Portmaster Free Showcase

davegson · February 17, 2023, 10:56am

Co-founder and CCO of Safing here , I thought I’d pitch Portmaster Free for PrivacyGuides.

For Who Is Portmaster Free?

Portmaster is a privacy suite for people who want an easy solution to step up their privacy on their desktop OS.

Portmaster Free Features

Monitor All Network Activity
Automatically Block Trackers & Malware
Secure Your DNS Requests by Default
Create Your Own Rules
Set Global & per‑App Settings
Install & Forget Solution

You do many of these things in your browser, you should do it for your complete OS.

Technology Overview

Portmaster integrates into network stack using nfqueue on Linux and a kernel driver (WFP) on Windows.
Packets are intercepted at the raw packet level - every packet is seen and can be stopped.
Ownership of connections are (currently) found via /proc on Linux and the IP Helper API (iphlpapi.dll) on Windows.
Most settings can be defined per app, which can be matched in different ways.
Support for special processes with weird or concealed paths/actors:
- Snap, AppImage and Script support on Linux
- Windows Store apps and svchost.exe system services support on Windows
Everything is 100% local on your device. (except the SPN, naturally)
- Updates are fully signed and downloaded automatically.
- Intelligence data (block lists, geoip) is downloaded and applied automatically.
The Portmaster Core Service runs as a system service, the UI elements (App, Notifier) run in user context.
The main UI still uses electron as a wrapper : / - but this will change in the future. You can also open the UI in the browser

Feature: Privacy Filter

Define allowed network scopes: Localhost, LAN, Internet, P2P, Inbound.
Easy rules based on Internet entities: Domain, IP, Country and more.
Filter Lists block common malware, ad, tracker domains etc.

Feature: Secure DNS

Portmaster intercepts “astray” DNS queries and reroutes them to itself for seamless integration.
DNS queries are resolved by the default or configured DoT/DoH resolvers.
Full support for split horizon and horizon validation to defend against rebinding attacks.

Feature: Safing Privacy Network (SPN)

see the product showcase for Portmaster Unlimited / SPN

Further Reading

Happy to discuss & answer any questions!

dngray · February 17, 2023, 11:14am

I have been meaning to try Portmaster out for a while, and think it might make sense particularly related to

github.com/privacyguides/privacyguides.org

Software/Firewall Device and Network based firewalls

opened 02:10PM - 15 Feb 23 UTC

dngray

c:software c:hardware

### Discussed in https://github.com/privacyguides/privacyguides.org/discussions/…408 <div type='discussions-op-text'> <sup>Originally posted by **ph00lt0** November 29, 2021</sup> As discussed here: https://github.com/privacytools/privacytools.io/issues/2383 it would be a good idea to add a firewall section. It is a great way to limit the amount of trackers in applications exposing you. </div> I think this is one we should do, or at least make a list here of viable options for common platforms that could end up being a page.

Niek-de-Wilde · February 17, 2023, 1:40pm

If we were to add it, we would have to figure out under which section.

davegson · February 22, 2023, 1:47pm

happy to introduce new categories for privacy software

mika · February 22, 2023, 3:02pm

It would make sense to add it in Firewall section, along with simplewall (windows) and Lulu and/or Little Snitch on macOS. Android and iOS equivalents could be included as well.

The ability to revoke network access to specific apps is a huge privacy improvement, IMO.

dngray · February 24, 2023, 7:45pm

It would be probably related to a new Software/Firewall section.