Yes im aware that my search engine choice is not the best option.
This is really great, especially as a jumping off point. You might consider a ranked approach, like good, better, best. Most marginally privacy conscious services are going to be better than their Google analog, but some are better.
Obsidian is closed source or not fully open source iirc. Try Notesnook if you need sync.
Yeah or standard notes if they like the proton products
Standard Notes was written by a different company (largely just one developer) and is not like other proton products.
Proton simply bought it so they didn’t have to write their own.
Apparently Emacs is on F-Droid so you could use org-mode as well, although IDK how well it works
Anyone have thoughts on mailbox.org? I have been thinking of switching. Anyone with experience with the service?
I prefer Comaps over OsmAnd, it’s just much simpler
I don’t trust proton.
Get a 5$/ month Nextcloud instance on Hertzner or selfhost it. You’ll get 1 tb drive, calendar, notes, office suite, sync with phone, and much much more.
- ChatGPT -> llama.cpp
- Dropbox -> Syncthing + ZFS
- PayPal -> Atto
- Google Home -> Home Assistant
- Google Docs/Sheets -> Collabora Office
Some of these require self-hosting, so you might need Headscale or WireGuard to connect to them
Just to give more unique feedback (although everything you have is good) if your willing to self host, immich add immich to google photo replacements since it’ll back up photos across devices (I haven’t personally looked at ente photos) and depending on how important hiding your traffic from your ISP is, consider replacing a VPN with TrackerControl which helps to stop apps from phoning home.
A big difference (for some) is that the mailbox is not fully encrypted. However I only see that as a requirement if there is an actual potential threat against you (like as a journalist).
Also, Mailbox has app passwords, so you can control which applications can access it and a simple revocation will end it. Connecting directly is not possible for security reasons.
They also offer 25 free aliases, 50 additional ones if you use your own domain. And they do make it rather easy to set up the necessary records to send via your domain. Plus throwaway addresses (which will only exist for 90 days each and can only receive emails).
First off: you’ve come a long way. Great setup, keep it up!
As others have said, I’d reduce your reliance on Proton. I’d particularly ditch their password manager in favour of something like KeepassXC and combine it with Syncthing (which you’re already using) in order to keep your passwords out of the cloud, but synced between your devices. Always think in terms of blast radius: if an attacker gets access to your Proton account (either because you fuck up or they do), they will have access to anything that’s in there. Having your e-mail + pw manager there increases blast radius dramatically and allows not only for access to, but full takeover of your accounts in case of a breach.
Have you heard of Privacy Guides? They have a whole community of people there and provide privacy focused software and service recommendations, with lots of details explaining their reasoning.
In my honest opinion? Nothing. There is nothing worth changing here, all the other advice is just different kinds of extreme.
based on your selection and the fact that you asked this question is good a indicator that any other alternative people would suggest won’t do you that much benefit while carrying a much higher chance of being highly inconvenient.
I prefer Comaps over OSMand.
different purpose in my opinion
How so? Isn’t it a fork after a dispute about direction?
I’d add criteria, e.g.
- GDPR compliant
- no link with advertising companies
- free software or open source
- self-hostable
- security audit
etc and overall have a reasonable default option but not hide that there are alternative. We want everybody to move away but if everybody moves to Proton as a suite and they enshitify then we are (nearly) back to square one. So I think showing that good alternatives exist is great. Helping people who already use an alternative others, maybe even better one for THEIR criteria also exist, is even better.
I’d also add a Github (or better CodeBerg or self-hosted Gitea) link at the bottom to https://github.com/ente-io/privacypack with the license (MIT) visible.
As for GDPR, California has something similar, so that also might be good. California still falls under the federal CLOUD Act and their like, though.
If advertising companies (or really, stuff with an incentive to hunger for data) are a concern, I would not recommend the search engine Startpage. Other than that, its policies are afaik fairly decent.
For software, I think it being OSS or at least fully audited by an independent, transparent security auditor, is crucial. You want to avoid shell companies and such whose ultimate ownership is unclear. Or CEOs with questionable histories.
Self-hostability is a good one, though not everyone has the expertise required.
Not everyone car for the same things nor has the same abilities indeed, that’s why I’m thinking of optional filters. I also want to clarify the process is important to keep in mind, namely if somebody just started to move away from BigTech or surveillance capitalism or whatever is problematic for them, it’s not the same as somebody else who dedicated their live to that a decade ago. So IMHO the hope is that people can add more and more filters whenever they feel comfortable they have the available resources to do so. It’s a journey for each of us, on different paths at difference paces.
Duckduckgo -> selfhosted searxng… startpage has also not yet been involved in any controversy for a non selfhosted option.
Copy paste of why duck duck go is a problem:
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
Now I little after this came out they do claim they removed them (odd how that suddenly changes after it was no longer secret) But then much more recent as listed on wikipedia, verifying they still have some long term deals with microsoft in **2025**… microsoft is not going to make a deal with a perceived competitor for nothing in return.
By August 2025, Bing planned to cut off access to its search APIs in a push to sell more AI-related APIs, though **DuckDuckGo believed that larger companies like it with long-term deals would not be affected** 62 Bing had dramatically raised rates for its search API in 2022 after ChatGPT debuted. 62
There is also more general proof that while duck may technically use other sources also. It really is mostly bing:
During a Bing API outage in 2024, DuckDuckGo stopped showing results, indicating that Bing provided a substantial portion of DuckDuckGo’s results.69 70
I literally do not understand how they managed to take such foothold in real privacy communities. I used to love brave till the i was repeatedly pointed to the scandals that many people are aware of and informing others about… but considering ddg i rarely see anyone pointing this out. It actually smells like a huge successful marketing adventure to sell bing to privacy enthusiasts, but for that i obvio do not have proof. I often imagine this meme with bing instead of google and a cute duck go as mr incognito
For Google keep replacement, check out Simple Notes Sync. I’ve been using it for a few months now 🙂
