Whenever some app or service claims to respect your , check for two things:

1. Is it open-source on both client and server (if applicable) ?
2. Is the service itself decentralized in some way (federated, allows self-hosting etc.) ?

Now evaluate everything you use - iPhones, WhatsApp, Telegram, Signal, Gmail etc. using this checklist.

Try to find and use software/services which satisfy both of the above conditions.

Wrt. to websites, you can also see (with extensions such as Privacy Badger or uMatrix) how much 3rd party JS and cookies the website uses. Those that use a lot clearly don't care about your privacy.

@njoseph is there any app or software which meets these two conditions? Is it possible to find an app or software for every need (email, browser, music player, etc.) which works well enough (can be compared to leading apps/softs) and is still being updated?

@barszczyk @njoseph Instead of "apps" or "services", let's think protocols.

If a protocol is open-source, chances are an open-source implementation is out there.

Let's see:

PGP (OpenKeychain, gpg, etc. no reason yet to self-host a keyserver)
IMAP (K9-mail for client, dovecot for server)
SMTP (Exim for server, there are others)

XMPP (think whatsapp):
Server-side: Prosody
Client: Conversations (free on F-droid)


I'd love to see more!

@barszczyk @njoseph Also, when it comes to Android, there are phones that can be flashed easily. This comes at a price, though.

I'm sporting a Nexus 5X running LineageOS without Google Apps. I know a Samsung phone would do the same things, but it would be less flash-friendly (I presume from my experience with S3mini, YMMV). It was more expensive, but I knew it's repairable and that the target demographic are DEVS, so long-term support.

@barszczyk @njoseph
3/? Hardware should be considered as well, not just services.

If you can, try to look up a teardown video of a device you want to buy. How difficult is it? How much glue is there? Does something break every time you open (glass back)?

Check the availability of spare parts for your phone. Even batteries, if a phone has a "non-removable battery", can be replaced with 20 minutes of time and a youtube video. You'll do future you a favour.

@barszczyk There isn't very much software that meets both of those criteria. Lots of software fits one, for example:
- Gmail is federated but not open source
- Signal is open source but not federated

As for software that meets both a few examples would be:
- Nextcloud
- ProtonMail
- Mastodon

However, all of the above do lack certain features compared to their proprietary counterparts.

Yes, for all these we have . I use for chat, k9 mail for email (self hosted), next cloud for address book (self hosted).

@praveen @barszczyk I try to stick to free software as much as possible for my personal use.

Here's my personal privacy stack (clients).

My self-hosted server is a

@njoseph Unfortunately #OprnSource misses the point as it doesn't care to educate people on the same issues as #FreeSoftware does. Besides, the Open Source Definition, kept by Open Source Initiative, doesn't address #DigitalHandcuffs such as #DRM or the more elaborated forms such as those in many phones that deny the user the freedoms 0 and 1 (to adapt and reuse that in the same unit).

@njoseph This is why I'm a weirdo who hosts his own Matrix server, although the only people I ever end up talking to via are via the IRC bridge, or that one paranoid East German I know ;)

@njoseph would elementary OS satisfy this list? It's completely open source, infra included, and AppCenter could be self hosted. But that is so far outside the realm of user wants that I don't think it's ever been attempted.

@cassidyjames All free software usually ticks both the boxes, but beware of apps that only open-source the client and not the server (e.g. Telegram).

There are cases where the advertised "open-source" product you just downloaded cannot actually be created from its source since it has a lot of proprietary components added on top of the open core. e.g. Microsoft VS Code.

@njoseph afaik Telegram's client server is open-sourced. It also has two chats to offer: secret chat (e2e) and the regular chat where your messages are encrypted, but they're stored on Telegram's servers for a lot of benefits: so users can access their saved files/messages on their cloud storage offered by Telegram.
Actually, Durov has written why Telegram is not e2e by default:

Regarding about the second condition, Telegram isn't decentralized (yet).


1. Telegram server is not open-source yet.
2. Telegram is centralized and doesn't federate.

I don't buy their arguments against e2e encryption either.
has e2e encryption but stores all messages on the server, allowing easy backups. You just have to keep your keys safe.

's whole privacy model is, "there's one individual called Pavel Durov who will not sell your data and will be able to resist all coercion from governments to hand over the encryption keys"

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!