I use a notepad with pen and paper but have a way of using them that make them more secure. As a simple example X means K, and a lot of other stuff. Also burning accounts monthly, no reason not to.

Nobody uses email so who cares.

Searx is the best right now because it has good results (proxied from Google) but prevents tracking. I'm using https://search.disroot.org/

EDIT: Disroot search is blocked by CAPTCHA again, switched to https://searx.be

I use KeePass and Keepass2Android synced with Nextcloud because it is open source, but I might self-host Bitwarden and switch to that soon.

I've never had any issues with Protonmail no, but I wouldn't trust them with sensitive information, Secmail is a TOR email provider I have used for a long time, and never encountered any problem unlike with SIGIANT when that was around.

I'll happily use protonmail for clear web activity and a TOR email provider for my TOR activity, which I do anyway.

Sorry if that wasn't clear enough.

Yacy is probably the best followed by Searx although not if you're on Whonix which makes the usage of Yacy (and I'm guessing Searx too) insecure. If you aren't on Whonix and you want good results, you could locally host your Searx instance and adjust the search targets to your liking. This would also be your most private choice since it's

• open source and you don't have to trust a website to actually deploy what you advertise
• you can route it over Tor (alas, I didn't check how) or just morty which will sanitize your searches

P.S. Yes I know Searx is technically a metasearch engine, but hey, it gets the search done.

KeePassXC because I made... ehm... this (with some lovely people). Though I literally only use it for ssh and never store my passwords digitally.

I use lastpass because it's easy...

That was an interesting read. I had heard about the five eyes but didn't know it extended to a bunch of other agencies and countries.

I was trying to remember this, thanks! And about not using normal devices, it makes almost everything harder, but it's the price for having security :/ Kinda sucks, but i think it's worth it. I would like to know how to check if my username:password has been leaked, just in case, but for what I remember, never happened to me.

Startpage is owned by system1.

Searx or YaCy

Startpage; basically Google quality results without having to share anything.

Plus KeePassX has a nice extension for Firefox.

I literally did not know this. I've been ctrl+c ctrl+v'ing for years.

Hmm. I trust KeePassX more than I do things like LastPass. I may have to give that a trial run and see if it completely alters my internet life or if copy/pasting all day isn't so bad.

Second on this; I too prefer to have one program for one purpose, and browsing the Internet and keeping my passwords safe aren't one.

Plus KeePassX has a nice extension for Firefox.

I just like it's simplicity, the captchas can be a bit of a issue but it's never been down for me, always worked like a charm.

SIGAINT was a great mail provider on TOR but it went offline a few years back now and never resurfaced, I was thinking of actually setting my own TOR mail server up but never got round to doing it.

You have to install it? I thought there were some sites that used it. What do you use that uses it?

Well that's my email provider... Hmm.

No. We can't see its inner state. They'll do all unsafe things that we can do.

I've been meaning to check that out. What do you like most about it?

KeePassX.

Though it's a pain in the ass to use sometimes when you have a different password for every thing in the world, it just feels better than using something like Lastpass which is actually super convenient but I don't trust an in-browser password manager.

Bad thing is that it more or less makes it impossible for me to log into anything if I'm not using my normal devices, which is rare, but it is what it is I guess.

I learned my lesson years ago when some website database that had my information in it was leaked and I had several accounts hacked. You think Twitter is going to help you? Try regaining access to an account when the email address associated with it has also been compromised. It's a nightmare, and in the end, I gave up.

Good point. Not to mention they'll have first hand knowledge of who you're communicating with, the frequency of community, length of communication or hours of communication. They probably have GPS data knowing where you were when this communication took place.

Without even knowing what is said, you can build a somewhat thorough profile on someone based off of just that.

I use protonmail and personally I'm not too sure on it myself, so i switched to https://secmail.pro and never had any issues.

I believe there was a case where they complied with law enforcement to hand over user data, and although the contents of the emails were unreadable, the header info and subject was.

I'd say it's as safe or safer than most things, though it still requires javascript to use, which that alone has some people leery of it.

A good reason to go to /f/PracticeEncryption and not rely on 3rd party email services to keep your data safe.