This page contains security-related recommendations. Kindly note that we exclusively recommend hardware, software and services which we actually use and own. We do not recommend any products based on sponsoring or things we only know from hearsay.

General information security topics | Home network | Disk and file encryption | DNS | Identity management | Instant messaging | Operating systems | Repositories | Secure key and password storage

Follow us on Mastodon:

General information security topics

The following resources are useful to learn about InfoSec in general:


  • Scott Helme (InfoSec blog, focused on web application security)
  • n-o-d-e (interesting hardware projects)


Q&A websites/forums

Other useful websites

Home network

Your home network connects you and your family to the internet. The most vulnerable point is your router since it has to fulfill different functions and is the primary point of entry for a remote attacker. Feel free to read our home network security series.


  • Introducing Basic Network Concepts (PDF file)
  • Meyers: CompTIA Network+ Certification, ISBN 978-0-07-184821-3
  • Kizza: Guide to Computer Network Security, ISBN 978-3-319-55606-2
  • Lowe: Networking for dummies, ISBN 978-1-119-25777-6
  • Peterson/Davie: Computer Networks: A Systems Approach (available online)



Disk and file encryption

We recommend the following applications/standards. Some recommendations are based on a talk of Mr. Schumacher from Magdeburger Institut für Sicherheitsforschung. Only use well-maintained and well-tested software for encryption. Otherwise, your data could be exposed in some way, or you could lose your data.

Full-disk encryption

Built-in file encryption

The file systems ext4, F2FS, and UBIFS natively support file encryption. See our section on using fscrypt.

Other software

  • GoCryptFS (uses modern crypto but leaks metadata)
  • CryFS (uses modern crypto and hides metadata but is slower than GoCryptFS)


Many private users are totally focused on HTTPS, and forget about their insecure DNS traffic. Cleartext DNS traffic can be modified or logged, and third parties can learn about your surfing habits. People who are familiar with network protocols and DNS can configure DNSSEC as well as DNS-over-TLS. If configured correctly, you get validated DNS responses, and your DNS traffic is authenticated and encrypted.

Check our DNS-related articles.


Identity management

Identity theft is a main threat to individuals on the internet. The best way to defend your personal data online is to stop using online services at all. This is quite unrealistic. Another way is to use services which provide cryptographic proof so others can verify that you actually own certain online accounts.

We recommend Keybase for private users. See also our articles about Keybase.

Instant messaging

Ask 10 people about their preferred instant messenger and you'll get 15 recommendations. Some people say that federation is best for privacy (no, this is wrong), some recommend closed-source messengers like Threema and most people keep on using WhatsApp. We aren't interested in wars of opinions and stay with the facts.

If it comes to security, privacy, usability, and support for different operating systems, Signal is the clear winner. See also our articles on Signal.

If you still want to use XMPP-based messengers like Conversations, Gajim, Dino and so on, keep in mind that server-side parties can access and manipulate everything. We strongly recommend running your own XMPP server in this case. If you don't know how to do this, use a messenger like Signal. Unlike many XMPP-based messengers, Signal uses client-side account management and enforces end-to-end encryption by default.

Operating systems

We recommend the following operating systems for advanced users:


The following repositories contain useful resources and links:

Secure key and password storage

If you use OpenPGP, SSH etc., you probably store your keys on your computer. This isn't very secure and stolen keys can result in data breaches (SSH) and decrypted messages (OpenPGP). Use dedicated security hardware to store your keys. Furthermore, use password management software like KeePass to store your passwords encrypted. Some products also support OATH-TOTP, U2F for 2FA, and/or WebAuthn.

We tested the following hardware and software: