CROPS Circle

CROPS Circle indexes tools for coordination and creation free of predation, extraction, censorship or surveillance by power of all stripes (nation-states, multinational corporations, oligarchs). We believe in technology as a tool for the autonomy and thriving of the many rather than the enrichment of the few.

CROPS technologies are

Censorship‑

Resistant cannot be removed or blocked by a platform or government

Open Source source code is publicly available to read, audit, and modify

Private does not collect or share your personal data

Secure designed to resist unauthorized access and attack

Find what you need >>>

Complete Index

Hardware & Infrastructure

SYSTEM76: US-based maker of open-firmware Linux laptops and desktops; ships with coreboot. Battle-tested in the libre hardware community.; https://system76.com
PURISM LIBREM: Hardware with neutralized Intel ME, coreboot, and PureOS; designed for privacy by default. Ships with a hardware kill switch for camera, mic, and WiFi.; https://puri.sm
PINE64: Community-driven ARM hardware — PinePhone, PineBook Pro — open schematics, no proprietary blobs required. Affordable sovereign hardware platform.; https://pine64.org
FRAMEWORK LAPTOP: Fully user-repairable laptop with open EC firmware; modular and independently ownable. Designed to outlast vendor support cycles.; https://frame.work
NOVACUSTOM: Dutch laptop vendor shipping with coreboot/Dasharo open firmware; no Intel ME, configurable security options.; https://novacustom.com
COREBOOT: Open-source firmware replacing proprietary BIOS/UEFI; fully auditable boot chain, no closed blobs on supported hardware.; https://coreboot.org
LIBREBOOT: Coreboot distribution with all binary blobs removed; FSF-endorsed, fully free firmware for supported boards.; https://libreboot.org
HEADS: Security-hardened coreboot+Linux payload providing measured, verified boot on Librem and Thinkpad hardware.; https://osresearch.net
OPENWRT: Open-source Linux distribution for routers; replaces ISP-controlled firmware with an auditable, self-managed stack. Widely deployed.; https://openwrt.org
DD-WRT: Open router firmware alternative; extends hardware life and removes manufacturer surveillance hooks from consumer routers.; https://dd-wrt.com
OLIMEX: Bulgarian maker of open-hardware development boards and laptops; all schematics published, no proprietary components.; https://www.olimex.com
RASPBERRY PI (w/ libre OS): Low-cost ARM SBC; when paired with a libre OS, removes dependency on proprietary x86 stacks for servers and embedded systems.; https://www.raspberrypi.com
EOMA68: Open hardware computing card standard; swappable CPU modules with fully open schematics, designed for longevity and repairability.; https://eoma68.org

Operating Systems & Firmware

TAILS: Amnesic live OS; leaves no trace on host hardware, routes all traffic through Tor. The standard for operational security in hostile environments.; https://tails.boum.org
WHONIX: Two-VM Tor-gateway architecture isolating the user workstation from the network entirely. DNS and traffic leaks are structurally impossible.; https://www.whonix.org
QUBES OS: Security-by-compartmentalization; each application runs in an isolated Xen VM, disposable VMs built in. Endorsed by Snowden.; https://www.qubes-os.org
GRAPHENEOS: Hardened Android for Pixel hardware; removes Google services, hardens kernel and userspace, verified boot enforced. The sovereign mobile OS.; https://grapheneos.org
CALYXOS: De-Googled Android with microG compatibility; balances strong privacy with app compatibility on Pixel devices.; https://calyxos.org
POSTMARKET OS: Alpine-based Linux for smartphones; extends hardware life beyond vendor EOL, targets mainline kernel support.; https://postmarketos.org
LINEAGEOS: Community Android fork; removes OEM bloatware, extends device support years beyond manufacturer abandonment.; https://lineageos.org
DEBIAN GNU/LINUX: The universal OS; no corporate owner, community governed, decades of stable libre packages. The foundation for many sovereign systems.; https://www.debian.org
ALPINE LINUX: Musl-libc, minimal footprint, security-focused distribution; preferred base for containers and embedded systems.; https://alpinelinux.org
NIXOS: Purely functional, reproducible OS; every configuration is declarative and auditable, rollback is trivial.; https://nixos.org
GUIX SYSTEM: GNU's fully free distribution with functional package management; cryptographically reproducible builds, FSF-endorsed.; https://guix.gnu.org
PARABOLA GNU/LINUX: FSF-endorsed Arch derivative with all proprietary packages and firmware blobs removed; fully free system.; https://www.parabola.nu
PUREOS: Debian-based, FSF-endorsed OS shipping on Librem hardware; no proprietary components anywhere in the stack.; https://pureos.net
OPENBSD: Proactive security OS; relentless code auditing by default, minimal attack surface, clean cryptography defaults.; https://www.openbsd.org
FREEBSD: Open-source Unix; ZFS native, jails for isolation, permissively licensed and fully auditable. Production-proven for self-hosted infrastructure.; https://www.freebsd.org

Communication

SIGNAL: End-to-end encrypted messenger with sealed sender and disappearing messages; no metadata sold. The most widely audited secure messenger.; https://signal.org
SIMPLEX CHAT: No user IDs — not even random ones; E2EE over a decentralized relay network. No central party can correlate users to conversations.; https://simplex.chat
BRIAR: P2P encrypted messenger syncing over Tor, Wi-Fi, or Bluetooth — works completely without internet. Built for hostile network environments.; https://briarproject.org
SESSION: Decentralized E2EE messenger requiring no phone number; messages routed over the Session Network (Lokinet-derived).; https://getsession.org
CWTCH: P2P, metadata-resistant group chat built on Tor v3 onion services; no server sees who is talking to whom.; https://cwtch.im
MATRIX / ELEMENT: Federated, E2EE messaging protocol; self-hostable, bridges to other networks. No single company controls the network.; https://matrix.org
XMPP + OMEMO: Open federated messaging standard with 20+ years of deployment; OMEMO extension provides double-ratchet E2EE matching Signal's protocol.; https://xmpp.org
DELTA CHAT: E2EE chat over existing email infrastructure using Autocrypt; no new account needed, works with any email provider.; https://delta.chat
JAMI: Fully P2P voice, video, and messaging using a DHT; no central server required, no account registration.; https://jami.net
TOX: P2P E2EE voice, video, and messaging with no servers; your identity is a cryptographic key, no registration needed.; https://tox.chat
RETROSHARE: Encrypted friend-to-friend network for messaging, file sharing, and forums; trust anchored to PGP keys.; https://retroshare.cc
JITSI MEET: Open-source video conferencing; self-hostable with no account required for participants. Widely deployed by privacy-conscious organizations.; https://jitsi.org
MUMBLE: Low-latency, open-source encrypted voice chat; self-hostable, no cloud dependency, minimal data collection.; https://www.mumble.info
NOSTR: Cryptographically signed, censorship-resistant protocol for short-form messaging; identity is a keypair, relay network is decentralized.; https://nostr.com

Networking & Anonymity

TOR: Onion-routing anonymity network; hides IP and browsing patterns through layered encryption across volunteer relays. The gold standard for network anonymity.; https://www.torproject.org
I2P: Garlic-routing overlay network optimized for internal hidden services and P2P; distinct threat model from Tor, strong for darknet applications.; https://geti2p.net
LOKINET: Onion-routing network using a blockchain-anchored DHT for relay discovery; supports exit nodes and hidden services.; https://lokinet.org
YGGDRASIL: End-to-end encrypted mesh network with cryptographic addressing; self-organizing topology, no central routing authority.; https://yggdrasil-network.github.io
CJDNS: Encrypted IPv6 mesh networking; every node is its own router, addresses are derived from public keys, no central authority.; https://github.com/cjdelisle/cjdns
WIREGUARD: Minimal, audited VPN now in the Linux kernel; clean modern cryptography, vastly smaller codebase than OpenVPN. Self-hostable.; https://www.wireguard.com
OPENVPN: Mature, audited open-source VPN; widely supported for self-hosted network tunneling across platforms.; https://openvpn.net
MULLVAD VPN: No-logs, no-required-email VPN; accepts cash and Monero payment, independently audited. No account needed — just a number.; https://mullvad.net
PIHOLE: Network-level DNS sinkhole blocking ads and trackers for every device on a LAN; self-hosted, open source.; https://pi-hole.net
UNBOUND: Validating, recursive, caching DNS resolver; DNSSEC support, run locally to eliminate ISP DNS snooping entirely.; https://nlnetlabs.nl/projects/unbound
DNSCRYPT-PROXY: Encrypts DNS queries using DNSCrypt or DNS-over-HTTPS; prevents interception and manipulation by ISPs and on-path observers.; https://github.com/DNSCrypt/dnscrypt-proxy
HYPHANET (formerly Freenet): Distributed, censorship-resistant datastore and communication platform; content persists across the network without central hosting.; https://www.hyphanet.org
ZEROTIER: Software-defined networking creating encrypted peer-to-peer virtual LANs across the internet; self-hostable controller.; https://www.zerotier.com

Data & Storage

VERACRYPT: On-the-fly disk encryption with plausible deniability via hidden volumes; successor to TrueCrypt, independently audited.; https://veracrypt.fr
AGE: Simple, modern file encryption; small auditable codebase, X25519 keys, designed to replace GPG for file encryption use cases.; https://age-encryption.org
CRYPTOMATOR: Client-side encryption for cloud storage; open source, works with any provider, encrypts before upload.; https://cryptomator.org
SYNCTHING: Continuous file synchronization between devices; no cloud, no central server, encrypted in transit. Replaces Dropbox without surrendering your data.; https://syncthing.net
NEXTCLOUD: Self-hosted file storage, calendar, and collaboration suite; full data sovereignty on your own server or trusted provider.; https://nextcloud.com
RESTIC: Fast, secure, deduplicated backups encrypted at rest; supports local, SFTP, S3, and many other backends.; https://restic.net
BORGBACKUP: Deduplicating, encrypted backup; append-only mode prevents ransomware from deleting backup history. Well-audited.; https://www.borgbackup.org
IPFS: Content-addressed distributed storage; files addressed by hash rather than location, making them censorship resistant by design.; https://ipfs.tech
TAHOE-LAFS: Least-authority encrypted distributed filesystem; data split across storage nodes, no single node can read or destroy your files.; https://tahoe-lafs.org
GIT-ANNEX: Manages large files in git without storing content in the repo; tracks file presence across distributed repositories.; https://git-annex.branchable.com
GNUPG: OpenPGP implementation for file and email encryption, signing, and key management; the de facto standard for cryptographic identity.; https://gnupg.org
SQLITE: Serverless, zero-configuration, self-contained SQL database in a single file; portable, auditable, no server process required.; https://www.sqlite.org

Identity & Authentication

GNUPG / PGP: Cryptographic identity via keypairs; sign code, mail, files. Your key is your identity, anchored to nothing but math.; https://gnupg.org
NITROKEY: Open-hardware security key for GPG, FIDO2, and OTP; firmware auditable, manufactured in Germany, no proprietary components.; https://www.nitrokey.com
SOLOKEYS: Open-source, open-hardware FIDO2 security key; fully auditable from PCB schematic to firmware. Community-developed.; https://solokeys.com
YUBIKEY: Widely supported hardware 2FA token; closed hardware (noted), but implements open protocols FIDO2/WebAuthn. Widely regarded as reliable.; https://www.yubico.com
KEYOXIDE: Decentralized identity verification using OpenPGP proofs; no central server, verify identities across platforms without trusting a middleman.; https://keyoxide.org
PASSKEYS / WEBAUTHN: Open W3C standard for phishing-resistant, passwordless authentication using device-held keys; no password database to breach.; https://webauthn.io
BITWARDEN: Open-source password manager; self-hostable server (Vaultwarden), independently audited. No proprietary cloud required.; https://bitwarden.com
KEEPASSXC: Local-only open-source password manager; database is a single encrypted file, no network access, no sync unless you want it.; https://keepassxc.org
DECENTRALIZED IDENTIFIERS (DIDs): W3C standard for self-sovereign identity; identifiers controlled by keypair, no corporation issues or can revoke your identity.; https://www.w3.org/TR/did-core/
LET'S ENCRYPT / CERTBOT: Free, automated, open certificate authority; removes the cost barrier to TLS for self-hosted services. Widely deployed infrastructure.; https://letsencrypt.org
OPENID CONNECT: Open federated authentication standard; any compliant server can act as identity provider, no dependence on Google or Facebook login.; https://openid.net/connect/

Money & Value Exchange

MONERO: Privacy-by-default cryptocurrency; ring signatures, stealth addresses, and RingCT hide sender, receiver, and amount on every transaction.; https://www.getmonero.org
BITCOIN: Permissionless, censorship-resistant store of value; non-custodial wallets require no third party, no account, no permission.; https://bitcoin.org
LIGHTNING NETWORK: Layer-2 payment channels on Bitcoin; fast, low-fee, non-custodial payments without waiting for blockchain confirmation.; https://lightning.network
BTCPAY SERVER: Self-hosted Bitcoin and Lightning payment processor; no third party, no percentage fees, complete sovereignty over your payment infrastructure.; https://btcpayserver.org
BISQ: Decentralized, non-custodial Bitcoin exchange; no KYC, no central operator, P2P trades with built-in dispute resolution.; https://bisq.network
HAVENO: Decentralized exchange built for Monero trades; fork of Bisq, non-custodial, no KYC required.; https://haveno.exchange
WASABI WALLET: Bitcoin wallet with built-in Coinjoin; reduces on-chain transaction traceability through trustless coin mixing.; https://wasabiwallet.io
FEATHER WALLET: Lightweight Monero desktop wallet; Tor integration built in, no account required, fully open source.; https://featherwallet.org
GNU TALER: Privacy-preserving electronic payment system; anonymous for buyers, taxable for merchants — designed to satisfy legal requirements without surveillance.; https://taler.net
CASHU: Chaumian e-cash protocol for Bitcoin and Lightning; bearer tokens provide strong payment privacy, minimal trust required.; https://cashu.space
FEDIMINT: Federated Chaumian mint for Bitcoin custody; distributes trust across a community rather than a single custodian.; https://fedimint.org
OPENCOLLECTIVE: Transparent community fundraising with an open ledger; financial operations visible to all members, no hidden fees or opaque accounts.; https://opencollective.com

Search & Browsing

TOR BROWSER: Firefox-based browser routed through the Tor network; fingerprinting resistance, NoScript by default. The baseline for anonymous browsing.; https://www.torproject.org/download/
LIBREWOLF: Firefox fork with privacy defaults already configured; no telemetry, uBlock Origin included, hardened user.js baked in.; https://librewolf.net
MULLVAD BROWSER: Firefox fork built with the Tor Project; fingerprint resistance without requiring Tor network, designed for VPN users.; https://mullvad.net/browser
FIREFOX: The remaining non-Chromium major browser; open source, extensive hardening possible via arkenfox user.js. Still worth running.; https://www.mozilla.org/firefox/
BRAVE: Chromium fork with built-in ad and tracker blocking; fingerprinting randomization, optional Tor windows for .onion browsing.; https://brave.com
SEARXNG: Self-hostable, open-source metasearch engine aggregating results from multiple sources without tracking queries. Run your own or use a community instance.; https://docs.searxng.org
WHOOGLE: Self-hosted Google search proxy; returns Google results without ads, tracking, JavaScript, or AMP pages.; https://github.com/benbusby/whoogle-search
KAGI: Privacy-focused paid search engine; no advertising model, no behavioral profiling. Subscription business model removes the incentive for surveillance.; https://kagi.com
UBLOCK ORIGIN: Open-source, highly efficient content blocker; uses filter lists, low memory footprint, widely audited. The essential browser extension.; https://ublockorigin.com
PRIVACY BADGER: EFF's tracker blocker using heuristic detection rather than static block lists; learns from behavior rather than requiring constant list updates.; https://privacybadger.org
ARKENFOX USER.JS: Curated Firefox hardening configuration; systematic privacy and fingerprinting mitigation via about:config settings. Reference document for Firefox hardening.; https://github.com/arkenfox/user.js

Development & Collaboration

GIT: Distributed version control; no central server required, full history in every clone. The foundation of sovereign code collaboration.; https://git-scm.com
FORGEJO: Community fork of Gitea; self-hostable Git forge with issues, PRs, and CI. No Microsoft, no GitHub dependency required.; https://forgejo.org
CODEBERG: Non-profit Forgejo instance; public hosting for libre software projects, operated by a German non-profit, no surveillance capitalism.; https://codeberg.org
SOURCEHUT: Minimal, email-based software forge; no JavaScript required to browse or interact, entirely open source. Runs on plain HTTP.; https://sr.ht
RADICLE: Peer-to-peer code collaboration over a sovereign stack; Git repositories published over a decentralized protocol with cryptographic identity.; https://radicle.xyz
FOSSIL SCM: Distributed VCS with integrated wiki, bug tracker, and forum in a single binary; self-contained, no external services needed.; https://fossil-scm.org
REPRODUCIBLE BUILDS: Project and tooling to verify that source compiles deterministically to the same binary; closes the gap between audited source and running executable.; https://reproducible-builds.org
NIX / GUIX PACKAGE MANAGERS: Functional package management with cryptographic build reproducibility and atomic rollback; any build can be reproduced by anyone.; https://nixos.org/nix/
ETHERPAD: Open-source collaborative text editor; self-hostable, real-time, no Google Docs account required.; https://etherpad.org
GITOXIDE: Pure Rust reimplementation of git; memory-safe, fast, auditable alternative to the C git implementation.; https://github.com/Byron/gitoxide
TMATE: Terminal sharing over SSH; open source, self-hostable pair-programming without screen share or proprietary cloud services.; https://tmate.io
MERCURIAL: Distributed VCS with a clean data model and strong history integrity guarantees; simpler than git for many workflows.; https://www.mercurial-scm.org
DEBIAN SALSA: Debian's self-hosted GitLab instance; community infrastructure for libre package collaboration, operated by the Debian project.; https://salsa.debian.org

AI & Computation

OLLAMA: Run open-weight LLMs locally; one-command setup for Llama, Mistral, Gemma, and others — no cloud, no data sent to third parties.; https://ollama.com
LLAMA.CPP: C/C++ inference engine for LLaMA-family models; runs on CPU with no GPU or cloud dependency, minimal footprint.; https://github.com/ggml-org/llama.cpp
JAN: Open-source, fully offline AI assistant desktop application; local model runner with chat interface, no telemetry.; https://jan.ai
OPEN WEBUI: Self-hosted web interface for Ollama and OpenAI-compatible APIs; all requests stay on your infrastructure.; https://openwebui.com
LOCALAI: OpenAI API-compatible local inference server; drop-in replacement for cloud API calls using locally-run models.; https://localai.io
LM STUDIO: Desktop GUI for running local open-weight models; offline inference, no telemetry when in offline mode. Source-available.; https://lmstudio.ai
WHISPER.CPP: Local speech-to-text using OpenAI's Whisper model weights; runs on CPU, fully offline, no audio sent to any server.; https://github.com/ggerganov/whisper.cpp
COMFYUI: Node-based local interface for Stable Diffusion; fully offline, no account required, modular pipeline design.; https://github.com/comfyanonymous/ComfyUI
PETALS: Distributed inference for large models across volunteer machines; decentralized compute enables running models too large for a single machine.; https://petals.dev
AKASH NETWORK: Decentralized cloud compute marketplace; rent compute from providers globally without dependence on AWS, GCP, or Azure.; https://akash.network
ONNX RUNTIME: Cross-platform ML model inference; run models from any framework locally without cloud SDKs or vendor lock-in.; https://onnxruntime.ai
HUGGING FACE (local): Open model hub; download weights and run locally — the hub enables model discovery, sovereignty comes from running them yourself.; https://huggingface.co

Governance & Coordination

NOSTR (protocol): Decentralized, censorship-resistant social protocol; no central server, identity is a keypair, relay network is permissionless.; https://nostr.com
MASTODON: Federated microblogging on the ActivityPub protocol; self-hostable, no algorithmic feed, no corporate owner of the network.; https://joinmastodon.org
AT PROTOCOL / BLUESKY: Open protocol for decentralized social networking; portable identity and data portability built into the protocol design.; https://atproto.com
MATRIX SPACES: Federated community spaces over the Matrix protocol; self-governed group infrastructure without Discord or Slack dependency.; https://matrix.org
LOOMIO: Open-source, self-hostable cooperative decision-making tool; supports consent and consensus processes, used by cooperatives worldwide.; https://www.loomio.com
DECIDIM: Open-source participatory democracy platform; used by cities and organizations for budgets, proposals, and assemblies. Self-hostable.; https://decidim.org
ARAGON: On-chain DAO framework on Ethereum; create and govern organizations via smart contracts with on-chain treasury management.; https://aragon.org
SNAPSHOT: Off-chain, gasless governance voting for DAOs; uses signed messages, results stored on IPFS — governance without transaction fees.; https://snapshot.org
CONSUL: Open-source citizen participation platform for budgeting, proposals, and public debates; used by cities and institutions globally.; https://consulproject.org
METAGOV: Research collective building open infrastructure for online community self-governance; protocols and tools for modular governance design.; https://metagov.org