Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work. Learn more →
Top 23 Privacy Open-Source Projects
-
awesome-selfhosted
A list of Free Software network services and web applications which can be hosted on your own servers
-
Unfortunately, the CVE database(s) are too noisy to be useful. It could benefit from higher standards and more thorough vetting. (Maybe take some lessons from academia.)
A "security researcher" once filed a CVE for a regular bug in Caddy [0], making claims that were totally provably false. It was assigned 7.5... the same as Heartbleed [1] -- yes, the one that leaked almost all the private encryption keys on the Internet back in 2014.
More recently I inadvertently discovered a 0-day RCE in acme.sh [2]. (ACME clients are security-sensitive contexts since they typically deal with private keys and download signed credentials.) Anyway, it was assigned a CVSS 3.x score of * 9.8 * [3] -- I imagine that should be like "cyber-nuclear meltdown" territory, but no, this was actually benign as far as we can tell. Probably deserves more like a 5 or 6 or something.
Anyway, the whole system is broken, and I'm effectively ignoring CVEs now. But if someone tells me to patch my , I'll probably just do that.
[0]: https://github.com/caddyserver/caddy/issues/4775
[1]: https://nvd.nist.gov/vuln/detail/cve-2014-0160
[2]: https://matt.life/writing/the-acme-protocol-in-practice-and-...
-
Sonar
Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.
-
hosts
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
Project mention: Browser extensions spy on you, even if its developers don't | news.ycombinator.com | 2023-09-01You can also use a declarative adblocker like uBlock Origin Lite [1], which only provides the browser with a list of elements to filter, but doesn't have any permissions to read content or perform requests. Or simply use your hosts file to apply OS-wide filtering with no browser add-ons needed: https://github.com/StevenBlack/hosts
Be aware that if you use these "passive" blocking methods, there are some sites like YouTube where you will see ads, because in these cases it's necessary to actually manipulate page content to hide them. What you can do is use a traditional adblocker but enable it only for these few sites where the declarative approach is not enough, take a look at [2] for more details.
[1] https://github.com/uBlockOrigin/uBOL-home
[2] https://seirdy.one/posts/2022/06/04/layered-content-blocking...
-
-
Project mention: Browser extensions spy on you, even if its developers don't | news.ycombinator.com | 2023-09-01
https://github.com/AdguardTeam/AdGuardHome
Regarding open source, AdGuard DNS actually is:
-
Matomo
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
You can for example use analytics that aren't spyware, and hence don't even have to try to trick users giving "consent" to things they don't really want.
Seriously: what share of people actually want their behavior to be tracked for ad companies to make more money?
-
Project mention: Google gets its way, bakes a user-tracking ad platform directly into Chrome | news.ycombinator.com | 2023-09-07
Using these sort of downstream patch set browsers is rarely a good idea. If it has multiple full-time developers from a respected org dedicated to it, then it can be justifiable (Tor Browser, Brave), but take a look at the gaps in time for these two pages:
https://github.com/ungoogled-software/ungoogled-chromium/rel...
https://metadata.ftp-master.debian.org/changelogs//main/c/ch...
There's often days you're going without security patches. If you want a browser without Google tracking, Firefox is a much better choice.
-
InfluxDB
Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
Because the goal of WebAuthn is to not depend on any companies infrastructure.
And there's work being done in that direction. Apple supports passkeys from third-party password managers, 1Password has a Passkey beta and KeePassXC has a pull request working on passkey support. [0]
That independence is a design goal of passkeys, because they want to replace passwords and passwords are independent by their nature.
-
GoAccess
GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
Project mention: Show HN: Why Google Analytics May Not Be the Best Option for Your Website (2023) | news.ycombinator.com | 2023-06-22I run goaccess on a cron job and have paired it with a MaxMind GeoIP database so that you can see where people are coming from etc.
-
Plausible Analytics
Simple, open-source, lightweight (< 1 KB) and privacy-friendly web analytics alternative to Google Analytics.
-
Project mention: Anything like ChatGPT that we can run ourself where we train with with our own data, so we can use it as personal assistant, where it only knows about oneself better than themselves ? | /r/selfhosted | 2023-06-16
-
personal-security-checklist
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2023
There's this handy site for personal security
-
universal-android-debloater
Cross-platform GUI written in Rust using ADB to debloat non-rooted android devices. Improve your privacy, the security and battery life of your device.
-
openvpn-install
Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux. (by angristan)
Project mention: Is it possible to Tie specific system usernames to certificates on a PAM auth setup? | /r/OpenVPN | 2023-09-08EDIT: I should add that the setup was done with angristan's OpenVPN installer. There's nothing particularly interesting about the conf files.
-
awesome-privacy
Awesome Privacy - A curated list of services and alternatives that respect your privacy because PRIVACY MATTERS.
-
-
Gotify
A simple server for sending and receiving messages in real-time per WebSocket. (Includes a sleek web-ui) (by gotify)
I use apprise with Gotify
-
-
Project mention: Show HN: uBlock Origin filters to remove distractions | news.ycombinator.com | 2023-09-20
Nitter - https://nitter.net - https://github.com/zedeus/nitter
Youtube, also very skinned down and you can also collapse recommendations by default etc.:
-
Atlas
🚀 An open and transparent modification to Windows, designed to optimize performance and latency.
-
Decentralized Monero focused exchange is added support for Goldbacks in their v0.0.11 release.
-
user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Project mention: Google Chrome just rolled out a new way to track you and serve ads | news.ycombinator.com | 2023-09-11> Firefox remains a stable option to come back to everytime
Don't get me wrong, I've been using Firefox for the last decade and I don't intend on using anything else for the foreseeable future, but Mozilla has no idea what they're doing with Firefox nowadays. Firefox View is the most useless thing I've ever seen, that expiring "independent voices" theme picker was some weird hippie stunt[1], the latest UI redesign which split the tab from the window looks hideous, and it's not like Firefox doesn't have things you can tweak for a more private experience[2]. I miss Firefox Test Pilot where they tried out different new features, I found a lot of them to be very useful but sadly lots of them didn't make it.
[1] https://blog.mozilla.org/en/products/firefox/firefox-news/in...
-
-
Mergify
Tired of breaking your main and manually rebasing outdated pull requests?. Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-09-22.
Privacy related posts
- SimpleX Chat v5.3.0 – Local file encryption and delivery receipts
- Monitor bandwidth usage with bandwhich (and build a snap package of it)
- CalyxOS 4.13.2
- Show HN: uBlock Origin filters to remove distractions
- ActiveAnalytics: A Rails engine directly mountable in your Rails application
- Mobile apps illegally share your personal data
- Minimizing my "support"
-
A note from our sponsor - Sonar
www.sonarsource.com | 22 Sep 2023
Index
What are some of the best open-source Privacy projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | awesome-selfhosted | 149,335 |
| 2 | Caddy | 49,804 |
| 3 | hosts | 23,855 |
| 4 | macOS-Security-and-Privacy-Guide | 20,436 |
| 5 | AdGuardHome | 18,592 |
| 6 | Matomo | 18,170 |
| 7 | ungoogled-chromium | 17,276 |
| 8 | keepassxc | 17,016 |
| 9 | GoAccess | 16,646 |
| 10 | Plausible Analytics | 16,081 |
| 11 | Leon | 13,499 |
| 12 | personal-security-checklist | 12,496 |
| 13 | universal-android-debloater | 11,333 |
| 14 | openvpn-install | 10,731 |
| 15 | awesome-privacy | 9,805 |
| 16 | Cryptomator | 9,783 |
| 17 | Gotify | 9,133 |
| 18 | PySyft | 8,930 |
| 19 | nitter | 8,362 |
| 20 | Atlas | 8,155 |
| 21 | monero | 8,111 |
| 22 | user.js | 8,045 |
| 23 | optimizer | 7,973 |
Tired of breaking your main and manually rebasing outdated pull requests?
Managing outdated pull requests is time-consuming. Mergify's Merge Queue automates your pull request management & merging. It's fully integrated to GitHub & coordinated with any CI. Start focusing on code. Try Mergify for free.
blog.mergify.com