The article Privacy toolbox for SMEs is the third and last of a trilogy on privacy for small businesses, a series by Irene Silberstein. A carefully selected and commented set of expert privacy tools.
I wrote this series for businesses with an online presence and websites' owners: small and medium companies, retail, expert, freelancer, creator, publisher, adviser, agencies, artist and many more.
to protect you and your clients
Although there are multiple categories and tools, this is a selective and limited toolbox.
Average reading time: 20 minutes.
No time to read now? No problem.
Get access to our resources and freely download the article
Selection criteria applied to Inputs:
---How trustable a provider or application is
---Trying the service or solution
---The author's skills, ethics, and network
---Prospective moves in the wake of the current times
A strict selection, which is definitely not exhaustive.
As soon as new tools are selected,
I will update the published version of the Privacy Toolbox
Some of the recommended solutions are open-source, not all;
Some are freely available, or when you find it useful you can donate;
Some have a cost, frequently a tiny cost.
So they rely on various sustainable models.
Email end-to-end encrypted
Free or entry price 2.5 Euros per month and easy to use, Mailfence is an interesting solution: Based in Belgium, with strong privacy laws and no track record of cooperation with surveillance agencies, Mailfence offers one-click OpenPGP encryption; between Mailfence users, email are automatically encrypted and do not leave the server. Mailfence uses a standard implementation of OpenPG, which makes it easy to communicate, on the one hand with Mailfence's users and with other PGP users that don't use mailfence.
Tutanota is well known for end-to-end encryption E2E covering all parts of email, very secure processes, 1Euro/month for private use (or free). Emails between Tutanota users are automatically encrypted and do not leave the server, based in Germany with a strong German data authority, although Germany is known to cooperate with the NSA. Tutanota also offers helpful zero-knowledge secure business services.
More expensive than Tutanota or Mailfence, Proton also provides full end-to-end encryption, and a good set of features. Proton is based in Switzerland and this makes it less reliable than Tutanota or Mailfence, as the US obtained that Switzerland entered the said privacy shield. In this context, proton announced in 2021 they had to obey a court order from France.
Coming from the cold, the Islandic service Ctemplar offers the highest security and a wealth of interesting features adapted to the most demanding business, at a reasonable price: brute-force proof, zero-knowledge privacy, self-destructing emails, encrypted body, attachment and subject, etc. And of course Island strong privay laws.
Privay and security aware business email suite, Zoho Mail, an Indian company that developed its own secure and private technology, offers email collaboration suite and hosting ad-free and affordable. It provides many functions studied for business communicaion, from appointment scheduling to easy migration, and online file manager, word processor, spreadsheet and other office applications...
Fully private business email without automatic encryption, anyway compatible with encryption, Runbox email hosting offers fast webmail with excellent support and servers in Norway. 83 Euros for two years and the third year for free, particularly high limits for alias, custom domains and many features, pop, imap, smtp, server and email reputation via spf, dkim, dmarc.
Email Anonymity at user end
Which is of course at user's choice
Anonymous email forwarding
Unlimited random unique email aliases
Open-source Browser add-on, downloadable for Firefox and Chrome
and multiple features.
Free or 1Euro /month
Collaboration, chat, visioconferencing
Signal is a multi OS chat app built for privacy and security, free and open-source managed by a non profit supported entirely by donations. Signal offers a secure chat application, voice and video. installable on your desktop, it can work entirely with keyboard shortcuts. Signal uses your existing mobile phone number and requires that you install it on your Android or IOS device. On the mobile device, Signal allows voice and video and both insecure sms/mms and secure signal messages between signal users.
Secure messages show a closed lock icon
You can find more on the support page
Free and open-source, Tox is a distributed, peer-to-peer voip, instant messaging and video-conferencing protocol that offers end-to-end encryption. The stated goal of the project is to provide secure yet easily accessible communication for everyone. Operating system: Windows, Linux, OS X, Android, iOS, FreeBSD, OpenIndiana, Sailfish OS.
Tox is interesting to communicate and share documents with your family and friends or to build a secure and strong communities with your clients, partners, providers... without exposing anyone's data.
At practical extent, Tox needs that your choose the client interface you prefer. My choice is Qtox, which is features-rich and truly easy to set up and use.
qTox is a powerful client based on Qt, intuitive and fast that runs on Windows, Linux, MacOS and FreeBSD and offers text messaging, audio and video calls, screen sharing and file transfers. it supports text and audio group chat, as well as Identicons as avatars.
To understand the Tox project
To download Tox https://tox.chat/
To choose a client interface
To donwload Qtox https://qtox.github.io/
Tox Wiki https://wiki.tox.chat/users/faq
Virtual meeting rooms
Veeting is another perfection that brings everything we need to collaborate online. End-to-End encrypted, extremely secure zero-cookies environment and because of this, dazzling fast. For individuals, home offices and businesses. Their moto is "Web collaboration made simple". Lots of features: scrinshare, whiteboards, presentations, multi-OS, multi-browsers, real-time chat, display and share supporting documents, live slideshows calendar, meeting agenda, on-demand recording. Reasonable pricing for a complete studio: 5 meetings for 20 Euros/25 CHF or your own room for the month for 36 Euros or 39 CHF.
Securesafe - store, edit and share business documents
Securesafe is a mature one-click secure proven solution for teams or team-client project management. It offers a wealth of useful features: apart from zero-knowledge and full privacy, it can retrieve document despite spelling errors in search; it offers desktop, smartphone and browsers versions, secure send, deep links, file sync and versioning, member management, and more at a reasonable cost per user. Aapplications designed in such a way that even our own employees can never access client data. Their solution complies with all GDPR guidelines and they got their approach externally audited several times.
Epic browser is a serious secure private browser freely available for windows and android, not yet for Linux unfortunately. For a Windows user not too techie, it is possibly the easiest choice for a secure private browser.
It offers trackers protection and useful information on shielded items. It resists attacks and I consider it very secure and private as long as you do not install any extension.
Vivaldi browser, which took the turn for privacy, is progressively going to replace old Opera browser as it It now offers many features, of which some original ones. I think it is not yet as secure as was Opera, but it is on its way. For me, Opera is still secure but the great talents of their developers are now missing after Opera was sold.
Waterfox, a clown of mozilla Firefox offers an helpful function, major difference: it continues supporting old extentions as well. However it follows Firefox updates with some delay. Waterfox is not secure by itself, and requires the addition of an anti-tracker. For Waterfox, I use Ghostery anti-tracker, which alwayrs helped clarify my findings about visited websites. It it not the right choice to conduct research and resist attacks. It is appropriate when former extensions are needed for non-research work.
Test browser for privacy
EFF (Electronic Frontier Foundatio) provides a handy online tool to test your browser for privacy
A recognizable fingerprinting is a weakness.
Although I can currently advise for a few of them, I am still testing. An article from Windscribe Blog highlights the difficulty to advise for VPN:
Consolidation of the VPN industry spells trouble for the consumer"
By Yegor Sak 16 September 2021
Writing about the huge acquisitions in the VPN industry and their obvious implications, Yegor Sak highlights how gullible we are to rely on "Reviews"
Simple facts to discover about conflict of interest in the kingdom of money...
This is why it is so difficult to advise for VPN.
The interest of alternative search engines is how much privacy you get of course;
Another vital issue is how efficient is it for keeping informed?
This also depends on what you search for.
in terms of privacy, our current selection includes
Epic Search is a good engine, encrypted, private and secure, paying no-ad search engine. Usable from any browser. ($2.5 /month Sep 2021)
Brave Search although still in beta is already a very good search engine. This is how Brave presents itself : "Brave Search doesn't track you or your queries. Ever. Private, independent, and transparent, Brave Search is the real alternative to Google." Available from any browser, multilingual, it blocks cookies and advertising trackers.
MetaGer is a meta searchengine that aggregate results from multiple search engines with good results and guarantee confidentiality. MetaGer relies on donations to be able to continue. They also offer a membership in their association "association for free access to knowledge".
Somehow different, Swisscows offers a family-friendly private search engine and a VPN. Swisscows does not monitor nor store any data. But as DDG, Swisscows relies partly on ads, in particular from Bing. They also offers a paid version.
I am indebted of Search Encrypt to Kingsta.com Blog. Quite fast, encrypted, SearchEncrypt is one of the private alternatives.
As DDG uses Bing which is highly "sanitized", I consider that it lowers the interest of DDG as search engine. Moreover, DDG announced it begins to flag said "disinformation".
I am indebted of Gibiru to Reclaim the Net.
Gibiru announces full privacy. They use Google API to generate private results based on Google index, which seems normal; but they also use Google adsense. To use for common queries only, as Gibiru might refuse or not answer some queries.
Gigablast and Private.sh
Gigablast is a long-standing commercial player in the search engine and directory space, "Gigablast is teaming up with Private Internet Access (now Kape Technologies), which operates some of the world's leading VPNs, to produce a private search engine called, private.sh, which offers cryptographically-secured privacy."
"This private search engine is unique [...] How does it work? Private Internet Access has a strong legal record of defending its privacy services, and it basically sits on top of the Gigablast search engine, scrubbing away any IP address information before forwarding a query done on private.sh to Gigablast.
Gigablast and Private.sh form a large global base of local players. Apart from the confidentiality provided by Private.sh, in some countries and languages they can help find small companies and their products.
Strong alternative Search engines having their own index
Not only Quant has its own index, it offers an extensive information database, which is not hindered by algorithms aiming at hiding "misinformation". Moreover, Quant engages about privacy.
Mojeek is an independent UK search engine having its own index. They guarantee privacy.
The search engine that plant trees. Christian founded Ecosia is a social business founded in 2009 after a trip around the world. They engage to protect privacy.
For Technical or Legal queries
Epic SearchEncrypt Quant Swisscows MetaGer
For Open information Queries
Brave Epic Quant Swisscows
For esoterism, religion, history
Gibiru Private.sh Quant
For companies and products
Mojeek Gigablast Private.sh
Cryptomator - Secure Storage on disk
Cryptomator is a free-to-use open-source to which you can contribute or donate.
You can see the differences between boxcryptor and Cryptomator below
Application runs on the PC or smartphone at user end. Cryptomator supports All OS plus Unix systems (Linux, BSD).
GDPR compliance instructions
Filen - Secure storage on Cloud
Zero-knowledge end-to-end encrypted cloud storage. Price depends on storage capacity, starts free up to 10 Gb, Fast, open-source, self-funded. Tier IV ISO 27001 certificated high security datacenters located in Germany.
Nice to use if you have enough memory in your PC.
Let's cite in this section SecureSafe already described that in some circumstances offers an excellent solution.
Spideroak one backup - Secure storage on Cloud
Zero-knowledge end-to-end encrypted cloud storage. The application is speed, large amounts of data available. However, to use a permanent mirroring of folders and files you need a good Internet connection. High security data center located in the US. Nevertheless their practice of data privacy is excellent. Starts at 150 GB for $6 per month.
Analytics and tag manager
Clearly businesses urgently need to turn to ethical and privacy-aware providers for analytics and tag manager.
Privacy-aware, and regulation compliant analytics and tag managers exist, either free or at a tiny price. Out of my research, of about 20 applications, I could select four of them: Matomo... Plausible Simple analytics Unami
Matomo is certainly the most feature-rich, flexible and proven analytics solution today, with multiple servers' locations worldwide for hosted, and an open-source version on premises, free for analytic with other features, such as white label, search engines keyword performance, etc. provided on demand at cost.
Open-source project dedicated to making web analytics more privacy-friendly, with a monthly fee of 6 Euros, Plausible intends to reduce corporate surveillance by providing an alternative web analytics tool which doesn’t come from the AdTech world. independent, managed by two developers full-time, self-funded and and sustainable by the users' subscription fees, incorporated in Estonia. Minimal data collection in general, server in European Union to ensure strict laws on data privacy. They do not track and collect any personal data or personally identifiable information, All the data is in aggregate only and Plausible does not track people across their devices.
They say: "the essentials: page views, referrers, top pages, and screen sizes."
"No cookie banners, GDPR, CCPA, or PECR to worry about."
"When a service is free you are the product. We won't ever sell your data. As a result, we need to charge". Based in the Netherlands, they charge 19 to 59 Euros monthly.
Unami, Mike Cao
Open-source, free, fast, minimalistic, Unami offers its users to own their analytics. Umami collects only the metrics you care about and everything fits on a single page. Simple analytics, unlimited websites, light weigth, mobile friendly, privacy-focused.
Piwick offers a generous free version and a paid version. Piwick includes analytics, tag manager and consent manager to meet the EU's GDPR obligations. An API is available for developers. Piwick is relevant for both large accounts and sites that rely on cookies and/or advertisements. When one understands that the GDPR was not initially meant to protect privacy but was instead intended to allow major players not to comply with it while keeping up appearances, it is easier to understand the use of such a suite. Piwick also offers a useful intranet version in its paid solution.
Privacy management and cookies
Unfortunately, an in-depth research revealed the difficulty to advise at technical and legal extent for a truly ethical and privacy-aware service or tool for privacy and cookies management(!) .
Free generator available
However, currently I can recommend a free tool that may serve as a template to help you figure your needs. This helpful tool does not integrate what you may need for compliance with the many local regulations.
However, I recommend to manage the permanently moving legal jungle using a specialized assistance. Although such legal services exist, the very best ones are not necessarily compatible with the size, financial and human capacities of a small business.
To address this shortcoming, we are currently considering to launch our own integration. This new tool would help provide a quick audit and follow up, and an ethical privacy-aware solution to address state, national and regional regulations.
If you need a follow up on this single topic, please register here.
How does it relate to privacy?
The idea to allow the creation of a payment stream to the website resolves one of the main reason why trackers are used for advertising: paying for content or tools. The web monetization concept does not imply to learn anything from the buyer. So its adoption would generate and sustain privacy-aware monetization.
We will launch our test beds soon. Current test test beds rely on Coil, interledger, the Puma browser and a wealth of plugins components.
IPFS is an interesting concept for the renewal of the web : A distributed system for storing and accessing files, websites, applications, and data.
IPFS knows how to find information by its contents, not its location.
To see how it works, follow the below URL.
Depending on the prospects and stakeholders, Theta might become of interest for privacy
About the author
Information specialist and web pioneer, Irene offers an extensive experience in information strategy, research and analysis. She manages iSkiv Ltd, a UK limited company, to learn more, see Irene Silberstein