Privacy Guides

The Future of Privacy: How Governments Shape Your Digital Life

Em — Mon, 03 Feb 2025 18:28:03 +0000

The Future of Privacy: How Governments Shape Your Digital Life

Photo: ev / Unsplash

Data privacy is a vast subject that encompasses so much. Some might think it is a niche focus interesting only a few. But in reality, it is a wide-ranging field influenced by intricate relationships between politics, law, technology, and much more. Further, it affects everyone in one way or another, whether they care about it or not.

I routinely read articles discussing changes in politics on the advocacy side of data privacy. Then, I read articles talking about changes in regulations on the legal side of data privacy. And then, I see all the articles and guides presenting new tools and privacy features on the tech side of data privacy. Of course, all of this is linked together.

Let's talk about how politics, law, and technological features are intertwined, all at once.

Privacy laws are always one election away from getting better, or worse

Each change in government can have a serious effect on data privacy legislation. Privacy is a politically charged field. For example, authoritarian regimes might want to remove or weaken privacy rights to exert strict control over their population. While democratic governments generally bring more freedom and protections to its citizens, including privacy rights. It's important to keep in mind who in the past has bettered citizen rights and protections, and who has actively worked to undermine civil rights.

Each time a new government takes power, its values will be put forward and influence legislation in place, or legislation not in place yet. While the Western world has benefited from some improvements in data privacy law for the past few years, we must consider these gains are fragile and protections could get removed or lessened at any time.

Unfortunately, it seems there is currently a political push towards deregulation, mass surveillance, and a focus on corporate gains. This is extremely worrisome for the future of privacy rights, human rights, and individual liberties.

Following politics and advocating for better privacy rights and legislation is essential in improving access to privacy tools and features around the world. Privacy is never politically neutral.

The tools you use might depend on government funding

Many privacy tools we use depend at least partially on government funding or on other tools which depend on government funding. This is especially true for open-source nonprofit organizations needing some (usually) more stable income, in addition to donations.

Which privacy and security tools could be impacted

One notable example of a privacy-related project receiving government funding is the Tor Project. If this source of funding were cut off, the impact on Tor could be quite detrimental, not only to the Tor Project but to all projects relying on Tor as well. Many privacy-focus software are built around the Tor network. To name only a few, whistleblowing software such as Hush Line and SecureDrop both utilize the Tor network to harden privacy. Briar, Cwtch, and SimpleX, are examples of messaging applications also using Tor to add a layer of security and privacy to communications. Tor is critical infrastructure in the world of data privacy.

Another important project receiving government funding is Let's Encrypt. Let's Encrypt is a nonprofit Certificate Authority providing TLS certificates to websites. It is run by the Internet Security Research Group (ISRG), which receives funding from the Sovereign Tech Agency, supported by the German Federal Ministry for Economic Affairs and Climate Action. The ISRG also receives funding from the Open Technology Fund (OTF), which receives the majority of its funding from the United States government, through the U.S. Agency for Global Media.

In current events, last month an executive order in the United States from the Trump administration led the National Science Foundation (NSF) to freeze grant reviews. This is currently impacting many important projects in the tech world, including the Python Software Foundation (PSF). The repercussions of this freeze could be devastating for many open-source projects, in privacy and beyond.

Government funding should support civil liberties and protections

Governments funding nonprofit projects and organizations working on improving human rights, civil liberties, and technological security and safety is a good thing. This can bring an important source of stable income to nonprofit projects that could not stay afloat solely from donations.

However, this dependency can become precarious when governments aren't working for the good of the people anymore, and when organizations rely too heavily on such support, making them vulnerable to change in power. Such a change of regime can have devastating repercussions on the privacy tools we use.

On the good side of regulatory influence, there are regulations like the General Data Protection Regulation (GDPR). Saying the GDPR revolutionized the world of data privacy would not be an overstatement. While many privacy regulations pre-date the GDPR, in the Western world none had the scope nor the grit the GDPR has.

The GDPR is a data privacy regulation that was adopted by the European Union (EU) in 2016 and became effective in May 2018. Its scope encompasses all of the EU member states as well as all the countries part of the European Economic Area (EEA), which together count 30 countries to this day. The United Kingdom also uses an amended version of the GDPR post-Brexit.

However, the reach of the GDPR isn't limited to Europe. Every organization based outside of the EU that is offering goods or services to, or is monitoring the behavior of, individuals located in the EU must comply as well. This means that most organizations operating worldwide, regardless of where they are located in the world, must comply with the GDPR.

As is often the case with data privacy laws, it took a few years before Data Subjects (your legal designation under the GDPR) noticed any concrete changes. One change that has become prominent in the past few years, and is likely a direct product of the GDPR, is data deletion features within apps and accounts.

An important right granted by the GDPR to Data Subjects is the Right to Erasure (or the Right to be Forgotten). Other legislation such as the California Consumer Privacy Act (CCPA) calls for a similar right, the Right to Delete. This and similar rights have existed before, but through the GDPR and its enforcement it has affected technology in a much broader and impactful way.

Slowly since 2018, applications requiring accounts have started to implement data deletion and account deletion features within the account itself. A probable reason for this is that due to the GDPR, and a now growing number of privacy regulations from various states in the United States, organizations are obligated to respond to Data Subject requests to get their personal data deleted. Managing this can be quite cumbersome for organizations. The burden of answering and implementing each data deletion request manually is often not worth the value of the data itself. Organizations with enough resources have simply added it as an internal product feature. This makes data deletion requests manageable by each Data Subject themselves (at least partially), freeing the organization from legally having to answer each individual request. When implemented properly, this is what we can call a win-win situation.

Request to delete

Unfortunately, not all applications have integrated automatic deletion features internally (yet). Additionally, some applications and accounts will allow you to delete information only partially this way.

If you wish to exercise or have questions related to your Right to Erasure or Right to Delete, first consult your local privacy regulation to check if you have this right as a Data Subject, Individual, or Consumer. Then, you can contact the organization's Privacy Officer with your request. You can usually find information about an organization's designated Privacy Officer by reading its privacy policy or privacy notice. In any case, it never hurts to ask.

Chat Control wants to break end-to-end encryption

If you are not European, please bear with me. First of all, everyone outside of Europe should care about what is happening in Europe, regardless. But even if you don't care, you should know this kind of mass surveillance proposition will inevitably leak west, and if adopted will affect us all globally.

What is Chat Control

In 2021, the EU approved a derogation to the ePrivacy Directive to allow communication service providers to scan all exchanged messages to detect child sexual abuse material (CSAM). Although this first derogation was not mandatory, some policymakers kept pushing with new propositions.

A year later, a new regulation (CSAR) was proposed by the European Commissioner for Home Affairs to make scanning messages for CSAM mandatory for all EU countries, and also allow them to break end-to-end encryption. In 2023, the UK passed a similar legislation called the Online Safety Act. These types of messaging mass scanning regulations have been called by critics Chat Control.

Why is Chat Control horrible for privacy, and for children

Such legislation might sound like a noble cause at first, but consider this: Scanning all messages exchanged for any reason treats everyone like a criminal, no matter what. This is not hunting criminals, this is mass surveillance. Not only is this horrifying for privacy rights, but it also endangers democracy. Once a system to mass monitor all written communications is implemented to (supposedly) stop CSAM, new topics to detect, block, and report could be added anytime, and by any future governments. There is nothing that would prevent much less reasonable topics from being added to the list to be filtered out at a later date.

Chat Control would hurt everyone, including the children. Not only would mass scanning of all messages be ineffective at reducing CSAM, but it would endanger the children even further by also scanning their communications. Because yes, children also communicate online. Parents also communicate sensitive information about their children online, with trusted family or doctors. All this data would get scanned and collected, only one breach away from being made public.

Protecting the children is a pretext regularly used to implement abusive regulations undermining individual liberties and protections. Do not get fooled by this demagogical stratagem. Chat Control is the opposite of protecting the children.

Chat Control would only lead to destroying the end-to-end encryption messaging features that are protecting us and the children so well already. Criminals exploiting children would simply move to underground channels, unbothered.

Who opposes Chat Control

Thankfully, opposition from experts and advocates alike has been strong. To name only a few, Meredith Whittaker, president of the Signal Foundation which develops the messaging app Signal, has taken a clear stand against Chat Control. The Electronic Frontier Foundation has also firmly opposed Chat Control legislation. In the UK, the Open Rights Group has led powerful campaigns to fight against the Online Safety Act. In Europe, privacy advocacy organization noyb and former Member of the European Parliament Patrick Breyer have both been fervent defenders of privacy rights raising relentless resistance to Chat Control.

Harmful policies such as Chat Control are a direct example of how politics can affect laws that can cause unimaginable damage to the privacy-preserving technologies we use every day.

Age Verification wants to collect your sensitive data

Another potent example of the protecting-the-children stratagem to undermine privacy rights is Age Verification legislation. In the past few years, this idea of controlling which online content should be accessible to children has raised new proposals around the world.

Age Verification policies generally start with the premise that some content should not be accessible to children online. Again, this could seem like a reasonable idea at first. Nobody would debate that children should be shielded from some type of content. Sadly, we have all witnessed how horrifying the internet can be at times. However, both the premise and methodology to achieve this goal are wrong.

Who will decide what content should be walled online?

First of all, even putting aside the fact that there is plenty of disturbing content accessible outside the internet (newspapers, television, movies, radio, advertising, etc), who would be the deciders of which specific content can be accessed by children or not? This can be extremely problematic, to say the least.

There is no objective measure to decide on this, and what might be deemed appropriate by one might not be by another. More importantly in the context of our discussion, what one government might judge appropriate might be very different from the next or previous administration.

This is again a dangerous slippery slope opening the door wide to authoritarian policies.

Age Verification undermines privacy and security

Secondly, how can age be verified online? Of course by collecting more data, on everyone. Age Verification policies don't affect only the children, they affect everyone who wants to access content online. If a website is deemed to display content that should not be accessed by children, the only way to enforce this rule would be to ask for some form of official identity verification from all adults who want to access it.

Proponents of these regulations often refer to "age assurance processes" and suppose these processes to be undoubtedly secure. Anyone familiar with data security will understand how naive this approach is. I will not go into the details here, but you probably can already see how having each private website (or third-party processor) collect such sensitive information from each visitor is horrendous for privacy rights, and data security as well. Of course, these websites or third-party "age assurance processors" will unavoidably become a large treasure trove for thieves, and their sensitive data will be inevitably leaked or stolen sooner rather than later.

Age Verification is one of the biggest privacy threats online. Continuing in this direction could ultimately lead to the end of pseudonymous browsing. Additionally, this could also mean the end of your official ID having any value at all. After all, what unique identification value does a piece of ID keep after it has been leaked in a thousand different data breaches? Maybe even one day bought on a darknet market by a curious teenager in need of accessing some website...

Age Verification is already here, sadly

Regrettably, this is not a hypothetical scare. Age Verification legislation has already passed in Australia, in the UK, as well as in many U.S. states. It is also on the table federally in the United States, Canada, France, Norway, and Europe.

There is some tenacious opposition to Age Verification policies from digital rights and free speech advocates. Unfortunately, there is also a strong push in support of Age Verification from the rapidly growing "age assurance" and identity verification industry, and from many governments worldwide moving towards a surveillance state.

Again, government values are deciding on digital features that impact our data privacy in disastrous ways. If you want to take a stand against Age Verification, you can join the Stop Online ID Checks campaign from the nonprofit organization Fight for the Future.

The future of privacy

There's a lot to be worrying about in today's privacy landscape. Unfortunately, recent political tendencies in the Western world make it difficult to stay optimistic. The trend toward authoritarian regimes and surveillance capitalism is bad news for the future of privacy around the globe.

There is no question that privacy is intrinsically intertwined with politics, and can therefore never be politically neutral. The latest decisions taken by the new U.S. administration running full speed into deregulation and defunding, growing pressure in Europe to break end-to-end encryption in favor of a surveillance state, and invasive age verification policies to censor the web and collect even more data on every netizen is admittedly frightening.

But one thing frightens me even more than all of this. One thing that could end privacy rights, forever. This threat to privacy is never far and always looming.

This threat is giving up.

Despite all the gloom menacing privacy rights, privacy will never be dead as long as we stand up to defend it. Governments might have the power to remove our privacy rights on paper and proclaim privacy features illegal. But the people have the power to keep pushing for better privacy rights and to keep developing even more robust and more accessible privacy tools.

We must continue to advocate loudly for privacy rights and all human rights every chance we have. The fight for better privacy rights is only over when we give up.

Do not give up.

EasyOptOuts Review & Real-World Test

Jonah Aragon — Mon, 03 Feb 2025 16:11:02 +0000

EasyOptOuts.com is a $19.99/year people-search site removal service which will search a number of different data broker sites and automatically submit opt-out requests on your behalf. They will perform the first search and removal process immediately, and then re-run the process every 4 months in case your data shows up on new sites over time.

Homepage

Background

People-search sites represent an immense privacy risk to the majority of Americans. For many, sensitive personal information such as your address, phone number, email, and age is a simple internet search away. While there is unfortunately no federal regulation in place to protect your data, many of these companies will remove your information from their public databases upon request. EasyOptOuts is a low-cost online service which automates these opt-out requests, saving you time and removing the need to constantly monitor new sites/databases for your personal information on a regular basis.

Privacy Guides selected this service for review based on community reviews and various reporting from organizations including Consumer Reports. In our best judgement, EasyOptOuts services consistently received the most positive feedback and results in terms of efficacy, so we prioritized its testing over other similar services due to our limited budget.

The EasyOptOuts subscription was paid for by Privacy Guides. Privacy Guides did not contact EasyOptOuts regarding this review, or request free/discounted services before conducting this review.

Methodology

Privacy Guides conducted this review with 2 volunteer subjects who agreed to allow us to use EasyOptOuts to attempt to remove their personal information from public people-search sites, then evaluate those results. Our subjects:

Are US citizens
Have never used a people-search removal service
Have never manually opted-out of people-search sites
Are homeowners
Do not live in a state with specific privacy regulations related to data brokers or people-search sites

The information we provided to EasyOptOuts:

First and last name
Maiden name (if applicable)
Birth year
Current street address
Most recent previous address (if applicable)
Current phone number(s)
Current email address

We did not provide the names of relatives as requested by EasyOptOuts, as they were not volunteers for this review. This is one potential limitation with our evaluation to keep in mind.

Disclaimer

Please note that this review is not intended to be a comprehensive evaluation of EasyOptOuts, as we are conducting this test with a very limited sample size. We do not consider our results to be statistically significant. Rather, this review should be taken as an additional "real-world" data point for you to consider when evaluating this service. We encourage you to seek out other independent reporting to consider as well before making any purchase decision.

Initial Search

Privacy Guides performed an initial search for personal information for each of our subjects on Google by searching for their first and last name in quotes, plus their current city and state (for example, "Jane Doe" Chicago IL). We then counted the number of unique results which contained their personal information in the title or description shown in Google.

Using standard engine search results is one of the most common methods of discovering personal information, and typically represents the greatest risk to most people, so measuring the number of search engine results that are removed as a result of the opt-out process is one of our highest priority measurements.

Person A (11 Google results):

411.com
thatsthem.com
blockshopper.com*
fastpeoplesearch.com
usphonebook.com
spokeo.com
truepeoplesearch.com
information.com
peoplesearch.com*
radaris.com
peoplefinders.com

Person B (10 Google results):

whitepages.com
truepeoplesearch.com
usphonebook.com
fastpeoplesearch.com
spokeo.com
radaris.com
information.com
thatsthem.com
idcrawl.com*
peekyou.com*

We also performed a manual search for their information on 15 different "high-priority" data brokers. These brokers represent either the most commonly used people-search sites, and/or cover a large number of people-search sites with their databases, so having your data removed from these companies can have an outsized positive effect on your overall privacy.

Service	Person A	Person B
advancedbackgroundchecks.com	Found	Found
beenverified.com	Found	Found
checkpeople.com	Found	Found
clustrmaps.com	Found	Found
dataveria.com	Found	Found
gladiknow.com	Found	Found
infotracer.com	Found	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Found	Found
spokeo.com	Found	Found
thatsthem.com	Found	Found
usphonebook.com	Found	Found
spyfly.com	Found	Found
Remaining Results	100%	100%

It should be noted that EasyOptOuts does not claim or advertise that they have the ability to opt you out of some of the websites above, so we do not expect 100% coverage. However, the site compatibility of EasyOptOuts is a real-world limitation of the service we think you should consider before making a decision, so we intentionally did not limit our review to only the sites they advertise support for. The sites EasyOptOuts does not advertise support for are marked with an asterisk (*).

User Experience

Registering a new account with EasyOptOuts was a very simple and easy-to-follow process. Their website does a great job explaining what is happening and why they need the data they're requesting at every step. Many of the fields are required, including your first and last name, year of birth, and precise street address. However, including your email addresses, phone numbers, and names of relatives in the search are optional. This is to be generally expected, as your precise data is needed to perform opt-out requests in the majority of cases. However, some competitors do allow you to provide a little less information, such as only your city/state instead of your exact current address, at the expense of potentially being less effective.

The only payment processor in use by EasyOptOuts is PayPal, but they've enabled the option to accept credit card payments without an actual PayPal account. PayPal does default to creating a new account for you with this information, so if you want to avoid that you should uncheck the "Save info & create your PayPal account" option at checkout.

We received a notification that the opt-out process had been completed approximately 1.5 hours after payment. This is much faster than many similar services will submit opt-out requests. However, as they note in the notification email: "Some sites remove data quickly, but some take weeks," so while the initial requests have been made, it will still take some time for them to actually go into effect.

EasyOptOuts is able to provide its service at a much lower price point than competitors like Optery or DeleteMe because they have no manual/human intervention at any point in the opt-out process. This limits the amount of websites they are able to support, however. In fact, their emailed report explicitly recommends manually opting-out of PeopleConnect (Intelius) sites at https://suppression.peopleconnect.us/login because they are not able to do so with their automated systems.

1 Week

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Found	Found
spokeo.com	Found	Found
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	33%	46%

It should be noted that some of these websites included "sponsored links" to other data-brokers in their search results. For example, while both people's data was removed from advancedbackgroundchecks.com's own internal database, the search results on advancedbackgroundchecks.com still included a sponsored link to their data on truthfinder.com, one of the websites operated separately by PeopleConnect which EasyOptOuts does not support. This means that manual intervention is still very important when using EasyOptOuts, to cover larger services like PeopleConnect which require more complex interaction.

On Google we saw some reduction, but many results with sensitive information remained. This is something we'll monitor for future updates, as these results drop from Google's caches. Once again, the sites EasyOptOuts does not advertise support for are marked with an asterisk (*) in all of these tables.

Person A (8 Google results):

thatsthem.com
blockshopper.com*
fastpeoplesearch.com
usphonebook.com
information.com
peoplesearch.com*
radaris.com
fastpeoplesearch.com

Person B (6 Google results):

truepeoplesearch.com
usphonebook.com
information.com
fastpeoplesearch.com
thatsthem.com
peekyou.com*

1 Month

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com*	Found	Found
radaris.com	Removed	Removed
spokeo.com	Removed	: Removed
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	20%	33%

Once again, we also searched for their information on Google, and we noticed a reduction in exposure to basic search engines as we expected:

Person A (4 Google results):

thatsthem.com
blockshopper.com*
fastpeoplesearch.com
peoplesearch.com*

Person B (2 Google results):

thatsthem.com
peekyou.com*

3 Months

Service	Person A	Person B
advancedbackgroundchecks.com	Removed	Removed
beenverified.com	Removed	Found
checkpeople.com	Removed	Removed
clustrmaps.com	Removed	Removed
dataveria.com	Removed	Removed
gladiknow.com	Removed	Removed
infotracer.com	Removed	Found
intelius.com*	Found	Found
peekyou.com*	Found	Found
publicdatausa.com¹	Removed	Removed
radaris.com	Removed	Removed
spokeo.com	Removed	: Removed
thatsthem.com	Removed	Removed
usphonebook.com	Removed	Removed
spyfly.com	Removed	Removed
Remaining Results	13%	23%

Once again, the sites EasyOptOuts does not advertise support for are marked with an asterisk (*). Finally, we searched for their information on Google, and there were no results from websites supported by EasyOptOuts remaining:

Person A (1 Google result):

blockshopper.com*

Person B (2 Google results):

idcrawl.com*
peekyou.com*

Additional Sites

In addition to the websites we performed an initial search with, the EasyOptOuts report we received claimed to find and remove our participants' data from the following websites. While Privacy Guides did not search all of these sites in advance of the test to validate these results independently, searching tens or hundreds of smaller sites is one of the key advantages of using an automated service like EasyOptOuts.

Person A:

We found your information and performed opt outs for the following 112 sites

411.com
advancedbackgroundchecks.com
arrestwarrant.org
backgroundcheck.run
backgroundcheckers.net
beenverified.com
bumper.com, covered by beenverified.com
centeda.com
checkpeople.com
checksecrets.com
clubset.com
clustrmaps.com
councilon.com
courtcasefinder.com
curadvisor.com
cyberbackgroundchecks.com
dataveria.com
familytreenow.com
fastbackgroundcheck.com
fastpeoplesearch.com
findpeoplesearch.com
freepeoplesearch.com
gladiknow.com
golookup.com
goreversephone.com
govwarrantsearch.org
hudwayglass.com
information.com
infotracer.com
inmatessearcher.com
kidslivesafe.com
kwold.com
mugshotlook.com
mylife.com
neighbor.report
neighborwho.com
newenglandfacts.com
numberguru.com
nuwber.com
officialusa.com
ownerly.com
people-background-check.com
people-wizard.com
peoplebyname.com
peoplechk.com
peoplefinders.com
peoplelooker.com
peoplesearch123.com
peoplesearcher.com
peoplesearchnow.com
peoplesearchusa.org
peoplesmart.com
peopleswhizr.com
peopleswiz.com
peopleswizard.com
peoplewhiz.com
peoplewhiz.net
peoplewhized.com
peoplewhized.net
peoplewhizr.com
peoplewhizr.net
peoplewiz.com
peoplewizard.net
peoplewizr.com
personsearchers.com
persontrust.com
privaterecords.net
privatereports.com
pub360.com
publicdatacheck.com
publicinfoservices.com
publicrecordreports.com
publicsearcher.com
quickpeopletrace.com
radaris.com
recordsfinder.com
rehold.com
reunion.com
reverselookupaphonenumber.com
reversephonecheck.com
sealedrecords.net
searchpeoplefree.com
searchpublicrecords.com
searchquarry.com
secretinfo.org
smartbackgroundchecks.com
spydialer.com
spyfly.com
staterecords.org
telephonedirectories.us
texasarrests.org
texasarrestwarrants.org
thatsthem.com
truepeoplesearch.com
truthrecord.org
unmask.com
usa-people-search.com
usatrace.com
usphonebook.com
usrecords.net
uswarrants.org
vehiclerelatedrecords.com
verecor.com
vericora.com
veriforia.com
verifyrecords.com
veripages.com
virtory.com
weinform.org
wellnut.com
whitepages.com
yellowbook.com

We checked the following 10 sites, but didn't find any personal information, so we didn't perform opt outs

americaphonebook.com
floridaresidentsdirectory.com
freepeopledirectory.com
northcarolinaresidentdatabase.com
ohioresidentdatabase.com
peoplewin.com
selfie.network
selfie.systems
spokeo.com
unitedstatesphonebook.com

Person B:

We found your information and performed opt outs for the following 107 sites

411.com
advancedbackgroundchecks.com
arrestwarrant.org
backgroundcheck.run
backgroundcheckers.net
beenverified.com
bumper.com, covered by beenverified.com
centeda.com
checkpeople.com
checksecrets.com
clubset.com
councilon.com
courtcasefinder.com
curadvisor.com
cyberbackgroundchecks.com
dataveria.com
familytreenow.com
fastbackgroundcheck.com
fastpeoplesearch.com
findpeoplesearch.com
freepeoplesearch.com
gladiknow.com
golookup.com
goreversephone.com
govwarrantsearch.org
hudwayglass.com
information.com
infotracer.com
inmatessearcher.com
kidslivesafe.com
kwold.com
mugshotlook.com
neighborwho.com
newenglandfacts.com
numberguru.com
nuwber.com
ownerly.com
people-background-check.com
people-wizard.com
peoplebyname.com
peoplechk.com
peoplefinders.com
peoplelooker.com
peoplesearch123.com
peoplesearcher.com
peoplesearchnow.com
peoplesearchusa.org
peoplesmart.com
peopleswhizr.com
peopleswiz.com
peopleswizard.com
peoplewhiz.com
peoplewhiz.net
peoplewhized.com
peoplewhized.net
peoplewhizr.com
peoplewhizr.net
peoplewiz.com
peoplewizard.net
peoplewizr.com
personsearchers.com
persontrust.com
privaterecords.net
privatereports.com
pub360.com
publicdatacheck.com
publicinfoservices.com
publicrecordreports.com
publicsearcher.com
quickpeopletrace.com
radaris.com
recordsfinder.com
rehold.com
reverselookupaphonenumber.com
reversephonecheck.com
sealedrecords.net
searchpeoplefree.com
searchpublicrecords.com
searchquarry.com
secretinfo.org
smartbackgroundchecks.com
spydialer.com
spyfly.com
staterecords.org
telephonedirectories.us
texasarrests.org
texasarrestwarrants.org
thatsthem.com
truepeoplesearch.com
truthrecord.org
unmask.com
usa-people-search.com
usatrace.com
usphonebook.com
usrecords.net
uswarrants.org
vehiclerelatedrecords.com
verecor.com
vericora.com
veriforia.com
verifyrecords.com
veripages.com
virtory.com
weinform.org
wellnut.com
whitepages.com
yellowbook.com

We checked the following 15 sites, but didn't find any personal information, so we didn't perform opt outs

americaphonebook.com
clustrmaps.com
floridaresidentsdirectory.com
freepeopledirectory.com
mylife.com
neighbor.report
northcarolinaresidentdatabase.com
officialusa.com
ohioresidentdatabase.com
peoplewin.com
reunion.com
selfie.network
selfie.systems
spokeo.com
unitedstatesphonebook.com

In addition, for all subscriptions EasyOptOuts says that "the following 10 sites aren't freely searchable. We always perform opt outs for them:"

acxiom.com
adstradata.com
archives.com
backgroundalert.com (searchable, but covered by lexisnexis.com, which isn't searchable)
idtrue.com (searchable, but covered by lexisnexis.com, which isn't searchable)
lexisnexis.com
oracle.com
pipl.com
thomsonreuters.com
us.epsilon.com

What this means is that EasyOptOuts will send the personal information you provide to these websites regardless of whether they have your information in the first place. While this is an unfortunate necessity if you want to ensure your data is removed from as many databases as possible, we would like to see this provided as an option during EasyOptOuts' registration process for people who would like to avoid this behavior.

Evaluation

For our final evaluation, we will look at how many of the initial Google search engine results are no longer listed after 3 months, how many results from the 15 data brokers we initially measured were removed, and how many results from the subset of the 15 data brokers that EasyOptOuts advertises support for (13 total) were removed.

The first two results are intended to benchmark the "real-world efficacy" of EasyOptOuts, i.e. how much of an impact you will immediately notice while using the service. The third result is intended to benchmark how well EasyOptOuts lives up to their own marketing claims.

	Person A	Person B
Percentage of Google search results removed	90%	80%
Percentage of high-priority data brokers removed	86%	73%
Percentage of compatible high-priority data brokers removed	100%	84%

Based on these results, I consider EasyOptOuts to be well worth the money. It made a substantial difference in the amount of real-world exposure for both subjects, with relatively little effort required. The amount of data remaining publicly accessible is a very manageable amount that can be manually dealt with afterward.

It isn't a perfect service, and even our limited testing shows that your mileage may vary depending on your individual circumstances, but any reduction in the amount of data publicly available about you is a good thing, and if you're in the United States this is certainly an option worth considering.

While writing this article, EasyOptOuts added support for publicdatausa.com. This was first applicable during the "3 month" test, where we noticed the opt-out was successful. ↩

Using Tails When Your World Doesn't Feel Safe Anymore

Em — Tue, 28 Jan 2025 03:26:21 +0000

Using Tails When Your World Doesn't Feel Safe Anymore

Illustration: Jonah Aragon / Privacy Guides | Photo: Aleksander Dumała / Pexels

There is a growing number of people who no longer feel safe in their own home or country. Whatever the reason, many people might not feel safe to browse certain topics online. With all the information getting collected for each internet search, it is difficult to access sometime vital information without leaving a trace. These digital footprints might not threaten your personal safety if you are living with a supportive family, and in a democratic and free country. However, there are situations where someone might be put in great danger simply for looking at a website.

While this guide will be applicable to many, I am writing this article with these groups in mind:

Victims of domestic violence,
Trans and queer individuals living in a hostile environment, and
Democracy and human rights activists located in regions adverse to their cause.

This article will help people in such situations learn how to browse the internet and use a computer in a more protected and anonymous way, in order to stay safe from harm.

A warning for those at very high risk

If you feel at very high risk in your home or country, and the device you are currently using to read this article could be accessed by a person or group meaning you harm, I recommend you ask a trusted ally who does not experience the same level of threat to complete this tutorial for you on their device instead. This will help with minimizing any digital traces left on your device that could endanger you.

Then, I recommend that you erase your browsing history (ideally, delete this and related websites only) and clear your browser's cache and cookies. If you have a Google account and used Google to find this article, also make sure to delete your Google search history.

Once you have securely reached out to a trusted ally to request their help, and erased your browser's data for this site, do not consult this article again if the digital traces of it might put you in danger.

If you are completing this installation for someone else, or if the device your are currently using cannot put you at risk, here's why, when, and how you can install and use the portable system Tails:

What is Tails?

Illustration: Tails / Tor Project

Tails is a portable operating system (a type of software like Windows and macOS) that is especially designed to minimize your digital footprints while using it.

The name is an acronym for "The Amnesic Incognito Live System". It is kept on a USB stick and resets itself entirely after each use (except if you enable its encrypted password-protected Persistent Storage). What is done on Tails does not leave any digital traces on the computer it is plugged into, hence "amnesic."

Additionally, Tails comes with pre-installed applications that will help increase your security and privacy online. When accessing the internet from Tails, your traffic will be automatically rerouted through the Tor network. This is a special network that makes it very difficult to identify your location or the websites you access, even from your Internet Service Provider (ISP).

However, unless you configure the Tor bridge option to hide this, your ISP will know you have been using Tor, although they will not know which websites in particular you have visited through Tor. It could have been anything. I personally use Tor when I have to visit Google Maps, just to protect my data from Google's advertising.

Why you might want to use Tails

There are many good and legitimate reasons for using Tails. Here are a few examples from the scenarios I am considering in this article:

A victim of domestic violence who needs a secure way to research and communicate with shelters or other supportive resources to plan a safe escape, without leaving traces of their activities on a device accessible to the perpetrator.
A trans or queer individual who lives with an unsupportive or hostile family and wishes to research trans or queer-related topics online, find communities, or access supportive resources without leaving any digital traces of their activities on a family device.
A democracy or human rights activist who organizes protests, communicate information online, or carry on any other activities that might have been declared unauthorized by an oppressive regime.
Any other situations where browsing the web or using a device anonymously might be necessary to protect someone's safety.

When to use Tails, and when not to use Tails

Tails protects some data very well, but it will not magically protect everything. Before using it, read carefully what it can help you with and what it cannot do.

When using Tails might help you

Browsing the web without leaving traces on your main computer.
Using a computer without leaving traces of your activities on your main computer.
Storing information and processing files in an encrypted way, away from your main computer.
Hiding which websites you visit from your ISP by using Tor, without leaving traces on your main computer.

What you should be careful about

Remember that unless you enable the Tor bridge, your ISP will know you have accessed the Tor network. Your government could request this information from your ISP. Be careful if this can put you in danger in your country. If you are not using Tails from a public Wi-Fi network, and if revealing to your ISP that you are using Tor could be dangerous to you, you should enable the Tor bridge option.
Tails cannot protect your anonymity if while using Tails you log into an account that you have already been identified with, or have used outside of Tails. While using Tails, do not log into anything that you have logged in outside of Tails.
If you communicate with others or create an account within Tails, be mindful not to share any personal details that could identify you while using Tails.
If you share any files, be careful to remove thoroughly any metadata that could identify you from the file.
If you share any pictures or videos, be extremely cautious with removing metadata and examining the picture or video to make sure no reflections or other details could inadvertently identify you.
Do not to reuse any usernames, pseudonyms, email addresses, phone numbers, profile pictures, passwords, or any other information that you have used outside of Tails.
Do not do anything that could identify you while using Tails. Assume that everything you do while using Tails could be linked together.
Be careful with using any mobile data network to connect to the internet. Information related to your mobile device could identify you.
A very powerful adversary, such as a government, could potentially reidentify some information despite you using Tails. Read more about Tails' limitations here: https://tails.net/doc/about/warnings/index.en.html

When you should not use Tails

If someone finding your Tails USB stick could put you in worse danger than not using it at all.
If you have not enabled the Tor bridge option, and your ISP or government finding out you have accessed Tor could put you in worse danger than not using it at all.
When the computer you are using Tails with might be compromised at the firmware or hardware level.
When there are cameras in your environment recording your activity on this computer.
If your computer cannot securely boot from an external USB stick.

Installing Tails

Before you start, make sure that:

The device you use for the installation is free from malware or spyware.
There is no recording software such as Windows Recall running. If there is, disable or pause it and delete your visit of this website from it.
You have a USB stick with a storage capacity of at least 8 GB. Ideally, I recommend using a fresh and new USB stick, but if this is not accessible to you, make sure you can erase this USB stick entirely and that the files on it were not sensitive or revealing information. Assume your USB stick could get seized later on and these deleted files could potentially get restored.
If you complete this installation for someone else, or if it is safe for you to do so (ordering online leaves a lot of digital footprints!), you may be interested in using a USB stick that looks more like a banal object. You can easily find cheap USB sticks on popular online stores that look like innocuous cartoon keychain charms, for example.

What you'll need

USB stick with a storage capacity of at least 8 GB.
A computer with a port compatible with your USB stick (both for installation and usage).
A computer running one of these operating systems: Apple computer with Intel processor (not M1-M2-M3) running macOS version 10.10 or later, PC with at least 2 GB of RAM running Windows 7 or later, PC with at least 2 GB of RAM running Linux.
Capacity to install new software on the computer you are using for the installation.
At least 1-2 hours of free time when you are safe and free from threats.

Hardware incompatibility

You might experience some hardware incompatibilities while running Tails (this is common for Linux-based software on Mac devices). If this happens, you will need to use a wired (or dongle) mouse, a wired (or dongle) keyboard, and a Wi-Fi adapter or an internet access you can plug in directly from an Ethernet cable.

If you need a Wi-Fi adapter, you will find a list of adapters compatible with Tails at the bottom of this page: https://tails.net/doc/anonymous_internet/no-wifi/index.en.html

Be very careful if you decide to use mobile phone connectivity, however. The data linked to your mobile device could de-anonymize you, even while using Tails. More information on this here: https://tails.net/doc/anonymous_internet/no-wifi/index.en.html

Delete your traces afterward

Depending on your situation, you might want to delete the traces of this installation after. See a To-Do list for this on Step 9.

About this tutorial

I am going to walk you through a step-by-step through the process for an installation from macOS. If you are using a computer running Windows or Linux, the steps will be similar, but the windows appearances and warnings will vary. The steps to boot from an external USB stick will also vary.

You might decide to reference the guides from the Tails website instead. Tails' installation guides are excellent.

If you encounter any issues during the installation or running processes, you can try to find support specific to your issue here: https://tails.net/support/index.en.html

Step 1: Download Tails

Visit this website and select your installation computer's operating system: https://tails.net/install/

Scroll down to the "Download Tails" section and click on the green download button. Make sure to save the installation file in a folder where you can find it back easily and not forget to delete it afterwards.

Warning

Do not save this file on your USB stick!

Always install the latest version of Tails

The download link is not shared directly here because you should always make sure to download and install the most recent version of Tails. If you read this article at a later date, the version number you will be installing will likely be higher than the number shown here.

Step 2: Verify the file you just downloaded

Scroll down to "Verify your download" and click on "Select your download to verify..."

Do not skip this step!

This step is important to ensure the file you just downloaded has not been tampered with or corrupted during the process.

Once the verification is completed (this might take a few minutes), you should see a green checkmark with "Verification successful!" followed by the file name. If you do not see this, delete the file and repeat Step 1 and Step 2.

Step 3: Download and install balenaEtcher

You will need this free software in order to install Tails on your USB stick.

Reminder

Make sure the USB stick you have has a storage capacity of at least 8 GB, and does not store any files you wish to keep. Ideally, use a fresh never-used-before USB stick.

You can download balenaEtcher from this link: https://tails.net/etcher/balenaEtcher.dmg

Open the folder where you downloaded the balenaEtcher installation file (keep it open to delete this file after the installation is completed), and double-click on the "balenaEtcher.dmg" file. Drag the "balenaEtcher.app" icon over the "Applications" folder icon when prompted from the window below:

Once the file is copied to you "Applications" folder, go on your computer's desktop and right-click on the "balenaEtcher" icon. Select 'Eject "balenaEtcher"'

Step 4: Install Tails on your USB stick using balenaEtcher

4.1. Open your Mac's "Applications" folder and double-click on "balenaEtcher.app".

Depending on your macOS version, your Mac might open a popup window saying 'Verifying "balenaEtcher.app"...'. This is normal, let it complete its verification. Next, you will likely see another popup window with '"balenaEtcher.app” is an app downloaded from the Internet. Are you sure you want to open it?'. Click "Open".

4.2. Open balenaEtcher and click on the settings gear button on the upper-right. Disable the option "Anonymously report errors and usage statistics to balena.io", then click "OK".

4.3. Eject and unplug any other external USB stick(s) or external USB drive(s) that might be plugged into your computer if possible, and plug in the USB stick you wish to erase and install Tails on.

4.4. Once it is plugged in, return to balenaEtcher and click on the "Flash from file" blue button on the left. You will be prompted to select a file. Select the Tails ".img" file you have downloaded and verified earlier.

4.5. Click on the "Select target" blue button in the middle, and select your USB stick.

Caution! Select the correct USB stick!

Make sure you are not selecting a USB stick or drive different from the one you wish to erase for Tails. All data on the USB stick or drive you select will be permanently lost. Be careful!

4.6. Once you have verified that all the information is correct, click on the "Flash!" blue button on the right.

You will see a balenaEtcher popup window saying: "balenaEtcher needs privileged access in order to flash disks. Type your password to allow this.". Type your computer's password and click "Ok".

Depending on the version of macOS you use, you might see another popup window saying '"balenaEtcher.app" would like to access files on a removable volume.'. Click "OK" and wait for the installation to start.

While Tails is getting installed, you should see a window that looks like this with "Flashing...". The operation might take a few minutes. Do not interrupt this process!

4.7. Once Flashing is completed, you will see balenaEtcher validating the installation with "Validating...". This process should be quick.

Failed validation

If the validation fails, close balenaEtcher, eject your USB stick, and try the installation process again from Step 4. You may also want to try with a different USB port or a different USB stick.

Once the installation is completed successfully, you should see a window like this with "Flash Completed!" on the left. You can now close balenaEtcher and unplug your USB stick.

Unreadable USB

If you see a notification about a USB stick that appears to be unreadable, click "Eject" and unplug your USB stick.

Step 5: Continue this tutorial from paper or from another device (if you can do so safely)

For the rest of this tutorial, you will have to shut down the computer you will be using or testing Tails with. If this is the same computer you are currently using, you will need an aternative way to keep following along with the instructions. Make sure you either:

Note the rest of the instructions in advance on something that will be easy to delete/erase/destroy after.
Open this article on a mobile device where it is not dangerous for you to visit this page.

Step 6: Boot your computer from your Tails USB stick

Warning: If the computer running Tails is a Mac with a T2 Security Chip (2018-2020):

If the computer you will be using Tails with is a Mac with a T2 Security Chip, and you receive the following message (or similar) when trying to boot your Mac from your Tails USB stick:

Security settings do not allow this Mac to use an external startup disk.

Here's how to modify options in your Mac's Startup Security Utility to make this works:

Turn off your Mac, then turn it on again and right away press and hold Command(⌘)+R, this will enter your Mac's recovery mode. The startup process will take longer than usual and you will see the screen flashing a few times, this is normal.
You will see a "Language" menu appear, select a language then click on the arrow at the bottom-right.
If your computer has multiple volumes (disks), you will be required to select one, then click "Next".
You will need to select a user you know the password for and enter it, then click "Next".
Once you see a window with 4 options, select none of these and instead go to the upper-left menu to select the "Utilities" drop-menu, then select "Startup Security Utility".
You will see an "Authentication Needed" window appear and you will need to enter your macOS user password again.
Once you see the "Startup Security Utility" window with 5 options, in the "Secure Boot" section select "No Security" and in the "External Boot" or "Allowed Boot Media" section select "Allow booting from external or removable media".

Security warning!

This reduces the security of your device because your computer could boot from anything else as well. You could "Turn On Firmware Password" at the top to mitigate this, however, if others use this device, I would recommend that you do not do this. Enabling a firmware password would require this new password to be entered each time this device starts from a different disk. This could raise a lot of suspicions if there was no password before.

Moreover, if you ever lose this password, you would be entirely locked out of this device and require an in-person service at the Apple Store to be able to keep using it.

If you want to hide that you are using Tails from the people near you, I would recommend you do not turn on firmware password. However, do know this could increase some security risks for this device.

Screenshot: Tails / Tor Project

Quit Recovery Mode

Once you have modified your "Startup Security Utility" options, click on the drop-down Apple menu (apple icon) of the upper-left, then select "Shut Down".

To boot from your Tails USB stick:

From macOS:

Shut down your computer.
Plug in your Tails USB stick.
Turn on your Mac, then right away press and hold the "Option" key (⌥ or Alt key) until you see a loading bar or a disks menu.
When you see a disks menu, select the yellow disk called "EFI Boot" or "Windows".

No disks menu?

If you do not see this disks menu, wait 2-3 minutes, shut down your computer, unplug your USB stick, plug it in another port if you can, and start the boot process over.

From Windows 8 or 10:

From Windows or the sign-in screen, click on the "Start" button.
While you choose "Power" > "Restart", press and hold the "Shift" key.
Once you get to the "Choose and option" screen, select "Use a device"
In "Use a device", select "Boot Menu" and plug in your Tails USB stick while Windows is shutting down.

Boot Step 3: No device selection menu?

If you do not see this, follow these instructions from Tails: https://tails.net/doc/first_steps/start/pc/index.en.html#boot-menu-key

Boot Step 4: No boot menu?

If Windows does not display a "Boot Menu", plug in your Tails USB stick then select it directly from the list of devices. Press "Enter".

From Linux:

Shut down your computer.
Plug in your Tails USB stick.
Identify the Boot Menu key for your specific computer manufacturer. You can see a list of the most common ones here: https://tails.net/doc/first_steps/start/pc/index.en.html#boot-menu-key
Turn on your computer and immediately press and hold this identified Boot Menu key.

Starting and using Tails

If the installation was successful and the process of booting from the USB stick went well, you will see Tails starting. You will see some grey screens, you will see some flashes, you will see some black screen with lots of white text rolling down very quickly!

Don't panic! This is normal

Once Tails has started, you will see a top menu bar with a blue wallpaper. It might take a few minutes before you see a window popping up there, this is also normal. Be patient.

The first window you should see is a window saying "Welcome to Tails!"

There, you will see language options, the Persistent Storage option, and Additional Settings options.

No keyboard! No mouse!

At this point you might realize your mouse and/or keyboard are not working. If this happens, you can use a wired (or dongle) mouse and a wired (or dongle) keyboard to fix this problem quickly. If you plug a peripheral in and it is still not working, leave all peripherals plugged in and restart Tails (see Step 6).

Using Persistent Storage

Make sure to test this feature works well multiple times before storing anything of value there. If you forget the Persistent Storage's password or if a bug occurs, you might no be able to access these files anymore. Know that you also have the option to plug in a separate (ideally encrypted) USB stick to store files on it, even while using Tails. If you encounter a problem when using Tails' Persistent Storage feature, you can troubleshoot it here: https://tails.net/doc/persistent_storage/fsck/index.en.html

If you decide to setup Persistent Storage:

Choose a long passphrase that is not something known like music lyrics or movie quotes. Choose something you do not usually say/write and that you could not Google. Choose something long and unique, that nobody else has used before, and that you will be able to remember well. Practice this passphrase in your head regularly.
After setting up Persistent Storage, you will see a window like this with additional options:

Connecting to the internet

Make sure that your Wi-Fi card, Wi-Fi adapter, or Ethernet cable is plugged in and working. On the upper-right menu bar, click on the onion icon and select "Open Tor Connection Assistant". You will see a "Tor Connection" window appear with a few options. If it is not dangerous for you to have your ISP or government know you are using the Tor network, choose "Connect to Tor automatically" then click on "Connect to Tor".

Danger!

If using Tor is dangerous for you, read more about the other options before deciding anything.

If the connection is successful, you should see this window and you will be ready to browse the internet anonymously:

There is a lot of great applications already installed on Tails to help you! You will find them listed in the "Applications" drop-menu on the upper-left top bar. One of these applications is OnionShare, which you can use to share files with others anonymously.

Storing passwords

If you are using the Persistent Storage with Tails, and need to store passwords, you can use the pre-installed KeePassXC application. This application will store your passwords encrypted, locally-only, and protected by a main password (ideally, a passphrase). Be careful however if you store important passwords in there. Remember that if a bug occurs or if you forget your Persistent Storage's password, you could lose access to all of it.

Shutting down Tails

When you are done using Tails, you should always shut it down and unplug the USB stick after.

To shut Tails down, click on the upper-right menu on the top bar, the one with the battery icon. Then click on "Power Off" at the bottom-right of the drop-menu box. Wait for the screen to turn black, then unplug your Tails USB stick.

In Case of Emergency!

In case of emergency, you can shut down Tails quickly by directly unplugging the USB stick while it is still running. This will effectively reset Tails like a normal shut down IF it was not in "Suspend" state. More on this here: https://tails.net/contribute/design/memory_erasure/

Shutting down Tails by physically unplugging it while it is still running could potentially damage your Persistent Storage. Only use this feature in case of emergency, and shut down Tails using the "Power Off" menu option whenever possible.

Final notes

Remember to delete the traces of this installation from the computer you used, once you have verified that everything works properly.

You should also remember to:

Delete the browsing history for these websites (this article, the Tails web pages, and any other related pages you have visited).
Delete cookies for these websites (or all cookies).
Delete the site data and cache for these websites (or all sites data).
If logged into your Google account, delete your Google search history for these websites.
Delete balenaEtcher, both the software and the installation files (after verifying your Tails is operational).
Delete balenaEtcher from the recently used applications list.
Empty your computer's trash bin.
Once you have completed this list and verified your installation, reboot your computer.

Consider supporting Tails and the Tor Project

Finally, if you are not personally at risk of harm by reading this article or by getting associated with Tails, I strongly encourage you to support this incredible project by donating to Tails or to the Tor Project. Tools like Tails and Tor help a lot of people in very vulnerable situations. Your support means a lot to non-profit organizations like the Tor Project to improve and maintain these tools.

Thank you for helping yourself and others to stay safe

Support Tails (if it is safe for you to do so): https://tails.net/donate/

Support the Tor Project (if it is safe for you to do so): https://donate.torproject.org/

Unless credited otherwise, all screenshots from: Privacy Guides

The Protesters' Guide to Smartphone Security

Jonah Aragon — Mon, 27 Jan 2025 20:00:00 +0000

The Protesters' Guide to Smartphone Security

Illustration: Jonah Aragon / Privacy Guides | Photo: Koshu Kunii / Unsplash

For most protesters, activists, and journalists, your smartphone is an essential tool you depend on for organizing with your peers, accessing and distributing information, and helping others. It also represents a great risk, as a tool that is easily appropriated by authorities for targeted and mass surveillance.

The perennial question when it comes to protests is whether you should bring your phone at all. If you leave your phone at home, that is probably the safest your data will get, and you will be at very low risk of being tracked by mass surveillance tools. On the other hand, your phone is a critical resource when it comes to coordinating with others, getting updates on the protest from social media, or simply documenting what is going on with your phone's camera.

If possible, bringing a separate device like a "burner phone," an old phone you can reset, or even a regular old-fashioned camera is a much better option than bringing your primary phone. Any data you don't bring with you can't be taken from you at the scene.

However, getting access to or affording devices like these aren't a realistic option for many people. Whether you decide to take your smartphone or a secondary smartphone with you to the event, this guide will cover how to maximize that device's security and minimize risks to your privacy.

Update (2025-01-27): This article has been updated based on some community feedback, notably I added the Burner Phones, Minimize Your Stored Data, Use Public Wi-Fi, and Check Your Keyboard sections.

Your Risks at a Protest

There are plenty of risks you should consider if you use your smartphone at a protest. We are going to try and cover the following in this guide:

Losing your device.
Authorities confiscating your smartphone.
Service disruption, either due to intentional interference by authorities or caused by networks being overloaded by large groups of people.
Targeted surveillance:
- Disrupting your service.
- Blocking delivery of calls/SMS to your number.
- Monitoring your unencrypted traffic.
- Monitoring communications over local radios like walkie-talkies, etc.
Mass surveillance:
- Interference with web services. Popular communication platforms like Twitter or TikTok could be throttled or blocked.
- Interference with messengers and voice services like Signal or WhatsApp.
- Authorities could use public Wi-Fi networks in the area to monitor traffic and identify nearby devices.
- Cell phone companies could provide records to authorities of devices near cell towers in the area to track and identify protesters.

Like all of our guides, we are going to cover the general best practices and provide helpful tips, but your individual situation may be different. You should always research and plan according to what you specifically are doing, and if you need legal advice you should always consult a qualified and licensed attorney.

"Burner Phones"

Cell phones are generally tracked by law enforcement using two identifiers:

Your IMSI, which uniquely identifies your SIM card
Your IMEI, which uniquely identifies your phone

Thus, simply using a prepaid SIM in your primary/personal device is not a foolproof method of avoiding tracking, because your IMEI is still correlatable between networks.

Buying a secondary, disposable device is an option that will provide you with much greater protection than bringing your personal device. However, if the threat you face is serious enough that you feel the need to do this, you should strongly consider not bringing a phone at all. Properly securing a disposable/burner phone is fairly challenging and may not be worth it.

If you do buy a secondary device for this purpose, you should buy it in-person, with cash.

Do not activate or power it on at home. The location of a phone is tracked by network carriers for at least a year at minimum, but you should assume that location history is just kept forever. Therefore, you should activate and set up the device in a very public place that is not significant to your daily life, then always keep it powered off at locations associated with you. You don't want the phone's location to ever be recorded at your home or workplace.

If possible, you should try to purchase and set up this phone well in advance. This certainly depends on your plans, but spreading out your purchase, activation, and use of the device makes it less easy to detect. It also makes it less likely that the store you bought the phone from still has security footage of your purchase.

You will also want to make sure you do not identify yourself when purchasing a cellular plan. This is highly dependent on your country, but many prepaid plans will not require any identification to activate. There are also some global eSIM providers which will accept payment without the need to identify yourself to them.

One last thing: Your secondary device should still be a reasonably modern smartphone. The security measures we cover below regarding hardware and software security still apply. Smartphones are more secure against the sort of threats that activists are likely to face—such as someone trying to crack into your device's data—than a simple/feature/"dumb" phone will be. They also have many more options for secure & encrypted communication methods that we'll cover below as well.

Using a secondary device only at the protest allows you to leave your primary device powered on and at home. This potentially provides some plausible deniability, if someone requests the location of your phone during the time of the event later.

Secure Your Device

If your phone falls into the wrong hands, the information on it could be hugely damaging to yourself or others. Make sure you've taken the necessary steps to prevent it from being broken into.

Use a Strong Screen Lock

At a bare minimum, you should use a 6-digit PIN, but ideally you should protect your phone with an alphanumeric passphrase. This prevents people from trivially accessing your data, and additionally protects your data with strong encryption.

Barring a massive security exploit (more on this later), most law enforcement tools work by essentially brute-forcing your PIN, running tons of guesses until it gets one right. This makes a long and unique passphrase your strongest protection against your data being stolen by people in possession of your device.

In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. Know your rights wherever you're located before attending a protest, so you aren't blindly following orders later.

Disable Biometic Authentication

We commonly recommend using biometric features like Face ID or Touch ID to prevent "shoulder surfing" attacks, where an attacker steals your PIN by discreetly watching you enter it, or where your PIN is recorded by surveillance cameras in the area.

However, in this situation it may make more sense to disable biometric authentication. Authorities are trained and known to use biometrics quickly to forcefully unlock your device, so you should be mindful of this fact when deciding what to do. If you disable biometrics, be wary of shoulder surfing attacks and prying eyes by obscuring or covering your phone whenever you unlock it.

Whatever you do, make sure you know how to quickly shut down your phone or disable biometrics at a moment's notice. Many phones have begun replacing the standard "hold down the power button" function with voice assistants or other features, so practice performing the actual shutdown method beforehand to familiarize yourself.

Modern iPhones require you to hold down the side button and either volume button before the power-off slider appears. Even if you don't get a chance to slide to power off, getting to this screen will at least disable biometric authentication, making your phone a bit more secure than it otherwise might be.

In the United States, it is still a legal gray area when it comes to whether law enforcement can force you to use biometrics, but many court decisions have leaned toward saying they can compel you to use your fingerprint. Using a passphrase and disabling biometrics gives you more robust 5th Amendment rights. In other countries you should again familiarize yourself with your rights in this scenario, so that you can make the most informed decision.

Hide Your Notifications

Even with your device locked, law enforcement can see everything you're up to simply by scrolling through your notifications. Reducing the amount of information accessible on the lock screen improves your security and the security of those you're messaging, so make sure your notifications are only visible when your device is unlocked.

On an iPhone:

Open Settings
Navigate to Notifications
Navigate to Show Previews
Select Never (or, When Unlocked)

On Android:

Open Settings
Navigate to Notifications
Touch Notifications on lock screen
- Select Don't show any notifications
Switch Sensitive notifications to off

Minimize Your Stored Data

The best way to protect your data is to not have it on your phone in the first place. If you're using a secondary device, simply don't install anything other than what will be absolutely necessary during the protest, like a secure messenger.

Otherwise, delete any cloud storage apps you don't need access to during the protest. If you're able to delete an app and then download it later and log in without experiencing any data loss, then that app probably doesn't need to be on your phone all the time.

Some password managers have the option to temporarily remove certain vaults from your devices, 1Password calls this Travel Mode for example. You can do this manually as well, by having a separate password manager or vault with only the essentials you will need at the time, and removing your primary password manager from your device for the duration of the event.

Disable Lock Screen Actions

In a similar vein, any functionality you have enabled while your device is unlocked can pose a security risk. It is always best practice to reduce your attack surface by disabling these options whenever possible. Even though these features are typically designed to not pose a security risk to your data, they have been known to be exploited in the past to bypass lock screens and other security features.

On an iPhone:

Open Settings
Navigate to Face ID & Passcode
Scroll to the Allow Access When Locked section
Switch all features you don't need off

On Android, disabling functionality while the phone is locked will vary widely by manufacturer. Some like Samsung provide more flexible options in their lock screen settings, but others like Google do not provide the option to disable the quick settings panel or other similar features.

Avoid External Storage

Your Android phone might have the option to store files or photos on a microSD card, but these cards are not always subject to the same encryption standards as your phone's built-in storage. You should check whether your microSD card can be encrypted in your phone's settings, although this will prevent it from being read by other devices like your computer later.

Additionally, even if it's encrypted, it still won't benefit from the same security protections that your phone's built-in storage provides, such as advanced brute-force protections. Ideally you should remove all external storage devices from your phone during the event, and save photos, videos, and other files to your phone's encrypted internal storage.

Consider Your Phone's Security Patches

Exploits against smartphones are discovered on a very regular basis, and spyware companies that work with law enforcement—like Cellebrite—abuse these exploits to crack into stolen devices. If your phone is no longer receiving regular updates from its manufacturer, you are in a very dangerous position as you may be vulnerable to the exploits used.

In general, we consider the latest iPhone and latest Google Pixel to be the most secured against this sort of threat. You can increase your security further by using a hardened alternative operating system on your Google Pixel.

Robust security information about phones from other manufacturers is less common. If you use a different device you may still consider the risks to be worth it, but if confiscation is of particular concern to you, or especially if your phone no longer receives security patches, you may want to consider leaving the phone at home.

Protect Against Surveillance

Disable AirDrop

One of the most innocuous features enabled on millions of iPhones is also one of the most dangerous for those seeking to protect their privacy in public. Apple's AirDrop protocol uses trivially bypassed security measures that authorities like the Chinese government have openly bragged about cracking to identify users since at least 2022.

You should assume that any device with AirDrop enabled is constantly broadcasting your name, email address, and phone number to everyone around you, even if you have it set to "Contacts Only." Apple has known about this flaw since 2019 and has not issued any fix.

Open the Settings app
Navigate to General
Navigate to AirDrop
Select Receiving Off

Lock Down Your Network

Your phone signals can be used to track you even if you don't make a call or send a text. Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. It is speculated that more advanced ones can intercept unencrypted text messages and phone calls as well, making the use of an encrypted messenger during the event even more critical.

While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.

On Android:

Open Settings
Navigate to Network & internet
Navigate to SIMs
Select your carrier or SIM card
Switch Allow 2G to off

You might also consider installing Privacy Cell (F-Droid / Google Play), an app that tells you whether you are connected to a cell network using the most modern security. Even the "5G" indicator on your phone alone doesn't guarantee you are using the latest-generation protocol.

On iPhone:

Open Settings
Navigate to Privacy & Security
Navigate to Lockdown Mode
Select Turn On Lockdown Mode

Note that enabling Lockdown Mode on an iPhone will change a variety of settings to harden its security. Many of them are smart improvements, but certain apps and features won't work normally, so read the previous links here for more details.

Use Airplane Mode Frequently

Even after mitigating the risks of 2G networks, your cellular activity can still be tracked. If not by law enforcement then by your carrier, who will likely be responsive to law enforcement's requests for data after the fact.

To prevent this, you should keep your phone turned off or use Airplane Mode to disable cellular connections whenever possible. Ideally you should only connect to networks in an emergency situation to communicate with others in your group, otherwise keeping messages and network transmissions to a minimum is key.

If you absolutely need internet connectivity and it's possible, you should keep Airplane Mode on and connect to a public Wi-Fi network instead, which brings me to:

Use Public Wi-Fi

If you're able, scope out businesses in the area that provide public Wi-Fi in advance. This is better than using cellular service, because less information about your device is shared with Wi-Fi networks as opposed to cell towers. Most modern phones support MAC address randomization, which makes it even harder to correlate your cell phone's connections between different Wi-Fi access points.

There is a danger that public Wi-Fi services will be set up by authorities or others in the area to track protesters. You could consider using a VPN service while connected to them to minimize the amount of metadata about your traffic that the Wi-Fi operator is able to collect.

Disable Location Services

If you have to keep your device powered on and connected, you can at least minimize the number of parties who have access to your location data. Be mindful of apps that you choose to share your location with, and consider disabling location services entirely while you're at the event.

On an iPhone:

Open Settings
Navigate to Privacy & Security
Navigate to Location Services
Switch Location Services to off

On Android:

Open Settings
Navigate to Location
Switch Use location to off

If you use an Android phone, you should also check your Google account settings to ensure location history is disabled. Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong, zero-knowledge encryption.

Check Your Keyboard

An often overlooked security risk is the software keyboard installed on your device. The best encrypted messenger in the world is no match for all of your inputs being read by third-parties as you type them.

If you are on GrapheneOS, the default keyboard from AOSP that it comes with makes no internet connections, so if you don't install a third-party keyboard you should be fine. Most other Android users are using Google's Gboard, which does make internet connections you may decide you don't trust, so you could consider installing an offline alternative. iOS users are able to control whether their third-party keyboard has network access in their system settings, although it may be wiser to not install a third-party keyboard in the first place.

This is particularly relevant to people typing in languages like Chinese or others where you use an Input Method Editor (IME) to convert Latin letters to characters in the target language. These IMEs are very often third-party apps that have full internet access.

Other Tips

Use Signal

Signal is the most secure app for sending text messages and making voice calls with others. It is also impossible to configure Signal to lower its encryption security or other security standards, so you know that everyone in your group is using settings that are safe by default.

You should turn on disappearing messages with a reasonably short interval for sensitive communications. You can do this by default in the Privacy section of Signal's app settings, and you can also do it on a per-conversation basis in each conversation's settings panel. This way there is a time limit for an attacker to crack your phone and extract your messages before they permanently disappear.

Signal is battle-tested for this situation. Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most:

Whether the user was registered with Signal
When that user registered with Signal
When that user connected to Signal last

Keep in mind that using Signal could still expose your phone's location, simply due to making a network request as we covered above. You should still keep your phone in Airplane Mode and minimize the use of Signal or any other networked app during the event.

There are other encrypted messengers, some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of metadata about your messages, such as who you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.

Protect Your Access to Information

Phones can be easily lost, taken, broken, or they can simply run out of juice. Bring a spare mobile battery or a charged power bank with you, and try to minimize your phone usage to preserve power. You should also make sure your mobile plan is topped up and you have enough mobile data prior to the event.

You should also write down the number of an emergency contact or a lawyer on a physical piece of paper, or even in Sharpie on your arm. You'll want this information easily accessible if you're arrested regardless of your phone's state or location.

Change Your Camera Settings

Check your camera settings for things which may draw unwanted attention, like the flash or a shutter sound. You should go through these settings in advance and configure it for the safest possible use.

Back Up Your Data

You should be prepared to have your phone taken or lost during a protest. You can limit the potential costs and headache to you if this happens by making sure you have an updated, encrypted backup of your data.

If you have an iPhone, you can make a local backup to a macOS computer or a Windows computer with iTunes. You can also back up to iCloud, but these backups are only secure if you enable Advanced Data Protection on your iCloud account. We strongly encourage enabling Advanced Data Protection for all iCloud users in any case, as it protects not only device backups but most iCloud account data as well.

The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one with strong, zero-knowledge encryption so that the service provider is unable to access your data.

At The Protest

Keep Your Device Locked

You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've disabled biometrics, because Face ID or similar features might unlock your device automatically when you don't want that to happen.

On an iPhone you can hold down the camera icon on the lock screen to open the camera without unlocking your device. You could also configure the Action Button to open the camera, or use the dedicated camera button on the latest iPhone model.

On a Google Pixel and most other Android devices, double-tapping the power button will open the camera without needing to unlock your device.

You should learn and/or set up device shortcuts to do things quickly, ideally while the device remains locked whenever possible, and ensure you're familiar with the shortcuts before the event.

Have a Backup Communications Network

In the event of an internet blackout, it might be a good idea to have a backup network prepared, organized with other attendees. Messaging apps like Briar can operate in a local mesh mode, connecting to other devices in the area with Bluetooth or local Wi-Fi connections instead of relying on centralized internet services. Another newer option is Meshtastic, which uses peer-to-peer/mesh radio that is much more reliable than using either Wi-Fi or Bluetooth, but requires purchasing dedicated hardware that you connect to your phone.

You might also want to consider local radios like walkie-talkies, although keep in mind these devices are nearly always unencrypted and can be easily monitored by others, so you won't want to use them to transmit sensitive information.

After The Event

If Your Phone Was Taken

If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model. Here are some instructions for common devices you can try:

If you were logged in to any online services on your phone, you should try and get them signed out. On many social media websites for example, you can go to your account's settings to see what devices are signed in and revoke their access remotely.

Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.

Be Mindful of Others

If you post your photos online, be mindful of identifiable faces or other characteristics of your fellow protesters or bystanders. Law enforcement or vigilantes use these photos to track down other attendees and arrest or harass them.

To prevent this, you can obscure the faces of anyone in the image. Most phones have built-in photo editing tools that allow you to draw on an image. Blurring can sometimes be reversed, so blocking it out entirely is generally preferable.

Be careful of the editing tools you use, and don't select highlighters or other semi-transparent editing tools. Even if you scribble over an area of a photo multiple times with a dark/black "highlighter" tool until it appears black, that can often be reversed with photo editing software by adjusting the contrast of the image. Using a shape/rectangle tool to draw a black box over areas you wish to redact is much better than trying to manually cross out image elements with drawing tools.

The Signal app also has built-in tools for photo editing and blurring. You can send a photo to yourself in the "Notes to Self" chat, then save the edited image from that chat for sharing. Signal also automatically removes photo metadata, so if you use it you're already covered with our next section:

Scrub Photo Metadata

Photos have hidden information, or metadata, embedded in them which include the type of phone/camera you used, the photo's location, and other potentially sensitive data.

You should use a metadata removal tool to remove this data from images before you share them with others. If you send a photo to someone using Signal, that app removes this metadata automatically.

Choosing the Right Messenger

Dan Arel — Thu, 23 Jan 2025 19:08:51 +0000

Choosing the Right Messenger

Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash

One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure you’re using the most secure, privacy respecting platform?

The answer actually lies in one’s threat model, which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.

The truth is, each user needs to decide what their privacy goals are. Is your goal to stop corporations from tracking you, targeting you, and profiting from your data? Or, are you are trying to hide communications from the government or law enforcement, which is common for journalists and activists who want to protect their sources or communications from government eyes?

Once you understand your goals you can start to look at messengers and their upsides and downsides, and it’s important to remember, there is no perfect solution. Each service, no matter how secure can be compromised, because at the end of the day, you’re dealing with other humans who can screenshot, copy, or forward your messages to parties you did not intend to see them. So, it’s also important to know who you are messaging, verifying their keys, and ensuring that you place the utmost trust in them with the content you are sending.

If your goal is to simply avoid corporate tracking and the harvesting of your data from your communications, you can eliminate apps such as Facebook Messenger and WhatsApp, both services owned by Facebook and while offering encrypted messaging (optional in Messenger), Facebook reads your non-encrypted messages, and WhatsApp has fallen victim to security breaches.

For this type of user, your options are much more wide as you may be more willing to share your email address or phone number at signup and can be less concerned with metadata (we will get to that shortly), and you want to look for a messenger that simply isn’t scanning your content or behavior to sell it.

If your goal is to evade more massive state-sponsored surveillance programs, the aforementioned apps are out of the question, but so are many others.

This is because when it comes to these apps, and other like it, you don’t own the encryption keys, the service does, so they are able to decrypt your messages, for their own use, or for the use of government officials who request it. This is something important you’ll want to remember as you choose the messenger that is right for you.

Even Apple’s iMessage, which is encrypted, while more secure than Facebook’s offerings, still control the keys and can access your messages if necessary. Apple does also collect data based on your behavior, so while using iMessage isn’t the same as handing your data over to Facebook, you’re still messaging with a variety of privacy vulnerabilities. On Android, you’re using SMS messages which are even less secure and can be easily hijacked by someone with just enough know-how.

Metadata

One important aspect of messaging apps you need to be sure of is what kind of metadata it exposes, what is encrypted and what isn’t.

Wire, a popular encrypted messenger app has always been criticized for its decision not to encrypt user metadata, such as the date and time of registration, IP geographical coordinates, and the date and time of creation, creator, name, and list of participants in a conversation.

Metadata can be used to place you in a certain location, speaking to a certain person and can be used against you by law enforcement, even if they have no idea and no access to what the conversation was about.

Apps such as Signal, or Wickr encrypt metadata, making the conversations between two or more parties more secure and harder to track individual users with.

When it comes to avoiding corporate data mining, your metadata won’t be as useful, especially if you’re using a service that is not profiting from your data to begin with. For those avoiding state-sponsored surveillance, metadata can be a killer.

Encryption

This article will not get into the complexities of the best kinds of end-to-end encryption (E2EE), but ensuring your messenger has it, that must be discussed.

The popular messaging app Telegram has come under fire the most for this. Telegram says on their homepage that, “Telegram messages are heavily encrypted and can self-destruct.” Yet, this statement is only partially true. Yes, you can set your messages to self-destruct, a great privacy feature for some, and yes, they do offer encryption, but what they don’t tell users is that encryption isn’t turned on by default.

In an interview with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” he continued to say that while he’s happy they offer the encryption, it’s not useful if it’s turned off.

Apps such as Signal, Keybase, and Wickr offer E2EE by default. Less popular but quickly growing apps such as Element, offer E2EE but like Telegram, have not made it a default setting, though the Matrix.org team has said that default encryption is on their road map.

Ensuring your conversations and metadata are E2EE is one of the best practices you can have when choosing a messenger.

Registration Process

When it comes to your goals and threat model, you will need to decide how much, if any, information you’re willing to give this company on signup. Do they require a phone number and or SIM card? Do they require an email address, or do they allow completely anonymous signups, and how anonymous is anonymous? Are they storing that info (remember the metadata) unencrypted?

Giving up your phone number or email won’t be a big deal for many, as any good privacy policy will state they won’t use it for any purpose other than those you’ve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. Same goes for email.

So, you will want to find a service that fits this need. While Signal is currently testing signup without a phone number, currently you’re unable to do so. Element, Wickr, many XMPP services, don’t require anything but choosing a username.

Source Code

Open source may be the most used phrase in all of privacy and security, and for good reason. It’s really helpful to be able to review the source code of the product you’re trusting. Experts can look for backdoors, leaks, and other bugs. Organizations that opt to open source their code are showing good faith effort to increase trust between them and the user.

Yet, open source can also limit your options, again, depending on your threat model and goals. Signal, Wire, and Keybase all offer open source repositories of their applications, and sometimes even the server software itself.

Open source also doesn’t mean secure. This is often misunderstood, and people hear open source and assume it must be good. Look at the apps code you want to use, you don’t need to be able to check it, but are others? An open source app that no one follows, or contributes to is no more or less secure than a closed source app.

Wickr, Threema, and others are closed source. They don’t offer the ability to check the source, but that doesn’t immediately rule them out either. When the Electronic Frontier Foundation (EFF) had a comparison chart for messenger apps, it gave Wickr 5-stars. This doesn’t mean it’s perfect for someone like Snowden, but for those avoiding Facebook and Google, it could be a usable option.

It’s also important to remember there’s no way to check that someone is always using the source code in their repository in the app or server you’re downloading from the Apple Store or Google Play. When it comes to this, reputation becomes a key player in your decision, as does trust, which we will get to next.

If you’re unsure what to do here, it’s always a safe bet to stick with open source that has a large contributor base and strong reputation. It’s always best to use open source options when they are available and only recommend closed source when there isn’t a usable open source option. This is generally a good way to pick a messenger app as well.

Ownership & Trust

An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company that’s providing your service? What would the gain or lose from selling your data and who does the company answer to?

Wire recently lost a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.

Wire also took in more than $8 million in venture capital funding. So now, users wanted to know more about who owned their data and what jurisdictional rights were changing with the move from Europe to the United States?

These are questions we must ask of all services. Wire now has investors to answer to who will want a return on their millions of dollars.

Signal on the other hand is a non-profit which does not rely on investors and instead relies on donations, sponsorships, and grants. Because of their non-profit status in the US, they must also be highly transparent about not only where the money comes from, but how they spend it. So, users can see where this money goes, and who it’s going to.

Matrix.org (the service Element uses) runs a similar business model as Signal, located in the UK instead of the US, they reply on donations, partnerships, and grants. Matrix.org is heavily supported by New Vector, a venture capital backed company, however, Matrix.org as a non-profit is transparent about its spending, income, and influences.

Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.

This can take some time, because it’s important to know who the investors are, and what the organizational goals are. Will they eventually need to resort to data harvesting to sustain itself, if they do, and you decide to leave the platform, will you leave behind data you don’t want them to get their hands on?

Making Your Choice

Now it’s time to choose a messenger and no one can do that for you. Popularity will need to play a role here, there’s no point in joining the new up and coming messenger service if you don’t have a single contact using it as well. One reason Telegram has been so popular is they have managed to convince more than 100 million people to sign up. If you sign in today, you’ll likely see a group of your friends in there. Signal isn’t as far behind, and others are catching up.

You’ll need to decide who you trust, and who your other contacts trust, and then compare all of that with your goals and your threat model. How much information are you willing to give on signup, does metadata matter to your threat model, and is the service you’re choosing likely to sell itself to the highest bidder once enough people sign up?

The important thing to remember is there is no one size fits all for messengers, and that each user must decide what is best for them. If someone is an avid WhatsApp or Facebook Messenger user, even Telegram is a step in the right direction. Yet, if that user is concerned with more than just giving data over to Facebook, they may need to look at more secure options.

Ensure you keep your messenger apps up to date. You don’t want to discover you’ve been compromised because a bug found in version 1 was fixed in version 2 but you didn’t bother upgrading your apps.

One last piece of advice is that users need to be diligent and never become complacent in their decision. You must be willing to change services if the goals and values of your messenger of choice change in a way that no longer match yours. Look for news of sales, mergers, or acquisitions that could compromise the organization.

Dan Arel is a journalist, author, and privacy advocate. This article was originally published to Hacker Noon on November 27th, 2019.

Delisting Startpage From Privacy Guides

Niek de Wilde — Thu, 23 Jan 2025 19:08:51 +0000

Delisting Startpage From Privacy Guides

Illustration: Privacy Guides | Photo: Unsplash

Dear Privacy Guides Community,

On the 15th of October, it was brought to our attention that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models. Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "has developed a pre-targeting platform that identifies and unlocks consumer intent across channels including social, native, email, search, market research and lead generation rather than relying solely on what consumers enter into search boxes."

We reached out to System1 CEO Ian Weingarten for an explanation. We received a very general response that did not address key questions.

Seemingly prompted by our ongoing concerns, Startpage released a public letter addressed to us from their CEO, and hosted a Q&A on their Subreddit to try and explain the situation. While some of our questions were answered, we noted that the company seemed to be evasive, essentially restating information from a previously published blog post or posting the same response to different questions. People had to really dig to get answers and puzzle all information together, instead of getting a clearly explained and comprehensive answer from the start. Requests for clarification to some important questions went ignored.

Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include:

The % of Startpage and Surfboard Holding B.V. (the Startpage holding company) System1 acquired in December 2018.
The current % ownership by System1 at the time of the audit (and any other major owners).
Information about Privacy One Group Ltd. Where is it registered and in what city, state and country does it operate? (We have not been able to verify registration information.)
A diagram of data flows, including flows to outside organizations, like System1, Privacy One etc.

This de-listing does not necessarily mean Startpage is violating its privacy policy. We have no evidence of that. But because there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.

Sincerely,Blacklight447Privacy Guides

2020-05-03: Startpage has answered all of our questions for them and has clarified their policies. We have decided to recommend their service again, and you can read our latest announcement for more details.

2023-10-23: This post has been edited to reflect the team's move from PrivacyTools to Privacy Guides.

Delisting Wire From Privacy Guides

Dan Arel — Thu, 23 Jan 2025 19:08:51 +0000

Delisting Wire From Privacy Guides

Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash

It has recently come to the attention of the Privacy Guides team that Wire, the popular end-to-end encryption messaging platform has been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.

Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?

Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.

This is alarming because it is well known that Wire stores unencrypted metadata for every user.

In an interview with TechCrunch, Wire CEO Morten Brøgger said of privacy laws: “We are in Switzerland, which has the best privacy laws in the world” — it’s subject to Europe’s General Data Protection Regulation framework (GDPR) on top of its own local laws — “and Wire now belongs to a new group holding, but there no change in control.” [sic]

Even if he is correct, the move and statement do bring up further questions. With Wire now being a US company with contracts partnering it with US federal authorities, will those authorities now have leverage to compel Wire to give up metadata on users? Wire has investors to answer to and will not be able to risk losing large deals with clients like the US federal government. This is of course a hypothetical situation, but one to be considered nonetheless as we decide which services to recommend on Privacy Guides.

Wire also quietly made an adjustment to its own privacy policy. A previous version of the policy (July 18, 2017) stated it would only share user data when required by law. Now (Updated September 1, 2018), it reads they will share user data when "necessary." What does necessary mean, and necessary to whom? Necessary to law enforcement, shareholders, or advertisers? The word "necessary" is an alarming change because "necessary" is purposefully vague terminology that could conceivably be used as a tool to justify any action. This change doesn't leave the user with much confidence as to when the company may share your data.

Yet another red flag, and one of the more important ones to us, was is that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”

We feel we do know, and the answer was that it was wrong. Privacy and security are not built solely on strong technology, but on trust. Yes, we can review Wire's open source code on GitHub, but we can't ever be sure that code is the same exact code that runs on their servers in practice. Yet, we have trusted them in the past because Wire had built a trustworthy reputation for themselves. We now feel that Wire has lost this reputation. By deciding to withhold information regarding its ownership and policies from its users, Wire has broken the trust our community has placed in it, and worse yet sounds almost dismissive of the worries voiced by the privacy community that had long held them in high regard.

Because of these ongoing concerns, and this break in trust in Wire's organization, Privacy Guides has made the decision to remove Wire from its recommendations. It is worth noting that does not necessarily mean Wire is unsafe, but we believe it is our duty to recommend products that we as a team feel comfortable standing behind. We need to believe in the security, privacy, and integrity of our recommendations, and we no longer feel we can do that with Wire at this time.

2023-10-23: This post has been edited to reflect the team's move from PrivacyTools to Privacy Guides.

Firefox Privacy: 2021 Update

Daniel Gray — Thu, 23 Jan 2025 19:08:51 +0000

Firefox Privacy: 2021 Update

Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash

A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has improved privacy with Enhanced Tracking Protection (ETP). Earlier this year Mozilla introduced Total Cookie Protection (Dynamic First Party Isolation dFPI). This was then further tightened with Enhanced Cookie Clearing. We’re also looking very forward to Site Isolation (code named Fission) being enabled by default in the coming releases.

Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated browser section. If you’ve got an old browser profile we suggest creating a new one. Some of the old advice may make your browser more unique.

Privacy Tweaks “about:config”

We’re no longer recommending that users set about:config switches manually. Those switches need to be up to date and continuously maintained. They should be studied before blindly making modifications. Sometimes their behaviour changes in between Firefox releases, is superseded by other keys or they are removed entirely. We do not see any point in duplicating the efforts of the community Arkenfox project. Arkenfox has very good documentation in their wiki and we use it ourselves.

LocalCDN and Decentraleyes

These extensions aren’t required with Total Cookie Protection (TCP), which is enabled if you’ve set Enhanced Tracking Protection (ETP) to Strict.

Replacing scripts on CDNs with local versions is not a comprehensive solution and is a form of enumeration of badness. While it may work with some scripts that are included it doesn’t help with most other third-party connections.

CDN extensions never really improved privacy as far as sharing your IP address was concerned and their usage is fingerprintable as this Tor Project developer points out. They are the wrong tool for the job and are not a substitute for a good VPN or Tor. Its worth noting the resources for Decentraleyes are hugely out of date and would not be likely used anyway.

NeatURLs and ClearURLS

Previously we recommended ClearURLs to remove tracking parameters from URLs you might visit. These extensions are no longer needed with uBlock Origin’s removeparam feature.

HTTPS Everywhere

The EFF announced back in September they were deprecating HTTPS-Everywhere as most browsers now have an HTTPS-Only feature. We are pleased to see privacy features built into the browser and Firefox 91 introduced HTTPS by Default in Private Browsing.

Multi Account Containers and Temporary Containers

Container extensions aren’t as important as they used to be for privacy now that we have Total Cookie Protection.

Multi Account Container will still have some use if you use Mozilla VPN as it is going to be integrated allowing you to configure specified containers to use a particular VPN server. Another use might be if you want to login to multiple accounts on the same domain.

Just-In-Time Compilation (JIT)

What is “Disable JIT” in Bromite? This option disables the JavaScript performance feature JIT. It can increase security but at the cost of performance. Those trade-offs vary wildly and are explored in this publication by Johnathan Norman from the Microsoft Edge team. This option is very much a security vs performance option.

Mozilla browsers on Android

We don’t recommend any Mozilla based browsers on Android. This is because we don’t feel that GeckoView is quite as secure as it could be as it doesn’t support site isolation, soon to be coming in desktop browsers or isolated processes.

We also noticed that there isn’t an option for HTTPS-Only mode. The only way to get something similar is to install the deprecated extension HTTPS Everywhere.

There are places which Firefox on Android shines for example browsing news websites where you may want to partially load some JavaScript (but not all) using medium or hard blocking mode. The reader view is also pretty cool. We expect things will change in the future, so we’re keeping a close eye on this.

Fingerprinting

Firefox has the ability to block known third party fingerprinting resources. Mozilla has advanced protection against fingerprinting (RFP is enabled with Arkenfox).

We do not recommend extensions that promise to change your browser fingerprint. Some of those extensions are detectable by websites through JavaScript and CSS methods, particularly those which inject anything into the web content.

This includes all extensions that try to change the user agent or other browser behaviour to prevent fingerprinting. We see these often recommended on Reddit and would like to say that they will likely make you more unique and can be circumvented. Arkenfox has a good list of extensions you could use, and a list of ones you needn't bother with. We also like to say testing sites which show you how unique you are in a set of users are often using hugely tainted results that are not indicative of real-world usage.

Special thanks to Thorin-Oakenpants and Tommy for their help with providing advice and further documentation during the research phase.

Firefox Privacy: Tips and Tricks for Better Browsing

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

Firefox Privacy: Tips and Tricks for Better Browsing

Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash

Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.

Because of all of this, we recommend Firefox as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.

Firefox is fantastic out of the box, but where it really shines is customizability. By adjusting Firefox privacy settings and using helpful add-ons, you can increase your privacy and security even further. Making those changes is what we're going to go over in this Firefox privacy guide.

Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:

Considerations

Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.

Threat Modeling

What is threat modeling? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.

We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.

Browser Fingerprinting

Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.

That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.

Firefox Privacy Settings

We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your Options page (Preferences on macOS) and we'll go through them one at a time.

DNS over HTTPS

DNS (or the Domain Name System) is what your browser uses to turn domain names like privacyguides.org into IP addresses like 65.109.20.157. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.

Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the General page of your preferences, scroll down to and open Network Settings. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider.

Keep in mind that by using DoH you're sending all your queries to a single provider, probably Cloudflare unless you choose another provider that supports DNS over HTTPS. While it may add some privacy protection from your ISP, you're only shifting that trust to the DoH provider. Make sure that's something you want to do.

It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be enabled on Firefox today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and DNSSEC are finalized and implemented.

Change Your Search Engine

This is an easy one. In the Search tab, change your Default Search Engine to something other than Google. Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of search engines we would recommend that can be easily installed as well.

Enhanced Tracking Protection

Now we'll delve into the biggest set of options for people like us, Firefox's Privacy & Security tab. First up is their Enhanced Tracking Protection. This set of filters is set to Standard by default, but we'll want to change it to Strict for more comprehensive coverage.

In rare occasions, Strict browsing protections might cause some of the websites you visit to not function properly. But there's no need to worry! If you suspect the Strict browsing protection is breaking a website you visit frequently, you can disable it on a site by site basis with the shield icon in the address bar.

Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have consider whether that's something you are willing to compromise on, on a site-by-site basis.

Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.

Disabling Telemetrics

When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under Firefox Data Collection and Use just to be safe.

Clearing Cookies and Site Data

This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.

This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.

Firefox Privacy Add-Ons

Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.

We recommend a number of fantastic add-ons for Firefox, nine at the time of writing, but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.

When you are installing add-ons for Firefox, consider whether you actually need them for your personal browsing. Remember that fingerprinting warning from earlier? Adding as many extensions as possible might make you stand out more, which is not the goal.

Keeping all that in mind, there are three add-ons I would consider necessary for virtually every user:

uBlock Origin
HTTPS Everywhere
Decentraleyes

Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.

uBlock Origin

uBlock Origin is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.

HTTPS Everywhere

HTTPS is the secure, encrypted version of HTTP. When you see an address starting with https:// along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.

Therefore, HTTPS Everywhere is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the Electronic Frontier Foundation, a non-profit dedicated to private and secure technologies.

Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS thanks to the advent of free certificates from organizations like Let's Encrypt.

Decentraleyes

When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.

Decentraleyes works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Because everything is stored locally instead of on a far away server, Decentraleyes has the added benefit of speeding up your browsing as well. Everything happens instantly, and you won't see a difference in the websites you visit.

Additional Privacy Add-Ons

There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out our desktop browsers recommendations page for further information and additional resources.

More Privacy Functionality

Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.

Firefox Private Network

Firefox Private Network is a new extension developed by Mozilla that serves as a Virtual Private Network (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.

Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. We wrote an entire article on choosing a VPN provider that is worth a read, but it boils down to the fact that your VPN provider will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case Cloudflare, the operators behind this service.

Additionally, unlike a traditional VPN, only data through the Firefox browser is protected, not every app on your machine. This means that it won't adequately protect you from many of the threats people typically want to protect against when they use a VPN, like IP leaks.

And finally, Cloudflare and Mozilla are both US companies. There are a number of concerns with entrusting internet traffic to the US and other fourteen eyes countries that should not be overlooked.

If you require a Virtual Private Network, we would look elsewhere. There are a number of recommended providers like Mullvad that will provide a better experience at a low cost.

Multi-Account Containers

Mozilla has an in-house add-on called Multi-Account Containers that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.

A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.

Additional Resources

Desktop Browsers (Privacy Guides) — Our comprehensive set of recommendations for browsers and tweaks you can make to enhance your privacy is a great next step for more advanced users looking to protect their privacy online.

arkenfox user.js — For more advanced users, the arkenfox user.js is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".

Mozilla's Privacy Policy — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.

Firefox Privacy Summary

In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.

For more Firefox privacy-related information, or for recommendations for non-desktop platforms, give our full page on web browsers a read.

"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

"Privacy-Preserving" Attribution: Mozilla Disappoints Us Yet Again

Image: Unsplash

"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128.

Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

It seems that 6 years after the Mr. Robot extension debacle, Mozilla still hasn't learned their lesson about sneaking unwanted advertising and features onto our computers.

We already know from Google's Privacy Sandbox that simply adding "privacy" to the name of your feature does not make it private. While Mozilla claims that the "Privacy-Preserving" attribution aims to provide a more privacy-friendly alternative to ad tracking, there are a plethora of issues with this new (anti-)feature that are worth examining:

Misaligned Incentives

Mozilla's decision to implement PPA in Firefox highlights a growing trend among user agents (browsers) to grant preferential treatment to the advertising industry over all other businesses.

All websites on the internet—including ad networks!—are guests on our computers, and the content they provide are merely suggestions for a user agent to interpret and show us how it chooses. This has always been a fundamental truth of how the internet works, and enables many great things: from highly-accessible text-based web browsers to the ability to block trackers and other unwanted bloat on the websites you visit. By baking in software that's tailor-made for the advertising industry, Mozilla is wrongly asserting that the advertising industry has a legitimate interest in collecting your data and tracking you across the internet over all other parties, including over your own interests.

The advertising industry and Google in particular have been trying their hardest to reverse this dynamic, to turn browsers into a locked-down piece of viewing software under the total control of the servers it's accessing. Mozilla is the organization meant to protect us from the ever-encroaching desires of industry to control and track what we see online, but instead they're continually giving in to the idea that user agents should serve website operators and ad-tracking networks instead of users.

Mozilla constantly fails to understand the basic concept of consent. Firefox developers seem to see their position as shepherds, herding the uninformed masses towards choices they interpret to be "good for them." Firefox users are not a captive audience that needs to be coddled, they are generally full-grown adult computer users who need to be listened to.

One Mozilla developer claimed that explaining PPA would be too challenging, so they had to opt users in by default.

The reality is that it isn't simply a privileged minority of users who care about surveillance tracking software being built in to their browsers.

Firefox users are fully capable of understanding basic concepts like tracking, and can make an informed decision about whether they want their browser to track them. Mozilla refuses to acknowledge this, because it's in their best (financial) interest to get as many people as possible to use this feature.

At the end of the day, Mozilla knows this feature isn't something that Firefox users want. If they truly believed this was the one path away from the constant data theft perpetuated by the advertising industry, they would've announced this loudly and proudly. They could've given the privacy and general Firefox communities ample time to scrutinize the protocol beforehand.

Instead, they buried the announcement in a two sentence blurb at the bottom of the release notes, 5 months after they posted a very brief blog post talking about this technology which was likely ignored by the vast majority of Firefox users.

False Privacy

Let's ignore all of this though, and say you don't care that Mozilla is selling out to advertisers, as long as the feature is actually more private than the current status quo. PPA still isn't the answer we are looking for.

The simple truth is that the "Distributed Aggregation Protocol" Mozilla is using here is not private by design.

The way it works is that individual browsers report their behavior to a data aggregation server (operated by Mozilla), then that server reports the aggregated data to an advertiser's server. The "advertising network" only receives aggregated data with differential privacy, but the aggregation server still knows the behavior of individual browsers!

This is essentially a semantic trick Mozilla is trying to pull, by claiming the advertiser can't infer the behavior of individual browsers by re-defining part of the advertising network to not be the advertiser.

It is extremely disingenuous for Mozilla to claim that Firefox is adding technical measures to protect your privacy, when the reality is that your privacy is only being protected by social measures. In this particular case, Mozilla and their partner behind this technology, the ISRG (responsible for Let's Encrypt), could trivially collude to compromise your privacy.

Uselessness

Finally, there is no reason for this technology to exist in the first place, because tracking aggregate ad conversions like this can already be done by websites without cookies and without invading privacy, using basic web technology.

All an advertisement has to do is link to a unique URL: Instead of linking to example.com one could link to example.com/ad01, and the website operator simply has to track how many people visit the ad01 page on their end.

In contrast to the amazingly complex PPA setup Mozilla is pushing, this is a perfectly viable alternative that advertisers could easily adopt today. The reason they do not is simply because they have an insatiable need for as much of your data as possible.

Disabling PPA

Firefox users should disable this feature:

Open Firefox's settings page at about:preferences
In the Privacy & Security panel, find the Website Advertising Preferences section.
Uncheck the box labeled Allow websites to perform privacy-preserving ad measurement.

There are also plenty of other web browsers you could choose from, if you're growing tired of Mozilla's behavior in recent months. Between their foray into generative AI and their business acquisitions in the advertising industry itself, I certainly wouldn't blame you.

PPA is an additional privacy attack surface that has no value for end users whatsoever, as its sole purpose is to give data to the advertising industry for nothing in return. Instead of focusing their efforts on compromising with advertisers, Mozilla could work to actively block unwanted data collection. Because they aren't blocking any of the myriad of ways advertisers currently track you, Mozilla is not acting in your best interest here.

For a browser and organization which has built its reputation entirely on protecting user privacy, these moves are really eroding the trust of its core user base. We hope that Mozilla will listen to the overwhelming user feedback surrounding this feature and their other endeavors, and consider whether these recent actions are aligned with their core mission of putting users first.

Discuss this article on our forum, or leave a comment below.

Privacy Guides Partners With MAGIC Grants 501(c)(3)

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

Privacy Guides Partners With MAGIC Grants 501(c)(3)

Illustration: Jonah Aragon / Privacy Guides

In February, the OpenCollective Foundation (OCF)—our fiscal host of 4 years—sent us an email to announce that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another fiscal host.

We're excited to announce a partnership with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.

This last point is important, because we want to ensure Privacy Guides is never fully reliant on a single individual like myself. This setup ensures Privacy Guides never strays from its mission of providing free and accessible privacy and security resources to protect consumers.

Of course, all of our projects including the open-source Privacy Guides website, our communities, and this blog remain editorially independent and volunteer led. This partnership only affects our administrative platform behind the scenes.

MAGIC Grants was the right choice for our project for a number of reasons:

They are a 501(c)(3) non-profit, which allows us to retain our tax deductible status in the United States, and means there are legal safeguards in place to prevent Privacy Guides from being used for personal profit.
They've provided us with a great deal of flexibility and independence over how we run our project, and added many safeguards to ensure the current Privacy Guides team retains ultimate control over the project. This means that nothing about Privacy Guides will change, now or in the future, due to outside influence.
They've generously offered to provide their services to us for no fee, in support of our shared core mission of creating great educational materials.

Finally, unlike OCF, MAGIC Grants is extremely flexible when it comes to accepting cryptocurrencies. Previously we have not been able to accept cryptocurrency donations, because OCF did not have the accounting tools in place to handle such transactions. MAGIC Grants is highly experienced in the cryptocurrency—and especially Monero—space, and we will be able to accept completely private donations through that very soon.

Donations to Privacy Guides are considered restricted contributions which may only be used under the Privacy Guides Fund agreement we have with MAGIC Grants, and not for any of MAGIC Grants’ other endeavors. You can make a general donation to MAGIC Grants on their website.

We considered forming our own organization, but estimated that the initial costs to do so would meet or exceed our current annual budget, which wasn't financially viable. We have reserved the right to spin off as an independent non-profit, or to transfer to another fiscal host in the future, if we feel it would be beneficial to do so.

Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.

Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.

If you like what we do, please consider contributing to our project at https://www.privacyguides.org/en/about/donate/.

Read more about the Privacy Guides Fund announcement on MAGIC Grants' blog.

Relisting Startpage.com

Privacy Guides — Thu, 23 Jan 2025 19:08:51 +0000

Relisting Startpage.com

Illustration: Privacy Guides

Dear Privacy Guides Community,

In October 2019, we learned that System1 had become the majority shareholder in Startpage.com via a new System1 subsidiary, Privacy One Group. Due to the uncertainty surrounding the acquisition and the initial lack of clear communication from the Startpage team towards the privacy community, we were forced to delist Startpage from our search engine recommendations. In an explanatory blog post, we asked for more clarity surrounding the situation, stating:

...there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.

Shortly after this, the Privacy Guides team was able to get an open line of communication with Startpage.com CEO Robert Beens, who vocalized his regret for not answering our questions more quickly and providing more clarity to the community from the start. From their perspective nothing fundamental had changed due to the acquisition, except that they would now have the resources to market Startpage efficiently thanks to System1. Unfortunately, Startpage failed to put themselves in the place of their users, and understand that their lack of transparancy at the beginning would erode the trust they shared with the privacy community.

By December, Startpage had responded to our questions. More recently they also clarified that System1's privacy policy does not relate to Startpage; Startpage's privacy policy remains unchanged:

Having a new shareholder in the company will not change any aspect of the privacy we offer. We are a Dutch company and will continue to be so, fully complying with Dutch and EU privacy regulations (GDPR). We don’t store or share any personal data. No change either. Our clear privacy policy will stay the same. Management / founders (including myself) continue to have an important stake in the company and will continue to be fully committed to our privacy mission!

They also created new support pages clarifying the privacy implications of System1's relationship with Startpage:

Additionally, Beens joined an interview with Techlore in February answering his questions and further questions from the privacy community.

We prepared a merge request in December for relisting Startpage in case we decided to do so, but did not have plans to merge it until the whole team felt confident (which we knew would take time). 5 months later, we sync'd up as a team, and decided to re-list them (with a warning explaining these events) which you can now find on our website here. Our confidence and trust in Startpage has grown, and we're appreciative of Startpage's cooperation and willingness to address the concerns of our community.

We also hope this encourages any services that may end up being delisted for one reason or another to take action and improve themselves in this same fashion. We don't like delisting the services we've previously trusted and recommended, and we are always happy to see when steps are taken to regain community trust.

2023-10-23: This post has been edited to reflect the team's move from PrivacyTools to Privacy Guides.

Security, Privacy, and Anonymity

Nate Bartram — Thu, 23 Jan 2025 19:08:51 +0000

Security, Privacy, and Anonymity

Image: Unsplash

We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize? To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Furthermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and aren’t offering you so that you can use them correctly.

There’s lots of ways to define privacy, security, and anonymity. Someone showed me this definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:

Anonymity: The sender and/or recipient's real ID is unknown

In the real world this could be a secret admirer sending a Valentine's Day card. Online this could be when ones "footprints" cannot lead back to the poster: e.g. Tor.

Privacy: The contents of the message can only be seen/heard by the intended recipient(s)

In the real world this could be a whispered conversation between two people in the middle of Siberia. Online this could be a Signal message, which is end-to-end encrypted and only the recipient & sender can read the contents.

Security (in the context of privacy/anonymity): The parties involved are who they say they are

In the real world this could be something unique and verifiable such as a passport or fingerprints. Online this could be certificates or PGP signatures.

These topics often overlap: Privacy can help your security because if people don't know information about you, they can't effectively target you. For example, an attacker that doesn't know who you bank with cannot know which bank to target. Security can protect your privacy by forcibly controlling who has access to that information about you. Let’s take a few examples:

Security without Privacy or Anonymity

The most obvious example of this that comes to mind is Google. Google has had almost no major data breaches in all their years of existence, yet they know almost everything about everyone to the point that the former CEO Eric Schmidt remarked "We can more or less know what you're thinking about." Google offers world-class security with zero privacy or anonymity.

Security and Some Privacy without Anonymity

Consider the renowned encrypted messaging app Signal. Because your phone number is required, you can be unmasked by a court order or even a web search depending on the phone number you use. However, Signal is renowned for having some of the best security in the world, and the content of your messages and the information you transfer will be protected and controlled even if your identity is not. Top-notch security and privacy over the content of your messages, but anonymity cannot be guaranteed.

Anonymity without Security

Cash is a great example of this. Paying for a product in cash preserves your anonymity - unless the business requires it, you don't have to give any kind of information at all. Yet, you have no security if the seller doesn't deliver the item (unless you have a receipt). You have no protection from fraud or anything like that.

Security with Privacy and Anonymity

XMPP is arguably the best example of this. XMPP allows you to sign up without any real information, over a VPN or Tor connection for total anonymity. Additionally, the conversations can be protected by OMEMO encryption, meaning the data itself is also private. When used properly, this is as closed to perfect as you can get, if a bit user-unfriendly. (Editor's note: XMPP is not officially endorsed by Privacy Guides for the reasons listed here.)

Closing Thoughts

These three concepts are not necessarily dependent on each other. A secure product does not guarantee privacy, a private product does not guarantee security, and anonymity does not guarantee either. As I said before, there is nothing wrong with valuing one facet over another. It's also okay to use Signal even though it doesn't give you total anonymity. Just be sure you understand how a product is meant to be used and where it both shines and falls short. It would be awful to use Google thinking that it will give your communications total privacy and then your financial details get stolen by a rogue employee. Or if you used a service like Signal to organize protests in a hostile country only to be arrested once your phone number is unmasked. Know the limitations of the services you choose and decide what features are important to you. It’s also important to know that privacy and security are sliding scales. This could be an entire blog post on its own. Think of passwords. Any password – even “password” - is technically more secure than no password at all. But a 16-character randomly-generated password is even more secure than “password.” Sometimes it’s okay to find a solution that offers a blend – less privacy in one area in exchange for more security in another, or vice versa. Once again, it all comes back to your threat model, your needs, and your resources.

Originally published on The New Oil.

The Trouble With VPN and Privacy Review Sites

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

The Trouble With VPN and Privacy Review Sites

Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash

There’s a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy The Greatest Service Ever in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their “reviews” are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping you’ll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.

When a seemingly “unbiased review” on a site is merely a paid advertisement in disguise, that website is breaking their reader’s trust. From a consumer’s point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.

This isn’t going to be a lengthy blog post on advertising being bad, far from it. In fact, many of the VPN providers we recommend on Privacy Guides engage in responsible advertising across various platforms. The key is transparency: Their advertisements should look like advertisements, and nothing else.

I’m really looking to take the time here and identify “the bad” sites and resources that use these techniques to profit off a community just looking for reliable answers. Lots of sites like these will claim they’re acting in your best interest, but they’re just here to make money.

One common thing I’ll see on these sites is a ranked list of providers that are ostensibly the best ones to choose from. These sites have supposedly done all the work for you, so you can just click and go, assured you’re making the right choices.

So here’s my issue with ranking VPN providers: Let’s face it, VPN providers are all offering the same service, and they will either protect your information or they won’t. Ranking providers like this only serves as an easy way to guide users to a certain choice (in this case, the choice that will make the reviewers the most money).

Let’s look at one of these “review” sites for example, which will go unnamed for the purposes of this article. On their homepage they prominently list 10 providers as the “best” VPN services, in this order:

NordVPN
Surfshark
ExpressVPN
PerfectPrivacy
IPVanish
Mullvad
CyberGhost
Trust.Zone
ibVPN
Private Internet Access

To their credit, this review site also helpfully included an advertising disclosure in their footer. On this fairly well hidden away page, they note that they participate in affiliate programs from 8 providers, as follows:

NordVPN
SurfShark
ExpressVPN
Perfect-Privacy
IPVanish
CyberGhost
Trust.Zone
Private Internet Access

Hmm. Look familiar? Of the 73 providers this site had reviewed at the time of writing this article, all eight of the VPN providers paying this review site happened to make their top 10 recommendations. In fact, you’d have to scroll down to #6 before you found a provider that wouldn’t pay them, practically buried.

Furthermore, their list includes NordVPN, a company notable for not disclosing security breaches in a timely fashion, and ExpressVPN, a provider notable for using weak 1024-bit encryption keys to protect their users. By any objective standard, these providers do not deserve to be included in a top 10 recommendations list for securing anybody’s information. This review site in particular claims to have set criteria for their recommendations, but this just demonstrates that any criteria can be adjusted to fit any goal you may have.

If these sites truly wanted to be helpful, they would consolidate all the relevant information and present it to their users without making the choice for them. A provider is going to be better or worse for every user depending on their particular situation, and encouraging making an informed choice between options presented equally is far more beneficial to putting one over the other in a largely arbitrary fashion.

But that isn’t to say they should just throw all the providers in a big table and call it a day. Almost worse than the ranking scheme above is when sites provide out of context lists of providers, often just with pricing and a link. Sometimes they will link you to a full review (more on that in a bit), but for the most part these sites just expect you to follow their recommendations blindly.

These read like advertisements, because they usually are. Once again we see the usual suspects — NordVPN, ExpressVPN… — paraded as the gold standard in the VPN space, not out of any inherent value, but based on the value of their affiliate programs. To further this point, let’s take a look at how much each of the five providers above will pay you for a referral (on a one-month plan).

ExpressVPN: $13 for first month
NordVPN: $11.95 for first month
VPNArea: $4.95 for first month
VPN.ac: $2.90 for first month

Unfortunately, Perfect Privacy would not share their commission rates publicly, but if anyone has any information on that I’d be happy to receive it. What I will say is that based on the information above, I would not be surprised if it fell right between ExpressVPN and NordVPN’s rates. Their one-month plan costs $12.99, so assuming a 100% match on the first month (the standard from NordVPN and ExpressVPN) that would add up quite nicely.

Once again, we see a lineup of providers ordered in a way that conveniently pays the most to the website owner. And therein lies the issue with affiliate programs. Once you begin receiving financial compensation on a per-signup basis, you are now motivated to push the most users to the sites that pay more on a monthly basis, rather than the sites that will actually help the user.

Occasionally, these recommendations are coupled with a “review” that is supposedly independent and unbiased, but in reality are simply more marketing tools to persuade you towards their opinions. In most cases, these reviewers will simply copy the VPN provider’s own press releases and even media, presenting their advertising as fact to their readers. These reviews are always hidden away as well, with main navigation links directing users towards the more affiliate-link-laden lists and tables that they’d much rather you browse. The true value of these review articles is the Search Engine Optimization (SEO) advantage they bring in the rankings on Google, and not much more. More traffic = More clicks, at the expense of good, independent content and integrity.

Originally, this article contained a section about how ‘ThatOnePrivacySite’ was the last bastion of a hope in the VPN review world. However, that has since sold out to ‘Safety Detectives’, a site guilty of using all the affiliate tricks mentioned above. Goes to show, eh?

At Privacy Guides, we’ve developed a set list of criteria, and we make that abundantly clear when you read our list of recommended VPN providers. We also refrain from using affiliate links. As we’ve discussed, they are fundamentally flawed ways to market a service, and using them would break the trust our community has in our recommendations.

We do have a sponsorship program, but all of our finances are handled in an incredibly transparent fashion. As a non-profit organization, the funding we receive cannot be used for private profit, and our community can see both where we receive money from and how it is being spent thanks to Open Collective. Additionally, the recommendations on our site are handled by an entirely separate team of editors and contributors than the administrative team such as myself that handles the sponsorships and finances. The editors have sole control over our recommendations and operate entirely independently and on a volunteer-basis to ensure the choices we make are for the benefit of the privacy community over one individual.

Ultimately, as a matter of policy our sponsors have no say over our recommendations, or whether they are recommended or a competitor is removed. We have given our community vast access to our website and internal workings to keep us in check and ensure we’re staying true to our word. This separation of management and editors is a strategy that has served the media industry well for decades, and makes all of our team and organization a more credible and trustworthy source of information.

Summary

We have a lot of points we want to get across. The current landscape of privacy reviewers and “experts” weighing in on topics regarding the very companies that pay for their reviews is morally reprehensible, and just another way for big tech companies to collect all of our data more easily.

Review sites should make it abundantly clear when their reviews are paid for by the VPN companies in any fashion, whether that be via affiliate programs or good old-fashioned sponsorships. This can’t be via a hidden-away disclosure in the footer or not published at all, but clear and close in proximity to the claims published on their site. Customers are not expecting or seeking out these disclosures when they visit review sites, and can’t be expected to immediately discern whether you’re speaking from a place of unbiased fact, or from a place with the greatest financial incentive. Better yet, they should reconsider their entire business model. Our site is based solely on a community donation model that still keeps us sustained. It’s the more difficult way to build a site to be sure, actually working to gain the trust of a huge community, but the difference in quality and integrity is remarkable.

VPN providers should consider spending less money on paid reviews, and more money on securing and validating their infrastructure. Regular security audits are one fantastic way for companies to demonstrate their dedication to keeping their users secure. We strongly believe VPN services should consider our criteria, especially in regard to the ownership of their organization. Your VPN provider should not be hiding away in Panama controlled by anonymous leadership. While you as a user deserve privacy, transparency should be required of providers if you are expected to trust them. I would not give my money to some anonymous overseas investor, why would I give all of my internet traffic to some anonymous overseas administrator?

Finally, when you’re choosing a VPN provider, do your own research. Understand what a VPN actually does for you. Understand what it is a security audit proves, find out who owns and operates the VPN service you want to use, and make sure their policies and technologies reflect your values. Ultimately gathering the information yourself and making an informed decision is the only way to make sure your privacy is being respected.

Welcome to Privacy Guides

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

Welcome to Privacy Guides

Illustration: Jonah Aragon / Privacy Guides

We are excited to announce the launch of Privacy Guides and r/PrivacyGuides, and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.

As we announced on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and growing issues with the .IO top-level domain. As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.

We chose the name Privacy Guides because it represents two things for us as an organization: An expansion beyond simple recommendation lists, and a goal of acting as the trusted guides to anyone newly learning about protecting their personal data.

As a name, it moves us past recommendations of various tools and focuses us more on the bigger picture. We want to provide more education — rather than direction — surrounding privacy-related topics. You can see the very beginnings of this work in our new page on threat modeling, or our VPN and Email Provider recommendations, but this is just the start of what we eventually hope to accomplish.

Website Development

Our project has always been community-oriented and open-sourced. The source code for PrivacyTools is currently archived at https://code.privacyguides.dev/privacyguides/privacytools.io. This repository will remain online as an archive of everything on PrivacyTools up to this transition.

The source code for our new website is available at https://github.com/privacyguides/privacyguides.org. All updates from PrivacyTools have been merged into this new repository, and this is where all future work will take place.

Services

PrivacyTools also runs a number of online services in use by many users. Some of these services are federated, namely Mastodon, Matrix, and PeerTube. Due to the technical nature of federation, it is impossible for us to change the domain name on these services, and because we cannot guarantee the future of the privacytools.io domain name we will be shutting down these services in the coming months.

We strongly urge users of these services to migrate to alternative providers in the near future. We hope that we will be able to provide enough time to make this as seamless of a transition as possible for our users.

At this time we do not plan on launching public Matrix, Mastodon, or PeerTube instances under the Privacy Guides domain. Any users affected by this transition can get in touch with @jonah:aragon.sh on Matrix if any assistance is needed.

Other services being operated by PrivacyTools currently will be discontinued. This includes Searx, WriteFreely, and GhostBin.

Our future direction for online services is uncertain, but will be a longer-term discussion within our community after our work is complete on this initial transition. We are very aware that whatever direction we move from here will have to be done in a way that is sustainable in the very long term.

r/PrivacyGuides

PrivacyTools has a sizable community on Reddit, but to ensure a unified image we have created a new Subreddit at r/PrivacyGuides that we encourage all Reddit users to join.

In the coming weeks our current plan is to wind down discussions on r/privacytoolsIO. We will be opening r/PrivacyGuides to lots of the discussions most people are used to shortly, but encouraging general “privacy news” or headline-type posts to be posted on r/Privacy instead. In our eyes, r/Privacy is the “who/what/when/where” of the privacy community on Reddit, the best place to find the latest news and information; while r/PrivacyGuides is the “how”: a place to share and discuss tools, tips, tricks, and other advice. We think focusing on these strong points will serve to strengthen both communities, and we hope the good moderators of r/Privacy agree.

Final Thoughts

The former active team at PrivacyTools universally agrees on this direction towards Privacy Guides, and will be working exclusively on Privacy Guides rather than any “PrivacyTools” related projects. We intend to redirect PriavcyTools to new Privacy Guides properties for as long as possible, and archive existing PrivacyTools work as a pre-transition snapshot.

Privacy Guides additionally welcomes back PrivacyTools’ former sysadmin Jonah, who will be joining the project’s leadership team.

We are not accepting sponsorships or donations at this time, while we work out our financial plan. We will be in touch with existing sponsors on PrivacyTools’ OpenCollective to determine what the best way forward is soon.

We are all very excited about this new brand and direction, and hope to have your continued support through all of this. If you have any questions, concerns, or suggestions, please reach out to us. We are always happy to receive guidance and input from our community! ❤

Privacy Guides is a socially motivated website that provides information for protecting your data security and privacy.

We've Joined the Open Collective Foundation 501(c)(3)

Jonah Aragon — Thu, 23 Jan 2025 19:08:51 +0000

We've Joined the Open Collective Foundation 501(c)(3)

Illustration: Jonah Aragon / Privacy Guides

Privacy Guides provides knowledge, recommendations, and services to protect you against global mass surveillance programs and encourage self-control of your data online. Our website is free of advertisements and is not affiliated with any listed providers, because we believe that our ability to recommend solutions without receiving financial kickbacks is incredibly important in remaining unbiased.

However, we have always accepted and solicited financial contributions from our community. Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.

Today we are building on our transparency efforts by joining OpenCollective, a platform which will allow us to accept contributions and create expenses completely transparently. We are being sponsored by a fiscal host, the Open Collective Foundation, a nonprofit organization whose mission is to promote access to educational resources like ours.

The Open Collective Foundation is a 501(c)(3) organization that is collecting these contributions on our behalf. Because of this, contributions to Privacy Guides through OpenCollective are tax-deductible for US taxpayers.

Your support of this project will help us keep our servers running and pay for other various expenses accrued by the team while developing this community platform. We do not operate Privacy Guides for personal profit, and all funds will be used to further our mission in one form or another.

Please consider contributing at opencollective.com/privacyguides if you like what we do.

Why I Decided to Run a Tor Relay

Sam Howell — Thu, 23 Jan 2025 19:08:51 +0000

Why I Decided to Run a Tor Relay

Illustration: Tor Project

It makes me smile when I come across someone struggling with the decision of whether to get a VPN. It makes me smile not because of the indecision and relative lack of knowledge, but because it wasn't so long ago I was in exactly the same position—perceiving VPNs to be some kind of extreme measure only the paranoid and the criminal resorted to. How wrong I was.

In just a few months I've come to realize that something like a VPN is in fact a basic measure one might take in the effort to more freely roam the Internet—tainted as it is by censorship, surveillance and many other forms of state control. So where do you go from realizing these issues if you know them to be the threats that they are to democracy and freedom? You seek to take control.

You discover the Tor Project—or rather, you learn more about a network that's been around for years and for years has suffered the type of reputation which only blinds everyday people from its incredible potential for positive change in numerous oppressed countries around the world.

At the time of writing there are over 6,300 Tor relays, and I like to think this number will continue to grow steadily. Each one—no matter its uptime, bandwidth or overall reputation, or whether it’s a Guard, Middle or Exit—each one is the direct result of an individual deciding to sacrifice money, time and effort for the cause of fighting for a freer Internet: enabling millions of users—journalists, bloggers, whistleblowers, activists and everyday people like you and I—to communicate anonymously, and therefore safely, wherever we are in the world.

Like many others, at first I was unsure about running my own relay. The usual doubts and questions arose: surely it's too difficult; I don’t know much about servers, and it’s surely expensive and beyond my skill-set to configure one as a Tor relay. But then I watched this talk (Invidious Link, YouTube Link) by the articulate, intelligent and passionate Tor Project developer Jacob Appelbaum (if you do nothing else today, watch it).

Jacob couldn’t have made a better case for direct action, requesting of the audience:

Raise your hand if you think anonymity is something that is good, and you think is a fundamental human right that we should all have...Now raise your hand if you want to do something about it...Now keep your hand up if you’re going to run a Tor relay...Everybody that put your hand down, why aren’t you running a Tor relay? You can do something about it right now.

And this is when it struck me, as I hope it struck many others at that talk: Am I doing enough? Can I claim to take this subject seriously if I’m not willing to invest the effort to really be a part of the solution? Not simply to donate money—which of course is still a great way to contribute—but to truly, technologically support the Tor network.

It struck me that I have enough money, time and access to the right information to run my own relay. So it begged the question: Why wouldn’t I?

At the time of writing my relay has been flagged ‘valid’, ‘running’ and ‘fast’ and is on track to have relayed around 750GB by the end of the month. It feels good. It feels really good.

Sam is an elearning designer and privacy advocate interested in free (libre) software and how it can protect civil liberties. This article was originally published on my personal blog at samhowell.uk, on February 15th, 2019.

Privacy Guides Hires Three Staff Members

Niek de Wilde — Fri, 17 Jan 2025 12:52:52 +0000

Privacy Guides Hires Three Staff Members

At Privacy Guides, we are always looking for ways to be more effective at our mission of promoting privacy and security for everyone. To help us grow, reach a broader audience, and provide more high quality educational resources, we are thrilled to announce the hiring of three talented individuals to our team! Each of them brings a strong passion to their respective roles, and we are excited about working with them.

Em – Journalist

We’re excited to welcome Em (she/her), our new journalist, who will play an important role in taking our articles to the next level. She will be focusing on creating in-depth, interesting posts that explore the most important topics in the world of online privacy, security, and digital rights. Em will also conduct interviews with experts in the industry, analyze reports and studies, and produce investigative news stories to keep our readers informed.

Em is a privacy advocate and public‑interest technologist who has been fervently defending privacy rights online (and offline) since 2018. Her work focuses on raising awareness and informing the public and organizations on data privacy tools, practices, and regulations. She is a passionate writer and thorough investigator, continuously working on ways to improve adoption of better privacy practices, and regularly creating educational material to make protective tools accessible to the groups who need them most.

Em is also a human rights activist who deeply values inclusivity, diversity, accessibility, and software for the public good. In her free time, you can find Em on Mastodon sharing privacy tips or boosting photos of cats and moss.

Follow Em at @Em0nM4stodon@infosec.exchange

Jordan – Content Producer

We also welcome Jordan Warne (they/them), our new content producer who will manage our channels on various video platforms! Jordan has a strong background in video production and content strategy, and we’re confident that they will help us expand our reach and connect with a broader audience. Through informative, easy-to-understand videos, Jordan will simplify complex privacy topics and keep our community engaged. Expect a significantly larger presence on our PeerTube and YouTube channels in the coming months!

Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skillset to simplify complex cybersecurity topics and turn them into engaging and approachable content.

Outside producing high-quality videos, Jordan enjoys exploring the Australian bush, capturing intricate details of its flora and fauna through photography.

Follow Jordan at @jw@social.lol

Kevin – Intern

Last but not least, we are excited to start working with Kevin Pham (he/him), our new intern focused on community & news, who will support both Em and Jordan in their roles while also engaging with our community across all platforms. His enthusiasm for digital privacy and his commitment to helping others make him a perfect fit for our team. He will help with managing our community, and interact with our growing online community to ensure that everyone has a voice. Kevin’s passion and eagerness to learn will no doubt contribute greatly to our mission.

Kevin is a senior at Tufts University studying Political Science and Science & Technology Studies. Originally from Florida, he is now freezing up in the greater Boston area. Kevin is passionate about usable security and privacy for vulnerable populations. He has previously worked with Freedom of the Press Foundation's Digital Security Team and Cornell Tech's Clinic to End Tech Abuse to help journalists and domestic violence survivors alike.

Besides doomscrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!

Follow Kevin at @kevpham@mastodon.social

What This Means for Privacy Guides

The expansion of the Privacy Guides team continues our commitment to provide the best quality resources and information on privacy and security. With Em’s investigative work, Jordan’s video content, and Kevin’s hands-on support, we look forward to communicating easy to understand and factual information with a broader audience.

We’re excited to see how these talented people will help Privacy Guides continue to grow, and we look forward to the amazing work they will contribute in the coming months.

Thank you for being a part of our community, and stay tuned for the exciting new content and updates that will be coming your way soon!Welcome aboard, Em, Jordan, and Kevin! Let’s make privacy accessible for everyone. 🚀

Follow Privacy Guides at @privacyguides@neat.computer

Subscribe to Privacy Guides on YouTube

State of the Web App: Current Woes and Promising Futures

fria — Thu, 21 Nov 2024 19:38:31 +0000

State of the Web App: Current Woes and Promising Futures

The concept of a progressive web app is enticing: an application using web technologies that is inherently cross platform (since it runs in a browser) and acts like a native app, even functioning offline. Support for PWAs in traditionally locked-down platforms like iOS means that PWAs can give users the freedom to install apps without having to go through Apple’s App Store. But there are problems with web content that PWAs haven't solved.

Current Web-Based Apps

Attempts at similar things have been made before, the most infamous of which is Electron. Electron is a software framework that allows developers to easily create cross-platform apps by essentially bundling an entire Chromium browser in with the app. This approach has its drawbacks, though. Browsers have huge attack surface so it's important to keep them updated with the latest security fixes, but many Electron apps ship outdated versions, leaving those apps vulnerable. Each Electron app has its own version of Chromium with its own attack surface, amounting to a performance and security nightmare. In contrast, PWAs use the browser that you already have installed, so as long as you keep it updated, all your apps will have the latest security fixes.

So why isn't every Electron app shipping as a PWA? The answer is an age-old problem with web content: the fact that you have to trust the server fully. You make an HTML GET request and you're served the content (i.e., the site's HTML, CSS, and JavaScript), but if the server is compromised, you'll be served a compromised website. You also need to rely on the security of DNS name resolution and the certificate authority system. This is a huge problem for security-sensitive applications like messengers. An attacker that gains access to their server—even just temporarily—could distribute compromised clients to millions of people, potentially breaking E2EE or executing a host of other malicious actions.

Improving Web Apps

A typical native app is downloaded onto your computer from some kind of trusted place like an app store and only receives updates when the developers push them out. Additionally, there's usually a process of checks and verification before that happens, like Apple's App Review and the Google Play App Review process. In contrast to PWAs, with which the threat of an attacker with server access constantly looms, it's much more difficult to target a particular person. In other words, a malicious app update is much less likely to escape scrutiny than a highly targeted attack via compromised servers.

Isolated Web Apps (IWAs) build on the work done on PWAs and Web Packaging. They are a specification that allows web content to be distributed offline outside of a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.

Google distinguishes between the drive by web, PWAs, and IWAs. The drive by web requires more conservative access to the system as the most accessible and is therefore least trusted. PWAs are a bit more trusted and can integrate a bit more deeply into the system as a result. IWAs are the most trusted and, as such, can have deeper access into the system and more powerful capabilities.

source: chromeos.dev

This higher security assurance from isolated and signed web applications and the inherently more trusted nature of a natively installed app will allow for IWAs to safely access APIs which wouldn't be safe to allow normal websites to access, like Direct Sockets.

IWAs use a totally new URL scheme since they're not relying on HTTPS certificate authorities or DNS. They're totally isolated from each other and the web using enforced Content Security Policy and Cross-Origin Isolation, hence the name.

Issues

The Worldwide Web Consortium currently has an open issue on their GitHub for IWAs with some interesting discussions that are worth checking out. There are some criticisms of IWAs, at least in their current form. A big point of contention is giving IWAs access to more powerful features like raw TCP and UDP socket access, similar to what a natively installed app might be able to do, which Martin Thomson at Mozilla argues is dangerous even with user consent. Martin wrote a nice in-depth article on bundling web content that's worth checking out on their website. It'll be a long process of iterating on the design before a version of this idea that's secure and available across browsers.

Right now, Chrome ships the feature enabled by default but only on ChromeOS for admin-controlled machines and select development partners of Google. Safari and Firefox haven't implemented the feature, with Firefox taking a stance against it. Perhaps in its trial run, the technology will prove its potential, or maybe IWAs aren't the best solution after all and another attempt at improving web apps will come along. I'll be watching with great interest either way.

Where are all the Multi-Party Relays?

fria — Wed, 13 Nov 2024 20:11:32 +0000

Where are all the Multi-Party Relays?

Multi-Party Relays (MPRs) are a technology that aims to provide better privacy protections than VPNs do. MPRs showed a lot of promise when they first emerged, but years later there are fewer options than ever. What happened?

Traditional VPNs

The original purpose of Virtual Private Networks (VPNs) was to access a network privately when you're not physically there, with encryption in between, so you can securely access your files or manage your network from wherever you are. It extends the security you'd expect from being physically at your LAN to anywhere you are.

Commercial VPNs like Proton VPN use this technology to allow you to connect to their network, and then connect to your destination. This keeps sites and services you connect to from knowing your real IP address and using it as a metric to track you. But there's a problem here: you now need to fully trust your VPN provider in the same way you need to trust your ISP with all your internet traffic. This "shifting trust" problem has haunted VPNs for as long as they've been marketed as a privacy product. It's clear that a better solution is needed.

The Alternative: Tor

Mix networks like Tor have solved this problem by decoupling the sender from the destination. No relay along the path has all the information: the entry (or guard) relay knows who you are but not where you're going, the middle relay knows the other two relays, and the exit relay knows the destination but not the sender. There's also separate encryption between each relay.

Tor circuit pathway

Tor provides great privacy properties, but the relays are run by volunteers, so they can be extremely slow and unreliable. Anyone who's tried to download a file while connected to Tor knows how painful it can be. Even normal browsing can be slow, with potentially minutes collectively wasted on loading times in any given browsing session. Tor is hands down the most private way to browse the web, and if your threat model calls for it there is no substitute. But for VPN users who want better privacy, an obvious next step is a paid solution where you have access to fast and reliable servers like on a VPN, and also separation between who you are and what you're connecting to.

A Solution: Multi-Party Relays

Enter Multi-Party Relays. Services like iCloud Private Relay and (the unfortunately discontinued) INVISV Multi-Party Relay take inspiration from mix networks like Tor and separate the sender from the destination using two relays operated by different parties, as the name implies. There's separate encryption between each relay as well. MPRs do require you to trust that the two parties don't collaborate to correlate your traffic, so keep that in mind.

Typically, the first relay is controlled by the provider (either Apple or INVISV in the previous examples), and the second relay is controlled by another company such as Fastly or Cloudflare. These are big names, so you won't need to worry about reliability.

source: blog.cloudflare.com

They also provide speed. Private Relay uses the QUIC protocol and as a result it's lightning fast. You wouldn't even know you were connecting to two servers in between your cat videos. The reliability is so good that I forget I even have it on. It even integrates with Safari and gives you a different IP address for different websites, similar to Tor's stream isolation.

So why haven't MPRs taken off? INVISV's Pretty Good Phone Privacy service never seemed to make it out of beta. INVISV partnered with Vivaldi, but I can't seem to find any mention of it in the Vivaldi settings or on their website outside of the original announcement. INVISV ultimately shut down their service back in June. I hope to see more from them in the future because they were providing something that currently isn't possible to get anymore on Android.

That leaves iCloud Private Relay as the only commercial offering that I'm aware of, but it's limited to Apple devices only. Great for Apple users, but everyone else is left high and dry. As is Apple's way, they didn't want any extra inconvenience from using their service, so they restrict you to your real country and timezone. You don't have the same freedom to choose a server wherever in the world you want like a traditional VPN service would allow.

There is one more honorary mention: OHTTP. It's a new protocol with a design based on the same principles as those of MPRs: two servers, a relay and a gateway, that decouple the sender from the destination. It's already seeing use by large companies to maintain user privacy for things like Google's Safe Browsing and Apple's new Safari Highlights feature. Unfortunately, it's not quite comparable to MPRs. According to Cloudflare:

OHTTP is not a general purpose proxy protocol: it's fit for purpose, aimed at transactional interactions between clients and servers (such as app-level APIs).

So it can't cover all the traffic on your device. Still, it's a promising protocol and I hope it becomes more widespread.

It really is a shame to see such a promising technology go so underutilized. Perhaps VPN companies could make their own MPR product and fill the gap in the market. Only time will tell.

Privacy Guides

The Future of Privacy: How Governments Shape Your Digital Life

The Future of Privacy: How Governments Shape Your Digital Life

Privacy laws are always one election away from getting better, or worse

The tools you use might depend on government funding

Which privacy and security tools could be impacted

Government funding should support civil liberties and protections

The GDPR gave you deletion features in your apps

What is the GDPR

What does the GDPR have to do with data deletion features

Chat Control wants to break end-to-end encryption

What is Chat Control

Why is Chat Control horrible for privacy, and for children

Who opposes Chat Control

Age Verification wants to collect your sensitive data

Who will decide what content should be walled online?

Age Verification undermines privacy and security

Age Verification is already here, sadly

The future of privacy

EasyOptOuts Review & Real-World Test

Background

Methodology

Initial Search

User Experience

1 Week

1 Month

3 Months

Additional Sites

Evaluation

Using Tails When Your World Doesn't Feel Safe Anymore

Using Tails When Your World Doesn't Feel Safe Anymore

What is Tails?

Why you might want to use Tails

When to use Tails, and when not to use Tails

When using Tails might help you

What you should be careful about

When you should not use Tails

Installing Tails

What you'll need

Step 1: Download Tails

Step 2: Verify the file you just downloaded

Step 3: Download and install balenaEtcher

Step 4: Install Tails on your USB stick using balenaEtcher

Step 5: Continue this tutorial from paper or from another device (if you can do so safely)

Step 6: Boot your computer from your Tails USB stick

Starting and using Tails

Using Persistent Storage

Connecting to the internet

Sharing files with others

Storing passwords

Shutting down Tails

Final notes

Consider supporting Tails and the Tor Project

The Protesters' Guide to Smartphone Security

The Protesters' Guide to Smartphone Security

Your Risks at a Protest

"Burner Phones"

Secure Your Device

Use a Strong Screen Lock

Disable Biometic Authentication

Hide Your Notifications

Minimize Your Stored Data

Disable Lock Screen Actions

Avoid External Storage

Consider Your Phone's Security Patches

Protect Against Surveillance

Disable AirDrop

Lock Down Your Network

Use Airplane Mode Frequently

Use Public Wi-Fi

Disable Location Services

Check Your Keyboard

Other Tips

Use Signal

Protect Your Access to Information

Change Your Camera Settings

Back Up Your Data

At The Protest

Keep Your Device Locked

Have a Backup Communications Network