In this internet-connected world, it’s become more important than ever to keep our information safe. Whether it’s personal or work-related, our data is always at risk of falling into the wrong hands, be they those of snoopers such as government agencies wanting to monitor our activities or thieves looking to steal information they can profit from.
Encryption is hands down the best method to keep information secure. When you encrypt data, it becomes unreadable to anyone without the decryption key (often a password). Encryption software comes in many different forms, including those applied to email applications, browser traffic, and even passwords themselves. By combining several pieces of software you can encrypt everything on your device, plus all internet traffic flowing to and from it.
The best part? Much of this software is free, so you don’t even have to pay a penny for your peace of mind. In this post, I reveal 35+ free tools to help you encrypt your data. Let’s take a look.
Full disk encryption
To start off, I’ll look at one of the most basic measures you may want to take to protect your data, and that’s to encrypt your device. For most smartphone or tablet users, device encryption is built-in and relatively straightforward.
For desktop computers, depending on your operating system, there may be built-in encryption features, as well as several options for additional software. Although in both cases, there tends to be more available for Windows users than MacOS adopters.
If you’re a Windows user, you can likely take advantage of the full disk encryption software, BitLocker, which comes preinstalled on Windows Vista and Pro and Enterprise versions of Windows 7 and above. It uses 128- or 256-bit AES encryption to encrypt all the data on your hard drive.
Unfortunately, you can’t choose what you encrypt with BitLocker. When you have the software enabled, all files are encrypted when you log out of your device. But as soon as you log in with your password, everything is decrypted.
This is an okay solution if you’re worried about your computer being stolen or someone trying to access it when you’re not around. However, it’s no good if you want to hide files when someone else is using your computer. Once you’re logged in, everything is visible.
Another issue with BitLocker is that it is not open source. This means that it could possibly contain unidentified security flaws. But since it’s not open to audit by the public, there’s no way of knowing how secure it really is.
Windows does have another built-in encryption tool called Encrypting File System (EFS). This enables you to encrypt individual files, but they still become unencrypted as soon as you log in using your password.
2. FileVault 2
FileVault 2 is basically the MacOS version of BitLocker. It encrypts all data on the drive and the decryption key is the user’s password.
As with BitLocker, you don’t have the option of selective encryption, so this is most suitable for users who simply want to encrypt their entire device while logged out.
Are Linux users feeling left out yet? Not to worry; this one’s for you. Linux Unified Key Setup (LUKS) is the standard for Linux hard disk encryption and enables users to transport and migrate encrypted data and manage multiple passwords.
VeraCrypt is a full disk and partition encryption system that gives you flexibility and enables you to choose what to encrypt. It uses 256-bit AES encryption by default, but you can choose other methods, including Camellia, Kuznyechik, Serpent, and Twofish, all of which use a 256-bit key. You can even use a combination of two or three.
This software enables you to create two vaults, each with a different password. The idea is that if someone ends up with your password for your “visible vault,” they are satisfied. Meanwhile, the data you really want to protect resides in the “hidden vault.”
You may have heard about TrueCrypt in the past — VeraCrypt is its successor. Like TrueCrypt, VeraCrypt is a free and open source software, so anyone can use it. If you feel so inclined, you can donate to the project to help keep it up and running. You can use VeraCrypt with Windows, MacOS, and Linux operating systems.
CipherShed is very similar to VeraCrypt and is in fact another fork of TrueCrypt. The main advantage offered by CipherShed is that it’s still compatible with TrueCrypt, although this becomes less important as TrueCrypt becomes more of a distant memory.
Plus, CipherShed isn’t updated as quickly as VeraCrypt and is arguably less secure. It works with Windows, MacOS, and Linux, although only Windows users can download a package. MacOS and Linux users will have to compile it manually. The CipherShed project isn’t completely dead and it’s still considered a viable encryption tool, but most users will likely want to go with VeraCrypt.
DiskCryptor is a free, open source utility for Windows. It offers a choice of three encryption methods: AES, Twofish, and Serpent, all of which use a 256-bit key. You have the option to make encryption double-strength by using a combination of two ciphers.
The main pros of this software are that it encrypts quickly and is easy to use. Plus it supports encryption of external devices such as USB drives, hard drives, and DVDs.
Although it’s open source, there hasn’t been a lot of known security analysis performed on it, so there is a little skepticism surrounding its use.
As you can see, full disk encryption isn’t always the best or simplest solution. And in many cases, you simply want to encrypt select files or folders quickly and easily. Perhaps you share a computer and don’t want coworkers or family members to snoop on your files. Or maybe you’re uploading to the cloud and want to secure your data before trusting a third party with it.
Regardless, quick and simple file encryption is something every user should have in their toolbox. Below are some of the top free tools to help.
MacPaw’s Encrypto is designed for encrypting files before sending via email, messaging systems, or some other means, such as sharing via cloud storage. One feature which is specific to sharing encrypted files is the ability to create a password hint for the recipient, so you don’t have to worry about nullifying the encryption factor by relaying a password.
Encrypto isn’t just for sending encrypted files and you use it to simply encrypt files before saving them to your device. Encrypto has versions for both Windows and MacOS.
Cryptomator is a free and open source file encryption software, although its main use is to encrypt files for uploading them to the cloud. Cryptomator is “client-side” meaning the vault of encrypted files resides within your cloud storage system.
This software uses “transparent encryption” which basically means you can work with your files as normal. Cryptomator provides you with a virtual hard drive so you can access your files as you would normally. Meanwhile, the encrypted files are actually stored in your cloud folder, for example, within Dropbox or Google Drive.
Cryptomator updates files on an individual basis, so when your cloud storage system goes to sync, it only needs to update specific files — ones that have been modified since the last sync. This can save on time and is especially important if you have data upload limits imposed by your cloud storage provider or ISP.
Cryptomator works with Windows, MacOS, Linux, iOS, Android, and JAR.
BoxCryptor offers a simple way to encrypt files and keep them all easily accessible. You just create a folder on your computer and drop in files you want to encrypt. You can also put the folder in a sync folder for your cloud storage systems, such as Dropbox or Google Drive.
Boxcryptor uses 256-bit AES encryption and is available for Windows, MacOS, Chrome, iOS, Android, Windows Phone, and Blackberry.
AESCrypt is a free and open source software that enables you to encrypt files and folders. It works with Windows, Android, MacOS, iOS, Linux, and Python. It uses 256-bit AES encryption to secure data and is very easy to use.
This one is ideal if you only need to encrypt a few select files. For example, you may be traveling and want to ensure that if your computer is left open or goes missing that no one can read the contents of certain files. It can also be useful if you want to encrypt specific files or folders before uploading to the cloud.
Depending on the OS, encrypting files might be a simple case of a few clicks and a password entry or dragging the file into the AESCrypt program.
nCrypted Cloud is another software for encrypting your files for cloud storage and has apps for Windows, MacOS, iOS, and Android. Aside from strong encryption (it uses 256-bit AES), this software offers a powerful suite of sharing features.
This software enables you to control who accesses files and how long access is available for. You can even adjust settings after the files have been sent. You also get an audit trail of activity related to encrypted files, including read-receipt notifications when a file is accessed or modified.
nCrypted Cloud is free for non-commercial use and business plans start at $10 per user per month with a minimum of 10 users required.
EncFSMP lets you create an encrypted folder anywhere on your computer and drop in the files you want to encrypt. It doesn’t work the same range of operating systems as some other tools on the list, but it does work with Linux. Other compatible operating systems include Windows, MacOS, and Android.
Encrypted internet traffic
So far we’ve focused on-device encryption, but what about all of that data that flows between your device and other websites when you’re connected to the internet. With so many snoopers looking to monitor your online activity, including internet service providers (ISPs) and hackers, it’s important to encrypt information in transit.
There are a range of software types available including Virtual Private Networks (VPNs), proxies, and anonymous browsers, but I’ll offer my picks for the best type of each.
1. Tor browser
The Tor project is an implementation of a program that was originally developed at the US Naval Research Laboratory in the ‘90s. This hints at how secure this tool is and how useful it can be for protecting user privacy and anonymity.
The Tor network provides users with a means to browse the web anonymously as well as access parts of the web that are normally inaccessible through standard browsers. The simplest way to connect to the Tor network is by downloading the Tor browser. When you access a site through this browser, all of your traffic is encrypted and is passed through multiple “nodes” — computers run by volunteers.
Intercepted traffic can’t be read because of the encryption, and your activity is untraceable because a website will only see the IP address of the last computer in the chain.
There are Tor browser downloads for Windows, MacOS, Linux, and Android. There are also many Tor-related projects under continuous development, including a live operating system (Tails) and a traffic obfuscation service (Pluggable Transports).
While the Tor browser can protect your anonymity, it is flawed in the sense that the entry node operator can see your IP address. One way around this is to use a Virtual Private Network (VPN). In fact a VPN is a good idea for anyone browsing the web, whether you use Tor or not.
A VPN encrypts all of the traffic going and to and from your device and tunnels it through an intermediary server. The encryption factor means that if anyone were to intercept your traffic, it would be unreadable. So internet service providers, network administrators, government agencies, hackers, and any other snoopers would be unable to see what you’re doing online.
As a bonus, a VPN masks your IP address and replaces it with one from a location of your choice. This means that you can trick your destination website into believing you’re somewhere you’re not and bypass any geo-restriction measures in place. This is particularly useful if you want access streaming sites like US Netflix, online banking sites, or any other geo-restricted content from abroad.
There are a ton of free VPNs available, but beware, many use some seriously shady business tactics. Make sure to go for a VPN with strong encryption and a reputation for sticking to a no-logging policy. I’d recommend Windscribe, which uses 256-bit AES encryption and access to ten server locations with its free plan.
If you’re not concerned about encrypting the traffic from every application on your device and would be happy with browser encryption, a free proxy server could be a good option.
You just have to be sure that you’re choosing a proxy server that does actually encrypt your traffic, as there are several different types. An HTTPS proxy will encrypt your traffic, while DNS, HTTP, and SOCKS proxies don’t.
Many VPN providers offer free HTTPS proxies that are installed as browser extensions. One popular HTTPS proxy is that offered by Hide.me, but there are many more. Just bear in mind that these only encrypt the traffic going to and from that particular browser, not your entire device. Additionally, they don’t typically protect against DNS, IPv6, and WebRTC leaks, which all have the potential to expose your real IP address.
HTTPS Everywhere is a handy browser extension produced by the Electronic Frontier Foundation (EFF) along with the Tor project. While it doesn’t provide encryption itself, it does force encrypted connections with websites where possible.
You’ve probably heard that it’s best to only visit HTTPS websites as these are certified as secure. A site that has “https” in its URL instead of “http” is the bearer of a Secure Sockets Layer (SSL) certificate, which means all traffic between your browser and that site is encrypted. While many sites support HTTPS, they often default to their unencrypted versions or provide internal links that point toward unencrypted HTTP pages.
When you activate the HTTPS Everywhere browser extension, if there is an HTTPS version of the site available, that’s where you’ll end up. This extension is available for Chrome, Firefox, Firefox for Android, and Opera.
If you’re at all active on the internet, it’s likely that you have at least one email address. Even though email seems like a private form of communication — especially when compared to social media — it actually isn’t very secure. Most mainstream providers don’t give users the option to encrypt messages, so it’s possible that snoopers, such as hackers or government agencies, can read the contents of your communications.
So what can you do about this? Thankfully, there is software available to help you. Here are some of the top offerings.
You may have heard about PGP (Pretty Good Privacy) software. Well, OpenPGP is based on this. This is the standard protocol on which many other encryption software tools are built. The main purpose of OpenPGP is end-to-end encrypted email, but it can used for other applications such as encrypted messaging and password managers.
The software is free and open source and is available for Windows, MacOS, Linux, Android, and iOS. Despite having been around since 1997, it’s still deemed unbreakable.
If you’re planning to create your own encrypted email application, then you’d use the software itself. However, for most users, you’ll want to opt for an application that has been built around OpenPGP, many of which are free. We’ll be discussing some of these options further down the list.
GNU Privacy Guard (GnuPG) is a popular software for email encryption and is an implementation of PGP. Unlike Mailvelope, this does enable you to encrypt attachments with PGP before uploading them.
GnuPG is a command line tool that can be integrated with other applications, so again, probably not the first choice for most users. Instead, you can download the version suitable for your operating system, such as Gpg4win for Windows.
This is the Windows incarnation of GnuPG that I mentioned above, and is maintained by the developers of GnuPG. It enables you to send encrypted emails and files, so that they can’t be read by any snoopers. It also enables digital signatures so that you know who a message has come from and that it has not been modified.
Mailvelope is a browser extension that uses PGP encryption. It integrates with your web-based email client, such as Gmail or Outlook. Within your email editor, you’ll see an Encrypt button which enables you to decide which messages you’d like to send securely.
It’s an unobtrusive and easy-to-use extension that’s ideal for ensuring personal or work emails stay private. Mailvelope can be downloaded for Chrome and Firefox. One issue with this software is that it doesn’t encrypt attachments.
If you’re a Mozilla Thunderbird user, you can take advantage of the Enigmail add-on. Based on OpenPGP, it enables email encryption and digital signatures within the Thunderbird email client.
Note that to use Enigmail, you also need to install GnuPG.
6. eM Client
eM Client software is a modern and intuitive email client that supports PGP. This isn’t an add-on and can be be used as a standalone email application. It has a full set of features, including calendar, tasks, contacts, and chat.
You can send encrypted and signed emails from within the easy-to-use client. eM Client has a live backup feature which backs up your information, even while you’re working. The software is available for Windows and MacOS.
Tutanota is another encrypted email client and applies end-to-end encryption as standard. It even encrypts the subject, attachments, and your contact list.
Tutanota can be accessed through a web browser or via its Android or iOS app. It’s open source and free.
CipherMail offers a few products for email encryption, but is perhaps best known for its Android app. This can be used alongside your existing Android mail application to encrypt and sign emails.
Encrypted Messaging Systems
Although email is far from dead, more and more users are communicating via messaging systems, such as Facebook Messenger or WhatsApp. While some popular apps offer encryption features, many don’t. And those that do often don’t enable encryption by default. Thankfully, this is one area where developers have been quick to turn out some pretty great encryption software. Here are some of the best of this bunch.
Signal, from Open Whisper Systems, is a messaging system highly regarded for its secure protocol. Indeed, other players in the encrypted messaging world, including WhatsApp and Silence, use Signal software in their applications. This company is even endorsed by whistleblower and privacy advocate Edward Snowden.
The software is open source and its competency has been reviewed by experts. It uses 256-bit AES encryption and every new message involves a new AES key.
Signal can be used with Windows, Linux, MacOS, iOS, and Android. Apps support voice, text, video, images, and documents for one-to-one or group messaging. When using the app, you have the option to set intervals after which messages will disappear, enhancing security even further. One more security feature is the “safety number” that enables contact verification.
While WhatsApp probably isn’t the best messaging system out there in terms of security, it’s one of the most popular, so worth a mention. WhatsApp does offer encryption, and as mentioned, its protocol is based on that of Signal.
However, there has been news of security flaws and the company does keep logs, so users should remain wary about sending very sensitive information through the platform.
WhatsApp is available for Windows, MacOS, iOS, Android, and Windows Phone.
Telegram is considered a secure messaging system and is fairly widely used. It offers end-to-end encryption, although this isn’t implemented by default. Users will have to enable the “secure chat” feature in order for their messages to be encrypted. It does have a neat additional security feature which allows you to destroy messages using a timer.
Telegram is a viable option for businesses as it allows groups with up to 75,000 members. It’s accessible through the web or via apps for Windows, Linux, MacOS, Android, iOS, and Windows Phone.
Wickr is a freemium messaging system but you’ll likely only need to pay if you’re using it for business. It uses end-to-end encryption software that’s is open source and free for public audit.
The app comes with a “self-destruct” feature so you can control when your messages or files become inaccessible. It’s compatible with iOS, Android, Windows, MacOS, and Ubuntu.
Other encryption tools
I’ve covered some of the most common requirements for encryption, but there are other reasons you may want to encrypt data. In this section, I’ll cover some of the miscellaneous tools that may be of interest for personal or business use.
While backing up isn’t always the first thing on your mind, it’s an important step. It’s always the thing you wish you’d done once it’s too late. The main advantage of online backup is that your data is stored completely separately from your device and out of harm’s way. The main downside is that you now have to trust a third party with all of your information.
That’s where encryption comes in. Many online backup solutions will encrypt your data for you. Most will charge you for this luxury, but there are some free tools out there that will encrypt your backups.
One such software is Duplicati. Available for Windows, MacOS, and Linux, this software uses 256-bit encryption and will encrypt and back up your files and folders. It will perform incremental backups and avoid duplicate data, so you can save valuable space. It’s free and open source and can be used for personal or commercial use.
OpenSSL is actually a software library, but one of the most important pieces of software it contains is an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
Versions are available for a range of operatings systems, including Linux, MacOS, and Windows. For many users, however, using the OpenSSL software itself would be impractical. Thankfully, Let’s Encrypt (see below) helps website owners obtain an SSL certificate more easily.
I talked about HTTPS earlier, and if you’re a website owner, chances are you’d like to be able to offer a secure HTTPS version of your website. Let’s Encrypt helps you do that for free. If you own a domain name, you can use Let’s Encrypt to obtain an SSL certificate.
The overall idea behind Let’s Encrypt is to create a more secure web. It’s easy-to-use and renewal is automatic, so you can set it and forget it.
One of the most basic steps to online security is ensuring you have strong passwords. However people tend to use weak passwords and the same one for multiple accounts, because it’s simply too difficult to remember them all.
A password manager makes things simple by remembering all of your passwords for you and auto filling them when you want to log in to an account. Of course, when you’re trusting a third party with your password, you want to be sure they’re using strong encryption. LastPass does just that and uses 256-bit AES encryption to keep your passwords secure.
It has an intuitive interface and can be used on mobile and desktop. LastPass’ basic offering is completely free, and even if you do decide to upgrade to the premium version, you’ll pay just $2 per month.
Other great freemium password managers include Dashlane and KeePass.
USB Flash Security is a neat piece of software for encrypting flash drives. It’s free to use for personal use, although there are premium upgrades for commercial use. The basic version will enable you to encrypt up to 4GB of data. Note that this tool only works with Windows computers.
Image credit: “Virus” licensed under CC BY 2.0