Why? I would be careful with Proton Mail b/c it presumably advocates the Swiss surveillance and security law, which allows to keep information for a longer period of time.
One of the reasons I prefer Nextcloud is it makes a lot of this easier. Nextcloud Notes is simple MD file and subfolder structure. Nothing special, no special clients needed. They have a droid client, the web version works from desktop, but you can also just sync the folder to a device and open them with anything.
The proprietary format of Obsidian and others like Joplin was too abrasive across clients for me and too locked in to their format. I prefer just using MD because I can edit if with whatever.
Maps is the hardest thing to replace. I like comaps but it's hard to find any businesses on it. They should probably start scrapping google maps because there no way to get ahead at this point.
Mapy uses OSM data outside the Czech Republic, and the extra features there compared to FOSS apps are only marginally useful. However, I am in the Czech Republic so I use the year-old 9.55.2 (9550200) Android app (last version before Premium enshittification).
Correct, but there isn't any good FOSS map out there, all rely on OSM, and Mapy certainly isn't the worst. Another good free and independent map is HERE. With maps it always depends for what you use it. It's sad that there isn't any real alternative to Google Maps and Street View (HERE map at least has a 3D view on street level, but only graphically, not real images).
Really private are Maps in paper, which you can buy in Tourist offices (there often free) and Gas Stations, old School
It's unfortunately not truly FOSS, it's still closed source. But literally every map app with traffic data is so, I just use it to avoid Google... Use Aurora store to get it.
Ecosystems which are easy to use are great for users and the reason why Google has a monopoly. If proton is a decent privacy centered alternative then more power to them.
As others have said, remove all proton stuff that you can. You are just replacing one centralized service with another. Google started out good too and look where we are now. Never put too many eggs in one basket.
My answer to this is to use a custom domain with an email aliasing service.
I've gone through about half of the 400 accounts in my password manager and moved them over. I'll migrate the rest over the next week or so.
So, I'm switching from Gmail to Proton for now, but if Proton starts to get worse or Tuta catches up on functionality or there's a better provider that emerges or I decide to try to self-host, it's one easy change at the alias provider to redirect all of my mail to a new email provider.
Thanks. Since I'm just starting my privacy journey, I'm sticking with the mainstream options for now, but using an aliasing service will make it easy easy for me to switch in the future. I'll check it Migadu and I appreciate the suggestion.
I wouldn’t say remove all, although I agree with the “don’t put all your eggs in one basket” sentiment.
But Proton is still a European company and the Swiss government is much more trustworthy than the Americans. It’s still a really good mix between privacy and user-friendliness, unlike most of the other options.
Comaps is not a fork of OSMAnd.. OSMAnd is a high powered offline maps and trip planning toolkit with many layer options, custom layers, multiple map views, and a range of plugins.
Comaps is.. Well an offline compatible Google mapsish clone. It doesnt have anywhere near the capability of OSMAnd. Its more "general user" focused.
As others have pointed out, having so many Proton apps might be an issue. However, that line of thought only works if you’re really concerned about having a single point of failure. Most people value convenience much more than that.
The way I see it, this setup is somewhat noob-friendly, but relying heavily on Proton makes it a lot more convenient for many people. Using a greater variety of providers would make sense, but you can’t expect everyone to be ready for a hassle like that. People seem to expect you to be a hard-core privacy warrior who is willing to make significant sacrifices for philosophical reasons.
Most people aren’t like that. Just switching to DDG is hard enough for them, but at least it’s a step in the right direction.
If you take only 1/10th of this diagram, you get the simplified newbie version. Take all of it, and it’s for a person who is clearly interested in security and privacy. Modify a few things here and there, and you get a version for a serious security enthusiast. Different versions for different audiences.
Using Proton Mail, Calendar and Docs is a lot, lot better than using the Google suite. We shouldnt put people off changing, as you said the convenience is important and often forgotton as the major reason people stick with Google.
I love Logseq and I've been using it for many years. But TBH it's not an alternative to Obsidian. At all. It's a differrent app with a differrent approach.
My boss uses Obsidian, and me and a colleague use Lagseq. They seem to do the same job for our needs. I'm curious to know what features of Obsidian is Logseq lacking for your usecase?
Yeah good call out. I just meant that there are many people that don't trust/dislike proton. OP though seems cool with proton so then they might be cool with standard notes.
If you're already moving to Graphene, just use Vanadium as your browser. It ships with GOS and is an excellent privacy choice.
Also, proton mail kinda sucks. I used it for a while but switched to fastmail because an email account with zero interoperability is kinda a lousy used experience.
Edit: same with proton calendar. I like the concept but in practice having a locked away calendar isn't a great feel.
Its just where philosophical and practical meet the road for me.
Proton is a cool idea because they say they don't scan anything, and that brought me in; but not being able to use an email client of my choice made my day to day experience less pleasant. If you're in desperate need of the encryption on their servers it may be a totally reasonable trade off, but it wasn't for me and I've heard many others say basically the same.
Because my main objective was not having my personal emails feed the corporate giants my personal information, rather than a hard requirement of encryption, it makes a lot more sense to use fastmail or a similar service and keep the day to day usability of not being completely locked into the proton ecosystem.
Same thing for my calendar, more important to be able to share events with people not logged into proton and to use the client I actually like.
Side note: much of the sell of proton mail gets tossed out the window when you send an email to anyone not using proton. If you email someone using gmail or apple or whatever that server side encryption from proton doesn't mean dick anymore.
In my honest opinion? Nothing. There is nothing worth changing here, all the other advice is just different kinds of extreme.
based on your selection and the fact that you asked this question is good a indicator that any other alternative people would suggest won't do you that much benefit while carrying a much higher chance of being highly inconvenient.
Get a 5$/ month Nextcloud instance on Hertzner or selfhost it. You'll get 1 tb drive, calendar, notes, office suite, sync with phone, and much much more.
First off: you've come a long way. Great setup, keep it up!
As others have said, I'd reduce your reliance on Proton. I'd particularly ditch their password manager in favour of something like KeepassXC and combine it with Syncthing (which you're already using) in order to keep your passwords out of the cloud, but synced between your devices. Always think in terms of blast radius: if an attacker gets access to your Proton account (either because you fuck up or they do), they will have access to anything that's in there. Having your e-mail + pw manager there increases blast radius dramatically and allows not only for access to, but full takeover of your accounts in case of a breach.
Depends on how much privacy you need and how much tinkering to get things to work that you're willing to put up with.
In general, using a variety of services will be more private than going with a single entity like Proton.
Bitwarden is self-hostable, which makes it potentially more private than Protonpass... assuming you actually set up the self-hosting.
Signal isn't a good long-term plan, as it's entirely hosted in the US. I don't think there are currently any known compromises to the encryption model, but iirc the company can see all your communications metadata (which means the government could potentially as well). I don't mind it for talking with friends, but I would recommend against it for extreme privacy needs (e.g. the government starts getting overzealous with who it counts as enemies of the state, and you or your friends become targets).
You got great choices, actually. I'd only recommend to be as little dependent on multiple fronts on one company. So I'd change a few of Proton to something else. As long as Proton doesn't replace their CEO with an explicitly antifascist one, I don't know if they re a good spot.
Depending on how private communications must be, Threema might be better than Signal.
If you don't need to synchronise with others and your threat model is not physical attacks/theft, then agendas can be just on paper. Same for the calendar.
As for distro...
Mint is great (and honestly what I'd rec for people brand new to Linux). If you want to harden privacy/security more though, the following Linux distros might be better:
Fedora (any of them). It's an international upstream distro from Red Hat (American company, parent company is IBM). In other words, it's developed by the community, which is gathered in the Fedora Project. Their headquarters is in NC, USA. Red Hat then uses the community distro to make their own distro, and in return, finances Fedora. Linus Torvalds, the creator of Linux, uses it. If he trusts it, I trust it.
OpenSUSE Tumbleweed -, developed by the OpenSUSE community, backed by OpenSUSE from Germany. Pretty good all-arounder.
Arch Linux, developed internationally, but most devs are spread across Europe. Has an extensive wiki (that also is good for other distros), though it's not exactly "plug and play" and I'd rec it only if you know what you're doing.
Debian is another option if privacy is less of a concern for you, than it being FOSS. It's one of the most FOSS distros out there, and also highly independent and international.
I assume you want to use your distro as daily driver, and that your threat model isn't too severe. So the above ones should suffice.
If the threat model calls for it, or you're willing to sacrifice some usability for slightly more security, you could try QubesOS (arguably one of the most secure distros since it sandboxes everything as if they were a separate computer). Tails is another alternative, that's on a USB and forgets itself after usage.
For search engines...
... go for Qwant (French) or Ecosia (German). Both are European-owned and are busy constructing their own indexes (currently they still use Bing and Google). There's Mojeek (UK-based) which is independent.
I don't know how to block specific sites from popping up on them though, since I notice a certain trillionnaire's personal ""wiki"" pops up a LOT. Probably he's cheating and search bumping to spread his desinformation. It should be blocked.
Presearch also exists, which is decentralised and uses its own indexes. If you want OSS, there's SearXNG and YaCy which have metasearch options. Be careful in which instance you pick, though.
Lol very true, Ive been using Mint for maybe 7 years now, Ive tried Arch 3 times or more, broke evey single time ive used it. And that's with me not doing anything out of the ordinary. (No hate to Arch btw, I just can't figure it out)
Network effect is the biggest problem for messaging services, and so I would still push for Signal over the alternatives that are technically better. This guide seems like it is focussed on users who are new to the space
I agree with the Linux recommendation, but I'd offer CachyOS over pure Arch for newcomers. The limine bootloader gives a lot of peace of mind, since you can tell the user "if you get a bad update, reboot and pick an older option on the first screen".
Ecosia has a terrible privacy policy, I analysed it in the past. They are likely in violation of the GDPR, I'm currently considering to file a complaint, they're still a lot better than Google though, but DDG is privacy-wise superior.
another thing is that the Trumpist US regime allegedly got access to Signal through Israeli spyware (Paragon), or is trying to do so. (The Guardian)
The Swiss military also has publicly shifted away from Signal, as they deemed it unsafe for communications. Signal's still subject to the CLOUD Act, while Threema is not. (Bleeping Computer).
Adding my personal notes on search engines here for anyone's interest. I personally use Qwant on Desktop and DuckDuckGo on mobile. I like Qwant because they are at least working on their own index and are EU-based. On the other hand, DuckDuckGo is faster and has a more comprehensive privacy policy. I'm really trying to use Mojeek on mobile but the search results are much worse than DuckDuckGo and Qwant in my repeated experience.
People will agree and disagree on individual choices, as we can see by the other comments, but I think that is an excellent start.
A message for others, improving your privacy can be a gradual process, you don't need change everything at once, since that would be overwhelming. Start with one or two, and if that works for you, move on to other items.
For passwords, you can use the same KeepassXC database on multiple devices. It's encrypted, and you can have the passphrase file locally on multiple devices, and the cloud provider cannot access it even by brute forcing. The database itself would not be reliant on the cloud service, you can easily switch between any provider (I currently use dropbox)
Switched a few months ago from Gmail. Own domain. Works great so far. A bit of setup required ofc. Thunderbird on phone & just the standard calendar app because the apps I tried I didn't like. Calander & Contact sync through DAVx⁵, costs a few bucks, but it works just fine.
Now I little after this came out they do claim they removed them (odd how that suddenly changes after it was no longer secret) But then much more recent as listed on wikipedia, verifying they still have some long term deals with microsoft in **2025**…
microsoft is not going to make a deal with a perceived competitor for nothing in return.
By August 2025, Bing planned to cut off access to its search APIs in a push to sell more AI-related APIs, though **DuckDuckGo believed that larger companies like it with long-term deals would not be affected** 62 Bing had dramatically raised rates for its search API in 2022 after ChatGPT debuted. 62
There is also more general proof that while duck may technically use other sources also. It really is mostly bing:
During a Bing API outage in 2024, DuckDuckGo stopped showing results, indicating that Bing provided a substantial portion of DuckDuckGo's results.6970
I literally do not understand how they managed to take such foothold in real privacy communities. I used to love brave till the i was repeatedly pointed to the scandals that many people are aware of and informing others about… but considering ddg i rarely see anyone pointing this out. It actually smells like a huge successful marketing adventure to sell bing to privacy enthusiasts, but for that i obvio do not have proof. I often imagine this meme with bing instead of google and a cute duck go as mr incognito
Keep away from Infomaniak!!
Had a problem with my keyboard and miss the password 3 times and get account locked. OK, no stress let's do a revovery with the alternate email. I received the email to change the password, follow the link and choose a new password. Error, account is locked! OK, let's do a recovery using phone number. Receive SMS and same thing as the email!! WTF?!
So, I have to contact Infomaniak and guess what? In order to protect my account I have to send them my government issued id!! WHAT?? How can that thing protect me? This is blackmail. They have my data and want exchange it for my ID. Why they have email and phone recovery if I cannot successfuly use them? If an hacker has my alternate email and my phone, he probably also has my ID, right?
How I solved it? Well, send them a fake ID and guess watch? Five minutes later a have access to my account! They don't have the means to validate it, was what I though. So, I get all my data back and never look back.
What a disappointment, I have moved because it was cheap and I even told all my family and friends. Have to took a step back and leave them because that is all wrong.
I will never conceive the logic of a man who figures that the best way to be free from a centralized megasystem vendor is to jump straight into another full suite of a centralized megasystem vendor.
Maps - > CoMaps
Photos - > Immich (if you can self host)
Passwords - > Bitwarden (May change in the future)
I agree with others on trying to not have one service for everything, which proton is trying to become. An alternative to Proton Mail and Calendar would be Tuta, though I haven't used them.
The Bitwarden desktop client was on an EOL Electron version that doesn't get security updates and marked as insecure in Nixpkgs and it took them 3 weeks to resolve it (finally got fixed an hour ago) and it's still not fixed in any released version. It seems strange to me for a security-sensitive program to have problems like this.
always check the profit motive. Often if it's free, unsupported by donation/subscription nor sponsors with that system, and if it costs quite some money to uphold, then your data is the product.
I'm always pretty wary of when a company or its parent goes public, be it by IPO or trading - then ownership is no longer in people's hands but in profit's hands.
I understand your point for Independent Password Managers. For some people this is not a solution.
I would always recommend a password managers that fits your needs and know-how.
My parents could not use keepass with sync without breaking or loosing shit.
But protonpass, or Bitwarden or strongbox could be a viable option.
In some rare cases I would even recommend Apple Passwort App. Better than nothing.
This is really great, especially as a jumping off point. You might consider a ranked approach, like good, better, best. Most marginally privacy conscious services are going to be better than their Google analog, but some are better.
Just to give more unique feedback (although everything you have is good) if your willing to self host, add immich to google photo replacements since it'll back up photos across devices (I haven't personally looked at ente photos) and depending on how important hiding your traffic from your ISP is, consider replacing a VPN with TrackerControl which helps to stop apps from phoning home.
Have you heard of Privacy Guides? They have a whole community of people there and provide privacy focused software and service recommendations, with lots of details explaining their reasoning.
I use proton for a lot of stuff.
The calendar is useless IMO since their custom bridge doesn't support linking anything else in. Same with contacts. For those two I use a self-hosted radicalev3 container, works like a charm.
Does someone have suggestions for what proton provides with its passmail? I think their implementation and usage experience with this entire reverse-email feature is pretty great and I dont want to give this anonymity up, selectively being able to send from those passmails is also a great feature that works really well in the rare case of getting something I need to reply to.
Wdym passmail? If you mean their subscription services, you can go look what they offer.
Proton's decent as far how it works, but their CEO has some issues and an environmental activist using their services, had been arrested, though that activist afaik didn't use a VPN.
Personally I'd recommend Tuta or Mailbox.
Other options would be CounterMail (🇸🇪) and Mailfence (🇧🇪). There's other services, but those don't have E2EE.
Would CoMaps be a better recommendation than OSMand?
For those who are familiar with Ente, how are their apps? I use something different for 2FA and photos, but I need recommendations for people who don't want to deal with selfhosting and backing up Aegis
Ente is pretty nice, Their UI's are clean and not bloated much. I don't use their online services though.
Edit:
I use Osm since ive been using it for years now, all map's are pretty much forks, either from Osm or something that uses Open Street Map (from my understanding)
OSMAnd is not OSM. OSMAnd and CoMaps are on equal ground as far as using OSM.
IMO OSMAnd has more features which is great if you want them, but I prefer CoMaps for having what I need while feeling simpler. Can't really go wrong here, they're both great.
If you don't use the online services of Ente photos, check out refra (used to be called "gallery" but changed recently).
Clean UI, customizable to a degree, can download AI models to your phone for photo search. Personally it felt faster than Ente and didn't have buttons to the online service that I kept clicking on by mistake.
Isn't google auth an OTP service? Proton Pass also supports that btw! Haven't heard about Ente before and what purpose it replaces a gallery with, but again you can upload and view photos to Proton Drive as well. Although I have not yet tried it myself because I like to keep them local.
Kagi is one of the search engines I actually trust, but it is paid. I can give you trial if you want to try it out. Oh and it being US based might also be drawback.
Thank you, Auth is on there because I had to import a bunch of accounts at once. I use Ente Photos since it's a pretty nice UI, I never use their cloud storage though.
A little trick I use with obsidian is that if you use syncthing to sync the vault folder you can basically have a shared vault (in my experience the time to get edits from one device to another is like 10/15 seconds which is not bad at all)
A big difference (for some) is that the mailbox is not fully encrypted. However I only see that as a requirement if there is an actual potential threat against you (like as a journalist).
Also, Mailbox has app passwords, so you can control which applications can access it and a simple revocation will end it. Connecting directly is not possible for security reasons.
They also offer 25 free aliases, 50 additional ones if you use your own domain. And they do make it rather easy to set up the necessary records to send via your domain. Plus throwaway addresses (which will only exist for 90 days each and can only receive emails).
Mailbox offers a secure version for your email that's automatically encrypted, but also supports PGP for your reg email too (what I do). Proton is only encrupted when mailing other Proton users anyway, right? I say this as a former Proton Mail user.
I'm not sure about the Proton thing, but yeah, Mailbox sets up PGP for you at server-level, which means they are still unencrypted on the server but will always be sent encrypted.
The initial mode is that they will try to negotiate whether PGP is supported by the other side, with you having the option to always use it for the price of the opposite side having to encrypt them.
You can even enforce it on a case by case basis by adding "secure." To the mailbox.org domain, however I don't know if that is also possible when using your own domain.
Uses google as a backend and was also bought by an ad company.
I still use it, since google sometimes cuts deals with sites like reddit such that reddit is only scrapable by google. But it's a last resort, after duckduckgo.
etc and overall have a reasonable default option but not hide that there are alternative. We want everybody to move away but if everybody moves to Proton as a suite and they enshitify then we are (nearly) back to square one. So I think showing that good alternatives exist is great. Helping people who already use an alternative others, maybe even better one for THEIR criteria also exist, is even better.
I'd also add a Github (or better CodeBerg or self-hosted Gitea) link at the bottom to https://github.com/ente-io/privacypack with the license (MIT) visible.
As for GDPR, California has something similar, so that also might be good. California still falls under the federal CLOUD Act and their like, though.
If advertising companies (or really, stuff with an incentive to hunger for data) are a concern, I would not recommend the search engine Startpage. Other than that, its policies are afaik fairly decent.
For software, I think it being OSS or at least fully audited by an independent, transparent security auditor, is crucial. You want to avoid shell companies and such whose ultimate ownership is unclear. Or CEOs with questionable histories.
Self-hostability is a good one, though not everyone has the expertise required.
Not everyone car for the same things nor has the same abilities indeed, that's why I'm thinking of optional filters. I also want to clarify the process is important to keep in mind, namely if somebody just started to move away from BigTech or surveillance capitalism or whatever is problematic for them, it's not the same as somebody else who dedicated their live to that a decade ago. So IMHO the hope is that people can add more and more filters whenever they feel comfortable they have the available resources to do so. It's a journey for each of us, on different paths at difference paces.
DDG is fine. It's hard to have a "completely private" search engine as currently only Big Tech has a comprehensive enough index of the internet to effectively provide a search engine.
Obsidian isn't FOSS though. I'd recommend Notesnook as an alternative. I haven't tried any of the following but I also know of Logseq (which aims to do what Obsidian does but FOSS), Joplin, and Standard Notes, which you might want to look into.
The only thing that is still holding me back is the OS, i have a HMD Skyline and it's great but it doesn't get a lot of open source support, the only option that pops up is /e/os and even on their website HMD isn't listed, anyone have suggestions for a HMD OS alternative?
Also have a Motorola and an older Sony Xperia to use as guinea pigs.
Don't know Ente, but the GrapheneOS gallery works fine for basics, and pop Immich on Mint for the rest of google photos functionality. I'll suggest Bazzite for the distro, especially if they game or are likely to break things.
Ente is more than alright, I wouldn't recommend self-hosted solutions to people who do not have the admin experience required, losing something as valueable as photos or videos can be very damaging.
That's fair. Guess I should have a look, might be a recommendation to someone. Initial impressions are quite positive, I mean I'll stick with Immich, still...
After my wife complained again about not being able to delete photos in PhotoPrism, I finally bit þe bullet and migrated to Immich.
So. Much. Better.
Even if you wave off þe features PhotoPrism has locked behind a paywall which Immich provides for free, þe ecosystem is just better. Þe Immich mobike apps (on mobile Linux and on Android) are better; you don't need a fussy 3rd-party sync tool*; Immich supports multi-user so you don't have to run a server for each user; and Immich CLI tooling options (immich-go) are great.
I have an allergy to running node software anywhere, but it's worþ it for Immich. It's þat much better.
(*) DGMW, PhotoBackup is great, but having to set it up for each user on boþ server and mobile is tedious, and þe whole Rube Goldberg system is harder to keep track of - especially for non-techies who just want þe damned thing to work
Gmail - > tuta mail
Also you use way too much proton. Don't put all your eggs in one basket
Mullvad Browser, SearX or StartPage search, SimpleX or Briar messenger, Fossify Suite(Files, Camera, Gallery, Calendar, Notes, Keyboard, etc), Filen Cloud, Aegis 2FA, SimpleLogin or Addy as mask to email account, FlorisBoard keyboard
Perhaps this one:
Proton Mail -> Tuta Mail
Why? I would be careful with Proton Mail b/c it presumably advocates the Swiss surveillance and security law, which allows to keep information for a longer period of time.
BTW, you can add:
GitHub -> Codeberg (or Forgejo)
If I'm being very picky and perfectionist, Obsidian.
It's closed source, and there are open-source alternatives, be it Trilium, Zettlr or whatever strikes your fancy
Proton Pass. For privacy, either self host or use offline password managers.
What is obsidian and signal note to self?
Rn I just add me wife to new chats and keep my notes there. Im sre she loves it.
Note taking.
https://notetoselfapp.com/
https://obsidian.md/
I dont follow, how does it relate to signal as in the picture?
Dude is just Sendung a signal message to hinself
Apologies, my eyes are old
https://support.signal.org/hc/en-us/articles/360043272451-Note-to-Self
It's to replace Google Keep as a note taker.
One of the reasons I prefer Nextcloud is it makes a lot of this easier. Nextcloud Notes is simple MD file and subfolder structure. Nothing special, no special clients needed. They have a droid client, the web version works from desktop, but you can also just sync the folder to a device and open them with anything.
The proprietary format of Obsidian and others like Joplin was too abrasive across clients for me and too locked in to their format. I prefer just using MD because I can edit if with whatever.
Maps is the hardest thing to replace. I like comaps but it's hard to find any businesses on it. They should probably start scrapping google maps because there no way to get ahead at this point.
I use Mapy (EU)
Murena Workspace and kDrive instead of Gmail/Gdrive
AlterSend (P2P) instead of DropBox
vgy.me (UK) instead of Google Photos
Search - Mojeek, Startpage, MetaGer
AI - Andisearch
Vivaldi Browser, it's Calendar, Mail and Mail Client, Feed, Notes
Zen Browser
Mandatory Portmaster on Desktop (Windows/Linux) and InViziblePro (Mobile)
Mapy uses OSM data outside the Czech Republic, and the extra features there compared to FOSS apps are only marginally useful. However, I am in the Czech Republic so I use the year-old 9.55.2 (9550200) Android app (last version before Premium enshittification).
Correct, but there isn't any good FOSS map out there, all rely on OSM, and Mapy certainly isn't the worst. Another good free and independent map is HERE. With maps it always depends for what you use it. It's sad that there isn't any real alternative to Google Maps and Street View (HERE map at least has a 3D view on street level, but only graphically, not real images). Really private are Maps in paper, which you can buy in Tourist offices (there often free) and Gas Stations, old School
Have you tried Magic Earth Navigation. I tend to switch between Magic Earth and CoMaps but tend to use MAgic Earth more
Its not on fdroid?
It's unfortunately not truly FOSS, it's still closed source. But literally every map app with traffic data is so, I just use it to avoid Google... Use Aurora store to get it.
Arent you using too much proton
Ecosystems which are easy to use are great for users and the reason why Google has a monopoly. If proton is a decent privacy centered alternative then more power to them.
As others have said, remove all proton stuff that you can. You are just replacing one centralized service with another. Google started out good too and look where we are now. Never put too many eggs in one basket.
My answer to this is to use a custom domain with an email aliasing service.
I've gone through about half of the 400 accounts in my password manager and moved them over. I'll migrate the rest over the next week or so.
So, I'm switching from Gmail to Proton for now, but if Proton starts to get worse or Tuta catches up on functionality or there's a better provider that emerges or I decide to try to self-host, it's one easy change at the alias provider to redirect all of my mail to a new email provider.
You should try migadu. Thats the most no-bs provider with custom Domains I could find
Just recently discovered Migadu and it's all I ever wanted!
What does Migadu do? I'm not understanding what "consolidation" means in this context. ELI5?
Thanks. Since I'm just starting my privacy journey, I'm sticking with the mainstream options for now, but using an aliasing service will make it easy easy for me to switch in the future. I'll check it Migadu and I appreciate the suggestion.
They have almost twice as many google apps though. Why didn't you mention those?
There are arrows between the icons. The google ones are what they are switching away from.
I wouldn’t say remove all, although I agree with the “don’t put all your eggs in one basket” sentiment.
But Proton is still a European company and the Swiss government is much more trustworthy than the Americans. It’s still a really good mix between privacy and user-friendliness, unlike most of the other options.
What's with all the hoopla about Google nuking devices with GrapheneOS lately?
I prefer Comaps over OSMand.
OSMAnd has a lot more features that I personally use
different purpose in my opinion
How so? Isn't it a fork after a dispute about direction?
You're thinking of Organic Maps
Comaps is not a fork of OSMAnd.. OSMAnd is a high powered offline maps and trip planning toolkit with many layer options, custom layers, multiple map views, and a range of plugins.
Comaps is.. Well an offline compatible Google mapsish clone. It doesnt have anywhere near the capability of OSMAnd. Its more "general user" focused.
The difference is a navigation app vs a maps app
As others have pointed out, having so many Proton apps might be an issue. However, that line of thought only works if you’re really concerned about having a single point of failure. Most people value convenience much more than that.
The way I see it, this setup is somewhat noob-friendly, but relying heavily on Proton makes it a lot more convenient for many people. Using a greater variety of providers would make sense, but you can’t expect everyone to be ready for a hassle like that. People seem to expect you to be a hard-core privacy warrior who is willing to make significant sacrifices for philosophical reasons.
Most people aren’t like that. Just switching to DDG is hard enough for them, but at least it’s a step in the right direction.
If you take only 1/10th of this diagram, you get the simplified newbie version. Take all of it, and it’s for a person who is clearly interested in security and privacy. Modify a few things here and there, and you get a version for a serious security enthusiast. Different versions for different audiences.
Using Proton Mail, Calendar and Docs is a lot, lot better than using the Google suite. We shouldnt put people off changing, as you said the convenience is important and often forgotton as the major reason people stick with Google.
Just use tutamail - better track record and hosted in Germany
That would have been my recommendation as well. It also diversifies the setup a bit.
However, I can also appreciate Proton as a convenient gateway drug that leads people away from Google.
What track record? They are both the same.
Proton is just more user-friendly.
tuta hasnt sponsored a single far right influencer to my knowledge
Obsidian is closed source or not fully open source iirc. Try Notesnook if you need sync.
Logseq is a good alternative to Obsidian
I love Logseq and I've been using it for many years. But TBH it's not an alternative to Obsidian. At all. It's a differrent app with a differrent approach.
My boss uses Obsidian, and me and a colleague use Lagseq. They seem to do the same job for our needs. I'm curious to know what features of Obsidian is Logseq lacking for your usecase?
Apparently Emacs is on F-Droid so you could use org-mode as well, although IDK how well it works
Orgzly is what you use for org-mode on Android. Haven't seen anything beat it.
Sweet, I'll try it out
My preference was Joplin synced through self hosted Nextcloud
Yeah or standard notes if they like the proton products
Standard Notes was written by a different company (largely just one developer) and is not like other proton products.
Proton simply bought it so they didn't have to write their own.
Yeah good call out. I just meant that there are many people that don't trust/dislike proton. OP though seems cool with proton so then they might be cool with standard notes.
If you're already moving to Graphene, just use Vanadium as your browser. It ships with GOS and is an excellent privacy choice.
Also, proton mail kinda sucks. I used it for a while but switched to fastmail because an email account with zero interoperability is kinda a lousy used experience.
Edit: same with proton calendar. I like the concept but in practice having a locked away calendar isn't a great feel.
What do you mean "zero interoperability"?
Isn't the point of moving from things like GMAIL is because the interoperability is exactly why all your data is fucked?
Its just where philosophical and practical meet the road for me.
Proton is a cool idea because they say they don't scan anything, and that brought me in; but not being able to use an email client of my choice made my day to day experience less pleasant. If you're in desperate need of the encryption on their servers it may be a totally reasonable trade off, but it wasn't for me and I've heard many others say basically the same.
Because my main objective was not having my personal emails feed the corporate giants my personal information, rather than a hard requirement of encryption, it makes a lot more sense to use fastmail or a similar service and keep the day to day usability of not being completely locked into the proton ecosystem.
Same thing for my calendar, more important to be able to share events with people not logged into proton and to use the client I actually like.
Side note: much of the sell of proton mail gets tossed out the window when you send an email to anyone not using proton. If you email someone using gmail or apple or whatever that server side encryption from proton doesn't mean dick anymore.
In my honest opinion? Nothing. There is nothing worth changing here, all the other advice is just different kinds of extreme.
based on your selection and the fact that you asked this question is good a indicator that any other alternative people would suggest won't do you that much benefit while carrying a much higher chance of being highly inconvenient.
I don't trust proton.
Get a 5$/ month Nextcloud instance on Hertzner or selfhost it. You'll get 1 tb drive, calendar, notes, office suite, sync with phone, and much much more.
Or Tutamail
Incoming Proton hate. This place has taken to that campaign exceptionally well.
First off: you've come a long way. Great setup, keep it up!
As others have said, I'd reduce your reliance on Proton. I'd particularly ditch their password manager in favour of something like KeepassXC and combine it with Syncthing (which you're already using) in order to keep your passwords out of the cloud, but synced between your devices. Always think in terms of blast radius: if an attacker gets access to your Proton account (either because you fuck up or they do), they will have access to anything that's in there. Having your e-mail + pw manager there increases blast radius dramatically and allows not only for access to, but full takeover of your accounts in case of a breach.
Depends on how much privacy you need and how much tinkering to get things to work that you're willing to put up with.
In general, using a variety of services will be more private than going with a single entity like Proton.
Bitwarden is self-hostable, which makes it potentially more private than Protonpass... assuming you actually set up the self-hosting.
Signal isn't a good long-term plan, as it's entirely hosted in the US. I don't think there are currently any known compromises to the encryption model, but iirc the company can see all your communications metadata (which means the government could potentially as well). I don't mind it for talking with friends, but I would recommend against it for extreme privacy needs (e.g. the government starts getting overzealous with who it counts as enemies of the state, and you or your friends become targets).
Some of these require self-hosting, so you might need Headscale or WireGuard to connect to them
Browser based wallet? Good god, no thx
Netbird is also good for connecting to them
You got great choices, actually. I'd only recommend to be as little dependent on multiple fronts on one company. So I'd change a few of Proton to something else. As long as Proton doesn't replace their CEO with an explicitly antifascist one, I don't know if they re a good spot.
Depending on how private communications must be, Threema might be better than Signal.
If you don't need to synchronise with others and your threat model is not physical attacks/theft, then agendas can be just on paper. Same for the calendar.
As for distro...
Mint is great (and honestly what I'd rec for people brand new to Linux). If you want to harden privacy/security more though, the following Linux distros might be better:
I assume you want to use your distro as daily driver, and that your threat model isn't too severe. So the above ones should suffice.
If the threat model calls for it, or you're willing to sacrifice some usability for slightly more security, you could try QubesOS (arguably one of the most secure distros since it sandboxes everything as if they were a separate computer). Tails is another alternative, that's on a USB and forgets itself after usage.
For search engines...
... go for Qwant (French) or Ecosia (German). Both are European-owned and are busy constructing their own indexes (currently they still use Bing and Google). There's Mojeek (UK-based) which is independent.
I don't know how to block specific sites from popping up on them though, since I notice a certain trillionnaire's personal ""wiki"" pops up a LOT. Probably he's cheating and search bumping to spread his desinformation. It should be blocked.
Presearch also exists, which is decentralised and uses its own indexes. If you want OSS, there's SearXNG and YaCy which have metasearch options. Be careful in which instance you pick, though.
You can break anything quite easily on arch if you don't know what you're doing, including security.
Lol very true, Ive been using Mint for maybe 7 years now, Ive tried Arch 3 times or more, broke evey single time ive used it. And that's with me not doing anything out of the ordinary. (No hate to Arch btw, I just can't figure it out)
There is exactly zero privacy upside to be gained by moving from Mint to Debian, Fedora, OpenSUSE or Arch.
Qubes and Tails may give you an edge, but add quite dramatic convenience costs. Unless you have a very specific threat model, this is overkill.
Network effect is the biggest problem for messaging services, and so I would still push for Signal over the alternatives that are technically better. This guide seems like it is focussed on users who are new to the space
I agree with the Linux recommendation, but I'd offer CachyOS over pure Arch for newcomers. The limine bootloader gives a lot of peace of mind, since you can tell the user "if you get a bad update, reboot and pick an older option on the first screen".
Ecosia has a terrible privacy policy, I analysed it in the past. They are likely in violation of the GDPR, I'm currently considering to file a complaint, they're still a lot better than Google though, but DDG is privacy-wise superior.
SecureBlue also looks decent and brings some of the security hardening used in GrapheneOS
Last time I tried qwant they don't serve Taiwan, which is one of the points I VPN to that I cycle
I haven't tried many other countries.
So just a head's up to anybody reading.
Why is Threema better than Signal?
See here - secure messaging apps
another thing is that the Trumpist US regime allegedly got access to Signal through Israeli spyware (Paragon), or is trying to do so. (The Guardian)
The Swiss military also has publicly shifted away from Signal, as they deemed it unsafe for communications. Signal's still subject to the CLOUD Act, while Threema is not. (Bleeping Computer).
See here why the link you shared isn't a good source:
https://soatok.blog/2025/07/07/checklists-are-the-thief-of-joy/
And learn more about Threema vs. Signal:
https://soatok.blog/2021/11/05/threema-three-strikes-youre-out/
The signal one suggests it's a phone OS hack that can open apps so could probably do threema too.
The article you shared suggested it's likely the result of lobbying by the company so they use a company inside the country.
Adding my personal notes on search engines here for anyone's interest. I personally use Qwant on Desktop and DuckDuckGo on mobile. I like Qwant because they are at least working on their own index and are EU-based. On the other hand, DuckDuckGo is faster and has a more comprehensive privacy policy. I'm really trying to use Mojeek on mobile but the search results are much worse than DuckDuckGo and Qwant in my repeated experience.
Yeah looking at it I had the same thought. Il look into Threema, thanks!
People will agree and disagree on individual choices, as we can see by the other comments, but I think that is an excellent start.
A message for others, improving your privacy can be a gradual process, you don't need change everything at once, since that would be overwhelming. Start with one or two, and if that works for you, move on to other items.
For passwords, you can use the same KeepassXC database on multiple devices. It's encrypted, and you can have the passphrase file locally on multiple devices, and the cloud provider cannot access it even by brute forcing. The database itself would not be reliant on the cloud service, you can easily switch between any provider (I currently use dropbox)
Anyone have thoughts on mailbox.org? I have been thinking of switching. Anyone with experience with the service?
I use it. Nothing but positive experiences so far.
Switched a few months ago from Gmail. Own domain. Works great so far. A bit of setup required ofc. Thunderbird on phone & just the standard calendar app because the apps I tried I didn't like. Calander & Contact sync through DAVx⁵, costs a few bucks, but it works just fine.
Have been using it solely for mail with my own domain for a few years. Absolutely nothing to complain about. Always worked flawlessly.
I really like it. Works well and is simple to set up.
I prefer Comaps over OsmAnd, it's just much simpler
Duckduckgo -> selfhosted searxng… startpage has also not yet been involved in any controversy for a non selfhosted option.
Copy paste of why duck duck go is a problem:
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
Now I little after this came out they do claim they removed them (odd how that suddenly changes after it was no longer secret) But then much more recent as listed on wikipedia, verifying they still have some long term deals with microsoft in **2025**… microsoft is not going to make a deal with a perceived competitor for nothing in return.
There is also more general proof that while duck may technically use other sources also. It really is mostly bing:
I literally do not understand how they managed to take such foothold in real privacy communities. I used to love brave till the i was repeatedly pointed to the scandals that many people are aware of and informing others about… but considering ddg i rarely see anyone pointing this out. It actually smells like a huge successful marketing adventure to sell bing to privacy enthusiasts, but for that i obvio do not have proof. I often imagine this meme with bing instead of google and a cute duck go as mr incognito
I would recommend changing everything Proton with Infomaniak's KSuite: https://www.infomaniak.com/en/ksuite/myksuite
Keep away from Infomaniak!! Had a problem with my keyboard and miss the password 3 times and get account locked. OK, no stress let's do a revovery with the alternate email. I received the email to change the password, follow the link and choose a new password. Error, account is locked! OK, let's do a recovery using phone number. Receive SMS and same thing as the email!! WTF?! So, I have to contact Infomaniak and guess what? In order to protect my account I have to send them my government issued id!! WHAT?? How can that thing protect me? This is blackmail. They have my data and want exchange it for my ID. Why they have email and phone recovery if I cannot successfuly use them? If an hacker has my alternate email and my phone, he probably also has my ID, right? How I solved it? Well, send them a fake ID and guess watch? Five minutes later a have access to my account! They don't have the means to validate it, was what I though. So, I get all my data back and never look back. What a disappointment, I have moved because it was cheap and I even told all my family and friends. Have to took a step back and leave them because that is all wrong.
I will never conceive the logic of a man who figures that the best way to be free from a centralized megasystem vendor is to jump straight into another full suite of a centralized megasystem vendor.
You completely missed the point.
+1 for leaving Proton. Bad company, the CEO is a Trump bootlicker
???
Maps - > CoMaps Photos - > Immich (if you can self host) Passwords - > Bitwarden (May change in the future)
I agree with others on trying to not have one service for everything, which proton is trying to become. An alternative to Proton Mail and Calendar would be Tuta, though I haven't used them.
The Bitwarden desktop client was on an EOL Electron version that doesn't get security updates and marked as insecure in Nixpkgs and it took them 3 weeks to resolve it (finally got fixed an hour ago) and it's still not fixed in any released version. It seems strange to me for a security-sensitive program to have problems like this.
mailbox also.
always check the profit motive. Often if it's free, unsupported by donation/subscription nor sponsors with that system, and if it costs quite some money to uphold, then your data is the product.
I'm always pretty wary of when a company or its parent goes public, be it by IPO or trading - then ownership is no longer in people's hands but in profit's hands.
Proton Pass could be replaced by a synchronised KeePassXC/DX database.
I understand your point for Independent Password Managers. For some people this is not a solution. I would always recommend a password managers that fits your needs and know-how. My parents could not use keepass with sync without breaking or loosing shit. But protonpass, or Bitwarden or strongbox could be a viable option. In some rare cases I would even recommend Apple Passwort App. Better than nothing.
If you can figure out Linux, you can definitely use KeepassXC...
I use KeepassXC and it's database syncs great with Syncthing.
What I don't like about KP is it's ui. Too many pages. Everything should be one one page like KeepassDX. I wouldn't recommend for noobs.
Or Bitwarden (can selfhost too)
Thats a good idea, I only use is for accounts that I must have access to, other than that I write them on an encrypted SD card.
This is really great, especially as a jumping off point. You might consider a ranked approach, like good, better, best. Most marginally privacy conscious services are going to be better than their Google analog, but some are better.
Just to give more unique feedback (although everything you have is good) if your willing to self host, add immich to google photo replacements since it'll back up photos across devices (I haven't personally looked at ente photos) and depending on how important hiding your traffic from your ISP is, consider replacing a VPN with TrackerControl which helps to stop apps from phoning home.
Have you heard of Privacy Guides? They have a whole community of people there and provide privacy focused software and service recommendations, with lots of details explaining their reasoning.
I use proton for a lot of stuff. The calendar is useless IMO since their custom bridge doesn't support linking anything else in. Same with contacts. For those two I use a self-hosted radicalev3 container, works like a charm.
Does someone have suggestions for what proton provides with its passmail? I think their implementation and usage experience with this entire reverse-email feature is pretty great and I dont want to give this anonymity up, selectively being able to send from those passmails is also a great feature that works really well in the rare case of getting something I need to reply to.
Wdym passmail? If you mean their subscription services, you can go look what they offer.
Proton's decent as far how it works, but their CEO has some issues and an environmental activist using their services, had been arrested, though that activist afaik didn't use a VPN.
Personally I'd recommend Tuta or Mailbox.
Other options would be CounterMail (🇸🇪) and Mailfence (🇧🇪). There's other services, but those don't have E2EE.
Was that the arrest for 'doxxing police officers'?
Would CoMaps be a better recommendation than OSMand?
For those who are familiar with Ente, how are their apps? I use something different for 2FA and photos, but I need recommendations for people who don't want to deal with selfhosting and backing up Aegis
I switched from Google Authenticator to Ente Auth recently and am very, very happy. It works great.
I haven't tried their other apps yet, though. I intend to take a look at their images app.
Ente is pretty nice, Their UI's are clean and not bloated much. I don't use their online services though.
Edit: I use Osm since ive been using it for years now, all map's are pretty much forks, either from Osm or something that uses Open Street Map (from my understanding)
OSMAnd is not OSM. OSMAnd and CoMaps are on equal ground as far as using OSM.
IMO OSMAnd has more features which is great if you want them, but I prefer CoMaps for having what I need while feeling simpler. Can't really go wrong here, they're both great.
I prefer CoMaps for the same reason. It does what I need it to do while not overwhelming me with options, it's neat.
If you don't use the online services of Ente photos, check out refra (used to be called "gallery" but changed recently).
Clean UI, customizable to a degree, can download AI models to your phone for photo search. Personally it felt faster than Ente and didn't have buttons to the online service that I kept clicking on by mistake.
Isn't google auth an OTP service? Proton Pass also supports that btw! Haven't heard about Ente before and what purpose it replaces a gallery with, but again you can upload and view photos to Proton Drive as well. Although I have not yet tried it myself because I like to keep them local.
Kagi is one of the search engines I actually trust, but it is paid. I can give you trial if you want to try it out. Oh and it being US based might also be drawback.
Pretty solid list I'd say!
Thank you, Auth is on there because I had to import a bunch of accounts at once. I use Ente Photos since it's a pretty nice UI, I never use their cloud storage though.
A little trick I use with obsidian is that if you use syncthing to sync the vault folder you can basically have a shared vault (in my experience the time to get edits from one device to another is like 10/15 seconds which is not bad at all)
mailbox.org > proton mail
it's not free, but it is secure.
the base plan is €12 (~$14 USD) /year
A big difference (for some) is that the mailbox is not fully encrypted. However I only see that as a requirement if there is an actual potential threat against you (like as a journalist).
Also, Mailbox has app passwords, so you can control which applications can access it and a simple revocation will end it. Connecting directly is not possible for security reasons.
They also offer 25 free aliases, 50 additional ones if you use your own domain. And they do make it rather easy to set up the necessary records to send via your domain. Plus throwaway addresses (which will only exist for 90 days each and can only receive emails).
Mailbox offers a secure version for your email that's automatically encrypted, but also supports PGP for your reg email too (what I do). Proton is only encrupted when mailing other Proton users anyway, right? I say this as a former Proton Mail user.
I'm not sure about the Proton thing, but yeah, Mailbox sets up PGP for you at server-level, which means they are still unencrypted on the server but will always be sent encrypted.
The initial mode is that they will try to negotiate whether PGP is supported by the other side, with you having the option to always use it for the price of the opposite side having to encrypt them.
You can even enforce it on a case by case basis by adding "secure." To the mailbox.org domain, however I don't know if that is also possible when using your own domain.
Didn't see anyone else say this: DDG is certainly a great choice for search engine, though I'd recommend brave search:
Due to several of the companies issues (and it being chromium) I don't recommend the browser but I do really like the search engine.
Why not Startpage?
Uses google as a backend and was also bought by an ad company.
I still use it, since google sometimes cuts deals with sites like reddit such that reddit is only scrapable by google. But it's a last resort, after duckduckgo.
I'd add criteria, e.g.
etc and overall have a reasonable default option but not hide that there are alternative. We want everybody to move away but if everybody moves to Proton as a suite and they enshitify then we are (nearly) back to square one. So I think showing that good alternatives exist is great. Helping people who already use an alternative others, maybe even better one for THEIR criteria also exist, is even better.
I'd also add a Github (or better CodeBerg or self-hosted Gitea) link at the bottom to https://github.com/ente-io/privacypack with the license (MIT) visible.
As for GDPR, California has something similar, so that also might be good. California still falls under the federal CLOUD Act and their like, though.
If advertising companies (or really, stuff with an incentive to hunger for data) are a concern, I would not recommend the search engine Startpage. Other than that, its policies are afaik fairly decent.
For software, I think it being OSS or at least fully audited by an independent, transparent security auditor, is crucial. You want to avoid shell companies and such whose ultimate ownership is unclear. Or CEOs with questionable histories.
Self-hostability is a good one, though not everyone has the expertise required.
Not everyone car for the same things nor has the same abilities indeed, that's why I'm thinking of optional filters. I also want to clarify the process is important to keep in mind, namely if somebody just started to move away from BigTech or surveillance capitalism or whatever is problematic for them, it's not the same as somebody else who dedicated their live to that a decade ago. So IMHO the hope is that people can add more and more filters whenever they feel comfortable they have the available resources to do so. It's a journey for each of us, on different paths at difference paces.
For Google keep replacement, check out Simple Notes Sync. I've been using it for a few months now 🙂
Contacts > the stock apps on GOS without network access.
Keep > Notesnook.
I think your search engine is more than alright. Regarding the rest, I believe it requires no change aslong as you feel satisfied with it.
@roomy I would change google drive for filen, and I don't trust signal at all, so I woul replace it with jami or conversations.im
DDG is fine. It's hard to have a "completely private" search engine as currently only Big Tech has a comprehensive enough index of the internet to effectively provide a search engine.
Obsidian isn't FOSS though. I'd recommend Notesnook as an alternative. I haven't tried any of the following but I also know of Logseq (which aims to do what Obsidian does but FOSS), Joplin, and Standard Notes, which you might want to look into.
Brave actually operates an independent index.
I'm also slowly breaking out of the Google noose.
The only thing that is still holding me back is the OS, i have a HMD Skyline and it's great but it doesn't get a lot of open source support, the only option that pops up is /e/os and even on their website HMD isn't listed, anyone have suggestions for a HMD OS alternative?
Also have a Motorola and an older Sony Xperia to use as guinea pigs.
Don't know Ente, but the GrapheneOS gallery works fine for basics, and pop Immich on Mint for the rest of google photos functionality. I'll suggest Bazzite for the distro, especially if they game or are likely to break things.
Ente is more than alright, I wouldn't recommend self-hosted solutions to people who do not have the admin experience required, losing something as valueable as photos or videos can be very damaging.
That's fair. Guess I should have a look, might be a recommendation to someone. Initial impressions are quite positive, I mean I'll stick with Immich, still...
Fossify photos is also good.
After my wife complained again about not being able to delete photos in PhotoPrism, I finally bit þe bullet and migrated to Immich.
So. Much. Better.
Even if you wave off þe features PhotoPrism has locked behind a paywall which Immich provides for free, þe ecosystem is just better. Þe Immich mobike apps (on mobile Linux and on Android) are better; you don't need a fussy 3rd-party sync tool*; Immich supports multi-user so you don't have to run a server for each user; and Immich CLI tooling options (immich-go) are great.
I have an allergy to running node software anywhere, but it's worþ it for Immich. It's þat much better.
(*) DGMW, PhotoBackup is great, but having to set it up for each user on boþ server and mobile is tedious, and þe whole Rube Goldberg system is harder to keep track of - especially for non-techies who just want þe damned thing to work
No VPN -> Mullvad VPN
Bro what? Using a VPN depends highly on your use case. This is way to general. I would remove that.
That really just depends on how privacy-respecting your ISP is compared to the vpn
lol how come