As others have said, remove all proton stuff that you can. You are just replacing one centralized service with another. Google started out good too and look where we are now. Never put too many eggs in one basket.
My answer to this is to use a custom domain with an email aliasing service.
I've gone through about half of the 400 accounts in my password manager and moved them over. I'll migrate the rest over the next week or so.
So, I'm switching from Gmail to Proton for now, but if Proton starts to get worse or Tuta catches up on functionality or there's a better provider that emerges or I decide to try to self-host, it's one easy change at the alias provider to redirect all of my mail to a new email provider.
You should try migadu. Thats the most no-bs provider with custom Domains I could find
Just recently discovered Migadu and it's all I ever wanted!
As others have pointed out, having so many Proton apps might be an issue. However, that line of thought only works if you’re really concerned about having a single point of failure. Most people value convenience much more than that.
The way I see it, this setup is somewhat noob-friendly, but relying heavily on Proton makes it a lot more convenient for many people. Using a greater variety of providers would make sense, but you can’t expect everyone to be ready for a hassle like that. People seem to expect you to be a hard-core privacy warrior who is willing to make significant sacrifices for philosophical reasons.
Most people aren’t like that. Just switching to DDG is hard enough for them, but at least it’s a step in the right direction.
If you take only 1/10th of this diagram, you get the simplified newbie version. Take all of it, and it’s for a person who is clearly interested in security and privacy. Modify a few things here and there, and you get a version for a serious security enthusiast. Different versions for different audiences.
Using Proton Mail, Calendar and Docs is a lot, lot better than using the Google suite. We shouldnt put people off changing, as you said the convenience is important and often forgotton as the major reason people stick with Google.
Just use tutamail - better track record and hosted in Germany
What track record? They are both the same.
Proton is just more user-friendly.
tuta hasnt sponsored a single far right influencer to my knowledge
That would have been my recommendation as well. It also diversifies the setup a bit.
However, I can also appreciate Proton as a convenient gateway drug that leads people away from Google.
I prefer Comaps over OSMand.
OSMAnd has a lot more features that I personally use
In my honest opinion? Nothing. There is nothing worth changing here, all the other advice is just different kinds of extreme.
based on your selection and the fact that you asked this question is good a indicator that any other alternative people would suggest won't do you that much benefit while carrying a much higher chance of being highly inconvenient.
You got great choices, actually. I'd only recommend to be as little dependent on multiple fronts on one company. So I'd change a few of Proton to something else. As long as Proton doesn't replace their CEO with an explicitly antifascist one, I don't know if they re a good spot.
Depending on how private communications must be, Threema might be better than Signal.
If you don't need to synchronise with others and your threat model is not physical attacks/theft, then agendas can be just on paper. Same for the calendar.
As for distro...
Mint is great (and honestly what I'd rec for people brand new to Linux). If you want to harden privacy/security more though, the following Linux distros might be better:
- Fedora (any of them). It's an international upstream distro from Red Hat (American company, parent company is IBM). In other words, it's developed by the community, which is gathered in the Fedora Project. Their headquarters is in NC, USA. Red Hat then uses the community distro to make their own distro, and in return, finances Fedora. Linus Torvalds, the creator of Linux, uses it. If he trusts it, I trust it.
- OpenSUSE Tumbleweed -, developed by the OpenSUSE community, backed by OpenSUSE from Germany. Pretty good all-arounder.
- Arch Linux, developed internationally, but most devs are spread across Europe. Has an extensive wiki (that also is good for other distros), though it's not exactly "plug and play" and I'd rec it only if you know what you're doing.
- Debian is another option if privacy is less of a concern for you, than it being FOSS. It's one of the most FOSS distros out there, and also highly independent and international.
I assume you want to use your distro as daily driver, and that your threat model isn't too severe. So the above ones should suffice.
If the threat model calls for it, or you're willing to sacrifice some usability for slightly more security, you could try QubesOS (arguably one of the most secure distros since it sandboxes everything as if they were a separate computer). Tails is another alternative, that's on a USB and forgets itself after usage.
For search engines...
... go for Qwant (French) or Ecosia (German). Both are European-owned and are busy constructing their own indexes (currently they still use Bing and Google). There's Mojeek (UK-based) which is independent.
I don't know how to block specific sites from popping up on them though, since I notice a certain trillionnaire's personal ""wiki"" pops up a LOT. Probably he's cheating and search bumping to spread his desinformation. It should be blocked.
Presearch also exists, which is decentralised and uses its own indexes. If you want OSS, there's SearXNG and YaCy which have metasearch options. Be careful in which instance you pick, though.
Arch Linux
You can break anything quite easily on arch if you don't know what you're doing, including security.
Lol very true, Ive been using Mint for maybe 7 years now, Ive tried Arch 3 times or more, broke evey single time ive used it. And that's with me not doing anything out of the ordinary. (No hate to Arch btw, I just can't figure it out)
There is exactly zero privacy upside to be gained by moving from Mint to Debian, Fedora, OpenSUSE or Arch.
Qubes and Tails may give you an edge, but add quite dramatic convenience costs. Unless you have a very specific threat model, this is overkill.
Network effect is the biggest problem for messaging services, and so I would still push for Signal over the alternatives that are technically better. This guide seems like it is focussed on users who are new to the space
I agree with the Linux recommendation, but I'd offer CachyOS over pure Arch for newcomers. The limine bootloader gives a lot of peace of mind, since you can tell the user "if you get a bad update, reboot and pick an older option on the first screen".
Obsidian is closed source or not fully open source iirc. Try Notesnook if you need sync.
Apparently Emacs is on F-Droid so you could use org-mode as well, although IDK how well it works
Arent you using too much proton
Ecosystems which are easy to use are great for users and the reason why Google has a monopoly. If proton is a decent privacy centered alternative then more power to them.
First off: you've come a long way. Great setup, keep it up!
As others have said, I'd reduce your reliance on Proton. I'd particularly ditch their password manager in favour of something like KeepassXC and combine it with Syncthing (which you're already using) in order to keep your passwords out of the cloud, but synced between your devices. Always think in terms of blast radius: if an attacker gets access to your Proton account (either because you fuck up or they do), they will have access to anything that's in there. Having your e-mail + pw manager there increases blast radius dramatically and allows not only for access to, but full takeover of your accounts in case of a breach.
For passwords, you can use the same KeepassXC database on multiple devices. It's encrypted, and you can have the passphrase file locally on multiple devices, and the cloud provider cannot access it even by brute forcing. The database itself would not be reliant on the cloud service, you can easily switch between any provider (I currently use dropbox)
People will agree and disagree on individual choices, as we can see by the other comments, but I think that is an excellent start.
A message for others, improving your privacy can be a gradual process, you don't need change everything at once, since that would be overwhelming. Start with one or two, and if that works for you, move on to other items.
Maps is the hardest thing to replace. I like comaps but it's hard to find any businesses on it. They should probably start scrapping google maps because there no way to get ahead at this point.
Gmail - > tuta mail
Also you use way too much proton. Don't put all your eggs in one basket
I don't trust proton.
Get a 5$/ month Nextcloud instance on Hertzner or selfhost it. You'll get 1 tb drive, calendar, notes, office suite, sync with phone, and much much more.
Or Tutamail
- ChatGPT -> llama.cpp
- Dropbox -> Syncthing + ZFS
- PayPal -> Atto
- Google Home -> Home Assistant
- Google Docs/Sheets -> Collabora Office
Some of these require self-hosting, so you might need Headscale or WireGuard to connect to them
Browser based wallet? Good god, no thx
Incoming Proton hate. This place has taken to that campaign exceptionally well.
Depends on how much privacy you need and how much tinkering to get things to work that you're willing to put up with.
In general, using a variety of services will be more private than going with a single entity like Proton.
Bitwarden is self-hostable, which makes it potentially more private than Protonpass... assuming you actually set up the self-hosting.
Signal isn't a good long-term plan, as it's entirely hosted in the US. I don't think there are currently any known compromises to the encryption model, but iirc the company can see all your communications metadata (which means the government could potentially as well). I don't mind it for talking with friends, but I would recommend against it for extreme privacy needs (e.g. the government starts getting overzealous with who it counts as enemies of the state, and you or your friends become targets).
Anyone have thoughts on mailbox.org? I have been thinking of switching. Anyone with experience with the service?
Switched a few months ago from Gmail. Own domain. Works great so far. A bit of setup required ofc. Thunderbird on phone & just the standard calendar app because the apps I tried I didn't like. Calander & Contact sync through DAVx⁵, costs a few bucks, but it works just fine.
Duckduckgo -> selfhosted searxng… startpage has also not yet been involved in any controversy for a non selfhosted option.
Copy paste of why duck duck go is a problem:
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
Now I little after this came out they do claim they removed them (odd how that suddenly changes after it was no longer secret) But then much more recent as listed on wikipedia, verifying they still have some long term deals with microsoft in **2025**… microsoft is not going to make a deal with a perceived competitor for nothing in return.
By August 2025, Bing planned to cut off access to its search APIs in a push to sell more AI-related APIs, though **DuckDuckGo believed that larger companies like it with long-term deals would not be affected** 62 Bing had dramatically raised rates for its search API in 2022 after ChatGPT debuted. 62
There is also more general proof that while duck may technically use other sources also. It really is mostly bing:
During a Bing API outage in 2024, DuckDuckGo stopped showing results, indicating that Bing provided a substantial portion of DuckDuckGo's results.69 70
I literally do not understand how they managed to take such foothold in real privacy communities. I used to love brave till the i was repeatedly pointed to the scandals that many people are aware of and informing others about… but considering ddg i rarely see anyone pointing this out. It actually smells like a huge successful marketing adventure to sell bing to privacy enthusiasts, but for that i obvio do not have proof. I often imagine this meme with bing instead of google and a cute duck go as mr incognito
Proton Pass could be replaced by a synchronised KeePassXC/DX database.
I understand your point for Independent Password Managers. For some people this is not a solution. I would always recommend a password managers that fits your needs and know-how. My parents could not use keepass with sync without breaking or loosing shit. But protonpass, or Bitwarden or strongbox could be a viable option. In some rare cases I would even recommend Apple Passwort App. Better than nothing.
If you can figure out Linux, you can definitely use KeepassXC...
I prefer Comaps over OsmAnd, it's just much simpler
Perhaps this one:
Proton Mail -> Tuta Mail
Why? I would be careful with Proton Mail b/c it presumably advocates the Swiss surveillance and security law, which allows to keep information for a longer period of time.
BTW, you can add:
GitHub -> Codeberg (or Forgejo)
Maps - > CoMaps Photos - > Immich (if you can self host) Passwords - > Bitwarden (May change in the future)
I agree with others on trying to not have one service for everything, which proton is trying to become. An alternative to Proton Mail and Calendar would be Tuta, though I haven't used them.
Would CoMaps be a better recommendation than OSMand?
For those who are familiar with Ente, how are their apps? I use something different for 2FA and photos, but I need recommendations for people who don't want to deal with selfhosting and backing up Aegis
I use proton for a lot of stuff. The calendar is useless IMO since their custom bridge doesn't support linking anything else in. Same with contacts. For those two I use a self-hosted radicalev3 container, works like a charm.
Does someone have suggestions for what proton provides with its passmail? I think their implementation and usage experience with this entire reverse-email feature is pretty great and I dont want to give this anonymity up, selectively being able to send from those passmails is also a great feature that works really well in the rare case of getting something I need to reply to.
Isn't google auth an OTP service? Proton Pass also supports that btw! Haven't heard about Ente before and what purpose it replaces a gallery with, but again you can upload and view photos to Proton Drive as well. Although I have not yet tried it myself because I like to keep them local.
Kagi is one of the search engines I actually trust, but it is paid. I can give you trial if you want to try it out. Oh and it being US based might also be drawback.
Pretty solid list I'd say!
Thank you, Auth is on there because I had to import a bunch of accounts at once. I use Ente Photos since it's a pretty nice UI, I never use their cloud storage though.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)