Small Business & Privacy series
Significance of Privacy Avoid the traps Privacy Toolbox

A Privacy Toolbox for SMEs FR

The article Privacy toolbox for SMEs is the third and last of a trilogy on privacy for small businesses, a series by Irene Silberstein. A carefully selected and commented set of expert privacy tools.

Privacy toolbox for SMEs

I wrote this series for businesses with an online presence and websites' owners: small and medium companies, retail, expert, freelancer, creator, publisher, adviser, agencies, artist and many more.

to protect you and your clients

Although there are multiple categories and tools, this is a selective and limited toolbox.

Updated October 2022.

Average reading time: 20 minutes.

Selection criteria applied to Inputs:

---How trustable a provider or application is

---Trying the service or solution

---The author's skills, ethics, and network

---Prospective moves in the wake of the current times

---Advices from excellents guides by Reclaim The Net, Restore Privacey, Privacy tools or even Zapier, Kinsta and others.

A strict selection, which is definitely not exhaustive.

As soon as new tools are selected,

I will update the published version of the Privacy Toolbox

About prices:

Some of the recommended solutions are open-source, not all;

Some are freely available, or when you find it useful you can donate;

Some have a cost, frequently a tiny cost.

So they rely on various sustainable models.

Email Email

Email end-to-end encrypted

Mailfence

Free or entry price 2.5 Euros per month and easy to use, Mailfence is an interesting solution: Based in Belgium, with strong privacy laws and no track record of cooperation with surveillance agencies, Mailfence offers one-click OpenPGP encryption; between Mailfence users, email are automatically encrypted and do not leave the server. Mailfence uses a standard implementation of OpenPG, which makes it easy to communicate, on the one hand with Mailfence's users and with other PGP users that don't use mailfence.

https://mailfence.com/

Tutanota

Tutanota is well known for end-to-end encryption E2E covering all parts of email, very secure processes, 1Euro/month for private use (or free). Emails between Tutanota users are automatically encrypted and do not leave the server, based in Germany with a strong German data authority, although Germany is known to cooperate with the NSA. Tutanota also offers helpful zero-knowledge secure business services.

https://tutanota.com/

ProtonMail

More expensive than Tutanota or Mailfence, Proton also provides full end-to-end encryption, and a good set of features that makes it a solution of choice for a company. Proton mail is based in Switzerland, formerly a strong protection. As the US obtained that Switzerland entered the said privacy shield, it might be weaker. In 2021 they had to obey a court order from France.

https://protonmail.com

Professional Email

Zoho Mail

Privay and security aware business email suite, Zoho Mail, an Indian company that developed its own secure and private technology, offers email collaboration suite and hosting ad-free and affordable. It provides many functions studied for business communicaion, from appointment scheduling to easy migration, and online file manager, word processor, spreadsheet and other office applications...

https://www.zoho.com/mail/zohomail-pricing.html?src=hd

Runbox

Fully private business email without automatic encryption, anyway compatible with encryption, Runbox email hosting offers fast webmail with excellent support and servers in Norway. 83 Euros for two years and the third year for free, particularly high limits for alias, custom domains and many features, pop, imap, smtp, server and email reputation via spf, dkim, dmarc.

https://runbox.com

Email Anonymity at user end

Anonaddy

Which is of course at user's choice

Anonymous email forwarding

Unlimited random unique email aliases

Open-source Browser add-on, downloadable for Firefox and Chrome

and multiple features.

Free or 1Euro /month

https://anonaddy.com/

Collaboration, chat, visioconferencing Collaboration

Signal

Signal is a multi OS chat app built for privacy and security, free and open-source managed by a non profit supported entirely by donations. Signal offers a secure chat application, voice and video. installable on your desktop, it can work entirely with keyboard shortcuts. Signal uses your existing mobile phone number and requires that you install it on your Android or IOS device. On the mobile device, Signal allows voice and video and both insecure sms/mms and secure signal messages between signal users.

Secure messages show a closed lock icon

You can find more on the support page

https://support.signal.org/hc/en-us/articles/360007318691

https://signal.org/

Tox qTox...

Free and open-source, Tox is a distributed, peer-to-peer voip, instant messaging and video-conferencing protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. Operating system: Windows, Linux, OS X, Android, iOS, FreeBSD, OpenIndiana, Sailfish OS.

Tox is interesting to communicate and share documents with your family and friends or to build a secure and strong communities with your clients, partners, providers... without exposing anyone's data.

At practical extent, Tox needs that your choose the client interface you prefer. My choice is Qtox, which is features-rich and truly easy to set up and use.

qTox is a powerful client based on Qt, intuitive and fast that runs on Windows, Linux, MacOS and FreeBSD and offers text messaging, audio and video calls, screen sharing and file transfers. it supports text and audio group chat, as well as Identicons as avatars.

To understand the Tox project

https://tox.chat/about.html

To download Tox https://tox.chat/

To choose a client interface

https://tox.chat/clients.html

To donwload Qtox https://qtox.github.io/

Tox Wiki https://wiki.tox.chat/users/faq

Veeting

Virtual meeting rooms

Veeting is another perfection that brings everything we need to collaborate online. End-to-End encrypted, extremely secure zero-cookies environment and because of this, dazzling fast. For individuals, home offices and businesses. Their moto is "Web collaboration made simple". Lots of features: scrinshare, whiteboards, presentations, multi-OS, multi-browsers, real-time chat, display and share supporting documents, live slideshows calendar, meeting agenda, on-demand recording. Reasonable pricing for a complete studio: 5 meetings for 20 Euros/25 CHF or your own room for the month for 36 Euros or 39 CHF.

https://www.veeting.com/

Securesafe - store, edit and share business documents

Securesafe is a mature one-click secure proven solution for teams or team-client project management. It offers a wealth of useful features: apart from zero-knowledge and full privacy, it can retrieve document despite spelling errors in search; it offers desktop, smartphone and browsers versions, secure send, deep links, file sync and versioning, member management, and more at a reasonable cost per user. Aapplications designed in such a way that even our own employees can never access client data. Their solution complies with all GDPR guidelines and they got their approach externally audited several times.

https://www.securesafe.com/en/business/overview

https://www.securesafe.com/en/business/pricing

Web Browsers Web browsers

Epic

Epic browser is a serious secure private browser freely available for windows and android, not yet for Linux unfortunately. For a Windows user not too techie, it is possibly the easiest choice for a secure private browser.

https://www.epicbrowser.com/our-key-features.html

Brave

Brave browser is a fast private browser freely available for Windows 64-bit,Windows 32-bit,macOS Intel,macOS ARM64andLinux

It offers trackers protection and useful information on shielded items. It resists attacks and I consider it very secure and private as long as you do not install any extension.

https://brave.com/

Vivaldi

Vivaldi browser, which took the turn for privacy, is progressively going to replace old Opera browser as it It now offers many features, of which some original ones. I think it is not yet as secure as was Opera, but it is on its way. For me, Opera is still secure but the great talents of their developers are now missing after Opera was sold.

https://vivaldi.com/

Mozilla Firefox

After some management turmoil, Firefox seems to have come back into its own with a number of new features, particularly in the area of data protection and privacy... We are currently testing the new features and will update as soon as done. Read more about the new Firefox:

https://www.mozilla.org/en-US/firefox/browsers/

Test browser for privacy

EFF (Electronic Frontier Foundatio) provides a handy online tool to test your browser for privacy

https://coveryourtracks.eff.org/

A recognizable fingerprinting is a weakness.

VPN

Although I can currently advise for a few of them, I am still testing. An article from Windscribe Blog highlights the difficulty to advise for VPN:

"Windscribe blog

Consolidation of the VPN industry spells trouble for the consumer"

By Yegor Sak 16 September 2021

https://blog.windscribe.com/consolidation-of-the-vpn-industry-spells-trouble-for-the-consumer-57e638634cf0

Writing about the huge acquisitions in the VPN industry and their obvious implications, Yegor Sak highlights how gullible we are to rely on "Reviews"

Simple facts to discover about conflict of interest in the kingdom of money...

This is why it is so difficult to advise for VPN.

Search engines Search engines

The interest of alternative search engines is how much privacy you get of course;

Another vital issue is how efficient is it for keeping informed?

This also depends on what you search for.

in terms of privacy, our current selection includes

Epic

Epic Search is a good engine, encrypted, private and secure, paying no-ad search engine. Usable from any browser. ($2.5 /month Sep 2021)

https://epicsearch.in/

Brave

Brave Search although still in beta is already a very good search engine. This is how Brave presents itself : "Brave Search doesn't track you or your queries. Ever. Private, independent, and transparent, Brave Search is the real alternative to Google." Available from any browser, multilingual, it blocks cookies and advertising trackers.

https://search.brave.com/

MetaGer

MetaGer is a meta searchengine that aggregate results from multiple search engines with good results and guarantee confidentiality. MetaGer relies on donations to be able to continue. They also offer a membership in their association "association for free access to knowledge".

https://metager.org/

Swisscows

Somehow different, Swisscows offers a family-friendly private search engine and a VPN. Swisscows does not monitor nor store any data. But as DDG, Swisscows relies partly on ads, in particular from Bing. They also offers a paid version.

https://swisscows.com/?

SearchEncrypt

I am indebted of Search Encrypt to Kingsta.com Blog. Quite fast, encrypted, SearchEncrypt is one of the private alternatives.

https://searchencrypt.com/home

DDG, Duckduckgo

As DDG uses Bing which is highly "sanitized", I consider that it lowers the interest of DDG as search engine. Moreover, DDG announced it begins to flag said "disinformation".

https://duckduckgo.com/?q=

Gibiru

I am indebted of Gibiru to Reclaim the Net.

Gibiru announces full privacy. They use Google API to generate private results based on Google index, which seems normal; but they also use Google adsense. To use for common queries only, as Gibiru might refuse or not answer some queries.

https://gibiru.com

Gigablast and Private.sh

Gigablast is a long-standing commercial player in the search engine and directory space, "Gigablast is teaming up with Private Internet Access (now Kape Technologies), which operates some of the world's leading VPNs, to produce a private search engine called, private.sh, which offers cryptographically-secured privacy."

"This private search engine is unique [...] How does it work? Private Internet Access has a strong legal record of defending its privacy services, and it basically sits on top of the Gigablast search engine, scrubbing away any IP address information before forwarding a query done on private.sh to Gigablast.

"Furthermore, the client-side javascript on private.sh encrypts any query done on private.sh so that only Gigablast can read it."

Gigablast and Private.sh form a large global base of local players. Apart from the confidentiality provided by Private.sh, in some countries and languages they can help find small companies and their products.

https://www.gigablast.com/

https://private.sh/

Strong alternative Search engines having their own index

Qwant

Not only Qwant has its own index, it offers an extensive information database, which is not hindered by algorithms aiming at hiding "misinformation". Moreover, Qwant engages about privacy.

https://www.qwant.com/

Mojeek

Mojeek is an independent UK search engine having its own index. They guarantee privacy.

https://www.mojeek.com/

Ecosia

The search engine that plant trees. Christian founded Ecosia is a social business founded in 2009 after a trip around the world. They engage to protect privacy.

https://ecosia.org

For Technical or Legal queries

Epic SearchEncrypt Qwant Swisscows MetaGer

For Open information Queries

Brave Epic Qwant Swisscows

For esoterism, religion, history

Gibiru Private.sh Qwant

For companies and products

Mojeek Gigablast Private.sh

File Storage File storage

Cryptomator - Secure Storage on disk

Cryptomator is a free-to-use open-source to which you can contribute or donate.

You can see the differences between boxcryptor and Cryptomator below

https://cryptomator.org/boxcryptor-alternative/

Application runs on the PC or smartphone at user end. Cryptomator supports All OS plus Unix systems (Linux, BSD).

GDPR compliance instructions

https://cryptomator.org/gdpr/

Filen - Secure storage on Cloud

Zero-knowledge end-to-end encrypted cloud storage. Price depends on storage capacity, starts free up to 10 Gb, Fast, open-source, self-funded. Tier IV ISO 27001 certificated high security datacenters located in Germany.

Nice to use if you have enough memory in your PC.

https://filen.io/

Let's cite in this section SecureSafe already described that in some circumstances offers an excellent solution.

Spideroak one backup - Secure storage on Cloud

Zero-knowledge end-to-end encrypted cloud storage. The application is speed, large amounts of data available. However, to use a permanent mirroring of folders and files you need a good Internet connection. High security data center located in the US. Nevertheless their practice of data privacy is excellent. Starts at 150 GB for $6 per month.

https://spideroak.com/one/

Analytics and tag manager

Clearly businesses urgently need to turn to ethical and privacy-aware providers for analytics and tag manager.

Privacy-aware, and regulation compliant analytics and tag managers exist, either free or at a tiny price. Out of my research, of about 20 applications, I could select four of them: Matomo... Plausible Simple analytics Unami

Matomo

Matomo is certainly the most feature-rich, flexible and proven analytics solution today, with multiple servers' locations worldwide for hosted, and an open-source version on premises, free for analytic with other features, such as white label, search engines keyword performance, etc. provided on demand at cost.

The hosted version (at 1 Euro per domain per month) offers a full analytics suite with tag manager, heat map and a wealth of useful features. Also it supports both logs analysis and Javascript, distinctly or in synergy. Respectuous of client's privacy and data ownership, Matomo obviously complies with regulations worldwide.

https://matomo.org/

Compare features:

https://matomo.org/features/

Plausible

Open-source project dedicated to making web analytics more privacy-friendly, with a monthly fee of 6 Euros, Plausible intends to reduce corporate surveillance by providing an alternative web analytics tool which doesn’t come from the AdTech world. independent, managed by two developers full-time, self-funded and and sustainable by the users' subscription fees, incorporated in Estonia. Minimal data collection in general, server in European Union to ensure strict laws on data privacy. They do not track and collect any personal data or personally identifiable information, All the data is in aggregate only and Plausible does not track people across their devices.

https://plausible.io/

Simple Analytics

They say: "the essentials: page views, referrers, top pages, and screen sizes."

"No cookie banners, GDPR, CCPA, or PECR to worry about."

"When a service is free you are the product. We won't ever sell your data. As a result, we need to charge". Based in the Netherlands, they charge 19 to 59 Euros monthly.

https://simpleanalytics.com/

Unami, Mike Cao

Open-source, free, fast, minimalistic, Unami offers its users to own their analytics. Umami collects only the metrics you care about and everything fits on a single page. Simple analytics, unlimited websites, light weigth, mobile friendly, privacy-focused.

https://umami.is/

Piwick

The Piwick solution is different from others. It is not suitable for those who do not wish to use cookies. It is suitable for those who do use cookies. It includes a tracking solution that involves cookies and supports advertising, among other things. It is a suite that analyses the visitor's journey on websites and applications. Piwick explains: "An analytics suite with a focus on user privacy and data security, the perfect alternative to Google Analytics".

Piwick offers a generous free version and a paid version. Piwick includes analytics, tag manager and consent manager to meet the EU's GDPR obligations. An API is available for developers. Piwick is relevant for both large accounts and sites that rely on cookies and/or advertisements. When one understands that the GDPR was not initially meant to protect privacy but was instead intended to allow major players not to comply with it while keeping up appearances, it is easier to understand the use of such a suite. Piwick also offers a useful intranet version in its paid solution.

Privacy management and cookies Privacy setup

Unfortunately, an in-depth research revealed the difficulty to advise at technical and legal extent for a truly ethical and privacy-aware service or tool for privacy and cookies management(!) .

Free generator available

However, currently I can recommend a free tool that may serve as a template to help you figure your needs. This helpful tool does not integrate what you may need for compliance with the many local regulations.

https://www.privacypolicygenerator.org/

However, I recommend to manage the permanently moving legal jungle using a specialized assistance. Although such legal services exist, the very best ones are not necessarily compatible with the size, financial and human capacities of a small business.

To address this shortcoming, we are currently considering to launch our own integration. This new tool would help provide a quick audit and follow up, and an ethical privacy-aware solution to address state, national and regional regulations.

If you need a follow up on this single topic, please register here.

Promising Concepts

Web Monetization

Another interesting concept is brought by A JavaScript API which allows the creation of a payment stream from the browser to the website. Web Monetization is being proposed as a W3C standard by the Web Platform Incubator Community Group.

How does it relate to privacy?

The idea to allow the creation of a payment stream to the website resolves one of the main reason why trackers are used for advertising: paying for content or tools. The web monetization concept does not imply to learn anything from the buyer. So its adoption would generate and sustain privacy-aware monetization.

We will launch our test beds soon. Current test test beds rely on Coil, interledger, the Puma browser and a wealth of plugins components.

IPFS

IPFS is an interesting concept for the renewal of the web : A distributed system for storing and accessing files, websites, applications, and data.

IPFS knows how to find information by its contents, not its location.

To see how it works, follow the below URL.

https://docs.ipfs.io/concepts/what-is-ipfs/

Theta

Depending on the prospects and stakeholders, Theta might become of interest for privacy

https://www.thetatoken.org

About the author Irene Silberstein

Information specialist and web pioneer, Irene offers an extensive experience in information strategy, research and analysis. She manages iSkiv Ltd, a UK limited company, to learn more, see Irene Silberstein