Privacy Guides

The Future of Privacy: How Governments Shape Your Digital Life

Em — Mon, 03 Feb 2025 19:00:00 +0000

The Future of Privacy: How Governments Shape Your Digital Life

Photo: ev / Unsplash

Data privacy is a vast subject that encompasses so much. Some might think it is a niche focus interesting only a few. But in reality, it is a wide-ranging field influenced by intricate relationships between politics, law, technology, and much more. Further, it affects everyone in one way or another, whether they care about it or not.

I routinely read articles discussing changes in politics on the advocacy side of data privacy. Then, I read articles talking about changes in regulations on the legal side of data privacy. And then, I see all the articles and guides presenting new tools and privacy features on the tech side of data privacy. Of course, all of this is linked together.

Let's talk about how politics, law, and technological features are intertwined, all at once.

Privacy laws are always one election away from getting better, or worse

Each change in government can have a serious effect on data privacy legislation. Privacy is a politically charged field. For example, authoritarian regimes might want to remove or weaken privacy rights to exert strict control over their population. While democratic governments generally bring more freedom and protections to its citizens, including privacy rights. It's important to keep in mind who in the past has bettered citizen rights and protections, and who has actively worked to undermine civil rights.

Each time a new government takes power, its values will be put forward and influence legislation in place, or legislation not in place yet. While the Western world has benefited from some improvements in data privacy law for the past few years, we must consider these gains are fragile and protections could get removed or lessened at any time.

Unfortunately, it seems there is currently a political push towards deregulation, mass surveillance, and a focus on corporate gains. This is extremely worrisome for the future of privacy rights, human rights, and individual liberties.

Following politics and advocating for better privacy rights and legislation is essential in improving access to privacy tools and features around the world. Privacy is never politically neutral.

The tools you use might depend on government funding

Many privacy tools we use depend at least partially on government funding or on other tools which depend on government funding. This is especially true for open-source nonprofit organizations needing some (usually) more stable income, in addition to donations.

Which privacy and security tools could be impacted

One notable example of a privacy-related project receiving government funding is the Tor Project. If this source of funding were cut off, the impact on Tor could be quite detrimental, not only to the Tor Project but to all projects relying on Tor as well. Many privacy-focus software are built around the Tor network. To name only a few, whistleblowing software such as Hush Line and SecureDrop both utilize the Tor network to harden privacy. Briar, Cwtch, and SimpleX, are examples of messaging applications also using Tor to add a layer of security and privacy to communications. Tor is critical infrastructure in the world of data privacy.

Another important project receiving government funding is Let's Encrypt. Let's Encrypt is a nonprofit Certificate Authority providing TLS certificates to websites. It is run by the Internet Security Research Group (ISRG), which receives funding from the Sovereign Tech Agency, supported by the German Federal Ministry for Economic Affairs and Climate Action. The ISRG also receives funding from the Open Technology Fund (OTF), which receives the majority of its funding from the United States government, through the U.S. Agency for Global Media.

In current events, last month an executive order in the United States from the Trump administration led the National Science Foundation (NSF) to freeze grant reviews. This is currently impacting many important projects in the tech world, including the Python Software Foundation (PSF). The repercussions of this freeze could be devastating for many open-source projects, in privacy and beyond.

Government funding should support civil liberties and protections

Governments funding nonprofit projects and organizations working on improving human rights, civil liberties, and technological security and safety is a good thing. This can bring an important source of stable income to nonprofit projects that could not stay afloat solely from donations.

However, this dependency can become precarious when governments aren't working for the good of the people anymore, and when organizations rely too heavily on such support, making them vulnerable to change in power. Such a change of regime can have devastating repercussions on the privacy tools we use.

On the good side of regulatory influence, there are regulations like the General Data Protection Regulation (GDPR). Saying the GDPR revolutionized the world of data privacy would not be an overstatement. While many privacy regulations pre-date the GDPR, in the Western world none had the scope nor the grit the GDPR has.

The GDPR is a data privacy regulation that was adopted by the European Union (EU) in 2016 and became effective in May 2018. Its scope encompasses all of the EU member states as well as all the countries part of the European Economic Area (EEA), which together count 30 countries to this day. The United Kingdom also uses an amended version of the GDPR post-Brexit.

However, the reach of the GDPR isn't limited to Europe. Every organization based outside of the EU that is offering goods or services to, or is monitoring the behavior of, individuals located in the EU must comply as well. This means that most organizations operating worldwide, regardless of where they are located in the world, must comply with the GDPR.

As is often the case with data privacy laws, it took a few years before Data Subjects (your legal designation under the GDPR) noticed any concrete changes. One change that has become prominent in the past few years, and is likely a direct product of the GDPR, is data deletion features within apps and accounts.

An important right granted by the GDPR to Data Subjects is the Right to Erasure (or the Right to be Forgotten). Other legislation such as the California Consumer Privacy Act (CCPA) calls for a similar right, the Right to Delete. This and similar rights have existed before, but through the GDPR and its enforcement it has affected technology in a much broader and impactful way.

Slowly since 2018, applications requiring accounts have started to implement data deletion and account deletion features within the account itself. A probable reason for this is that due to the GDPR, and a now growing number of privacy regulations from various states in the United States, organizations are obligated to respond to Data Subject requests to get their personal data deleted. Managing this can be quite cumbersome for organizations. The burden of answering and implementing each data deletion request manually is often not worth the value of the data itself. Organizations with enough resources have simply added it as an internal product feature. This makes data deletion requests manageable by each Data Subject themselves (at least partially), freeing the organization from legally having to answer each individual request. When implemented properly, this is what we can call a win-win situation.

Request to delete

Unfortunately, not all applications have integrated automatic deletion features internally (yet). Additionally, some applications and accounts will allow you to delete information only partially this way.

If you wish to exercise or have questions related to your Right to Erasure or Right to Delete, first consult your local privacy regulation to check if you have this right as a Data Subject, Individual, or Consumer. Then, you can contact the organization's Privacy Officer with your request. You can usually find information about an organization's designated Privacy Officer by reading its privacy policy or privacy notice. In any case, it never hurts to ask.

Chat Control wants to break end-to-end encryption

If you are not European, please bear with me. First of all, everyone outside of Europe should care about what is happening in Europe, regardless. But even if you don't care, you should know this kind of mass surveillance proposition will inevitably leak west, and if adopted will affect us all globally.

What is Chat Control

In 2021, the EU approved a derogation to the ePrivacy Directive to allow communication service providers to scan all exchanged messages to detect child sexual abuse material (CSAM). Although this first derogation was not mandatory, some policymakers kept pushing with new propositions.

A year later, a new regulation (CSAR) was proposed by the European Commissioner for Home Affairs to make scanning messages for CSAM mandatory for all EU countries, and also allow them to break end-to-end encryption. In 2023, the UK passed a similar legislation called the Online Safety Act. These types of messaging mass scanning regulations have been called by critics Chat Control.

Why is Chat Control horrible for privacy, and for children

Such legislation might sound like a noble cause at first, but consider this: Scanning all messages exchanged for any reason treats everyone like a criminal, no matter what. This is not hunting criminals, this is mass surveillance. Not only is this horrifying for privacy rights, but it also endangers democracy. Once a system to mass monitor all written communications is implemented to (supposedly) stop CSAM, new topics to detect, block, and report could be added anytime, and by any future governments. There is nothing that would prevent much less reasonable topics from being added to the list to be filtered out at a later date.

Chat Control would hurt everyone, including the children. Not only would mass scanning of all messages be ineffective at reducing CSAM, but it would endanger the children even further by also scanning their communications. Because yes, children also communicate online. Parents also communicate sensitive information about their children online, with trusted family or doctors. All this data would get scanned and collected, only one breach away from being made public.

Protecting the children is a pretext regularly used to implement abusive regulations undermining individual liberties and protections. Do not get fooled by this demagogical stratagem. Chat Control is the opposite of protecting the children.

Chat Control would only lead to destroying the end-to-end encryption messaging features that are protecting us and the children so well already. Criminals exploiting children would simply move to underground channels, unbothered.

Who opposes Chat Control

Thankfully, opposition from experts and advocates alike has been strong. To name only a few, Meredith Whittaker, president of the Signal Foundation which develops the messaging app Signal, has taken a clear stand against Chat Control. The Electronic Frontier Foundation has also firmly opposed Chat Control legislation. In the UK, the Open Rights Group has led powerful campaigns to fight against the Online Safety Act. In Europe, privacy advocacy organization noyb and former Member of the European Parliament Patrick Breyer have both been fervent defenders of privacy rights raising relentless resistance to Chat Control.

Harmful policies such as Chat Control are a direct example of how politics can affect laws that can cause unimaginable damage to the privacy-preserving technologies we use every day.

Age Verification wants to collect your sensitive data

Another potent example of the protecting-the-children stratagem to undermine privacy rights is Age Verification legislation. In the past few years, this idea of controlling which online content should be accessible to children has raised new proposals around the world.

Age Verification policies generally start with the premise that some content should not be accessible to children online. Again, this could seem like a reasonable idea at first. Nobody would debate that children should be shielded from some type of content. Sadly, we have all witnessed how horrifying the internet can be at times. However, both the premise and methodology to achieve this goal are wrong.

Who will decide what content should be walled online?

First of all, even putting aside the fact that there is plenty of disturbing content accessible outside the internet (newspapers, television, movies, radio, advertising, etc), who would be the deciders of which specific content can be accessed by children or not? This can be extremely problematic, to say the least.

There is no objective measure to decide on this, and what might be deemed appropriate by one might not be by another. More importantly in the context of our discussion, what one government might judge appropriate might be very different from the next or previous administration.

This is again a dangerous slippery slope opening the door wide to authoritarian policies.

Age Verification undermines privacy and security

Secondly, how can age be verified online? Of course by collecting more data, on everyone. Age Verification policies don't affect only the children, they affect everyone who wants to access content online. If a website is deemed to display content that should not be accessed by children, the only way to enforce this rule would be to ask for some form of official identity verification from all adults who want to access it.

Proponents of these regulations often refer to "age assurance processes" and suppose these processes to be undoubtedly secure. Anyone familiar with data security will understand how naive this approach is. I will not go into the details here, but you probably can already see how having each private website (or third-party processor) collect such sensitive information from each visitor is horrendous for privacy rights, and data security as well. Of course, these websites or third-party "age assurance processors" will unavoidably become a large treasure trove for thieves, and their sensitive data will be inevitably leaked or stolen sooner rather than later.

Age Verification is one of the biggest privacy threats online. Continuing in this direction could ultimately lead to the end of pseudonymous browsing. Additionally, this could also mean the end of your official ID having any value at all. After all, what unique identification value does a piece of ID keep after it has been leaked in a thousand different data breaches? Maybe even one day bought on a darknet market by a curious teenager in need of accessing some website...

Age Verification is already here, sadly

Regrettably, this is not a hypothetical scare. Age Verification legislation has already passed in Australia, in the UK, as well as in many U.S. states. It is also on the table federally in the United States, Canada, France, Norway, and Europe.

There is some tenacious opposition to Age Verification policies from digital rights and free speech advocates. Unfortunately, there is also a strong push in support of Age Verification from the rapidly growing "age assurance" and identity verification industry, and from many governments worldwide moving towards a surveillance state.

Again, government values are deciding on digital features that impact our data privacy in disastrous ways. If you want to take a stand against Age Verification, you can join the Stop Online ID Checks campaign from the nonprofit organization Fight for the Future.

The future of privacy

There's a lot to be worrying about in today's privacy landscape. Unfortunately, recent political tendencies in the Western world make it difficult to stay optimistic. The trend toward authoritarian regimes and surveillance capitalism is bad news for the future of privacy around the globe.

There is no question that privacy is intrinsically intertwined with politics, and can therefore never be politically neutral. The latest decisions taken by the new U.S. administration running full speed into deregulation and defunding, growing pressure in Europe to break end-to-end encryption in favor of a surveillance state, and invasive age verification policies to censor the web and collect even more data on every netizen is admittedly frightening.

But one thing frightens me even more than all of this. One thing that could end privacy rights, forever. This threat to privacy is never far and always looming.

This threat is giving up.

Despite all the gloom menacing privacy rights, privacy will never be dead as long as we stand up to defend it. Governments might have the power to remove our privacy rights on paper and proclaim privacy features illegal. But the people have the power to keep pushing for better privacy rights and to keep developing even more robust and more accessible privacy tools.

We must continue to advocate loudly for privacy rights and all human rights every chance we have. The fight for better privacy rights is only over when we give up.

Do not give up.

EasyOptOuts Review & Real-World Test

Jonah Aragon — Mon, 03 Feb 2025 16:20:00 +0000

EasyOptOuts.com is a $19.99/year people-search site removal service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time.

Homepage

Background

People-search sites represent an immense privacy risk to the majority of Americans. For many, sensitive personal information such as your address, phone number, email, and age is a simple internet search away. While there is unfortunately no federal regulation in place to protect your data, many of these companies will remove your information from their public databases upon request. EasyOptOuts is a low-cost online service which automates these opt-out requests, saving you time and removing the need to constantly monitor new sites/databases for your personal information on a regular basis.

Privacy Guides selected this service for review based on community reviews and various reporting from organizations including Consumer Reports. In our best judgement, EasyOptOuts services consistently received the most positive feedback and results in terms of efficacy, so we prioritized its testing over other similar services due to our limited budget.

The EasyOptOuts subscription was paid for by Privacy Guides. Privacy Guides did not contact EasyOptOuts regarding this review, or request free/discounted services before conducting this review.

Methodology

Privacy Guides conducted this review with 2 volunteer subjects who agreed to allow us to use EasyOptOuts to attempt to remove their personal information from public people-search sites, then evaluate those results. Our subjects:

Are US citizens
Have never used a people-search removal service
Have never manually opted-out of people-search sites
Are homeowners
Do not live in a state with specific privacy regulations related to data brokers or people-search sites

The information we provided to EasyOptOuts:

First and last name
Maiden name (if applicable)
Birth year
Current street address
Most recent previous address (if applicable)
Current phone number(s)
Current email address

We did not provide the names of relatives as requested by EasyOptOuts, as they were not volunteers for this review. This is one potential limitation with our evaluation to keep in mind.

Disclaimer

Please note that this review is not intended to be a comprehensive evaluation of EasyOptOuts, as we are conducting this test with a very limited sample size. We do not consider our results to be statistically significant. Rather, this review should be taken as an additional "real-world" data point for you to consider when evaluating this service. We encourage you to seek out other independent reporting to consider as well before making any purchase decision.

Initial Search

Privacy Guides performed an initial search for personal information for each of our subjects on Google by searching for their first and last name in quotes, plus their current city and state (for example, "Jane Doe" Chicago IL). We then counted the number of unique results which contained their personal information in the title or description shown in Google.

Using standard engine search results is one of the most common methods of discovering personal information, and typically represents the greatest risk to most people, so measuring the number of search engine results that are removed as a result of the opt-out process is one of our highest priority measurements.

Person A (11 Google results):

411.com
thatsthem.com
blockshopper.com*
fastpeoplesearch.com
usphonebook.com
spokeo.com
truepeoplesearch.com
information.com
peoplesearch.com*
radaris.com
peoplefinders.com

Person B (10 Google results):

whitepages.com
truepeoplesearch.com
usphonebook.com
fastpeoplesearch.com
spokeo.com
radaris.com
information.com
thatsthem.com
idcrawl.com*
peekyou.com*

We also performed a manual search for their information on 15 different "high-priority" data brokers. These brokers represent either the most commonly used people-search sites, and/or cover a large number of people-search sites with their databases, so having your data removed from these companies can have an outsized positive effect on your overall privacy.

Service	Person A	Person B
advancedbackgroundchecks.com	Found	Found
beenverified.com	Found	Found
checkpeople.com	Found	Found
clustrmaps.com	Found	Found
dataveria.com	Found	Found
gladiknow.com	Found	Found
infotracer.com	Found	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Found	Found
spokeo.com	Found	Found
thatsthem.com	Found	Found
usphonebook.com	Found	Found
spyfly.com	Found	Found
Remaining Results	100%	100%

It should be noted that EasyOptOuts does not claim or advertise that they have the ability to opt you out of some of the websites above, so we do not expect 100% coverage. However, the site compatibility of EasyOptOuts is a real-world limitation of the service we think you should consider before making a decision, so we intentionally did not limit our review to only the sites they advertise support for. The sites EasyOptOuts does not advertise support for are marked with an asterisk (*).

User Experience

Registering a new account with EasyOptOuts was a very simple and easy-to-follow process. Their website does a great job explaining what is happening and why they need the data they're requesting at every step. Many of the fields are required, including your first and last name, year of birth, and precise street address. However, including your email addresses, phone numbers, and names of relatives in the search are optional. This is to be generally expected, as your precise data is needed to perform opt-out requests in the majority of cases. However, some competitors do allow you to provide a little less information, such as only your city/state instead of your exact current address, at the expense of potentially being less effective.

The only payment processor in use by EasyOptOuts is PayPal, but they've enabled the option to accept credit card payments without an actual PayPal account. PayPal does default to creating a new account for you with this information, so if you want to avoid that you should uncheck the "Save info & create your PayPal account" option at checkout.

We received a notification that the opt-out process had been completed approximately 1.5 hours after payment. This is much faster than many similar services will submit opt-out requests. However, as they note in the notification email: "Some sites remove data quickly, but some take weeks," so while the initial requests have been made, it will still take some time for them to actually go into effect.

EasyOptOuts is able to provide its service at a much lower price point than competitors like Optery or DeleteMe because they have no manual/human intervention at any point in the opt-out process. This limits the amount of websites they are able to support, however. In fact, their emailed report explicitly recommends manually opting-out of PeopleConnect (Intelius) sites at https://suppression.peopleconnect.us/login because they are not able to do so with their automated systems.

1 Week

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Found	Found
spokeo.com	Found	Found
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	33%	46%

It should be noted that some of these websites included "sponsored links" to other data-brokers in their search results. For example, while both people's data was removed from advancedbackgroundchecks.com's own internal database, the search results on advancedbackgroundchecks.com still included a sponsored link to their data on truthfinder.com, one of the websites operated separately by PeopleConnect which EasyOptOuts does not support. This means that manual intervention is still very important when using EasyOptOuts, to cover larger services like PeopleConnect which require more complex interaction.

On Google we saw some reduction, but many results with sensitive information remained. This is something we'll monitor for future updates, as these results drop from Google's caches. Once again, the sites EasyOptOuts does not advertise support for are marked with an asterisk (*) in all of these tables.

Person A (8 Google results):

thatsthem.com
blockshopper.com*
fastpeoplesearch.com
usphonebook.com
information.com
peoplesearch.com*
radaris.com
fastpeoplesearch.com

Person B (6 Google results):

truepeoplesearch.com
usphonebook.com
information.com
fastpeoplesearch.com
thatsthem.com
peekyou.com*

1 Month

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Removed	Removed
spokeo.com	Removed	: Removed
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	20%	33%

Once again, we also searched for their information on Google, and we noticed a reduction in exposure to basic search engines as we expected:

Person A (4 Google results):

thatsthem.com
blockshopper.com*
fastpeoplesearch.com
peoplesearch.com*

Person B (2 Google results):

thatsthem.com
peekyou.com*

3 Months

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com¹	Removed	Removed
radaris.com	Removed	Removed
spokeo.com	Removed	: Removed
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	13%	23%

Once again, the sites EasyOptOuts does not advertise support for are marked with an asterisk (*). Finally, we searched for their information on Google, and there were no results from websites supported by EasyOptOuts remaining:

Person A (1 Google result):

blockshopper.com*

Person B (2 Google results):

idcrawl.com*
peekyou.com*

Additional Sites

In addition to the websites we performed an initial search with, the EasyOptOuts report we received claimed to find and remove our participants' data from the following websites. While Privacy Guides did not search all of these sites in advance of the test to validate these results independently, searching tens or hundreds of smaller sites is one of the key advantages of using an automated service like EasyOptOuts.

Person A:

We found your information and performed opt outs for the following 112 sites

411.com
advancedbackgroundchecks.com
arrestwarrant.org
backgroundcheck.run
backgroundcheckers.net
beenverified.com
bumper.com, covered by beenverified.com
centeda.com
checkpeople.com
checksecrets.com
clubset.com
clustrmaps.com
councilon.com
courtcasefinder.com
curadvisor.com
cyberbackgroundchecks.com
dataveria.com
familytreenow.com
fastbackgroundcheck.com
fastpeoplesearch.com
findpeoplesearch.com
freepeoplesearch.com
gladiknow.com
golookup.com
goreversephone.com
govwarrantsearch.org
hudwayglass.com
information.com
infotracer.com
inmatessearcher.com
kidslivesafe.com
kwold.com
mugshotlook.com
mylife.com
neighbor.report
neighborwho.com
newenglandfacts.com
numberguru.com
nuwber.com
officialusa.com
ownerly.com
people-background-check.com
people-wizard.com
peoplebyname.com
peoplechk.com
peoplefinders.com
peoplelooker.com
peoplesearch123.com
peoplesearcher.com
peoplesearchnow.com
peoplesearchusa.org
peoplesmart.com
peopleswhizr.com
peopleswiz.com
peopleswizard.com
peoplewhiz.com
peoplewhiz.net
peoplewhized.com
peoplewhized.net
peoplewhizr.com
peoplewhizr.net
peoplewiz.com
peoplewizard.net
peoplewizr.com
personsearchers.com
persontrust.com
privaterecords.net
privatereports.com
pub360.com
publicdatacheck.com
publicinfoservices.com
publicrecordreports.com
publicsearcher.com
quickpeopletrace.com
radaris.com
recordsfinder.com
rehold.com
reunion.com
reverselookupaphonenumber.com
reversephonecheck.com
sealedrecords.net
searchpeoplefree.com
searchpublicrecords.com
searchquarry.com
secretinfo.org
smartbackgroundchecks.com
spydialer.com
spyfly.com
staterecords.org
telephonedirectories.us
texasarrests.org
texasarrestwarrants.org
thatsthem.com
truepeoplesearch.com
truthrecord.org
unmask.com
usa-people-search.com
usatrace.com
usphonebook.com
usrecords.net
uswarrants.org
vehiclerelatedrecords.com
verecor.com
vericora.com
veriforia.com
verifyrecords.com
veripages.com
virtory.com
weinform.org
wellnut.com
whitepages.com
yellowbook.com

We checked the following 10 sites, but didn't find any personal information, so we didn't perform opt outs

americaphonebook.com
floridaresidentsdirectory.com
freepeopledirectory.com
northcarolinaresidentdatabase.com
ohioresidentdatabase.com
peoplewin.com
selfie.network
selfie.systems
spokeo.com
unitedstatesphonebook.com

Person B:

We found your information and performed opt outs for the following 107 sites

411.com
advancedbackgroundchecks.com
arrestwarrant.org
backgroundcheck.run
backgroundcheckers.net
beenverified.com
bumper.com, covered by beenverified.com
centeda.com
checkpeople.com
checksecrets.com
clubset.com
councilon.com
courtcasefinder.com
curadvisor.com
cyberbackgroundchecks.com
dataveria.com
familytreenow.com
fastbackgroundcheck.com
fastpeoplesearch.com
findpeoplesearch.com
freepeoplesearch.com
gladiknow.com
golookup.com
goreversephone.com
govwarrantsearch.org
hudwayglass.com
information.com
infotracer.com
inmatessearcher.com
kidslivesafe.com
kwold.com
mugshotlook.com
neighborwho.com
newenglandfacts.com
numberguru.com
nuwber.com
ownerly.com
people-background-check.com
people-wizard.com
peoplebyname.com
peoplechk.com
peoplefinders.com
peoplelooker.com
peoplesearch123.com
peoplesearcher.com
peoplesearchnow.com
peoplesearchusa.org
peoplesmart.com
peopleswhizr.com
peopleswiz.com
peopleswizard.com
peoplewhiz.com
peoplewhiz.net
peoplewhized.com
peoplewhized.net
peoplewhizr.com
peoplewhizr.net
peoplewiz.com
peoplewizard.net
peoplewizr.com
personsearchers.com
persontrust.com
privaterecords.net
privatereports.com
pub360.com
publicdatacheck.com
publicinfoservices.com
publicrecordreports.com
publicsearcher.com
quickpeopletrace.com
radaris.com
recordsfinder.com
rehold.com
reverselookupaphonenumber.com
reversephonecheck.com
sealedrecords.net
searchpeoplefree.com
searchpublicrecords.com
searchquarry.com
secretinfo.org
smartbackgroundchecks.com
spydialer.com
spyfly.com
staterecords.org
telephonedirectories.us
texasarrests.org
texasarrestwarrants.org
thatsthem.com
truepeoplesearch.com
truthrecord.org
unmask.com
usa-people-search.com
usatrace.com
usphonebook.com
usrecords.net
uswarrants.org
vehiclerelatedrecords.com
verecor.com
vericora.com
veriforia.com
verifyrecords.com
veripages.com
virtory.com
weinform.org
wellnut.com
whitepages.com
yellowbook.com

We checked the following 15 sites, but didn't find any personal information, so we didn't perform opt outs

americaphonebook.com
clustrmaps.com
floridaresidentsdirectory.com
freepeopledirectory.com
mylife.com
neighbor.report
northcarolinaresidentdatabase.com
officialusa.com
ohioresidentdatabase.com
peoplewin.com
reunion.com
selfie.network
selfie.systems
spokeo.com
unitedstatesphonebook.com

In addition, for all subscriptions EasyOptOuts says that "the following 10 sites aren't freely searchable. We always perform opt outs for them:"

acxiom.com
adstradata.com
archives.com
backgroundalert.com (searchable, but covered by lexisnexis.com, which isn't searchable)
idtrue.com (searchable, but covered by lexisnexis.com, which isn't searchable)
lexisnexis.com
oracle.com
pipl.com
thomsonreuters.com
us.epsilon.com

What this means is that EasyOptOuts will send the personal information you provide to these websites regardless of whether they have your information in the first place. While this is an unfortunate necessity if you want to ensure your data is removed from as many databases as possible, we would like to see this provided as an option during EasyOptOuts' registration process for people who would like to avoid this behavior.

Evaluation

For our final evaluation, we will look at how many of the initial Google search engine results are no longer listed after 3 months, how many results from the 15 data brokers we initially measured were removed, and how many results from the subset of the 15 data brokers that EasyOptOuts advertises support for (13 total) were removed.

The first two results are intended to benchmark the "real-world efficacy" of EasyOptOuts, i.e. how much of an impact you will immediately notice while using the service. The third result is intended to benchmark how well EasyOptOuts lives up to their own marketing claims.

	Person A	Person B
Percentage of Google search results removed	90%	80%
Percentage of high-priority data brokers removed	86%	73%
Percentage of compatible high-priority data brokers removed	100%	84%

Based on these results, I consider EasyOptOuts to be well worth the money. It made a substantial difference in the amount of real-world exposure for both subjects, with relatively little effort required. The amount of data remaining publicly accessible is a very manageable amount that can be manually dealt with afterward.

It isn't a perfect service, and even our limited testing shows that your mileage may vary depending on your individual circumstances, but any reduction in the amount of data publicly available about you is a good thing, and if you're in the United States this is certainly an option worth considering.

While writing this article, EasyOptOuts added support for publicdatausa.com. This was first applicable during the "3 month" test, where we noticed the opt-out was successful. ↩

Using Tails When Your World Doesn't Feel Safe Anymore

Em — Wed, 29 Jan 2025 22:00:00 +0000

Using Tails When Your World Doesn't Feel Safe Anymore

Illustration: Jonah Aragon / Privacy Guides | Photo: Aleksander Dumała / Pexels

There is a growing number of people who no longer feel safe in their own home or country. Whatever the reason, many people might not feel safe to browse certain topics online. With all the information getting collected for each internet search, it is difficult to access sometime vital information without leaving a trace. These digital footprints might not threaten your personal safety if you are living with a supportive family, and in a democratic and free country. However, there are situations where someone might be put in great danger simply for looking at a website.

While this guide will be applicable to many, I am writing this article with these groups in mind:

Victims of domestic violence,
Trans and queer individuals living in a hostile environment, and
Democracy and human rights activists located in regions adverse to their cause.

This article will help people in such situations learn how to browse the internet and use a computer in a more protected and anonymous way, in order to stay safe from harm.

A warning for those at very high risk

If you feel at very high risk in your home or country, and the device you are currently using to read this article could be accessed by a person or group meaning you harm, I recommend you ask a trusted ally who does not experience the same level of threat to complete this tutorial for you on their device instead. This will help with minimizing any digital traces left on your device that could endanger you.

Then, I recommend that you erase your browsing history (ideally, delete this and related websites only) and clear your browser's cache and cookies. If you have a Google account and used Google to find this article, also make sure to delete your Google search history.

Once you have securely reached out to a trusted ally to request their help, and erased your browser's data for this site, do not consult this article again if the digital traces of it might put you in danger.

If you are completing this installation for someone else, or if the device your are currently using cannot put you at risk, here's why, when, and how you can install and use the portable system Tails:

What is Tails?

Illustration: Tails / Tor Project

Tails is a portable operating system (a type of software like Windows and macOS) that is especially designed to minimize your digital footprints while using it.

The name is an acronym for "The Amnesic Incognito Live System". It is kept on a USB stick and resets itself entirely after each use (except if you enable its encrypted password-protected Persistent Storage). What is done on Tails does not leave any digital traces on the computer it is plugged into, hence "amnesic."

Additionally, Tails comes with pre-installed applications that will help increase your security and privacy online. When accessing the internet from Tails, your traffic will be automatically rerouted through the Tor network. This is a special network that makes it very difficult to identify your location or the websites you access, even from your Internet Service Provider (ISP).

However, unless you configure the Tor bridge option to hide this, your ISP will know you have been using Tor, although they will not know which websites in particular you have visited through Tor. It could have been anything. I personally use Tor when I have to visit Google Maps, just to protect my data from Google's advertising.

Why you might want to use Tails

There are many good and legitimate reasons for using Tails. Here are a few examples from the scenarios I am considering in this article:

A victim of domestic violence who needs a secure way to research and communicate with shelters or other supportive resources to plan a safe escape, without leaving traces of their activities on a device accessible to the perpetrator.
A trans or queer individual who lives with an unsupportive or hostile family and wishes to research trans or queer-related topics online, find communities, or access supportive resources without leaving any digital traces of their activities on a family device.
A democracy or human rights activist who organizes protests, communicate information online, or carry on any other activities that might have been declared unauthorized by an oppressive regime.
Any other situations where browsing the web or using a device anonymously might be necessary to protect someone's safety.

When to use Tails, and when not to use Tails

Tails protects some data very well, but it will not magically protect everything. Before using it, read carefully what it can help you with and what it cannot do.

When using Tails might help you

Browsing the web without leaving traces on your main computer.
Using a computer without leaving traces of your activities on your main computer.
Storing information and processing files in an encrypted way, away from your main computer.
Hiding which websites you visit from your ISP by using Tor, without leaving traces on your main computer.

What you should be careful about

Remember that unless you enable the Tor bridge, your ISP will know you have accessed the Tor network. Your government could request this information from your ISP. Be careful if this can put you in danger in your country. If you are not using Tails from a public Wi-Fi network, and if revealing to your ISP that you are using Tor could be dangerous to you, you should enable the Tor bridge option.
Tails cannot protect your anonymity if while using Tails you log into an account that you have already been identified with, or have used outside of Tails. While using Tails, do not log into anything that you have logged in outside of Tails.
If you communicate with others or create an account within Tails, be mindful not to share any personal details that could identify you while using Tails.
If you share any files, be careful to remove thoroughly any metadata that could identify you from the file.
If you share any pictures or videos, be extremely cautious with removing metadata and examining the picture or video to make sure no reflections or other details could inadvertently identify you.
Do not to reuse any usernames, pseudonyms, email addresses, phone numbers, profile pictures, passwords, or any other information that you have used outside of Tails.
Do not do anything that could identify you while using Tails. Assume that everything you do while using Tails could be linked together.
Be careful with using any mobile data network to connect to the internet. Information related to your mobile device could identify you.
A very powerful adversary, such as a government, could potentially reidentify some information despite you using Tails. Read more about Tails' limitations here: https://tails.net/doc/about/warnings/index.en.html

When you should not use Tails

If someone finding your Tails USB stick could put you in worse danger than not using it at all.
If you have not enabled the Tor bridge option, and your ISP or government finding out you have accessed Tor could put you in worse danger than not using it at all.
When the computer you are using Tails with might be compromised at the firmware or hardware level.
When there are cameras in your environment recording your activity on this computer.
If your computer cannot securely boot from an external USB stick.

Installing Tails

Before you start, make sure that:

The device you use for the installation is free from malware or spyware.
There is no recording software such as Windows Recall running. If there is, disable or pause it and delete your visit of this website from it.
You have a USB stick with a storage capacity of at least 8 GB. Ideally, I recommend using a fresh and new USB stick, but if this is not accessible to you, make sure you can erase this USB stick entirely and that the files on it were not sensitive or revealing information. Assume your USB stick could get seized later on and these deleted files could potentially get restored.
If you complete this installation for someone else, or if it is safe for you to do so (ordering online leaves a lot of digital footprints!), you may be interested in using a USB stick that looks more like a banal object. You can easily find cheap USB sticks on popular online stores that look like innocuous cartoon keychain charms, for example.

What you'll need

USB stick with a storage capacity of at least 8 GB.
A computer with a port compatible with your USB stick (both for installation and usage).
A computer running one of these operating systems: Apple computer with Intel processor (not M1-M2-M3) running macOS version 10.10 or later, PC with at least 2 GB of RAM running Windows 7 or later, PC with at least 2 GB of RAM running Linux.
Capacity to install new software on the computer you are using for the installation.
At least 1-2 hours of free time when you are safe and free from threats.

Hardware incompatibility

You might experience some hardware incompatibilities while running Tails (this is common for Linux-based software on Mac devices). If this happens, you will need to use a wired (or dongle) mouse, a wired (or dongle) keyboard, and a Wi-Fi adapter or an internet access you can plug in directly from an Ethernet cable.

If you need a Wi-Fi adapter, you will find a list of adapters compatible with Tails at the bottom of this page: https://tails.net/doc/anonymous_internet/no-wifi/index.en.html

Be very careful if you decide to use mobile phone connectivity, however. The data linked to your mobile device could de-anonymize you, even while using Tails. More information on this here: https://tails.net/doc/anonymous_internet/no-wifi/index.en.html

Delete your traces afterward

Depending on your situation, you might want to delete the traces of this installation after. See a To-Do list for this on Step 9.

About this tutorial

I am going to walk you through a step-by-step through the process for an installation from macOS. If you are using a computer running Windows or Linux, the steps will be similar, but the windows appearances and warnings will vary. The steps to boot from an external USB stick will also vary.

You might decide to reference the guides from the Tails website instead. Tails' installation guides are excellent.

If you encounter any issues during the installation or running processes, you can try to find support specific to your issue here: https://tails.net/support/index.en.html

Step 1: Download Tails

Visit this website and select your installation computer's operating system: https://tails.net/install/

Scroll down to the "Download Tails" section and click on the green download button. Make sure to save the installation file in a folder where you can find it back easily and not forget to delete it afterwards.

Warning

Do not save this file on your USB stick!

Always install the latest version of Tails

The download link is not shared directly here because you should always make sure to download and install the most recent version of Tails. If you read this article at a later date, the version number you will be installing will likely be higher than the number shown here.

Step 2: Verify the file you just downloaded

Scroll down to "Verify your download" and click on "Select your download to verify..."

Do not skip this step!

This step is important to ensure the file you just downloaded has not been tampered with or corrupted during the process.

Once the verification is completed (this might take a few minutes), you should see a green checkmark with "Verification successful!" followed by the file name. If you do not see this, delete the file and repeat Step 1 and Step 2.

Step 3: Download and install balenaEtcher

You will need this free software in order to install Tails on your USB stick.

Reminder

Make sure the USB stick you have has a storage capacity of at least 8 GB, and does not store any files you wish to keep. Ideally, use a fresh never-used-before USB stick.

You can download balenaEtcher from this link: https://tails.net/etcher/balenaEtcher.dmg

Open the folder where you downloaded the balenaEtcher installation file (keep it open to delete this file after the installation is completed), and double-click on the "balenaEtcher.dmg" file. Drag the "balenaEtcher.app" icon over the "Applications" folder icon when prompted from the window below:

Once the file is copied to you "Applications" folder, go on your computer's desktop and right-click on the "balenaEtcher" icon. Select 'Eject "balenaEtcher"'

Step 4: Install Tails on your USB stick using balenaEtcher

4.1. Open your Mac's "Applications" folder and double-click on "balenaEtcher.app".

Depending on your macOS version, your Mac might open a popup window saying 'Verifying "balenaEtcher.app"...'. This is normal, let it complete its verification. Next, you will likely see another popup window with '"balenaEtcher.app” is an app downloaded from the Internet. Are you sure you want to open it?'. Click "Open".

4.2. Open balenaEtcher and click on the settings gear button on the upper-right. Disable the option "Anonymously report errors and usage statistics to balena.io", then click "OK".

4.3. Eject and unplug any other external USB stick(s) or external USB drive(s) that might be plugged into your computer if possible, and plug in the USB stick you wish to erase and install Tails on.

4.4. Once it is plugged in, return to balenaEtcher and click on the "Flash from file" blue button on the left. You will be prompted to select a file. Select the Tails ".img" file you have downloaded and verified earlier.

4.5. Click on the "Select target" blue button in the middle, and select your USB stick.

Caution! Select the correct USB stick!

Make sure you are not selecting a USB stick or drive different from the one you wish to erase for Tails. All data on the USB stick or drive you select will be permanently lost. Be careful!

4.6. Once you have verified that all the information is correct, click on the "Flash!" blue button on the right.

You will see a balenaEtcher popup window saying: "balenaEtcher needs privileged access in order to flash disks. Type your password to allow this.". Type your computer's password and click "Ok".

Depending on the version of macOS you use, you might see another popup window saying '"balenaEtcher.app" would like to access files on a removable volume.'. Click "OK" and wait for the installation to start.

While Tails is getting installed, you should see a window that looks like this with "Flashing...". The operation might take a few minutes. Do not interrupt this process!

4.7. Once Flashing is completed, you will see balenaEtcher validating the installation with "Validating...". This process should be quick.

Failed validation

If the validation fails, close balenaEtcher, eject your USB stick, and try the installation process again from Step 4. You may also want to try with a different USB port or a different USB stick.

Once the installation is completed successfully, you should see a window like this with "Flash Completed!" on the left. You can now close balenaEtcher and unplug your USB stick.

Unreadable USB

If you see a notification about a USB stick that appears to be unreadable, click "Eject" and unplug your USB stick.

Step 5: Continue this tutorial from paper or from another device (if you can do so safely)

For the rest of this tutorial, you will have to shut down the computer you will be using or testing Tails with. If this is the same computer you are currently using, you will need an aternative way to keep following along with the instructions. Make sure you either:

Note the rest of the instructions in advance on something that will be easy to delete/erase/destroy after.
Open this article on a mobile device where it is not dangerous for you to visit this page.

Step 6: Boot your computer from your Tails USB stick

Warning: If the computer running Tails is a Mac with a T2 Security Chip (2018-2020):

If the computer you will be using Tails with is a Mac with a T2 Security Chip, and you receive the following message (or similar) when trying to boot your Mac from your Tails USB stick:

Security settings do not allow this Mac to use an external startup disk.

Here's how to modify options in your Mac's Startup Security Utility to make this works:

Turn off your Mac, then turn it on again and right away press and hold Command(⌘)+R, this will enter your Mac's recovery mode. The startup process will take longer than usual and you will see the screen flashing a few times, this is normal.
You will see a "Language" menu appear, select a language then click on the arrow at the bottom-right.
If your computer has multiple volumes (disks), you will be required to select one, then click "Next".
You will need to select a user you know the password for and enter it, then click "Next".
Once you see a window with 4 options, select none of these and instead go to the upper-left menu to select the "Utilities" drop-menu, then select "Startup Security Utility".
You will see an "Authentication Needed" window appear and you will need to enter your macOS user password again.
Once you see the "Startup Security Utility" window with 5 options, in the "Secure Boot" section select "No Security" and in the "External Boot" or "Allowed Boot Media" section select "Allow booting from external or removable media".

Security warning!

This reduces the security of your device because your computer could boot from anything else as well. You could "Turn On Firmware Password" at the top to mitigate this, however, if others use this device, I would recommend that you do not do this. Enabling a firmware password would require this new password to be entered each time this device starts from a different disk. This could raise a lot of suspicions if there was no password before.

Moreover, if you ever lose this password, you would be entirely locked out of this device and require an in-person service at the Apple Store to be able to keep using it.

If you want to hide that you are using Tails from the people near you, I would recommend you do not turn on firmware password. However, do know this could increase some security risks for this device.

Screenshot: Tails / Tor Project

Quit Recovery Mode

Once you have modified your "Startup Security Utility" options, click on the drop-down Apple menu (apple icon) of the upper-left, then select "Shut Down".

To boot from your Tails USB stick:

From macOS:

Shut down your computer.
Plug in your Tails USB stick.
Turn on your Mac, then right away press and hold the "Option" key (⌥ or Alt key) until you see a loading bar or a disks menu.
When you see a disks menu, select the yellow disk called "EFI Boot" or "Windows".

No disks menu?

If you do not see this disks menu, wait 2-3 minutes, shut down your computer, unplug your USB stick, plug it in another port if you can, and start the boot process over.

From Windows 8 or 10:

From Windows or the sign-in screen, click on the "Start" button.
While you choose "Power" > "Restart", press and hold the "Shift" key.
Once you get to the "Choose and option" screen, select "Use a device"
In "Use a device", select "Boot Menu" and plug in your Tails USB stick while Windows is shutting down.

Boot Step 3: No device selection menu?

If you do not see this, follow these instructions from Tails: https://tails.net/doc/first_steps/start/pc/index.en.html#boot-menu-key

Boot Step 4: No boot menu?

If Windows does not display a "Boot Menu", plug in your Tails USB stick then select it directly from the list of devices. Press "Enter".

From Linux:

Shut down your computer.
Plug in your Tails USB stick.
Identify the Boot Menu key for your specific computer manufacturer. You can see a list of the most common ones here: https://tails.net/doc/first_steps/start/pc/index.en.html#boot-menu-key
Turn on your computer and immediately press and hold this identified Boot Menu key.

Starting and using Tails

If the installation was successful and the process of booting from the USB stick went well, you will see Tails starting. You will see some grey screens, you will see some flashes, you will see some black screen with lots of white text rolling down very quickly!

Don't panic! This is normal

Once Tails has started, you will see a top menu bar with a blue wallpaper. It might take a few minutes before you see a window popping up there, this is also normal. Be patient.

The first window you should see is a window saying "Welcome to Tails!"

There, you will see language options, the Persistent Storage option, and Additional Settings options.

No keyboard! No mouse!

At this point you might realize your mouse and/or keyboard are not working. If this happens, you can use a wired (or dongle) mouse and a wired (or dongle) keyboard to fix this problem quickly. If you plug a peripheral in and it is still not working, leave all peripherals plugged in and restart Tails (see Step 6).

Using Persistent Storage

Make sure to test this feature works well multiple times before storing anything of value there. If you forget the Persistent Storage's password or if a bug occurs, you might no be able to access these files anymore. Know that you also have the option to plug in a separate (ideally encrypted) USB stick to store files on it, even while using Tails. If you encounter a problem when using Tails' Persistent Storage feature, you can troubleshoot it here: https://tails.net/doc/persistent_storage/fsck/index.en.html

If you decide to setup Persistent Storage:

Choose a long passphrase that is not something known like music lyrics or movie quotes. Choose something you do not usually say/write and that you could not Google. Choose something long and unique, that nobody else has used before, and that you will be able to remember well. Practice this passphrase in your head regularly.
After setting up Persistent Storage, you will see a window like this with additional options:

Connecting to the internet

Make sure that your Wi-Fi card, Wi-Fi adapter, or Ethernet cable is plugged in and working. On the upper-right menu bar, click on the onion icon and select "Open Tor Connection Assistant". You will see a "Tor Connection" window appear with a few options. If it is not dangerous for you to have your ISP or government know you are using the Tor network, choose "Connect to Tor automatically" then click on "Connect to Tor".

Danger!

If using Tor is dangerous for you, read more about the other options before deciding anything.

If the connection is successful, you should see this window and you will be ready to browse the internet anonymously:

There is a lot of great applications already installed on Tails to help you! You will find them listed in the "Applications" drop-menu on the upper-left top bar. One of these applications is OnionShare, which you can use to share files with others anonymously.

Storing passwords

If you are using the Persistent Storage with Tails, and need to store passwords, you can use the pre-installed KeePassXC application. This application will store your passwords encrypted, locally-only, and protected by a main password (ideally, a passphrase). Be careful however if you store important passwords in there. Remember that if a bug occurs or if you forget your Persistent Storage's password, you could lose access to all of it.

Shutting down Tails

When you are done using Tails, you should always shut it down and unplug the USB stick after.

To shut Tails down, click on the upper-right menu on the top bar, the one with the battery icon. Then click on "Power Off" at the bottom-right of the drop-menu box. Wait for the screen to turn black, then unplug your Tails USB stick.

In Case of Emergency!

In case of emergency, you can shut down Tails quickly by directly unplugging the USB stick while it is still running. This will effectively reset Tails like a normal shut down IF it was not in "Suspend" state. More on this here: https://tails.net/contribute/design/memory_erasure/

Shutting down Tails by physically unplugging it while it is still running could potentially damage your Persistent Storage. Only use this feature in case of emergency, and shut down Tails using the "Power Off" menu option whenever possible.

Final notes

Remember to delete the traces of this installation from the computer you used, once you have verified that everything works properly.

You should also remember to:

Delete the browsing history for these websites (this article, the Tails web pages, and any other related pages you have visited).
Delete cookies for these websites (or all cookies).
Delete the site data and cache for these websites (or all sites data).
If logged into your Google account, delete your Google search history for these websites.
Delete balenaEtcher, both the software and the installation files (after verifying your Tails is operational).
Delete balenaEtcher from the recently used applications list.
Empty your computer's trash bin.
Once you have completed this list and verified your installation, reboot your computer.

Consider supporting Tails and the Tor Project

Finally, if you are not personally at risk of harm by reading this article or by getting associated with Tails, I strongly encourage you to support this incredible project by donating to Tails or to the Tor Project. Tools like Tails and Tor help a lot of people in very vulnerable situations. Your support means a lot to non-profit organizations like the Tor Project to improve and maintain these tools.

Thank you for helping yourself and others to stay safe

Support Tails (if it is safe for you to do so): https://tails.net/donate/

Support the Tor Project (if it is safe for you to do so): https://donate.torproject.org/

Unless credited otherwise, all screenshots from: Privacy Guides

The Protesters' Guide to Smartphone Security

Jonah Aragon — Thu, 23 Jan 2025 19:15:00 +0000

The Protesters' Guide to Smartphone Security

Illustration: Jonah Aragon / Privacy Guides | Photo: Koshu Kunii / Unsplash

For most protesters, activists, and journalists, your smartphone is an essential tool you depend on for organizing with your peers, accessing and distributing information, and helping others. It also represents a great risk, as a tool that is easily appropriated by authorities for targeted and mass surveillance.

The perennial question when it comes to protests is whether you should bring your phone at all. If you leave your phone at home, that is probably the safest your data will get, and you will be at very low risk of being tracked by mass surveillance tools. On the other hand, your phone is a critical resource when it comes to coordinating with others, getting updates on the protest from social media, or simply documenting what is going on with your phone's camera.

If possible, bringing a separate device like a "burner phone," an old phone you can reset, or even a regular old-fashioned camera is a much better option than bringing your primary phone. Any data you don't bring with you can't be taken from you at the scene.

However, getting access to or affording devices like these aren't a realistic option for many people. Whether you decide to take your smartphone or a secondary smartphone with you to the event, this guide will cover how to maximize that device's security and minimize risks to your privacy.

Update (2025-01-27): This article has been updated based on some community feedback, notably I added the Burner Phones, Minimize Your Stored Data, Use Public Wi-Fi, and Check Your Keyboard sections.

Your Risks at a Protest

There are plenty of risks you should consider if you use your smartphone at a protest. We are going to try and cover the following in this guide:

Losing your device.
Authorities confiscating your smartphone.
Service disruption, either due to intentional interference by authorities or caused by networks being overloaded by large groups of people.
Targeted surveillance:
- Disrupting your service.
- Blocking delivery of calls/SMS to your number.
- Monitoring your unencrypted traffic.
- Monitoring communications over local radios like walkie-talkies, etc.
Mass surveillance:
- Interference with web services. Popular communication platforms like Twitter or TikTok could be throttled or blocked.
- Interference with messengers and voice services like Signal or WhatsApp.
- Authorities could use public Wi-Fi networks in the area to monitor traffic and identify nearby devices.
- Cell phone companies could provide records to authorities of devices near cell towers in the area to track and identify protesters.

Like all of our guides, we are going to cover the general best practices and provide helpful tips, but your individual situation may be different. You should always research and plan according to what you specifically are doing, and if you need legal advice you should always consult a qualified and licensed attorney.

"Burner Phones"

Cell phones are generally tracked by law enforcement using two identifiers:

Your IMSI, which uniquely identifies your SIM card
Your IMEI, which uniquely identifies your phone

Thus, simply using a prepaid SIM in your primary/personal device is not a foolproof method of avoiding tracking, because your IMEI is still correlatable between networks.

Buying a secondary, disposable device is an option that will provide you with much greater protection than bringing your personal device. However, if the threat you face is serious enough that you feel the need to do this, you should strongly consider not bringing a phone at all. Properly securing a disposable/burner phone is fairly challenging and may not be worth it.

If you do buy a secondary device for this purpose, you should buy it in-person, with cash.

Do not activate or power it on at home. The location of a phone is tracked by network carriers for at least a year at minimum, but you should assume that location history is just kept forever. Therefore, you should activate and set up the device in a very public place that is not significant to your daily life, then always keep it powered off at locations associated with you. You don't want the phone's location to ever be recorded at your home or workplace.

If possible, you should try to purchase and set up this phone well in advance. This certainly depends on your plans, but spreading out your purchase, activation, and use of the device makes it less easy to detect. It also makes it less likely that the store you bought the phone from still has security footage of your purchase.

You will also want to make sure you do not identify yourself when purchasing a cellular plan. This is highly dependent on your country, but many prepaid plans will not require any identification to activate. There are also some global eSIM providers which will accept payment without the need to identify yourself to them.

One last thing: Your secondary device should still be a reasonably modern smartphone. The security measures we cover below regarding hardware and software security still apply. Smartphones are more secure against the sort of threats that activists are likely to face—such as someone trying to crack into your device's data—than a simple/feature/"dumb" phone will be. They also have many more options for secure & encrypted communication methods that we'll cover below as well.

Using a secondary device only at the protest allows you to leave your primary device powered on and at home. This potentially provides some plausible deniability, if someone requests the location of your phone during the time of the event later.

Secure Your Device

If your phone falls into the wrong hands, the information on it could be hugely damaging to yourself or others. Make sure you've taken the necessary steps to prevent it from being broken into.

Use a Strong Screen Lock

At a bare minimum, you should use a 6-digit PIN, but ideally you should protect your phone with an alphanumeric passphrase. This prevents people from trivially accessing your data, and additionally protects your data with strong encryption.

Barring a massive security exploit (more on this later), most law enforcement tools work by essentially brute-forcing your PIN, running tons of guesses until it gets one right. This makes a long and unique passphrase your strongest protection against your data being stolen by people in possession of your device.

In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. Know your rights wherever you're located before attending a protest, so you aren't blindly following orders later.

Disable Biometic Authentication

We commonly recommend using biometric features like Face ID or Touch ID to prevent "shoulder surfing" attacks, where an attacker steals your PIN by discreetly watching you enter it, or where your PIN is recorded by surveillance cameras in the area.

However, in this situation it may make more sense to disable biometric authentication. Authorities are trained and known to use biometrics quickly to forcefully unlock your device, so you should be mindful of this fact when deciding what to do. If you disable biometrics, be wary of shoulder surfing attacks and prying eyes by obscuring or covering your phone whenever you unlock it.

Whatever you do, make sure you know how to quickly shut down your phone or disable biometrics at a moment's notice. Many phones have begun replacing the standard "hold down the power button" function with voice assistants or other features, so practice performing the actual shutdown method beforehand to familiarize yourself.

Modern iPhones require you to hold down the side button and either volume button before the power-off slider appears. Even if you don't get a chance to slide to power off, getting to this screen will at least disable biometric authentication, making your phone a bit more secure than it otherwise might be.

In the United States, it is still a legal gray area when it comes to whether law enforcement can force you to use biometrics, but many court decisions have leaned toward saying they can compel you to use your fingerprint. Using a passphrase and disabling biometrics gives you more robust 5th Amendment rights. In other countries you should again familiarize yourself with your rights in this scenario, so that you can make the most informed decision.

Hide Your Notifications

Even with your device locked, law enforcement can see everything you're up to simply by scrolling through your notifications. Reducing the amount of information accessible on the lock screen improves your security and the security of those you're messaging, so make sure your notifications are only visible when your device is unlocked.

On an iPhone:

Open Settings
Navigate to Notifications
Navigate to Show Previews
Select Never (or, When Unlocked)

On Android:

Open Settings
Navigate to Notifications
Touch Notifications on lock screen
- Select Don't show any notifications
Switch Sensitive notifications to off

Minimize Your Stored Data

The best way to protect your data is to not have it on your phone in the first place. If you're using a secondary device, simply don't install anything other than what will be absolutely necessary during the protest, like a secure messenger.

Otherwise, delete any cloud storage apps you don't need access to during the protest. If you're able to delete an app and then download it later and log in without experiencing any data loss, then that app probably doesn't need to be on your phone all the time.

Some password managers have the option to temporarily remove certain vaults from your devices, 1Password calls this Travel Mode for example. You can do this manually as well, by having a separate password manager or vault with only the essentials you will need at the time, and removing your primary password manager from your device for the duration of the event.

Disable Lock Screen Actions

In a similar vein, any functionality you have enabled while your device is unlocked can pose a security risk. It is always best practice to reduce your attack surface by disabling these options whenever possible. Even though these features are typically designed to not pose a security risk to your data, they have been known to be exploited in the past to bypass lock screens and other security features.

On an iPhone:

Open Settings
Navigate to Face ID & Passcode
Scroll to the Allow Access When Locked section
Switch all features you don't need off

On Android, disabling functionality while the phone is locked will vary widely by manufacturer. Some like Samsung provide more flexible options in their lock screen settings, but others like Google do not provide the option to disable the quick settings panel or other similar features.

Avoid External Storage

Your Android phone might have the option to store files or photos on a microSD card, but these cards are not always subject to the same encryption standards as your phone's built-in storage. You should check whether your microSD card can be encrypted in your phone's settings, although this will prevent it from being read by other devices like your computer later.

Additionally, even if it's encrypted, it still won't benefit from the same security protections that your phone's built-in storage provides, such as advanced brute-force protections. Ideally you should remove all external storage devices from your phone during the event, and save photos, videos, and other files to your phone's encrypted internal storage.

Consider Your Phone's Security Patches

Exploits against smartphones are discovered on a very regular basis, and spyware companies that work with law enforcement—like Cellebrite—abuse these exploits to crack into stolen devices. If your phone is no longer receiving regular updates from its manufacturer, you are in a very dangerous position as you may be vulnerable to the exploits used.

In general, we consider the latest iPhone and latest Google Pixel to be the most secured against this sort of threat. You can increase your security further by using a hardened alternative operating system on your Google Pixel.

Robust security information about phones from other manufacturers is less common. If you use a different device you may still consider the risks to be worth it, but if confiscation is of particular concern to you, or especially if your phone no longer receives security patches, you may want to consider leaving the phone at home.

Protect Against Surveillance

Disable AirDrop

One of the most innocuous features enabled on millions of iPhones is also one of the most dangerous for those seeking to protect their privacy in public. Apple's AirDrop protocol uses trivially bypassed security measures that authorities like the Chinese government have openly bragged about cracking to identify users since at least 2022.

You should assume that any device with AirDrop enabled is constantly broadcasting your name, email address, and phone number to everyone around you, even if you have it set to "Contacts Only." Apple has known about this flaw since 2019 and has not issued any fix.

Open the Settings app
Navigate to General
Navigate to AirDrop
Select Receiving Off

Lock Down Your Network

Your phone signals can be used to track you even if you don't make a call or send a text. Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. It is speculated that more advanced ones can intercept unencrypted text messages and phone calls as well, making the use of an encrypted messenger during the event even more critical.

While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.

On Android:

Open Settings
Navigate to Network & internet
Navigate to SIMs
Select your carrier or SIM card
Switch Allow 2G to off

You might also consider installing Privacy Cell (F-Droid / Google Play), an app that tells you whether you are connected to a cell network using the most modern security. Even the "5G" indicator on your phone alone doesn't guarantee you are using the latest-generation protocol.

On iPhone:

Open Settings
Navigate to Privacy & Security
Navigate to Lockdown Mode
Select Turn On Lockdown Mode

Note that enabling Lockdown Mode on an iPhone will change a variety of settings to harden its security. Many of them are smart improvements, but certain apps and features won't work normally, so read the previous links here for more details.

Use Airplane Mode Frequently

Even after mitigating the risks of 2G networks, your cellular activity can still be tracked. If not by law enforcement then by your carrier, who will likely be responsive to law enforcement's requests for data after the fact.

To prevent this, you should keep your phone turned off or use Airplane Mode to disable cellular connections whenever possible. Ideally you should only connect to networks in an emergency situation to communicate with others in your group, otherwise keeping messages and network transmissions to a minimum is key.

If you absolutely need internet connectivity and it's possible, you should keep Airplane Mode on and connect to a public Wi-Fi network instead, which brings me to:

Use Public Wi-Fi

If you're able, scope out businesses in the area that provide public Wi-Fi in advance. This is better than using cellular service, because less information about your device is shared with Wi-Fi networks as opposed to cell towers. Most modern phones support MAC address randomization, which makes it even harder to correlate your cell phone's connections between different Wi-Fi access points.

There is a danger that public Wi-Fi services will be set up by authorities or others in the area to track protesters. You could consider using a VPN service while connected to them to minimize the amount of metadata about your traffic that the Wi-Fi operator is able to collect.

Disable Location Services

If you have to keep your device powered on and connected, you can at least minimize the number of parties who have access to your location data. Be mindful of apps that you choose to share your location with, and consider disabling location services entirely while you're at the event.

On an iPhone:

Open Settings
Navigate to Privacy & Security
Navigate to Location Services
Switch Location Services to off

On Android:

Open Settings
Navigate to Location
Switch Use location to off

If you use an Android phone, you should also check your Google account settings to ensure location history is disabled. Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong, zero-knowledge encryption.

Check Your Keyboard

An often overlooked security risk is the software keyboard installed on your device. The best encrypted messenger in the world is no match for all of your inputs being read by third-parties as you type them.

If you are on GrapheneOS, the default keyboard from AOSP that it comes with makes no internet connections, so if you don't install a third-party keyboard you should be fine. Most other Android users are using Google's Gboard, which does make internet connections you may decide you don't trust, so you could consider installing an offline alternative. iOS users are able to control whether their third-party keyboard has network access in their system settings, although it may be wiser to not install a third-party keyboard in the first place.

This is particularly relevant to people typing in languages like Chinese or others where you use an Input Method Editor (IME) to convert Latin letters to characters in the target language. These IMEs are very often third-party apps that have full internet access.

Other Tips

Use Signal

Signal is the most secure app for sending text messages and making voice calls with others. It is also impossible to configure Signal to lower its encryption security or other security standards, so you know that everyone in your group is using settings that are safe by default.

You should turn on disappearing messages with a reasonably short interval for sensitive communications. You can do this by default in the Privacy section of Signal's app settings, and you can also do it on a per-conversation basis in each conversation's settings panel. This way there is a time limit for an attacker to crack your phone and extract your messages before they permanently disappear.

Signal is battle-tested for this situation. Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most:

Whether the user was registered with Signal
When that user registered with Signal
When that user connected to Signal last

Keep in mind that using Signal could still expose your phone's location, simply due to making a network request as we covered above. You should still keep your phone in Airplane Mode and minimize the use of Signal or any other networked app during the event.

There are other encrypted messengers, some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of metadata about your messages, such as who you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.

Protect Your Access to Information

Phones can be easily lost, taken, broken, or they can simply run out of juice. Bring a spare mobile battery or a charged power bank with you, and try to minimize your phone usage to preserve power. You should also make sure your mobile plan is topped up and you have enough mobile data prior to the event.

You should also write down the number of an emergency contact or a lawyer on a physical piece of paper, or even in Sharpie on your arm. You'll want this information easily accessible if you're arrested regardless of your phone's state or location.

Change Your Camera Settings

Check your camera settings for things which may draw unwanted attention, like the flash or a shutter sound. You should go through these settings in advance and configure it for the safest possible use.

Back Up Your Data

You should be prepared to have your phone taken or lost during a protest. You can limit the potential costs and headache to you if this happens by making sure you have an updated, encrypted backup of your data.

If you have an iPhone, you can make a local backup to a macOS computer or a Windows computer with iTunes. You can also back up to iCloud, but these backups are only secure if you enable Advanced Data Protection on your iCloud account. We strongly encourage enabling Advanced Data Protection for all iCloud users in any case, as it protects not only device backups but most iCloud account data as well.

The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one with strong, zero-knowledge encryption so that the service provider is unable to access your data.

At The Protest

Keep Your Device Locked

You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've disabled biometrics, because Face ID or similar features might unlock your device automatically when you don't want that to happen.

On an iPhone you can hold down the camera icon on the lock screen to open the camera without unlocking your device. You could also configure the Action Button to open the camera, or use the dedicated camera button on the latest iPhone model.

On a Google Pixel and most other Android devices, double-tapping the power button will open the camera without needing to unlock your device.

You should learn and/or set up device shortcuts to do things quickly, ideally while the device remains locked whenever possible, and ensure you're familiar with the shortcuts before the event.

Have a Backup Communications Network

In the event of an internet blackout, it might be a good idea to have a backup network prepared, organized with other attendees. Messaging apps like Briar can operate in a local mesh mode, connecting to other devices in the area with Bluetooth or local Wi-Fi connections instead of relying on centralized internet services. Another newer option is Meshtastic, which uses peer-to-peer/mesh radio that is much more reliable than using either Wi-Fi or Bluetooth, but requires purchasing dedicated hardware that you connect to your phone.

You might also want to consider local radios like walkie-talkies, although keep in mind these devices are nearly always unencrypted and can be easily monitored by others, so you won't want to use them to transmit sensitive information.

After The Event

If Your Phone Was Taken

If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model. Here are some instructions for common devices you can try:

If you were logged in to any online services on your phone, you should try and get them signed out. On many social media websites for example, you can go to your account's settings to see what devices are signed in and revoke their access remotely.

Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.

Be Mindful of Others

If you post your photos online, be mindful of identifiable faces or other characteristics of your fellow protesters or bystanders. Law enforcement or vigilantes use these photos to track down other attendees and arrest or harass them.

To prevent this, you can obscure the faces of anyone in the image. Most phones have built-in photo editing tools that allow you to draw on an image. Blurring can sometimes be reversed, so blocking it out entirely is generally preferable.

Be careful of the editing tools you use, and don't select highlighters or other semi-transparent editing tools. Even if you scribble over an area of a photo multiple times with a dark/black "highlighter" tool until it appears black, that can often be reversed with photo editing software by adjusting the contrast of the image. Using a shape/rectangle tool to draw a black box over areas you wish to redact is much better than trying to manually cross out image elements with drawing tools.

The Signal app also has built-in tools for photo editing and blurring. You can send a photo to yourself in the "Notes to Self" chat, then save the edited image from that chat for sharing. Signal also automatically removes photo metadata, so if you use it you're already covered with our next section:

Scrub Photo Metadata

Photos have hidden information, or metadata, embedded in them which include the type of phone/camera you used, the photo's location, and other potentially sensitive data.

You should use a metadata removal tool to remove this data from images before you share them with others. If you send a photo to someone using Signal, that app removes this metadata automatically.

Privacy Guides Hires Three Staff Members

Niek de Wilde — Fri, 17 Jan 2025 00:00:00 +0000

Privacy Guides Hires Three Staff Members

At Privacy Guides, we are always looking for ways to be more effective at our mission of promoting privacy and security for everyone. To help us grow, reach a broader audience, and provide more high quality educational resources, we are thrilled to announce the hiring of three talented individuals to our team! Each of them brings a strong passion to their respective roles, and we are excited about working with them.

Em – Journalist

We’re excited to welcome Em (she/her), our new journalist, who will play an important role in taking our articles to the next level. She will be focusing on creating in-depth, interesting posts that explore the most important topics in the world of online privacy, security, and digital rights. Em will also conduct interviews with experts in the industry, analyze reports and studies, and produce investigative news stories to keep our readers informed.

Em is a privacy advocate and public‑interest technologist who has been fervently defending privacy rights online (and offline) since 2018. Her work focuses on raising awareness and informing the public and organizations on data privacy tools, practices, and regulations. She is a passionate writer and thorough investigator, continuously working on ways to improve adoption of better privacy practices, and regularly creating educational material to make protective tools accessible to the groups who need them most.

Em is also a human rights activist who deeply values inclusivity, diversity, accessibility, and software for the public good. In her free time, you can find Em on Mastodon sharing privacy tips or boosting photos of cats and moss.

Follow Em at @Em0nM4stodon@infosec.exchange

Jordan – Content Producer

We also welcome Jordan Warne (they/them), our new content producer who will manage our channels on various video platforms! Jordan has a strong background in video production and content strategy, and we’re confident that they will help us expand our reach and connect with a broader audience. Through informative, easy-to-understand videos, Jordan will simplify complex privacy topics and keep our community engaged. Expect a significantly larger presence on our PeerTube and YouTube channels in the coming months!

Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skillset to simplify complex cybersecurity topics and turn them into engaging and approachable content.

Outside producing high-quality videos, Jordan enjoys exploring the Australian bush, capturing intricate details of its flora and fauna through photography.

Follow Jordan at @jw@social.lol

Kevin – Intern

Last but not least, we are excited to start working with Kevin Pham (he/him), our new intern focused on community & news, who will support both Em and Jordan in their roles while also engaging with our community across all platforms. His enthusiasm for digital privacy and his commitment to helping others make him a perfect fit for our team. He will help with managing our community, and interact with our growing online community to ensure that everyone has a voice. Kevin’s passion and eagerness to learn will no doubt contribute greatly to our mission.

Kevin is a senior at Tufts University studying Political Science and Science & Technology Studies. Originally from Florida, he is now freezing up in the greater Boston area. Kevin is passionate about usable security and privacy for vulnerable populations. He has previously worked with Freedom of the Press Foundation's Digital Security Team and Cornell Tech's Clinic to End Tech Abuse to help journalists and domestic violence survivors alike.

Besides doomscrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!

Follow Kevin at @kevpham@mastodon.social

What This Means for Privacy Guides

The expansion of the Privacy Guides team continues our commitment to provide the best quality resources and information on privacy and security. With Em’s investigative work, Jordan’s video content, and Kevin’s hands-on support, we look forward to communicating easy to understand and factual information with a broader audience.

We’re excited to see how these talented people will help Privacy Guides continue to grow, and we look forward to the amazing work they will contribute in the coming months.

Thank you for being a part of our community, and stay tuned for the exciting new content and updates that will be coming your way soon!Welcome aboard, Em, Jordan, and Kevin! Let’s make privacy accessible for everyone. 🚀

Follow Privacy Guides at @privacyguides@neat.computer

Subscribe to Privacy Guides on YouTube

State of the Web App: Current Woes and Promising Futures

fria — Sat, 30 Nov 2024 00:00:00 +0000

State of the Web App: Current Woes and Promising Futures

The concept of a progressive web app is enticing: an application using web technologies that is inherently cross platform (since it runs in a browser) and acts like a native app, even functioning offline. Support for PWAs in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apple’s App Store. But there are problems with web content that PWAs haven't solved.

Current Web-Based Apps

Attempts at similar things have been made before, the most infamous of which is Electron. Electron is a software framework that allows developers to easily create cross-platform apps by essentially bundling an entire Chromium browser in with the app. This approach has its drawbacks, though. Browsers have huge attack surface so it's important to keep them updated with the latest security fixes, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each Electron app has its own version of Chromium with its own attack surface, amounting to a performance and security nightmare. In contrast, PWAs use the browser that you already have installed, so as long as you keep it updated, all your apps will have the latest security fixes.

So why isn't every Electron app shipping as a PWA? The answer is an age-old problem with web content: the fact that you have to trust the server fully. You make an HTML GET request and you're served the content (i.e., the site's HTML, CSS, and JavaScript), but if the server is compromised, you'll be served a compromised website. You also need to rely on the security of DNS name resolution and the certificate authority system. This is a huge problem for security-sensitive applications like messengers. An attacker that gains access to their server—even just temporarily—could distribute compromised clients to millions of people, potentially breaking E2EE or executing a host of other malicious actions.

Improving Web Apps

A typical native app is downloaded onto your computer from some kind of trusted place like an app store and only receives updates when the developers push them out. Additionally, there's usually a process of checks and verification before that happens, like Apple's App Review and the Google Play App Review process. In contrast to PWAs, with which the threat of an attacker with server access constantly looms, it's much more difficult to target a particular person. In other words, a malicious app update is much less likely to escape scrutiny than a highly targeted attack via compromised servers.

Isolated Web Apps (IWAs) build on the work done on PWAs and Web Packaging. They are a specification that allows web content to be distributed offline outside of a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.

Google distinguishes between the drive by web, PWAs, and IWAs. The drive by web requires more conservative access to the system as the most accessible and is therefore least trusted. PWAs are a bit more trusted and can integrate a bit more deeply into the system as a result. IWAs are the most trusted and, as such, can have deeper access into the system and more powerful capabilities.

source: chromeos.dev

This higher security assurance from isolated and signed web applications and the inherently more trusted nature of a natively installed app will allow for IWAs to safely access APIs which wouldn't be safe to allow normal websites to access, like Direct Sockets.

IWAs use a totally new URL scheme since they're not relying on HTTPS certificate authorities or DNS. They're totally isolated from each other and the web using enforced Content Security Policy and Cross-Origin Isolation, hence the name.

Issues

The Worldwide Web Consortium currently has an open issue on their GitHub for IWAs with some interesting discussions that are worth checking out. There are some criticisms of IWAs, at least in their current form. A big point of contention is giving IWAs access to more powerful features like raw TCP and UDP socket access, similar to what a natively installed app might be able to do, which Martin Thomson at Mozilla argues is dangerous even with user consent. Martin wrote a nice in-depth article on bundling web content that's worth checking out on their website. It'll be a long process of iterating on the design before a version of this idea that's secure and available across browsers.

Right now, Chrome ships the feature enabled by default but only on ChromeOS for admin-controlled machines and select development partners of Google. Safari and Firefox haven't implemented the feature, with Firefox taking a stance against it. Perhaps in its trial run, the technology will prove its potential, or maybe IWAs aren't the best solution after all and another attempt at improving web apps will come along. I'll be watching with great interest either way.

Where are all the Multi-Party Relays?

fria — Sun, 17 Nov 2024 00:00:00 +0000

Where are all the Multi-Party Relays?

Multi-Party Relays (MPRs) are a technology that aims to provide better privacy protections than VPNs do. MPRs showed a lot of promise when they first emerged, but years later there are fewer options than ever. What happened?

Traditional VPNs

The original purpose of Virtual Private Networks (VPNs) was to access a network privately when you're not physically there, with encryption in between, so you can securely access your files or manage your network from wherever you are. It extends the security you'd expect from being physically at your LAN to anywhere you are.

Commercial VPNs like Proton VPN use this technology to allow you to connect to their network, and then connect to your destination. This keeps sites and services you connect to from knowing your real IP address and using it as a metric to track you. But there's a problem here: you now need to fully trust your VPN provider in the same way you need to trust your ISP with all your internet traffic. This "shifting trust" problem has haunted VPNs for as long as they've been marketed as a privacy product. It's clear that a better solution is needed.

The Alternative: Tor

Mix networks like Tor have solved this problem by decoupling the sender from the destination. No relay along the path has all the information: the entry (or guard) relay knows who you are but not where you're going, the middle relay knows the other two relays, and the exit relay knows the destination but not the sender. There's also separate encryption between each relay.

Tor circuit pathway

Tor provides great privacy properties, but the relays are run by volunteers, so they can be extremely slow and unreliable. Anyone who's tried to download a file while connected to Tor knows how painful it can be. Even normal browsing can be slow, with potentially minutes collectively wasted on loading times in any given browsing session. Tor is hands down the most private way to browse the web, and if your threat model calls for it there is no substitute. But for VPN users who want better privacy, an obvious next step is a paid solution where you have access to fast and reliable servers like on a VPN, and also separation between who you are and what you're connecting to.

A Solution: Multi-Party Relays

Enter Multi-Party Relays. Services like iCloud Private Relay and (the unfortunately discontinued) INVISV Multi-Party Relay take inspiration from mix networks like Tor and separate the sender from the destination using two relays operated by different parties, as the name implies. There's separate encryption between each relay as well. MPRs do require you to trust that the two parties don't collaborate to correlate your traffic, so keep that in mind.

Typically, the first relay is controlled by the provider (either Apple or INVISV in the previous examples), and the second relay is controlled by another company such as Fastly or Cloudflare. These are big names, so you won't need to worry about reliability.

source: blog.cloudflare.com

They also provide speed. Private Relay uses the QUIC protocol and as a result it's lightning fast. You wouldn't even know you were connecting to two servers in between your cat videos. The reliability is so good that I forget I even have it on. It even integrates with Safari and gives you a different IP address for different websites, similar to Tor's stream isolation.

So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of beta. INVISV partnered with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside of the original announcement. INVISV ultimately shut down their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android.

That leaves iCloud Private Relay as the only commercial offering that I'm aware of, but it's limited to Apple devices only. Great for Apple users, but everyone else is left high and dry. As is Apple's way, they didn't want any extra inconvenience from using their service, so they restrict you to your real country and timezone. You don't have the same freedom to choose a server wherever in the world you want like a traditional VPN service would allow.

There is one more honorary mention: OHTTP. It's a new protocol with a design based on the same principles as those of MPRs: two servers, a relay and a gateway, that decouple the sender from the destination. It's already seeing use by large companies to maintain user privacy for things like Google's Safe Browsing and Apple's new Safari Highlights feature. Unfortunately, it's not quite comparable to MPRs. According to Cloudflare:

OHTTP is not a general purpose proxy protocol: it's fit for purpose, aimed at transactional interactions between clients and servers (such as app-level APIs).

So it can't cover all the traffic on your device. Still, it's a promising protocol and I hope it becomes more widespread.

It really is a shame to see such a promising technology go so underutilized. Perhaps VPN companies could make their own MPR product and fill the gap in the market. Only time will tell.

Privacy Guides is Hiring

Niek de Wilde — Mon, 28 Oct 2024 00:00:00 +0000

Privacy Guides is Hiring

We are thrilled to announce the opening of three new job positions aimed at enhancing our mission of promoting personal privacy and informed digital choices. As a non-profit organization dedicated to empowering individuals with the knowledge and tools they need to navigate the internet in a private manner, we are excited to expand our team with talented individuals who share our vision. They will play a key role in helping us reach new audiences to spread our message in multiple formats, and make sure we are the authoritative source for trustworthy and unbiased consumer privacy resources on the internet.

Content Creator

We're seeking a passionate multimedia content creator to spearhead our video production efforts on YouTube and other platforms. This role will involve creating engaging and informative video content that for example simplifies several privacy concepts and offers practical tips for protecting personal information. The ideal candidate will have experience in video production (but this is not strictly required) and a commitment to making complex topics accessible to a wide audience.

This is your chance to enter the tech & educational content creation space, without worrying about sponsors and advertisers diluting your message. We have no commercial interests to interfere with your content, and no agenda beyond simply providing the best privacy information out there. If you're excited about using the power of video to educate and inspire, we want to hear from you!

Learn more and apply here

Journalist

We are also looking for a skilled journalist to join our team. This role will focus on producing in-depth articles for our blog that explore the latest trends in privacy and security, as well as the implications of emerging technologies. The ideal candidate will have a background in investigative journalism and a deep understanding of privacy issues. Your work will help inform our community and foster critical discussions about digital rights and responsibilities.

Other tasks will be to research new subjects to cover, perform interviews, and conduct product and service reviews for our recommendations.

Learn more and apply here

News Curation Internship

Finally, we are offering a paid internship position that will focus on staying up-to-date with the latest privacy and security news, interacting with our community, and providing overall support to our volunteers. This role will involve curating relevant articles, reports, and insights to keep our team informed and engaged with current events. This is an excellent opportunity for someone passionate about privacy issues and looking to gain hands-on experience in a non-profit environment. Ideal candidates will have strong research skills and a keen interest in digital rights.

Learn more and apply here

Join us in making a difference

At Privacy Guides, we believe that everyone deserves the right to privacy and security in the digital world. By joining our team, you will play a vital role in educating the public and advocating for stronger privacy protections. If you’re ready to make a difference and are excited about one of these roles, we encourage you to apply!

Onion Browser Review: Tor on iOS

Jonah Aragon — Wed, 18 Sep 2024 00:00:00 +0000

Search the App Store for "Tor Browser" and you'll be flooded with a variety of ways to connect to the Tor network from your iPhone. However, there's only one solution officially endorsed by the Tor Project themselves: Onion Browser.

Homepage

Onion Browser is an open-source app created by Mike Tigas, who has worked closely with Tor Project in the past and was previously an investigative journalist at ProPublica (he is currently an advisor at the FTC). His company still maintains the app, although lately it is primarily developed by other maintainers.

Side info

App Store download

We already recommend Onion Browser for any iOS users out there, with the important caveat that it doesn't have all the privacy features that Tor Browser on other operating systems would provide.

Usage

Of course installing Onion Browser is as easy as any other app on iOS, Apple ID unfortunately required. Onion Browser can be set as your default browser in system settings too, which is nice.

When you open Onion Browser for the first time you're given the option to connect to Tor via Orbot, or with a built-in Tor network proxy. Using the built-in option is the easiest, it connects very quickly and doesn't require a separate app. It also allows you to use Tor alongside another VPN app, which may be helpful in certain circumstances. The Orbot app acts as its own "VPN connection" in iOS preventing the possibility of combining it with another VPN, but it is more flexible and it extends Tor network protections to every app on your device.

You're presented with a choice at startup

Using the dedicated Orbot app also provides more robust protections against IP address leaks. Onion Browser warns in its comparison that using the built-in option could leak your IP or network information to malicious JavaScript code.

I confirmed the built-in option works perfectly fine, in fact I occasionally had trouble connecting Orbot to Onion Browser, where it would re-prompt me to start Orbot even though it was already running until I restarted the Onion Browser app. The built-in proxy generally worked seamlessly. However, for most people using Onion Browser alongside Orbot probably still makes more sense. It's the official recommendation from Tor Project and the browser's developer themselves, so that's what I'll be sticking with for the rest of this review.

You can check your connection at check.torproject.org, but you'll be warned you're not using Tor Browser

Onion Browser comes with 6 .onion bookmarks preinstalled: DuckDuckGo, the New York Times, the BBC, ProPublica, Freedom of the Press Foundation, and Deutsche Welle, which provides you with a good entry point into Tor network resources.

You can get started right away with built-in resources

DuckDuckGo via its .onion address is also the default search engine. Unlike Safari, search engines in Onion Browser are completely configurable. Included by default are a few different DuckDuckGo configurations, Google, and Startpage, but you can add your own search engine easily if you prefer another option.

I ran into trouble with DuckDuckGo not being able to display results, however. Switching to the DuckDuckGo HTML search engine in settings helped, and I prefer that more lightweight version myself anyway. I'm curious whether this is a common issue or a momentary glitch with DuckDuckGo, but neither switching circuits nor reducing security levels fixed it. Speaking of...

DuckDuckGo wouldn't work until I used their HTML-only version

Security Levels

There are three configurable security levels in Onion Browser: Bronze, Silver (the default), and Gold. These levels roughly correlate to the Safe, Safer, Safest security levels in regular Tor Browser.

You can toggle security levels on a per-site basis with two taps

I had no issues browsing the web in the standard Silver level, which felt similar to just using Safari. Even websites which rely a bit more on JavaScript like our own forum were unaffected, so this seems to be a sane default for most people.

The security level toggle next to the address bar is a bit dangerous, in my opinion. It changes the security level on a per-site basis, which can lead to inconsistent settings. I ran into this when I set the security level to Gold on privacyguides.org, then I navigated to our forum (hosted on privacyguides.net) and found the security level reset itself to Silver. Changing the security level for all sites requires going into the app's settings and changing the default security, which is something to keep in mind if you don't trust the sites you're visiting.

That being said, I also found that even the default security level setting didn't apply itself consistently after changing it. When I set the default security to Gold and opened DuckDuckGo, it opened at the lower Silver security level. I believe this is because I had manually set DuckDuckGo to Silver using the per-site toggle earlier, but changing the default setting really should reset those preferences.

The Gold browsing experience definitely broke more websites. Our forum didn't load at all, despite theoretically having a non-JavaScript version available. Other pages had broken elements: I loaded the Freedom of the Press Foundation's homepage fine, but I wasn't able to open the mobile navigation menu with the button in their header without switching back to Silver.

Something to note is that even the Gold level protections don't go nearly as far as Safest protections in Tor Browser. For example, the Safest setting on desktop Tor Browser will block resources like external fonts, which are not blocked on any level by Onion Browser. Onion Browser is meant to be a censorship circumvention tool, but it is not ready to defend your anonymity against any more dedicated adversaries.

Other Settings

Onion Browser comes with reasonable defaults and a fairly sparse number of customization options, but there's some you'll probably want to change if you're using this every day.

The Tab Security setting defaults to Forget in Background, which I found closes your tabs even if you simply check your notifications. It's certainly good that it errs on the side of caution and closes your tabs when you do literally anything outside the app, but I think most people will probably prefer this set to Forget at Shutdown where the data is only wiped when the app is actually closed. If you're really not concerned about local data storage, you can have the browser remember tabs until you close them for a more standard browser-like experience.

In the Default Security settings you can choose a different user agent, or leave it blank to send the default, in which case it sends Safari's default user agent for your device. You may find this useful to change how websites present themselves, but impersonating the user agent of another browser does not make you blend in with that browser from a fingerprinting perspective. There are many ways a website could determine what browser you are using outside your user agent, so don't rely on this setting to make you blend in with everyone else using Tor Browser on other devices.

Besides leaving it blank for the default, it comes with three built-in user agent strings you can choose from, or you can enter your own. You might find it useful to use Tor Browser for Android's, but if you have no idea what any of this means it's probably best to leave the user agent settings alone.

Default (on my device)Safari DesktopTor Browser DesktopTor Browser Android

Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/605.1.15

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.0 Safari/605.1.15

Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0

Mozilla/5.0 (Android 9; Mobile; rv:78.0) Gecko/20100101 Firefox/78.0

The other settings in the app are fairly self-explanatory, but I don't expect many people will need to change them.

Drawbacks

A large part of Onion Browser's problems come down to how iOS works. Most notably the iOS requirement for third-party browsers to use the WebKit framework built in to iOS.

This requirement means that Onion Browser has completely separate development from Tor Browser on desktop and Android, so it can't easily make use of all the advanced privacy-protecting features the Tor Project team is constantly adding to their browser. Technically it does also mean Onion Browser has historically been immune to Firefox-related vulnerabilities, but Safari is not known for its perfect security record either, and the number of eyes on Tor-related WebKit vulnerabilities is certainly far smaller than on Firefox/Gecko-related ones.

The Tor Project notes another drawback to Onion Browser's use of WebKit as well: The WebKit APIs simply don't give browser developers the level of control they're used to over the rendering and execution of web pages. This relates to what we saw earlier with the "Gold" protection levels not quite matching what you'd see in Tor Browser on other platforms.

The EU recently required Apple to let third-party browser developers use their own engines instead of WebKit. It's possible that—likely many years from now—a version of Onion Browser or Tor Browser could come to iOS alongside Tor's stricter protections found in their standard browsers. Even still, the mobile version of Tor Browser on Android which does use Firefox's mobile engine is leagues behind desktop Tor Browser in terms of privacy and security. It's safe to say that desktop Tor Browser is going to be the best way to access Tor for quite some time.

Lockdown Mode

There is one more way to improve Onion Browser security, but we have to look outside the browser to find it. Lockdown Mode is a feature introduced in iOS 16 that reduces the attack surface of your device by disabling a myriad of features, including web browsing features that could potentially impact security.

Because Onion Browser is built on Apple's WebKit, these security improvements extend to Onion Browser as well. Most notably, external web fonts are blocked in Onion Browser with Lockdown Mode enabled, just as they are in Safari. These are disabled in desktop Tor Browser's Safest mode due to both privacy concerns, and security concerns related to the font rendering engine on your device, so having the option to disable them here on iOS is very useful for those looking to maximize their security.

External fonts and JavaScript disabled with Gold + Lockdown Mode

However, enabling Lockdown Mode is detectable by websites, meaning it could potentially be used to fingerprint you. Onion Browser in any form does not really provide the same fingerprinting protections that desktop Tor Browser is able to, so this probably shouldn't stop you from using Lockdown Mode, but it is something to keep in mind.

Conclusion

The decision to use Onion Browser will ultimately come down to your specific requirements. If you simply need a web browser that connects to Tor hidden services, and you're not concerned with being tracked down, this is a perfectly reasonable choice on iOS.

It's also a good way to promote and normalize the use of Tor in general. My browsing experience using Onion Browser, while still a bit slower than regular browsing, was perfectly acceptable for reading the news, searching the web, and other everyday browsing tasks most of us do on our phone. The more people that use Tor for their everyday traffic, the safer the overall network becomes for people who really need it.

Just don't expect the same level of protection that desktop Tor Browser can provide. If you're concerned about serious adversaries targeting you, the safest way to use Tor is still to use it via Whonix+Qubes.

Bad-Faith Arguments in the Privacy Community

Jonah Aragon — Mon, 09 Sep 2024 00:00:00 +0000

Bad-Faith Arguments in the Privacy Community

The Privacy Guides community is one of the best privacy-related communities on the internet, and I think we have generally done a good job at promoting a positive and respectful environment where people can learn and grow.

Unfortunately, as a public forum we are not immune to the small minority of individuals who feel empowered to spread anger, hostility, and divisiveness by their anonymity and general lack of consequences on the internet.

From now on, we are going to be strict about requiring all posts in our communities to be made in good faith.

We will consider the following questions when reviewing posts:

Is the poster presenting their criticism as informed or factual, when it's actually a matter of personal opinion, or worse, misinformation or false?
Has the poster failed to provide reasoning for their criticism, and demonstrated an unwillingness to learn or discuss the topic?
Is the poster writing something as if it is true and informed, when they're actually just speculating?
Is the poster simply spreading negativity instead of actually trying to improve something?
Is the poster engaging in ad hominem attacks against us or our community?

If these answer to any of these questions is yes, the post will be removed and the poster will be asked to revise their statement. We will suspend posters who repeatedly engage in bad faith arguments.

For almost everyone here, you won't see any negative impacts of this new policy. It is simply designed to allow us to remove the small number of people who occasionally join to spread unproductive negativity in the privacy space, at the expense of legitimate projects making the world a better place. Hopefully you will notice improvements in discussion quality overall.

To give an example, there are two specific behaviors we want to discourage with this new policy.

The constant use of words like "shilling," "fanboys," etc. to describe people who have a difference in opinion to your own is not acceptable.
To "shill" something is to promote something you have an employer relationship or some other actual conflict of interest with. To accuse someone in our community of being a planted shill without any evidence, simply because they like something that you dislike, is both a serious accusation and a bad-faith argument.
Even the use of terms like these informally to describe people who like a certain product more than others is disrespectful, and sows uncertainty and distrust within our community, so it will no longer be tolerated.
A very small portion of GrapheneOS community members continually attempt to derail any conversations mentioning GrapheneOS with irrelevant details and confrontational attitudes.
This is not a reflection on the GrapheneOS project itself, but unfortunately this has become a repeated situation with certain community members of this specific project more than anyone else, so we have to call it out.
Making unfounded accusations against Privacy Guides community members of harassment towards GrapheneOS simply because they presented their criticism of the project is not a good faith argument. Similarly, presenting unverified statements from the GrapheneOS community as factual has led to misinformation being spread in the past. It is critical to always differentiate between opinions/beliefs and factual information.
Privacy Guides community spaces are not GrapheneOS discussion forums, and the drama from their community is not automatically on-topic in ours. Please do not make new topics in our forum that simply link to drama posts from the GrapheneOS community. A good rule of thumb is that unless a post from GrapheneOS is specifically talking about GrapheneOS-specific, privacy-related functionality and not about other projects/software/etc., it is probably off-topic here.

Proton Wallet Review: Is Proton Losing Touch?

Jonah Aragon — Sun, 08 Sep 2024 00:00:00 +0000

Proton, the Swiss creators of privacy-focused products like Proton Mail and Proton VPN, recently released the latest product in their ever-growing lineup: Proton Wallet. Announced at the end of July 2024, it promotes itself as "an easy-to-use, self-custodial" Bitcoin wallet that will ostensibly make financial freedom more attainable for everyone.

Side info

Proton Wallet's Privacy Policy
This review was conducted with the reviewer's personal Proton Visionary account. Proton was not contacted prior to this publication.

It may well be that Proton Wallet is the easiest way to start using Bitcoin, but is a Bitcoin wallet the solution people need to improve their financial privacy?

A cryptocurrency primer

Contrary to popular belief, cryptocurrency is not an inherently private transactional system.

The vast majority of cryptocurrency, including Bitcoin, uses a transparent and public blockchain as the ledger for all transactions. This means that anyone you've transacted with or who knows your wallet's public address can trivially trace all of your past transactions, and monitor all of your future transactions at any time.

This is a huge problem for Proton Wallet, because Bitcoin is the only cryptocurrency it supports. Furthermore, Proton Wallet doesn't support the few privacy-enhancing additions to Bitcoin that do exist, like CoinJoin or even the Lightning Network. While these technologies still don't bring Bitcoin close to the levels of privacy attainable with some alternatives like Monero, to see them lacking in a product from a privacy-centric company like Proton is extremely disappointing.

Proton has claimed in a few interviews that they chose Bitcoin because of its mass appeal, and it's certainly true that Bitcoin has the mind share and market share to beat out any other cryptocurrency, but the most popular option isn't always the best option.

Had Proton Wallet added support for Monero or a similarly private cryptocurrency, they could have single-handedly boosted a financial system that is actually private by default by a significant degree. In my eyes, failing to do so in favor of the market leader is an unfortunate step back from their "privacy by default" mantra.

Using the app

Proton Wallet is in beta, like many of Proton's products are when newly released, and available via the web, an Android app, and an iOS TestFlight.

Creating your wallet is a simple process, after registering you'll be asked to choose a name for your wallet and a default currency. You can also optionally set a passphrase to secure your account. Note that this isn't merely a passphrase securing your account on Proton's servers beyond your usual account credentials, it's a BIP39 extension word, meaning that if you lose it your wallet will be completely unrecoverable, even if you back up your 12 word seed phrase.

The default currency here isn't the currency being stored in Proton Wallet. It is just used to show you the current conversion rate between Bitcoin and your local currency.

Once you're in, Proton Wallet is fairly straightforward. In fact, there's not much to explore beyond finding your wallet address and buying Bitcoin. Clicking the Recieve button brings up a panel which shows your address and allows you to generate a new one on the fly. When you generate a new address, all of your previous addresses will continue to work, but are no longer displayed anywhere.

Buying Bitcoin is simple as well. Proton is working with two providers, Banxa and Ramp, and if you're in the United States like I am both are available, so you can choose the one with the best exchange rate to go with. Before you purchase, Proton Wallet asks you for your current country, so that will determine which providers it's possible to use.

There's no private payment methods though, you're stuck with credit card, Google Pay, or Apple Pay. The purchase experience isn't quite seamless either, as it redirects you to either banxa.com or ramp.network to perform the actual transaction. Everything is pre-filled with your Proton Wallet information however, so it isn't a huge problem.

"Bitcoin via Email"

The flagship feature of Proton Wallet is something they call Bitcoin via Email, which integrates with Proton Mail to allow you to send Bitcoin to any email address. Opening your wallet settings lets you enable Proton's Receive Bitcoin via Email feature, which allows other Proton Wallet users to send Bitcoin to your account with just your Proton Mail address.

If you have multiple addresses on your Proton account, such as aliases or addresses on a custom domain, only one address can be linked to your wallet. This can be a bit annoying for people who have given out different Proton addresses to others in the past, like if you gave out your @protonmail.com address to some people, before later migrating to @proton.me when that domain became available.

On the other hand, if you have aliases for different projects, this is a great way to keep Bitcoin payments to each address separate. If you have your personal email and a business alias for example, you can link your personal email to your primary wallet and create a second wallet to link your business alias to, thus keeping your personal and business transactions separate.

Proton says that you can "create as many wallets as your Proton Wallet plan allows," but the exact limits are not very clear at the moment. This may become clearer as Proton Wallet exits its beta status.

Sending Bitcoin to an email address is as simple as it is in mainstream payment apps like Venmo or CashApp, which is great. You can even include a memo with your transaction, and the transaction appears on the recipient's side very quickly. However, it can take a few hours or more for a transaction to actually complete and be usable by the recipient, so all they'll be able to do is monitor its progress in the meantime. This can be sped up by choosing a higher "network fee" when sending the payment, which costs more Bitcoin as the name would suggest.

I'm not convinced this is particularly revolutionary though. Many Bitcoin wallets have streamlined the process of exchanging address information with other people with methods like QR codes, which are likely going to be more widely used than email in today's mobile-first world. Being able to replace Bitcoin addresses with emails fairly seamlessly is nice, but is it nice enough to warrant the entire Proton Wallet product? I'm not so sure.

What else sets it apart?

There isn't much separating Proton Wallet from the existing options on the market. It is a non-custodial wallet, meaning that you control the private keys rather than Proton. This is a huge step-up in security compared to keeping your Bitcoin in an online exchange like Coinbase, but it isn't a big differentiator from other software wallets where non-custodial key storage is typically the norm.

Besides that, and Bitcoin via Email, if you visit Proton's website to see how else they differentiate themselves the best third reason they could muster up is:

Our business is privacy: Proton isn't a crypto company — we're a privacy company that wants to empower everyone to use Bitcoin securely and privately.

Unfortunately for Proton, this doesn't quite ring true when it comes to Proton Wallet. When it launched in 2014, Proton Mail was revolutionary in the email space. Encrypted email providers already existed, but Proton offered something different: Proton brought a good user experience to an interoperable encryption standard, PGP. While everyone else in the email space was rolling their own password-protected web portals to secure messages or simply delivering emails in plaintext, Proton built a user-friendly platform that actually improved the email ecosystem at large in the process.

Proton's leadership thinks they can do for cryptocurrency what they once did for email, but there's a clear difference between then and now. Proton Mail had privacy and security ready to go from the beginning, but Proton Wallet simply meets the status quo.

Why does this exist?

Proton Wallet is in a strange position. I've spoken to a few sources who suggest that privacy features like CoinJoin, which can mix Bitcoin in order to better anonymize transactions, were intended to be included at launch. The crackdown on the ill-fated Samouri Wallet project by U.S. authorities last April certainly put a damper on privacy in the Bitcoin space, and likely made Proton wary of introducing such features to the public.

Proton suggests this themselves, stating on their website:

Coinjoin is considered the best solution for improving blockchain privacy. It works by mixing your BTC with other users’ BTC in a collaborative self-custodial transaction where you get back the same amount of BTC that you put in but on a different address that cannot be easily linked to your previous address. However, in 2024, in what many consider to be a regulatory overreach and attack on privacy, some of these Coinjoin services have been declared illegal in the US and EU. The future of financial privacy may therefore be decided by ongoing litigation in the next decade and privacy advocates should support these efforts.

This situation likely soured Proton on other privacy-friendly cryptocurrencies like Monero as well. I get it, financial privacy is an extremely challenging task for any company to take on. We can't expect Proton to take on the risk of offering a completely anonymous payment service in the current legal climate, but it begs the question: why enter the financial space at all?

Proton Wallet seems like a product that doesn't know its own place in the world. Is it meant to save us from the tyranny of payment processors like PayPal who can freeze your funds at a whim? Proton certainly thinks so, having faced that exact problem themselves during their original 2014 crowdfunding campaign. But in that case, is Bitcoin the actual solution to this problem, or is it just a stopgap fix that Proton happened to latch on to way back in 2014 when Bitcoin was more in vogue and there were few competitors?

Today, there are many alternatives to Bitcoin which are safer to store your money in while remaining protected from intrusive fintech companies like PayPal. Stablecoins like USDC can be traded on multiple cryptocurrency networks without the need for middlemen payment processors, and can be exchanged at a variety of exchanges with the huge benefit of having significantly less risk than Bitcoin, theoretically no risk at all. Support for USDC or a similar technology would go a long way towards enabling usable cryptocurrency transactions for everyday users, even though USDC doesn't have any additional privacy protections either.

Or, was Bitcoin chosen to give us independence from fiat currency, including stablecoins, entirely? Maybe so, but is that something we actually want? Prepping for a worldwide market collapse is perhaps a bit of a fool's errand. If the US Dollar and other economies failed overnight, I think we would all have a lot more problems than Bitcoin is going to solve for us. Bitcoin is a poor store of value to serve as an alternative to traditional currency anyway. Any asset which can gain or lose half its purchasing power on any given day of the week simply can't function as a viable medium of exchange, meaning it's virtually useless for day-to-day transactions.

However, if Proton Wallet wasn't meant for all that, if it was simply meant to bring privacy to Bitcoin, then it's certainly a failure. Proton hasn't taken any risks with this product, meaning it's really only good for satisfying a singular belief: That Bitcoin is just inherently good, and anything to promote Bitcoin is inherently good as well. I don't share these fanatical beliefs of Bitcoin maximalists, however, when Bitcoin is demonstrably lacking in a wide variety of ways.

Conclusion

Personally, I'm a bit of a cryptocurrency pessimist in general, but I can see some appeal for the technology in very specific areas. Unfortunately, Proton Wallet doesn't seem to fit in to a useful niche in any meaningful way. The functionality it does support is extremely basic, even by Bitcoin standards, and it simply doesn't provide enough value over the existing marketplace.

If you're an existing Proton user simply looking for a place to store some Bitcoin you already have sitting around, Proton Wallet might be perfectly adequate. For everyone else, I don't see this product being too useful. Bitcoin is still far too volatile to be a solid investment or used as a safe store of value if you crave financial independence and sovereignty, and Proton Wallet simply isn't adequate for paying for things privately online.

There is some potential with Proton Wallet. Personally, I would like to see support for Monero, a cryptocurrency that has privacy features built-in by default. There is also the possibility of Proton expanding into the traditional finance space with features like a digital wallet for credit/debit cards, card aliasing à la privacy.com, and tap to pay within their mobile apps. A third-party alternative to Apple Pay and Google Wallet, and for the first time ever such a product could actually be viable: It's always been possible on Android, but just last month Apple announced the possibility for iOS developers to use NFC to facilitate payments outside of Apple Wallet. This presents a golden opportunity for Proton Wallet to be the first cross-platform digital wallet, if they can deliver.

Alas, none of this is available in Proton Wallet today, and that's all that really counts.

Jonah Aragon Hired as Project Director

Niek de Wilde — Tue, 20 Aug 2024 00:00:00 +0000

Jonah Aragon Hired as Project Director

We are thrilled to announce a significant milestone for Privacy Guides: the addition of our first paid staff member, Jonah Aragon. This achievement is a testament to the unwavering support and generous donations from our incredible community. Another major donation came from Power Up Privacy, a privacy advocacy group that funds privacy-related research and development, which helped us achieve this goal earlier then expected!

Jonah Aragon is no stranger to Privacy Guides. As a founding member, Jonah has been instrumental in shaping our organization and its mission. With his extensive background in privacy and cybersecurity, Jonah brings a wealth of knowledge and experience to his new role.

A Community-Driven Success

The journey of Privacy Guides has always been fueled by the passion and contributions of our community. From the very beginning, our mission has been to provide reliable, independent information on privacy and security. Thanks to your donations, we are now able to take a significant step forward by bringing Jonah on board as our Project Director.

In this new position, Jonah will be working 20 hours a week to manage our day-to-day operations. His responsibilities will include overseeing various projects, ensuring smooth coordination among team members, and maintaining the high standards of our content and resources.

One of Jonah’s focuses will be restarting This Week in Privacy, our weekly podcast providing updates on the latest developments in our community and the privacy world. After our initial trial run of this project, we heard your positive feedback, so we will be bringing it back!

Another crucial aspect of Jonah’s role will be fundraising. Our goal is to make this position self-sustaining, ensuring that Privacy Guides can continue to grow and thrive. Jonah’s efforts in fundraising will help secure the necessary resources to support our ongoing projects and initiatives.

Thank You for Your Support

This exciting development would not have been possible without the incredible support of our community. Your donations have made it possible for us to bring Jonah on board and continue our mission of promoting privacy and security. We are deeply grateful for your trust and generosity.

As we embark on this new chapter, we look forward to the positive impact Jonah will have on Privacy Guides. Together, we will continue to advocate for privacy, educate the public, and provide valuable resources to help everyone protect their digital lives.

Thank you for being a part of our journey. Stay tuned for more updates and exciting developments!

Privacy Guides Partners With MAGIC Grants 501(c)(3)

Jonah Aragon — Mon, 22 Jul 2024 00:00:00 +0000

Privacy Guides Partners With MAGIC Grants 501(c)(3)

Illustration: Jonah Aragon / Privacy Guides

In February, the OpenCollective Foundation (OCF)—our fiscal host of 4 years—sent us an email to announce that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another fiscal host.

We're excited to announce a partnership with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.

This last point is important, because we want to ensure Privacy Guides is never fully reliant on a single individual like myself. This setup ensures Privacy Guides never strays from its mission of providing free and accessible privacy and security resources to protect consumers.

Of course, all of our projects including the open-source Privacy Guides website, our communities, and this blog remain editorially independent and volunteer led. This partnership only affects our administrative platform behind the scenes.

MAGIC Grants was the right choice for our project for a number of reasons:

They are a 501(c)(3) non-profit, which allows us to retain our tax deductible status in the United States, and means there are legal safeguards in place to prevent Privacy Guides from being used for personal profit.
They've provided us with a great deal of flexibility and independence over how we run our project, and added many safeguards to ensure the current Privacy Guides team retains ultimate control over the project. This means that nothing about Privacy Guides will change, now or in the future, due to outside influence.
They've generously offered to provide their services to us for no fee, in support of our shared core mission of creating great educational materials.

Finally, unlike OCF, MAGIC Grants is extremely flexible when it comes to accepting cryptocurrencies. Previously we have not been able to accept cryptocurrency donations, because OCF did not have the accounting tools in place to handle such transactions. MAGIC Grants is highly experienced in the cryptocurrency—and especially Monero—space, and we will be able to accept completely private donations through that very soon.

Donations to Privacy Guides are considered restricted contributions which may only be used under the Privacy Guides Fund agreement we have with MAGIC Grants, and not for any of MAGIC Grants’ other endeavors. You can make a general donation to MAGIC Grants on their website.

We considered forming our own organization, but estimated that the initial costs to do so would meet or exceed our current annual budget, which wasn't financially viable. We have reserved the right to spin off as an independent non-profit, or to transfer to another fiscal host in the future, if we feel it would be beneficial to do so.

Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.

Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.

If you like what we do, please consider contributing to our project at https://www.privacyguides.org/en/about/donate/.

Read more about the Privacy Guides Fund announcement on MAGIC Grants' blog.

"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again

Jonah Aragon — Sun, 14 Jul 2024 00:00:00 +0000

"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again

Image: Unsplash

"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128.

Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

It seems that 6 years after the Mr. Robot extension debacle, Mozilla still hasn't learned their lesson about sneaking unwanted advertising and features onto our computers.

We already know from Google's Privacy Sandbox that simply adding "privacy" to the name of your feature does not make it private. While Mozilla claims that the "Privacy-Preserving" attribution aims to provide a more privacy-friendly alternative to ad tracking, there are a plethora of issues with this new (anti-)feature that are worth examining:

Misaligned Incentives

Mozilla's decision to implement PPA in Firefox highlights a growing trend among user agents (browsers) to grant preferential treatment to the advertising industry over all other businesses.

All websites on the internet—including ad networks!—are guests on our computers, and the content they provide are merely suggestions for a user agent to interpret and show us how it chooses. This has always been a fundamental truth of how the internet works, and enables many great things: from highly-accessible text-based web browsers to the ability to block trackers and other unwanted bloat on the websites you visit. By baking in software that's tailor-made for the advertising industry, Mozilla is wrongly asserting that the advertising industry has a legitimate interest in collecting your data and tracking you across the internet over all other parties, including over your own interests.

The advertising industry and Google in particular have been trying their hardest to reverse this dynamic, to turn browsers into a locked-down piece of viewing software under the total control of the servers it's accessing. Mozilla is the organization meant to protect us from the ever-encroaching desires of industry to control and track what we see online, but instead they're continually giving in to the idea that user agents should serve website operators and ad-tracking networks instead of users.

Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be "good for them." Firefox users are not a captive audience that needs to be coddled, they are generally full-grown adult computer users who need to be listened to.

One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.

The reality is that it isn't simply a privileged minority of users who care about surveillance tracking software being built in to their browsers.

Firefox users are fully capable of understanding basic concepts like tracking, and can make an informed decision about whether they want their browser to track them. Mozilla refuses to acknowledge this, because it's in their best (financial) interest to get as many people as possible to use this feature.

At the end of the day, Mozilla knows this feature isn't something that Firefox users want. If they truly believed this was the one path away from the constant data theft perpetuated by the advertising industry, they would've announced this loudly and proudly. They could've given the privacy and general Firefox communities ample time to scrutinize the protocol beforehand.

Instead, they buried the announcement in a two sentence blurb at the bottom of the release notes, 5 months after they posted a very brief blog post talking about this technology which was likely ignored by the vast majority of Firefox users.

False Privacy

Let's ignore all of this though, and say you don't care that Mozilla is selling out to advertisers, as long as the feature is actually more private than the current status quo. PPA still isn't the answer we are looking for.

The simple truth is that the "Distributed Aggregation Protocol" Mozilla is using here is not private by design.

The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser's server. The "advertising network" only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers!

This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can't infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser.

It is extremely disingenuous for Mozilla to claim that Firefox is adding technical measures to protect your privacy, when the reality is that your privacy is only being protected by social measures. In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let's Encrypt), could trivially collude to compromise your privacy.

Uselessness

Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.

All an advertisement has to do is link to a unique URL: Instead of linking to example.com one could link to example.com/ad01, and the website operator simply has to track how many people visit the ad01 page on their end.

In contrast to the amazingly complex PPA setup Mozilla is pushing, this is a perfectly viable alternative that advertisers could easily adopt today. The reason they do not is simply because they have an insatiable need for as much of your data as possible.

Disabling PPA

Firefox users should disable this feature:

Open Firefox's settings page at about:preferences
In the Privacy & Security panel, find the Website Advertising Preferences section.
Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

There are also plenty of other web browsers you could choose from, if you're growing tired of Mozilla's behavior in recent months. Between their foray into generative AI and their business acquisitions in the advertising industry itself, I certainly wouldn't blame you.

PPA is an additional privacy attack surface that has no value for end users whatsoever, as its sole purpose is to give data to the advertising industry for nothing in return. Instead of focusing their efforts on compromising with advertisers, Mozilla could work to actively block unwanted data collection. Because they aren't blocking any of the myriad of ways advertisers currently track you, Mozilla is not acting in your best interest here.

For a browser and organization which has built its reputation entirely on protecting user privacy, these moves are really eroding the trust of its core user base. We hope that Mozilla will listen to the overwhelming user feedback surrounding this feature and their other endeavors, and consider whether these recent actions are aligned with their core mission of putting users first.

Discuss this article on our forum, or leave a comment below.

Threads Is the Perfect Twitter Alternative, Just Not for You

Freddy — Fri, 21 Jul 2023 00:00:00 +0000

Threads Is the Perfect Twitter Alternative, Just Not for You

Silicon Valley could well be built on the principle of scrapping principles. Now Elon Musk, perhaps the ultimate tech bro, is shredding another well-regarded convention with an original business strategy.

Generally, in business, it is sensible to provide your customers with what they want. With Twitter, the meme-makers' favourite billionaire is doing the opposite. The cyber-trucker is trying his best to cull his customer base. Instead of finding gaps in the market, Musk is helping to create them. Ever the copycat, Mark Zuckerberg wants to give these innovative tactics a try. Enter the-company formerly-known-as-Facebook's rival to the birdsite: Threads.

The Zuck is, by all accounts, good at making social media platforms. This doesn't mean the platforms themselves are good - they aren't. But they are unarguably successful: Instagram and WhatsApp have comfortably over a billion users, Facebook has nearly three. If only half of these users adopt the new platform, it would instantly eclipse Twitter. As it happens, Threads allows you to import all your followers from Instagram. Of all the Twitter alternatives, Zuckerberg's looks like the most promising.

Here, however, the promise ends.

The man behind Facebook has somehow managed to make the Twitter experience worse. Following people, a key part of the social media mogul's earlier ventures, is meaningless on Threads. You are beholden to its algorithm and who it reckons you will interact with. (Want to see what your mates are posting about? Tough, here's an 'Epic Meme from the official Salesforce account.') Your timeline isn't chronological either.

And this is where it gets clever. Say you tire of blue-tick brands shitposting, and want to delete your account? Hard luck. Like an ill-advised tattoo, Threads accounts are effectively permanent. If you delete your Threads account, your Instagram account goes too. You're locked in this shiny pit of brand based flimflam, and your Instagram account is hostage.

Threads is what would happen if Twitter and Instagram made out in a bowling alley. It's all their worst parts combined - but it may well succeed. Rocket-man Musk's changes to Twitter have not exactly made it 'brand friendly'. Threads, meanwhile, is shaping up to be a paradise for in-your-face brands - and the AdTech industry would love for you to join them. As Chris Black put it, Threads is just 'another marketing channel masquerading as a community.' When the site inevitably introduces ads, the scared Twitter advertisers will flock. A TechCrunch headline ran 'You can’t post ass, Threads is doomed'. It should have run: 'You can't post ass, Threads will boom'.

Despite cut-and-pasting a dying social media site, the Zuck won't be worried. If anyone knows how to transform bland technology into profit it's him. Aside from providing a platform for asinine hot-takes, Threads' main purpose is to hoover up and auction off data. Unlike Twitter, Meta's microblogging venture has strict moderation. When advertisers bore of Musk's manic antics you know where they'll go.

Threads' naffness won't stop its success. It's data-scraping fluffily dressed up as substandard corporate twaddle. It's a cringe-inducing privacy invasion. It's not meant for users, but that doesn't really matter: you're not a user, you're a product.

Privacy Guides Now Has Merchandise

Freddy — Wed, 31 May 2023 00:00:00 +0000

Privacy Guides Now Has Merchandise

Yes, you read the title correctly: we have merch now. Privacy Guides has partnered with HELLOTUX to create what we think are the finest garments in the land.

It would be ironic to sell our products on a site riddled with ads and trackers. So we weren't going to. This decision ruled out loads of providers, as our privacy-focused values and their Google Analytics just didn't quite align. Privacy Guides has a global audience, so worldwide shipping was a must. And we didn't want to be peddling tacky cheaply printed t-shirts either. This narrowed down our options considerably.

Then we stumbled across HELLOTUX.

HELLOTUX is a family business who have been making high quality merchandise for open source projects since 2002. Their site is tracker free, and isn't littered with irritating adverts. They seemed, pardon the pun, the perfect fit.

We're excited to launch a range of dashing t-shirts and Polo shirts, along with our very own hoodies and jackets. Check them out at www.hellotux.com/privacyguides.

Buying our merch is a great way to support us financially. We get between three to five dollars per garment, depending on the product. Privacy Guides is a non-profit, socially motivated website so all the money we receive will be put towards improving our site and community. Our finances can be viewed publicly via the Open Collective.

A fun fact about HELLOTUX is that they make everything with Linux: the embroidery, the website, the customer service - the whole shebang. They also offer a money back guarantee. If you're not happy with your order, just send it back within three months, and they will sort you out with a replacement or refund.

So go ahead: bag yourself some Privacy Guides swag today!

Worried About TikTok? The RESTRICT Act Is Not the Answer Americans Are Looking For

Jonah Aragon — Sat, 01 Apr 2023 00:00:00 +0000

Worried About TikTok? The RESTRICT Act Is Not the Answer Americans Are Looking For

Privacy advocates have been calling for the United States to adopt strong consumer privacy protection laws along the lines of the EU's GDPR for a long time now, but the proposed Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act isn't the answer we're looking for.

Terrible acronym aside, the RESTRICT Act claims to...

empower the United States government to prevent certain foreign governments from exploiting technology services operating in the United States in a way that poses risks to Americans’ sensitive data and our national security. (whitehouse.gov)

In reality, this act would grant the government broad powers to restrict access to any site or service they claim could pose a threat to national security, akin to China's "great firewall."

Currently, if you go on the internet and try and find out what the RESTRICT Act actually does, you'll find a lot of confusing and conflicting information. This is by design, not from a lack of analysis. Simply put, the RESTRICT Act has been interpreted in so many different ways because the wording is so broad that it can be interpreted in so many different ways. This is obviously a problematic form of government overreach.

So what does it actually do? Well, nothing! For now anyway: Like many bills lately, this bill has no immediate effects, but it does grant the White House power to create rules and regulations which will have the power of law. Section 8 grants the Secretary of Commerce the power to "establish such rules, regulations, and procedures as the Secretary considers appropriate." These rules can include almost anything as long as they are targeting an entity covered by the bill.

To give it a little credit, the specific activities this bill targets are relatively narrow. Section 2 of the bill mainly defines the affected entities in terms of corporate ownership and funding in relation to specific "foreign adversaries." It would be difficult for a company to violate this bill without actually being a front for a foreign government. However, once a targeted company is identified, the powers the White House then gains to prevent their operation and access within the United States are wildly expansive.

How might this affect VPN providers?

This is the question on a lot of people's mind, and the answer is of course a bit complicated.

Right now, this bill is mainly focused on TikTok, despite them not being mentioned specifically within the bill text, so let's focus on them. If the White House determines that TikTok is covered by this act, they could implement "mitigation measures" including ordering Internet Service Providers to block access to TikTok entirely. At this point, the Act grants very broad power to block circumvention of those mitigation measures as well. Now, any service "which is designed or intended to evade or circumvent the application of this Act" falls under the scope of this regulation.

No person may cause or aid, abet, counsel, command, induce, procure, permit, or approve the doing of any act prohibited by, or the omission of any act required by any regulation, order, direction, mitigation measure, prohibition, or other authorization or directive issued under, this Act. (Section 11(a)(2))

A reading of this could certainly include VPN providers. Even if the White House does not declare VPN companies to be directly violating this act, they could certainly deem their services to be aiding and abetting violators, and the end result is the same: Regulations which ban the operation of VPNs entirely.

Even more worryingly—especially for myself at Privacy Guides—a stricter reading of the quoted section above could make it illegal to even share advice (i.e. "counsel") on how to run a VPN or sideload TikTok! And all of these violations can be punished with criminal charges including up to 20 years in jail or up to $1,000,000 in fines.

So what do we actually know?

Does this bill ban VPNs? No.
Does this bill give the White House executive power to ban VPNs? Yes!

Ultimately, the provisions in this bill are so broad that it is inconceivable that they will not be eventually abused by the White House, it would only be a matter of time. Any law like this which gives the government broad authority to ban all sorts of tools if they are even tangentially related to a foreign country they deem a threat is simply unacceptable in a purportedly free country, and we need to make sure it does not pass.

Is this good privacy regulation?

Absolutely not. Fundamentally, the RESTRICT Act does nothing to address the actual privacy concerns of American citizens, it only ensures that the digital data of Americans is exploited exclusively by America-friendly companies. If Congress was legitimately concerned about data collection in America, they could implement strong consumer protections that enhance individuals' control and rights over their personal data on every platform instead of playing whac-a-mole with every foreign technology entity.

You may still be thinking that this bill would only really impact large, foreign entities like China/TikTok, but we've seen time and time again how bills like this that are sold as attacks on huge, nebulous entities like "terrorists" and "foreign state adversaries" wind up mainly used to attack the little guy with minor infractions.

Just like with the post-9/11 Patriot Act, the government is trying to whip people up into a panic to pass a bill under false pretexts that only serves to expand their police powers over us. Call your legislators and demand that they vote against the RESTRICT Act, don't let them take away even more freedoms.

Privacy Guides Is Now Multilingual

Freddy — Sun, 26 Feb 2023 00:00:00 +0000

Privacy Guides Is Now Multilingual

It's finally here. After countless requests, Privacy Guides now has translations.

People have always asked us for translations to other languages because our team and community produces high quality, reliable, honest, and researched content. Our previous site never had a system for this. All translations were done manually, and translators would quickly lose interest. Translated sites would be outdated and lay unmaintained on domains that we didn't own. Privacy Guides now has a proper system.

Our site runs Material for MkDocs, which supports internationalization. This allows us to provide language specific content without the mammoth effort previously required.

What we're planning

You can expect translations of this blog – and lots more content. We will add languages to the site when they near completion. That way they can be checked to make sure they maintain the high quality that people have come to expect from the rest of Privacy Guides.

Translators

We'd also like to remind everyone you can stay up to date with the main site by looking at our release page, this will show major changes to the main content. You can subscribe with a News Aggregator:

The blog doesn't have releases, but articles are generally published in a complete state and only updated with minor changes.

Feel free to check out our localization room on Matrix #pg-i18n:aragon.sh if you have any questions on getting started. You can find us on Crowdin.

Please note that the English version of the site is the primary version, meaning changes occur there first. This means it is still possible that specific languages may be behind. If you notice such an instance please help out. We cannot guarantee the accuracy of all our translations. If you have a suggestion about content specific to your region, please open an issue or pull request to our main repository.

Some tips for translators

Crowdin has good documentation and we suggest looking at their Getting Started guide. Our site is in Markdown, so it should be easy to chip in.

Admonitions

Throughout the site we use MkDocs's admonitions, to show information to readers about the products such as example, warning, tip, etc.

By default when admonitions are used they will have an English string on the site. This can be customized, without too much effort. For example if you were translating and admonition of type warning to Dutch, this is how you would write it:

!!! warning "Waarschuwing"

Downloads are a custom admonition that we use and you would write that like:

??? downloads "Downloaden"

The same goes for other types, such as tip, example etc. Recommendations are also admonitions, but they do not need overriding, because the default has no text, so they are always:

!!! recommendation

Translation software

Translation software gets the translation quite reliable. We've found DeepL works well however, attention does need to be given that the translated string is correct.

For example:

![Software logo](assets/img/path/to/image.svg){ align=right }

We have sometimes found that the syntax for inserting an image like above was missing the ![ or an extra space was placed between the text and the path, eg ](. If a translation string is clearly not correct, we encourage you to delete it by pressing the trash icon or vote which one you think sounds best. When invalid strings are deleted they are removed from the organization's translation memory, meaning that when the source string is seen again, it won't suggest the incorrect translation.

We'd like to thank the translation team who spent many hours on translating the content, that we now have. We're going to launch in Dutch, French and Hebrew.

Important Changes to Signal Registration and Registration Lock

mbananasynergy — Thu, 10 Nov 2022 00:00:00 +0000

Important Changes to Signal Registration and Registration Lock

EDIT: This change has been temporarily rolled back after discussions that took place in the Signal community. It will likely be the way things work in the future, but it seems that the old behavior is now back in place for the time being.

Signal has changed how it handles registration. This primarily affects people who are using a number for Signal that they don't have exclusive access to.

How It Used to Work

As outlined in our Signal Configuration & Hardening Guide, if you registered, set up Registration Lock, and checked into the app at least once every 7 days, nobody could use the number you'd claimed and try to re-register it for themselves without knowing your Registration Lock PIN.

How It Works Now

As outlined in this issue on the Signal-Android GitHub repository, if someone tries to register with that number and is able to get the SMS code, they can kick you out of your Signal account. At that point, you have to re-register by receiving an SMS for that number, and inputting your Signal PIN. If you are unable to do this, the Registration Lock is not enforced after 7 days. Someone who tries to register after that will be prompted to enter the Signal PIN once more. If the correct PIN is not entered, the app will prompt you to create a new PIN, and the account is wiped and the number can be claimed by a person who can receive an SMS code for it.

You can find the relevant changes in the code here.

If Alice registers number X and enables reglock, but Bob later proves ownership of number X (by registering and completing the SMS code), then Alice will be unregistered. However, if a reglock is present, Bob still won't be able to register immediately if he does not know the reglock code. This allows reglock to still function as a way to prevent someone else from taking over your account.
However, by unregistering Alice, this starts a 7-day timer. After 7 days, if Alice doesn't re-register, then the reglock is removed and Bob will be free to register the number without needing to know the reglock. But if Alice still truly does own the number, she can simply re-prove ownership and things should go back to normal for her.
This is important because phone number can (and are) re-used among cell carriers. If someone gets a new phone number from their carrier, they should not be prevented from registering with Signal indefinitely because the previous owner has reglock.
The intention of reglock is to prevent hijacking of numbers you actually own, not to guarantee the number for yourself for life.

While this change makes sense from the perspective of making it so you cannot "hold a number hostage" as long as you keep checking in, it is particularly important for people who've used disposable phone numbers to know this.

We recommend migrating to a phone number that you own and will be able to own for the foreseeable future in order to avoid getting locked out of your account and losing your contacts.

Special thanks to the Molly community who made us aware of this change soon after it went live.

New Privacy and Security Features in macOS 13 Ventura

Jonah Aragon — Thu, 27 Oct 2022 00:00:00 +0000

New Privacy and Security Features in macOS 13 Ventura

macOS Ventura was released this week, and the Apple users among us may be interested in the improvements it brings to your personal privacy and security. We always recommend running the most up-to-date version of your operating system available. Updates add privacy and security improvements all the time—and macOS Ventura is no exception. Some notable new additions to the macOS privacy ecosystem include:

Lockdown Mode
Rapid Security Responses
Passkeys

Let's venture in and see what these updates will mean for you.

Lockdown Mode

Apple's headline security feature for macOS and iOS this year was Lockdown Mode, a setting which allows you to enable much stricter security protections on your device. Designed for the rare few who are actively targeted by cyberattacks, Lockdown Mode still received widespread attention in the privacy and security space as an important attack surface reduction tool.

Enabling Lockdown Mode can be done easily in the System Settings app:

Click Privacy & Security in the sidebar.
Scroll down to Lockdown Mode and click Turn On.
Click Turn On & Restart to restart your device in Lockdown Mode.

Lockdown Mode needs to be enabled separately on each device. Lockdown Mode changes your device's behavior significantly in a number of ways. Its worth trying for yourself to see if it impacts your everyday usage. There is little downside to enabling it as its impact to most features is relatively minor in day-to-day use.

Safari

Enabling Lockdown Mode disables a number of "complex web technologies". These can impact your device's browsing performance and battery efficiency, in some cases to a significant degree. The changes to Safari include:

JavaScript's Just-in-Time (JIT) compilation features are disabled. JIT allows JavaScript code to be compiled on the fly during its execution. Disabling JIT shows performance decreases by up to 95% in some browser benchmarks, though this difference is difficult to notice in everyday browsing. Unfortunately, the added performance and complexity of JIT in JavaScript comes with a significant security cost. An analysis conducted by Mozilla indicates that over half of Chrome exploits "in the wild" abused a JIT bug, so disabling JIT can roughly cut your attack surface in half.
WebAssembly (WASM) support is also disabled. WASM was created to allow for high-performance applications on web pages; however, it can be used to fingerprint browsers to track people across websites and apps.
JPEG 2000 support is disabled. Safari is the only modern browser to support the JPEG 2000 image format, which makes its support an easy way to identify Safari users.
PDF previews are disabled. The PDF format has historically been subject to a number of exploits; this change means that PDF files will be downloaded and have to be opened in a dedicated PDF previewing app instead.

Other technologies that were disabled include WebGL, MathML, Gamepad API, Web Audio API, RTCDataChannel, and SVG Fonts. Additionally, many other external web fonts are disabled, limiting websites to only the fonts pre-installed on the device. This notably breaks a lot of icons on various websites, which are often replaced by an empty square.

Luckily, Lockdown Mode can be disabled on a per-site basis on Safari, so none of these issues should prevent you from enabling Lockdown Mode on your device. If you encounter a trusted website which breaks with Lockdown Mode enabled, you can easily add an exception for that website while keeping the rest of Lockdown Mode's protections intact.

Apple Services

Lockdown Mode also changes the way a number of different Apple services are used on your device.

Messages: Most message attachments are blocked, besides certain image, video, and audio attachments. This includes most iMessage "apps" such as in-conversation games. Link previews are also disabled.
FaceTime: Incoming calls are blocked, unless you have previously called that person or contact. This is likely in response to past FaceTime bugs, such as the exploit in 2019 which allowed an attacker to listen in on your microphone before you picked up the call.
Photos: The new Shared Albums functionality in iCloud Photos is blocked, and invitations are automatically rejected. Shared Albums do still work on any devices without Lockdown Mode enabled.

In addition to these, other Apple services like Home will reject incoming invitations unless you have previously interacted with the sender.

Device Changes

Some other device functionality is limited with Lockdown Mode enabled as well. If you have a Mac with Apple Silicon, connected devices or accessories are not allowed to connect unless your Mac is unlocked and explicit approval of the device is given. Configuration profiles can no longer be installed either, and the ability to enroll in a Mobile Device Management (MDM) system is disabled. These are enterprise management features, which are occasionally abused to control or monitor devices.

Passkeys

Passkeys are likely to be the most impactful new feature for the everyday person's security practices. Passkeys are a cross-platform standard supported by Google, Apple, and Microsoft. Based on the FIDO2 standard, passkeys are the first real effort to replace passwords as your primary mode of authentication.

Using a passkey stored on your phone is supported by most browsers in macOS, but only Safari currently allows you to use a passkey stored on your Mac. Passkeys generated on your iPhone or Mac are stored in iCloud Keychain, which is end-to-end encrypted with your phone or computer's lock screen password. In Safari, passkeys are replacing the single-device WebAuthn registration, which allowed you to use your computer as a hardware key with Touch ID.

The benefits of passkeys are fairly limited at the moment, until more services support the standard for primary or multi-factor authentication.

Rapid Security Responses

Alongside iOS 16, Apple is introducing Rapid Security Responses (RSR) to macOS Ventura. RSR allows Apple to ship small security fixes on the fly much faster than before.

Previously, releasing even a small security patch meant Apple had to release a huge multi-gigabyte update package. This was required to preserve the system's cryptographic integrity, following changes to how the system volume is handled in macOS Big Sur. With RSR, updates are much smaller, so patches can be downloaded much faster and applied more reliably.

RSR patches are applied immediately. However, they are tied to the macOS minor version they are released with, meaning you need to be on the latest available macOS update to receive them: they are not a replacement for regular updates.

What remains to be seen is which security patches will be released via RSR as opposed to standard security updates. More severe bugs, including Mach zone memory leaks and bugs which could cause kernel panics, are still likely to require a formal macOS update rather than a quick patch.

Gatekeeper Changes

Gatekeeper is Apple's primary approach to handling malware on macOS, which has historically operated as a "scan at launch" feature for newly downloaded apps. In macOS Ventura, Gatekeeper has been updated to run signature and notarization checks upon every launch of an application, as opposed to just the first launch. This should improve its malware scanning capabilities, but could potentially cause problems with apps which update themselves. This practice is common with apps distributed outside the App Store, and could lead to discrepancies between the app's code signature and actual content.

A Bug with Malware Scanners and Monitoring Tools

WIRED reported that a bug in the initial release of macOS Ventura cuts off third-party security products like BlockBlock from Objective-See from the access they need to perform system scans. There is a workaround to fix this access, so if you use tools like these you should manually check your security app to make sure it is working as intended. Apple should fix this problem in the next system update.

Final Thoughts

If you are a Mac user, macOS Ventura brings a lot of new security and privacy features to the table. We recommend upgrading to macOS Ventura as soon as possible (I already have). We'll continue to keep an eye on how security features like these are used and improved in the future, on Apple platforms and beyond.

Privacy Guides

The Future of Privacy: How Governments Shape Your Digital Life

The Future of Privacy: How Governments Shape Your Digital Life

Privacy laws are always one election away from getting better, or worse

The tools you use might depend on government funding

Which privacy and security tools could be impacted

Government funding should support civil liberties and protections

The GDPR gave you deletion features in your apps

What is the GDPR

What does the GDPR have to do with data deletion features

Chat Control wants to break end-to-end encryption

What is Chat Control

Why is Chat Control horrible for privacy, and for children

Who opposes Chat Control

Age Verification wants to collect your sensitive data

Who will decide what content should be walled online?

Age Verification undermines privacy and security

Age Verification is already here, sadly

The future of privacy

EasyOptOuts Review & Real-World Test

Background

Methodology

Initial Search

User Experience

1 Week

1 Month

3 Months

Additional Sites

Evaluation

Using Tails When Your World Doesn't Feel Safe Anymore

Using Tails When Your World Doesn't Feel Safe Anymore

What is Tails?

Why you might want to use Tails

When to use Tails, and when not to use Tails

When using Tails might help you

What you should be careful about

When you should not use Tails

Installing Tails

What you'll need

Step 1: Download Tails

Step 2: Verify the file you just downloaded

Step 3: Download and install balenaEtcher

Step 4: Install Tails on your USB stick using balenaEtcher

Step 5: Continue this tutorial from paper or from another device (if you can do so safely)

Step 6: Boot your computer from your Tails USB stick

Starting and using Tails

Using Persistent Storage

Connecting to the internet

Sharing files with others

Storing passwords

Shutting down Tails

Final notes

Consider supporting Tails and the Tor Project

The Protesters' Guide to Smartphone Security

The Protesters' Guide to Smartphone Security

Your Risks at a Protest

"Burner Phones"

Secure Your Device

Use a Strong Screen Lock

Disable Biometic Authentication

Hide Your Notifications

Minimize Your Stored Data

Disable Lock Screen Actions

Avoid External Storage

Consider Your Phone's Security Patches

Protect Against Surveillance

Disable AirDrop

Lock Down Your Network

Use Airplane Mode Frequently

Use Public Wi-Fi

Disable Location Services

Check Your Keyboard

Other Tips

Use Signal

Protect Your Access to Information

Change Your Camera Settings

Back Up Your Data

At The Protest

Keep Your Device Locked

Have a Backup Communications Network