~/changelog
Changelog
every recommendation change, dated and explained
When something here changes, this page says what and (more importantly) why. Recommendations move because facts move: a new audit, a pricing change, a policy rewrite, an acquisition. If a change ever seems unexplained, call it out.
Twelve new categories addedadded
Tools grew from eleven categories to twenty-three, regrouped under seven
themed sections in the sidebar (communication, credentials & identity,
network & browsing, data & files, platforms, money &
connectivity, other). New pages: Social Media,
Communities, Financial Services,
Encryption, Alias Services,
Personal Data Removers, Cellular Services,
File Sharing, Office Suites,
AI Tools, Maps, and a non-provider
Resources page for external reference sites. Existing
pages also picked up new entries: Threema and Session (messaging), Disroot
(email), Proton Pass (password managers), Proton Auth (2FA), five more
browsers and two more search engines, IVPN and Obscura (VPNs), ControlD
(DNS), six more cloud storage options, Joplin and Cryptee (notes), and
Qubes OS and Secureblue (desktop OS). Every provider card now has a
reserved icon slot (icons/[service-name].webp), empty for
now, swap in real assets as they're sourced.
tools · social-media · communities · financial-services · encryption · alias-services · data-removal · cellular · file-sharing · office-suites · ai-tools · maps · resources
Full stack reviewupdated
The largest revision since launch: a top-to-bottom re-evaluation of the recommended stack. The short version: Brave becomes the browser default (with Brave Origin noted and Helium added to watch; LibreWolf and Ungoogled Chromium removed), 1Password takes the password manager slot over Bitwarden after unannounced leadership changes and quietly edited public commitments there (Dashlane removed), Proton VPN leads VPNs on value with Mullvad refocused as the anonymity pick (Windscribe in, IVPN out), AdGuard DNS becomes the DNS default with Mullvad DNS added for tunnel consistency, Filen takes cloud storage with Tresorit as the premium option (Proton Drive demoted over Linux support, Nextcloud moved to a mention), and iOS is now the honest mobile default with GrapheneOS as the maximum-security pick. Messaging gains iMessage (with Advanced Data Protection caveats) and SimpleX, drops Wire, and the Telegram warning got the prominence it deserves. Search guidance reworked: Brave Search primary, Startpage secondary, DuckDuckGo caveated. Setups updated to match throughout.
browsers · password-managers · vpns · dns · cloud-storage · mobile-os · messaging · email-providers · setups
Notes category addedadded
A new tool category for note-taking: Notesnook as the encrypted-sync pick, Obsidian as the local-first pick (synced via Filen/Syncthing to keep the vendor count down), with Standard Notes and Logseq covering the established and open-source corners. Notes are where unfiltered thinking lives; they deserved a page.
Setups pages launchedadded
Three complete setup guides (beginner, standard, hardened) each mapped to a threat model with step-by-step instructions and checklists. Written because "which tools?" turned out to be the wrong question for most readers; "in what order, and why?" is the useful one.
Dashlane entry reworkedupdated
Free-tier limits tightened again (25 passwords, one device) and the price gap against Bitwarden keeps widening. Entry rewritten to reflect that it's a polish-and-hand-holding pick, not a value pick. Verdict tag changed accordingly.
Email provider prices re-checkedverified
Annual re-check of all four entries: Proton's plan structure, Mailbox.org and Posteo pricing, Tuta's post-quantum rollout status. No recommendation changes; "last updated" dates refreshed to reflect the review.
Wire verdict narrowedupdated
Wire's continued enterprise pivot has slowed consumer app development noticeably. Kept on the page for its no-phone-number signup, now framed strictly as that pick, with the caveat made explicit. Watching for a better replacement in this slot.
Cryptomator added to storageadded
Reader feedback was right: "I can't leave Google Drive" is the most common storage situation, and the page had no answer for it. Cryptomator added as the keep-your-cloud pick: client-side encryption over whatever you're stuck with.
Mobile OS page launchedadded
GrapheneOS, CalyxOS, and LineageOS with honest framing: Graphene for security, Calyx for convenience, Lineage for old hardware, and a note that a hardened iPhone is a defensible answer some threat models prefer.
Mullvad port forwarding note correctedcorrected
The VPN page previously implied port forwarding was still limping along; it's been gone since 2023. Fixed, with thanks to the reader who flagged it. Errors get corrected here, not quietly edited away.
Site launchedmilestone
First public version: threat modeling guide, ten tool categories, and this changelog. One person, no sponsors, no affiliate links; the about page explains the rules this site runs by.