Co-founder and CCO of Safing here , I thought I’d pitch Portmaster Free for PrivacyGuides.
For Who Is Portmaster Free?
Portmaster is a privacy suite for people who want an easy solution to step up their privacy on their desktop OS.
Portmaster Free Features
- Monitor All Network Activity
- Automatically Block Trackers & Malware
- Secure Your DNS Requests by Default
- Create Your Own Rules
- Set Global & per‑App Settings
- Install & Forget Solution
You do many of these things in your browser, you should do it for your complete OS.
Technology Overview
- Portmaster integrates into network stack using nfqueue on Linux and a kernel driver (WFP) on Windows.
- Packets are intercepted at the raw packet level - every packet is seen and can be stopped.
- Ownership of connections are (currently) found via
/proc
on Linux and the IP Helper API (iphlpapi.dll
) on Windows. - Most settings can be defined per app, which can be matched in different ways.
- Support for special processes with weird or concealed paths/actors:
- Snap, AppImage and Script support on Linux
- Windows Store apps and svchost.exe system services support on Windows
- Everything is 100% local on your device. (except the SPN, naturally)
- Updates are fully signed and downloaded automatically.
- Intelligence data (block lists, geoip) is downloaded and applied automatically.
- The Portmaster Core Service runs as a system service, the UI elements (App, Notifier) run in user context.
- The main UI still uses electron as a wrapper : / - but this will change in the future. You can also open the UI in the browser
Feature: Privacy Filter
- Define allowed network scopes: Localhost, LAN, Internet, P2P, Inbound.
- Easy rules based on Internet entities: Domain, IP, Country and more.
- Filter Lists block common malware, ad, tracker domains etc.
Feature: Secure DNS
- Portmaster intercepts “astray” DNS queries and reroutes them to itself for seamless integration.
- DNS queries are resolved by the default or configured DoT/DoH resolvers.
- Full support for split horizon and horizon validation to defend against rebinding attacks.
Feature: Safing Privacy Network (SPN)
Further Reading
Happy to discuss & answer any questions!