

Website: wasabiwallet.io

For users who need or prefer to use Bitcoin, Wasabi Wallet implements CoinJoin — a technique that combines multiple users' transactions into a single large transaction, breaking the chain of ownership that blockchain analysts rely on. Wasabi's implementation uses a coordinator model where multiple participants combine their inputs and outputs in a way that makes it impossible for the coordinator or outside observers to determine which inputs correspond to which outputs. While CoinJoin significantly improves Bitcoin privacy, it is important to understand that it is not equivalent to Monero's protocol-level privacy. CoinJoin is a retroactive privacy measure applied to an inherently transparent blockchain, and determined analysts with sufficient resources may still be able to deanonymize transactions through statistical analysis, especially if the user makes operational errors before or after the CoinJoin. For serious privacy needs, Monero remains superior, but Wasabi Wallet represents the best available option within the Bitcoin ecosystem.

NiceHash (Mining Reference)

GitHub: github.com/nicehash

NiceHash provides open-source mining tools and serves as a reference point for understanding proof-of-work mining infrastructure. While not a privacy tool per se, understanding how mining works is relevant for users interested in acquiring cryptocurrency without going through identity-verified exchanges. Mining your own cryptocurrency — particularly Monero, which is designed to be mineable on consumer hardware — is one of the few ways to obtain coins with no identity trail. NiceHash's open-source miners and QuickMiner tools can be examined to understand the mining process and its role in the broader cryptocurrency ecosystem.

Tor (The Onion Router)

Website: torproject.org

GitHub: github.com/torproject/tor

Tor is the most widely used anonymity network in the world. It routes traffic through a circuit of three volunteer-operated relays (guard, middle, and exit), encrypting the data in layers so that each relay only knows the previous and next hop in the circuit. The guard node knows your IP but not your destination; the exit node knows the destination but not your IP; and the middle node knows neither. Tor also supports hidden services (.onion addresses), which allow servers to operate without revealing their IP addresses. Tor is maintained by the non-profit Tor Project and has been funded by a mix of government grants, private donations, and organizations like the EFF. While Tor has known limitations — it is vulnerable to traffic correlation attacks by adversaries who can observe both the entry and exit of the network, and it is slower than direct connections — it remains the most battle-tested and well-researched anonymity network available.

I2P (Invisible Internet Project)

Website: geti2p.net

I2P is a fully decentralized anonymity network that focuses on internal services (called "eepsites") rather than accessing the regular internet. Unlike Tor, which uses a circuit-based design, I2P uses a packet-based routing system with unidirectional tunnels — separate tunnels for sending and receiving data. Every I2P user's device participates as a router in the network, which means the network grows stronger as more users join. I2P is particularly well-suited for hosting hidden services, anonymous email (via I2P-Bote), anonymous torrenting, and other services that operate entirely within the I2P network. Accessing the clearnet through I2P is possible via "outproxies," but this is not I2P's primary design goal and Tor is generally preferable for that purpose.

Lokinet

Website: lokinet.org

Lokinet is an onion-routing network built on top of the Oxen blockchain's service node infrastructure. Unlike Tor, where relays are run by volunteers with no financial incentive, Lokinet relays are operated by Oxen service nodes that are economically incentivized through staking and block rewards. This creates a more sustainable funding model for network infrastructure and ensures a baseline of node reliability. Lokinet supports both accessing hidden services (.loki addresses) and routing clearnet traffic, and it operates at the network layer rather than the application layer, meaning any application can use Lokinet without modification. Lokinet is the underlying transport for the Session messenger and represents an interesting experiment in economically incentivized anonymity infrastructure.