Free & Open-source Apps As Privacy-focused Alternatives

Unlike what we did in the past, we need a computer to be the digital self, most people spend most of the time online with their mobile nowadays. A few years ago, if you want to protect privacy with apps, you do not have much choice. But now, multiple options are available and so of them are also open-source and free of charge.

This time, I would focus on 5 areas for people to start with:

• Authenticator Apps
• Privacy-Focused Browser
• Password Manager
• Encrypted Messager
• Device Location Tracker

At the beginner level, let’s try them yourself and share them with people in your life who also care about their privacy.

1# 2FA Without Giving up Privacy — Authenticator Apps

You may already know how to use two-factor authentication to log into accounts. But may limit to using services that give a phone number or email address to receive a security code that requires active connections or phone services.

Authenticator apps generate a time code to log into an account and provide stronger security without the added privacy concern of giving out a phone number. This is a 2-factor authentication because:

• The phone with the app installed — Something you have.
• The time code in the app — Something you know. It also proves you have the device at the time period.

Some accounts request you use a specific authenticator app, while others let you choose. Popular options include Google Authenticator (Android, iOS) and Microsoft Authenticator, supporting multiple accounts, and Authy, which also supports a range of accounts and offers secure cloud backups.

2# Privacy-Focused Browsing (Updated)

It would be best if you had a web browser to surf online. But you may not know what data the site store and tracks. Tracking scripts and cookies are also alarming that developers may not be aware they captured more than needed.

Firefox is a popular choice and on the web for a while as it is fast and easy to use. It has built-in “trackers blocking” features and password vaults for users to protect their identity.

Mozilla also has a privacy-focused browser called Firefox Focus, which lets you easily erase browser history, passwords, bookmarks, and cookies and prevent unwanted ads. Firefox Focus blocks a range of common Web trackers by default without changing any settings, though you can customize settings within the app.

Brave Web Browser is a newcomer in the browser arena. It does not store any record of people’s browsing history, making the browser the best privacy-preserving web browser.

One advantage of Brave is the support of the Chrome extensions. Therefore, you can switch from the memory-hungry application to this one and enjoy it. I use Firefox and Brave only, on mobile or windows platforms.

Tor is an anonymization-based project called the short form of “The Onion Routing,” an open-source software project for enabling anonymous communication. And Tor Browser is an easy-to-use for anonymous web surfing.

Apart from what Firefox and Brave can provide, Tor Browser adds fingerprinting resistance and encryption to your browsing activities. Tor browser accesses the web via multiple hops to increase the difficulties of being traced back (directly increase the digital distancing).

It can also bypass censorship. People who use Dark Web would also take this extra precaution before accessing it.

Extra: Extensions and Settings Tips

I would suggest going the extra mile in the browser area. One addition is the ad-blocking extension. Brave has its built-in ad-blocking features called “Shield.” I added the addon called “uBlock Origin,” which both available on Firefox and Chrome.

Another bonus tip is, use a “private window” or “incognito mode” to surf if you do not need to log in or do not want to leave traces. One thing I would typically do is do Google Search using a private window. It can prevent Google from mapping my Google account with my searches.

3# Password Vault for All — Password Manager

Before passwordless can be used anywhere, we still need strong passwords. We all know someone who uses their pet’s name as their password for the email account, Amazon, and social media accounts (among others). The first thing you should do to enhance security is to use different passwords for different accounts.

All password manager is a local vault to store all your passwords and use a “master key” to safeguard them. The app may often come with password generation features so that you do not need to create them one by one.

Firefox Lockwise is the equivalent of Firefox. First, it is open-source, and you can find the code on GitHub. Second, Firefox is well-known as a privacy-first browser, so you do not need to worry too much about your data. Lastly, it supports both Android and iOS.

Bitwarden is another open-source option for a password manager. One benefit of Bitwarden is the cross-platform support as the application supports Desktop OS (Windows, Mac, Linux), Web Browsers (Chrome, Firefox, Safari, Brave, Tor…), and Mobile. Bitwarden even offers command-line tools for the user to write and execute scripts on the password vault.

If you want one for your desktop, you can try Keepass Password Safe. This one is easy to use and has multiple plugins to let you autosave and load passwords into different browsers or applications after authentication. I like this application as it supports not only the master password but also the concept of “Key File,” in which users can select any file as part of the key for opening the vault.

Not all computers would have a fingerprint scanner that we can use for vault opening. Using a key file as a compliment of your master password could be an extra safeguard with the minimum change in user behavior.

4# Secure Communication — Encrypted Messaging

Signal and Telegram are among a small but expanding group of messaging apps built with some level of encryption and are growing in popularity as more people become security-conscious.

Signal Messenger is trusted by many technology leaders such as Elon Musk, Jack Dorsey (Twitter CEO), and Bruce Schneier (Security Expert). It is because:

• Open-source
• Peer reviewed
• Funded entirely by grants and donations, i.e., no drive to earn more

The Signal app is among the strongest messaging apps for encrypted communications. If you’d like to explore other messaging apps with built-in encryption, you can also check out Telegram, although end-to-end encryption is not enabled by default (you need to switch to Secret Chat mode manually).

5# An Upgrade for Find My Phone — Prey

Prey Project supplement both iPhone and Android device’s built-in measures to track a lost or stolen phone. It aims to build on those capabilities with tools that help to track and recover a lost smartphone, tablet, or laptop easily.

The app provides a concept of control zones — specific areas on a map the device shouldn’t leave. We can configure a zone with security actions (for example, a lock ) that trigger when a device moves in or out of the zone.

If a device is missing, you can:

• lock the screen remotely
• send an alert to contact the owner
• set off an alarm that will ring like gangbusters so you could hear it if the stolen phone is still nearby.

When a device goes missing, Prey generates a report that includes:

• GPS tracking coordinates
• active nearby Wi-Fi locations, and
• hardware information about the device (IP, MAC address, and serial number)
• When available, the app will also take a photo of the perpetrator.

Remarks: A free plan lets you track up to three devices in a single control zone, take basic security actions, and receive evidence reports, but no data protection or reactive security.

Final Words

There always things we can do to gain more control over our personal data. For our digital self, we should value our data as the real world. We have vaults to store our personalized jewelry, and we only share our financial records with the bank.

There is no 100% anonymity on the internet. Every time you tap on your phone, you leave some traces. But it is not about being invisible to others because it would be impossible to interact with others.

If you want to do more now, try the followings:

• Check Your App Permissions and double-check the privacy settings on social media apps.
• Regarding Virtual Private Network (VPN) — Assume VPN providers keep logs and check if the provider support PFS — Perfect Forward Secrecy. Also, check the privacy law and regulations of VPN provider’s locations.

Thank you for reading. May InfoSec be with you🖖.