This page is a curated collection of software that I recommend to people. I have thoroughly researched and personally used every item on this list.

This is not a comprehensive list, but I will add to it over time. You can check the history of this page or subscribe via RSS to all changes made across the site. Alternatively follow me on Mastodon for complementary witticisms.

My recommendations are guided by the following criteria. It is not exhaustive, but gives you an idea of what I consider important.

• must be free/libre software, meaning it is released under a licence that respects your freedom to run, modify and share it;
• must work with free/libre file formats where applicable;
• must be stable and actively maintained;
• should be well documented;
• may have a learning curve.

Password manager

Don’t reuse passwords. Use a strong, unique password for each online account. Aim for 13 or more randomly generated characters including letters, numbers and punctuation. Anything shorter than 8 can be cracked in milliseconds, and even passwords longer than 20 characters can be vulnerable to dictionary attacks.

You’ll need a way to keep track of all those immemorable passwords, which is exactly what a password manager is for.

I advise against using password managers that are built directly into your web browser since that restricts your choice of web browsers going forward.

Pen and paper

The simplest method is not to use software at all! Literally write your online passwords in a private notebook and keep it in a safe place; for example, a locked drawer in your bedroom.

I realise pen and paper is plain text, but for tech illiterates who don’t trust themselves to store passwords digitally in a safe way, it is surprisingly effective. Cybercriminals are seldom burglars and vice versa.

This method is not perfect though. It is prone to shoulder surfing and theft. Also, if your house burns down or is flooded then your passwords may forever be lost.

Bitwarden

Bitwarden is a free/libre password manager suitable for computer users both novice and experienced. There are clients available for all major web browsers and operating systems, desktop and mobile that can automatically fill out login forms for you.

All your data is encrypted and stored securely on a remote server where you can’t lose it. Just don’t forget your master password!

The canonical instance of Bitwarden (i.e. not self-hosted) offers paid plans, but for most individuals the free plan is plenty.

Licensed under the GNU GPLv3 client-side and AGPLv3 server-side, Bitwarden is a freedom-respecting replacement for popular malware such as LastPass and Dashlane.

Pass

For advanced users who are comfortable using the Unix shell, managing a personal PGP key pair and maintaining backups, I recommend pass—appropriately dubbed “the standard Unix password manager.”

For an even simpler, POSIX-compliant program: try pash (licensed MIT/Expat).

Pass is licensed under the GNU GPL, version 2 or later.

In addition to the included passmenu script, I like to use the Browserpass extension (via Debian’s webext-browserpass) to retrieve passwords from my ~/.password-store/ and auto-fill login pages in Firefox. It is distributed under the ISC license.

Web browser

This section only covers desktop browsers, not mobile. My recommendations focus on privacy, but not at the expense of usability.

Tor Browser

The best browser for preserving online privacy and anonymity is without question the Tor Browser.

For maximum privacy, disable JavaScript in about:preferences. Keep in mind this can stop many popular sites from working properly.

Unfortunately, browsing over the Tor network can be sluggish and intermittent. Worse, some “services” outright block Tor connections.

Firefox

For when Tor is not viable, I recommend Firefox on the desktop with some tweaks and a number of extensions.

Start by disabling telemetry, HTTPS over DNS, the included Pocket extension, and Firefox accounts integration. Then install:

• HTTPS Everywhere by the EFF
• Privacy Badger also by the EFF
• uBlock Origin (which, by the way, works best on Firefox)
• NoScript (optional and not for beginners)

With NoScript you can block JavaScript on a per-domain basis. The default behaviour causes many sites not to work properly since all domains are blocked at first.

On Debian you can install Firefox and these extensions using the following command:

sudo apt-get update && sudo apt-get install \
  firefox-esr \
  webext-https-everywhere \
  webext-privacy-badger \
  webext-ublock-origin \
  webext-noscript

HTTPS Everywhere and NoScript seem to be missing from Ubuntu’s repositories for some reason.

Anki

Anki is spaced repetition software. Basically it is a flashcards app. Many thousands of people use it to memorize vocabulary and facts when learning a new language or studying medicine, science, history, geography, and things like that.

The program is built on a state-of-the-art scheduling algorithm and can be used as part of an evidence-based approach to effective learning.

There are apps for all the usual operating systems including mobile (GNU GPLv3), although the desktop versions (AGPLv3+) are vastly more powerful for putting together your own decks.

AnkiWeb is what you might call a “cloud” service (plus a basic web client) which is completely free and keeps your decks synced across devices. You can also find and download shared decks and feature add-ons created by the community.

Anki is a radiant example of a free/libre desktop application and by far the best in its category. In this respect it is among the likes of Blender and OBS.