mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2026-05-11 22:31:16 +00:00
Compare commits
81 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 allcontributors[bot]
|
1f18ab0a3b | ||
|
allcontributors[bot]
|
9d83d111dd | ||
|
allcontributors[bot]
|
8abdd1ebbe | ||
|
eylenburg
|
0f920c47e3 | ||
|
fria
|
40f3814402 | ||
|
fria
|
4d4cb82345 | ||
|
redoomed1
|
ef23d72ede | ||
|
fria
|
cb2ea5e18c | ||
|
redoomed1
|
6fe04d10e7 | ||
|
fria
|
5dc4a15c2f | ||
|
redoomed1
|
da3a3b59f6 | ||
|
Rahul Sandhu
|
49d627d740 | ||
 jonah
|
0cc8ce0beb | ||
|
n3thshan
|
100db6c823 | ||
|
redoomed1
|
f0cc351c6b | ||
|
fria
|
330ec3a4e1 | ||
|
redoomed1
|
fff721a748 | ||
|
Triple I - Triple T
|
441c4155ba | ||
|
redoomed1
|
23f873ac33 | ||
|
jonah
|
be042fe060
|
||
|
redoomed1
|
6c40408f36 | ||
|
redoomed1
|
0596b57099 | ||
|
Justin Ehrenhofer
|
60e2e901d3 | ||
|
Overwatch
|
eda031ee4a | ||
|
aglovewithoutlove
|
5ad16d7aea | ||
|
jonah
|
d4f8d68610
|
||
|
Em
|
d2dccb6481 | ||
|
fria
|
4198b8d3a5 | ||
|
Em
|
5dedaa7a13 | ||
|
jonah
|
ab2199e9ca
|
||
|
fria
|
78726b4c4a | ||
|
efb4f5ff-1298-471a-8973-3d47447115dc
|
f45720b1be | ||
|
jonah
|
a20561f516
|
||
|
jonah
|
8dd1bade3d
|
||
|
jonah
|
14aac5dbdd | ||
|
redoomed1
|
a7a05a8dd4 | ||
|
Dr Ian Preston
|
373bb1920d | ||
|
jonah
|
7d3d849474
|
||
|
fria
|
16b3e5e16f | ||
|
Em
|
2dd653b12f | ||
|
redoomed1
|
8089e6483e | ||
|
jonah
|
2f95961b9e
|
||
|
redoomed1
|
008d01db23 | ||
|
jonah
|
ee51ff205b
|
||
|
jonah
|
f616c94bd6
|
||
|
William W.
|
c2a904f2c2 | ||
|
jonah
|
c718483844 | ||
|
jonah
|
9b47e749d5 | ||
|
fria
|
999c805c4d | ||
|
jonah
|
047ef27590 | ||
|
rollsicecream
|
47f4ca1979 | ||
|
fria
|
dc6f326f96 | ||
|
jonah
|
b55f1cdb44
|
||
|
jonah
|
0f6ee45157
|
||
|
fria
|
0f10d3b35a | ||
|
jonah
|
c738b4a446
|
||
|
redoomed1
|
81632962a7 | ||
|
fria
|
9b9bb71005 | ||
|
Ganwtrs
|
f9bd8204f2 | ||
|
fria
|
6503cfa9db | ||
|
redoomed1
|
2a6330f774 | ||
|
redoomed1
|
0eee5798b8 | ||
|
jonah
|
30f05ff291
|
||
|
Em
|
7e5ec73759 | ||
|
Em
|
32d84e9a42 | ||
|
jonah
|
19947442a6
|
||
|
Em
|
e55eb0986b | ||
|
jonah
|
e5500a11da
|
||
|
Daniel Gray
|
0c4f98e7fb | ||
|
jonah
|
ac96552200
|
||
|
jonah
|
1a7eb59fee
|
||
|
Em
|
575818a637 | ||
|
eqilnou
|
071943afa5 | ||
|
redoomed1
|
d14d9616bf | ||
|
UsrnmeX
|
f3fee22717 | ||
|
redoomed1
|
f3fb0aaba8 | ||
|
redoomed1
|
45778ce564 | ||
|
efb4f5ff-1298-471a-8973-3d47447115dc
|
77beced95f | ||
|
jonah
|
ca89bd940a
|
||
|
jonah
|
76bfc61e93
|
||
|
Em
|
f0146e01b6 |
@@ -3118,6 +3118,16 @@
|
||||
"contributions": [
|
||||
"doc"
|
||||
]
|
||||
},
|
||||
{
|
||||
"login": "panwor",
|
||||
"name": "panwor",
|
||||
"avatar_url": "https://avatars.githubusercontent.com/u/97786623?v=4",
|
||||
"profile": "http://panwor.vercel.app",
|
||||
"contributions": [
|
||||
"doc",
|
||||
"translation"
|
||||
]
|
||||
}
|
||||
],
|
||||
"contributorsPerLine": 5,
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
:1337 {
|
||||
reverse_proxy /articles/* http://127.0.0.1:8001
|
||||
reverse_proxy /videos/* http://127.0.0.1:8002
|
||||
reverse_proxy /en/* http://127.0.0.1:8000
|
||||
redir / /en/
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
// For format details, see https://aka.ms/devcontainer.json.
|
||||
{
|
||||
"name": "Privacy Guides",
|
||||
"image": "ghcr.io/privacyguides/privacyguides.org:sha-55c050b",
|
||||
"image": "ghcr.io/privacyguides/privacyguides.org:sha-5648a3f",
|
||||
// "build": {
|
||||
// "dockerfile": "../Dockerfile",
|
||||
// "context": ".."
|
||||
@@ -19,10 +19,6 @@
|
||||
"8001": {
|
||||
"label": "Articles",
|
||||
"onAutoForward": "silent"
|
||||
},
|
||||
"8002": {
|
||||
"label": "Videos",
|
||||
"onAutoForward": "silent"
|
||||
}
|
||||
},
|
||||
"otherPortsAttributes": {
|
||||
@@ -52,24 +48,10 @@
|
||||
"group": "Live server"
|
||||
}
|
||||
},
|
||||
{
|
||||
"label": "Videos",
|
||||
"type": "shell",
|
||||
"command": "mkdocs serve --config-file=mkdocs.videos.yml --dev-addr=localhost:8002",
|
||||
"group": "test",
|
||||
"runOptions": {
|
||||
"runOn": "folderOpen"
|
||||
},
|
||||
"presentation": {
|
||||
"reveal": "always",
|
||||
"panel": "dedicated",
|
||||
"group": "Live server"
|
||||
}
|
||||
},
|
||||
{
|
||||
"label": "Main",
|
||||
"type": "shell",
|
||||
"command": "./run.sh --cmd=mkdocs --insiders --production",
|
||||
"command": "./run.sh --cmd=mkdocs --insiders",
|
||||
"group": "test",
|
||||
"runOptions": {
|
||||
"runOn": "folderOpen"
|
||||
|
||||
@@ -90,7 +90,7 @@ jobs:
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
|
||||
@@ -72,15 +72,13 @@ jobs:
|
||||
continue-on-error: false
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
strict: true
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
|
||||
build_i18n:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
|
||||
needs: [submodule, metadata]
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [es, fr, he, it, nl, ru, zh-Hant]
|
||||
lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW]
|
||||
fail-fast: false
|
||||
uses: ./.github/workflows/build.yml
|
||||
with:
|
||||
@@ -101,24 +99,21 @@ jobs:
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
build_videos:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build videos') }}
|
||||
build_zimfile:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build zimfile') }}
|
||||
needs: [submodule, metadata]
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
uses: ./.github/workflows/build-zimfile.yml
|
||||
with:
|
||||
ref: ${{github.event.pull_request.head.ref}}
|
||||
repo: ${{github.event.pull_request.head.repo.full_name}}
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
combine_build:
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog]
|
||||
if: |
|
||||
(always() && !cancelled() && !failure()) &&
|
||||
needs.build_english.result == 'success' &&
|
||||
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') &&
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') &&
|
||||
(needs.build_videos.result == 'success' || needs.build_videos.result == 'skipped')
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped')
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
@@ -140,5 +135,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog, build_zimfile]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -1,116 +0,0 @@
|
||||
name: 🛠️ Build Videos
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
required: true
|
||||
type: string
|
||||
repo:
|
||||
required: true
|
||||
type: string
|
||||
context:
|
||||
type: string
|
||||
default: deploy-preview
|
||||
continue-on-error:
|
||||
type: boolean
|
||||
default: true
|
||||
privileged:
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ inputs.continue-on-error }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
if: inputs.privileged
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python (no pipenv)
|
||||
if: ${{ !inputs.privileged }}
|
||||
uses: actions/setup-python@v5
|
||||
|
||||
- name: Install Python Dependencies
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Install Python Dependencies (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Set base navigation URLs for production build
|
||||
if: inputs.context == 'production'
|
||||
run: |
|
||||
{
|
||||
echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
- name: Build Website (Privileged)
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Build Website (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
BUILD_INSIDERS=false mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Package Website
|
||||
run: |
|
||||
tar -czf site-build-videos.tar.gz site
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: site-build-videos.tar.gz
|
||||
path: site-build-videos.tar.gz
|
||||
retention-days: 1
|
||||
@@ -0,0 +1,594 @@
|
||||
name: 🥝 Build Zimfile
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
required: true
|
||||
type: string
|
||||
repo:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
VIDEOS_SITE_BASE_URL: https://www.privacyguides.org/videos/
|
||||
HOMEPAGE_CTA_ABOUT_LINK: about.html
|
||||
HOMEPAGE_CTA_DONATE_LINK: about/donate.html
|
||||
BUILD_OFFLINE: true
|
||||
PRODUCTION: true
|
||||
CARDS: false
|
||||
GITREVISIONDATE: false
|
||||
GITAUTHORS: false
|
||||
|
||||
jobs:
|
||||
package_eng:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
LANGUAGE_SWITCHER: false
|
||||
MAIN_SITE_BASE_URL: /en/index.html
|
||||
MAIN_SITE_ABOUT_URL: /en/about.html
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
|
||||
ARTICLES_SITE_BASE_URL: /articles/index.html
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build English
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=en
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/en/assets
|
||||
SEARCH_DIR: site/en
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Build Articles
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Your central privacy and security resource to protect yourself online." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_all" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: addnab/docker-run-action@v3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
package_eng_kb:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
LANGUAGE_SWITCHER: false
|
||||
ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build English
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=en
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/en/assets
|
||||
SEARCH_DIR: site/en
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_kb_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Knowledge base articles and recommendations from Privacy Guides." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_kb" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: addnab/docker-run-action@v3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
package_eng_articles:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
MAIN_SITE_BASE_URL: https://www.privacyguides.org/en/
|
||||
MAIN_SITE_ABOUT_URL: https://www.privacyguides.org/en/about/
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: https://www.privacyguides.org/en/tools/
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: https://www.privacyguides.org/en/basics/
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Build Articles
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s articles/index.html index.html
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_articles_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I articles/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Long-form articles from the Privacy Guides team and other contributors." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_articles" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: addnab/docker-run-action@v3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
build_mul:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
MAIN_SITE_BASE_URL: /en/index.html
|
||||
MAIN_SITE_ABOUT_URL: /en/about.html
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
|
||||
ARTICLES_SITE_BASE_URL: /articles/index.html
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Copy Translation Files
|
||||
if: matrix.lang != 'en'
|
||||
run: |
|
||||
cp -rl modules/repo-i18n/i18n .
|
||||
cp -rl modules/repo-i18n/includes .
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build Website
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=${{ matrix.lang }}
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/${{ matrix.lang }}/assets
|
||||
SEARCH_DIR: site/${{ matrix.lang }}
|
||||
|
||||
- name: Build Articles
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Package Website
|
||||
run: |
|
||||
tar -czf site-zimready-${{ matrix.lang }}.tar.gz site
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: site-zimready-${{ matrix.lang }}.tar.gz
|
||||
path: site-zimready-${{ matrix.lang }}.tar.gz
|
||||
retention-days: 1
|
||||
compression-level: 0
|
||||
|
||||
package_mul:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build_mul]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download All Sites
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: site-zimready-*
|
||||
merge-multiple: true
|
||||
|
||||
- name: List Files (for debugging)
|
||||
run: |
|
||||
for file in *.tar.gz; do tar -zxf "$file"; done
|
||||
ls -la site/
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_mul_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l mul \
|
||||
-t "Privacy Guides" \
|
||||
-d "Your central privacy and security resource to protect yourself online." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_mul_all" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: addnab/docker-run-action@v3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
@@ -30,9 +30,6 @@ on:
|
||||
cache:
|
||||
type: boolean
|
||||
default: true
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY:
|
||||
required: false
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
@@ -65,7 +62,7 @@ jobs:
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
@@ -160,19 +157,6 @@ jobs:
|
||||
social-cache-${{ inputs.repo }}-${{ inputs.lang }}-
|
||||
social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-
|
||||
|
||||
- name: Restore Optimize Plugin Cache
|
||||
uses: actions/cache/restore@v4
|
||||
id: optimize_cache_restore
|
||||
if: inputs.cache
|
||||
with:
|
||||
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
path: |
|
||||
.cache/plugin/optimize
|
||||
restore-keys: |
|
||||
optimize-cache-${{ inputs.repo }}-
|
||||
optimize-cache-privacyguides/privacyguides.org-
|
||||
optimize-cache-
|
||||
|
||||
- name: Install Python Dependencies
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
@@ -189,11 +173,9 @@ jobs:
|
||||
|
||||
- name: Generate Donating Members List
|
||||
continue-on-error: true
|
||||
env:
|
||||
DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
run: |
|
||||
pip install requests
|
||||
python generate-members.py > includes/members.md
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build Website
|
||||
run: |
|
||||
@@ -202,7 +184,7 @@ jobs:
|
||||
- name: Run generate-topics.sh for top posts
|
||||
if: inputs.lang == 'en'
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -211,7 +193,7 @@ jobs:
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
if: inputs.lang == 'en'
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -242,16 +224,6 @@ jobs:
|
||||
.cache/plugin/social/manifest.json
|
||||
.cache/plugin/social/assets
|
||||
|
||||
- name: Find Optimize Plugin Cache
|
||||
uses: actions/cache/restore@v4
|
||||
if: steps.optimize_cache_restore.outputs.cache-hit != 'true' && inputs.cache
|
||||
id: optimize_cache_test
|
||||
with:
|
||||
key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
lookup-only: true
|
||||
path: |
|
||||
.cache/plugin/optimize
|
||||
|
||||
- name: Save Privacy Plugin Cache
|
||||
uses: actions/cache/save@v4
|
||||
if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache
|
||||
@@ -268,13 +240,6 @@ jobs:
|
||||
.cache/plugin/social/manifest.json
|
||||
.cache/plugin/social/assets
|
||||
|
||||
- name: Save Optimize Plugin Cache
|
||||
uses: actions/cache/save@v4
|
||||
if: steps.optimize_cache_test.outputs.cache-hit != 'true' && inputs.cache
|
||||
with:
|
||||
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
path: .cache/plugin/optimize
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
@@ -289,47 +254,3 @@ jobs:
|
||||
name: members.md
|
||||
path: includes/members.md
|
||||
retention-days: 1
|
||||
|
||||
offline_package:
|
||||
if: inputs.config == 'offline' && inputs.lang == 'en'
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ inputs.continue-on-error }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: site-offline-en.tar.gz
|
||||
|
||||
- run: |
|
||||
tar -xzf site-offline-en.tar.gz
|
||||
tar -czf offline.tar.gz site/en
|
||||
zip -r -q offline.zip site/en
|
||||
|
||||
- name: Upload tar.gz file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline.tar.gz
|
||||
path: offline.tar.gz
|
||||
|
||||
- name: Upload zip file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline.zip
|
||||
path: offline.zip
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim
|
||||
|
||||
- name: Upload ZIM file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline-privacy_guides.zim
|
||||
path: offline-privacy_guides.zim
|
||||
|
||||
@@ -27,7 +27,6 @@ on:
|
||||
- "main"
|
||||
paths:
|
||||
- "blog/**"
|
||||
- "videos/**"
|
||||
|
||||
concurrency:
|
||||
group: release-deployment
|
||||
@@ -61,19 +60,8 @@ jobs:
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
build_videos:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
deploy:
|
||||
needs: [build_blog, build_videos]
|
||||
needs: [build_blog]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main
|
||||
with:
|
||||
environment: production
|
||||
@@ -83,5 +71,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_blog, build_videos]
|
||||
needs: [build_blog]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -89,18 +89,6 @@ jobs:
|
||||
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
|
||||
echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
deploy_netlify:
|
||||
needs: metadata
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
|
||||
with:
|
||||
netlify_alias: ${{ needs.metadata.outputs.pr_number }}
|
||||
netlify_site_id: ${{ vars.NETLIFY_SITE }}
|
||||
secrets:
|
||||
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
|
||||
|
||||
deploy_garage:
|
||||
needs: metadata
|
||||
permissions:
|
||||
|
||||
@@ -50,8 +50,8 @@ jobs:
|
||||
needs: submodule
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
|
||||
build: [build, offline]
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW]
|
||||
build: [build]
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build.yml
|
||||
@@ -63,8 +63,6 @@ jobs:
|
||||
context: production
|
||||
continue-on-error: false
|
||||
cache: false
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
|
||||
build_blog:
|
||||
needs: submodule
|
||||
@@ -77,20 +75,18 @@ jobs:
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
build_videos:
|
||||
build_zimfile:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
uses: ./.github/workflows/build-zimfile.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
release:
|
||||
name: Create release notes
|
||||
needs: build
|
||||
needs: [build, build_zimfile]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
@@ -98,21 +94,20 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: offline*
|
||||
pattern: "*.zim"
|
||||
merge-multiple: true
|
||||
|
||||
- name: Create release notes
|
||||
uses: ncipollo/release-action@v1
|
||||
with:
|
||||
generateReleaseNotes: true
|
||||
artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim"
|
||||
artifacts: "*.zim"
|
||||
makeLatest: true
|
||||
|
||||
deploy:
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
|
||||
secrets:
|
||||
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
|
||||
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
|
||||
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
|
||||
PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
|
||||
@@ -126,5 +121,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog, build_zimfile]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -57,7 +57,7 @@ jobs:
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -65,7 +65,7 @@ jobs:
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
|
||||
@@ -15,6 +15,7 @@ Jonah Aragon <jonah@privacyguides.org> <jonah@triplebit.net>
|
||||
Jonah Aragon <jonah@privacyguides.org> <jonah@privacytools.io>
|
||||
Jonah Aragon <jonah@privacyguides.org> <github@aragon.science>
|
||||
Jordan Warne <jordan@privacyguides.org> <jw@omg.lol>
|
||||
Jordan Warne <jordan@privacyguides.org> <contact@jordanwarne.net>
|
||||
Justin Ehrenhofer <justin.ehrenhofer@gmail.com> <12520755+SamsungGalaxyPlayer@users.noreply.github.com>
|
||||
Mare Polaris <ph00lt0@privacyguides.org> <15004290+ph00lt0@users.noreply.github.com>
|
||||
Niek de Wilde <niek@privacyguides.org> <github.ef27z@simplelogin.com>
|
||||
|
||||
Vendored
+2
-1
@@ -316,7 +316,6 @@ cryptofs
|
||||
siv-mode
|
||||
cryptolib-swift
|
||||
cryptomator-objc-cryptor
|
||||
Picocrypt
|
||||
VeraCrypt
|
||||
TrueCrypt
|
||||
cryptoprocessor
|
||||
@@ -569,3 +568,5 @@ allowlisted
|
||||
MyMonero
|
||||
Monero-LWS
|
||||
OkCupid
|
||||
Anom
|
||||
misgendering
|
||||
|
||||
Vendored
+2
-1
@@ -115,5 +115,6 @@
|
||||
"editor.formatOnSave": true,
|
||||
"[github-actions-workflow]": {
|
||||
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
||||
}
|
||||
},
|
||||
"python-envs.pythonProjects": []
|
||||
}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
https://www.privacyguides.org/funding.json
|
||||
Generated
+244
-195
@@ -64,11 +64,11 @@
|
||||
},
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6",
|
||||
"sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3"
|
||||
"sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407",
|
||||
"sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2025.4.26"
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==2025.8.3"
|
||||
},
|
||||
"cffi": {
|
||||
"hashes": [
|
||||
@@ -145,101 +145,88 @@
|
||||
},
|
||||
"charset-normalizer": {
|
||||
"hashes": [
|
||||
"sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4",
|
||||
"sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45",
|
||||
"sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7",
|
||||
"sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0",
|
||||
"sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7",
|
||||
"sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d",
|
||||
"sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d",
|
||||
"sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0",
|
||||
"sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184",
|
||||
"sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db",
|
||||
"sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b",
|
||||
"sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64",
|
||||
"sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b",
|
||||
"sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8",
|
||||
"sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff",
|
||||
"sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344",
|
||||
"sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58",
|
||||
"sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e",
|
||||
"sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471",
|
||||
"sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148",
|
||||
"sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a",
|
||||
"sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836",
|
||||
"sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e",
|
||||
"sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63",
|
||||
"sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c",
|
||||
"sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1",
|
||||
"sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01",
|
||||
"sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366",
|
||||
"sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58",
|
||||
"sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5",
|
||||
"sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c",
|
||||
"sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2",
|
||||
"sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a",
|
||||
"sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597",
|
||||
"sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b",
|
||||
"sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5",
|
||||
"sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb",
|
||||
"sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f",
|
||||
"sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0",
|
||||
"sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941",
|
||||
"sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0",
|
||||
"sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86",
|
||||
"sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7",
|
||||
"sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7",
|
||||
"sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455",
|
||||
"sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6",
|
||||
"sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4",
|
||||
"sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0",
|
||||
"sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3",
|
||||
"sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1",
|
||||
"sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6",
|
||||
"sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981",
|
||||
"sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c",
|
||||
"sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980",
|
||||
"sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645",
|
||||
"sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7",
|
||||
"sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12",
|
||||
"sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa",
|
||||
"sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd",
|
||||
"sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef",
|
||||
"sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f",
|
||||
"sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2",
|
||||
"sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d",
|
||||
"sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5",
|
||||
"sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02",
|
||||
"sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3",
|
||||
"sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd",
|
||||
"sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e",
|
||||
"sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214",
|
||||
"sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd",
|
||||
"sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a",
|
||||
"sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c",
|
||||
"sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681",
|
||||
"sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba",
|
||||
"sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f",
|
||||
"sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a",
|
||||
"sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28",
|
||||
"sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691",
|
||||
"sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82",
|
||||
"sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a",
|
||||
"sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027",
|
||||
"sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7",
|
||||
"sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518",
|
||||
"sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf",
|
||||
"sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b",
|
||||
"sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9",
|
||||
"sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544",
|
||||
"sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da",
|
||||
"sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509",
|
||||
"sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f",
|
||||
"sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a",
|
||||
"sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f"
|
||||
"sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91",
|
||||
"sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0",
|
||||
"sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154",
|
||||
"sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601",
|
||||
"sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884",
|
||||
"sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07",
|
||||
"sha256:0f2be7e0cf7754b9a30eb01f4295cc3d4358a479843b31f328afd210e2c7598c",
|
||||
"sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64",
|
||||
"sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe",
|
||||
"sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f",
|
||||
"sha256:16a8770207946ac75703458e2c743631c79c59c5890c80011d536248f8eaa432",
|
||||
"sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc",
|
||||
"sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa",
|
||||
"sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9",
|
||||
"sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae",
|
||||
"sha256:1ef99f0456d3d46a50945c98de1774da86f8e992ab5c77865ea8b8195341fc19",
|
||||
"sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d",
|
||||
"sha256:23b6b24d74478dc833444cbd927c338349d6ae852ba53a0d02a2de1fce45b96e",
|
||||
"sha256:252098c8c7a873e17dd696ed98bbe91dbacd571da4b87df3736768efa7a792e4",
|
||||
"sha256:257f26fed7d7ff59921b78244f3cd93ed2af1800ff048c33f624c87475819dd7",
|
||||
"sha256:2c322db9c8c89009a990ef07c3bcc9f011a3269bc06782f916cd3d9eed7c9312",
|
||||
"sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92",
|
||||
"sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31",
|
||||
"sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c",
|
||||
"sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f",
|
||||
"sha256:34a7f768e3f985abdb42841e20e17b330ad3aaf4bb7e7aeeb73db2e70f077b99",
|
||||
"sha256:3653fad4fe3ed447a596ae8638b437f827234f01a8cd801842e43f3d0a6b281b",
|
||||
"sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15",
|
||||
"sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392",
|
||||
"sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f",
|
||||
"sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8",
|
||||
"sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491",
|
||||
"sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0",
|
||||
"sha256:511729f456829ef86ac41ca78c63a5cb55240ed23b4b737faca0eb1abb1c41bc",
|
||||
"sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0",
|
||||
"sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f",
|
||||
"sha256:5b413b0b1bfd94dbf4023ad6945889f374cd24e3f62de58d6bb102c4d9ae534a",
|
||||
"sha256:5d8d01eac18c423815ed4f4a2ec3b439d654e55ee4ad610e153cf02faf67ea40",
|
||||
"sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927",
|
||||
"sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849",
|
||||
"sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce",
|
||||
"sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14",
|
||||
"sha256:70bfc5f2c318afece2f5838ea5e4c3febada0be750fcf4775641052bbba14d05",
|
||||
"sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c",
|
||||
"sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c",
|
||||
"sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a",
|
||||
"sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc",
|
||||
"sha256:88ab34806dea0671532d3f82d82b85e8fc23d7b2dd12fa837978dad9bb392a34",
|
||||
"sha256:8999f965f922ae054125286faf9f11bc6932184b93011d138925a1773830bbe9",
|
||||
"sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096",
|
||||
"sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14",
|
||||
"sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30",
|
||||
"sha256:a2d08ac246bb48479170408d6c19f6385fa743e7157d716e144cad849b2dd94b",
|
||||
"sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b",
|
||||
"sha256:b5e3b2d152e74e100a9e9573837aba24aab611d39428ded46f4e4022ea7d1942",
|
||||
"sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db",
|
||||
"sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5",
|
||||
"sha256:c60e092517a73c632ec38e290eba714e9627abe9d301c8c8a12ec32c314a2a4b",
|
||||
"sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce",
|
||||
"sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669",
|
||||
"sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0",
|
||||
"sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018",
|
||||
"sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93",
|
||||
"sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe",
|
||||
"sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049",
|
||||
"sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a",
|
||||
"sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef",
|
||||
"sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2",
|
||||
"sha256:d22dbedd33326a4a5190dd4fe9e9e693ef12160c77382d9e87919bce54f3d4ca",
|
||||
"sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16",
|
||||
"sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f",
|
||||
"sha256:d95bfb53c211b57198bb91c46dd5a2d8018b3af446583aab40074bf7988401cb",
|
||||
"sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1",
|
||||
"sha256:ec557499516fc90fd374bf2e32349a2887a876fbf162c160e3c01b6849eaf557",
|
||||
"sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37",
|
||||
"sha256:fb731e5deb0c7ef82d698b0f4c5bb724633ee2a489401594c5c88b02e6cb15f7",
|
||||
"sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72",
|
||||
"sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c",
|
||||
"sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.4.2"
|
||||
"version": "==3.4.3"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
@@ -275,11 +262,11 @@
|
||||
},
|
||||
"filelock": {
|
||||
"hashes": [
|
||||
"sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
|
||||
"sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
|
||||
"sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58",
|
||||
"sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==3.18.0"
|
||||
"version": "==3.19.1"
|
||||
},
|
||||
"ghp-import": {
|
||||
"hashes": [
|
||||
@@ -298,11 +285,11 @@
|
||||
},
|
||||
"gitpython": {
|
||||
"hashes": [
|
||||
"sha256:9e0e10cda9bed1ee64bc9a6de50e7e38a9c9943241cd7f585f6df3ed28011110",
|
||||
"sha256:c87e30b26253bf5418b01b0660f818967f3c503193838337fe5e573331249269"
|
||||
"sha256:85b0ee964ceddf211c41b9f27a49086010a190fd8132a24e21f362a4b36a791c",
|
||||
"sha256:8908cb2e02fb3b93b7eb0f2827125cb699869470432cc885f019b8fd0fccff77"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.1.44"
|
||||
"version": "==3.1.45"
|
||||
},
|
||||
"hjson": {
|
||||
"hashes": [
|
||||
@@ -336,11 +323,11 @@
|
||||
},
|
||||
"markdown": {
|
||||
"hashes": [
|
||||
"sha256:794a929b79c5af141ef5ab0f2f642d0f7b1872981250230e72682346f7cc90dc",
|
||||
"sha256:7df81e63f0df5c4b24b7d156eb81e4690595239b7d70937d0409f1b0de319c6f"
|
||||
"sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280",
|
||||
"sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==3.8"
|
||||
"version": "==3.9"
|
||||
},
|
||||
"markupsafe": {
|
||||
"hashes": [
|
||||
@@ -435,12 +422,12 @@
|
||||
},
|
||||
"mkdocs-git-authors-plugin": {
|
||||
"hashes": [
|
||||
"sha256:acdacc8452db90a94d9c395a230b16965a9f2f51e0a6eef182ac7d3e02e394fb",
|
||||
"sha256:e19f0252ead3d626fd73e15bb56d6675704c3b62aa569ebc363f791291b8f60e"
|
||||
"sha256:28421a99c3e872a8e205674bb80ec48524838243e5f59eaf9bd97df103e38901",
|
||||
"sha256:29d1973b2835663d79986fb756e02f1f0ff3fe35c278e993206bd3c550c205e4"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==0.9.5"
|
||||
"version": "==0.10.0"
|
||||
},
|
||||
"mkdocs-git-revision-date-localized-plugin": {
|
||||
"hashes": [
|
||||
@@ -453,20 +440,21 @@
|
||||
},
|
||||
"mkdocs-glightbox": {
|
||||
"hashes": [
|
||||
"sha256:392b34207bf95991071a16d5f8916d1d2f2cd5d5bb59ae2997485ccd778c70d9",
|
||||
"sha256:e0107beee75d3eb7380ac06ea2d6eac94c999eaa49f8c3cbab0e7be2ac006ccf"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.4.0"
|
||||
},
|
||||
"mkdocs-macros-plugin": {
|
||||
"hashes": [
|
||||
"sha256:02432033a5b77fb247d6ec7924e72fc4ceec264165b1644ab8d0dc159c22ce59",
|
||||
"sha256:17c7fd1a49b94defcdb502fd453d17a1e730f8836523379d21292eb2be4cb523"
|
||||
"sha256:7d78a5b045f2479f61b0bbb17742ba701755c56b013e70ac189c9d87a91e80bf",
|
||||
"sha256:f47af0daff164edf8d36e553338425be3aab6e34b987d9cbbc2ae7819a98cb01"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.3.7"
|
||||
"version": "==0.5.1"
|
||||
},
|
||||
"mkdocs-macros-plugin": {
|
||||
"hashes": [
|
||||
"sha256:01b6003fbe9b55fdc97c0abb66f811d65abfd291dcf70f277990165553faa99a",
|
||||
"sha256:c52351295efdbdbb37a9f0ea639719055ddb64a00115457289940e85696a81d9"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.3.9"
|
||||
},
|
||||
"mkdocs-material": {
|
||||
"extras": [
|
||||
@@ -494,73 +482,68 @@
|
||||
},
|
||||
"msgpack": {
|
||||
"hashes": [
|
||||
"sha256:06f5fd2f6bb2a7914922d935d3b8bb4a7fff3a9a91cfce6d06c13bc42bec975b",
|
||||
"sha256:071603e2f0771c45ad9bc65719291c568d4edf120b44eb36324dcb02a13bfddf",
|
||||
"sha256:0907e1a7119b337971a689153665764adc34e89175f9a34793307d9def08e6ca",
|
||||
"sha256:0f92a83b84e7c0749e3f12821949d79485971f087604178026085f60ce109330",
|
||||
"sha256:115a7af8ee9e8cddc10f87636767857e7e3717b7a2e97379dc2054712693e90f",
|
||||
"sha256:13599f8829cfbe0158f6456374e9eea9f44eee08076291771d8ae93eda56607f",
|
||||
"sha256:17fb65dd0bec285907f68b15734a993ad3fc94332b5bb21b0435846228de1f39",
|
||||
"sha256:2137773500afa5494a61b1208619e3871f75f27b03bcfca7b3a7023284140247",
|
||||
"sha256:3180065ec2abbe13a4ad37688b61b99d7f9e012a535b930e0e683ad6bc30155b",
|
||||
"sha256:398b713459fea610861c8a7b62a6fec1882759f308ae0795b5413ff6a160cf3c",
|
||||
"sha256:3d364a55082fb2a7416f6c63ae383fbd903adb5a6cf78c5b96cc6316dc1cedc7",
|
||||
"sha256:3df7e6b05571b3814361e8464f9304c42d2196808e0119f55d0d3e62cd5ea044",
|
||||
"sha256:41c991beebf175faf352fb940bf2af9ad1fb77fd25f38d9142053914947cdbf6",
|
||||
"sha256:42f754515e0f683f9c79210a5d1cad631ec3d06cea5172214d2176a42e67e19b",
|
||||
"sha256:452aff037287acb1d70a804ffd022b21fa2bb7c46bee884dbc864cc9024128a0",
|
||||
"sha256:4676e5be1b472909b2ee6356ff425ebedf5142427842aa06b4dfd5117d1ca8a2",
|
||||
"sha256:46c34e99110762a76e3911fc923222472c9d681f1094096ac4102c18319e6468",
|
||||
"sha256:471e27a5787a2e3f974ba023f9e265a8c7cfd373632247deb225617e3100a3c7",
|
||||
"sha256:4a1964df7b81285d00a84da4e70cb1383f2e665e0f1f2a7027e683956d04b734",
|
||||
"sha256:4b51405e36e075193bc051315dbf29168d6141ae2500ba8cd80a522964e31434",
|
||||
"sha256:4d1b7ff2d6146e16e8bd665ac726a89c74163ef8cd39fa8c1087d4e52d3a2325",
|
||||
"sha256:53258eeb7a80fc46f62fd59c876957a2d0e15e6449a9e71842b6d24419d88ca1",
|
||||
"sha256:534480ee5690ab3cbed89d4c8971a5c631b69a8c0883ecfea96c19118510c846",
|
||||
"sha256:58638690ebd0a06427c5fe1a227bb6b8b9fdc2bd07701bec13c2335c82131a88",
|
||||
"sha256:58dfc47f8b102da61e8949708b3eafc3504509a5728f8b4ddef84bd9e16ad420",
|
||||
"sha256:59caf6a4ed0d164055ccff8fe31eddc0ebc07cf7326a2aaa0dbf7a4001cd823e",
|
||||
"sha256:5dbad74103df937e1325cc4bfeaf57713be0b4f15e1c2da43ccdd836393e2ea2",
|
||||
"sha256:5e1da8f11a3dd397f0a32c76165cf0c4eb95b31013a94f6ecc0b280c05c91b59",
|
||||
"sha256:646afc8102935a388ffc3914b336d22d1c2d6209c773f3eb5dd4d6d3b6f8c1cb",
|
||||
"sha256:64fc9068d701233effd61b19efb1485587560b66fe57b3e50d29c5d78e7fef68",
|
||||
"sha256:65553c9b6da8166e819a6aa90ad15288599b340f91d18f60b2061f402b9a4915",
|
||||
"sha256:685ec345eefc757a7c8af44a3032734a739f8c45d1b0ac45efc5d8977aa4720f",
|
||||
"sha256:6ad622bf7756d5a497d5b6836e7fc3752e2dd6f4c648e24b1803f6048596f701",
|
||||
"sha256:73322a6cc57fcee3c0c57c4463d828e9428275fb85a27aa2aa1a92fdc42afd7b",
|
||||
"sha256:74bed8f63f8f14d75eec75cf3d04ad581da6b914001b474a5d3cd3372c8cc27d",
|
||||
"sha256:79ec007767b9b56860e0372085f8504db5d06bd6a327a335449508bbee9648fa",
|
||||
"sha256:7a946a8992941fea80ed4beae6bff74ffd7ee129a90b4dd5cf9c476a30e9708d",
|
||||
"sha256:7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd",
|
||||
"sha256:7c9a35ce2c2573bada929e0b7b3576de647b0defbd25f5139dcdaba0ae35a4cc",
|
||||
"sha256:7e7b853bbc44fb03fbdba34feb4bd414322180135e2cb5164f20ce1c9795ee48",
|
||||
"sha256:879a7b7b0ad82481c52d3c7eb99bf6f0645dbdec5134a4bddbd16f3506947feb",
|
||||
"sha256:8a706d1e74dd3dea05cb54580d9bd8b2880e9264856ce5068027eed09680aa74",
|
||||
"sha256:8a84efb768fb968381e525eeeb3d92857e4985aacc39f3c47ffd00eb4509315b",
|
||||
"sha256:8cf9e8c3a2153934a23ac160cc4cba0ec035f6867c8013cc6077a79823370346",
|
||||
"sha256:8da4bf6d54ceed70e8861f833f83ce0814a2b72102e890cbdfe4b34764cdd66e",
|
||||
"sha256:8e59bca908d9ca0de3dc8684f21ebf9a690fe47b6be93236eb40b99af28b6ea6",
|
||||
"sha256:914571a2a5b4e7606997e169f64ce53a8b1e06f2cf2c3a7273aa106236d43dd5",
|
||||
"sha256:a51abd48c6d8ac89e0cfd4fe177c61481aca2d5e7ba42044fd218cfd8ea9899f",
|
||||
"sha256:a52a1f3a5af7ba1c9ace055b659189f6c669cf3657095b50f9602af3a3ba0fe5",
|
||||
"sha256:ad33e8400e4ec17ba782f7b9cf868977d867ed784a1f5f2ab46e7ba53b6e1e1b",
|
||||
"sha256:b4c01941fd2ff87c2a934ee6055bda4ed353a7846b8d4f341c428109e9fcde8c",
|
||||
"sha256:bce7d9e614a04d0883af0b3d4d501171fbfca038f12c77fa838d9f198147a23f",
|
||||
"sha256:c40ffa9a15d74e05ba1fe2681ea33b9caffd886675412612d93ab17b58ea2fec",
|
||||
"sha256:c5a91481a3cc573ac8c0d9aace09345d989dc4a0202b7fcb312c88c26d4e71a8",
|
||||
"sha256:c921af52214dcbb75e6bdf6a661b23c3e6417f00c603dd2070bccb5c3ef499f5",
|
||||
"sha256:d46cf9e3705ea9485687aa4001a76e44748b609d260af21c4ceea7f2212a501d",
|
||||
"sha256:d8ce0b22b890be5d252de90d0e0d119f363012027cf256185fc3d474c44b1b9e",
|
||||
"sha256:dd432ccc2c72b914e4cb77afce64aab761c1137cc698be3984eee260bcb2896e",
|
||||
"sha256:e0856a2b7e8dcb874be44fea031d22e5b3a19121be92a1e098f46068a11b0870",
|
||||
"sha256:e1f3c3d21f7cf67bcf2da8e494d30a75e4cf60041d98b3f79875afb5b96f3a3f",
|
||||
"sha256:f1ba6136e650898082d9d5a5217d5906d1e138024f836ff48691784bbe1adf96",
|
||||
"sha256:f3e9b4936df53b970513eac1758f3882c88658a220b58dcc1e39606dccaaf01c",
|
||||
"sha256:f80bc7d47f76089633763f952e67f8214cb7b3ee6bfa489b3cb6a84cfac114cd",
|
||||
"sha256:fd2906780f25c8ed5d7b323379f6138524ba793428db5d0e9d226d3fa6aa1788"
|
||||
"sha256:196a736f0526a03653d829d7d4c5500a97eea3648aebfd4b6743875f28aa2af8",
|
||||
"sha256:1abfc6e949b352dadf4bce0eb78023212ec5ac42f6abfd469ce91d783c149c2a",
|
||||
"sha256:1b13fe0fb4aac1aa5320cd693b297fe6fdef0e7bea5518cbc2dd5299f873ae90",
|
||||
"sha256:1d75f3807a9900a7d575d8d6674a3a47e9f227e8716256f35bc6f03fc597ffbf",
|
||||
"sha256:2fbbc0b906a24038c9958a1ba7ae0918ad35b06cb449d398b76a7d08470b0ed9",
|
||||
"sha256:33be9ab121df9b6b461ff91baac6f2731f83d9b27ed948c5b9d1978ae28bf157",
|
||||
"sha256:353b6fc0c36fde68b661a12949d7d49f8f51ff5fa019c1e47c87c4ff34b080ed",
|
||||
"sha256:36043272c6aede309d29d56851f8841ba907a1a3d04435e43e8a19928e243c1d",
|
||||
"sha256:3765afa6bd4832fc11c3749be4ba4b69a0e8d7b728f78e68120a157a4c5d41f0",
|
||||
"sha256:3a89cd8c087ea67e64844287ea52888239cbd2940884eafd2dcd25754fb72232",
|
||||
"sha256:40eae974c873b2992fd36424a5d9407f93e97656d999f43fca9d29f820899084",
|
||||
"sha256:4147151acabb9caed4e474c3344181e91ff7a388b888f1e19ea04f7e73dc7ad5",
|
||||
"sha256:435807eeb1bc791ceb3247d13c79868deb22184e1fc4224808750f0d7d1affc1",
|
||||
"sha256:4835d17af722609a45e16037bb1d4d78b7bdf19d6c0128116d178956618c4e88",
|
||||
"sha256:4a28e8072ae9779f20427af07f53bbb8b4aa81151054e882aee333b158da8752",
|
||||
"sha256:4d3237b224b930d58e9d83c81c0dba7aacc20fcc2f89c1e5423aa0529a4cd142",
|
||||
"sha256:4df2311b0ce24f06ba253fda361f938dfecd7b961576f9be3f3fbd60e87130ac",
|
||||
"sha256:4fd6b577e4541676e0cc9ddc1709d25014d3ad9a66caa19962c4f5de30fc09ef",
|
||||
"sha256:500e85823a27d6d9bba1d057c871b4210c1dd6fb01fbb764e37e4e8847376323",
|
||||
"sha256:5692095123007180dca3e788bb4c399cc26626da51629a31d40207cb262e67f4",
|
||||
"sha256:5fd1b58e1431008a57247d6e7cc4faa41c3607e8e7d4aaf81f7c29ea013cb458",
|
||||
"sha256:61abccf9de335d9efd149e2fff97ed5974f2481b3353772e8e2dd3402ba2bd57",
|
||||
"sha256:61e35a55a546a1690d9d09effaa436c25ae6130573b6ee9829c37ef0f18d5e78",
|
||||
"sha256:6640fd979ca9a212e4bcdf6eb74051ade2c690b862b679bfcb60ae46e6dc4bfd",
|
||||
"sha256:6d489fba546295983abd142812bda76b57e33d0b9f5d5b71c09a583285506f69",
|
||||
"sha256:6f64ae8fe7ffba251fecb8408540c34ee9df1c26674c50c4544d72dbf792e5ce",
|
||||
"sha256:71ef05c1726884e44f8b1d1773604ab5d4d17729d8491403a705e649116c9558",
|
||||
"sha256:77b79ce34a2bdab2594f490c8e80dd62a02d650b91a75159a63ec413b8d104cd",
|
||||
"sha256:78426096939c2c7482bf31ef15ca219a9e24460289c00dd0b94411040bb73ad2",
|
||||
"sha256:79c408fcf76a958491b4e3b103d1c417044544b68e96d06432a189b43d1215c8",
|
||||
"sha256:7a17ac1ea6ec3c7687d70201cfda3b1e8061466f28f686c24f627cae4ea8efd0",
|
||||
"sha256:7da8831f9a0fdb526621ba09a281fadc58ea12701bc709e7b8cbc362feabc295",
|
||||
"sha256:870b9a626280c86cff9c576ec0d9cbcc54a1e5ebda9cd26dab12baf41fee218c",
|
||||
"sha256:88d1e966c9235c1d4e2afac21ca83933ba59537e2e2727a999bf3f515ca2af26",
|
||||
"sha256:88daaf7d146e48ec71212ce21109b66e06a98e5e44dca47d853cbfe171d6c8d2",
|
||||
"sha256:8a8b10fdb84a43e50d38057b06901ec9da52baac6983d3f709d8507f3889d43f",
|
||||
"sha256:8b17ba27727a36cb73aabacaa44b13090feb88a01d012c0f4be70c00f75048b4",
|
||||
"sha256:8b65b53204fe1bd037c40c4148d00ef918eb2108d24c9aaa20bc31f9810ce0a8",
|
||||
"sha256:8ddb2bcfd1a8b9e431c8d6f4f7db0773084e107730ecf3472f1dfe9ad583f3d9",
|
||||
"sha256:96decdfc4adcbc087f5ea7ebdcfd3dee9a13358cae6e81d54be962efc38f6338",
|
||||
"sha256:996f2609ddf0142daba4cefd767d6db26958aac8439ee41db9cc0db9f4c4c3a6",
|
||||
"sha256:9d592d06e3cc2f537ceeeb23d38799c6ad83255289bb84c2e5792e5a8dea268a",
|
||||
"sha256:a32747b1b39c3ac27d0670122b57e6e57f28eefb725e0b625618d1b59bf9d1e0",
|
||||
"sha256:a494554874691720ba5891c9b0b39474ba43ffb1aaf32a5dac874effb1619e1a",
|
||||
"sha256:a8ef6e342c137888ebbfb233e02b8fbd689bb5b5fcc59b34711ac47ebd504478",
|
||||
"sha256:ae497b11f4c21558d95de9f64fff7053544f4d1a17731c866143ed6bb4591238",
|
||||
"sha256:b1ce7f41670c5a69e1389420436f41385b1aa2504c3b0c30620764b15dded2e7",
|
||||
"sha256:b8f93dcddb243159c9e4109c9750ba5b335ab8d48d9522c5308cd05d7e3ce600",
|
||||
"sha256:ba0c325c3f485dc54ec298d8b024e134acf07c10d494ffa24373bea729acf704",
|
||||
"sha256:bb29aaa613c0a1c40d1af111abf025f1732cab333f96f285d6a93b934738a68a",
|
||||
"sha256:bba1be28247e68994355e028dcd668316db30c1f758d3241a7b903ac78dcd285",
|
||||
"sha256:cb643284ab0ed26f6957d969fe0dd8bb17beb567beb8998140b5e38a90974f6c",
|
||||
"sha256:d182dac0221eb8faef2e6f44701812b467c02674a322c739355c39e94730cdbf",
|
||||
"sha256:d275a9e3c81b1093c060c3837e580c37f47c51eca031f7b5fb76f7b8470f5f9b",
|
||||
"sha256:d8b55ea20dc59b181d3f47103f113e6f28a5e1c89fd5b67b9140edb442ab67f2",
|
||||
"sha256:da8f41e602574ece93dbbda1fab24650d6bf2a24089f9e9dbb4f5730ec1e58ad",
|
||||
"sha256:e4141c5a32b5e37905b5940aacbc59739f036930367d7acce7a64e4dec1f5e0b",
|
||||
"sha256:f5be6b6bc52fad84d010cb45433720327ce886009d862f46b26d4d154001994b",
|
||||
"sha256:f6d58656842e1b2ddbe07f43f56b10a60f2ba5826164910968f5933e5178af75"
|
||||
],
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.1.0"
|
||||
"version": "==1.1.1"
|
||||
},
|
||||
"packaging": {
|
||||
"hashes": [
|
||||
@@ -672,11 +655,11 @@
|
||||
},
|
||||
"platformdirs": {
|
||||
"hashes": [
|
||||
"sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc",
|
||||
"sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4"
|
||||
"sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85",
|
||||
"sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==4.3.8"
|
||||
"version": "==4.4.0"
|
||||
},
|
||||
"pycparser": {
|
||||
"hashes": [
|
||||
@@ -786,11 +769,77 @@
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760",
|
||||
"sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
|
||||
"sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6",
|
||||
"sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf"
|
||||
],
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==2.32.3"
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==2.32.5"
|
||||
},
|
||||
"selectolax": {
|
||||
"hashes": [
|
||||
"sha256:0933659b4250b91317ccd78167e6804389cdaf7ed86c5d034b058a550d23110f",
|
||||
"sha256:0a98c3f3d8fffb175456cb06096bc78103ddf6a209bea6392e0e4ea4e25aca71",
|
||||
"sha256:15679e9935ccf6c480a34baf8fe217c2b2023e0df18799f0232032dc8ac66d41",
|
||||
"sha256:21de62b5093b1cb6c5d4cab0bef5f708b9ee1483b640d42be9d955becfcd287a",
|
||||
"sha256:24f3f5de4051ca33ea769c8a99798c7e30e6500e090e363d5fcd3382b1ae8dfa",
|
||||
"sha256:25cfccfefc41361ab8a07f15a224524a4a8b77dfa7d253b34bbd397e45856734",
|
||||
"sha256:28696fa4581765c705e15d05dfba464334f5f9bcb3eac9f25045f815aec6fbc1",
|
||||
"sha256:29e71fbd58b90d2920ef91a940680cb5331710fe397925ce9d10c3f2f086bf27",
|
||||
"sha256:2bfe4327215a20af4197c5b7e3729a9552fb324bb57250dc7e7abfa0f848a463",
|
||||
"sha256:2f5c3523ad5199a4fb9b95b6e24ff9222d3605023ca394b23f7dd910e7536daf",
|
||||
"sha256:3625057ba0eab766db555f753959cc2759ec8ac49cded7c5f4d507d80fdf9433",
|
||||
"sha256:38462ae369897f71da287f1282079c11f1b878b99a4d1d509d1116ce05226d88",
|
||||
"sha256:394d356ea611a7853c13c910a57c1a80a8356f9c920aa8168b3f8aaa62e433d8",
|
||||
"sha256:3e5354d805dd76b4b38002f58e6ae2e7b429ac311bf3601992a6662d2bc86911",
|
||||
"sha256:3f58dca53d2d3dc18dfd2cb9210a5625f32598db24e3f857f5be58f21a8f3b88",
|
||||
"sha256:45682905dd88e268bb5906ce2c3927e89f77b910824a6f64419bfec482cd67be",
|
||||
"sha256:47587db7cef411d22f8224cf2926aacdb326c4c838d386035229f16ccc2d8d26",
|
||||
"sha256:484274f73839f9a143f4c13ce1b0a0123b5d64be22f967a1dc202a9a78687d67",
|
||||
"sha256:50b18a262ea01ca5522f9a30c28ecadb004be88296f6bd2ace21464f89a3cbcc",
|
||||
"sha256:5388c56456272b2c241fc1906db9cc993984cafdad936cb5e061e3af0c44144e",
|
||||
"sha256:558a0c665538bfd0549c40c4ea46523a77e8eae09f4e678191cf54c31c17517c",
|
||||
"sha256:565304311e45c582e85ec525b0646aede6f8db1f22bc08786e94f7b6552d4311",
|
||||
"sha256:6abdd8357f1c105c1add01a9f0373511fa832548b2e2778b00a8ba2a4508d6ed",
|
||||
"sha256:6c684d66a0f8e48786ef6d79b9e1e84cb1ffd0835232b4033bed37cf978d1303",
|
||||
"sha256:6d3f373efd1db18ac9b2222de2668aaa366a1f0b560241eab128f3ca68e8add1",
|
||||
"sha256:6ff48efe4364c8148a553a4105773a0accee9cc25e0f2a40ddac44d18a5a3000",
|
||||
"sha256:7073e3bcdc60ebdb5f8777c79b465471ec000ab556134da4e00f037d3321a2ec",
|
||||
"sha256:7c10452a3a14ee7aa49afb141c3725ef7ba930d5b5391798daf2e053c414a158",
|
||||
"sha256:8377c317bf1d5fd6ccc56dfb5a0928bbcbea3e800b7af54761cfbbb99dc94cb9",
|
||||
"sha256:85aeae54f055cf5451828a21fbfecac99b8b5c27ec29fd10725b631593a7c9a3",
|
||||
"sha256:90c435bc49395344abdaed80d98079466e8c8b6469118cec5cc9cae4dce8bcad",
|
||||
"sha256:912a1fc03157ebd066d8f59ae9ca2412ef95c7101a51590327c23071b02c97c7",
|
||||
"sha256:97b9971bb37b54ef4440134f22792d15c9ee12d890a526a7fe0b376502240143",
|
||||
"sha256:9858fef96e4e332fa64102f0ab1ecf8f88a9ea46a82d379fb421c8f736b60090",
|
||||
"sha256:9c969626b2295702076f50aac91e44c3bba639fa2e1a612bf6ae254bf29b4d57",
|
||||
"sha256:a3d44a295416b79815d2858ed4ccb71bf3b63087483a5d3705daa837c9dcf44d",
|
||||
"sha256:ac940963c52f13cdf5d7266a979744949b660d367ce669efa073b557f6e09a18",
|
||||
"sha256:aecf29641a4b092331d081fb59f12f6b3fd236c16b48ef6e86419454df787ae1",
|
||||
"sha256:af5cd03298cd75cb0fbf712d6ae4f8aca9c13a226d2821ca82f51cc9b33b032f",
|
||||
"sha256:b0c9005e9089a6b0c6fb6a9f691ddbbb10a3a23ebeff54393980340f3dbcdb99",
|
||||
"sha256:bc1676cd243812ca6ddd79ad53997996535e27db17fda3d440b470bb322f5959",
|
||||
"sha256:bd99ff0f5a6c017c471635d4ee45b61d25f24689331e407147b2cf5e36892480",
|
||||
"sha256:bdd1e63735f2fb8485fb6b9f4fe30d6c030930f438f46a4a62bd9886ab3c7fd9",
|
||||
"sha256:be12a160b1feacd3db1ea2274dcb70dfa9b123b7a1216849eec7b48b6783e903",
|
||||
"sha256:bf14ca824c4c9fd9b0534d0f316657495ffcedbaf77690be335242c688512b86",
|
||||
"sha256:c198a1d3693aeccf1c45871bf3fee4bd46428fa99cdb9f3dfee20e1b48c363c7",
|
||||
"sha256:c6b569fa67a122bfd7f0776c1c922daf122fb4502c8116a903c6168742b84db9",
|
||||
"sha256:cfb803d6bbe0ef3c8847cf5a01167cc428c0d9179946e1c994cc6178b5332d1a",
|
||||
"sha256:d0a6d8e02c6b9ba951d7b5a5dd2788a1d4bbdedc89782a4de165f1a87c4168ac",
|
||||
"sha256:d458db7fee5f6b1ce75664ce8a009343c0aac1993a7b844a997cfea3ad0ea77b",
|
||||
"sha256:d4ecc262db7afb0087e679176043178dc59791fce56659f62775a96d60596f1d",
|
||||
"sha256:d6a1cd0518fa7656ea1683c4b2d3b5a98306753f364da9f673517847e1680a3e",
|
||||
"sha256:db734ba4ef44fa3b57ad9374fd7ccfc7815c0ae5cfcbd5ee25fe8587092618d1",
|
||||
"sha256:deeab93386b6c9a75052515f5b9e7e3dd623c585871c0c2b3126970ff902603b",
|
||||
"sha256:dfee3340e8c89dd25a7dd621940b928960e4c9a70c4830d208f29b0adf288743",
|
||||
"sha256:e13befacff5f78102aa11465055ecb6d4b35f89663e36f271f2b506bcab14112",
|
||||
"sha256:e3112f05a34bf36d36ecc51520b1d98c4667b54a3f123dffef5072273e89a360",
|
||||
"sha256:e7f4cc1b7ce9691559decfd5db7cc500e71a9f6ccfe76c054f284c184a1d1dc9",
|
||||
"sha256:e9e4690894f406863e25ba49da27e1a6fda9bfc21b0b315c399d3093be080e81",
|
||||
"sha256:ea52e0c128e8e89f98ab0ccaabbc853677de5730729a3351da595976131b66e0",
|
||||
"sha256:edd2760699c60dde7d847aebd81f02035f7bddcd0ad3db8e73326dfc84a2dc8f"
|
||||
],
|
||||
"version": "==0.3.29"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
@@ -834,11 +883,11 @@
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466",
|
||||
"sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813"
|
||||
"sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760",
|
||||
"sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==2.4.0"
|
||||
"version": "==2.5.0"
|
||||
},
|
||||
"watchdog": {
|
||||
"hashes": [
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer team members and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.
|
||||
|
||||
The current list of team members can be found [here](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
|
||||
The current list of team members can be found on [the executive committee page](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
|
||||
|
||||
*Featured on: [Tweakers](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html), [The New York Times](https://nytimes.com/wirecutter/guides/online-security-social-media-privacy), [Wired](https://wired.com/story/firefox-mozilla-2022), and [Fast Company](https://www.fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again).*
|
||||
|
||||
@@ -63,9 +63,7 @@ All contributors to the site are listed [here](#contributors). If you have contr
|
||||
## Mirrors
|
||||
|
||||
- **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/)
|
||||
- **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/)
|
||||
- **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/)
|
||||
- **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!)
|
||||
|
||||
### Alternative Networks
|
||||
|
||||
@@ -117,7 +115,7 @@ Committing to this repository requires [signing your commits](https://docs.githu
|
||||
It is required to create a GitHub release to publish the current site to privacyguides.org. The current `main` branch can be previewed at [https://main.staging.privacyguides.dev](https://main.staging.privacyguides.dev) prior to release.
|
||||
|
||||
1. Create a new tag: `git tag -s YYYY.MM.DD -m 'Some message'`
|
||||
- Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit sha to next release, e.g. `YYYY.MM.DD-6aa14e8`
|
||||
- Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit to the next release, e.g. `YYYY.MM.DD-6aa14e8`
|
||||
- Enable GPG tag signing by default (`git config tag.gpgSign true`) to avoid missing signatures
|
||||
2. Push the tag to GitHub: `git push --tags`
|
||||
3. A GitHub Release will be automatically created and deployed to the live site.
|
||||
@@ -596,6 +594,7 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="https://github.com/blanchardjeremy"><img src="https://avatars.githubusercontent.com/u/32290?v=4" width="100px;" loading=lazy /><br /><sub><b>Jeremy</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=blanchardjeremy" title="Documentation">📖</a></td>
|
||||
<td align="center" valign="top" width="20%"><a rel="nofollow noopener noreferrer" href="http://panwor.vercel.app"><img src="https://avatars.githubusercontent.com/u/97786623?v=4" width="100px;" loading=lazy /><br /><sub><b>panwor</b></sub></a><br /><a href="https://github.com/privacyguides/privacyguides.org/commits?author=panwor" title="Documentation">📖</a> <a href="#translation-panwor" title="Translation">🌍</a></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
<tfoot>
|
||||
@@ -614,7 +613,7 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
|
||||
|
||||
CLI to generate this table:
|
||||
|
||||
|
||||
@@ -86,6 +86,10 @@ authors:
|
||||
mastodon:
|
||||
username: blacklight447
|
||||
instance: mastodon.social
|
||||
ptrmdn:
|
||||
name: Peter Marsden
|
||||
description: Guest Contributor
|
||||
avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ptrmdn/288/14291_2.png
|
||||
sam-howell:
|
||||
name: Sam Howell
|
||||
description: Guest Contributor
|
||||
|
||||
BIN
Binary file not shown.
|
After Width: | Height: | Size: 182 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 173 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 214 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 95 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 317 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 115 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 108 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 118 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 68 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 107 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.6 MiB |
Binary file not shown.
|
After Width: | Height: | Size: 891 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 214 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 238 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 218 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 286 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 119 KiB |
@@ -1,5 +1,6 @@
|
||||
---
|
||||
description: Privacy-related news stories, product reviews, opinion pieces, and other important articles from Privacy Guides contributors.
|
||||
canonical_url: https://www.privacyguides.org/posts/tag/articles/
|
||||
hide:
|
||||
- footer
|
||||
---
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
|
||||
description: Age verification laws forcing platforms to restrict access to content online have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp
|
||||
|
||||
@@ -0,0 +1,313 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-08T18:00:00Z
|
||||
updated: 2025-09-15T16:30:00Z
|
||||
categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Chat Control is back to undermine everyone's privacy. There's an important deadline on October 14th, 2025. We must act now to stop it!
|
||||
schema_type: ReportageNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp
|
||||
---
|
||||
|
||||
# Chat Control Must Be Stopped, Act Now!
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Ramaz Bluashvili / Pexels</small>
|
||||
|
||||
If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **right now**, and **we must act to stop it right now**.<!-- more -->
|
||||
|
||||
Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long.
|
||||
|
||||
The agent checks your bathroom, your medicine cabinet, your bedroom, your closets, your drawers, your fridge, and takes photos and notes to document everything. Then, this report is uploaded to the police's cloud. It's "[for a good cause](encryption-is-not-a-crime.md)" you know, it's to make sure you aren't hiding any child sexual abuse material under your bed.
|
||||
|
||||
Every morning. Even if you're naked in bed. Even while you're having a call with your doctor or your lover. Even when you're on a date. Even while you're working and discussing your client's confidential information with their attorney. This police officer is there, listening to you and reporting on everything you do.
|
||||
|
||||
This is the in-person equivalent of Chat Control, a piece of legislation that would mandate **all** services to scan **all** private digital communications of **everyone** residing in the European Union.
|
||||
|
||||
This is an Orwellian nightmare.
|
||||
|
||||
## Act now!
|
||||
|
||||
This is happening **right now**. European governments will be finalizing their positions on the regulation proposal on September 12th, and there will be a final vote on **October 14th, 2025**.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Important: If you are reading this article after September 12th</p>
|
||||
|
||||
Regardless of the outcome on September 12th, the fight isn't over. The next deadline will be the **final vote on October 14th, 2025**.
|
||||
|
||||
If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
|
||||
|
||||
</div>
|
||||
|
||||
- ==If you are not located in Europe==: Keep reading, this will affect you too.
|
||||
|
||||
- If you are still unconvinced: Keep reading, we discuss Chat Control in [more details](#why-is-this-bad) below.
|
||||
|
||||
- If you are located in Europe: You must **act now** to stop it.
|
||||
|
||||
<div class="admonition question" markdown>
|
||||
<p class="admonition-title">How to stop this? Contact your MEPs today</p>
|
||||
|
||||
Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
|
||||
|
||||
But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives as soon as possible**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
|
||||
|
||||
At the time of this writing, the list of countries to contact is:
|
||||
|
||||
| **Supporting (15)** | | **Undecided (6)** |
|
||||
| ---------------------------------- | ----------------------------------- | -------------------- |
|
||||
| :triangular_flag_on_post: Bulgaria | :triangular_flag_on_post: Latvia | :warning: Estonia |
|
||||
| :triangular_flag_on_post: Croatia | :triangular_flag_on_post: Lithuania | :warning: Germany |
|
||||
| :triangular_flag_on_post: Cyprus | :triangular_flag_on_post: Malta | :warning: Greece |
|
||||
| :triangular_flag_on_post: Denmark | :triangular_flag_on_post: Portugal | :warning: Luxembourg |
|
||||
| :triangular_flag_on_post: France | :triangular_flag_on_post: Slovakia | :warning: Romania |
|
||||
| :triangular_flag_on_post: Hungary | :triangular_flag_on_post: Spain | :warning: Slovenia |
|
||||
| :triangular_flag_on_post: Ireland | :triangular_flag_on_post: Sweden | |
|
||||
| :triangular_flag_on_post: Italy | | |
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Patrick Breyer / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
## What is Chat Control?
|
||||
|
||||
"Chat Control" refers to a series of legislative proposals that would make it mandatory for *all* service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan *all* communications and *all* files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
|
||||
|
||||
The push for Chat Control started in 2021 with the approval of a [derogation](https://www.patrick-breyer.de/en/chatcontrol-european-parliament-approves-mass-surveillance-of-private-communications/) to the ePrivacy Directive by the European Parliament. This derogation escalated to a second proposal for *mandatory* scanning a year later, which was [rejected](https://fortune.com/europe/2023/10/26/eu-chat-control-csam-encryption-privacy-european-commission-parliament-johansson-breyer-zarzalejos-ernst/) in 2023. Nevertheless, lawmakers and lobbyists determined to undermine our safety and civil liberties are bringing it back again two years later, **literally trying to wear you down**.
|
||||
|
||||
We cannot let authoritarians wear us down until we lose all our privacy rights. Our privacy rights are fundamental to so many other human rights, to civil liberties, to public safety, and to functioning democracies.
|
||||
|
||||
Chat Control undermines all of this.
|
||||
|
||||
Cryptography professor and cybersecurity expert Matthew Green described the 2022 proposal document for Chat Control as "[**the most terrifying thing I've ever seen**](https://fortune.com/2022/05/12/europe-phone-surveillance-crackdown-child-sexual-abuse-material-sparks-outrage-among-cybersecurity-experts-privacy-activists/)".
|
||||
|
||||
And terrifying, it is.
|
||||
|
||||
The [most recent proposal for Chat Control](https://tuta.com/blog/chat-control-criticism) comes from the EU Council Danish presidency pushing for regulation misleadingly called the **Child Sexual Abuse Regulation** (CSAR). Despite its seemingly caring name, this regulation will **not** help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the [next section](#would-this-protect-the-children)).
|
||||
|
||||
The CSAR proposal (which *is* the latest iteration of Chat Control) could be implemented as early as *next month*, if we do not stop it.
|
||||
|
||||
**The problem is this: Chat Control will not work, it is unreliable, it will escalate in scope, and it will endanger everyone (including the children).**
|
||||
|
||||
Even if you are not in Europe, know that Chat Control will affect everyone inside *and* outside of Europe one way or another. Regardless of where you are, you should be concerned and pay attention, and there are things you can do to fight back. This is important.
|
||||
|
||||
|
||||
<small aria-hidden="true">Still image from [video](https://stopscanningme.eu/video/csar-explainer.mp4): Stop Scanning Me / EDRi</small>
|
||||
|
||||
## Why is this bad?
|
||||
|
||||
The idea that it's possible to somehow [magically protect](encryption-is-not-a-crime.md/#magical-backdoor-only-for-the-good-guys-is-a-complete-fantasy) information properly while giving access to unquestionably well-intended law enforcement comes from either extreme naivety, lack of information, and plain dishonesty.
|
||||
|
||||
This proposal would effectively break any end-to-end encryption protections, and potentially expose all your files and communications to not only law enforcement, but eventually also to criminals of all sorts (with the data breaches, data leaks, and corruption that will inevitably follow).
|
||||
|
||||
Here's a summary of some dangers this regulation would create if approved:
|
||||
|
||||
- **Breaking end-to-end encryption**: Removing crucial protections for all sensitive files and communications of vulnerable populations, victims, whistleblowers, journalists, activists, and everyone else.
|
||||
|
||||
- **Mission creep**: Once this mass surveillance system is in place, authorities can decide to add more criteria such as searching all communications for references to drug use, protest attendances, political dissidence, or even [negative comments](https://www.lemonde.fr/en/international/article/2025/03/22/how-a-french-researcher-being-refused-entry-to-the-us-turned-into-a-diplomatic-mess_6739415_4.html) about a leader. Europol (the EU law enforcement agency) has already called for [expanding the program](https://www.youtube.com/watch?v=L933xDcSS3o&t=2016s).
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Criminal attacks**: Each time a backdoor exists, it doesn't take long for criminals to find access and steal our information. This could include criminals finding access to each service independently or to the entire database authorities would keep. A database that would be filled with material tagged as sexually explicit text or photos of children. This could even *create* new Child Sexual Abuse Material (CSAM) for criminals. For example, consenting teenagers innocently sexting together could have their photos collected in this database, after being wrongly flagged by the automated system. Then, criminals could steal their intimate photos from the governments.
|
||||
|
||||
- **False positives**: With a mass surveillance system this large, moreover a system with no transparency and little oversight, false positives are inevitable. Despite marketing promises from the [organizations lobbying government officials](https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-criticises-revolving-door-between-europol-and-chat-control-tech-lobbyist-thorn/), we all know AI technologies regularly misfire and cannot be reliable for anything of such importance. Loving parents could get flagged as pedophiles just for innocently uploading a photo of their child in the bathtub on their *private* cloud. Teenagers exploring their sexuality consensually with each other could get tagged as sexual predators (a label that might stick on them decades later). The police could receive reports for breastfeeding mothers. The list is infinite.
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Overwhelming resources**: The inevitable false positives will completely overwhelm the agencies responsible for investigating flagged material. This will cost them precious time they will not have to investigate *actual* abuse cases. Organizations fighting child sexual abuse are already overwhelmed and lack resources to prosecute real criminals.
|
||||
|
||||
- **Hurting victims**: Such system of mass surveillance could prevent victims of child sexual abuse (and other crimes) to reach out for help. Knowing that all their communications would be scanned, they would lose all confidentiality while reporting crimes. The evidences they share could even be tagged by Chat Control, as if they were the perpetrator rather than the victim. Sadly, many will likely decide it's safer not to report at all.
|
||||
|
||||
- **Self-censorship**: With Chat Control in place, not only victims might censor themselves and stop reaching out for help, but everyone else as well. When people know they are being observed, they feel less free to be themselves and to share openly. This is doubly true for anyone who is part of a marginalized group, such as [LGBTQ+ people](importance-of-privacy-for-the-queer-community.md), or anyone who is being victimized or at risk of victimization.
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Undermining democracy**: This surveillance system would allow governments to spy on opposition. Chat logs from opposing candidates, activists, and journalists could all be accessed by authorities in order to silence opponents or blackmail candidates. Even if you trust your government to not do this now, this doesn't mean it could not be used in this way by the next government. We have all seen how fast the political landscape can change.
|
||||
|
||||
- **Violating the GDPR (and other laws)**: The General Data Protection Regulation (GDPR) offers wonderful protections to Europeans. Sadly, Chat Control would make a complete farce of it. The Right to Erasure (right to delete) could be reduced to ashes by Chat Control, including for any highly sensitive information wrongly caught in the CSAR net. Moreover, it would [violate Article 7 and Article 8](https://tuta.com/blog/chat-control-criticism) of the EU Charter of Fundamental Rights.
|
||||
|
||||
Protecting the children is only the excuse used in hope of convincing a misinformed public. **Chat Control is authoritarian mass surveillance.**
|
||||
|
||||
Authorities understand well how important protecting communication and information is. This is why they included an exemption to protect *their own* communications, but not yours.
|
||||
|
||||
## Would this protect the children?
|
||||
|
||||
No.
|
||||
|
||||
This cannot be stressed enough: **This regulation would not protect the children, it would *harm* the children**, and everyone else too, worldwide. Claiming otherwise is either naivety, or misinformation.
|
||||
|
||||
Last year, the civil and human rights association European Digital Rights (EDRi) put together a [joint statement from 48 organizations](https://edri.org/our-work/joint-statement-on-the-future-of-the-csa-regulation/) for children's protection, digital rights, and human rights, demanding that the European Parliament invest instead in proven strategies to fight child abuse. This appeal to reason does not seem to have been heard by most EU Member States.
|
||||
|
||||
There are many things we can do as a society to increase protections for children and fight abusers and criminals, but Chat Control is far from it all. Protection of the children is clearly only an excuse here, and a very misleading one.
|
||||
|
||||
|
||||
<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
|
||||
|
||||
### Mislabelling children as criminals
|
||||
|
||||
First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of European Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
|
||||
|
||||
Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves.
|
||||
|
||||
Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to some faceless officers or tech employees working on the system.
|
||||
|
||||
Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous.
|
||||
|
||||
### Exposing children's sensitive and sexual information
|
||||
|
||||
Any content that could be deemed suspicious or explicit by the system, accurately or not, would be flagged and reported.
|
||||
|
||||
When this content is reported, it will likely be uploaded to a database for human review. This means that if a teenager was sending an intimate photo of themselves to another consenting teenager, they could be flagged as sharing CSAM, even if it's their own photo. Then, their photo would be sent to the police for review. Information that should very much have stayed protected and private between these two teenagers is now exposed to strangers. This is wrong, and dangerous.
|
||||
|
||||
Even innocuous communications such as daily conversations, teenagers chatting with each other, parents reporting information about their child to a [doctor](https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html), and therapists talking with their patients, could all inadvertently expose children sensitive information. This is information that should have remained *private*, and would now be uploaded to a police database, likely [stored there forever](https://www.iccl.ie/news/an-garda-siochana-unlawfully-retains-files-on-innocent-people-who-it-has-already-cleared-of-producing-or-sharing-of-child-sex-abuse-material/) with few recourses to remove it.
|
||||
|
||||
The more we collect sensitive information about children (photos, faces, locations, identifications, medical information, private chats, experiences, etc.), the more we risk exposing children to harm. This includes systems used by authorities and governments. Even if everyone with legitimate access to this data is miraculously 100% exemplary and incorruptible citizens, the databases and scanning systems will still be vulnerable to attacks from criminals and hostile governments alike.
|
||||
|
||||
The only way to protect children's information properly is to **1) not collect it**, and **2) use end-to-end encryption to protect it** when we cannot avoid collecting it. Spying on everyone and every child is the opposite of that.
|
||||
|
||||
### Authorities' databases will be attacked
|
||||
|
||||
It's impossible to perfectly secure information online. There is a lot we can do to improve security (much more than is done now), but data breaches will happen.
|
||||
|
||||
If governments mandate a backdoor to have access to all our online communication and stored files, it's inevitable that at least some criminals will eventually get access to it as well. This is even truer if this system is closed-source, [privatized](https://fortune.com/europe/2023/09/26/thorn-ashton-kutcher-ylva-johansson-csam-csa-regulation-european-commission-encryption-privacy-surveillance/), and isn't subjected to frequent independent audits with strong accountability.
|
||||
|
||||
Once a vulnerability is found by criminals, they will have the same access as authorities have to our data. With Chat Control, this means pretty much all our data.
|
||||
|
||||
In addition, Chat Control could facilitate the proliferation of even more spyware and [stalkerware](https://stopstalkerware.org/) on the market, thriving on the vulnerabilities found in the powerful system. This would allow *anyone* to purchase access to spy on *anyone*, including databases of identified children. It could give a direct backdoor-access to pedophiles. How could *this* be helping to protect the children?
|
||||
|
||||
### The danger is inside
|
||||
|
||||
Even if the idea of online strangers accessing children's sensitive data is terrifying, the worse danger in often much closer.
|
||||
|
||||
Sadly, we already know that the [vast majority](https://content.c3p.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf) of child sexual abuse is perpetrated by adults close to the child, not strangers, and that two-thirds of CSAM images appear to have been [produced at home](https://theconversation.com/new-research-shows-parents-are-major-producers-of-child-sexual-abuse-material-153722). Chat Control would do nothing to fight this. In fact, it could facilitate it.
|
||||
|
||||
Child abuse is an incredibly important topic to discuss and to fight against as a society. Utilizing this issue as an excuse to pass a surveillance law that would endanger everyone, including the victims, is despicable.
|
||||
|
||||
When children are living with the abuser, the only escape is outside the home, and sometimes this means *online*. Abusers often use spying technologies to control and restrict access to help for their victims. If we make mass surveillance mandatory and normalized, this risks aggravating the stalkerware problem by obligating providers to implement backdoors in their systems. We would effectively be helping abusers at home to restrict access to help for their victims, including victims of CSAM. This is completely unacceptable.
|
||||
|
||||
### How to actually help the children
|
||||
|
||||
Despite the politicization of this issue to manipulate the public opinion in accepting mass surveillance, there are actually *proven* solutions to help to protect the children, online and offline.
|
||||
|
||||
First, governments should [listen](https://mogis.info/static/media/uploads/eu-libe-mogis-hahne-07032023_en.pdf) to [organizations already doing the work](https://edri.org/our-work/most-criticised-eu-law-of-all-time/). Most are understaffed and under-resourced to properly support the victims and prosecute the criminals. Thousands of more reports every day would not help them do any effective work. More capacity to conduct *targeted* investigation and arrest criminals, and more capacity to create safe spaces to support the victims and witnesses will help.
|
||||
|
||||
Privacy should be the default, for everyone.
|
||||
|
||||
If all our services were using end-to-end encryption when possible, and implemented proper security and privacy features and practices, this would effectively help to protect the children as well. Abusers and criminals are looking for leaked and stolen data all the time. When a cloud photo storage gets hacked, your photos are up for grabs online, including the photos of your children. When parents upload photos of their children and their address online, and this data gets exposed (leaked, breached, AI-scraped, etc.), this data then becomes accessible to criminals.
|
||||
|
||||
**Better privacy protections also means better protections for the children.**
|
||||
|
||||
Children themselves should receive better education on how their data is used online and how to protect it. Additionally, it is vital to provide better education on what behaviors aren't normal coming from an adult, and how to reach out for help when it happens. Children should have access to safe and confidential resources to report abuse, whether it's happening outside or inside their home.
|
||||
|
||||
Parents should be careful when sharing information about their children. And when they have to, they should benefit from complete confidentiality, knowing their communication is fully end-to-end encrypted and not shared with anyone else.
|
||||
|
||||
There is so much we can do to help to protect better the children online, surveillance is the opposite of it all.
|
||||
|
||||
## How would this affect me?
|
||||
|
||||
If this regulation is approved on **October 14th, 2025** (the date for the final vote), the consequences would be devastating for everyone, even outside the European Union.
|
||||
|
||||
We have seen how platforms implemented better privacy practices and features after the GDPR became effective in 2018, features that often benefited people worldwide. This could have the same effect in reverse.
|
||||
|
||||
Every platform potentially handling data of people located in the EU would be subjected to the law. Platforms would be obligated to scan all communications and all files of (at least) data subjects located in the EU, even data currently protected with end-to-end encryption. This would affect popular apps and services like Signal, Tuta, Proton, WhatsApp, Telegram, and much more.
|
||||
|
||||
### Outside of Europe
|
||||
|
||||
This would not only affect Europeans' data, but also the data of anyone outside communicating with someone located in the European Union. Because end-to-end encryption can only work if **both** ends are protected.
|
||||
|
||||
If Chat Control gets approved and applied, it will become very difficult to communicate with anyone located in the EU while keeping strong protections for your data. Many people might just accept the surveillance passively, and as a result lose their rights, their protections, and compromise their democratic processes. Overtime, this will likely lead to a slippery slope towards dystopian authoritarianism.
|
||||
|
||||
Outside of Europe, you could expect to see services removing some privacy-protective features, downgrading encryption, blocking European countries that are subjected to the law, or moving outside of Europe entirely. If localization-based scanning is too complicated to handle for an application, some companies might just decide it's simpler to scan communications for all users, worldwide.
|
||||
|
||||
Additionally, Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) have already [expressed support](https://www.youtube.com/watch?v=L933xDcSS3o&t=2163s) for Chat Control, and might be keen to try the same at home, if this gets approved and tested in Europe first.
|
||||
|
||||
### Inside of Europe
|
||||
|
||||
Without using tools that would be now deemed illegal, you would lose any protections currently granted by end-to-end encryption. It would become impossible for you to send an email, a text message, or a photo without being observed by your government, and potentially also by criminals and foreign governments, following the inevitable data breaches.
|
||||
|
||||
You would have to constantly self-censor to avoid triggering the system and getting reported to the authorities. At first, you would probably just have to stop sending nudes, sexting, or sending photos of naked children in the bathtub or playing at the beach. Then, this would escalate to never mentioning drug or anything that could sound like drug, even as a joke. Later, you might have to stop texting about going to a protest, and stop organizing protests online. Further down the line, you might even have to self-censor to make sure you are not saying anything negative about a leader, or a [foreign politician](https://www.reuters.com/world/us/trump-administration-resuming-student-visa-appointments-state-dept-official-says-2025-06-18/) even. This isn't that hypothetical, this sort of [oppressive surveillance](https://www.hrw.org/news/2017/11/19/china-police-big-data-systems-violate-privacy-target-dissent) already exists in some countries.
|
||||
|
||||
Many services you currently rely on right now would simply shut down, or move away from Europe entirely. Businesses might also move outside of Europe if they worry about protecting their proprietary information. This could cause massive layoffs, while organizations move to jurisdictions where they are allowed to keep their data protected and unobserved.
|
||||
|
||||
Finally, even if this doesn't affect you personally, or you don't believe it will, [**this isn't just about you**](the-privacy-of-others.md).
|
||||
|
||||
The data of vulnerable people would be exposed and their safety put at risk. Victims might decide to stop reaching out for help or reporting crimes. Sources requiring anonymity might decide the risk isn't worth reporting valuable information to journalists. Opponents of governments in power could be silenced. Every democracy in the European Union would suffer greatly from it.
|
||||
|
||||
Chat Control is completely antithetical to the values the European Union has been presenting to the world in recent years.
|
||||
|
||||
|
||||
<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
|
||||
|
||||
## What can I do about it?
|
||||
|
||||
Even if the landscape seems dismal, **the battle isn't over**. There are many things you can do, right now, to fight against this authoritarian dystopia.
|
||||
|
||||
### For Europeans, specifically
|
||||
|
||||
- Contact your country representatives **TODAY**. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
|
||||
|
||||
- After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway.
|
||||
|
||||
- Tell your family and friends to contact their representatives as well, talk about it, make noise.
|
||||
|
||||
### For Everyone, including Europeans
|
||||
|
||||
- Talk about Chat Control on social media often, especially this month. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
|
||||
|
||||
- Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms.
|
||||
|
||||
- Contact your European friends in impacted countries and tell them to contact their representatives NOW.
|
||||
|
||||
- Even outside the EU, you can contact your own representatives as well, to let them know regulations like Chat Control are horrible for human rights, and you hope your country will never fall for such repressive laws. Tell your political representatives that privacy rights are important to you. **Your voice matters.**
|
||||
|
||||
We need your help to fight this. For democracy, for privacy, and for all other human rights, we cannot afford to lose this battle.
|
||||
|
||||
|
||||
<small aria-hidden="true">Screenshot: [fightchatcontrol.eu](https://fightchatcontrol.eu/)</small>
|
||||
|
||||
## Resources to learn more, and fight for human rights
|
||||
|
||||
### Videos about Chat Control
|
||||
|
||||
- [**Stop Scanning Me**: Short video that summarizes perfectly the issues with Chat Control](https://stopscanningme.eu/video/csar-explainer.mp4)
|
||||
|
||||
- [**Stop Scanning Me**: German-language version of the same short video](https://www.patrick-breyer.de/posts/chat-control/)
|
||||
|
||||
- [**Louis Rossmann**: Video discussing why privacy matters, and the impact of Chat Control from a perspective outside of Europe](https://www.youtube.com/watch?v=3NyUgv6dpJc)
|
||||
|
||||
- [**Shaping Opinion**: Excellent interview with Chat Control expert Patrick Breyer (recommended)](https://www.youtube.com/watch?v=L933xDcSS3o)
|
||||
|
||||
- [**Patrick Breyer**: PeerTube channel with numerous videos related to Chat Control (German & English)](https://peertube.european-pirates.eu/c/patrick_breyer_mep_channel)
|
||||
|
||||
### Memes about Chat Control
|
||||
|
||||
- [**Stop Scanning Me**: Memes, banners, and other graphics](https://stopscanningme.eu/en/organise-now.html)
|
||||
|
||||
- [**Patrick Breyer**: Memes, explainers, maps, and other graphics](https://www.patrick-breyer.de/posts/chat-control/#WhatYouCanDo)
|
||||
|
||||
### Websites with more information
|
||||
|
||||
- [**Fight Chat Control** (Contact your representatives here **TODAY**!)](https://fightchatcontrol.eu/)
|
||||
|
||||
- [**Stop Scanning Me** (from EDRi)](https://stopscanningme.eu)
|
||||
|
||||
- [**Patrick Breyer** (expert and former Member of the European Parliament)](https://www.patrick-breyer.de/posts/chat-control/)
|
||||
|
||||
- [**European Crypto Initiative**](https://eu.ci/eu-chat-control-regulation/)
|
||||
|
||||
- [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol)
|
||||
|
||||
---
|
||||
|
||||
**Update (9/15):** Added modifications related to the second important deadline for action, on October 14th.
|
||||
|
||||
**Update (9/8):** Added clarification about what Chat Control is for readers unfamiliar with it.
|
||||
@@ -9,7 +9,7 @@ categories:
|
||||
- Reviews
|
||||
authors:
|
||||
- em
|
||||
description: "If you have been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad."
|
||||
description: If you've been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad.
|
||||
preview:
|
||||
logo: theme/assets/img/document-collaboration/cryptpad.svg
|
||||
review:
|
||||
|
||||
@@ -0,0 +1,250 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-30T16:30:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Privacy Enhancing Technologies
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Differential privacy is a mathematically rigorous framework for adding a controlled amount of noise to a dataset so that no individual can be reidentified. Learn how this technology is being implemented to protect you.
|
||||
preview:
|
||||
cover: blog/assets/images/differential-privacy/cover.webp
|
||||
---
|
||||
# What is Differential Privacy?
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Privacy Guides / Jordan Warne</small>
|
||||
|
||||
Is it possible to collect data from a large group of people but protect each individual's privacy? In this entry of my series on [privacy-enhancing technologies](../tags.md/#tag:privacy-enhancing-technologies), we'll discuss differential privacy and how it can do just that.<!-- more -->
|
||||
|
||||
## Problem
|
||||
|
||||
It's useful to collect data from a large group of people. You can see trends in a population. But it requires a lot of individual people to give up personally identifiable information. Even things that seem innocuous like your gender can help identify you.
|
||||
|
||||
Latanya Sweeney in a [paper](https://dataprivacylab.org/projects/identifiability/paper1.pdf) from 2000 used U.S. Census data to try and re-identify people solely based on the metrics available to her. She found that 87% of Americans could be identified based on only 3 metrics: ZIP code, date of birth, and sex.
|
||||
|
||||
Obviously, being able to identify individuals based on publicly available data is a huge privacy issue.
|
||||
|
||||
## History
|
||||
|
||||
### Before Differential Privacy
|
||||
|
||||
Being able to collect aggregate data is essential for research. It's what the U.S. Census does every 10 years.
|
||||
|
||||
Usually we're more interested in the data as a whole and not data of individual people as it can show trends and overall patterns in groups of people. However, in order to get that data we must collect it from individuals.
|
||||
|
||||
It was thought at first that simply [removing names and other obviously identifying details](https://simons.berkeley.edu/news/differential-privacy-issues-policymakers#:~:text=Prior%20to%20the%20line%20of%20research%20that%20led%20to%20differential%20privacy%2C%20it%20was%20widely%20believed%20that%20anonymizing%20data%20was%20a%20relatively%20straightforward%20and%20sufficient%20solution%20to%20the%20privacy%20challenge.%20Statistical%20aggregates%20could%20be%20released%2C%20many%20people%20thought%2C%20without%20revealing%20underlying%20personally%20identifiable%20data.%20Data%20sets%20could%20be%20released%20to%20researchers%20scrubbed%20of%20names%2C%20but%20otherwise%20with%20rich%20individual%20information%2C%20and%20were%20thought%20to%20have%20been%20anonymized.) from the data was enough to prevent re-identification, but [Latanya Sweeney](https://latanyasweeney.org/JLME.pdf) (a name that will pop up a few more times) proved in 1997 that even without names, a significant portion of individuals can be re-identified from a dataset by cross-referencing external data.
|
||||
|
||||
Previous attempts at anonymizing data have relied on been highly vulnerable to re-identification attacks.
|
||||
|
||||
#### AOL Search Log Release
|
||||
|
||||
A famous example is the AOL search log release. AOL had been logging its users searches for research purposes. When they released the data, they only replaced the users' real names with an identifier. Researchers were able to identify [user 4417749](https://archive.nytimes.com/www.nytimes.com/learning/teachers/featured_articles/20060810thursday.html) as Thelma Arnold based on the identifying details of her searches.
|
||||
|
||||
#### Strava Heatmap Incident
|
||||
|
||||
In 2018, the fitness app Strava announced a major update to its heatmap, showing the the workout patterns of users of fitness trackers like Fitbit.
|
||||
|
||||
Analyst [Nathan Ruser](https://x.com/Nrg8000/status/957318498102865920) indicated that these patterns can reveal military bases and troop movement patterns. This is obviously a huge op-sec problem and can endanger the lives of troops.
|
||||
|
||||
It was also possible to [deanonymize](https://steveloughran.blogspot.com/2018/01/advanced-denanonymization-through-strava.html) individual users in some circumstances.
|
||||
|
||||
#### Randomized Response
|
||||
|
||||
One of the earliest ideas for anonymizing data was [randomized response](https://uvammm.github.io/docs/randomizedresponse.pdf), first introduced all the way back in 1965 in a paper by Stanley L. Warner. The idea behind it is quite clever.
|
||||
|
||||
For certain questions like "have you committed tax fraud?" respondents will likely be hesitant to answer truthfully. The solution? Have the respondent flip a coin. If the coin is tails, answer yes. If the coin lands on heads, answer truthfully.
|
||||
|
||||
| Respondent | Answer | Coin Flip (not included in the actual dataset just here for illustration) |
|
||||
| --- | --- | --- |
|
||||
| 1 | Yes | Tails (Answer Yes) |
|
||||
| 2 | No | Heads (Answer Truthfully) |
|
||||
| 3 | Yes | Tails (Answer Yes) |
|
||||
| 4 | Yes | Tails (Answer Yes) |
|
||||
| 5| No | Heads (Answer Truthfully) |
|
||||
|
||||
Because we know the exact probability that a "Yes" answer is fake, 50%, we can remove it and give a rough estimate of how many respondents answered "Yes" truthfully.
|
||||
|
||||
Randomized Response would lay the groundwork for differential privacy, but it wouldn't truly be realized for many decades.
|
||||
|
||||
#### Unrelated Question Randomized Response
|
||||
|
||||
A variation used later in a [paper](https://www.jstor.org/stable/2283636) by Greenberg et al. called **unrelated question randomized response** would present each respondent with either a sensitive question or a banal question like "is your birthday in January?" to increase the likelihood of people answering honestly, since the researcher doesn't know which question was asked.
|
||||
|
||||
| Respondent | Question (not visible to researcher) | Answer |
|
||||
| --- | --- | --- |
|
||||
| 1 | Have you ever committed tax evasion? | No |
|
||||
| 2 | Is your birthday in January? | Yes |
|
||||
| 3 | Is your birthday in January? | No |
|
||||
| 4 | Have you ever committed tax evasion? | Yes |
|
||||
| 5 | Have you ever committed tax evasion? | No |
|
||||
|
||||
#### k-Anonymity
|
||||
|
||||
Latanya Sweeney and Pierangela Samarati introduced [k-anonymity](https://dataprivacylab.org/dataprivacy/projects/kanonymity/paper3.pdf) to the world back in 1998.
|
||||
|
||||
It's interesting that even all the way back in 1998 concerns constant data collection were already relevant.
|
||||
|
||||
> Most actions in daily life are recorded on some computer somewhere. That information in turn is often shared, exchanged, and sold. Many people may not care that the local grocer keeps track of which items they purchase, but shared information can be quite sensitive or damaging to individuals and organizations. Improper disclosure of medical information, financial information or matters of national security can have alarming ramifications, and many abuses have been cited.
|
||||
|
||||
In a dataset, you might have removed names and other obviously identifying information, but there might be other data such as birthday, ZIP code, etc., that might be unique to one person in the dataset. If someone were to cross-reference this data with outside data, it could be possible to deanonymize individuals.
|
||||
|
||||
k-anonymity means that for each row, at least k-1 other rows are identical. So for a k of 2, at least one other row is identical to each row.
|
||||
|
||||
##### Generalization
|
||||
|
||||
This is achieved through a few techniques, one of which is generalization. Generalization is reducing the precision of data so that it's not as unique.
|
||||
|
||||
For example, instead of recording an exact age, you might give a range like 20-30. You've probably noticed this on surveys you've taken before. Data like this that's not directly identifiable but could be used to re-identify someone is referred to as *quasi-identifiers*.
|
||||
|
||||
##### Suppression
|
||||
|
||||
Sometimes even with generalization, you might have outliers that don't satisfy the k-anonymity requirements.
|
||||
|
||||
In these cases, you can simply remove the row entirely.
|
||||
|
||||
##### Attacks on k-Anonymity
|
||||
|
||||
k-anonymity has been [demonstrated](https://www.usenix.org/system/files/sec22-cohen.pdf) to not prevent re-identification of individuals despite the data in a dataset being properly k-anonymized by "statistical experts".
|
||||
|
||||
Researchers were able to deanonymize 3 students from a k-anonymized dataset from Harvard and MIT's EdX platform by cross-referencing data from LinkedIn, putting potentially thousands of students at risk of re-identification.
|
||||
|
||||
### Dawn of Differential Privacy
|
||||
|
||||
Most of the concepts I write about seem to come from the 70s and 80s, but differential privacy is a relatively new concept. It was first introduced in a paper from 2006 called [*Calibrating Noise to Sensitivity in Private Data Analysis*](https://desfontain.es/PDFs/PhD/CalibratingNoiseToSensitivityInPrivateDataAnalysis.pdf).
|
||||
|
||||
The paper introduces the idea of adding noise to data to achieve privacy, similar to randomized response. However, differential privacy is much more mathematically rigorous and provable.
|
||||
|
||||
Of course, adding noise to the dataset reduces its accuracy. Ɛ defines the amount of noise added to the dataset, with a small Ɛ meaning more privacy but less accurate data and vice versa. It's also referred to as the "privacy loss parameter" or "privacy budget".
|
||||
|
||||
#### Central Differential Privacy
|
||||
|
||||
This early form of differential privacy relied on adding noise to the data *after* it was already collected, meaning you still have to trust a central authority with the raw data.
|
||||
|
||||
## Google RAPPOR
|
||||
|
||||
In 2014, Google introduced [Randomized Aggregatable Privacy-Preserving Ordinal Response](https://arxiv.org/pdf/1407.6981) (RAPPOR), their [open source](https://github.com/google/rappor) implementation of differential privacy.
|
||||
|
||||
Google RAPPOR implements and builds on previous techniques such as randomized response and adds significant improvements on top.
|
||||
|
||||
### Local Differential Privacy
|
||||
|
||||
In Google's implementation, noise is added to data on-device before it's sent off to any server. This removes the need to trust the central authority to handle your raw data, an important step in achieving truly anonymous data collection.
|
||||
|
||||
### Bloom Filters
|
||||
|
||||
Google RAPPOR makes use of a clever technique called bloom filters that saves space and improves privacy.
|
||||
|
||||
Bloom filters work by starting out with an array of all 0's
|
||||
|
||||
`[0, 0, 0, 0, 0, 0, 0, 0, 0]`
|
||||
|
||||
Then, you run data such as the word "apple" through a hashing algorithm, which will give 1's in specific positions, say position 1, 3, and 5.
|
||||
|
||||
`[0, 1, 0, 1, 0, 1, 0, 0, 0]`
|
||||
|
||||
When you want to check if data is present, you run the data through the hashing algorithm and check if the corresponding positions are 1's. If they are, the data *might* be present (other data might have flipped those same bits at some point). If any of the 1's are 0's, then you know for sure that the data is not in the set.
|
||||
|
||||
### Permanent Randomized Response
|
||||
|
||||
A randomization step is performed flipping some of the bits randomly. This response is then "memoized" so that the same random values are used for future reporting. This protects against an "averaging" attack where an attacker sees multiple responses from the same user and can eventually recover the real value by averaging them out over time.
|
||||
|
||||
### Instantaneous Randomized Response
|
||||
|
||||
On top of the permanent randomized data, another randomization step is performed. This time, different randomness is added on top of the permanent randomness so that every response sent is unique. This prevents an attacker from determining a user from seeing the same randomized pattern over and over again.
|
||||
|
||||
Both the permanent and instantaneous randomized response steps can be fine-tuned to for the desired privacy.
|
||||
|
||||
### Chrome
|
||||
|
||||
Google first used differential privacy in their Chrome browser for detection of [malware](https://blog.chromium.org/2014/10/learning-statistics-with-privacy-aided.html).
|
||||
|
||||
Differential privacy is also used in Google's [Privacy Sandbox](https://privacysandbox.google.com/private-advertising/aggregation-service/privacy-protection-report-strategy).
|
||||
|
||||
### Maps
|
||||
|
||||
Google Maps uses DP for its [place busyness](https://safety.google/privacy/data/#:~:text=To%20offer%20features%20like%20place%20busyness%20in%20Maps%2C%20we%20apply%20an%20advanced%20anonymization%20technology%20called%20differential%20privacy%20that%20adds%20noise%20to%20your%20information%20so%20it%20can%E2%80%99t%20be%20used%20to%20personally%20identify%20you.) feature, allowing Maps to show you how busy an area is without revealing the movements of individual people.
|
||||
|
||||
### Google Fi
|
||||
|
||||
[Google Fi](https://opensource.googleblog.com/2019/09/enabling-developers-and-organizations.html) uses differential privacy as well to improve the service.
|
||||
|
||||
## OpenDP
|
||||
|
||||
[OpenDP](https://opendp.org) is a community effort to build open source and trustworthy tools for differential privacy. Their members consist of academics from prestigious universities like Harvard and employees at companies like Microsoft.
|
||||
|
||||
There's been an effort from everyone to make differential privacy implementations open source, which is a breath of fresh air from companies that typically stick to closed source for their products.
|
||||
|
||||
## Apple
|
||||
|
||||
[Apple](https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) uses local differential privacy for much of its services, similar to what Google does. They add noise before sending any data off device, enabling them to collect aggregate data without harming the privacy of any individual user.
|
||||
|
||||
They limit the number of contributions any one user can make via a *privacy budget* (this is the same as Ɛ) so you won't have to worry about your own contributions being averaged out over time and revealing your own trends.
|
||||
|
||||
This allows them to find new words that people use that aren't included by default in the dictionary, or find which emojis are the most popular.
|
||||
|
||||
Some of the things they use differential privacy for include
|
||||
|
||||
- QuickType suggestions
|
||||
- Emoji suggestions
|
||||
- Lookup Hints
|
||||
- Safari Energy Draining Domains
|
||||
- Safari Autoplay Intent Detection
|
||||
- Safari Crashing Domains
|
||||
- Health Type Usage
|
||||
|
||||
That's just based on their initial white paper, they've likely increased their use of DP since then.
|
||||
|
||||
### Sketch Matrix
|
||||
|
||||
Apple uses a similar method to Google, with a matrix initialized with all zeros. The input for the matrix is encoded with the SHA-256 hashing algorithm, and then bits are flipped randomly at a probability dependent on the epsilon value.
|
||||
|
||||
Apple only sends a random row from this matrix instead of the entire thing in order to stay within their privacy budget.
|
||||
|
||||
### See What's Sent
|
||||
|
||||
You can see data sent with differential privacy in iOS under Settings > Privacy > Analytics > Analytics Data, it will begin with `DifferentialPrivacy`. On macOS, you can see these logs in the Console.
|
||||
|
||||
## U.S. Census
|
||||
|
||||
Differential privacy isn't just used by big corporations, in 2020 famously the U.S. Census used DP to protect the data of U.S. citizens for the first time.
|
||||
|
||||
As a massive collection of data from numerous U.S. citizens, it's important for the census bureau to protect the privacy of census participants while still preserving the overall aggregate data.
|
||||
|
||||
### Impetus
|
||||
|
||||
Since the 90s, the U.S. Census used a less formal injection of statistical noise into their data, which they did all the way through 2010.
|
||||
|
||||
After the 2010 census, the bureau tried to [re-identify individuals](https://www2.census.gov/library/publications/decennial/2020/census-briefs/c2020br-03.pdf) in the census data.
|
||||
|
||||
>The experiment resulted in reconstruction of a dataset of more than 300 million individuals. The Census Bureau then used that dataset to match the reconstructed records to four commercially available data sources, to attempt to identify the age, sex, race, and Hispanic origin of people in more than six million blocks in the 2010 Census.
|
||||
|
||||
Considering 309 million people lived in the U.S. in 2010, that's a devastating breach of personal privacy. Clearly more formal frameworks for protecting the privacy of individuals were needed.
|
||||
|
||||
>Nationwide, roughly 150 million individuals—almost one-half of the population, have a unique combination of sex and single year of age at the block level.
|
||||
|
||||
They could keep adding noise until these attacks are impossible, but that would make the data nigh unusable. Instead, differential privacy offers a mathematically rigorous method to protect the data from future re-identification attacks without ruining the data by adding too much noise. They can be sure thanks to the mathematical guarantees of DP.
|
||||
|
||||
## DPrio
|
||||
|
||||
Mozilla has been constantly working to make their telemetry more private over the years. Firefox uses [Prio](https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/), a [Distributed Aggregation Protocol](https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap)-based telemetry system. It uses Multi-Party Computation to split the processing of user data between multiple parties.
|
||||
|
||||
To accomplish this, [Mozilla](https://blog.mozilla.org/en/firefox/partnership-ohttp-prio/) partnered with [Divvi Up](https://divviup.org/blog/divvi-up-in-firefox/) as their DAP provider, and [Fastly](https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade) as their OHTTP provider. OHTTP acts as a multi-hop proxy to separate traffic between two parties when making a connection: neither Mozilla nor Fastly will know both who you are and what you're connecting to.
|
||||
|
||||
In 2023 researchers from Mozilla also conducted research into making Prio differentially private. The so-named "[DPrio](https://petsymposium.org/popets/2023/popets-2023-0086.pdf)" would combine multi-party computation, OHTTP, and differential privacy in a very impressive display of privacy protection. Unfortunately I couldn't find any evidence to suggest that DPrio has been implemented, but something to keep a lookout for in the future.
|
||||
|
||||
## Future of Differential Privacy
|
||||
|
||||
Differential privacy unlocks the potential for data collection with minimal risk of data exposure for any individual. Already, DP has allowed for software developers to improve their software, for new possibilities in research in the health sector and in government organizations.
|
||||
|
||||
Adoption of scientifically and mathematically rigorous methods of data collection allows for organizations to collect aggregate data will allow for increased public trust in organizations and subsequently greater potential for research that will result in improvements to our everyday lives.
|
||||
|
||||
I think for there to be more public trust there needs to be a bigger public outreach. That's my goal with this series, I'm hoping to at least increase awareness of some of the technology being deployed to protect your data, especially since so much of the news we hear is negative. Armed with the knowledge of what's available, we can also demand companies and organizations use these tools if they aren't already.
|
||||
|
||||
It's heartening to see the level of openness and collaboration in the research. You can see a clear improvement over time as each paper takes the previous research and builds on it. I wish we saw the same attitude with all software.
|
||||
|
||||
## Further Research
|
||||
|
||||
Any programmers interested in learning how to implement differential privacy can check out the book *[Programming Differential Privacy](https://programming-dp.com)* to see Python examples.
|
||||
@@ -14,7 +14,6 @@ preview:
|
||||
# The Power of Digital Provenance in the Age of AI
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Kseniya Lapteva / Pexels | Logo: Content Credentials</small>
|
||||
|
||||
With the popularity of generative AI, it's becoming more and more difficult to [distinguish](https://uwaterloo.ca/news/media/can-you-tell-ai-generated-people-real-ones) reality from fiction. Can this problem be solved using cryptography? What are the privacy implications of the currently proposed systems?<!-- more -->
|
||||
|
||||
@@ -0,0 +1,285 @@
|
||||
---
|
||||
title: "Email Security: Where We Are and What the Future Holds"
|
||||
date:
|
||||
created: 2025-11-15T22:45:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Email
|
||||
license: BY-SA
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. But is it really a good idea to still be relying on the same decades old techology? What can we do about replacing it?
|
||||
preview:
|
||||
cover: blog/assets/images/email-security/cover.png
|
||||
---
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: fria / Privacy Guides</small>
|
||||
|
||||
Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. What was originally just a simple protocol to send messages between machines has morphed beyond what it was originally intended for into the *de facto* authentication, identity, and "secure" communication channel for almost all technology users today. It's been updated many times to fix security issues and there are more updates to come, but is it worth trying to fix a decades-old protocol, or should we scrap it all and start over?<!-- more -->
|
||||
|
||||
## Current State of Email Security
|
||||
|
||||
The [**Simple Mail Transport Protocol (SMTP)**](https://www.rfc-editor.org/rfc/rfc5321.html) is the standard used to send emails.
|
||||
|
||||
Over the years, multiple protocols have been introduced to fix security issues and improve the usability of email, resulting in a complex mess that we're still feeling the consequences of to this day.
|
||||
|
||||
### Encryption
|
||||
|
||||
By default, there's no encryption in SMTP. Not transport encryption or end-to-end encryption, it's just a plaintext protocol.
|
||||
|
||||
To remedy this, several solutions have been created.
|
||||
|
||||
#### STARTTLS
|
||||
|
||||
[STARTTLS](https://www.rfc-editor.org/rfc/rfc3207) is a command that allows email clients to negotiate TLS encryption. Importantly, the negotiation phase happens in plaintext which leaves it vulnerable to attackers.
|
||||
|
||||
STARTTLS allows a bit more flexibility at the cost of some security. Since you don't really know if the recipient's email client supports TLS or not, it allows you to continue with the SMTP session anyway if you want to.
|
||||
|
||||
Since it's just using TLS, STARTTLS can't provide E2EE, just transport encryption. The encryption looks something like:
|
||||
|
||||
Encrypted between your email client and your SMTP server → decrypted at your SMTP server → Encrypted between your SMTP server and recipient's SMTP server → decrypted at recipient's SMTP server → encrypted between their SMTP server and their POP3/IMAP server → decrypted at their POP3/IMAP server → encrypted between their POP3/IMAP server and their email client → decrypted by their email client.
|
||||
|
||||
``` mermaid
|
||||
flowchart LR
|
||||
A[Email Client] -->|Optional TLS Encryption| B(SMTP Server)
|
||||
B --> |Optional TLS Encryption| C(Other SMTP Server)
|
||||
C -->|Optional TLS Encryption| D[POP3 or IMAP Server]
|
||||
D -->|Optional TLS Encryption| F[Other Party's Email Client]
|
||||
```
|
||||
|
||||
At each point in the process TLS encryption is not guaranteed. Now consider that you can have multiple recipients with their own SMTP servers as well, and you start to see how flimsy this protection can be. And since the initial negotiation is in plaintext, an attacker can simply strip away the STARTTLS command, preventing a secure connection from being established.
|
||||
|
||||
Authentication is left to another protocol to solve, this just handles the transport encryption.
|
||||
|
||||
#### SMTPS
|
||||
|
||||
Also known as "Implicit TLS" (as opposed to the "Explicit TLS" of STARTTLS), SMTPS starts with an encrypted connection, similar to HTTPS, removing the potential for an adversary to downgrade the connection.
|
||||
|
||||
The [current](https://datatracker.ietf.org/doc/html/rfc8314) recommendations are to use port 465 for SMTPS and port 587 for STARTTLS. Unfortunately, these ports aren't standardized and thus there is disagreement and confusion about what port should be used for SMTPS.
|
||||
|
||||
In the past, ports 25, 465, 587, and 2525 have all been used for SMTP at various points. This lack of a standardized port means that you end up with services using different ports and being unable to establish a secure connection. Particularly, there is still confusion in some email providers whether to use port 465 or port 587 for SMTPS, although the current recommendation is port 465.
|
||||
|
||||
#### POP3S
|
||||
|
||||
[Post Office Protocol version 3](https://en.wikipedia.org/wiki/Post_Office_Protocol) or POP3 is a protocol for retrieving mail from a mail server. It's one of the ways your email client can show you your mail.
|
||||
|
||||
POP3 also supports implicit TLS over port 995, so it can be encrypted by default as well.
|
||||
|
||||
#### IMAPS
|
||||
|
||||
[Internet Message Access Protocol](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) or IMAP is another protocol for retrieving mail from a mail server.
|
||||
|
||||
Like SMTPS and POP3s, IMAP supports implicit TLS. The implicit TLS port is 993.
|
||||
|
||||
#### OpenPGP
|
||||
|
||||
The above features only protect the email in transit and don't protect against the email providers involved, which is a massive security issue if you don't trust your email provider. On top of that, you as a user have no control over which parts of the chain are encrypted. If you want to be sure that no party in between you and your recipient can read or alter your emails, you need to use end-to-end encryption. Unfortunately, by default, email doesn't support end-to-end encryption.
|
||||
|
||||
[Pretty Good Privacy (PGP)](https://www.openpgp.org/about/) was originally created in 1997 by [Phil Zimmerman](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/). While originally proprietary software, an open source version of PGP called OpenPGP has been standardized by the [IETF](https://www.rfc-editor.org/rfc/rfc9580.html). As you can imagine from software originally conceived in the 90s, the user experience isn't the smoothest.
|
||||
|
||||
Unlike modern messengers like [Signal](https://signal.org), OpenPGP requires you to [manually manage your keys](https://dev.to/adityabhuyan/how-to-generate-your-own-public-and-secret-keys-for-pgp-encryption-1joh). This is a problem not only because it's cumbersome, but the security of E2EE rests on protecting the private key. If the private key is compromised, your messages are compromised.
|
||||
|
||||
PGP also lacks [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), meaning that if your private key is ever exposed, all previous messages you've ever sent using that key are also exposed. All it takes is a slight user error for a catastrophic compromise.
|
||||
|
||||
PGP encryption also usually doesn't encrypt important metadata like `To`, `From`, `Cc`, `Date`, and `Subject`, stored in the [email header](https://en.wikipedia.org/wiki/Email#Message_header); usually, only the body of the email is encrypted, which can be a major privacy issue. What the email is about, who you are, and who you're messaging can all be revealed even with E2EE. Some email clients use their hidden headers that can reveal more data about you.
|
||||
|
||||
#### S/MIME
|
||||
|
||||
Another common option for email encryption is [S/MIME](https://www.digicert.com/faq/email-trust/what-is-smime-or-encrypted-email), or Secure/Multipurpose Internet Mail Extensions. S/MIME works a bit like HTTPS, using [X.509 digital certificates](https://www.ssl.com/faqs/what-is-an-x-509-certificate/) and [certificate authorities](https://www.digicert.com/blog/what-is-a-certificate-authority) to encrypt and verify the authenticity of emails.
|
||||
|
||||
While a step up from the manual keys of PGP, S/MIME is still a pain to use, particularly because it usually requires purchasing and managing a certificate from a CA, which can be expensive and annoying. S/MIME also lacks forward secrecy just like PGP, so if there's ever a compromise of your private key, all previously sent messages are also compromised.
|
||||
|
||||
These issues make S/MIME nonviable for most people outside business settings.
|
||||
|
||||
#### Web Key Directory
|
||||
|
||||
A problem with PGP is getting your public key out to people without manually exchanging keys. This problem can be solved with Web Key Directory (WKD), which allows you to upload your public PGP key to a server and clients that want to send E2EE emails to you can ask that server to send you their public key.
|
||||
|
||||
You can read more on our [email security](https://www.privacyguides.org/en/basics/email-security/?h=email#what-is-the-web-key-directory-standard) page.
|
||||
|
||||
### Authentication
|
||||
|
||||
SMTP by default essentially has no authentication and allows spoofing the `MAIL FROM` header. Your email client will just blindly accept whoever the sender says they are without any authentication. Luckily, there are several solutions for this.
|
||||
|
||||
There are multiple methods that email providers can implement to verify the authenticity of an email sender.
|
||||
|
||||
#### SPF
|
||||
|
||||
The first solution implemented was [Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208). SPF uses [DNS TXT records](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/).
|
||||
|
||||
Just like the name sounds, a DNS TXT record allows you to store text in a [DNS record](https://www.cloudflare.com/learning/dns/dns-records/). Here's an example of what a DNS TXT record might look like:
|
||||
|
||||
| example.com | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| @ | TXT | "color=blue" |99999|
|
||||
|
||||
SPF lists all the servers that are authorized to send from a specific domain. When an email is received, it checks the sending server against the list of authorized servers for that domain. An SPF record might look like this:
|
||||
|
||||
| example.com | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| @ | TXT | "v=spf1 ip4:200.56.78.99 ip4:156.67.109.43 include:_spf.google.com -all" |99999|
|
||||
|
||||
The IP addresses are the ones that are authorized to send email from this domain. The `include:` tag denotes what third-party domains are allowed to send email on behalf of `example.com`. The third-party SPF record will be checked and included in the allowed IP addresses.
|
||||
|
||||
While a good start, SPF still has several glaring weaknesses. Since it relies on DNS, an attack on the DNS infrastructure could cause spoofed DNS data to be accepted.
|
||||
|
||||
Since SPF doesn't authenticate individual users, it's still possible for a sender to impersonate another user. SPF does not authenticate the `MAIL FROM` header. If you try to send an email from a gmail.com domain, but the server doesn't match gmail.com, it will fail.
|
||||
|
||||
SPF has a few different modes, allowing for a hard fail, soft fail, or completely ignoring it. `-all` means an email that fails will be rejected, `~all` will mark emails that fail as insecure or spam but still send them, and `+all` will specify that any server is allowed to send emails on behalf of your domain.
|
||||
|
||||
This flexibility, while convenient, allows for the security benefits of SPF to be completely undermined.
|
||||
|
||||
#### DKIM
|
||||
|
||||
[DomainKeys Identified Mail (DKIM)](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/) relies on public key cryptography to verify the domain of an email.
|
||||
|
||||
Example of a DKIM DNS TXT record:
|
||||
|
||||
| name | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| test-email._domainkey.example.com | TXT | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY+7sGVwvyS8w+3HgJk7EviazH+C4L8gV4gOJzAq9oKJjZ5En7LDEw3FqAh8C0M59c9sBQcC+Kj8VxMBY9y+E0Pm1fPK9V7sI3Gm7yE7Y9yU4uVZr8R3N+5z+qZ+7V76RU4oZ0mtSvw8m3pX1hZyHd7NZfXaFfKfgd18W5T7YQIDAQAB" | 9999 |
|
||||
|
||||
DKIM records are stored under a specific name following the format
|
||||
|
||||
`[selector]_domainkey.[domain]`
|
||||
|
||||
The public and private keys are generated by the email provider, such as gmail.com. The public key is stored in a publicly available DNS TXT record like the one seen above and is used by the receiver to verify messages. The private key is kept secret by the email provider.
|
||||
|
||||
Emails sent from the email provider contain a DKIM header with a signature generated from the private key and the content of the message. If the email message is altered or signed with the wrong key, when the receiver verifies the signature using the public key it will be obvious it was altered.
|
||||
|
||||
An example of a DKIM header:
|
||||
|
||||
`v=1; a=rsa-sha256; d=example.com; s=test-email; h=from:to:subject bh=uMixy0BsCqhbru4fqPZQdeZY5Pq865sNAnOAxNgUS0s=;b=LiIvJeRyqMo0gngiCygwpiKphJjYezb5kXBKCNj8DqRVcCk7obK6OUg4o+EufEbBtRYQfQhgIkx5m70IqA6dP+DBZUcsJyS9C+vm2xRK7qyHi2hUFpYS5pkeiNVoQk/Wk4wZG4tu/g+OA49mS7VX+64FXr79MPwOMRRmJ3lNwJU=`
|
||||
|
||||
`v=` shows the version of DKIM, currently version one is the latest (we'll come back to that later). `a=` shows the algorithm used. `d=` shows the domain of the sender. `s=` denotes the selector that is used in the TXT record. `h=` shows the headers that were used to create the signature. `bh=` shows a hash of the body of the email. `b=` is the signature computed from the listed headers and the hash of the body listed in `bh`.
|
||||
|
||||
In this way, not only does DKIM provide assurance that the email was sent from the correct domain, it also protects the integrity of the message. However, since the keys are controlled by your email provider, it can't stop your email provider from tampering with your messages.
|
||||
|
||||
Note also that this has nothing to do with encryption of the message, only verifying the authenticity and sender. The message is still sent in plaintext unless another component encrypts it.
|
||||
|
||||
#### DMARC
|
||||
|
||||
[Domain-based Message Authentication Reporting and Conformance (DMARC)](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/) is an authentication method that builds on SPF and DKIM. DMARC tells a receiving email server what to do after checking the SPF and DKIM. If the email fails, the DMARC policy tells the receiver whether to mark it as spam, block it, or allow it through.
|
||||
|
||||
DMARC also uses TXT records. An example DMARC policy might look like
|
||||
|
||||
`v=DMARC1; p=quarantine; adkim=s; aspf=s;`
|
||||
|
||||
The `v=` shows the version of DMARC to use. The `p=` shows what should be done with emails if they fail, in this case `quarantine` means the receiver should put the email in the user's spam folder. `reject` can be specified as well to show that emails that fail should be outright blocked. `adkim=` tells how DKIM should be enforced, with `s` meaning "strict"; for relaxed, `r` is listed instead. Ditto for `aspf=`.
|
||||
|
||||
#### DNSSEC
|
||||
|
||||
You may have noticed that all of these authentication methods rely on DNS. Unfortunately, DNS wasn't designed to be secure when it was invented in the 1980s. Ironically, there's no authentication built into DNS by default, so by attacking DNS, a malicious actor can [poison](https://www.cloudflare.com/learning/dns/dns-cache-poisoning/) your DNS cache with false information.
|
||||
|
||||
[Researchers at CMU in 2014](https://www.sei.cmu.edu/blog/probable-cache-poisoning-of-mail-handling-domains/) found that emails that were supposedly to be sent by Gmail, Yahoo!, and Outlook.com were actually being sent by a rogue email server. This is disastrous for security and breaks the entire email authentication system. There are many such cases of attacks on DNS infrastructure and many more [possible attacks](https://www.akamai.com/glossary/what-are-dns-attack-vectors) on DNS.
|
||||
|
||||
The solution? [DNSSEC](https://www.cloudflare.com/learning/dns/dnssec/how-dnssec-works/). DNSSEC uses digital signatures to verify the authenticity of the DNS response. Unfortunately, DNSSEC isn't as widely used as it could be so DNS attacks are still a real threat.
|
||||
|
||||
DNSSEC forms a [chain of trust](https://en.wikipedia.org/wiki/Chain_of_trust), with each zone forming a parent/child relationship all the way up to the [root zone](https://www.cloudflare.com/learning/dns/glossary/dns-root-server/).
|
||||
|
||||
The public key infrastructure (PKI) that we rely on for things like HTTPS in browsers similarly relies on a chain of trust, but web PKI relies on many trusted entities whereas DNSSEC effectively reduces it to one: the IANA which signs the root zone key in a [root signing ceremony](https://www.cloudflare.com/learning/dns/dnssec/root-signing-ceremony/).
|
||||
|
||||
Effectively, DNSSEC is designed so that you can be sure the results of a DNS query are accurate.
|
||||
|
||||
#### DANE
|
||||
|
||||
DNS-Based Authentication of Named Entities or DANE applies the security of DNSSEC to email. It forces TLS to be used and binds the TLS certificate to DNS names directly using TLSA, thus allowing email providers to bypass the certificate authority system relied on by HTTPS.
|
||||
|
||||
#### MTA-STS
|
||||
|
||||
[MTA-STS](https://www.mailhardener.com/kb/mta-sts) or Mail Transfer Agent Strict Transport Security is a way to force TLS connections for email and validate that the DNS is correct. Instead of DNSSEC, MTA-STS relies on HTTPS and the web PKI to validate DNS. It's not stored as a DNS record but instead an HTTPS server that serves the file.
|
||||
|
||||
You can think of MTA-STS like HSTS, HTML Strict Transport Security, which forces the use of TLS for websites. It's the same principal, just applied to email.
|
||||
|
||||
The extra reliance on web PKI introduces more trust than with DNSSEC, but it's easier to implement and relies on the already-established infrastructure of the internet.
|
||||
|
||||
Both DANE and MTA-STS can be used together for a multilayered approach to email security.
|
||||
|
||||
### General Security
|
||||
|
||||
#### Email as a Backdoor into Your Accounts
|
||||
|
||||
Something seldom discussed is the fact that email is the default 2FA method for most accounts and also can be used to bypass your password through the password reset function on the login screen of most services. This essentially means the security of all of your accounts rests on the security of your email, which can be very shaky and lacks E2EE usually. It's most comparable to SMS 2FA which is also used a lot of the time as a method for getting into accounts when you forgot your password.
|
||||
|
||||
I touched on this a bit in my [passkey article](toward-a-passwordless-future.md), but we need to stop relying on email for security critical applications and start using proper recovery methods like recovery codes. Email should be used for what it's intended for: sending messages and updates to people, announcements, etc.
|
||||
|
||||
#### Third-Party Clients
|
||||
|
||||
Many email providers such as Gmail provide their own clients for you to view your inbox, send messages, etc. But many people choose to use third-party clients for their email needs.
|
||||
|
||||
While it's great that email can support that, it does mean you need to trust another party with your sensitive email and essentially the security of all of your accounts. Not to mention that email clients can have [vulnerabilities](https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/), so you need to be very careful about which one you trust.
|
||||
|
||||
#### Email Attack Surface
|
||||
|
||||
A big part of the reason email clients can be so vulnerable to exploits is the vast attack surface afforded by things like JavaScript support in emails. This puts email clients dangerously close to the same territory as browsers in terms of attack surface but without the same level of scrutiny or hardening effort that goes into browsers.
|
||||
|
||||
Since almost anyone can email you at any time, you have to trust that your email client vendor is able to protect you against [vulnerabilities](https://www.csoonline.com/article/1308164/microsoft-outlook-flaw-opens-door-to-1-click-remote-code-execution-attacks.html) and also has timely patches when they're found.
|
||||
|
||||
Luckily, lots of email clients let you disable JavaScript and HTML if you want, but not all do, and email clients can have lots of other vulnerabilities as well not related to JavaScript.
|
||||
|
||||
## Future of Email Security
|
||||
|
||||
It's been a multi-decade cross-industry effort to bring email up to snuff as a modern communication system, and we still have a long way to go. There's still efforts to improve the state of email security, so look out for these in the future.
|
||||
|
||||
### Improvements to OpenPGP
|
||||
|
||||
The IETF has a [working group](https://datatracker.ietf.org/wg/openpgp/about/) for OpenPGP that wants to add many improvements to OpenPGP, including post-quantum encryption, forward secrecy, and usability improvements.
|
||||
|
||||
Key transparency is also a planned feature, similar to what apps like [WhatsApp](https://scontent.xx.fbcdn.net/v/t39.8562-6/379264560_846690136905658_6336040801441930900_n.pdf?_nc_cat=108&ccb=1-7&_nc_sid=e280be&_nc_ohc=gNmDlLkE0DMQ7kNvwEyKONi&_nc_oc=AdmucQjSjoTw2nXUszYeZNStyUHGqvM2pj3oRVV7qI4xmLEJMmY2pUV29WcOnKC1KpA&_nc_zt=14&_nc_ht=scontent.xx&_nc_gid=5lSqV7L5iCqeiMSQDCwN0w&oh=00_AfXoxrF8ukQtSVZM_BCBDbveIDviQPfn0kDEV8pSbxX1SQ&oe=68AB9400) have implemented. Key transparency systems use an append-only, auditable and tamper-evident log of keys that allows you to automatically verify the authenticity of whoever you're messaging with.
|
||||
|
||||
There's even a plan to add the ability to verify keys manually using QR codes, similar to how some messengers let you manually verify keys.
|
||||
|
||||
### Improvements to S/MIME
|
||||
|
||||
The [LAMPS](https://datatracker.ietf.org/wg/lamps/about/) working group is looking at adding post-quantum encryption to S/MIME to protect against future quantum computer threats. This would include "dual-signature" schemes combining traditional encryption with PG encryption, similar to how some messengers handle it.
|
||||
|
||||
### DKIM2
|
||||
|
||||
[DKIM2](https://www.ietf.org/archive/id/draft-gondwana-dkim2-motivation-00.html) is the planned next version of DKIM.
|
||||
|
||||
An issue with the current version of DKIM is a malicious actor taking emails signed with DKIM from a different domain and replaying them, spamming them out to thousands of people and eroding trust in the original domain. The new DKIM2 specification would force each hop the email takes along its path to sign it, so any issues will be the fault of the previous hop.
|
||||
|
||||
DKIM2 aims to simplify the protocol and make it more standardized. For example, in practice, the vast majority of DKIM is singed using relaxed methods, so DKIM2 will only support relaxed.
|
||||
|
||||
The fact that DKIM relies on an explicit list of headers as part of the signature, there is inconsistent signing of headers and some security-critical headers might not be signed. In order to prevent attackers from adding headers that weren't originally part of the email, providers would sign headers with no information in them. DKIM2 would specify a fixed set of headers in alignment with best practices, so there won't be a need to specify headers.
|
||||
|
||||
### DMARCbis
|
||||
|
||||
[DMARCbis](https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/) is a proposed updated version of DMARC.
|
||||
|
||||
The `pct` tag is going away, which was a tag that would only allow a specified percentage of emails, say 50%, to be sent if they failed. Apparently, this wasn't implemented properly so now it's being replaced with the `t` mode that is a binary pass or fail.
|
||||
|
||||
The new `np` tag adds the ability to define what to do with a non-existent subdomain of a real domain. This will prevent cybercriminals from subverting DMARC by using a fake subdomain.
|
||||
|
||||
They are also adding [requirements](https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-dmarcbis-41#name-conformance-requirements-fo) that mail providers must meet to fully conform to the specification, which should eliminate questions about best practices and how DMARC should be implemented.
|
||||
|
||||
### Deprecation of Cleartext Email
|
||||
|
||||
Since there are now protocols in place to at least allow for transport encryption at every stage of the email process, providers should work on [removing support](https://datatracker.ietf.org/doc/html/rfc8314#section-4.1) for unencrypted email entirely.
|
||||
|
||||
Transport encryption between servers now should be the minimum expected for email services going into the future.
|
||||
|
||||
### Passkeys
|
||||
|
||||
The adoption of [passkeys](https://fidoalliance.org/passkeys/) will eliminate the need for email as a recovery method, since users won't have to remember passwords. Email can be used for what it was originally intended for: a method of communication and sending updates and announcements, nothing more. This will take a concerted effort from service providers though, and it seems for now most services that support passkeys still require and email for some reason. Here's hoping this changes in the future.
|
||||
|
||||
The adoption of passkeys will also make email services themselves more secure, since at the moment they act as a sort of de facto recovery method for all of our accounts. They should focus on deprecating passwords for improved security.
|
||||
|
||||
### Wider Adoption of DNSSEC
|
||||
|
||||
DNSSEC should be universally adopted to prevent DNS poisoning attacks. This would drastically improve the security of email.
|
||||
|
||||
### Guidance for E2EE
|
||||
|
||||
The usability of E2EE in email is significantly lacking compared to other methods of communication, especially modern messengers like Signal that make the E2EE very seamless and simple. The handling of E2EE by email clients can also vary a lot and leave email users [vulnerable to bypasses](https://efail.de) for the E2EE.
|
||||
|
||||
An [RFC](https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html) to address usability issues and best practices for email clients exists, hopefully it can lead to a future of improved user experience and security in email.
|
||||
|
||||
### SMTP End-to-End Encryption
|
||||
|
||||
The biggest obstacle in the way of email privacy is it's not E2EE by default like most modern messengers we use daily. Some providers like Proton Mail will automatically encrypt emails between [Proton Mail](https://proton.me/support/manage-encryption#:~:text=Proton%20Mail%20encrypts%20all%20emails%20sent%20between%20Proton%20accounts%20with%20end%2Dto%2Dend%20encryption%20(E2EE)) users. The obvious next step is to build E2EE into SMTP itself.
|
||||
|
||||
An [RFC proposal](https://dcrubro.com/files/smtp-ee2esign-latest.txt) exists for just such an idea. I'm hopeful something like this can be standardized and widely adopted, and finally bring email into the 21st century.
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: Encryption is not a crime, encryption protects all of us. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
|
||||
description: Encryption is not a crime, encryption protects us all. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp
|
||||
|
||||
@@ -7,7 +7,7 @@ tags:
|
||||
- Pride Month
|
||||
authors:
|
||||
- em
|
||||
description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
|
||||
description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month, we discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp
|
||||
|
||||
@@ -8,7 +8,7 @@ tags:
|
||||
- Tor
|
||||
authors:
|
||||
- em
|
||||
description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
|
||||
description: You might have heard of Tor already, yet never dared to try it yourself. Despite being around for decades, too few people know about Tor. It isn't only a tool for journalists and activists, but for anyone seeking greater privacy online. What is Tor exactly? And how can Tor help you?
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/in-praise-of-tor/tor-cover.webp
|
||||
|
||||
@@ -8,7 +8,7 @@ categories:
|
||||
- Reviews
|
||||
authors:
|
||||
- em
|
||||
description: "If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. KeePassium offers some synchronization features, but keeps your password database offline by default. You choose who to trust to store your passwords, and you can change it whenever you want."
|
||||
description: If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. With KeePassium, you can keep your password database offline entirely, or choose whomever you trust to store it. You can also change this anytime.
|
||||
preview:
|
||||
logo: blog/assets/images/keepassium-review/keepassium.svg
|
||||
review:
|
||||
|
||||
@@ -66,7 +66,7 @@ All of these applications are optional. You can set up nearly any combination of
|
||||
| Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
|
||||
| Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
|
||||
| Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
|
||||
| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
|
||||
| Monero-LWS | A "**L**ight-**W**allet **S**erver" that allows "light-wallets" to send and receive Monero transactions. | Monero light-wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
|
||||
|
||||
## Configure TrueNAS Storage
|
||||
|
||||
|
||||
@@ -0,0 +1,157 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-15T17:30:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Privacy Enhancing Technologies
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Learn about Secure Multi-Party Computation and how it can be used to solve real-world privacy problems.
|
||||
preview:
|
||||
cover: blog/assets/images/multi-party-computation/cover.webp
|
||||
---
|
||||
# What is Multi-Party Computation?
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Jordan Warne / Privacy Guides</small>
|
||||
|
||||
We know how to secure data in storage using E2EE, but is it possible to ensure data privacy even while processing it server-side? This is the first in a [series](../tags.md/#tag:privacy-enhancing-technologies) of articles I'll be writing covering the privacy-enhancing technologies being rolled out.<!-- more -->
|
||||
|
||||
## History
|
||||
|
||||
In a seminal [paper](https://dspace.mit.edu/bitstream/handle/1721.1/148953/MIT-LCS-TM-125.pdf?sequence=1) called "Mental Poker" by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman from 1979, the researchers attempt to demonstrate a way of playing poker over a distance using only messages and still have it be a fair game.
|
||||
|
||||
To explain, fan favorites Alice and Bob will make a return. First, Bob encrypts all the cards with his key, then sends them to Alice. Alice picks five to deal back to Bob as his hand, then encrypts five with her own key and sends those to Bob as well. Bob removes his encryption from all ten cards and sends Alice's cards back to her.
|
||||
|
||||
<div style="position: relative; padding-top: 56.25%;"><iframe title="Mental Poker Animation" width="100%" height="100%" src="https://neat.tube/videos/embed/k5jMvrTPLx5VcgzNq3ej1B?title=0" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>
|
||||
|
||||
Notice that Bob needs to be able to remove his encryption *after* Alice has applied hers. This commutative property is important for the scheme to work.
|
||||
|
||||
This early scheme is highly specialized for this task and not applicable to different situations.
|
||||
|
||||
### Secure Two-Party Computation
|
||||
|
||||
Alice and Bob have struck it rich! They're both millionaires, but they want to be able to see who has more money without revealing exactly how much they have to each other.
|
||||
|
||||
Luckily, we can use **Multi-Party Computation** (**MPC**) to solve this "Millionaire's Problem," using a method invented by Andrew Yao called *garbled circuits*. Garbled circuits allow us to use MPC for any problem as long as it can be represented as a boolean circuit, i.e. a set of logic gates such as `AND` `OR` `XOR` etc.
|
||||
|
||||
### Garbled Circuits
|
||||
|
||||
We can split the two parties into an "Evaluator" and a "Generator". The Generator will be responsible for setting up the cryptography that'll be used, and the Evaluator will actually perform the computation.
|
||||
|
||||
We start by making the truth table for our inputs. In order to hide the values of the truth table, we assign each input a different label. Importantly, we need to assign a different label for each input, so 1 will not be represented by the same label for each. We also need to shuffle the order of the rows, so the values can't be inferred from that.
|
||||
|
||||
We can still tell what the value is based on knowing the type of logic gate. For example, an `AND` gate would only have one different output, so you could infer that output is 1 and the others are 0. To fix this, we can encrypt the rows using the input labels as keys, so only the correct output can be decrypted.
|
||||
|
||||
We still have a problem, though: how can the Evaluator put in their inputs? Asking for both labels would allow them to decrypt more than one output, and giving their input would break the whole point. The solution is something called "Oblivious Transfer".
|
||||
|
||||
The solution is for the Evaluator to generate two public keys, one of which they have the private key for. The Generator encrypts the two labels for the Evaluator's inputs using the provide public keys and sends them back. Since the Generator only has a private key for one of the labels, they will decrypt the one they want. The Generator puts the labels in order so that the Evaluator can choose which one they want to decrypt. This method relies on the Evaluator not to send multiple keys that can be decrypted. Because some trust is required, this protocol is considered "semi-honest".
|
||||
|
||||
There's a good explainer for Yao's garbled circuits [here](https://lcamel.github.io/MPC-Notes/story-en-US.html) if you're interested in a step-by-step walkthrough.
|
||||
|
||||
### Birth of Multi-Party Computation
|
||||
|
||||
Multi-Party Computation was solidified with the [research](https://dl.acm.org/doi/pdf/10.1145/28395.28420) of Oded Goldreich, Silvio Micali, and Avi Wigderson and the GMW paradigm (named after the researchers, similar to how RSA is named).
|
||||
|
||||
#### More Than Two Parties
|
||||
|
||||
Yao's protocol was limited to two parties. The GMW paradigm expanded the protocol to be able to handle any number of parties and can handle actively malicious actors as long as the majority are honest.
|
||||
|
||||
#### Secret Sharing
|
||||
|
||||
The GMW paradigm relies on secret sharing which is a method of splitting private information like a cryptographic key into multiple parts such that it will only reveal the secret if the shares are combined. The GMW protocol uses additive secret sharing, which is quite simple. You come up with a secret number, say 123, and you split it up into however many other numbers you want.
|
||||
|
||||
`99 + 24 = 123`
|
||||
|
||||
You distribute each number to a participant and add them all together to get the original secret. While simple, it doesn't play well with multiplication operations.
|
||||
|
||||
#### Zero-Knowledge Proofs
|
||||
|
||||
The GMW paradigm introduced protections against malicious adversaries, powered by zero-knowledge proofs (ZKP). ZKP allow one party to convince another party a statement is true without revealing any other information than the fact that the statement is true. The concept of ZKP was first introduced in a [paper](https://dl.acm.org/doi/pdf/10.1145/22145.22178) from 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff.
|
||||
|
||||
A humorous paper titled *[How to Explain Zero-Knowledge Protocols to Your Children](https://pages.cs.wisc.edu/~mkowalcz/628.pdf)* gives a storybook explanation of how they work (who says academic papers can't be fun?).
|
||||
|
||||
The main crux revolves around probability: if a party knows the proper way to get a result, they should be able to reliably get the correct answer.
|
||||
|
||||
To borrow the cave explanation, imagine Alice and Bob have taken up cave exploration. They've found a cave in the shape of a loop with a magic door connecting each entrance together and Alice claims to know how to open it. However, she doesn't want Bob to know the secret to open the door.
|
||||
|
||||
Alice, acting as the "Prover" goes into the cave. Bob, the "Verifier", stays outside and yells which side of the cave Alice should come out of. They repeat this many times. If Alice can reliably make it out of the correct side of the cave, then she must know how to open the magic door.
|
||||
|
||||
### BGW Protocol
|
||||
|
||||
While the GMW protocol was a huge leap forward for MPC, there were still huge limitations. The garbled circuit protocol is limited to boolean logic gates which makes implementing many different common operations much more difficult. It also requires communication for every single gate, which is highly inefficient.
|
||||
|
||||
The researchers Michael Ben-Or, Shafi Goldwassert, and Avi Wigderson in their paper *[Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation](https://dl.acm.org/doi/pdf/10.1145/62212.62213)* made several advancements in the efficiency and robustness of MPC, moving it closer to being practical to use in the real world.
|
||||
|
||||
#### Arithmetic Circuits
|
||||
|
||||
Instead of boolean circuits, the BGW protocol uses arithmetic circuits. These allow for easier mathematical operations like multiplication and addition instead of being limited to logic gates on individual bits. This makes a huge difference in the amount of communication between parties and thus the efficiency of the protocol.
|
||||
|
||||
#### Shamir's Secret Sharing
|
||||
|
||||
The BGW protocol utilizes [Shamir's Secret Sharing](https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf), which relies on polynomials instead of addition. This allows for more efficiency in multiplication and allows for setting a threshold where only a certain number of shares need to be present in order to reconstruct the secret.
|
||||
|
||||
#### Less Communication
|
||||
|
||||
The BGW protocol doesn't require as much communication between parties, partly thanks to its use of Shamir's secret sharing which works well with arithmetic operations.
|
||||
|
||||
Additionally, it doesn't require Oblivious Transfer or zero-knowledge proofs. Its use of Shamir's secret sharing and error correction codes instead provides the same properties in a more efficient way.
|
||||
|
||||
### Fairplay
|
||||
|
||||
The field was further advanced by the introduction of the [Fairplay](https://www.cs.huji.ac.il/w~noam/FairplayMP.pdf) system.
|
||||
|
||||
Up until this paper, MPC was limited to boolean circuits or arithmetic circuits: not exactly friendly if you're a programmer that's used to using higher level languages. Fairplay introduces a compiler, SFDL, which can compile higher level languages to boolean circuits and then securely computes the circuit.
|
||||
|
||||
Fairplay also brings some advancements in efficiency. It utilizes constant rounds, with a fixed 8 rounds, reducing the communication overhead. It also uses the free XOR technique so that encryption operations don't have to be performed on XOR gates, improving efficiency.
|
||||
|
||||
### Real-World Usage
|
||||
|
||||
As MPC saw gradual optimizations and improvements, it grew from an interesting thought experiment to something that could have real-world uses.
|
||||
|
||||
#### Danish Sugar Beet Auction
|
||||
|
||||
The first instance of MPC being used in a real-world scenario wouldn't occur until 2008.
|
||||
|
||||
Denmark's sugar beet industry faced a problem: with the EU significantly reducing its financial support for sugar beet production, they needed to figure out what price the thousands of sugar beet farmers were willing to sell at, and which price the company that bought all the sugar beets would be willing to buy them at, a so-called "double auction" where the buyer and seller figure out the **market clearing price**, or the price at which demand meets supply most effectively.
|
||||
|
||||
But who should be in charge of the auction? Farmers don't want to trust Danisco with their bids as it reveals information about each individual farmer's business. The farmers can't be in charge of it because they don't trust each other. They could use an external consulting firm, but then the entire operation would rely on that one firm's confidentiality and the reliability of their tools.
|
||||
|
||||
The [solution](https://a.storyblok.com/f/266767/x/e4c85ffa34/mpc-goes-live_whitepaper_2008-068.pdf) was to use a "virtual auctioneer" that relied on MPC to fairly carry the auction out.
|
||||
|
||||
It relied on three servers, with one representing each party: Danisco, DKS (the Danish sugar beet growers association), and The SIMAP project (Secure Information Management and Processing, a project sponsored by the Danish National Research Agency).
|
||||
|
||||
The solution was so successful that it was used every year until 2015 when it was no longer needed. A survey of the farmers found that the vast majority found the system simplified the process of trading contracts and that they were satisfied with the level of confidentiality it provided.
|
||||
|
||||
The first test run of MPC was a massive success and the potential was now proven.
|
||||
|
||||
#### The Boston Women's Workforce Council
|
||||
|
||||
In 2016, the [Boston Women's Workforce Council](https://www.boston.gov/sites/default/files/document-file-09-2017/bwwcr-2016-new-report.pdf) worked with 69 companies to investigate if women are paid the same as men.
|
||||
|
||||
Using MPC, the companies were able to process their data without revealing the actual wages of any employees. The wage data of 112,600 employees was collected, representing about 11% of the Greater Boston workforce.
|
||||
|
||||
You can read their detailed findings in the report, but they found that women were indeed being paid less than men: 77 cents for every dollar a man makes on average.
|
||||
|
||||
It was reported in 2023 that thanks to this data, the Boston Women's Workforce Council was able to reduce the wage gap by 30%.
|
||||
|
||||
#### Allegheny County
|
||||
|
||||
In 2018, Allegheny County Department of Human Services partnered with the [Bipartisan Policy Center](https://bipartisanpolicy.org/press-release/bpc-partners-with-allegheny-county-on-new-privacy-preserving-data-project/) to implement MPC, allowing for private and secure sharing of county data on services to the homeless, behavioral health services, causes and incidence of mortality, family interventions, and incarceration.
|
||||
|
||||
The experiment was considered a success, with a recommendation from the U.S. Commission on Evidence-Based Policymaking to further explore the use of MPC.
|
||||
|
||||
## MPC Today
|
||||
|
||||
Today, the [MPC Alliance](https://www.mpcalliance.org) represents a collective of companies that have come together to advance the use of MPC.
|
||||
|
||||
MPC is used for everything from [cryptocurrency](https://www.coinbase.com/learn/wallet/what-is-a-multi-party-computation-mpc-wallet) to HIPAA-compliant [medical](https://pmc.ncbi.nlm.nih.gov/articles/PMC6658266/) uses. There are ongoing efforts to [standardize](https://csrc.nist.gov/projects/threshold-cryptography) it from organizations like NIST, although it's a difficult proposition due to the sheer variation in MPC protocols and use cases.
|
||||
|
||||
There's been research into using MPC for secure and [verifiably fair](https://eprint.iacr.org/2014/075.pdf) [electronic voting](https://arxiv.org/html/2205.10580v4), something that's much needed as countries move toward [electronic voting](https://worldpopulationreview.com/country-rankings/electronic-voting-by-country). It's important to not completely dismiss the march of technology, but these things should be implemented with the utmost caution and scientific rigor. I feel that implementing black-box electronic voting without open and provably secure technologies like MPC is irresponsible and endangers elections.
|
||||
|
||||
MPC acts as an essential privacy tool in the toolbox. It intersects with other PETs like homomorphic encryption, a method of encrypting data in such a way that operations can still be performed on it without revealing the unencrypted data.
|
||||
|
||||
MPC is just one tool among many that's reshaping the privacy landscape. I'm excited to see how it's used in the future and what new advancements it unlocks.
|
||||
@@ -0,0 +1,112 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-07-24T18:20:00Z
|
||||
categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: Improving privacy can get overwhelming at first. It's important to move one step at a time, but remain persistent. Good privacy is like good health habits.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/privacy-is-like-broccoli/broccoli-cover.webp
|
||||
---
|
||||
|
||||
# Privacy Is Like Broccoli
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides</small>
|
||||
|
||||
If you are just starting the journey to improve your privacy online, you might feel overwhelmed by all the information you recently learned. This is normal, don't panic!<!-- more -->
|
||||
|
||||
When we first start learning about how much data is collected on us, and all the things we need to do to protect it, it's very common to feel stressed and distressed.
|
||||
|
||||
In a state of panic, you might be tempted to try doing it all at once, driven by an urgent desire to delete yourself from the entire internet, like right now! While this feeling is very understandable, this is the wrong approach.
|
||||
|
||||
The right approach is to see privacy like broccoli. Yes, broccoli, you have not misread me.
|
||||
|
||||
## Privacy is like good health habits
|
||||
|
||||
Good privacy is very similar to good health habits. If you want to improve your health, and your plan for this is to take one week per year to stuff yourself with broccoli, spend 7 days in a bath, and exercise 20 hours per day that week (while in the bath eating broccoli, I presume), then for the rest of the year follow a strict diet of ice cream and chips without any exercise or hygiene, you will not in fact end up being healthier.
|
||||
|
||||
The best *sustainable* approach to become healthier is to adopt better practices that you can keep doing the *whole* year, at a reasonable pace.
|
||||
|
||||
Slowly, while you eat some broccoli with healthy meals once in a while, exercise moderately but regularly, and take care of your body in general, you will effectively improve your health over the months and years.
|
||||
|
||||
The same is true for data privacy.
|
||||
|
||||
Trying to stuff yourself with better privacy is a common and normal reaction after realizing how much of our personal data is getting exploited online. The extent to which our privacy rights are getting violated daily is understandably terrifying.
|
||||
|
||||
However, trying to fix it all at once can lead to the greatest danger of all: Giving up entirely.
|
||||
|
||||
As it is for good health habits, it's important to work on adopting good privacy habits slowly but *persistently*. These improvements need to be habits you will be able to maintain through the whole year.
|
||||
|
||||
For some privacy-enhancing tools, it might take more time to set it up and get used to it at first, but then take no extra time to keep using it through the year. Nevertheless, it's important to actually **keep using these tools**. If you spend money on a stationary bike, then leave it to collect dust in the garage, this isn't going to improve your health at all.
|
||||
|
||||
## What you can do concretely
|
||||
|
||||
There is so much you can do to improve your privacy online, but here's the good news: You should start with the *easiest*.
|
||||
|
||||
Here are a few things you can start doing to improve your data privacy. Start with the **easiest for you.** Complete goals **one at a time**. Once you are comfortable with one improvement, **then pick another one**.
|
||||
|
||||
Don't forget to keep using these tools and practices through the whole year, not just for one stuffing-broccoli week. The key here is persistence.
|
||||
|
||||
### Tools and services you can start using
|
||||
|
||||
Start with the improvements that are easier for you, and with the recommendations that are realistically applicable to your unique situation. Only you can determine what are the tools that work best for yourself. Don't do it all at once! Pace yourself, but stay persistent.
|
||||
|
||||
- [x] [**Browser**: Start using privacy-respectful browsers](https://www.privacyguides.org/en/desktop-browsers/)
|
||||
|
||||
- [x] [**Internet Search**: Use a privacy-focused search engine](https://www.privacyguides.org/en/search-engines/)
|
||||
|
||||
- [x] [**Communication**: Use Signal for your text messages, calls, and video chats whenever possible](https://www.privacyguides.org/en/real-time-communication/#signal)
|
||||
|
||||
- [x] [**Social Media**: Start using better social media like Mastodon](https://www.privacyguides.org/en/social-networks/)
|
||||
|
||||
- [x] [**Documents**: Use CryptPad for your collaborative documents and forms](cryptpad-review.md)
|
||||
|
||||
- [x] [**Security**: Enable multifactor authentication for your accounts](https://www.privacyguides.org/en/multi-factor-authentication/)
|
||||
|
||||
- [x] [**Passwords**: Start using a secure password manager](https://www.privacyguides.org/en/passwords/)
|
||||
|
||||
- [x] [**Email**: Migrate to a privacy-respectful email service](https://www.privacyguides.org/en/email/)
|
||||
|
||||
- [x] [**Virtual Private Network**: Protect your IP address with a trustworthy VPN service](https://www.privacyguides.org/en/vpn/)
|
||||
|
||||
- [x] [**Cloud**: Move your data to an end-to-end encrypted cloud storage](https://www.privacyguides.org/en/cloud/)
|
||||
|
||||
- [x] [Continue your journey with more recommendations here!](https://www.privacyguides.org/en/tools/)
|
||||
|
||||
### Practices and habits to adopt progressively
|
||||
|
||||
- [x] [**Use pseudonymity when creating accounts:**](stay-safe-but-stay-connected.md/#pseudonymity) Favor sharing only a nickname or a first name when possible. Create accounts using email aliases, unique passwords, and a VPN connection when you can. Avoid sharing your phone number as much as possible.
|
||||
|
||||
- [x] [**Limit the photos you share:**](stay-safe-but-stay-connected.md/#photo-sharing) Be careful when sharing photos of yourself online. Be mindful of the information it contains, such as precise location. Examine your photos for reflections that could share more details than you intended. Keep in mind that using the same photos on different services might link these services together. Never share photos of others without their prior consent!
|
||||
|
||||
- [x] [**Remove metadata:**](stay-safe-but-stay-connected.md/#file-metadata) Whenever you share a photo or a file somewhere, strip the metadata from this file before sharing it.
|
||||
|
||||
- [x] **Minimize shared data:** When filling a form or creating an account, don't share more information than what is necessary. Even if there is a question with a field, this field might not be mandatory to fill. Only fill the mandated information to obtain the service you need.
|
||||
|
||||
- [x] [**Opt out of data collection, say no:**](you-can-say-no.md) Whenever possible, try opting out of unnecessary data collection. Sometimes, options to opt out aren't advertised, but you can ask if there is one. Opt out of meetings or medical visits being recorded (often done from AI transcription tools), opt out of facial scans at airports (if you legally can), reject all cookies!
|
||||
|
||||
- [x] **Opt out of AI features:** Each time a service or app asks for your consent to use a "smart" feature, if you don't absolutely need it, choose No. Don't use AI features if you can avoid it. Unfortunately, many if not most of these features do collect your data, in a way that often makes it impossible to delete later. Unless you have reliable guarantees this feature is privacy-respectful, it's always safer to opt out and say no.
|
||||
|
||||
- [x] [**Delete your unused accounts:**](https://www.privacyguides.org/en/basics/account-deletion/) Get into the habit of deleting the accounts you no longer use (and the data it contains). If required, email the service to submit an official data deletion request. You will feel lighter and lighter over time!
|
||||
|
||||
- [x] **Continue your journey with us:** Keep consulting our many resources to adopt even more healthy privacy practices persistently!
|
||||
|
||||
## Persistence is key
|
||||
|
||||
There are a lot of recommendations above, but don't do it all at once. Be careful not to choke on broccoli!
|
||||
|
||||
Take steps to bookmark this information for later, and go through it slowly at a pace that doesn't overwhelm you. **Always take the easiest next step.**
|
||||
|
||||
Maybe keep a to-do list, use a privacy-respectful calendar app, or even a bingo card (gamified privacy!) for your privacy improvement goals for the year. Make it easy, and make it fun!
|
||||
|
||||
Perhaps joining a group of like-minded people may also help you to stay motivated. There's a truly wonderful community on our [Privacy Guides Forum](https://discuss.privacyguides.net/) you are welcome to join! Many people there will be able to help you if you have questions through your privacy journey. Give yourself the tools and support you need to succeed, you are not alone with this.
|
||||
|
||||
Your greatest enemy is yourself giving up.
|
||||
|
||||
Your greatest allies are the amazing variety of free privacy-preserving tools and services available to you, the numerous guides and communities out there to help you, and the friends you will make along the way.
|
||||
|
||||
Remember to stay healthy and persistent with your privacy! 🥦✨
|
||||
@@ -0,0 +1,216 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-08-20T17:00:00Z
|
||||
categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Privacy washing is a widely used deceptive strategy. Learning to detect it better is an important skill to develop to help us to respond to it and report it.
|
||||
schema_type: Opinion
|
||||
preview:
|
||||
cover: blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp
|
||||
---
|
||||
|
||||
# Privacy Washing Is a Dirty Business
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Marija Zaric / Unsplash</small>
|
||||
|
||||
Perhaps you haven't heard the term *privacy washing* before. Nonetheless, it's likely that you have already been exposed to this scheme in the wild. Regrettably, privacy washing is a widespread deceptive strategy.<!-- more -->
|
||||
|
||||
## What is privacy washing
|
||||
|
||||
Similarly to whitewashing (concealing unwanted truths to improve a reputation) and greenwashing (deceptively presenting a product as environmentally friendly for marketing purposes), privacy washing misleadingly, or fraudulently, presents a product, service, or organization as being responsible and trustworthy with data protection, when it isn't.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Your privacy is* important to us. <small aria-hidden="true">*not!</small></p></div>
|
||||
|
||||
The term has been used for over a decade already. It's saddening to see that not only is this [not a new problem](https://dataethics.eu/privacy-washing/), but it has only gotten worse through the years.
|
||||
|
||||
With the acceleration of data collection, the accumulation of data breaches, and the erosion of customers' trust, companies have an increased need for reassuring users to gain their business.
|
||||
|
||||
Despite consumers' rights and expectations, implementing proper data protection takes time, expertise, and money. Even if the long term benefits are colossal, the time invested often doesn't translate into direct *short term* profits, the main objective for most businesses. On the other hand, collecting more data to sell it to third parties often *does* translate into short term profits.
|
||||
|
||||
For these reasons, many companies quickly realize the need for *advertising* better privacy, but aren't necessarily willing to invest what it takes to make these claims true.
|
||||
|
||||
There comes privacy washing: <span class="pullquote-source">"Your privacy is* important to us." <small aria-hidden="true">*not!</small></span>
|
||||
|
||||
Privacy washing comes with a selection of washer cycles, from malicious trap to deceptive snake oil to perhaps the most common wash: plain negligence.
|
||||
|
||||
## Negligence, incompetence, or malevolence
|
||||
|
||||
In some other contexts, intentions might matter more. But when it comes to privacy washing, the result is often the same regardless of intentions: Personal data from users, customers, employees, patients, or children even being leaked and exploited in all sorts of ways.
|
||||
|
||||
Whether false claims come from negligence by failing to verify that data protections are properly implemented, incompetence to evaluate if they are, or maliciously trying to trick users in using a service that is actually detrimental to their privacy, harm is done, and sometimes permanently so.
|
||||
|
||||
Nonetheless, understanding the different types of privacy washing can help us to evaluate how to detect it, respond to it, and report it.
|
||||
|
||||
### Negligence and greed
|
||||
|
||||
> *They know what they are doing, but they care more about money*
|
||||
|
||||
The most common occurrence of privacy washing likely comes from negligence and greed. One of the biggest drivers for this is that the current market incentivizes it.
|
||||
|
||||
Today's software industry is largely inflated by venture capitalist funding, which creates expectations for a substantial return on investment. This funding model often encourages startups to quickly build an app following the [minimum viable product](https://en.wikipedia.org/wiki/Minimum_viable_product) principles, grow its user base as fast as possible, increase its value, and then sell it off for profits.
|
||||
|
||||
The problem is, this model is antithetical to implementing good privacy, security, and legal practices from the start. Data privacy cannot only be an afterthought. It must be implemented from the start, before users' data even gets collected.
|
||||
|
||||
Many startups fail to see how being thorough with data privacy will benefit them in the long term, and view privacy and security requirements only as a burden slowing down their growth. This mindset can result in perceiving privacy as a simple marketing asset, something businesses talk to users about for reassurance, but without putting any real effort into it beneath the surface.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Perhaps moving fast and breaking things wasn't such a good idea after all.</small></p></div>
|
||||
|
||||
Outside of privacy, this common startup mindset of playing fast and loose with customers and their safety frequently has **devastating** consequences. One recent and tragic example comes from OceanGate's Titan deep-sea submersible that [infamously imploded](https://globalnews.ca/news/11318623/titan-sub-report-oceangate-culture-critically-flawed/) during an exploration, killing its five passengers in an instant.
|
||||
|
||||
The final report blamed a problematic safety culture at OceanGate that was “critically flawed and at the core of these failures were glaring disparities between their written safety protocols and their actual practices.”
|
||||
|
||||
<span class="pullquote-source">Perhaps [moving fast and breaking things](move-fast-and-break-things.md) wasn't such a good idea after all.</span>
|
||||
|
||||
Alas, similar "glaring disparities" between policies and practices are widespread in the tech industry. While maybe not as dramatic and spectacular as an imploding submersible, [data leaks can also literally kill people](privacy-means-safety.md).
|
||||
|
||||
**Data privacy is the "passenger safety protocol" for software**, and it should never be trivialized.
|
||||
|
||||
Privacy isn't just "risk management", it is a human right. Analogous to safety protocols, organizations are responsible for ensuring their data protection policies are being followed, and are accurately describing their current practices. Anything less is negligence, at best.
|
||||
|
||||
Unfortunately, users (like passengers) often have very few ways to verify false claims about allegedly privacy-respectful features and policies. But this burden should never be on them in the first place.
|
||||
|
||||
### Incompetence and willful ignorance
|
||||
|
||||
> *They don't know what they are doing, or they just don't want to know*
|
||||
|
||||
Partly related to negligence, is plain incompetence and willful ignorance. Some organizations might be well-intentioned initially, but either lack the internal expertise to implement proper privacy practices, or conveniently decide not to spend much time researching about what their data protection responsibilities are.
|
||||
|
||||
For example, most businesses have heard by now of the requirement to present a privacy policy to their users, customers, and even web visitors. Deplorably, in a failed attempt to fulfill this legal obligation, many simply copy someone else's privacy policy and paste it on their own website. Not only this is very unlikely to be compliant with applicable privacy regulations, but it also possibly infringes *copyright* laws.
|
||||
|
||||
Do not simply copy-paste another organization's privacy policy and claim it as your own!
|
||||
|
||||
It's important to remember that legal requirements for policies aren't the end goal here. **The true requirements are the data protection *practices*.**
|
||||
|
||||
The policies *must* accurately describe what the *practices* are in reality. Because no two organizations have the exact same internal practices and third-party vendors, no two organizations should have the exact same privacy policy.
|
||||
|
||||
**Copy-paste privacy policies aren't compliance, they're deception.**
|
||||
|
||||
A privacy policy that isn't accurately describing an organization's practices is a form of privacy washing. Sadly, a quite commonly used one, like some quick light-wash cycle.
|
||||
|
||||
It's worth noting these days that creating a privacy policy using generative AI will lead to the exact same problems related to accuracy and potential infringement of both privacy and copyright laws. This is *not* a smart "shortcut" to try.
|
||||
|
||||
While lack of understanding of policies and legal requirements is only one example of how incompetence can become a form of privacy washing, there are infinitely more ways this can happen.
|
||||
|
||||
As soon as data is collected by an organization (or by the third-party software it uses), there is almost certainly legal obligations to protect this data, to restrict its collection and retention, and to inform data subjects.
|
||||
|
||||
Organizations that do not take this responsibility seriously, or blissfully decide to remain unaware of it, while presenting an empty privacy policy, are effectively doing privacy washing.
|
||||
|
||||
Implementing protections and limiting collection cannot be an afterthought. Once data is leaked, there is often nothing that can be done to truly delete it from the wild. The damage caused by leaked data can be tragic and permanent.
|
||||
|
||||
Organizations must take this responsibility much more seriously.
|
||||
|
||||
### Malevolence and fraud
|
||||
|
||||
> *They lie, and they want your data*
|
||||
|
||||
Greed and ignorance are common causes of privacy washing, but they can quickly escalate to fraud and ambush.
|
||||
|
||||
It's worth noting that a large amount of negligence or incompetence can be indistinguishable from malice, but there are organizations that deliberately lie to users to exploit them, or to trick them into unwillingly revealing sensitive information.
|
||||
|
||||
#### Anom, the secret FBI operation
|
||||
|
||||
Perhaps one of the most infamous example of this is the Anom honeypot. Anom was an encrypted phone company promising privacy and security, but that was in fact part of an undercover operation staged by the American Federal Bureau of Investigation (FBI), [Operation Trojan Shield](https://en.wikipedia.org/wiki/Operation_Trojan_Shield).
|
||||
|
||||
Investigative journalist Joseph Cox [reported](https://www.vice.com/en/article/inside-anom-video-operation-trojan-shield-ironside/) in 2021 that Anom advertised their products to criminal groups, then secretly sent a copy of every message on the device to the FBI. It was so secret, even Anom developers didn't know about the operation. They were told their customers were corporations.
|
||||
|
||||
A screenshot [shared](https://www.vice.com/en/article/operation-trojan-shield-anom-fbi-secret-phone-network/) by Motherboard shows an Anom slogan: "Anom, Enforce your right to privacy". It's hard to tell how many non-criminal persons (if any) might have accidentally been caught in this FBI net. Although this specific operation seems to have been narrowly targeting criminals, who knows if a similar operation could not be casting a wider net, inadvertently catching many innocent privacy-conscious users in its path.
|
||||
|
||||
#### Navigating VPN providers can be a minefield
|
||||
|
||||
Using a [trustworthy](https://www.privacyguides.org/en/vpn/) Virtual Private Network (VPN) service is a good strategy to improve your privacy online. That being said, evaluating trustworthiness is critical here. Using a VPN is only a transfer of trust, from your Internet Service Provider (ISP) to your VPN provider. Your VPN provider will still know your true IP address and location, and *could* technically see all your online activity while using the service, if they decided to look.
|
||||
|
||||
[Different VPN services are not equal](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn/), unfortunately, snake oil products and traps are everywhere in this market. As with anything, do not assume that whoever screams the loudest is the most trustworthy. Loudness here only means more investment in advertising.
|
||||
|
||||
For example, take the interesting case of [Kape Technologies](https://en.wikipedia.org/wiki/Kape_Technologies), a billionaire-run company formerly known as Crossrider. This corporation has now acquired four different VPN services: ExpressVPN, CyberGhost, Private Internet Access, and Zenmate. This isn't that suspicious in itself, but Kape Technologies has also [acquired](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) a number of VPN *review* websites, suspiciously always ranking its own VPN services at the top. This is a blatant conflict of interest, to say the least.
|
||||
|
||||
Sadly, on the VPN market — [estimated](https://www.grandviewresearch.com/industry-analysis/virtual-private-network-market) at $41.33 billion USD in 2022 — what is called a ["review" is often just *advertising*](the-trouble-with-vpn-and-privacy-review-sites.md).
|
||||
|
||||
Moreover, many free VPN providers [break their privacy promises](https://iapp.org/news/a/privacy-violations-by-free-vpn-service-providers) regarding users' data. In 2013, Facebook [bought](https://gizmodo.com/do-not-i-repeat-do-not-download-onavo-facebook-s-vam-1822937825) the free VPN provider Onavo, and included it in a Facebook feature deceptively labeled "Protect". As is now standard behavior for Facebook, the social media juggernaut actually collected and analyzed the data from Onavo users. This allowed Facebook to monitor the online habits of its users even when they weren't using the Facebook app. This is very much the opposite of data privacy, and of any implied promises to "Protect".
|
||||
|
||||
Then there's the case of Hotspot Shield VPN, accused in 2017 of [breaking](https://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/) its privacy promises by the Center for Democracy & Technology, a digital rights nonprofit organization. While promising "anonymous browsing", Hotspot Shield allegedly deployed persistent cookies and used more than five different third-party tracking libraries. The parent company AnchorFree denied the accusations, but even *if* it wasn't the case for AnchorFree, how tempting would it be for a business with an ad-based revenue model to utilize the valuable data it collects for more of this revenue? And indeed, many free VPN services do [monetize](https://thebestvpn.com/how-free-vpns-sell-your-data/) users' data.
|
||||
|
||||
Worst of all are the *fake*, free VPN services. Like stepping on a landmine, criminals are [luring users](https://www.techradar.com/pro/criminals-are-using-a-dangerous-fake-free-vpn-to-spread-malware-via-github-heres-how-to-stay-safe) looking for a free VPN service and tricking them into downloading malware on their devices. While this goes beyond privacy washing, it's still a piece of software actively harming users and deceptively gaining their trust with the false promise of better privacy. Wherever privacy washing is being normalized by greedy or lazy organizations, criminals like this flourish.
|
||||
|
||||
#### Using compliance to appear legitimate
|
||||
|
||||
Another fraudulent case of privacy washing is organizations using false claims related to privacy law compliance to appear more legitimate.
|
||||
|
||||
Earlier this year, the digital rights organization Electronic Frontier Foundation (EFF) [called](https://www.eff.org/deeplinks/2025/01/eff-state-ags-time-investigate-crisis-pregnancy-centers) for an investigation into deceptive anti-abortion militant organizations (also called "[fake clinics](https://www.plannedparenthood.org/blog/what-are-crisis-pregnancy-centers)") in eight different US states.
|
||||
|
||||
These fake clinics were claiming to be bound by the Health Insurance Portability and Accountability Act (HIPAA) in order to appear like genuine health organizations. HIPAA is an American federal privacy law that was established in 1996 to protect sensitive health information in the United States.
|
||||
|
||||
Not only are many of these fake clinics **not** complying with HIPAA, but they collect extremely sensitive information without being bound by HIPAA in the first place, because they *aren't* licensed healthcare providers. Worse, some have [leaked this data](https://jessica.substack.com/p/exclusive-health-data-breach-at-americas) in all sorts of ways.
|
||||
|
||||
Thanks to the EFF's work, some of those fake clinics have now [quietly removed](https://www.eff.org/deeplinks/2025/08/fake-clinics-quietly-edit-their-websites-after-being-called-out-hipaa-claims) misleading language from their websites. But sadly, this small victory doesn't make these organizations any more trustworthy, it only slightly reduces the extent of their privacy washing.
|
||||
|
||||
### Deception and privacy-masquerading
|
||||
|
||||
> *They talk privacy, but their words are empty*
|
||||
|
||||
Perhaps the most obvious and pernicious examples of privacy washing are organizations that are clearly building products and features harming people's privacy, while using deceptive, pro-privacy language to disguise themselves as privacy-respectful organizations. There are likely more occurrences of this than there are characters in this article's text.
|
||||
|
||||
Buzzwords like "military-grade encryption", "privacy-enhancing", and the reassuring classic "we never share your data with anyone" get thrown around like candies falling off a privacy-preserving-piñata.
|
||||
|
||||
But **words are meaningless when they are deceitful**, and these candies quickly turn bitter once we learn the truth.
|
||||
|
||||
#### Google, the advertising company
|
||||
|
||||
An infamous recent example of this is Google, who [pushed](https://proton.me/blog/privacy-washing-2023) a new Chrome feature for targeted advertising in 2023 and dared to call it "Enhanced Ad Privacy"
|
||||
|
||||
This [enabled by default](https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should) technology allows Google to target users with ads customized around their browsing history. It's really difficult to see where the "privacy" is supposed to be here, even when squinting very hard.
|
||||
|
||||
Of course, Google, an advertising company, has long mastered the art of misleading language around data privacy to reassure its valuable natural resource, the user.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Google continued to collect personally identifiable user data from their extensive server-side tracking network.</small></p></div>
|
||||
|
||||
Everyone is likely familiar with Chrome's infamously deceptive "Incognito mode". In reality, becoming "Incognito" stopped at your own device where browsing history will not be kept, while <span class="pullquote-source">Google continued to collect personally identifiable user data from their extensive server-side tracking network.</span> Understandably, disgruntled users filed an official [class action lawsuit](https://www.theverge.com/2023/8/7/23823878/google-privacy-tracking-incognito-mode-lawsuit-summary-judgment-denied) to get reparation from this deception. In 2023, Google agreed [to settle](https://www.bbc.co.uk/news/business-67838384) this $5 billion lawsuit.
|
||||
|
||||
Despite claims of "privacy" in their advertising to users, Google, like many other big tech giants, has in reality spent millions [lobbying against](https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834) better privacy protections for years.
|
||||
|
||||
#### World App, the biometric data collector
|
||||
|
||||
Similarly, Sam Altman's World project loves to throw privacy-preserving language around to reassure prospect users and investors. But despite all its claims, data protection authorities around the world have been [investigating, fining, and even banning](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board) its operations.
|
||||
|
||||
The World App (developed by the World project) is an "everything app" providing users with a unique identifier called a World ID. This World ID, which grants various perks and accesses while using the World App, is earned by providing biometric data to the organization, in the form of an iris scan.
|
||||
|
||||
Providing an iris scan to a for-profit corporation with little oversight will rightfully scare away many potential users. This is why the company has evidently invested heavily in branding itself as a "privacy-preserving" technology, claims that are [questionable](sam-altman-wants-your-eyeball.md/#how-privacy-preserving-is-it) to say the least.
|
||||
|
||||
Despite catchy declarations such as "privacy by default and by design approach", the World project has accumulated an impressive history of privacy violations, and multiplies contradicting and misleading statements in its own documentation.
|
||||
|
||||
There are some stains that even a powerful, billionaire-backed, privacy wash just cannot clean off.
|
||||
|
||||
#### Flo, sharing your period data with Facebook
|
||||
|
||||
In 2019, the Wall Street Journal [reported](https://therecord.media/meta-flo-trial-period-tracking-data-sharing) that the period tracking application Flo had been sharing sensitive health data with Facebook (Meta), despite its promises of privacy.
|
||||
|
||||
The app, developed by Flo Health, repeatedly reassured users that the very sensitive information they shared with the app would remain private and would not be shared with any third parties without explicit consent.
|
||||
|
||||
Despite this pledge, the Flo app did share sensitive personal data with third parties, via the software development kits incorporated into the app.
|
||||
|
||||
This extreme negligence (or malevolence) have likely harmed some users in unbelievable ways. Considering the state of abortion rights in the United States at the moment, it's not an exaggeration to say this data leak could [severely endanger](privacy-means-safety.md/#healthcare-seekers) Flo App's users, including with risk of imprisonment.
|
||||
|
||||
In response, users have filed several [class action lawsuits](https://www.hipaajournal.com/jury-trial-meta-flo-health-consumer-privacy/) against Flo Health, Facebook, Google, AppsFlyer, and Flurry.
|
||||
|
||||
Trivializing health data privacy while promising confidentiality to gain users' trust should never be banalized. This is a very serious infringement of users' rights.
|
||||
|
||||
## Remain skeptical, revoke your trust when needed
|
||||
|
||||
Regardless of the promises to safeguard our personal data, it's sad to say, we can never let our guard down.
|
||||
|
||||
Privacy washing isn't a trend that is about to fade away, it's quite likely that it will even worsen in the years to come. We must prepare accordingly.
|
||||
|
||||
The only way to improve our safety (and our privacy) is to remain vigilant at all time, and grant our trust only sparsely. We also need to stay prepared to revoke this trust at any time, when we learn new information that justifies it.
|
||||
|
||||
Always remain skeptical when you encounter privacy policies that seem suspiciously too generic; official-looking badges on websites advertising unsupported claims of "GDPR compliance", reviews that are lacking supporting evidence and doubtfully independent; and over usage of buzzwords like "military-grade encryption", "privacy-enhancing", "fully encrypted", and (more recently) "AI-powered".
|
||||
|
||||
It's not easy to navigate the perilous waters of supposedly privacy-respectful software. And it's even worse in an age where AI-spawned websites and articles can create the illusion of trustworthiness with only a few clicks and prompts.
|
||||
|
||||
Learning [how to spot the red flags, and the green(ish) flags](red-and-green-privacy-flags.md), to protect ourselves from the deceptive manipulation of privacy washing is an important skill to develop to make better informed choices.
|
||||
@@ -91,7 +91,7 @@ Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete onl
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
|
||||
|
||||
|
||||
@@ -0,0 +1,422 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-10-15T03:50:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- em
|
||||
- jordan
|
||||
description:
|
||||
Real-name policies have existed for over a decade, but these problems have become exponentially harmful in today's world. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/real-name-policies/realname-cover.webp
|
||||
---
|
||||
|
||||
# Real-Name Policies: The War Against Pseudonymity
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Marija Zaric / Unsplash</small>
|
||||
|
||||
Real-name policies have existed for well over a decade already, and the problems they cause aren't new. But these problems have become exponentially harmful in today's world, where real-name policies are coupled with monopolistic platforms, increased mass surveillance, AI technologies, and facial recognition capabilities. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.<!-- more -->
|
||||
|
||||
Pseudonymity, or the use of a nickname or fictitious name online, has always been deeply valued on the internet. It grants people protections and freedoms that are often impossible to benefit from offline.
|
||||
|
||||
Women, and especially women who are part of male-dominated online communities, have regularly used pseudonyms to hide their gender online in order to protect themselves from sexual harassment, stalking, and physical violence even.
|
||||
|
||||
Transgender and gender-diverse people also regularly use pseudonyms for protection, or use new chosen names to explore their gender identity online.
|
||||
|
||||
Victims of domestic violence, victims of stalkers, activists, and even journalists often use pseudonyms to protect themselves from aggressors or oppressive regimes.
|
||||
|
||||
**Pseudonymity saves lives.** And yet, it is constantly under attack.
|
||||
|
||||
## What are real-name policies exactly?
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</p></div>
|
||||
|
||||
So called "real-name" policies are platform policies requiring users and subscribers to sign up and display their "real name," often equated to a *legal* name.
|
||||
|
||||
Facebook for example claims not to require a legal name, but only the "real" name a person uses in their daily life. Yet, the social media giant regularly demands official IDs to verify this "real" name, effectively requiring people associate their account with their *legal* identity.
|
||||
|
||||
Facebook has even repeatedly taken the liberty to decide which name was "real", and changed the displayed name of users based on verification processes **without any prior consent from users**. For people in vulnerable situations, this can be a *very* dangerous practice.
|
||||
|
||||
Facebook is perhaps the most infamous platform implementing such discriminatory and intrusive policy, but sadly, it's not the only one.
|
||||
|
||||
<span class="pullquote-source">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</span> And this will likely be aggravated significantly by the recent trend for [age-verification](https://www.privacyguides.org/videos/2025/08/15/age-verification-is-a-privacy-nightmare/) policies.
|
||||
|
||||
### Explicit and implicit policies
|
||||
|
||||
There is always two levels of real-name policies: The name displayed publicly to everyone (explicitly required), and the name the platform has associated with the account in its database (implicitly associated).
|
||||
|
||||
While a requirement to expose one's legal name publicly has clear privacy risks, storing legal names without displaying it to other users is also problematic.
|
||||
|
||||
For explicit requirements, users who are obligated to display their legal name publicly are not only forced to create a permanent association of this account with their legal identity (with all the problems this can bring), but are also potentially exposing their identity and account to current or future attackers.
|
||||
|
||||
For example, this can and does enable stalkers to find their victims online (and offline) to cause them harm.
|
||||
|
||||
For implicit associations, as soon as a legal name is collected and associated with an account in the backend, whether from providing official documentation for age verification, account recovery, payment, or any other processes; this data is at risk of getting leaked or breached, and eventually shared publicly as well.
|
||||
|
||||
Once this data is [exposed](https://discuss.privacyguides.net/t/discord-data-breach-customers-personal-data-and-scanned-photo-ids-leaked/31904), this account now also becomes permanently associated with a legal identity, publicly.
|
||||
|
||||
Even without having an openly stated real-name policy, platforms collecting official documentation—or otherwise storing legal names associated with accounts—can effectively end up exposing their users to similar risks.
|
||||
|
||||
### What is a real name anyway?
|
||||
|
||||
Of course, your true *real* name is whatever you decide others should call you. Only *you* can decide this, and others should be respectful of your choice.
|
||||
|
||||
Your *legal* name, however, is a **data marker attached to your person that can be used to trace many of your activities online and offline**, with a high degree of precision going as far back as when you were born.
|
||||
|
||||
For everyone, but especially for vulnerable communities, exposing legal names on certain platforms can represent a significant risk. The [use of pseudonymity](https://www.techradar.com/pro/vpn/using-your-real-name-on-social-media-heres-why-you-should-think-twice) is a critical part of online safety, and people should be able to continue using this protective measure without raising suspicion.
|
||||
|
||||
## Who is impacted the most by real-name policies?
|
||||
|
||||
Everyone is impacted by real-name policies, but groups that are at higher risk of discrimination, violence, and online harassment are disproportionally harmed by them.
|
||||
|
||||
Moreover, anyone who for various reasons uses a name that doesn't match their official ID; has a legal name that doesn't match an expected American name pattern; needs to conceal their gender online for safety; or has to protect their identity online due to their work as an activist, journalist, dissident, or whistleblower can be severely impacted, silenced, and even endangered by requirements to provide a legal name online.
|
||||
|
||||
### Victims of domestic violence
|
||||
|
||||
For many people, using pseudonyms isn't just a good privacy practice, but it can be a matter of life and death.
|
||||
|
||||
For anyone who is experiencing or has experienced domestic violence, creating a new online identity hidden from the perpetrator can be essential for survival, to prepare a safe escape, or to keep having access to essential support and resources.
|
||||
|
||||
When people are forced to only use one identity online, an identity attached to their legal identity, this empowers aggressors to find their victims, to silence them, to control them, and to harm them.
|
||||
|
||||
**Technologies and policies are never neutral.** When policies and features make it difficult or impossible for vulnerable people to use these technologies safely, they are effectively excluding vulnerable people from the platforms.
|
||||
|
||||
Even if this might seem minor from the outside, when Big Tech becomes so monopolistic that it's almost impossible to fully avoid it in our daily lives, when someone cannot access social groups and support without a Facebook account, and can't find a new job without LinkedIn, then it's not just a minor problem anymore, it's a major problem.
|
||||
|
||||
**Platforms and online services should be safely accessible to everyone.** And this includes allowing the use of protective pseudonymity without requiring legal identification that could put the most vulnerable in life-threatening situations.
|
||||
|
||||
### Victims of stalking
|
||||
|
||||
Similarly to victims of domestic violence, victims of stalking must protect their identity online to stay safe from their stalkers. When platforms obligate people to use their legal names, explicitly or implicitly, they directly endanger these victims.
|
||||
|
||||
If a stalker or an aggressor knows a victim's legal name (which is often the case), then it's trivial to find their account on any platforms and services, regardless of if they have blocked them on one.
|
||||
|
||||
A good protection to prevent severe harassment is to create alternative accounts using a different name or different pseudonym unknown to the aggressor. This can give victims the peace of mind of knowing their stalker will not be able to find them there.
|
||||
|
||||
For anyone tempted to argue real-name policies reduce the number of perpetrators, this isn't the case.
|
||||
|
||||
Stalkers and predators of all kind feel generally quite comfortable using their own legal names, this isn't a problem for them. They feel confident knowing that victims generally have little recourses and support, and that there will be no consequences for them even when their legal name is known.
|
||||
|
||||
Despite the claims, removing pseudonymity doesn't remove misbehavior online, this has been demonstrated [again](https://theconversation.com/online-abuse-banning-anonymous-social-media-accounts-is-not-the-answer-170224), and [again](https://theconversation.com/online-anonymity-study-found-stable-pseudonyms-created-a-more-civil-environment-than-real-user-names-171374), and [again](https://allabouteve.co.in/harassment-of-women-on-linkedin/). Real-name policies don't reduce crime, it only restricts the victims' ability to protect themselves from such crime.
|
||||
|
||||
### Activists and political dissidents
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it.</p></div>
|
||||
|
||||
For activists and political dissidents around the world, using pseudonymity online can be a way to reclaim freedom of speech and criticize power in a safer way. Under oppressive regimes, online privacy can mean life or death.
|
||||
|
||||
This is another example showing how essential privacy rights are to democracy. **Real-name policies facilitate censorship, discrimination, and political repression.**
|
||||
|
||||
A Honduran blogger using the pseudonym [La Gringa](https://lagringasblogicito.blogspot.com/2011/10/my-ripples-will-continue.html) used her blog and Facebook page to criticize the Central American government for years.
|
||||
|
||||
Protecting her legal identity is essential to allow her to speak freely and stay safe from state repression. This isn't an exaggeration, Honduras is one of the most dangerous country for journalists. The Committee to Protect Journalists (CPJ) [recorded](https://latamjournalismreview.org/articles/almost-five-years-after-murder-of-honduran-journalist-gabriel-hernandez-authorities-still-waiting-for-results-of-their-investigations/) that 37 press workers were killed in the country between 1992 and 2023. Of these murders, 90% were unpunished.
|
||||
|
||||
But Facebook silenced La Gringa with its real-name policy, requiring her to provide a copy of her official ID to continue advocating on the platform. Evidently, this request is asking her to put her life in danger and cannot be compromised on.
|
||||
|
||||
Facebook's policy is essentially silencing any dissident and marginalized voices in oppressive regimes.
|
||||
|
||||
By letting the community report infractions to Facebook's real-name policy, this effectively allows Facebook's rules to be weaponized against marginalized groups already plagued with constant discrimination.
|
||||
|
||||
It also empowers abusers to silence their victims, and sides with oppressive regimes around the world to censor any critics they might have.
|
||||
|
||||
As reporter Kevin Morris [commented](https://www.dailydot.com/news/la-gringa-facebook-ban-real-id-dangerous-honduras/) in his Daily Dot piece on the topic: <span class="pullquote-source">"Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it."</span>
|
||||
|
||||
### Women
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</p></div>
|
||||
|
||||
Women have long used pseudonyms on the internet in order to conceal their gender online, and spare themselves from the sexual harassment and discrimination omnipresent on some platforms. This is even more common in male-dominated communities like online gaming, for example.
|
||||
|
||||
It's not rare to hear some people claiming that "there aren't any women in their online community." Well, there probably is.
|
||||
|
||||
Platforms allowing pseudonyms foster a culture of inclusivity where everyone can participate free from discrimination, regardless of their gender. Real-name policies encourage the opposite: platforms where participants are forced to either endure the abuse and compromise their physical safety, or be excluded entirely.
|
||||
|
||||
As pseudonymous author *skud* [wrote](https://geekfeminismdotorg.wordpress.com/2010/06/10/hacker-news-and-pseudonymity/) for the *Geek Feminism* blog in 2010:
|
||||
|
||||
> [...] women online are regularly admonished to use pseudonyms to protect themselves. Many websites with a culture of pseudonymity [...] have a very high proportion of female members, perhaps in part because of the sense of privacy and security that pseudonymity brings. <span class="pullquote-source">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</span>
|
||||
|
||||
Women aren't exactly a minority group. While platforms should be inclusive to everyone of course, including minority groups, enforcing a policy that obligates roughly 50% of the population to lower its safety protections in order to participate should be obviously unacceptable.
|
||||
|
||||
### Indigenous people
|
||||
|
||||
Notwithstanding its own policy, Facebook has regularly suspended accounts with legal names wrongly targeted as fake, based on criteria rooted in colonialism. Indigenous communities have been exceedingly impacted by Facebook's real-name policy, despite following all the platform's rules as requested.
|
||||
|
||||
In 2009, Facebook abruptly [cut off account access](https://ictnews.org/archive/facebook-no-friend-to-american-indian-names/) to an Indigenous American woman named Robin Kills The Enemy, wrongly accusing her of registering under a false name. But her name was authentic, and indeed her *legal* name.
|
||||
|
||||
Facebook eventually reinstated her account, but only after a long process where she had to modify the spelling.
|
||||
|
||||
The burden shouldn't be on Indigenous people to have to prove their identity just because a US-based corporation can't seem to understand the global diversity of naming conventions.
|
||||
|
||||
Following Kills The Enemy's experience, a journalist started a Facebook group called "Facebook: don't discriminate against Native surnames!!!" that was joined by over a thousand people only a few days after its creation. Many users shared similar experiences and questioned the platform's treatment of Indigenous surnames.
|
||||
|
||||
Another woman named Melissa Holds The Enemy described a month-long process to recover her account.
|
||||
|
||||
An Indigenous man named Oglala Lakota Lance Brown Eyes had his account [suspended](https://colorlines.com/article/native-americans-say-facebook-accusing-them-using-fake-names/) by Facebook demanding his "real" name.
|
||||
|
||||
After Brown Eyes sent all the required proofs, Facebook decided without warning to Americanize his displayed name to "Lance Brown." **This is blatant racism.**
|
||||
|
||||
His name was eventually corrected and Facebook apologized, but only after Brown Eyes threatened the company with a class action lawsuit.
|
||||
|
||||
Dana Lone Hill also got her account suspended because of her Indigenous surname, and was forced to go through Facebook's intrusive verification process in order to recover her account.
|
||||
|
||||
The list goes on and on. Indigenous people have been forced by Facebook to modify and Americanize their *actual legal names*.
|
||||
|
||||
Many were forced to add hyphens, change the alphabet used, smash words together, or even remove parts of their legal name in order to please Facebook's arbitrary preferences, ignoring its own "real-name" policy.
|
||||
|
||||
This is yet another demonstration of systemic racism perpetrated by a monopolistic corporation quick to ignore the human rights and diversity of its users.
|
||||
|
||||
### People with non-Anglophone names
|
||||
|
||||
In another case, a woman from Japan named Hiroko Yoda [wasn't able to sign up](https://www.telegraph.co.uk/news/newstopics/howaboutthat/2632170/Woman-called-Yoda-blocked-from-Facebook.html) for a Facebook account due to her surname.
|
||||
|
||||
Despite being a common surname in Japan, it seems Facebook judged it more important to ban anyone trying to "impersonate" the popular Star Wars character.
|
||||
|
||||
Of course, the Star Wars character uses a Japanese name because its creator has drawn [inspiration](https://en.wikipedia.org/wiki/Yoda#Creation) from the Japanese culture. But Facebook still seems to somehow think that Star Wars comes first, and Japanese people must pay the price for daring to share a surname with the American Jedi.
|
||||
|
||||
A Facebook user from Hawaii named Chase Nahooikaikakeolamauloaokalani Silva also had his account suspended despite using his legal name.
|
||||
|
||||
As a proud Hawaiian, it was important for him to be able to display his Hawaiian given name. But Facebook just didn't like his *legal* name.
|
||||
|
||||
Silva reported to [HuffPost](https://www.huffpost.com/entry/facebook-chase-nahooikaikakeolamauloaokalani-silva_n_5833248) that "Facebook should not be able to dictate what your name is, what you go by, what you answer to," and he's right.
|
||||
|
||||
More broadly, Facebook's policy [prohibits](https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) name with "too many" words, capital letters, or first names with initials. This assumes the default for names is the Americanized format of one first name, one (short) middle name, and one last name.
|
||||
|
||||
But this isn't a reality for most of the world. This extremely narrow vision of what a name should look like and how it should be formatted isn't compatible with many if not most cultures.
|
||||
|
||||
It's unbelievable (and unacceptable) that a platform with an estimated 2.28 billion active users, who seems to want to eat even more of the world every year, is being so ignorant of non-American cultures and global naming conventions in its policies and practices.
|
||||
|
||||
### The transgender community
|
||||
|
||||
For transgender and gender-diverse individuals, their legal name may be a "[dead name](https://en.wikipedia.org/wiki/Deadnaming)." A dead name is a name that they were assigned at birth but no longer identify with. Commonly, transgender people change their name as part of their gender transition.
|
||||
|
||||
In many countries around the world, there can be many bureaucratic hurdles required to change one's name, meaning that many trans people are unable to update their legal name to reflect their gender identity. Because they no longer identify with their dead name, keeping it private is of great importance for their mental health and safety.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity.</p></div>
|
||||
|
||||
Referring to a trans person with their dead name is considered offensive and often involves misgendering someone too. For transgender people, being called a name that they no longer identify with invokes feelings of depression, anxiety, gender dysphoria, and lack of acceptance.
|
||||
|
||||
Using someone's dead name signals that you don't respect their identity and that you don't care about them enough to use their new name.
|
||||
|
||||
Unfortunately, transgender people still face widespread discrimination, that's why "dead naming" can be incredibly dangerous. Revealing someone's gender identity or sexuality without their consent is called "outing". By calling someone by their dead name, you may be inadvertently revealing someone is transgender. This can be not only traumatizing and frightening for the individual, but can also lead to violence or put this person in a dangerous situation.
|
||||
|
||||
The Trevor Project, a non-profit LGBTQ+ organization, conducts a yearly [survey](https://www.thetrevorproject.org/survey-2024/?_hsmi=305272848) on LGBTQ+ youth across the United States. In their 2024 release, they found that <span class="pullquote-source">"23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity."</span>
|
||||
|
||||
This is why when real-name policies come in, requiring transgender people to use their legal name for their social media accounts, this could force them to "come out" by displaying a name that they no longer identify with, therefore revealing they are transgender. The National LGBTQ Institute on Intimate Partner Violence [describes](https://lgbtqipvinstitute.org/coming-out-safely/) "coming out" as an "ongoing process, by which a person shares aspects of their identity with others."
|
||||
|
||||
Having aspects of their identity shared without their consent can put this person in significant physical danger because of unsupportive family members, friends, colleagues, and strangers. This is especially the case with LGBTQ+ youth, who are at heightened risk of online, verbal, physical harassment, or violence due to their identity.
|
||||
|
||||
Coming out can be a very daunting and scary process, particularly for transgender and gender-diverse people, and often can be an ongoing process over many years. In many cases, LGBTQ+ people choose instead to [hide their identity](https://www.stonewall.org.uk/news/new-research-shows-almost-40-of-lgbtq-employees-still-hide-their-identity-at-work) at social and work gatherings.
|
||||
|
||||
Platforms that enforce real-name policies take away the essential ability to control when and how that process plays out are nothing short of abusive. This might sound hyperbolic, however, "outing" is often used as a mean of control in abusive relationships to coerce an LGBTQ+ individual. The fact that social media platforms are exhibiting similar behavior is alarming.
|
||||
|
||||
Unfortunately, many websites don't allow updating the name attached to an account easily, often requiring to provide legal documentation showing proof that the name has been legally changed.
|
||||
|
||||
Having to provide your identification documents to use a website is not only terrible for your privacy, as it links your real life identity to your online account, it also puts your identity at risk.
|
||||
|
||||
Companies that process and verify identity documents are at a much higher risk of being targeted by malicious actors, because of the sensitive information they store and process.
|
||||
|
||||
One of the worst offenders of this is Facebook. They require everyone that signs up to use their legal name for their profile, and claim that this is to ensure safety on the platform so that everyone knows who they are talking to is who they say they are.
|
||||
|
||||
Many transgender and gender-diverse people use aliases on social media platforms to protect their identities and the identities of those around them, because they are more likely to be harassed or doxxed. Facebook's real-name policy has unforeseen consequences for these people, as one transgender Facebook user [found out](https://www.dailydot.com/news/facebook-real-names-cracking-down-transgender/):
|
||||
|
||||
> I woke up to find my Facebook account deleted. [...] I have had a Facebook since about 2007 or 2008. Other than when I was a kid and was afraid my parents would find out about my account (causing me to use an alias for a little while), my profile always bore my legal name. A week or so ago, however, I changed my display name to "Arc Angel."
|
||||
|
||||
Finally, because of the discrimination and danger that transgender people face in the real world, they often find refuge in online and internet communities. According to a report by [Hopelab](https://assets.hopelab.org/wp-content/uploads/2025/03/2025-Without-It-I-Wouldnt-Be-Here.pdf) of LGBTQ+ youth:
|
||||
|
||||
> Transgender young people more often agree that their online communities and friendships were important or very important (84%) when they began to explore their sexuality or gender compared to cisgender LGBQ+ young people (71%).
|
||||
|
||||
This is why it’s so important that they are able to freely express themselves with a pseudonymous or anonymous identity. If every online platform required these users to use their legal name, this would be extremely dangerous for transgender and gender-diverse people who often rely on online spaces for community, friendship, and support.
|
||||
|
||||
### LGBTQ+ people
|
||||
|
||||
Moreover, real-name policies disproportionately affect LGBTQ+ people, as they often prefer to not associate their legal name with their online activities. This is especially important for people living in countries where LGBTQ+ identities are [criminalized by law](https://en.wikipedia.org/wiki/Criminalization_of_homosexuality), meaning they can be jailed (or worse) if they associate their online activities with their real life identity.
|
||||
|
||||
Unfortunately, it gets even worse: harassers and trolls have weaponized Facebook's real-name policy, and are using it to silence their victims by mass reporting them as using a fake name.
|
||||
|
||||
In an [open letter](https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy) to Facebook about its real-name policy in 2015, many LGBTQ+ and digital rights organizations warned Facebook that this was being used to silence LGBTQ+ people:
|
||||
|
||||
> Facebook users in the global LGBTQ community, South and Southeast Asia and the Middle East report that groups have deliberately organized (sometimes even coordinating via Facebook) to silence their targets using the "Report Abuse" button.
|
||||
|
||||
Despite all the recommendations and warnings by LGBTQ+ organizations and digital rights groups more than ten years ago, Facebook is still standing strong in its intention to keep the platform a "real name" only space.
|
||||
|
||||
Their help center still [states](https://www.facebook.com/help/229715077154790/Names+allowed+on+Facebook/) that you can only use a name that appears on your official identification documents:
|
||||
|
||||
> The name on your profile should be the name that your friends call you in everyday life. This name should also appear on a form of ID or document from our ID list.
|
||||
|
||||
Many platforms have been trying to improve the way they handle this and allow for users to select a preferred name that is displayed instead of their legal name. This is an improvement, however it isn't without issues.
|
||||
|
||||
Platforms shouldn't require you to provide your legal name to begin with.
|
||||
|
||||
### Stage performers and small businesses
|
||||
|
||||
In 2014, Facebook made the news for ramping up its real-name policy and suspending hundreds of accounts from marginalized and vulnerable people (more on this in the [next section](#facebook)). The platform was heavily criticized, and Facebook eventually reinstated many banned accounts.
|
||||
|
||||
At the time, drag performers were [severely impacted](https://www.cnn.com/2014/09/16/living/facebook-name-policy/) by the policy purge. Drag queen and activist Sister Roma reported having to change her Facebook profile to a legal name she had not used publicly for 27 years.
|
||||
|
||||
Retired burlesque dancer Blissom Booblé explained that using a pen name on Facebook was essential to continue her advocacy for LGBTQ+ homeless youth and to raise HIV awareness while staying free from discrimination at her workplace.
|
||||
|
||||
Drag queen Ruby Roo reluctantly complied with Facebook's policy in order to keep contact with his friends, but expressed concerns that people would not recognize him under his legal name. If nobody ever calls you by your legal name, does this still even count as your "real" name?
|
||||
|
||||
During an earlier purge in 2009, small-business entrepreneur Alicia Istanbul [suddenly lost access](https://www.sfgate.com/business/article/Real-users-caught-in-Facebook-fake-name-purge-3231397.php) to both her personal Facebook account and her jewelry design business page. Once this happens, the burden falls on users to carry on the lengthy and intrusive verification process to restore their accounts.
|
||||
|
||||
**There is no innocent until proven guilty with Big Tech.** This can represent significant losses in time and money for small businesses.
|
||||
|
||||
Additionally, many professionals such as teachers, doctors, therapists, and social workers regularly use pseudonyms so that clients and patients will not be able to find their personal accounts.
|
||||
|
||||
Everyone should have the right to separate their professional lives from their personal lives, and [using pseudonyms is a great practice](stay-safe-but-stay-connected.md/#pseudonymity) to this effect.
|
||||
|
||||
### Everyone else
|
||||
|
||||
Finally, everyone can be impacted negatively by real-name policies, not only marginalized or vulnerable groups.
|
||||
|
||||
Everyone should be able to choose the protections necessary for themselves, according to their own and unique [threat model](https://www.privacyguides.org/en/basics/threat-modeling/). If someone decides it's safer or more comfortable for them to use a platform under a pseudonymous account, they should be able to do so freely.
|
||||
|
||||
Privacy is a basic human right, and it should be accessible to all without requiring any justification.
|
||||
|
||||
The normalization of real-name policies online, aggravated by the growing identity and age verification industry, will have devastating consequences for everyone, and for democracies everywhere. **Real-name policies are authoritarian in nature and have a chilling effect on freedom of speech and other civil liberties.**
|
||||
|
||||
If we value privacy as a human right, we must push back against real-name policies, especially on social media.
|
||||
|
||||
## Where are real-name policies?
|
||||
|
||||
About ten years ago, pseudonymity became a heated news topic during the so-called [Nymwars](https://en.wikipedia.org/wiki/Nymwars), the wars against pseudo*nyms*.
|
||||
|
||||
The term mostly refers to a series of conflicts related to real-name policies in the 2010s. It emerged in relation to waves of policy enforcement from Facebook, Google, and the video-game giant Blizzard.
|
||||
|
||||
With the increasing push for age verification and "human authentication" online, the Nymwars are sadly likely to make a comeback very soon. And for some platforms, the war just never stopped.
|
||||
|
||||
Sometimes, your legal name might be required online of course. For example, for governmental and financial services. But way too many platforms and services collect legal names when there really isn't any strong justifications for it.
|
||||
|
||||
While Facebook was mentioned abundantly in previous examples, this problem isn't limited to Meta's social media. You've probably encountered real-name policies everywhere already, but here are some platforms (and even countries) that have been infamous for it:
|
||||
|
||||
### Facebook
|
||||
|
||||
In 2014, Facebook [made the news](https://www.aclunc.org/blog/my-name-why-aclu-facebook-today) (again) for enforcing a [horrible policy](https://www.zdnet.com/article/facebook-nymwars-disproportionately-outing-lgbt-performers-users-furious/) (again) that was [hurting](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community) marginalized and vulnerable groups the most ([again](https://www.hrc.org/news/metas-new-policies-how-they-endanger-lgbtq-communities-and-our-tips-for-staying-safe-online)).
|
||||
|
||||
Several human rights groups, including the Electronic Frontier Foundation, Human Rights Watch, and Access Now even joined the [Nameless Coalition](https://www.accessnow.org/nameless-coalition-calls-on-facebook-to-change-its-real-name-policy/) to demand changes to Facebook's policy.
|
||||
|
||||
Facebook presented this ramping up of their real-name policy enforcement as something important for "authenticity" online. Despite this dubitable claim, Facebook was in all likelihood simply worried about protecting its financial assets, as ever.
|
||||
|
||||
Back in 2012, Facebook's share price plummeted after a quarterly filing with the Securities and Exchange Commission [revealed](https://www.theguardian.com/technology/2012/aug/02/facebook-share-price-slumps-20-dollars) that an estimated 8.7% of accounts on the platform may be fake, and 5% of active accounts were duplicates (numbers that aren't really that alarming, actually). But this backlash from investors evidently scared Facebook enough to justify intensifying its policy enforcement for accounts using pseudonyms, or suspected of being fake, presumably in an attempt to soothe shareholders.
|
||||
|
||||
Despite the unpopularity of these policies, the real customer for Facebook isn't its users, but its advertisers (who demand access to your data, Facebook's true product).
|
||||
|
||||
Advertisers want some assurance that they are paying for *real* humans to see their ads, otherwise this diminishes Facebook's value to them. **It's important to remember that Facebook is, and has always been, an advertising company.**
|
||||
|
||||
Despicably, Facebook even [encouraged](https://thenextweb.com/news/facebook-now-wants-snitch-friends-arent-using-real-name) people to "snitch on [their] friends if they are not using their real name."
|
||||
|
||||
> Please help us understand how people are using Facebook. Your response is anonymous and won't affect your friend's account. Is this your friend's real name?
|
||||
|
||||
This kind of prompt fosters mistrust and allows users to weaponize policies against people they simply don't like. Victims of these "report attacks" are often the most vulnerable and the most marginalized in our society. **Real-name policies have nothing to do with safety, in fact, they're horrible for safety.**
|
||||
|
||||
A decade later, Facebook still encourages and enforces its real-name policy in order to protect its most valuable asset to sell: Your personal data.
|
||||
|
||||
### LinkedIn
|
||||
|
||||
LinkedIn is another well-known platform that enforces a real-name policy.
|
||||
|
||||
The employment-oriented social media states in its [User Agreement](https://www.linkedin.com/help/linkedin/answer/a1337288/names-allowed-on-profiles) that "LinkedIn does not allow members to use pseudonyms, fake names, business names, associations, groups, email addresses, or special characters that do not reflect your real or preferred professional name."
|
||||
|
||||
It's unclear how LinkedIn would enforce or verify what is an allowed "preferred professional name."
|
||||
|
||||
Although this might make slightly more sense on a platform focused on employment, the policy still excludes some professionals and industries that regularly work using pseudonyms, such as performers, writers, visual artists, activists, and privacy advocates even.
|
||||
|
||||
Additionally, the platform uses the same colonialist discrimination as Facebook, assuming that all names worldwide are composed of "first, middle, and last names" only.
|
||||
|
||||
### Google, Quora, and Blizzard abandoned their policies
|
||||
|
||||
Google made the news in 2011 when it started implementing and enforcing its own real-name policy for its (now defunct) social media platform Google+, and by proxy for YouTube accounts when Google [migrated](https://www.theguardian.com/technology/2014/jul/16/youtube-trolls-google-real-name-commenter-policy) YouTube comments to a Google+ system in 2013.
|
||||
|
||||
The policy was [largely criticized](https://www.eff.org/deeplinks/2011/07/case-pseudonyms) after a wave of account suspensions, where some famous accounts were banned. In July 2014, Google [abandoned](https://en.wikipedia.org/wiki/Nymwars#Google) the policy altogether and removed restrictions on account names.
|
||||
|
||||
The question-answering social platform Quora also enforced a real-name policy for a long time.
|
||||
|
||||
Verification wasn't required, but names deemed "false" could be reported by the community. Again, this kind of reporting system facilitates abuse by allowing the weaponization of platform policies against marginalized groups.
|
||||
|
||||
Thankfully, Quora [eliminated](https://quorablog.quora.com/Allowing-everyone-to-contribute-to-Quora) the requirement to use a "real" name in 2021, and now allows users to register with protective pseudonyms.
|
||||
|
||||
The video-game developer Blizzard Entertainment spawned strong criticism online when the company [announced](https://en.wikipedia.org/wiki/Blizzard_Entertainment#Privacy_controversy_and_Real_ID) in 2010 that it would be implementing a real-name policy for Blizzard's forums.
|
||||
|
||||
Gamers were not amused. The community came together to fight back in force against the announced policy. Game magazines and forums were inundated with replies and condemnations.
|
||||
|
||||
At one point, a Blizzard employee trying to demonstrate that the policy "wasn't a big deal" willingly shared his real name on a public post. After this revelation, forum members started to post the employee's personal information, including his phone number, age, picture, home address, and even information related to his family members.
|
||||
|
||||
Other members were quick to share their own experiences and show how [unsafe](https://web.archive.org/web/20100628055329/http://ve3d.ign.com/articles/news/55728/Is-Blizzards-Real-ID-Safe-Or-A-Playground-For-Sexual-Deviants) a real-name policy would be. Following the powerful community backlash, Blizzard decided to cancel its plan for the invasive policy.
|
||||
|
||||
### South Korea
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</p></div>
|
||||
|
||||
Terrifyingly, whole countries have enforced real-name policies online. In 2007, South Korea [implemented](https://www.koreatimes.co.kr/southkorea/20120823/online-real-name-system-unconstitutional) a name registration system for internet users in compliance with the country's Information Communications Law.
|
||||
|
||||
The law was initially enforced in an attempt to reduce malicious comments online, but **was later ruled unconstitutional and revoked in 2012**.
|
||||
|
||||
The Constitutional Court said in its verdict that "the system does not seem to have been beneficial to the public. <span class="pullquote-source">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</span>"
|
||||
|
||||
### China
|
||||
|
||||
Sadly, not every country implementing such a system came to the same conclusion.
|
||||
|
||||
In China, the [Internet real-name system](https://en.wikipedia.org/wiki/Internet_real-name_system_in_China) obligates all internet service providers and online platforms to collect users' legal names, ID numbers, and more. This affects services such as internet access, phone service, social media, instant messaging, microblogging, and online gaming.
|
||||
|
||||
In 2023, large Chinese platforms announced that they would make public the legal names of any accounts with over 500,000 followers.
|
||||
|
||||
In July 2025, China centralized this control further with the launch of the [national online identity authentication](https://en.wikipedia.org/wiki/National_online_identity_authentication) system, which requires citizens to submit their personal information in order to receive an "Internet certificate" to access online accounts.
|
||||
|
||||
This effectively imposes a real-name policy on *all* internet services in the country, and makes this information accessible at all time by the government.
|
||||
|
||||
The new national cyber ID system has been [criticized](https://www.scmp.com/tech/tech-trends/article/3318302/china-rolls-out-voluntary-cyber-id-system-amid-concerns-over-privacy-censorship) over privacy and censorship concerns.
|
||||
|
||||
So far, it is not mandatory to share identity through the national online identity authentication (although services are still obligated to identity their users in other ways).
|
||||
|
||||
However, in a country where freedom of speech and access to information is increasingly restricted, it's easy to imagine the national real-name system could become obligatory everywhere soon.
|
||||
|
||||
## Real-name policies don't make the web safer
|
||||
|
||||
It has been demonstrated again and again that real-name policies do not reduce abuse and misbehavior online, and only end up harming the most vulnerable.
|
||||
|
||||
Despite the evidence and failed attempts, platform owners and policymakers obstinately continue to push for the implementation of these dangerous, authoritarian systems.
|
||||
|
||||
Platforms will often claim these policies are to protect users from harassment, but when action is required to truly protect users they refuse to act. Facebook, the most infamous platform for enforcing its real-name policy, [ranks the *worst* for online harassment](https://www.theverge.com/news/713976/online-harassment-meta-social-media-environmental-activists).
|
||||
|
||||
So, who are these real-name policies truly protecting?
|
||||
|
||||
It's clear that, as is the case for other oppressive policies such as [Age Verification](age-verification-wants-your-face.md) and [Chat Control](chat-control-must-be-stopped.md), "safety" is only an excuse for people to accept what this is truly about: **Corporate profit and government control.**
|
||||
|
||||
Unfortunately, as long as these platforms' business model is to sell users' data to advertisers and other stakeholders, there is no incentive for them to protect our privacy and our right to use protective pseudonyms, as the EFF's Director of Cybersecurity Eva Galperin aptly pointed out in her [talk](https://www.youtube.com/watch?v=d5czLwsa-wE) at the HOPE conference in 2012. **More data just means more money to them.**
|
||||
|
||||
When governments impose similar invasive practices, it's a **dangerous and slippery slope towards totalitarianism**.
|
||||
|
||||
Citizens need to be able to express their views freely online and criticize their government and its leaders without fear of reprisal. Real-name policies (explicit and implicit) are only a tool for censorship, and there is no democracy and no freedom under government censorship.
|
||||
|
||||
Fighting against policies attacking online pseudonymity, such as real-name policies, age-verification policies, and Chat Control proposals, isn't just a banal fight to keep using silly nicknames online. It's a battle for democracy, for civil liberties, and for human rights.
|
||||
|
||||
## What you can do about real-name policies
|
||||
|
||||
- [**Choose better platforms**](https://news.elenarossini.com/my-fediverse-starter-guide) that do not require you to share your legal name and official IDs, such as [Mastodon](mastodon-privacy-and-security.md) or other platforms connected to the Fediverse.
|
||||
|
||||
- [**Inform yourself**](https://safetycrave.com/why-should-not-use-real-names-online/) on the dangers related to using legal names online, and share this information with others.
|
||||
|
||||
- [**Say no**](you-can-say-no.md) to sharing official documentation with commercial platforms when it isn't strictly required and when you can avoid it.
|
||||
|
||||
- [**Understand the difference**](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/) between privacy, security, anonymity, and pseudonymity.
|
||||
|
||||
- [**Use pseudonyms**](stay-safe-but-stay-connected.md/#practices-and-tools-that-help-in-various-contexts) on platforms where you can. Use a pseudonym persistent across platforms if you want these accounts to be linked together for trust, or use different pseudonyms to keep them separated.
|
||||
|
||||
- **Make your voice heard!** Contact your government representatives to let them know that privacy is important to you, and explain to them that pseudonymity is essential for safety, democracy, and free speech online. Complain against platforms using these invasive and exclusionary practices. Citizen action matters, and abusive policies can be reversed.
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Remember that pseudonymity isn't anonymity</p>
|
||||
|
||||
Keep in mind that only using a pseudonym isn't enough to make you anonymous online. There are many other ways to tie an identity together, such as IP addresses, [browser fingerprinting](https://www.privacyguides.org/videos/2025/09/12/what-is-browser-fingerprinting-and-how-to-stop-it/), photo comparison, facial recognition, and so on and so forth. Pseudonymity is a great practice to *improve* your privacy and safety online, but alone it does have limitations.
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,448 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-03T19:30:00Z
|
||||
categories:
|
||||
- Tutorials
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Being able to distinguish facts from marketing lies is an essential skill in today's world. Despite all the privacy washing, there are clues we can look for to help.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp
|
||||
---
|
||||
|
||||
# “We [Don't] Care About Your Privacy”
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Lilartsy / Unsplash</small>
|
||||
|
||||
They all claim "Your privacy is important to us." How can we know if that's true? With privacy washing being normalized by big tech and startups alike, it becomes increasingly difficult to evaluate who we can trust with our personal data. Fortunately, there are red (and green) flags we can look for to help us.<!-- more -->
|
||||
|
||||
If you haven't heard this term before, [privacy washing](privacy-washing-is-a-dirty-business.md) is the practice of misleadingly, or fraudulently, presenting a product, service, or organization as being trustworthy for data privacy, when in fact it isn't.
|
||||
|
||||
Privacy washing isn't a new trend, but it has become more prominent in recent years, as a strategy to gain trust from progressively more suspicious prospect customers. Unless politicians and regulators start getting much more serious and severe about protecting our privacy rights, this trend is likely to only get worse.
|
||||
|
||||
In this article, we will examine common indicators of privacy washing, and the "red" and "green" flags we should look for to make better-informed decisions and avoid deception.
|
||||
|
||||
## Spotting the red flags
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Marketing claims can be separated from facts by an abysmally large pit of lies</p></div>
|
||||
|
||||
It's important to keep in mind that it's not the most visible product that's necessarily the best. More visibility only means more marketing. <span class="pullquote-source">Marketing claims can be separated from facts by an abysmally large pit of lies</span>.
|
||||
|
||||
Being able to distinguish between facts and marketing lies is an important skill to develop, doubly so on the internet. After all, it's difficult to find a single surface of the internet that isn't covered with ads, whether in plain sight or lurking in the shadows, disguised as innocent comments and enthusiastic reviews.
|
||||
|
||||
So what can we do about it?
|
||||
|
||||
There are some signs that should be considered when evaluating a product to determine its trustworthiness. It's unfair this burden falls on us, but sadly, until we get better regulations and institutions to protect us, we will have to protect ourselves.
|
||||
|
||||
It's also important to remember that evaluating trustworthiness isn't binary, and isn't permanent. There is always at least some risk, no matter how low, and trust should always be revoked when new information justifies it.
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Examine flags collectively, and in context</p>
|
||||
|
||||
It's important to note that each red flag isn't necessarily a sign of untrustworthiness on its own (and the same is true for green flags, in reverse). But the more red flags you spot, the more suspicious you should get.
|
||||
|
||||
Taken into account *together*, these warning signs can help us estimate when it's probably reasonably safe to trust (low risk), when we should revoke our trust, or when we should refrain from trusting a product or organization entirely (high risk).
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Conflict of interest
|
||||
|
||||
Conflict of interest is one of the biggest red flag to look for. It comes in many shapes: Sponsorships, affiliate links, parent companies, donations, employments, personal relationships, and so on and so forth.
|
||||
|
||||
#### Content sponsorships and affiliate links
|
||||
|
||||
Online influencers and educators regularly receive offers to "monetize their audience with ease" if they accept to overtly or subtly advertise products within their content. If this isn't explicitly presented as advertising, then there is obviously a strong conflict of interest. The same is true for affiliate links, where creators receive a sum of money each time a visitor clicks on a link or purchase a product from this link.
|
||||
|
||||
It's understandable that content creators are seeking sources of revenue to continue doing their work. This isn't an easy job. But a trustworthy content creator should always **disclose** any potential conflicts of interest related to their content, and present paid advertising explicitly as paid advertising.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Before trusting content online, try to examine what the sources of revenue are for this content. Look for affiliate links and sponsorships, and try to evaluate if what you find might have influenced the impartiality of the content.
|
||||
|
||||
</div>
|
||||
|
||||
#### Parent companies
|
||||
|
||||
This one is harder to examine, but is extremely important. In today's corporate landscape, it's not rare to find conglomerates of corporations with a trail of ownership so long it's sometimes impossible to find the head. Nevertheless, investigating which company owns which is fundamental to detect conflicts of interest.
|
||||
|
||||
For example, the corporation [Kape Technologies](https://en.wikipedia.org/wiki/Teddy_Sagi#Kape_Technologies) is the owner of both VPN providers (ExpressVPN, CyberGhost, Private Internet Access, and Zenmate) and websites publishing [*VPN reviews*](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/). Suspiciously, their own VPN providers always get ranked at the top on their own review websites. Even if there were no explicit directive for the websites to do this, which review publisher would dare to rank negatively a product owned by its parent company, the one keeping them alive? This is a direct and obvious conflict of interest.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Look at the *Terms of Service* and *Privacy Policy* (or *Privacy Notice*) for declarations related to a parent company. This is often stated there. You can also examine an organization's *About* page, Wikipedia page, or even the official government corporate registries to find out if anyone else owns an organization.
|
||||
|
||||
</div>
|
||||
|
||||
#### Donations, event sponsorships, and other revenues
|
||||
|
||||
When money is involved, there is always a potential for conflict of interest. If an organization receives a substantial donation, grant, or loan from another, it will be difficult to remain impartial about it. Few would dare to talk negatively about a large donor.
|
||||
|
||||
This isn't necessarily a red flag in every situation of course. For example, a receiving organization could be in a position where the donor's values are aligned, or where impartiality isn't required. Nevertheless, it's something important to consider.
|
||||
|
||||
In 2016, developer and activist Aral Balkan [wrote](https://ar.al/notes/why-im-not-speaking-at-cpdp/) about how he refused an invitation to speak at a panel on Surveillance Capitalism at the [Computers, Privacy, & Data Protection Conference](http://www.cpdpconferences.org) (CPDP). The conference had accepted sponsorship from an organization completely antithetical to its stated values: [Palantir](https://www.independent.co.uk/news/world/americas/us-politics/trump-doge-palantir-data-immigration-b2761096.html).
|
||||
|
||||
Balkan wrote: "The sponsorship of privacy and human rights conferences by corporations that erode our privacy and human rights is a clear conflict of interests that we must challenge."
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them?</p></div>
|
||||
|
||||
This is a great example of how sponsors can severely compromise not only the impartiality of an organization, but also its credibility and its values. How could the talks being put forward at such a conference be selected without bias? <span class="pullquote-source">How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them?</span>
|
||||
|
||||
It's worth nothing that this year's CPDP 2025 sponsors [included](https://www.cpdpconferences.org/sponsors-partners) Google, Microsoft, TikTok, and Uber.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Examine who sponsors events and who donates to organizations. Try to evaluate if an organization or event received money from sources that could be in contradiction with its values. Does this compromise its credibility? If a sponsor or donor has conflicting values, what benefit would there be for the sponsor supporting this event or organization?
|
||||
|
||||
</div>
|
||||
|
||||
#### Employment and relationships
|
||||
|
||||
Finally, another important type of conflicts of interest to keep in mind are the relationships between the individuals producing the content and the companies or products they are reporting on.
|
||||
|
||||
For example, if a content creator is working or previously worked for an organization, and the content requires impartiality, this is a potential conflict of interest that should be openly disclosed.
|
||||
|
||||
The same can be true if this person is in a professional or personal relationship with people involved with the product. This can be difficult to detect of course, and is not categorically a sign of bias, but it's worth paying attention to it in our evaluations.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Look for disclaimers related to conflict of interest. Research the history of an organization to gain a better understanding of the people involved. Wikipedia can be a valuable resource for this.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Checkbox compliance and copy-paste policies
|
||||
|
||||
Regrettably, many organizations have no intention whatsoever to genuinely implement privacy-respectful practices, and are simply trying to get rid of these "pesky privacy regulation requirements" as cheaply and quickly as possible.
|
||||
|
||||
They treat privacy law compliance like an annoying list of annoying tasks. They think they can complete this list doing the bare *cosmetic* minimum, so that it will all *look* like it's compliant (of course, it is not).
|
||||
|
||||
A good clue this mindset might be ongoing in an organization is when it uses a very generic privacy policy and terms of service, policies that are often simply copy-pasted from another website or AI-generated (which is kind of the same thing).
|
||||
|
||||
Not only this is *extremely unlikely* to truly fulfill the requirements for privacy compliance, but it also almost certainly infringes on *copyright* laws.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If you find few details in a privacy policy that are specific to the organization, try copying one of its paragraph or long sentence in a search engine (using quotation marks around it to find the exact same entry). This will help detect where other websites are using the same policy.
|
||||
|
||||
Some might be using legitimate templates of course, but even legal usable policy templates need to be customized heavily to be compliant. Sadly, many simply copy-paste material from other organizations without permission, or use generative AI tools doing the same.
|
||||
|
||||
If the whole policy is copied without customization, it's very unlikely to describe anything true.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Meaningless privacy compliance badges
|
||||
|
||||
Many businesses and startups have started to proudly display privacy law "[compliance badges](https://www.shutterstock.com/search/compliance-badge)" on their websites, to reassure potential clients and customers.
|
||||
|
||||
While it can indeed be reassuring at first glance to see "GDPR Compliant!", "CCPA Privacy Approved", and other deceitful designs, there is no central authority verifying this systematically. At this time, anyone could decide to claim they are "GDPR Compliant" and ornate their website with a pretty badge.
|
||||
|
||||
Moreover, if this claim isn't true, this is fraudulent of course and likely to break many laws. But some businesses bet on the assumption that no one will verify or report it, or that data protection authorities simply have better things to do.
|
||||
|
||||
While most privacy regulations adopt principles similar to the European General Data Protection Regulation (GDPR) [principle of accountability](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/how-can-i-demonstrate-my-organisation-compliant-gdpr_en) (where organizations are responsible for compliance and for demonstrating compliance), organizations' assertions are rarely challenged or audited. Because most of the time there isn't anyone verifying compliance unless there's an individual complaint, organizations have grown increasingly fearless with false claims of compliance.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Never trust a claim of privacy compliance at face value, especially if it comes in the shape of a pretty website badge.
|
||||
|
||||
Examine organizations' privacy policies, contact them and ask questions, look for independent reviews, investigate to see if an organization has been reported before. Never trust a first-party source to tell you how great and compliant the first-party is.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Fake reviews
|
||||
|
||||
Fake reviews are a growing problem on the internet. And this was only aggravated by the arrival of generative AI. There are so many review websites that are simply advertising in disguise. Some fake reviews are [generated by AI](https://apnews.com/article/fake-online-reviews-generative-ai-40f5000346b1894a778434ba295a0496), some are paid for or [influenced by sponsorships and affiliate links](the-trouble-with-vpn-and-privacy-review-sites.md), some are in [conflict of interest](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) from parent companies, and many are biased in other ways. Trusting an online review today feels like trying to find the single strand of true grass through an enormous plastic haystack.
|
||||
|
||||
Genuine reviews are (were?) usually a good way to get a second opinion while shopping online and offline. Fake reviews pollute this verification mechanism by duping us in believing something comes from an independent third-party, when it doesn't.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Train yourself to spot fake reviews. There are [many signs](https://www.bbb.org/all/spot-a-scam/how-to-spot-a-fake-review) that can help with this, such as language that suspiciously uses the complete and correct product and feature brand each time, reviewers who published an unnatural quantity of reviews in a short period of time, excessively positive review, negative reviews talking about how great this *other* brand is, etc. Make sure to look for potential conflicts of interest as well.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Fake AI-generated content
|
||||
|
||||
Sadly, the internet has been infected by a new plague in recent years: AI-generated content. This was mentioned before, but truly deserves its own red flag.
|
||||
|
||||
Besides AI-generated reviews, it's important to know there are also now multiple articles, social media posts, and even entire websites that are completely AI-generated, and doubly fake. This affliction makes it even harder for readers to find genuine sources of reliable information online. [Learning to recognize this fake content](https://www.cnn.com/interactive/2023/07/business/detect-ai-text-human-writing/) is now an internet survival skill.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If you find a blog that publishes 5 articles per day from the same author every day, be suspicious. Look for publication dates, and if they are inhumanly close to each other, this can be a sign of AI-generated content.
|
||||
|
||||
When reading an article, AI-generated text will often use very generic sentences, you will rarely find the colorful writing style that is unique to an author. AI-writing is generally bland with no personality shinning through. You might also notice the writing feels circular. It will seems like it's not really saying anything specific, except for that one thing, that is repeated over and over.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Excessive self-references
|
||||
|
||||
When writing an article, review, or a product description, writers often use text links to add sources of information to support their statements, or to provide additional resources to readers.
|
||||
|
||||
When **all** the text links in an article point to the same source, you should grow suspicious. If all the seemingly external links only direct to material created from the original source, this can give the impression of supporting independent evidences, when in fact there aren't any.
|
||||
|
||||
Of course, organizations will sometimes refer back to their own material to share more of what they did with you (we certainly do!), but if an article or review *only* uses self-references, and these references also only use self-references, this could be a red flag.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Even if you do not click on links, at least hover over them to see where they lead. Usually, trustworthy sources will have at least a few links pointing to *external* third-party websites. A diversity of supporting resources is important when conducting impartial research, and should be demonstrated there whenever relevant.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Deceptive designs
|
||||
|
||||
Deceptive design can be difficult to spot. Sometimes it's obvious, like a cookie banner with a ridiculously small <small>"reject all"</small> button, or an opt-out option hidden under twenty layers of menu.
|
||||
|
||||
Most of the time however, deceptive design is well-planned to psychologically manipulate us to pick the option most favorable to the company, at the expense of our privacy. The Office of the Privacy Commissioner of Canada has produced this informative [web page](https://www.priv.gc.ca/en/privacy-topics/technology/online-privacy-tracking-cookies/online-privacy/deceptive-design/gd_dd-ind/) to help us recognize better deceptive design.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Favor tools and services that are built for privacy from the ground up, and always default to privacy first. Train yourself to spot deceptive patterns and be persistent to choose the most privacy-protective option.
|
||||
|
||||
Don't be afraid to [say no](you-can-say-no.md), to reject options and products, and to also report them when deceptive design becomes fraudulent or infringes privacy laws.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Buzzword language
|
||||
|
||||
Be suspicious of buzzword language, especially when it becomes excessive or lacks any supportive evidences. **Remember that buzzwords aren't a promise, but only marketing to get your attention.** These words don't mean anything on their own.
|
||||
|
||||
Expressions like "military-grade encryption" are usually designed to inspire trust, but there is [no such thing](https://www.howtogeek.com/445096/what-does-military-grade-encryption-mean/) that grants better privacy. Most military organizations likely use industry-standard encryption from solid and tested cryptographic algorithms, like any trustworthy organizations and privacy-preserving tools do.
|
||||
|
||||
Newer promises like "AI-powered" are completely empty, if not *scary*. Thankfully, many "AI-powered" apps aren't really AI-powered, and this is a good thing because "AI" is more often [a danger to your privacy](https://www.sciencenewstoday.org/the-dark-side-of-ai-bias-surveillance-and-control), and not an enhancement at all.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Remain skeptical of expressions like "privacy-enhancing", "privacy-first approach", "fully-encrypted", or "fully compliant" when these claims aren't supported with evidences. Fully encrypted means nothing if the encryption algorithm is weak, or if the company has access to your encryption keys.
|
||||
|
||||
When you see claims of "military-grade encryption", ask which cryptographic algorithms are used, and how encryption is implemented. Look for evidences and detailed information on technological claims. Never accept vague promises as facts.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Unverifiable and unrealistic promises
|
||||
|
||||
Along the same lines, many businesses will be happy to promise you the moon. But then, they become reluctant to explain how they will get you the moon, how they will manage to give the moon to multiple customers at once, and what will happen to the planet once they've transported the moon away from its orbit to bring it back to you on Earth... Maybe getting the moon isn't such a good promise after all.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves</p></div>
|
||||
|
||||
Similarly, <span class="pullquote-source">companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves</span>.
|
||||
|
||||
No software product is 100% secure and/or 100% private. Promises like this are unrealistic, and (fortunately for those companies) often also *unverifiable*. But an unverifiable claim shouldn't default to a trustworthy claim, quite the opposite. Trust must be earned. If a product cannot demonstrate how their claims are true, then we must remain skeptical.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Same as for buzzwords and compliance claims, never trust at face value. If there are no ways for you to verify a claim, remain skeptical and aware this promise could be empty.
|
||||
|
||||
Be especially suspicious with organizations repeating exaggerated guarantees such as 100% secure. Organizations that are knowledgeable about security and privacy will usually restrain from such binary statement, and tend to talk about risk reduction with nuanced terms like "more secure", or "more private".
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Flawed or absent process for data deletion
|
||||
|
||||
Examining an organization's processes for data deletion can reveal a lot on their privacy practices and expertise. Organizations that are knowledgeable about privacy rights will usually be prepared to respond to data deletion requests, and will already have a process in place, a process that [doesn't require providing more information](queer-dating-apps-beware-who-you-trust.md/#they-can-make-deleting-data-difficult) than they already have.
|
||||
|
||||
Be especially worried if:
|
||||
|
||||
- [ ] You don't find any mentions of data deletion in their privacy policy.
|
||||
|
||||
- [ ] From your account's settings or app, you cannot find any option to delete your account and data.
|
||||
|
||||
- [ ] The account and data deletion process uses vague terms that make it unclear if your data will be truly deleted.
|
||||
|
||||
- [ ] You cannot find an email address to contact a privacy officer in their privacy policy.
|
||||
|
||||
- [ ] The email listed in their privacy policy isn't an address dedicated to privacy.
|
||||
|
||||
- [ ] You emailed the address listed but didn't get any reply after two weeks.
|
||||
|
||||
- [ ] Their deletion process requires to fill a form demanding more information than they already have on you, or uses a privacy-invasive third-party like Google Forms.
|
||||
|
||||
- [ ] They argue with you when you ask for legitimate deletion.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If this isn't already explicitly explained in their policies (or if you do not trust their description), find the privacy contact for an organization and email them *before* using their products or services, to ask about their data deletion practices.
|
||||
|
||||
Ask in advance which information will be required from you in order to delete your data. Also ask if they keep any data afterward, and (if they do) what data they keep. Once data is shared, this could be much harder to deal with. It's best to verify data deletion processes *before* trusting an organization with our data.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: False reassurances
|
||||
|
||||
The goal of privacy washing is to reassure worried clients, consumers, users, patients, and investors into using the organization's products or services. But making us *feel* more secure doesn't always mean that we are.
|
||||
|
||||
#### Privacy theaters
|
||||
|
||||
You might have heard the term "security theater" already, but there's also "[privacy theater](https://slate.com/technology/2021/12/facebook-twitter-big-tech-privacy-sham.html)". Many large tech organizations have mastered this art for decades now. In response to criticisms about their dubious privacy practices, companies like Facebook and Google love to add seemingly "privacy-preserving" options to their software's settings, to give people the impression it's possible to use their products while preserving their privacy. But alas, it is not.
|
||||
|
||||
Unfortunately, no matter how much you "harden" your Facebook or Google account for privacy, these corporations will keep tracking everything you do on and off their platforms. Yes, enabling these options *might* very slightly reduce exposure for *some* of your data (and you should enable them if you cannot leave these platforms). However, Facebook and Google will still collect enough data on you to make them billions in profits each year, otherwise they wouldn't implement these options at all.
|
||||
|
||||
#### Misleading protections
|
||||
|
||||
The same can be said for applications that have built a reputation on a supposedly privacy-first approach like [Telegram](https://cybersecuritycue.com/telegram-data-sharing-after-ceo-arrest/) and [WhatsApp](https://insidetelecom.com/whatsapp-security-risk-alert-over-privacy-concerns/). In fact, the protections these apps offer are only partial, often poorly explained to users, and the apps still collect a large amount of data and/or metadata.
|
||||
|
||||
#### When deletion doesn't mean deletion
|
||||
|
||||
In other cases, false reassurance comes in the form of supposedly deleted data that isn't truly deleted. In 2019, Global News [reported](https://globalnews.ca/news/5463630/amazon-alexa-keeps-data-deleted-privacy/) on Amazon's Alexa virtual assistant speaker that didn't always delete voice-recorded data as promised. Google was also found [guilty](https://www.cnet.com/tech/services-and-software/google-oops-did-not-delete-street-view-data-as-promised/) of this, even after receiving an order from UK's Information Commissioner's Office.
|
||||
|
||||
This can also happen with cloud storage services that display an option to "delete" a file, when in fact the file is [simply hidden](https://www.consumersearch.com/technology/cloud-storage-privacy-concerns-learn-permanently-delete-data) from the interface, while remaining available in a bin directory or from version control.
|
||||
|
||||
How many unaware organizations might have inadvertently (or maliciously) kept deleted data by misusing their storage service and version control system? Of course, if a copy of the data is kept in backups or versioning system, then it's **not** fully deleted, and doesn't legally fulfill a data deletion requirement.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Do not simply trust a "privacy" or "opt-out" option. Look at the overall practices of an organization to establish trust. Privacy features have no value at all if we cannot trust the organization that implemented them.
|
||||
|
||||
Investigate to find an organization's history of data breaches and how they responded to it. Was this organization repeatedly fined by data protection authorities? Do not hesitate to ask questions to an organization's privacy officer about their practices. And look for independent reviews of the organization.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: New and untested technologies
|
||||
|
||||
Many software startups brag about how revolutionary their NewTechnology™ is. Some even dare to brag about a "unique" and "game-changing" novel encryption algorithm. You should not feel excited by this, you should feel *terrified*.
|
||||
|
||||
For example, any startups serious about security and privacy will know that **you should never be ["rolling your own crypto"](https://www.infosecinstitute.com/resources/cryptography/the-dangers-of-rolling-your-own-encryption/)**.
|
||||
|
||||
Cryptography is a complex discipline, and developing a robust encryption algorithm takes a lot of time and transparent testing to achieve. Usually, it is achieved with the help of an entire community of experts. Some beginners might think they had the idea of the century, but until their algorithm has been rigorously tested by hundreds of experts, this is an unfounded claim.
|
||||
|
||||
The reason most software use the same few cryptographic algorithms for encryption, and usually follow strict protocols to implement them, is because this isn't an easy task to do, and the slightest mistake could render this encryption completely useless. The same can be true for other types of technology as well.
|
||||
|
||||
Novel technologies might sound more exciting, but *proven* and *tested* technologies are usually much more reliable when it comes to privacy, and especially when it comes to encryption.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If a company brags about its new technology, investigate what information they have made available about it. Look for a document called a *White Paper*, which should describe in technical details how the technology works.
|
||||
|
||||
If the code is open source, look at the project's page and see how many people have worked on it, who is involved, since how long, etc.
|
||||
|
||||
More importantly, look for independent audits from trustworthy experts. Read the reports and verify if the organization's claims are supported by professionals in the field.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Critics from experts
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag</p></div>
|
||||
|
||||
No matter how much an organization or product claims to be "privacy-first", <span class="pullquote-source">if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag</span>.
|
||||
|
||||
If a company has been [criticized by privacy commissioners](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board), data protection authorities, privacy professionals, and consumer associations, especially if this has happened repeatedly, you should be *very* suspicious.
|
||||
|
||||
Sometimes, criticized corporations will use misleading language like "we are currently working with the commissioner", this *isn't* a good sign.
|
||||
|
||||
The marketing department will try to spin any authority audits into something that sounds favorable to the corporation, but this is only privacy washing. They would not be "working with" the privacy commissioner if they hadn't been forced to in the first place. And **they wouldn't have been forced to if they truly had privacy-respectful practices**.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Use a search engine to look for related news using keywords such as the company's name with "data breach", "fined", or "privacy".
|
||||
|
||||
Check the product's or corporation's Wikipedia page, sometimes there will be references to previous incidents and controversies listed there. Follow trustworthy sources of privacy and security news to stay informed about reported data leaks and experts raising the alarm.
|
||||
|
||||
</div>
|
||||
|
||||
## Looking for the green(ish) flags
|
||||
|
||||
Now that we have discussed some red flags to help us know when we should be careful, let's examine the signs that *can* be indicator of trustworthiness.
|
||||
|
||||
Like for red flags, green flags should always be taken into context and considered together. One, or even a few green flags (or greenish flags) aren't on their own a guarantee that an organization is trustworthy. Always remain vigilant, and be ready to revoke your trust at any time if new information warrants it.
|
||||
|
||||
### :custom-green-flag: Independent reviews
|
||||
|
||||
Independent reviews from trustworthy sources can be a valuable resource to help to determine if a product is reliable. This is never a guarantee of course, humans (even experts) can also make mistakes (less than AI, but still) and aren't immune to lies.
|
||||
|
||||
However, an impartial review conducted by an expert in the field has the benefit of someone who has likely put many hours investigating this topic, something you might understandably not always have the time to do yourself. But be careful to first evaluate if this is a genuine unbiased assessment, or simply marketing content disguised as one.
|
||||
|
||||
### :custom-green-flag: Independent audits
|
||||
|
||||
Similarly, independent audits from credible organizations are very useful to assess a product's claims. Make sure the company conducting the audit is reputable, impartial, and that you can find a copy of the audit's report they produced, ideally from a source that *isn't* the audited company's website (for example, the auditing organization might [provide](https://cure53.de/#publications) access to it transparently).
|
||||
|
||||
### :custom-green-flag: Transparency
|
||||
|
||||
Transparency helps a lot to earn trust, and source code that is publicly available helps a lot with transparency. If a piece of software publishes its code for anyone to see, this is already a significant level of transparency above any proprietary code.
|
||||
|
||||
Open source code is never a guarantee of security and privacy, but it makes it much easier to verify any organization assertions. This is almost impossible to do when code is proprietary. Because no one outside the organization can examine the code, they must be trusted on their own words entirely. Favor products with code that is transparently available whenever possible.
|
||||
|
||||
### :custom-green-flag: Verifiable claims
|
||||
|
||||
If you can easily verify an organization's claims, this is a good sign. For example, if privacy practices are explicitly detailed in policies (and match the observed behaviors), if source code is open and easy to inspect, if independent audits have confirmed the organization's claims, and if the organization is consistent with its privacy practices (in private as much as in public), this all helps to establish trust.
|
||||
|
||||
### :custom-green-flag: Well-defined policies
|
||||
|
||||
Trustworthy organizations should always have well-defined, unique, and easy to read privacy policies and terms of service. The conditions within it should also be fair. **You shouldn't have to sell your soul to 1442 marketing partners just to use a service or visit a website.**
|
||||
|
||||
Read an organization's privacy policy (or privacy notice), and make sure it includes:
|
||||
|
||||
- [x] Language unique to this organization (no copy-paste policy).
|
||||
|
||||
- [x] Disclosure of any parent companies owning this organization (if any).
|
||||
|
||||
- [x] A dedicated email address to contact for privacy-related questions and requests.
|
||||
|
||||
- [x] Detailed information on what data is collected for each activity. For example, the data collected when you use an app or are employed by an organization shouldn't be bundled together indistinctly with the data collected when you simply visit the website.
|
||||
|
||||
- [x] Clear limits on data retention periods (when the data will be automatically deleted).
|
||||
|
||||
- [x] Clear description of the process to follow in order to delete, access, or correct your personal data.
|
||||
|
||||
- [x] A list of third-party vendors used by the organization to process your information.
|
||||
|
||||
- [x] Evidences of accountability. The organization should demonstrate accountability for the data it collects, and shouldn't just transfer this responsibility to the processors it uses.
|
||||
|
||||
### :custom-green-flag: Availability
|
||||
|
||||
Verify availability. Who will you contact if a problem arises with your account, software, or data? Will you be ignored by an AI chatbot just repeating what you've already read on the company's website? Will you be able to reach out to a competent human?
|
||||
|
||||
If you contact an organization at the listed privacy-dedicated email address to ask a question, and receive a thoughtful non-AI-generated reply within a couple of weeks, this can be a good sign. If you can easily find a privacy officer email address, a company's phone number, and the location where the organization is based, this also can be encouraging signs.
|
||||
|
||||
### :custom-green-flag: Clear funding model
|
||||
|
||||
If a *free* service is provided by a *for-profit* corporation, you should investigate further. The old adage that if you do not pay for a product you are the product is sadly often true in tech, and doubly so for big tech.
|
||||
|
||||
Before using a new service, try to find what the funding model is. Maybe it's a free service run by volunteers? Maybe they have a paid tier for businesses, but remain free for individual users? Maybe they survive and thrive on donations? Or maybe everyone does pay for it (with money, not data).
|
||||
|
||||
Look for what the funding model is. If it's free, and you can't really find any details on how it's financed, this could be a red flag that your data might be used for monetization. But if the funding model is transparent, fair, and ethical, this *can* be a green flag.
|
||||
|
||||
### :custom-green-flag: Reputation history
|
||||
|
||||
Some errors are forgivable, but others are too big to let go. Look for an organization's track record to help to evaluate its reputation overtime. Check if there was any security or privacy incidents, or expert criticisms, and check how the organization responded to it.
|
||||
|
||||
If you find an organization that has always stuck to its values (integrity), is still run by the same core people in recent years (stability), seems to have a generally good reputation with others (reputability), and had few (or no) incidents in the past (reliability), this *can* be a green flag.
|
||||
|
||||
### :custom-green-flag: Expert advice
|
||||
|
||||
Seek expert advice before using a new product or service. Look online for reliable and independent sources of [recommendations](https://www.privacyguides.org/en/tools/) (like Privacy Guides!), and read thoroughly to determine if the description fits your privacy needs. No tool is perfect to protect your privacy, but experts will warn you about a tool's limitations and downsides.
|
||||
|
||||
There's also added value in community consensus. If a piece of software is repeatedly recommended by multiple experts (not websites or influencers, *experts*), then this *can* be a green flag that this tool or service is generally trusted by the community (at this point in time).
|
||||
|
||||
## Take a stand for better privacy
|
||||
|
||||
Trying to evaluate who is worthy of our trust and who isn't is an increasingly difficult task. While this burden shouldn't fall on us, there are unfortunately too few institutional protections we can rely on at the moment.
|
||||
|
||||
Until our governments finally prioritize the protection of human rights and privacy rights over corporate interests, we will have to protect ourselves. But this isn't limited to self-protection, our individual choices also matter collectively.
|
||||
|
||||
Each time we dig in to thoroughly investigate a malicious organization and expose its privacy washing, we contribute in improving safety for everyone around us.
|
||||
|
||||
Each time we report a business infringing privacy laws, talk publicly about our bad experience to get our data deleted, and more importantly refuse to participate in services and products that aren't worthy of our trust, this all helps to improve data privacy for everyone overtime.
|
||||
|
||||
Being vigilant and reporting bad practices is taking a stand for better privacy. We must all take a stand for better privacy, and expose privacy washing each time we spot it.
|
||||
@@ -6,7 +6,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
|
||||
description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs. This is worrisome, to say the least.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/sam-altman-wants-your-eyeball/orb-cover.webp
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
|
||||
description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. But this convenience is a Trojan horse.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/selling-surveillance-as-convenience/surveillance-cover.webp
|
||||
|
||||
@@ -0,0 +1,94 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-16T18:00:00Z
|
||||
categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- ptrmdn
|
||||
description: In 2020, London police failed to save two sisters in life, then violated their privacy in death. This is a call to arms for posthumous privacy rights.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-fight-for-privacy-after-death/cover.webp
|
||||
---
|
||||
# Ghosts in the Machine: The Fight for Privacy After Death
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Panyawat Auitpol / Unsplash</small>
|
||||
|
||||
In the early hours of 6 June 2020, Nicole Smallman and her sister Bibaa Henry had just finished celebrating Bibaa's birthday with friends in a park in London. Alone and in the dark, they were both [fatally and repeatedly stabbed](https://en.wikipedia.org/wiki/Murders_of_Bibaa_Henry_and_Nicole_Smallman) 36 times.<!-- more -->
|
||||
|
||||
<div class="admonition note inline end" markdown>
|
||||
<p class="admonition-title">Guest Contributor</p>
|
||||
|
||||
Please welcome Peter Marsden as a first-time guest contributor! Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
|
||||
|
||||
</div>
|
||||
|
||||
But the police didn’t just fail them in life—they failed them in death too. PC Deniz Jaffer and PC Jamie Lewis, both of the Metropolitan Police, [took selfies](https://www.theguardian.com/uk-news/2021/dec/06/two-met-police-officers-jailed-photos-murdered-sisters-deniz-jaffer-jamie-lewis-nicole-smallman-bibaa-henry) with the dead bodies of the victims, posting them on a WhatsApp group. And no privacy laws prevented them from doing so.
|
||||
|
||||
This horrific case is just one in the murky, often sinister realm of posthumous privacy. In the UK, Europe, and across the world, privacy protections for the dead are at best a rarity—and at worst, a deep moral and societal failing that we cannot and must not accept.
|
||||
|
||||
Let’s take a step back. The case of the Smallmans starkly draws attention to the denial in death of guarantees to the living.
|
||||
|
||||
<div class="admonition quote inline pullquote" markdown>
|
||||
<p class="admonition-title">This abrupt collapse in privacy rights leaves the deceased and their families <small>[...]</small> newly vulnerable, and at a time when they are already utterly broken.</p>
|
||||
</div>
|
||||
|
||||
As a *Privacy Guides* reader, you are no doubt aware that the UK and Europe have firm privacy protections in *The General Data Protection Regulation* (GDPR) and Article 8 of the *European Convention on Human Rights* (ECHR).
|
||||
|
||||
However, the picture elsewhere is less clear, with a challenging patchwork of laws and regional statutes being the only protection for those in the US and much of the rest of the world. And once you die? Almost universally, these protections [immediately cease](https://gdpr-info.eu/recitals/no-27/).
|
||||
|
||||
Here the problem begins. <span class="pullquote-source">This abrupt collapse in privacy rights leaves the deceased and their families—like the Smallman family—newly vulnerable, and at a time when they are already utterly broken.</span>
|
||||
|
||||
In the absence of law comes the pursuit of it, against a backdrop of flagrant privacy violations. What this pursuit means, in practical terms, is that two primary categories of posthumous privacy dominate legal debate: the medical, where the law has intervened tentatively, and the digital, where it simply hasn’t kept up.
|
||||
|
||||
Medical protections are tentative because of piecemeal development. Typically involving legal workarounds, they offer rare precedent for what might happen to your digital ghosts now and in the future, with the only clear trend being a reluctance to protect.
|
||||
|
||||
That said, the US is one country that has taken measures to protect the medical privacy of the dead. The *Health Insurance Portability and Accountability Act* (HIPAA) dictates that 50 years of protection must be given to your personally identifiable medical information after you die.
|
||||
|
||||
Except there’s a catch. State laws also apply, and state laws differ. In Colorado, Louisiana, and many others, its efficacy is severely challenged by laws dictating the mandatory release of information regarded as public—including autopsy reports and even [your genetic information](http://dx.doi.org.ezp.lib.cam.ac.uk/10.1177/1073110516654124).
|
||||
|
||||
In lieu of any protections, surviving relatives in Europe have found some success claiming that their own Article 8 rights—that ECHR right to privacy—have been violated through disclosures or inspections related to their deceased.
|
||||
|
||||
In one case, Leyla Polat, an Austrian national, suffered the awful death of her son just two days after birth following a cerebral hemorrhage. The family refused a postmortem examination, wanting to bury their child in accordance with Muslim beliefs; but doctors insisted it take place, covertly removing his internal organs and filling the hollows with cotton wool.
|
||||
|
||||
When this was discovered during the funeral rites, the boy had to be buried elsewhere, and without ceremony. After several court cases and appeals, The European Court of Human Rights [found](https://hudoc.echr.coe.int/rum#%7B%22itemid%22:%5B%22002-13361%22%5D%7D) that Leyla’s Article 8 and 9 rights had been violated.
|
||||
|
||||
As an aside: Stalin’s grandson [tried the same Article 8 route](https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-150568%22%5D%7D) in relation to reputational attacks on his grandfather, reflecting attempts to apply the workaround more widely.
|
||||
|
||||
It’s not that there hasn’t been some progress. The fundamental problem is that protections—already sparse—are only as good as their material and geographic scopes, their interactions with other laws, and how they are interpreted in a court.
|
||||
|
||||
Nowhere is this more apparent than in the case of the Smallman sisters. Judge Mark Lucraft KC [found](https://www.judiciary.uk/wp-content/uploads/2022/07/R-v-Jaffer-Lewis-sentencing-061221.pdf) that PCs Jaffer and Lewis, in taking selfies with the murdered victims, had:
|
||||
|
||||
> *“…wholly disregarded the privacy of the two victims of horrific violence and their families for what can only have been some cheap thrill, kudos, a kick or some form of bragging right by taking images and then passing them to others.”*
|
||||
|
||||
Yet this acknowledgement of privacy violation is precisely just that. The crime the officers committed was misconduct in public office; they were not convicted on the basis of privacy law. That sense of progress—that we might be beginning to recognize the importance of posthumous privacy—has all but gone out of the window.
|
||||
|
||||
That does not leave your digital privacy in a good place. Whatever little protection you may be able to tease out for our medical privacy far, far exceeds the control you have over your virtual ghosts. And with AI just about everywhere, the prospects for your data after death are terrifying.
|
||||
|
||||
<div class="admonition quote inline end pullquote" markdown>
|
||||
<p class="admonition-title">Account deleted or not, our ghosts will all be stuck in the machine.</p>
|
||||
</div>
|
||||
|
||||
We’ve already established that data protections for the living—such as GDPR—expire at death. The simple reality is that dying places your data at the mercy of large technology corporations, and their dubious afterlife tools.
|
||||
|
||||
Even if you trust such tools to dispose of or act on our data, there is a disconnect between demand and take-up. A [study of UK nationals](https://www.tandfonline.com/doi/full/10.1080/13600869.2025.2506164#abstract) found a majority that wanted their data deleted at death were unaware of the tools, with large tech companies unwilling to share any details on their uptake. Reassuring stuff.
|
||||
|
||||
But the reality is, you shouldn’t. You’ll recall that [deletion doesn’t usually mean deletion](https://www.privacyguides.org/en/basics/account-deletion/), and after death even GDPR can’t force big tech to delete the data of those lucky enough to have benefited from it. <span class="pullquote-source">Account deleted or not, our ghosts will all be stuck in the machine.</span>
|
||||
|
||||
Recent reports have acknowledged dire possibilities. Almost worldwide, you can [legally train AI models on the data of a deceased person](https://www.reuters.com/article/world/data-of-the-dead-virtual-immortality-exposes-holes-in-privacy-laws-idUSKBN21Z0NE/) and recreate them in digital form—all without their prior consent. Organizations exist purely to scour your social media profiles and activity for this exact purpose. Your ghost could be used to generate engagement against your will, disclosing what you tried to hide.
|
||||
|
||||
You may ask: why should the law care? Why indeed, when it deems we [cannot be harmed](https://doi.org/10.1093/acprof:oso/9780199607860.003.0003) after death. To argue thus is to miss the point. **A lack of privacy after death harms the living, often in ways others cannot see.**
|
||||
|
||||
The effect of [postmortem anxiety](https://www.tandfonline.com/doi/full/10.1080/17577632.2024.2438395#d1e120) is a real one that deeply troubles individuals wishing to keep a part of them hidden from public—or even family—view, whether it be it an [illicit affair](https://www.cardozoaelj.com/wp-content/uploads/2011/02/Edwards-Galleyed-FINAL.pdf) or whatever else. Revelation at the point of death can be just as harmful to those still alive.
|
||||
|
||||
There is cause for optimism. Article 85 of the *French Data Protection Act* allows you to include [legally enforceable demands concerning your personal data](https://www.cnil.fr/fr/la-loi-informatique-et-libertes#article85) in your will. This is truly a landmark piece of legislation by the French that indicates what the global direction of travel should be, and what we should ultimately demand: protections for the dead, by the dead.
|
||||
|
||||
But even more urgently, we must demand that governments across the world introduce even the most basic legal framework for postmortem privacy that protects you, your family, and community from egregious harm.
|
||||
|
||||
The Smallmans deserved dignity, and so does everyone else in death. The law must catch up.
|
||||
|
||||
---
|
||||
|
||||
*This article hasn’t even begun to scratch the surface of the complexity of postmortem privacy, and there are innumerable relevant cases and laws that simply wouldn’t fit. If the topic has caught your interest, and you’d like to dig in more, [this white paper](https://doi.org/10.1016/j.clsr.2022.105737) by Uta Kohl is a good starting point.*
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
|
||||
description: Privacy is intrinsically intertwined with politics. Each change in governance can have substantial effects on privacy rights and privacy tools. Using concrete examples, we examine how politics can impact the tools we use.
|
||||
schema_type: NewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-future-of-privacy/cover.webp
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- em
|
||||
description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
|
||||
description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must build a culture where everyone cares for the data of others.
|
||||
schema_type: NewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-privacy-of-others/cover.webp
|
||||
|
||||
@@ -19,7 +19,6 @@ schema_type: NewsArticle
|
||||
# Welcome to Privacy Guides
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
|
||||
|
||||
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.<!-- more -->
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our real life?
|
||||
description: If you've been on the internet for a while, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when online and offline life was much more separated than it is now. Today, can we truly keep talking about our digital life as being separated from our real life?
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/your-online-life-is-irl/irl-cover.webp
|
||||
|
||||
+5
-3
@@ -19,7 +19,7 @@ schema:
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit project with a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity. Our website is free of advertisements and not affiliated with any of the listed providers.
|
||||
|
||||
[:material-heart:{.pg-red} Make a Donation](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary }
|
||||
[:material-heart:{.pg-red} Become a Member](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary data-portal="signup" }
|
||||
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
|
||||
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
|
||||
|
||||
@@ -37,7 +37,7 @@ The best way to get individual help is from our community on Discourse. If you n
|
||||
|
||||
{ align=right }
|
||||
|
||||
Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/ematprivacyguides), and [Jordan](https://discuss.privacyguides.net/u/jordan).
|
||||
Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/em), and [Jordan](https://discuss.privacyguides.net/u/jordan).
|
||||
|
||||
[:simple-signal: Chat on Signal](https://signal.me/#eu/zg9xcrIv5w-EtXt2FmTJgfWv01LmyTed8rpr7RDv35Mizq8ISZ9NJLmYtzsxI0Z4){ .md-button }
|
||||
|
||||
@@ -130,7 +130,7 @@ Our staff are paid to contribute to supplemental content at Privacy Guides, like
|
||||
|
||||
:material-text-account: Journalist
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/ematprivacyguides)
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/em)
|
||||
|
||||
[:material-github:](https://github.com/EmAtPrivacyGuides "GitHub")
|
||||
[:material-mastodon:](https://infosec.exchange/@Em0nM4stodon "@Em0nM4stodon@infosec.exchange"){rel=me}
|
||||
@@ -182,6 +182,8 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p
|
||||
- [:simple-reddit: Reddit](https://reddit.com/r/PrivacyGuides)
|
||||
- [:simple-x: X (Twitter)](https://x.com/privacy_guides)
|
||||
- [:simple-youtube: YouTube](https://youtube.com/@privacyguides)
|
||||
- [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides)
|
||||
- [:simple-facebook: Facebook](https://www.facebook.com/PrivacyGuides.org)
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
@@ -5,8 +5,11 @@ description: The charitable mission of Privacy Guides relies on contributions fr
|
||||
<!-- markdownlint-disable MD036 -->
|
||||
Support our mission to defend digital rights and spread the word about mass surveillance programs and other daily privacy invasions. You can help Privacy Guides researchers, activists, and maintainers create informative content, host private digital services, and protect privacy rights at a time when the world needs it most.
|
||||
|
||||
[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" }
|
||||
[:material-hand-coin: Make a Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button md-button--primary" }
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" data-portal="signup" }
|
||||
|
||||
[Become a Member (Cryptocurrency)](https://donate.magicgrants.org/privacyguides/membership){ class="md-button" }
|
||||
[One-Time Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button" }
|
||||
|
||||
<small markdown>
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ title: Private Payments
|
||||
icon: material/hand-coin
|
||||
description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately.
|
||||
---
|
||||
Data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
Data about your buying habits is considered the holy grail of ad targeting: Your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
|
||||
## Cash
|
||||
|
||||
@@ -17,7 +17,7 @@ Despite the above, cash is typically the best option when available.
|
||||
|
||||
You can easily purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout in an effort to reduce fraud.
|
||||
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g. from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
|
||||
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
|
||||
|
||||
@@ -43,7 +43,7 @@ These tend to be good options for recurring/subscription payments online, while
|
||||
|
||||
## Cryptocurrency
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose.
|
||||
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
@@ -72,7 +72,7 @@ Anonymous transactions on a transparent blockchain are *theoretically* possible,
|
||||
|
||||
### Wallet Custody
|
||||
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
|
||||
### Acquisition
|
||||
|
||||
@@ -84,7 +84,7 @@ If you go this route, make sure to purchase Monero at different times and in dif
|
||||
|
||||
## Additional Considerations
|
||||
|
||||
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "The Best Android Operating Systems - Privacy Guides"
|
||||
title: "Alternative Distributions"
|
||||
title: Alternative Distributions
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
schema:
|
||||
-
|
||||
@@ -47,15 +47,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
|
||||
|
||||
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
|
||||
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
|
||||
|
||||
</div>
|
||||
|
||||
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
|
||||
|
||||
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
|
||||
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
|
||||
|
||||
GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
|
||||
|
||||
### Connectivity Checks
|
||||
|
||||
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 61 KiB After Width: | Height: | Size: 55 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 50 KiB After Width: | Height: | Size: 53 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 58 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 69 KiB After Width: | Height: | Size: 57 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 64 KiB After Width: | Height: | Size: 47 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 52 KiB After Width: | Height: | Size: 46 KiB |
@@ -1,9 +1,9 @@
|
||||
---
|
||||
title: "Account Deletion"
|
||||
icon: 'material/account-remove'
|
||||
description: It's easy to accumulate a large number of internet accounts, here are some tips on how to prune your collection.
|
||||
title: Account Deletion
|
||||
icon: material/account-remove
|
||||
description: It's easy to accumulate a large number of internet accounts. Here are some tips on how to prune your collection.
|
||||
---
|
||||
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach is when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://deceptive.design), for the betterment of your online presence.
|
||||
Over time, it can be easy to accumulate a number of online accounts, many of which you may no longer use. Deleting these unused accounts is an important step in reclaiming your privacy, as dormant accounts are vulnerable to data breaches. A data breach occurs when a service's security is compromised and protected information is viewed, transmitted, or stolen by unauthorized actors. Data breaches are unfortunately all [too common](https://haveibeenpwned.com/PwnedWebsites) these days, and so practicing good digital hygiene is the best way to minimize the impact they have on your life. The goal of this guide then is to help navigate you through the irksome process of account deletion, often made difficult by [deceptive design](https://deceptive.design), for the betterment of your online presence.
|
||||
|
||||
## Finding Old Accounts
|
||||
|
||||
@@ -15,15 +15,13 @@ If you have a password manager that you've used for your entire digital life, th
|
||||
|
||||
</figure>
|
||||
|
||||
Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser or your phone without even realizing it. For example: [Firefox Password Manager](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Google Password Manager](https://passwords.google.com/intro)
|
||||
and [Edge Password Manager](https://support.microsoft.com/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336).
|
||||
Even if you haven't explicitly used a password manager before, there's a chance you've used the one in your browser ([Firefox](https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins), [Chrome](https://passwords.google.com/intro), [Edge](https://support.microsoft.com/microsoft-edge/save-or-forget-passwords-in-microsoft-edge-b4beecb0-f2a8-1ca0-f26f-9ec247a3f336)) or your phone ([Google](https://passwords.google.com/intro) on stock Android, [Passwords](https://support.apple.com/HT211146) on iOS) without even realizing it.
|
||||
|
||||
Desktop platforms also often have a password manager which may help you recover passwords you've forgotten about:
|
||||
|
||||
- Windows [Credential Manager](https://support.microsoft.com/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
|
||||
- macOS [Passwords](https://support.apple.com/HT211145)
|
||||
- iOS [Passwords](https://support.apple.com/HT211146)
|
||||
- Linux, Gnome Keyring, which can be accessed through [Seahorse](https://wiki.gnome.org/Apps/Seahorse) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)
|
||||
- Windows: [Credential Manager](https://support.microsoft.com/windows/accessing-credential-manager-1b5c916a-6a16-889f-8581-fc16e8165ac0)
|
||||
- macOS: [Passwords](https://support.apple.com/HT211145)
|
||||
- Linux: Gnome Keyring (accessed through [Seahorse](https://gitlab.gnome.org/GNOME/seahorse#seahorse)) or [KDE Wallet Manager](https://userbase.kde.org/KDE_Wallet_Manager)
|
||||
|
||||
### Email
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ There is another standard which is popular with business called [S/MIME](https:/
|
||||
|
||||
The [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD) standard allows email clients to discover the OpenPGP key for other mailboxes, even those hosted on a different provider. Email clients which support WKD will ask the recipient's server for a key based on the email address' domain name. For example, if you emailed `jonah@privacyguides.org`, your email client would ask `privacyguides.org` for Jonah's OpenPGP key, and if `privacyguides.org` has a key for that account, your message would be automatically encrypted.
|
||||
|
||||
In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox.org, they can publish your OpenPGP key on their domain for you.
|
||||
In addition to the [email clients we recommend](../email-clients.md) which support WKD, some webmail providers also support WKD. Whether *your own* key is published to WKD for others to use depends on your domain configuration. If you use an [email provider](../email.md#openpgp-compatible-services) which supports WKD, such as Proton Mail or Mailbox Mail, they can publish your OpenPGP key on their domain for you.
|
||||
|
||||
If you use your own custom domain, you will need to configure WKD separately. If you control your domain name, you can set up WKD regardless of your email provider. One easy way to do this is to use the "[WKD as a Service](https://keys.openpgp.org/about/usage#wkd-as-a-service)" feature from the `keys.openpgp.org` server: Set a CNAME record on the `openpgpkey` subdomain of your domain pointed to `wkd.keys.openpgp.org`, then upload your key to [keys.openpgp.org](https://keys.openpgp.org). Alternatively, you can [self-host WKD on your own web server](https://wiki.gnupg.org/WKDHosting).
|
||||
|
||||
|
||||
@@ -110,6 +110,12 @@ The best way to prevent a targeted attack against you before a device is in your
|
||||
|
||||
Make sure your device supports secure boot/verified boot, and you have it enabled. Try to avoid leaving your device unattended whenever possible.
|
||||
|
||||
### Kensington Locks
|
||||
|
||||
Many laptops come equipped with a [Kensington slot](https://www.kensington.com/solutions/product-category/security/?srsltid=AfmBOorQOlRnqRJOAqM-Mvl7wumed0wBdiOgktlvdidpMHNIvGfwj9VI) that can be used to secure your device with a **metal cable** that locks into the slot on your machine. These locks can be combination locks or keyed.
|
||||
|
||||
As with all locks, Kensington locks are vulnerable to [physical attacks](https://youtu.be/vgvCxL7dMJk) so you should mainly use them to deter petty theft. You can secure your laptop at home or even when you're out in public using a table leg or something that won't move easily.
|
||||
|
||||
## Secure your Network
|
||||
|
||||
### Compartmentalization
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
title: "Multifactor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
title: Multifactor Authentication
|
||||
icon: material/two-factor-authentication
|
||||
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
|
||||
---
|
||||
**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
@@ -63,7 +63,7 @@ If your threat model requires you to have different identities on different webs
|
||||
|
||||
#### FIDO (Fast IDentity Online)
|
||||
|
||||
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
||||
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
||||
|
||||
U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
|
||||
|
||||
|
||||
@@ -70,6 +70,8 @@ uBlock Origin also has a "Lite" version of their extension, which offers a very
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googlechrome: Chrome](https://chrome.google.com/webstore/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh)
|
||||
- [:fontawesome-brands-edge: Edge](https://microsoftedge.microsoft.com/addons/detail/cimighlppcgcoapaliogpjjdehbnofhn)
|
||||
- [:simple-safari: Safari](https://apps.apple.com/app/id6745342698)
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
+3
-3
@@ -50,14 +50,14 @@ Multiple calendars and extended sharing functionality are limited to paid subscr
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Proton Calendar** is an encrypted calendar service available to Proton members via web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).
|
||||
**Proton Calendar** is an encrypted calendar service available to Proton members via its web or mobile clients. Features include automatic E2EE of all data, sharing features, import/export functionality, and [more](https://proton.me/support/proton-calendar-guide).
|
||||
|
||||
Those on the free tier have access to 3 calendars, whereas paid subscribers can create up to 25 calendars. Extended sharing functionality is also limited to paid subscribers.
|
||||
|
||||
[:octicons-home-16: Homepage](https://proton.me/calendar){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://proton.me/calendar/privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://proton.me/support/calendar){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="Source Code" }
|
||||
[:octicons-code-16:](https://github.com/orgs/ProtonMail/repositories?q=calendar){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
@@ -70,7 +70,7 @@ Those on the free tier have access to 3 calendars, whereas paid subscribers can
|
||||
|
||||
</div>
|
||||
|
||||
Unfortunately, as of August 2024 Proton has [still](https://discuss.privacyguides.net/t/proton-calendar-is-not-open-source-mobile/14656/8) not released the source code for their mobile Calendar app on Android or iOS, and only the former has been [audited](https://proton.me/blog/security-audit-all-proton-apps). Proton Calendar's web client is open source, however, and has been [audited](https://proton.me/community/open-source).
|
||||
In 2021, Securitum [audited](https://proton.me/community/open-source#:~:text=Proton%20Calendar) Proton Calendar's web client and provided a [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639870/wp-pme/letter-of-attestation-proton-calendar-20211109_3138998f9b/letter-of-attestation-proton-calendar-20211109_3138998f9b.pdf) for the Android app.
|
||||
|
||||
## Criteria
|
||||
|
||||
|
||||
+9
-9
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "The Best Private and Secure Cloud Storage Providers - Privacy Guides"
|
||||
title: "Cloud Storage"
|
||||
title: Cloud Storage
|
||||
icon: material/file-cloud
|
||||
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
|
||||
cover: cloud.webp
|
||||
@@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into using encr
|
||||
<details class="admonition info" markdown>
|
||||
<summary>Looking for Nextcloud?</summary>
|
||||
|
||||
Nextcloud is [still a recommended tool](document-collaboration.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
|
||||
For more technical readers, Nextcloud is [still a recommended tool](self-hosting/file-management.md#nextcloud) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
|
||||
|
||||
</details>
|
||||
|
||||
@@ -97,7 +97,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private.
|
||||
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view, and edit their photos, videos, documents, etc.
|
||||
|
||||
Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private. It is also [self-hostable](https://book.peergos.org/features/self).
|
||||
|
||||
[:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
|
||||
@@ -110,9 +112,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=peergos.android)
|
||||
- [:simple-github: GitHub](https://github.com/Peergos/web-ui/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/Peergos/web-ui/releases)
|
||||
- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
|
||||
- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://peergos.org/download#windows)
|
||||
- [:simple-apple: macOS](https://peergos.org/download#macos)
|
||||
- [:simple-linux: Linux](https://peergos.org/download#linux)
|
||||
- [:octicons-browser-16: Web](https://peergos.net)
|
||||
|
||||
</details>
|
||||
@@ -121,9 +123,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
||||
|
||||
Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
|
||||
|
||||
Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
|
||||
|
||||
Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
|
||||
The client, server, and command line interface for Peergos all run from the same binary. Additionally, Peergos includes a [sync engine](https://book.peergos.org/features/sync) (accessible via the native apps) for bi-directionally synchronizing a local folder with a Peergos folder, and a [webdav bridge](https://book.peergos.org/features/webdav) to allow other applications to access your Peergos storage. You can refer to Peergos's documentation for a full overview of their numerous features.
|
||||
|
||||
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ You should search for your information on these sites first, and submit an opt-o
|
||||
- Dataveria ([Search](https://dataveria.com), [Opt-Out](https://dataveria.com/ng/control/privacy))
|
||||
- InfoTracer ([Search](https://infotracer.com), [Opt-Out](https://infotracer.com/optout))
|
||||
- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
|
||||
- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout))
|
||||
- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
|
||||
- PublicDataUSA ([Search](https://publicdatausa.com), [Opt-Out](https://publicdatausa.com/remove.php))
|
||||
- Radaris ([Search](https://radaris.com), [Opt-Out](https://radaris.com/page/how-to-remove))
|
||||
- Spokeo ([Search](https://spokeo.com/search), [Opt-Out](https://spokeo.com/optout))
|
||||
@@ -84,7 +84,7 @@ Our [testing](https://www.privacyguides.org/articles/2025/02/03/easyoptouts-revi
|
||||
EasyOptOuts does not cover the following sites we consider to be "high priority," so you should still manually opt-out of:
|
||||
|
||||
- Intelius ([Search](https://intelius.com), [Opt-Out](https://suppression.peopleconnect.us/login))
|
||||
- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/optout))
|
||||
- PeekYou ([Search](https://peekyou.com), [Opt-Out](https://peekyou.com/about/contact/ccpa_optout/do_not_sell))
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
@@ -24,19 +24,19 @@ You should **never** use blur to redact [text in images](https://bishopfox.com/b
|
||||
|
||||
{ align=right }
|
||||
|
||||
**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://0xacab.org/jvoisin/mat2/-/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
|
||||
**MAT2** is free, cross-platform software which allows you to remove metadata from image, audio, torrent, and document file types. It provides both a command line tool and a graphical user interface via an extension for [Dolphin](https://github.com/jvoisin/mat2/tree/master/dolphin), the default file manager of [KDE](https://kde.org).
|
||||
|
||||
[:octicons-repo-16: Repository](https://0xacab.org/jvoisin/mat2){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://0xacab.org/jvoisin/mat2/-/blob/master/README.md){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://0xacab.org/jvoisin/mat2){ .card-link title="Source Code" }
|
||||
[:octicons-repo-16: Repository](https://github.com/jvoisin/mat2#readme){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://github.com/jvoisin/mat2#how-to-use-mat2){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/jvoisin/mat2){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2#metadata-and-privacy)
|
||||
- [:simple-apple: macOS](https://0xacab.org/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
|
||||
- [:fontawesome-brands-windows: Windows](https://pypi.org/project/mat2)
|
||||
- [:simple-apple: macOS](https://github.com/jvoisin/mat2#requirements-setup-on-macos-os-x-using-homebrew)
|
||||
- [:simple-linux: Linux](https://pypi.org/project/mat2)
|
||||
- [:octicons-globe-16: Web](https://0xacab.org/jvoisin/mat2#web-interface)
|
||||
- [:octicons-browser-16: Web](https://github.com/jvoisin/mat2#web-interface)
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "Privacy Respecting Web Browsers for PC and Mac - Privacy Guides"
|
||||
title: "Desktop Browsers"
|
||||
title: Desktop Browsers
|
||||
icon: material/laptop
|
||||
description: These privacy-protecting browsers are what we currently recommend for standard/non-anonymous internet browsing on desktop systems.
|
||||
cover: desktop-browsers.webp
|
||||
@@ -96,11 +96,11 @@ Modifications other than adjusting this setting would make your fingerprint uniq
|
||||
|
||||
### Anti-Fingerprinting
|
||||
|
||||
**Without** using a [VPN](vpn.md), Mullvad Browser provides the same protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) as other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
|
||||
**Without** using a [VPN](vpn.md), Mullvad Browser provides protections against [naive fingerprinting scripts](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) similar to other private browsers like Firefox+[Arkenfox](#arkenfox-advanced) or [Brave](#brave). Mullvad Browser provides these protections out of the box, at the expense of some flexibility and convenience that other private browsers can provide.
|
||||
|
||||
==For the strongest anti-fingerprinting protection, we recommend using Mullvad Browser in conjunction **with** a VPN==, whether that is Mullvad or another recommended VPN provider. When using a VPN with Mullvad Browser, you will share a fingerprint and a pool of IP addresses with many other users, giving you a "crowd" to blend in with. This strategy is the only way to thwart advanced tracking scripts, and is the same anti-fingerprinting technique used by Tor Browser.
|
||||
|
||||
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers, particularly this close to the launch of Mullvad Browser. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
|
||||
Note that while you can use Mullvad Browser with any VPN provider, other people on that VPN must also be using Mullvad Browser for this "crowd" to exist, something which is more likely on Mullvad VPN compared to other providers. Mullvad Browser does not have built-in VPN connectivity, nor does it check whether you are using a VPN before browsing; your VPN connection has to be configured and managed separately.
|
||||
|
||||
Mullvad Browser comes with the *uBlock Origin* and *NoScript* browser extensions pre-installed. While we typically discourage adding *additional* [browser extensions](browser-extensions.md), these extensions that come pre-installed with the browser should **not** be removed or configured outside their default values, because doing so would noticeably make your browser fingerprint distinct from other Mullvad Browser users. It also comes pre-installed with the Mullvad Browser Extension, which *can* be safely removed without impacting your browser fingerprint if you would like, but is also safe to keep even if you don't use Mullvad VPN.
|
||||
|
||||
@@ -110,12 +110,6 @@ Mullvad Browser operates in permanent private browsing mode, meaning your histor
|
||||
|
||||
This is required to prevent advanced forms of tracking, but does come at the cost of convenience and some Firefox features, such as Multi-Account Containers. Remember you can always use multiple browsers, for example, you could consider using Firefox+Arkenfox for a few sites that you want to stay logged in on or otherwise don't work properly in Mullvad Browser, and Mullvad Browser for general browsing.
|
||||
|
||||
### Mullvad Leta
|
||||
|
||||
Mullvad Browser comes with [**Mullvad Leta**](https://leta.mullvad.net) as the default search engine, which functions as a proxy to either Google or Brave search results (configurable on the Mullvad Leta homepage).
|
||||
|
||||
If you are a Mullvad VPN user, there is some risk in using services like Mullvad Leta which are offered by your VPN provider themselves. This is because Mullvad theoretically has access to your true IP address (via their VPN) and your search activity (via Leta), which is information a VPN is typically intended to separate. Even though Mullvad collects very little information about their VPN subscribers or Leta users, you should consider a different [search engine](search-engines.md) if this risk concerns you.
|
||||
|
||||
## Firefox
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
@@ -228,7 +222,7 @@ Max Protection enforces the use of DNS over HTTPS, and a security warning will s
|
||||
<div class="admonition tip" markdown>
|
||||
<p class="admonition-title">Use Mullvad Browser for advanced anti-fingerprinting</p>
|
||||
|
||||
[Mullvad Browser](#mullvad-browser) provides the same anti-fingerprinting protections as Arkenfox out of the box, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Arkenfox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
|
||||
[Mullvad Browser](#mullvad-browser) provides stronger anti-fingerprinting protections out of the box than Firefox, and does not require the use of Mullvad's VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Firefox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
|
||||
|
||||
</div>
|
||||
|
||||
@@ -309,7 +303,7 @@ Brave allows you to select additional content filters within the internal `brave
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- [x] Select **Don't allow sites to use the V8 optimizer** under *Security* → *Manage V8 security* (1)
|
||||
- [x] Select **Don’t allow sites to use JavaScript optimization** under *Security* → *Manage JavaScript optimization & security* (1)
|
||||
- [x] Select **Automatically remove permissions from unused sites** under *Sites and Shields Settings*
|
||||
- [x] Select **Disable non-proxied UDP** under [*WebRTC IP Handling Policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc)
|
||||
- [ ] Uncheck **Use Google services for push messaging**
|
||||
|
||||
+14
-58
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: "DNS Resolvers"
|
||||
title: DNS Resolvers
|
||||
icon: material/dns
|
||||
description: We recommend choosing these encrypted DNS providers to replace your ISP's default configuration.
|
||||
cover: dns.webp
|
||||
@@ -10,7 +10,7 @@ global:
|
||||
|
||||
- [:material-account-cash: Surveillance Capitalism](basics/common-threats.md#surveillance-as-a-business-model){ .pg-brown }
|
||||
|
||||
Encrypted DNS with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
Encrypted **DNS** with third-party servers should only be used to get around basic [DNS blocking](https://en.wikipedia.org/wiki/DNS_blocking) when you can be sure there won't be any consequences. Encrypted DNS will not help you hide any of your browsing activity.
|
||||
|
||||
[Learn more about DNS :material-arrow-right-drop-circle:](advanced/dns-overview.md){ .md-button }
|
||||
|
||||
@@ -20,12 +20,11 @@ These are our favorite public DNS resolvers based on their privacy and security
|
||||
|
||||
| DNS Provider | Protocols | Logging / Privacy Policy | [ECS](advanced/dns-overview.md#what-is-edns-client-subnet-ecs) | Filtering | Signed Apple Profile |
|
||||
|---|---|---|---|---|---|
|
||||
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardDNS) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
|
||||
| [**AdGuard Public DNS**](https://adguard-dns.io/en/public-dns.html) | Cleartext <br>DoH/3 <br>DoT <br>DoQ <br>DNSCrypt | Anonymized[^1] | Anonymized | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/AdguardTeam/AdGuardSDNSFilter) | Yes [:octicons-link-external-24:](https://adguard-dns.io/en/blog/encrypted-dns-ios-14.html) |
|
||||
| [**Cloudflare**](https://developers.cloudflare.com/1.1.1.1/setup) | Cleartext <br>DoH/3 <br>DoT | Anonymized[^2] | No | Based on server choice. | No [:octicons-link-external-24:](https://community.cloudflare.com/t/requesting-1-1-1-1-signed-profiles-for-apple/571846) |
|
||||
| [**Control D Free DNS**](https://controld.com/free-dns) | Cleartext <br>DoH/3 <br>DoT <br>DoQ | No[^3] | No | Based on server choice. | Yes <br>[:simple-apple: iOS](https://docs.controld.com/docs/ios-platform) <br>[:material-apple-finder: macOS](https://docs.controld.com/docs/macos-platform#manual-setup-profile) |
|
||||
| [**DNS0.eu**](https://dns0.eu) | Cleartext <br>DoH/3 <br>DoH <br>DoT <br>DoQ | Anonymized[^4] | Anonymized | Based on server choice. | Yes [:octicons-link-external-24:](https://dns0.eu/zero.dns0.eu.mobileconfig) |
|
||||
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^5] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
|
||||
| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^6] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
|
||||
| [**Mullvad**](https://mullvad.net/en/help/dns-over-https-and-dns-over-tls) | DoH <br>DoT | No[^4] | No | Based on server choice. Filter list being used can be found here. [:octicons-link-external-24:](https://github.com/mullvad/dns-adblock) | Yes [:octicons-link-external-24:](https://github.com/mullvad/encrypted-dns-profiles) |
|
||||
| [**Quad9**](https://quad9.net) | Cleartext <br>DoH <br>DoT <br>DNSCrypt | Anonymized[^5] | Optional | Based on server choice. Malware blocking is included by default. | Yes <br>[:simple-apple: iOS](https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)) <br>[:material-apple-finder: macOS](https://docs.quad9.net/Setup_Guides/MacOS/Big_Sur_and_later_(Encrypted)) |
|
||||
|
||||
[^1]:
|
||||
AdGuard stores aggregated performance metrics of their DNS servers, namely the number of complete requests to a particular server, the number of blocked requests, and the speed of processing requests. They also keep and store the database of domains requested within the last 24 hours.
|
||||
@@ -42,64 +41,17 @@ These are our favorite public DNS resolvers based on their privacy and security
|
||||
|
||||
Control D: [*Privacy Policy*](https://controld.com/privacy)
|
||||
[^4]:
|
||||
DNS0.eu collects some data for their threat intelligence feeds to monitor for newly registered/observed/active domains and other bulk data. That data is shared with some [partners](https://docs.dns0.eu/data-feeds/introduction) for e.g. security research. They do not collect any personally identifiable information.
|
||||
|
||||
DNS0.eu: [*Privacy Policy*](https://dns0.eu/privacy)
|
||||
[^5]:
|
||||
Mullvad's DNS service is available to both subscribers and non-subscribers of Mullvad VPN. Their privacy policy explicitly claims they do not log DNS requests in any way.
|
||||
|
||||
Mullvad: [*No-logging of user activity policy*](https://mullvad.net/en/help/no-logging-data-policy)
|
||||
[^6]:
|
||||
[^5]:
|
||||
Quad9 collects some data for the purposes of threat monitoring and response. That data may then be remixed and shared for purposes like furthering their security research. Quad9 does not collect or record IP addresses or other data they deem personally identifiable.
|
||||
|
||||
Quad9: [*Data and Privacy Policy*](https://quad9.net/privacy/policy)
|
||||
|
||||
## Self-Hosted DNS Filtering
|
||||
|
||||
A self-hosted DNS solution is useful for providing filtering on controlled platforms, such as Smart TVs and other IoT devices, as no client-side software is needed.
|
||||
|
||||
### Pi-hole
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Pi-hole** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
|
||||
|
||||
Pi-hole is designed to be hosted on a Raspberry Pi, but it is not limited to such hardware. The software features a friendly web interface to view insights and manage blocked content.
|
||||
|
||||
[:octicons-home-16: Homepage](https://pi-hole.net){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://pi-hole.net/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.pi-hole.net){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/pi-hole/pi-hole){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://pi-hole.net/donate){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### AdGuard Home
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**AdGuard Home** is an open-source [DNS-sinkhole](https://en.wikipedia.org/wiki/DNS_sinkhole) which uses [DNS filtering](https://cloudflare.com/learning/access-management/what-is-dns-filtering) to block unwanted web content, such as advertisements.
|
||||
|
||||
AdGuard Home features a polished web interface to view insights and manage blocked content.
|
||||
|
||||
[:octicons-home-16: Homepage](https://adguard.com/adguard-home/overview.html){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://adguard.com/privacy/home.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/AdguardTeam/AdGuardHome/wiki){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/AdguardTeam/AdGuardHome){ .card-link title="Source Code" }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
## Cloud-Based DNS Filtering
|
||||
|
||||
These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs, similarly to a Pi-hole. These services are usually easier to set up and configure than self-hosted services like the ones above, and can be used more easily across multiple networks (self-hosted solutions are typically restricted to your home/local network unless you set up a more advanced configuration).
|
||||
These DNS filtering solutions offer a web dashboard where you can customize the block lists to your exact needs. These services can be used easily across multiple networks.
|
||||
|
||||
### Control D
|
||||
|
||||
@@ -107,7 +59,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
|
||||
**Control D** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
|
||||
|
||||
In addition to their paid plans, they offer a number of preconfigured DNS resolvers you can use for free.
|
||||
|
||||
[:octicons-home-16: Homepage](https://controld.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://controld.com/privacy){ .card-link title="Privacy Policy" }
|
||||
@@ -134,7 +88,9 @@ These DNS filtering solutions offer a web dashboard where you can customize the
|
||||
|
||||
{ align=right }
|
||||
|
||||
**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level. They offer a fully functional free plan for limited use.
|
||||
**NextDNS** is a customizable DNS service which lets you block security threats, unwanted content, and advertisements on a DNS level.
|
||||
|
||||
They offer a fully functional free plan for limited use.
|
||||
|
||||
[:octicons-home-16: Homepage](https://nextdns.io){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://nextdns.io/privacy){ .card-link title="Privacy Policy" }
|
||||
@@ -234,5 +190,5 @@ All DNS products...
|
||||
Additionally, all public providers...
|
||||
|
||||
- Must not log any personal data to disk.
|
||||
- As noted in the footnotes, some providers collect query information for purposes like security research, but in that case the data must not be associated with any PII such as IP address, etc.
|
||||
- As noted in the footnotes, some providers collect query information for purposes like security research, but in such cases, the data must not be associated with any PII such as IP address, etc.
|
||||
- Should support [anycast](https://en.wikipedia.org/wiki/Anycast) or geo-steering.
|
||||
|
||||
@@ -1,77 +1,41 @@
|
||||
---
|
||||
title: "Document Collaboration"
|
||||
title: Document Collaboration
|
||||
icon: material/account-group
|
||||
description: Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do.
|
||||
description: Most online office suites do not support end-to-end encryption, meaning the cloud provider has access to everything you do.
|
||||
cover: document-collaboration.webp
|
||||
---
|
||||
<small>Protects against the following threat(s):</small>
|
||||
|
||||
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
|
||||
|
||||
Most online office suites do not support E2EE, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
|
||||
Most online **document collaboration** platforms like Google Drive do not support end-to-end encryption, meaning the cloud provider has access to everything you do. The provider's privacy policy may legally protect your rights, but it does not provide technical access constraints.
|
||||
|
||||
## Collaboration Platforms
|
||||
|
||||
### Nextcloud
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
|
||||
|
||||
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
|
||||
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
|
||||
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. For this reason, we don't recommend third-party Nextcloud providers.
|
||||
|
||||
</div>
|
||||
|
||||
### CryptPad
|
||||
## CryptPad
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CryptPad** is a private-by-design alternative to popular office tools. All content on this web service is end-to-end encrypted and can be shared with other users easily. [:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
|
||||
**CryptPad** is a private-by-design alternative to popular, full-fledged office suites. All content on this web service is E2EE and can be shared with other users easily.
|
||||
|
||||
[:material-star-box: Read our latest CryptPad review.](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review)
|
||||
|
||||
[:octicons-home-16: Homepage](https://cryptpad.fr){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://cryptpad.fr/pad/#/2/pad/view/GcNjAWmK6YDB3EO2IipRZ0fUe89j43Ryqeb4fjkjehE){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title=Documentation}
|
||||
[:octicons-server-16:](https://cryptpad.org/instances){ .card-link title="Public Instances" }
|
||||
[:octicons-info-16:](https://docs.cryptpad.fr){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/xwiki-labs/cryptpad){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title=Contribute }
|
||||
[:octicons-heart-16:](https://opencollective.com/cryptpad){ .card-link title="Contribute" }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
### Criteria
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
#### Minimum Requirements
|
||||
|
||||
In general, we define collaboration platforms as full-fledged suites which could reasonably act as a replacement to Google Drive.
|
||||
### Minimum Requirements
|
||||
|
||||
- Must be open source.
|
||||
- Must make files accessible via WebDAV unless it is impossible due to E2EE.
|
||||
@@ -80,7 +44,7 @@ In general, we define collaboration platforms as full-fledged suites which could
|
||||
- Must support real-time document collaboration.
|
||||
- Must support exporting documents to standard document formats (e.g. ODF).
|
||||
|
||||
#### Best-Case
|
||||
### Best-Case
|
||||
|
||||
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
|
||||
|
||||
|
||||
@@ -140,11 +140,11 @@ Apple Mail has the ability to load remote content in the background or block it
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Evolution** is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive [documentation](https://help.gnome.org/users/evolution/stable) to help you get started.
|
||||
**Evolution** is a personal information management application that provides integrated mail, calendaring, and address book functionality. Evolution has extensive [documentation](https://gnome.pages.gitlab.gnome.org/evolution/help) to help you get started.
|
||||
|
||||
[:octicons-home-16: Homepage](https://wiki.gnome.org/Apps/Evolution){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://wiki.gnome.org/Apps/Evolution/PrivacyPolicy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://help.gnome.org/users/evolution/stable){ .card-link title="Documentation" }
|
||||
[:octicons-home-16: Homepage](https://gitlab.gnome.org/GNOME/evolution/-/wikis/home){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://gitlab.gnome.org/GNOME/evolution/-/wikis/Privacy-Policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://gnome.pages.gitlab.gnome.org/evolution/help){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://gitlab.gnome.org/GNOME/evolution){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://gnome.org/donate){ .card-link title="Contribute" }
|
||||
|
||||
|
||||
+40
-26
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "Encrypted Private Email Recommendations - Privacy Guides"
|
||||
title: "Email Services"
|
||||
title: Email Services
|
||||
icon: material/email
|
||||
description: These email providers offer a great place to store your emails securely, and many offer interoperable OpenPGP encryption with other providers.
|
||||
cover: email.webp
|
||||
@@ -21,9 +21,9 @@ For everything else, we recommend a variety of email providers based on sustaina
|
||||
|
||||
| Provider | OpenPGP / WKD | IMAP / SMTP | Zero-Access Encryption | Anonymous Payment Methods |
|
||||
|---|---|---|---|---|
|
||||
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash |
|
||||
| [Mailbox.org](#mailboxorg) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
|
||||
| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero <br>Cash via third party |
|
||||
| [Proton Mail](#proton-mail) | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Paid plans only | :material-check:{ .pg-green } | Cash <br>Monero via third party |
|
||||
| [Mailbox Mail](#mailbox-mail) | :material-check:{ .pg-green } | :material-check:{ .pg-green } | :material-information-outline:{ .pg-blue } Mail only | Cash |
|
||||
| [Tuta](#tuta) | :material-alert-outline:{ .pg-orange } | :material-alert-outline:{ .pg-orange } | :material-check:{ .pg-green } | Monero via third party <br>Cash via third party |
|
||||
|
||||
In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated [email aliasing service](email-aliasing.md#recommended-providers) to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.
|
||||
|
||||
@@ -31,12 +31,12 @@ In addition to (or instead of) an email provider recommended here, you may wish
|
||||
|
||||
## OpenPGP Compatible Services
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
These providers natively support OpenPGP encryption/decryption and the [Web Key Directory (WKD) standard](basics/email-security.md#what-is-the-web-key-directory-standard), allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- { .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
- { .twemoji } [Proton Mail](#proton-mail)
|
||||
- { .twemoji } [Mailbox Mail](#mailbox-mail)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -82,11 +82,25 @@ The Proton Free plan comes with 500 MB of Mail storage, which you can increase u
|
||||
|
||||
</div>
|
||||
|
||||
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) (e.g., Thunderbird). Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. If you have the Proton Unlimited plan or any multi-user Proton plan, you also get [SimpleLogin](email-aliasing.md#simplelogin) Premium for free.
|
||||
Free accounts have some limitations, such as not being able to search body text and not having access to [Proton Mail Bridge](https://proton.me/mail/bridge), which is required to use a [recommended desktop email client](email-clients.md) such as Thunderbird. Paid accounts include features like Proton Mail Bridge, additional storage, and custom domain support. The Proton Unlimited plan or any multi-user Proton plan includes access to [SimpleLogin](email-aliasing.md#simplelogin) Premium.
|
||||
|
||||
A [letter of attestation](https://proton.me/blog/security-audit-all-proton-apps) was provided for Proton Mail's apps on 9th November 2021 by [Securitum](https://research.securitum.com).
|
||||
A [letter of attestation](https://res.cloudinary.com/dbulfrlrz/images/v1714639878/wp-pme/letter-of-attestation-proton-mail-20211109_3138714c61/letter-of-attestation-proton-mail-20211109_3138714c61.pdf) was provided for Proton Mail's apps in November 2021 by [Securitum](https://research.securitum.com).
|
||||
|
||||
Proton Mail has internal crash reports that are **not** shared with third parties. This can be disabled in the web app: :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
|
||||
Proton Mail has internal crash reports that are **not** shared with third parties and can be disabled.
|
||||
|
||||
=== "Web"
|
||||
|
||||
From your inbox, select :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.
|
||||
|
||||
- [ ] Disable **Collect usage dignostics**
|
||||
- [ ] Disable **Send crash reports**
|
||||
|
||||
=== "Mobile"
|
||||
|
||||
From your inbox, select :material-menu: → :gear: **Settings** → select your username.
|
||||
|
||||
- [ ] Disable **Send crash reports**
|
||||
- [ ] Disable **Collect usage dignostics**
|
||||
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
@@ -94,7 +108,7 @@ Paid Proton Mail subscribers can use their own domain with the service or a [cat
|
||||
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) **cash** by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments. Additionally, you can use [**Monero**](cryptocurrency.md#monero) to purchase vouchers for Proton Mail Plus or Proton Unlimited via their [official](https://discuss.privacyguides.net/t/add-monero-as-an-anonymous-payment-method-for-proton-services/31058/15) reseller [ProxyStore](https://dys2p.com/en/2025-09-09-proton.html).
|
||||
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
@@ -120,13 +134,13 @@ If you have a paid account and your [bill is unpaid](https://proton.me/support/d
|
||||
|
||||
Proton Mail's [Unlimited](https://proton.me/support/proton-plans#proton-unlimited) plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.
|
||||
|
||||
### Mailbox.org
|
||||
### Mailbox Mail
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Mailbox.org** is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany.
|
||||
**Mailbox Mail** (formerly *Mailbox.org*) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox Mail is based in Berlin, Germany.
|
||||
|
||||
Accounts start with up to 2 GB storage, which can be upgraded as needed.
|
||||
|
||||
@@ -145,27 +159,27 @@ Accounts start with up to 2 GB storage, which can be upgraded as needed.
|
||||
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox.org also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain.
|
||||
Mailbox Mail lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/en/private/custom-domains/how-to-set-up-a-catch-all-alias-with-a-custom-domain-name) addresses. Mailbox Mail also supports [sub-addressing](https://kb.mailbox.org/en/private/account-article/what-is-an-alias-and-how-do-i-use-it), which is useful if you don't want to purchase a domain.
|
||||
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.
|
||||
Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept **cash** by mail, **cash** payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.
|
||||
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Mailbox.org supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](https://en.wikipedia.org/wiki/YubiKey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
|
||||
Mailbox Mail supports [two-factor authentication](https://kb.mailbox.org/en/private/account-article/how-to-use-two-factor-authentication-2fa) for their webmail only. You can use either TOTP or a [YubiKey](security-keys.md#yubikey) via the [YubiCloud](https://yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online) are not yet supported.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
Mailbox Mail allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/en/private/e-mail-article/your-encrypted-mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
|
||||
However, [Open-Xchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox Mail, [does not support](https://kb.mailbox.org/en/private/security-privacy-article/encryption-of-calendar-and-address-book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that data.
|
||||
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
Mailbox Mail has [integrated encryption](https://kb.mailbox.org/en/private/e-mail-article/send-encrypted-e-mails-with-guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/en/private/e-mail-article/my-recipient-does-not-use-pgp) on Mailbox Mail's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox.org's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
|
||||
Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like `@mailbox.org`. If you use a custom domain, you must [configure WKD](basics/email-security.md#what-is-the-web-key-directory-standard) separately.
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
@@ -173,11 +187,11 @@ Your account will be set to a restricted user account when your contract ends. I
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
|
||||
You can access your Mailbox Mail account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/en/private/faq-article/the-tor-exit-node-of-mailbox-org). However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/en/private/drive-article/encrypt-files-on-your-drive). Mailbox Mail also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/en/private/e-mail-article/ensuring-e-mails-are-sent-securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox Mail also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
Mailbox Mail has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
|
||||
## More Providers
|
||||
|
||||
@@ -185,7 +199,7 @@ These providers store your emails with zero-knowledge encryption, making them gr
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji loading=lazy }{ .twemoji loading=lazy } [Tuta](email.md#tuta)
|
||||
- { .twemoji loading=lazy }{ .twemoji loading=lazy } [Tuta](#tuta)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -229,7 +243,7 @@ Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and u
|
||||
|
||||
#### :material-information-outline:{ .pg-blue } Private Payment Methods
|
||||
|
||||
Tuta only directly accepts credit cards and PayPal, however [**cryptocurrency**](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
|
||||
Tuta only directly accepts credit cards and PayPal, however you can use [**cryptocurrency**](cryptocurrency.md) to purchase gift cards via their [partnership](https://tuta.com/support/#cryptocurrency) with ProxyStore.
|
||||
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
|
||||
+1
-30
@@ -1,5 +1,5 @@
|
||||
---
|
||||
meta_title: "Recommended Encryption Software: VeraCrypt, Cryptomator, PicoCrypt, and OpenPGP - Privacy Guides"
|
||||
meta_title: "Recommended Encryption Software: VeraCrypt, Cryptomator, and OpenPGP - Privacy Guides"
|
||||
title: "Encryption Software"
|
||||
icon: material/file-lock
|
||||
description: Encryption of data is the only way to control who can access it. These tools allow you to encrypt your emails and any other files.
|
||||
@@ -52,35 +52,6 @@ Some Cryptomator cryptographic libraries have been [audited](https://community.c
|
||||
|
||||
Cryptomator's documentation details its intended [security target](https://docs.cryptomator.org/en/latest/security/security-target), [security architecture](https://docs.cryptomator.org/en/latest/security/architecture), and [best practices](https://docs.cryptomator.org/en/latest/security/best-practices) for use in further detail.
|
||||
|
||||
### Picocrypt (File)
|
||||
|
||||
<small>Protects against the following threat(s):</small>
|
||||
|
||||
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Picocrypt** is a small and simple encryption tool that provides modern encryption. Picocrypt uses the secure XChaCha20 cipher and the Argon2id key derivation function to provide a high level of security. It uses Go's standard x/crypto modules for its encryption features.
|
||||
|
||||
[:octicons-repo-16: Repository](https://github.com/Picocrypt/Picocrypt#readme){ .md-button .md-button--primary }
|
||||
[:octicons-code-16:](https://github.com/Picocrypt/Picocrypt){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://opencollective.com/picocrypt){ .card-link title="Contribute" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/Picocrypt/Picocrypt/releases)
|
||||
- [:simple-apple: macOS](https://github.com/Picocrypt/Picocrypt/releases)
|
||||
- [:simple-linux: Linux](https://github.com/Picocrypt/Picocrypt/releases)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
Picocrypt has been [audited](https://github.com/Picocrypt/storage/blob/main/Picocrypt.Audit.Report.pdf) by Radically Open Security in August 2024, and [most](https://github.com/Picocrypt/Picocrypt/issues/32#issuecomment-2329722740) of the issues found in the audit were subsequently fixed.
|
||||
|
||||
### VeraCrypt (Disk)
|
||||
|
||||
<small>Protects against the following threat(s):</small>
|
||||
|
||||
+4
-56
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: "File Sharing and Sync"
|
||||
title: File Sharing and Sync
|
||||
icon: material/share-variant
|
||||
description: Discover how to privately share your files between your devices, with your friends and family, or anonymously online.
|
||||
cover: file-sharing.webp
|
||||
@@ -24,9 +24,9 @@ If you already use [Proton Drive](cloud.md#proton-drive)[^1] or have a [Bitwarde
|
||||
|
||||
[:octicons-home-16: Homepage](https://send.vis.ee){ .md-button .md-button--primary }
|
||||
[:octicons-server-16:](https://github.com/timvisee/send-instances){ .card-link title="Public Instances"}
|
||||
[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://github.com/timvisee/send#readme){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/timvisee/send){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title=Contribute }
|
||||
[:octicons-heart-16:](https://github.com/sponsors/timvisee){ .card-link title="Contribute" }
|
||||
|
||||
</details>
|
||||
|
||||
@@ -48,7 +48,7 @@ ffsend upload --host https://send.vis.ee/ FILE
|
||||
|
||||
[:octicons-home-16: Homepage](https://onionshare.org){ .md-button .md-button--primary }
|
||||
[:simple-torbrowser:](http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion){ .card-link title="Onion Service" }
|
||||
[:octicons-info-16:](https://docs.onionshare.org){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://docs.onionshare.org){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/onionshare/onionshare){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
@@ -73,60 +73,8 @@ OnionShare provides the option to connect via [Tor bridges](https://docs.onionsh
|
||||
- Must be open-source software.
|
||||
- Must either have clients for Linux, macOS, and Windows; or have a web interface.
|
||||
|
||||
## FreedomBox
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**FreedomBox** is an operating system designed to be run on a [single-board computer (SBC)](https://en.wikipedia.org/wiki/Single-board_computer). The purpose is to make it easy to set up server applications that you might want to self-host.
|
||||
|
||||
[:octicons-home-16: Homepage](https://freedombox.org){ .md-button .md-button--primary }
|
||||
[:octicons-info-16:](https://wiki.debian.org/FreedomBox/Manual){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://salsa.debian.org/freedombox-team/freedombox){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://freedomboxfoundation.org/donate){ .card-link title=Contribute }
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
## File Sync
|
||||
|
||||
### Nextcloud (Client-Server)
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
|
||||
|
||||
[:octicons-home-16: Homepage](https://nextcloud.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://nextcloud.com/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://nextcloud.com/support){ .card-link title=Documentation}
|
||||
[:octicons-code-16:](https://github.com/nextcloud){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://nextcloud.com/contribute){ .card-link title=Contribute }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.nextcloud.client)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1125420102)
|
||||
- [:simple-github: GitHub](https://github.com/nextcloud/android/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://nextcloud.com/install/#install-clients)
|
||||
- [:simple-apple: macOS](https://nextcloud.com/install/#install-clients)
|
||||
- [:simple-linux: Linux](https://nextcloud.com/install/#install-clients)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
|
||||
We don't recommend using the [E2EE App](https://apps.nextcloud.com/apps/end_to_end_encryption) for Nextcloud as it may lead to data loss; it is highly experimental and not production quality.
|
||||
|
||||
</div>
|
||||
|
||||
### Syncthing (P2P)
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
+1
-1
@@ -147,7 +147,7 @@ Piped is useful if you want to use [SponsorBlock](https://sponsor.ajay.app) with
|
||||
|
||||
**FreeTube** is a free and open-source desktop application for [YouTube](https://youtube.com). FreeTube extracts data from YouTube using its built-in API based on [YouTube.js](https://github.com/LuanRT/YouTube.js) or the [Invidious](#invidious) API. You can configure either as the default, with the other serving as a fallback.
|
||||
|
||||
When using FreeTube, your subscription list and playlists are saved locally on your device.
|
||||
When using FreeTube, your subscription list, playlists, watch history and search history are saved locally on your device.
|
||||
|
||||
[:octicons-home-16: Homepage](https://freetubeapp.io){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://freetubeapp.io/privacy.php){ .card-link title="Privacy Policy" }
|
||||
|
||||
@@ -66,21 +66,20 @@ Popular menstrual trackers like [Flo](https://techcrunch.com/2021/01/13/flo-gets
|
||||
|
||||
These general purpose apps can do everything from counting steps and tracking sleep to measuring your heartbeat.
|
||||
|
||||
### Apple Health
|
||||
### Apple Fitness
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Apple Health** is the default health and fitness app for iOS. Apple Health always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.
|
||||
**Apple Fitness** is the default fitness app for iOS. Apple Fitness always uses end-to-end encryption when syncing across multiple devices. Additionally, almost all measured data is processed on your device.
|
||||
|
||||
[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-health/id1242545199)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id1208224953)
|
||||
|
||||
</details>
|
||||
|
||||
@@ -120,9 +119,9 @@ These apps help you collect and manage personal health data and share it with he
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }{ align=right }
|
||||
{ align=right }{ align=right }
|
||||
|
||||
**Apple Health Records** is a built-in feature within [Apple Health](#apple-health) that allows you to view, store, and share your health records. It shares the security and privacy features of Apple Health.
|
||||
**Apple Health Records** is a built-in feature within [Apple Health](https://apple.com/health) that allows you to view, store, and share your health records. It shares the security and privacy features of [Apple Fitness](#apple-fitness).
|
||||
|
||||
[:octicons-home-16: Homepage](https://apple.com/health){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://apple.com/legal/privacy/consumer-health-personal-data/en-ww){ .card-link title="Privacy Policy" }
|
||||
|
||||
+1
-1
@@ -70,7 +70,7 @@ Trying to protect all your data from everyone all the time is impractical, expen
|
||||
<div markdown>
|
||||
**Privacy Guides** has a dedicated [community](https://discuss.privacyguides.net) independently reviewing various *privacy tools* and services. Each of our recommendations comply with a strict set of criteria to ensure they provide the most value to most people, and provide the best balance of privacy, security, and convenience. As part of a non-profit **public charity**, Privacy Guides has strict **journalistic standards** and policies to ensure our recommendations are free of conflict of interest, and we do not partner with providers or affiliate programs that could sway our reviews and recommendations.
|
||||
|
||||
[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" }
|
||||
[:material-heart:{.pg-red} Support Our Work](about/donate.md){ class="md-button md-button--primary" data-portal="signup" }
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
+23
-1
@@ -11,7 +11,9 @@ cover: language-tools.webp
|
||||
|
||||
Text inputted to grammar, spelling, and style checkers, as well as translation services, can contain sensitive information which may be stored on their servers for an indefinite amount of time and sold to third parties. The language tools listed on this page do not store your submitted text on a server and can be self-hosted and used offline for maximum control of your data.
|
||||
|
||||
## LanguageTool
|
||||
## Grammar & Spelling
|
||||
|
||||
### LanguageTool
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
@@ -42,6 +44,26 @@ Text inputted to grammar, spelling, and style checkers, as well as translation s
|
||||
|
||||
LanguageTool offers integration with a variety of [office suites](https://languagetool.org/services#text_editors) and [email clients](https://languagetool.org/services#mail_clients).
|
||||
|
||||
## Translation Tools
|
||||
|
||||
### LibreTranslate
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**LibreTranslate** is a free and open-source machine translation web interface and API server. It uses [Argos Translate](https://github.com/argosopentech/argos-translate) models on the backend for translations.
|
||||
|
||||
[:octicons-home-16: Homepage](https://libretranslate.com){ .md-button .md-button--primary }
|
||||
[:octicons-server-16:](https://github.com/LibreTranslate/LibreTranslate#mirrors){ .card-link title="Public Instances" }
|
||||
[:octicons-code-16:](https://github.com/LibreTranslate/LibreTranslate){ .card-link title="Source Code" }
|
||||
|
||||
</div>
|
||||
|
||||
You can use LibreTranslate through a number of public instances, with some that offer a [Tor](tor.md) onion service or an [I2P](alternative-networks.md#i2p-the-invisible-internet-project) eepsite. You can also host the software yourself for maximum control over the text submitted for translation.
|
||||
|
||||
We use a self-hosted instance of LibreTranslate to automatically translate posts on our [forum](https://discuss.privacyguides.net) to multiple languages.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
+2
-2
@@ -25,14 +25,14 @@ Features include cycling routes, hiking trails and walking paths, turn-by-turn n
|
||||
|
||||
[:octicons-home-16: Homepage](https://organicmaps.app){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://organicmaps.app/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-code-16:](https://git.omaps.dev/organicmaps/organicmaps){ .card-link title="Source Code" }
|
||||
[:octicons-code-16:](https://github.com/organicmaps/organicmaps){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=app.organicmaps)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/organic-maps/id1567437057)
|
||||
- [:simple-forgejo: Forgejo](https://git.omaps.dev/organicmaps/organicmaps/releases)
|
||||
- [:simple-github: GitHub](https://github.com/organicmaps/organicmaps/releases)
|
||||
- [:simple-linux: Linux](https://flathub.org/apps/app.organicmaps.desktop)
|
||||
|
||||
</details>
|
||||
|
||||
@@ -164,7 +164,7 @@ This format is used to generate recommendation cards. Notably it is missing the
|
||||
``` markdown title="Recommendation Card"
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
|
||||
|
||||
@@ -173,13 +173,6 @@ This format is used to generate recommendation cards. Notably it is missing the
|
||||
[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-github: GitHub](https://github.com/photoprism)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
```
|
||||
|
||||
@@ -187,7 +180,7 @@ This format is used to generate recommendation cards. Notably it is missing the
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**PhotoPrism** is a self-hostable platform for managing photos. It supports album syncing and sharing as well as a variety of other [features](https://photoprism.app/features). It does not include end-to-end encryption, so it's best hosted on a server that you trust and is under your control.
|
||||
|
||||
@@ -196,13 +189,6 @@ This format is used to generate recommendation cards. Notably it is missing the
|
||||
[:octicons-info-16:](https://photoprism.app/kb){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/photoprism){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
|
||||
- [:simple-github: GitHub](https://github.com/photoprism)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "Privacy Respecting Web Browsers for Android and iOS - Privacy Guides"
|
||||
title: "Mobile Browsers"
|
||||
title: Mobile Browsers
|
||||
icon: material/cellphone-information
|
||||
description: These browsers are what we currently recommend for standard/non-anonymous internet browsing on your phone.
|
||||
cover: mobile-browsers.webp
|
||||
@@ -167,7 +167,7 @@ Shields' options can be downgraded on a per-site basis as needed, but by default
|
||||
- [x] Select **Disable non-proxied UDP** under [*WebRTC IP handling policy*](https://support.brave.com/hc/articles/360017989132-How-do-I-change-my-Privacy-Settings#webrtc)
|
||||
- [x] (Optional) Select **No protection** under *Safe Browsing* (1)
|
||||
- [ ] Uncheck **Allow sites to check if you have payment methods saved**
|
||||
- [ ] Uncheck **V8 Optimizer** under *Manage V8 security*
|
||||
- [ ] Uncheck **Javascript optimization & security** under the setting with the same name
|
||||
- [x] Select **Close tabs on exit**
|
||||
- [ ] Uncheck **Allow privacy-preserving product analytics (P3A)**
|
||||
- [ ] Uncheck **Automatically send diagnostic reports**
|
||||
@@ -267,7 +267,7 @@ This disables update checks for the unmaintained Bromite adblock filter.
|
||||
|
||||
## Safari (iOS)
|
||||
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Chromium engine like its counterparts on other operating systems.
|
||||
On iOS, any app that can browse the web is [restricted](https://developer.apple.com/app-store/review/guidelines) to using an Apple-provided [WebKit framework](https://developer.apple.com/documentation/webkit), so a browser like [Brave](#brave) does not use the Blink engine (the core component of Chromium) like its counterparts on other operating systems.
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
@@ -285,8 +285,6 @@ On iOS, any app that can browse the web is [restricted](https://developer.apple.
|
||||
|
||||
### Recommended Safari Configuration
|
||||
|
||||
We would suggest installing [AdGuard](browser-extensions.md#adguard) if you want a content blocker in Safari.
|
||||
|
||||
The following privacy/security-related options can be found in :gear: **Settings** → **Apps** → **Safari**.
|
||||
|
||||
#### Allow Safari to Access
|
||||
|
||||
+10
-4
@@ -1,5 +1,5 @@
|
||||
---
|
||||
title: "Mobile Phones"
|
||||
title: Mobile Phones
|
||||
icon: material/cellphone-check
|
||||
description: These mobile devices provide the best hardware security support for custom Android operating systems.
|
||||
cover: android.webp
|
||||
@@ -43,7 +43,7 @@ End-of-life devices (such as GrapheneOS's "extended support" devices) do not hav
|
||||
|
||||
</div>
|
||||
|
||||
## Purchasing Advice
|
||||
## General Purchasing Advice
|
||||
|
||||
When purchasing a device, we recommend getting one as new as possible. The software and firmware of mobile devices are only supported for a limited time, so buying new extends that lifespan as much as possible.
|
||||
|
||||
@@ -73,11 +73,15 @@ Beginning with the **Pixel 8** and **8 Pro**, Pixel devices receive a minimum of
|
||||
|
||||
</div>
|
||||
|
||||
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
|
||||
### Hardware Security
|
||||
|
||||
Secure Elements like the Titan M2 are more limited than the processor's Trusted Execution Environment (TEE) used by most other phones as they are only used for secrets storage, hardware attestation, and rate limiting, not for running "trusted" programs. Phones without a Secure Element have to use the TEE for *all* of those functions, resulting in a larger attack surface.
|
||||
|
||||
Google Pixel phones use a TEE OS called Trusty which is [open source](https://source.android.com/security/trusty#whyTrusty), unlike many other phones.
|
||||
|
||||
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
|
||||
The Pixel 8 series and later supports ARM's Memory Tagging Extension ([MTE](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension)), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. The stock Pixel OS allows you to enable MTE for supported apps through Google's Advanced Protection Program or via a developer option, but its usability is quite limited. [GrapheneOS](android/distributions.md#grapheneos), an alternative Android OS we recommend, greatly improves the usability and coverage of MTE in its implementation of the feature.
|
||||
|
||||
### Buying a Google Pixel
|
||||
|
||||
A few more tips for purchasing a Google Pixel:
|
||||
|
||||
@@ -98,6 +102,8 @@ A few more tips for purchasing a Google Pixel:
|
||||
, meaning that the longer use of the device the lower cost per day.
|
||||
- If the Pixel is unavailable in your region, the [NitroPhone](https://shop.nitrokey.com/shop) can be shipped globally.
|
||||
|
||||
The installation of GrapheneOS on a Pixel phone is easy with their [web installer](https://grapheneos.org/install/web). If you don't feel comfortable doing it yourself and are willing to spend a bit of extra money, check out the [NitroPhone](https://shop.nitrokey.com/shop) as they come preloaded with GrapheneOS from the reputable [Nitrokey](https://nitrokey.com/about) company.
|
||||
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
title: "Multifactor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
description: These tools assist you with securing your internet accounts with Multifactor Authentication without sending your secrets to a third-party.
|
||||
title: Multifactor Authentication
|
||||
icon: material/two-factor-authentication
|
||||
description: These tools assist you with securing your internet accounts with multifactor authentication without sending your secrets to a third-party.
|
||||
cover: multi-factor-authentication.webp
|
||||
---
|
||||
<small>Protects against the following threat(s):</small>
|
||||
@@ -15,7 +15,7 @@ cover: multi-factor-authentication.webp
|
||||
|
||||
</div>
|
||||
|
||||
**Multifactor Authentication Apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
|
||||
**Multifactor authentication apps** implement a security standard adopted by the Internet Engineering Task Force (IETF) called **Time-based One-time Passwords**, or **TOTP**. This is a method where websites share a secret with you which is used by your authenticator app to generate a six (usually) digit code based on the current time, which you enter while logging in for the website to check. Typically, these codes are regenerated every 30 seconds, and once a new code is generated the old one becomes useless. Even if a hacker gets one six-digit code, there is no way for them to reverse that code to get the original secret or otherwise be able to predict what any future codes might be.
|
||||
|
||||
We highly recommend that you use mobile TOTP apps instead of desktop alternatives as Android and iOS have better security and app isolation than most desktop operating systems.
|
||||
|
||||
@@ -29,7 +29,7 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
[:octicons-home-16: Homepage](https://ente.io/auth){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://ente.io/privacy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://help.ente.io/auth){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://help.ente.io/auth){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/ente-io/ente/tree/main/auth#readme){ .card-link title="Source Code" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
@@ -38,12 +38,14 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=io.ente.auth)
|
||||
- [:simple-appstore: App Store](https://apps.apple.com/app/id6444121398)
|
||||
- [:simple-github: GitHub](https://github.com/ente-io/ente/releases?q=auth)
|
||||
- [:octicons-globe-16: Web](https://auth.ente.io)
|
||||
- [:octicons-browser-16: Web](https://auth.ente.io)
|
||||
|
||||
</details>
|
||||
|
||||
</div>
|
||||
|
||||
The server-side source code and infrastructure which underpins Ente Auth (if used with an online account) underwent an audit by [Cure53](https://ente.io/blog/cern-audit) in October 2025.
|
||||
|
||||
## Aegis Authenticator (Android)
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
@@ -54,9 +56,9 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
[:octicons-home-16: Homepage](https://getaegis.app){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://getaegis.app/aegis/privacy.html){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://github.com/beemdevelopment/Aegis/wiki){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://github.com/beemdevelopment/Aegis){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://buymeacoffee.com/beemdevelopment){ .card-link title=Contribute }
|
||||
[:octicons-heart-16:](https://buymeacoffee.com/beemdevelopment){ .card-link title="Contribute" }
|
||||
|
||||
<details class="downloads" markdown>
|
||||
<summary>Downloads</summary>
|
||||
@@ -68,11 +70,10 @@ We highly recommend that you use mobile TOTP apps instead of desktop alternative
|
||||
|
||||
</div>
|
||||
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
## Criteria
|
||||
|
||||
**Please note we are not affiliated with any of the projects we recommend.** In addition to [our standard criteria](about/criteria.md), we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
|
||||
|
||||
- Source code must be publicly available.
|
||||
- Must not require internet connectivity.
|
||||
- Cloud syncing must be optional, and (if available) sync functionality must be E2EE.
|
||||
- Cloud syncing must be optional; sync functionality, if available, must be E2EE.
|
||||
|
||||
@@ -142,6 +142,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables:
|
||||
- Not allowing app installation outside the Google Play Store, the OS vendor's app store, or via [`adb`](https://en.wikipedia.org/wiki/Android_Debug_Bridge)
|
||||
- Mandatory automatic device scanning with [Play Protect](https://support.google.com/googleplay/answer/2812853?#zippy=%2Chow-malware-protection-works%2Chow-privacy-alerts-work)
|
||||
- Warning you about unverified applications
|
||||
- Enabling ARM's hardware-based [Memory Tagging Extension (MTE)](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) for supported apps, which lowers the likelihood of device exploits happening through memory corruption bugs
|
||||
|
||||
### Google Play System Updates
|
||||
|
||||
|
||||
+63
-37
@@ -98,11 +98,9 @@ Note that Bluetooth is automatically turned on after every system update.
|
||||
|
||||
Your iPhone's device name will by default contain your first name, and this will be visible to anyone on networks you connect to. You should change this to something more generic, like "iPhone." Select **About** → **Name** and enter the device name you prefer.
|
||||
|
||||
It is important to install **Software Updates** frequently to get the latest security fixes. You can enable **Automatic Updates** to keep your phone up-to-date without needing to constantly check for updates. Select **Software Update** → **Automatic Updates**:
|
||||
It is important to install software updates frequently to get the latest security fixes. You can enable automatic updates to keep your phone up-to-date without needing to constantly check for updates. Select **Software Update** → **Automatic Updates**:
|
||||
|
||||
- [x] Turn on **Download iOS Updates**
|
||||
- [x] Turn on **Install iOS Updates**
|
||||
- [x] Turn on **Security Responses & System Files**
|
||||
- [x] Turn on **Automatically Install**
|
||||
|
||||
**AirDrop** is commonly used to easily share files, but it represents a significant privacy risk. The AirDrop protocol constantly broadcasts your personal information to your surroundings, with [very weak](https://usenix.org/system/files/sec21-heinrich.pdf) security protections. Your identity can easily be discovered by attackers even with limited resources, and the Chinese government has [openly acknowledged](https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that) using such techniques to identify AirDrop users in public since 2022.
|
||||
|
||||
@@ -116,7 +114,19 @@ It is important to install **Software Updates** frequently to get the latest sec
|
||||
|
||||
Select **Background App Refresh** and switch off any apps you don't want to continue refreshing in the background. If you don't want any apps to refresh in the background, you can select **Background App Refresh** again and turn it **Off**.
|
||||
|
||||
#### Siri & Search
|
||||
#### Apple Intelligence & Siri
|
||||
|
||||
This is available if your device supports **[Apple Intelligence](https://support.apple.com/guide/iphone/apple-intelligence-and-privacy-iphe3f499e0e/ios)**. Apple Intelligence uses a combination of on-device processing and their **[Private Cloud Compute](https://security.apple.com/blog/private-cloud-compute)** for things that take more processing power than your device can provide.
|
||||
|
||||
To see a report of all the requests made to Apple's servers, you can navigate to **Privacy & Security** → **Apple Intelligence Report** and press **Export Activity** to see activity from the either the last 15 minutes or 7 days, depending on what you set it for. Similar to the **App Privacy Report** which shows you the recent permissions accessed by the apps on your phone, the Apple Intelligence Report likewise shows what is being sent to Apple's servers while using Apple Intelligence.
|
||||
|
||||
Apple Intelligence can integrate with [ChatGPT](https://support.apple.com/guide/iphone/use-chatgpt-with-apple-intelligence-iph00fd3c8c2/ios). If you want ChatGPT integration, you can navigate to **ChatGPT** and press **Set Up**. If you want to disable it, go to the same place:
|
||||
|
||||
- [ ] Turn off **Use ChatGPT**
|
||||
|
||||
You can also have it ask for confirmation every time if you leave ChatGPT integration on:
|
||||
|
||||
- [x] Turn on **Confirm Requests**
|
||||
|
||||
If you don't want anyone to be able to control your phone with Siri when it is locked, you can turn that off here.
|
||||
|
||||
@@ -130,28 +140,17 @@ Select **Turn Passcode On** or **Change Passcode** → **Passcode Options** →
|
||||
|
||||
If you wish to use Face ID or Touch ID, you can go ahead and set it up now. Your phone will use the password you set up earlier as a fallback in case your biometric verification fails. Biometric unlock methods are primarily a convenience, although they do stop surveillance cameras or people over your shoulder from watching you input your passcode.
|
||||
|
||||
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the side or power button and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will also be required after device restarts.
|
||||
If you use biometrics, you should know how to turn them off quickly in an emergency. Holding down the [side button](https://support.apple.com/en-us/105103) and *either* volume button until you see the Slide to Power Off slider will disable biometrics, requiring your passcode to unlock. Your passcode will be required after your device restarts.
|
||||
|
||||
On some older devices, you may have to press the power button five times to disable biometrics instead, or for devices with Touch ID, you may just have to hold down the power button and nothing else. Make sure you try this in advance, so you know which method works for your device.
|
||||
You can similarly disable biometrics by pressing the side button five times, or for devices with Touch ID, you can hold down the side button and nothing else. Make sure you try this in advance, so you know which method works for your device.
|
||||
|
||||
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you use biometrics and the Find My Device feature in your Apple Account settings, we recommend enabling this new protection:
|
||||
**Stolen Device Protection** adds additional security intended to protect your personal data if your device is stolen while unlocked. If you enable both biometric authentication and the [Find My](#find-my) iPhone feature, we recommend enabling this protection:
|
||||
|
||||
- [x] Select **Turn On Protection**
|
||||
- [x] Turn on **Stolen Device Protection**
|
||||
|
||||
After enabling Stolen Device Protection, [certain actions](https://support.apple.com/HT212510) will require biometric authentication without a password fallback (in the event that a shoulder surfer has obtained your PIN), such as using password autofill, accessing payment information, and disabling Lost Mode. It also adds a security delay to certain actions performed away from your home or another "familiar location," such as requiring a 1-hour timer to reset your Apple Account password or sign out of your Apple Account. This delay is intended to give you time to enable Lost Mode and secure your account before a thief can reset your device.
|
||||
|
||||
**Allow Access When Locked** gives you options for what you can allow when your phone is locked. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you. Pick and choose which of these you don't want someone to have access to if they get their hands on your phone.
|
||||
|
||||
- [ ] Turn off **Today View and Search**
|
||||
- [ ] Turn off **Notification Center**
|
||||
- [ ] Turn off **Control Center**
|
||||
- [ ] Turn off **Lock Screen Widgets**
|
||||
- [ ] Turn off **Siri**
|
||||
- [ ] Turn off **Reply with Message**
|
||||
- [ ] Turn off **Home Control**
|
||||
- [ ] Turn off **Wallet**
|
||||
- [ ] Turn off **Return Missed Calls**
|
||||
- [ ] Turn off **USB Accessories**
|
||||
**Allow Access When Locked** presents options for what you can allow when your phone is locked. Pick and choose which feature you want to disable to prevent unauthorized access if someone gets their hands on your phone. The more of these options you disable, the less someone without your password can do, but the less convenient it will be for you.
|
||||
|
||||
iPhones are already resistant to brute-force attacks by making you wait long periods of time after multiple failed attempts; however, there have historically been exploits to get around this. To be extra safe, you can set your phone to wipe itself after 10 failed passcode attempts.
|
||||
|
||||
@@ -186,17 +185,9 @@ You should turn off **Research Sensor & Usage Data** if you don't wish to partic
|
||||
|
||||
- [ ] Turn off **Sensor & Usage Data Collection**
|
||||
|
||||
**Safety Check** allows you to quickly view and revoke certain people and apps that might have permission to access your data. Here you can perform an **Emergency Reset**, immediately resetting permissions for all people and apps which might have access to device resources. You can also **Manage Sharing & Access** which allows you to go through and customize who and what has access to your device and account resources.
|
||||
**[Safety Check](https://support.apple.com/guide/personal-safety/safety-check-iphone-ios-16-ips2aad835e1/1.0/web/1.0)** allows you to quickly view and revoke certain people and apps that might have permission to access your data. Here, you can perform an **Emergency Reset**, immediately resetting permissions for all people and apps which might have access to device resources. You can also **Manage Sharing & Access**, which allows you to review and customize who and what has access to your device and account resources. If you're in an abusive situation, read Apple's [Personal Safety User Guide](https://support.apple.com/guide/personal-safety/welcome/web) for guidance on what you should do.
|
||||
|
||||
You should disable analytics if you don't wish to send Apple usage data. Select **Analytics & Improvements**:
|
||||
|
||||
- [ ] Turn off **Share iPhone Analytics** or **Share iPhone & Watch Analytics**
|
||||
- [ ] Turn off **Share iCloud Analytics**
|
||||
- [ ] Turn off **Improve Fitness+**
|
||||
- [ ] Turn off **Improve Safety**
|
||||
- [ ] Turn off **Improve Siri & Dictation**
|
||||
- [ ] Turn off **Improve Assistive Voice Features**
|
||||
- [ ] Turn off **Improve AR Location Accuracy**
|
||||
You should disable analytics if you don't wish to send usage data to Apple. Select **Analytics & Improvements** and unselect the type(s) of analytics that you don't want to send to Apple.
|
||||
|
||||
Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Advertising**:
|
||||
|
||||
@@ -206,7 +197,11 @@ Disable **Personalized Ads** if you don't want targeted ads. Select **Apple Adve
|
||||
|
||||
- [x] Select **Turn On App Privacy Report**
|
||||
|
||||
[Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) is a security setting you can enable to make your phone more resistant to attacks. Be aware that certain apps and features [won't work](https://support.apple.com/HT212650) as they do normally.
|
||||
Set wired accessories to ask for permission when you connect them. Select **Wired Accessories**:
|
||||
|
||||
- [x] Select **Always Ask** or **Ask for New Accessories**
|
||||
|
||||
**[Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode)** is a security setting you can enable to make your phone more resistant to attacks. Be aware that certain apps and features [won't work](https://support.apple.com/HT212650) as they do normally.
|
||||
|
||||
- [x] Select **Turn On Lockdown Mode**
|
||||
|
||||
@@ -220,7 +215,13 @@ Normal phone calls made with the Phone app through your carrier are not E2EE. Bo
|
||||
|
||||
The [color of the message bubble](https://support.apple.com/en-us/104972) in the Messages app indicates whether your messages are E2EE or not. A blue bubble indicates that you're using iMessage with E2EE, while a green bubble indicates the other party is using either the outdated SMS and MMS protocols or RCS. RCS on iOS is **not** E2EE. Currently, the only way to have E2EE in Messages is for both parties to be using iMessage on Apple devices.
|
||||
|
||||
If either you or your messaging partner have iCloud Backup enabled without Advanced Data Protection, the encryption key will be stored on Apple's servers, meaning they can access your messages. Additionally, iMessage's key exchange is not as secure as alternative implementations like Signal's (which allows you to view the recipients key and verify by QR code), so it shouldn't be relied on for particularly sensitive communications.
|
||||
If either you or your messaging partner have iCloud Backup enabled without Advanced Data Protection, the encryption key will be stored on Apple's servers, meaning they can access your messages.
|
||||
|
||||
By default, you trust Apple's identity servers that you're messaging the right person. To defend yourself from a potentially malicious server, you can enable **[Contact Key Verification](https://support.apple.com/en-us/118246)**. At the top of the **Settings** app where your name is, select it, then go to **Contact Key Verification**.
|
||||
|
||||
- [x] Turn on **Verification in iMessage**
|
||||
|
||||
Both you and your contacts need to enable Contact Key Verification and follow Apple's [instructions](https://support.apple.com/en-us/118246#verify) for the security assurances mentioned above to take effect.
|
||||
|
||||
### Photo Permissions
|
||||
|
||||
@@ -250,23 +251,40 @@ In addition to locking apps behind biometrics, you can also hide apps so that th
|
||||
|
||||
You can hide an app by long-pressing on it and selecting **Require Face ID/Touch ID** → **Hide and Require Face ID/Touch ID**. Note that pre-installed Apple apps, as well as the default web browser and email app, cannot be hidden. Hidden apps reside in a **Hidden** folder at the bottom of the App Library, which can be unlocked using biometrics. This folder appears in the App Library whether you hid any apps or not, which provides you a degree of plausible deniability.
|
||||
|
||||
### Guided Access
|
||||
|
||||
Sometimes you might want to hand your phone to someone to make a call or do a specific task, but you don't want them to have full access to your phone. In these cases, you can quickly enable **[Guided Access](https://support.apple.com/guide/iphone/lock-iphone-to-one-app-iph7fad0d10/ios)** to lock the phone to one specific app until you authenticate.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
Guided Access isn't foolproof, as it's possible you could leak data unintentionally or the feature could be bypassed. You should only use Guided Access for situations where you casually hand your phone to someone to use. You should not use it as a tool to protect against advanced adversaries.
|
||||
|
||||
</div>
|
||||
|
||||
### Redacting Elements in Images
|
||||
|
||||
If you need to hide information in a photo, you can use Apple's built-in editing tools to do so.
|
||||
|
||||
If your device supports it, you can use the [Clean Up](https://support.apple.com/en-us/121429) feature to pixelate faces or remove objects from images.
|
||||
You can use the [Clean Up](https://support.apple.com/en-us/121429) feature on supported devices to pixelate faces or remove objects from images.
|
||||
|
||||
- Open the **Photos** app and tap the photo you have selected for redaction
|
||||
- Tap the :material-tune: (at the bottom of the screen)
|
||||
- Tap the :material-tune:
|
||||
- Tap the button labeled **Clean Up**
|
||||
- Draw a circle around whatever you want to redact. Faces will be pixelated, and it will attempt to delete anything else.
|
||||
|
||||
Our warning [against blurring text](../data-redaction.md) also applies here, so we recommend to instead add a black shape with 100% opacity over it. In addition to redacting text, you can also black out any face or object using the **Photos** app.
|
||||
|
||||
<div class="annotate" markdown>
|
||||
|
||||
- Tap the image you have selected for redaction
|
||||
- Tap the :material-tune: (at the bottom of the screen) → markup symbol (top right) → plus icon at the bottom right
|
||||
- Tap the :material-tune: → :material-dots-horizontal: (1) → Markup → :material-plus:
|
||||
- Select **Add Shape** and choose the square or circle
|
||||
- On the toolbar, tap the circle (left-most option) and choose black as the color for filling in the shape. You can also move the shape and increase its size as you see fit.
|
||||
- On the toolbar, tap the circle and choose black as the color for filling in the shape. You can also move the shape and increase its size as you see fit.
|
||||
|
||||
</div>
|
||||
|
||||
1. This may not appear on certain iPhone models.
|
||||
|
||||
**Don't** use the highlighter to obfuscate information, as its opacity is not quite 100%.
|
||||
|
||||
@@ -283,3 +301,11 @@ Apple always makes beta versions of iOS available early for those that wish to h
|
||||
### Before First Unlock
|
||||
|
||||
If your threat model includes [:material-target-account: Targeted Attacks](../basics/common-threats.md#attacks-against-specific-individuals){ .pg-red } that involve forensic tools, and you want to minimize the chance of exploits being used to access your phone, you should restart your device frequently. The state *after* a reboot but *before* unlocking your device is referred to as "Before First Unlock" (BFU), and when your device is in that state it makes it [significantly more difficult](https://belkasoft.com/checkm8_glossary) for forensic tools to exploit vulnerabilities to access your data. This BFU state allows you to receive notifications for calls, texts, and alarms, but most of the data on your device is still encrypted and inaccessible. This can be impractical, so consider whether these trade-offs make sense for your situation.
|
||||
|
||||
iPhones [automatically reboot](https://support.apple.com/guide/security/protecting-user-data-in-the-face-of-attack-secf5549a4f5/1/web/1#:~:text=On%20an%20iPhone%20or%20iPad%20with%20iOS%2018%20and%20iPadOS%2018%20or%20later%2C%20a%20new%20security%20protection%20will%20restart%20devices%20if%20they%20remain%20locked%20for%20a%20prolonged%20period%20of%20time.) if they're not unlocked after a period of time.
|
||||
|
||||
### MTE
|
||||
|
||||
The iPhone 17 line and later offer a security enhancement called [Memory Tagging Extension](https://developer.arm.com/documentation/108035/0100/Introduction-to-the-Memory-Tagging-Extension) (MTE), which makes it significantly harder for an attacker to exploit memory corruption vulnerabilities. This always-on protection depends on hardware support, so it's not available for older devices.
|
||||
|
||||
For more details on Apple's implementation of MTE, read the [blog post](https://security.apple.com/blog/memory-integrity-enforcement) published by Apple Security Research. We also cover Apple's implementation of MTE and how it compares to Android's implementation in the Google Pixel 8 series and later in our [own article](https://www.privacyguides.org/posts/2025/09/20/memory-integrity-enforcement-changes-the-game-on-ios).
|
||||
|
||||
+21
-14
@@ -118,19 +118,9 @@ Additionally, some distributions will not download firmware updates automaticall
|
||||
|
||||
### Permission Controls
|
||||
|
||||
Desktop environments (DEs) that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. However, not all DEs take full advantage of Wayland's architectural security improvements.
|
||||
Desktop environments that support the [Wayland](https://wayland.freedesktop.org) display protocol are [more secure](https://lwn.net/Articles/589147) than those that only support X11. Moreover, we *generally* recommend installing and using applications which are sandboxed such as those obtained via **Flatpak**. Flatpak supports the [`security-context-v1`](https://github.com/flatpak/flatpak/pull/4920) protocol and the ability to filter D-Bus protocols, which allow Flatpak to properly identify apps for the purpose of sandboxing them through permission controls.[^1] Conversely, applications outside sandboxes are free to perform privileged actions such as capturing your screen, either by [overwriting the portal permission store](https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7#note_1112260), or [making use of privileged Wayland protocols](https://github.com/swaywm/sway/pull/7648#issuecomment-2507730794).
|
||||
|
||||
For example, GNOME has a notable edge in security compared to other DEs by implementing permission controls for third-party software that tries to [capture your screen](https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/3943). That is, when a third-party application attempts to capture your screen, you are prompted for your permission to share your screen with the app.
|
||||
|
||||
<figure markdown>
|
||||
{ width="450" }
|
||||
<figcaption>GNOME's screenshot permission dialog</figcaption>
|
||||
</figure>
|
||||
|
||||
Many alternatives don't provide these same permission controls yet,[^1] while some are waiting for Wayland to implement these controls upstream.[^2]
|
||||
|
||||
[^1]: KDE currently has an open proposal to add controls for screen captures: <https://invent.kde.org/plasma/xdg-desktop-portal-kde/-/issues/7>
|
||||
[^2]: Sway is waiting to add specific security controls until they "know how security as a whole is going to play out" in Wayland: <https://github.com/swaywm/sway/issues/5118#issuecomment-600054496>
|
||||
[^1]: This exposes a reliable way for Wayland compositors to get identifying information about a client. Compositors can then apply security policies if desirable. [https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4](https://github.com/flatpak/flatpak/commit/f0e626a4b60439f211f06d35df74b675a9ef42f4)
|
||||
|
||||
## Privacy Tweaks
|
||||
|
||||
@@ -138,9 +128,26 @@ Many alternatives don't provide these same permission controls yet,[^1] while so
|
||||
|
||||
Many desktop Linux distributions (Fedora, openSUSE, etc.) come with [NetworkManager](https://en.wikipedia.org/wiki/NetworkManager) to configure Ethernet and Wi-Fi settings.
|
||||
|
||||
It is possible to [randomize](https://fedoramagazine.org/randomize-mac-address-nm) the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
|
||||
It is possible to randomize the [MAC address](https://en.wikipedia.org/wiki/MAC_address) when using NetworkManager. This provides a bit more privacy on Wi-Fi networks as it makes it harder to track specific devices on the network you’re connected to. It does [**not**](https://papers.mathyvanhoef.com/wisec2016.pdf) make you anonymous.
|
||||
|
||||
We recommend changing the setting to **random** instead of **stable**, as suggested in the [article](https://fedoramagazine.org/randomize-mac-address-nm).
|
||||
In the terminal, create a new file `/etc/NetworkManager/conf.d/00-macrandomize.conf` and add the following to it:
|
||||
|
||||
```text
|
||||
[device]
|
||||
wifi.scan-rand-mac-address=yes
|
||||
|
||||
[connection]
|
||||
wifi.cloned-mac-address=random
|
||||
ethernet.cloned-mac-address=random
|
||||
```
|
||||
|
||||
Then, restart NetworkManager:
|
||||
|
||||
```sh
|
||||
systemctl restart NetworkManager
|
||||
```
|
||||
|
||||
Optionally, changing the connection parameter from `random` to `stable` will give you a random MAC address *per network*, but keep it stable for that network when you reconnect to it later. Using `random` will give you a random MAC address *per connection*. This may be desirable for networks with captive portals or where you have a static DHCP assignment, at the expense of making you more identifiable by a single network operator you connect to multiple times.
|
||||
|
||||
If you are using [systemd-networkd](https://en.wikipedia.org/wiki/Systemd#Ancillary_components), you will need to set [`MACAddressPolicy=random`](https://freedesktop.org/software/systemd/man/systemd.link.html#MACAddressPolicy=) which will enable [RFC 7844 (Anonymity Profiles for DHCP Clients)](https://freedesktop.org/software/systemd/man/systemd.network.html#Anonymize=).
|
||||
|
||||
|
||||
+61
-43
@@ -45,7 +45,7 @@ There are a number of built-in settings you should confirm or change to harden y
|
||||
|
||||
#### Bluetooth
|
||||
|
||||
- [ ] Uncheck **Bluetooth** (unless you are currently using it)
|
||||
- [ ] Turn off **Bluetooth** (unless you are currently using it)
|
||||
|
||||
#### Network
|
||||
|
||||
@@ -55,23 +55,23 @@ Click on the "Details" button by your network name:
|
||||
|
||||
- [x] Select **Rotating** under **Private Wi-Fi address**
|
||||
|
||||
- [x] Check **Limit IP address tracking**
|
||||
- [x] Turn on **Limit IP address tracking**
|
||||
|
||||
##### Firewall
|
||||
|
||||
Your firewall blocks unwanted network connections. The stricter your firewall settings are, the more secure your Mac is. However, certain services will be blocked. You should configure your firewall to be as strict as you can without blocking services you use.
|
||||
|
||||
- [x] Check **Firewall**
|
||||
- [x] Turn on **Firewall**
|
||||
|
||||
Click the **Options** button:
|
||||
|
||||
- [x] Check **Block all incoming connections**
|
||||
- [x] Turn on **Block all incoming connections**
|
||||
|
||||
If this configuration is too strict, you can come back and uncheck this. However, macOS will typically prompt you to allow incoming connections for an app if the app requests it.
|
||||
|
||||
#### General
|
||||
|
||||
By default, your device name will be something like "[your name]'s iMac". Because this name is publicly broadcast on your network, you'll want to change your device name to something generic like "Mac".
|
||||
By default, your device name will be something like "[your name]'s iMac". Because this name is [publicly broadcast on your network](https://support.apple.com/guide/mac-help/change-computers-local-hostname-mac-mchlp2322/26/mac/26#:~:text=The%20local%20hostname%2C%20or%20local%20network%20name%2C%20is%20displayed%20at%20the%20bottom%20of%20the%20Sharing%20settings%20window.%20It%20identifies%20your%20Mac%20to%20Bonjour%2Dcompatible%20services.), you'll want to change your device name to something generic like "Mac".
|
||||
|
||||
Click on **About** and type your desired device name into the **Name** field.
|
||||
|
||||
@@ -81,15 +81,37 @@ You should automatically install all available updates to make sure your Mac has
|
||||
|
||||
Click the small :material-information-outline: icon next to **Automatic Updates**:
|
||||
|
||||
- [x] Check **Check for updates**
|
||||
- [x] Turn on **Download new updates when available**
|
||||
|
||||
- [x] Check **Download new updates when available**
|
||||
- [x] Turn on **Install macOS updates**
|
||||
|
||||
- [x] Check **Install macOS updates**
|
||||
- [x] Turn on **Install Security Responses and system files**
|
||||
|
||||
- [x] Check **Install application updates from the App Store**
|
||||
#### Apple Intelligence & Siri
|
||||
|
||||
- [x] Check **Install Security Responses and system files**
|
||||
If you do not use these features on macOS, you should disable them:
|
||||
|
||||
- [ ] Turn off **Apple Intelligence**
|
||||
- [ ] Turn off **Siri**
|
||||
|
||||
**[Apple Intelligence](https://apple.com/legal/privacy/data/en/intelligence-engine)** is only available if your device supports it. Apple Intelligence uses a combination of on-device processing and their [Private Cloud Compute](https://security.apple.com/blog/private-cloud-compute) for things that take more processing power than your device can provide.
|
||||
|
||||
To see a report of all the data sent via Apple Intelligence, you can navigate to **Privacy & Security** → **Apple Intelligence Report** and press **Export Activity** to see activity from the either the last 15 minutes or 7 days, depending on what you set it for. Similar to the **App Privacy Report** which shows you the recent permissions accessed by the apps on your phone, the Apple Intelligence Report likewise shows what is being sent to Apple's servers while using Apple Intelligence.
|
||||
|
||||
By default, ChatGPT integration is disabled. If you don't want ChatGPT integration anymore, you can navigate to **ChatGPT**:
|
||||
|
||||
- [ ] Turn off **Use ChatGPT**
|
||||
|
||||
You can also have it ask for confirmation every time if you leave ChatGPT integration on:
|
||||
|
||||
- [x] Turn on **Confirm Requests**
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
Any request made with ChatGPT will be sent to ChatGPT's servers, there is no on-device processing and no PCC like with Apple Intelligence.
|
||||
|
||||
</div>
|
||||
|
||||
#### Privacy & Security
|
||||
|
||||
@@ -99,25 +121,17 @@ Whenever an application requests a permission, it will show up here. You can dec
|
||||
|
||||
You can individually allow location services per-app. If you don't need apps to use your location, turning off location services entirely is the most private option.
|
||||
|
||||
- [ ] Uncheck **Location Services**
|
||||
- [ ] Turn off **Location Services**
|
||||
|
||||
##### Analytics & Improvements
|
||||
|
||||
Decide whether you want to share analytics data with Apple and developers.
|
||||
|
||||
- [ ] Uncheck **Share Mac Analytics**
|
||||
|
||||
- [ ] Uncheck **Improve Siri & Dictation**
|
||||
|
||||
- [ ] Uncheck **Share with app developers**
|
||||
|
||||
- [ ] Uncheck **Share iCloud Analytics** (visible if you are signed in to iCloud)
|
||||
Decide whether you want to share analytics data with Apple and app developers.
|
||||
|
||||
##### Apple Advertising
|
||||
|
||||
Decide whether you want personalized ads based on your usage.
|
||||
|
||||
- [ ] Uncheck **Personalized Ads**
|
||||
- [ ] Turn off **Personalized Ads**
|
||||
|
||||
##### FileVault
|
||||
|
||||
@@ -129,19 +143,19 @@ On older Intel-based Mac computers, FileVault is the only form of disk encryptio
|
||||
|
||||
##### Lockdown Mode
|
||||
|
||||
[Lockdown Mode](https://blog.privacyguides.org/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) disables some features in order to improve security. Some apps or features won't work the same way they do when it's off, for example, [JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers) and [WASM](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts your usage, many of the changes it makes are easy to live with.
|
||||
**[Lockdown Mode](https://support.apple.com/guide/mac-help/lock-mac-targeted-a-cyberattack-ibrw66f4e191/mac)** disables some features in order to improve security. Some apps or features won't work the same way they do when it's off. For example, Javascript Just-In-Time ([JIT](https://hacks.mozilla.org/2017/02/a-crash-course-in-just-in-time-jit-compilers)) compilation and [WebAssembly](https://developer.mozilla.org/docs/WebAssembly) are disabled in Safari with Lockdown Mode enabled. We recommend enabling Lockdown Mode and seeing whether it significantly impacts daily usage.
|
||||
|
||||
- [x] Click **Turn On**
|
||||
|
||||
### MAC Address Randomization
|
||||
|
||||
macOS uses a randomized MAC address when performing Wi-Fi scans while disconnected from a network.
|
||||
macOS uses a randomized MAC address when [performing Wi-Fi scans](https://support.apple.com/guide/security/privacy-features-connecting-wireless-networks-secb9cb3140c/web) while disconnected from a network.
|
||||
|
||||
You can set your MAC address to be randomized per network and rotate occasionally to prevent tracking between networks and on the same network over time.
|
||||
You can set your [MAC address to be randomized](https://support.apple.com/en-us/102509) per network and rotate occasionally to prevent tracking between networks and on the same network over time.
|
||||
|
||||
Go to **System Settings** → **Network** → **Wi-Fi** → **Details** and set **Private Wi-Fi address** to either **Fixed** if you want a fixed but unique address for the network you're connected to, or **Rotating** if you want it to change over time.
|
||||
|
||||
Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**. Some [privacy scripts](https://github.com/sunknudsen/privacy-guides/tree/master/how-to-spoof-mac-address-and-hostname-automatically-at-boot-on-macos#guide) allow you to easily generate hostnames with random names.
|
||||
Consider changing your hostname as well, which is another device identifier that's broadcast on the network you're connected to. You may wish to set your hostname to something generic like "MacBook Air", "Laptop", "John's MacBook Pro", or "iPhone" in **System Settings** → **General** → **Sharing**.
|
||||
|
||||
## Security Protections
|
||||
|
||||
@@ -152,19 +166,19 @@ macOS employs defense in depth by relying on multiple layers of software and har
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
macOS allows you to install beta updates. These are unstable and may come with extra telemetry since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
macOS allows you to install beta updates. These are unstable and may come with [extra telemetry](https://beta.apple.com/privacy) since they're for testing purposes. Because of this, we recommend you avoid beta software in general.
|
||||
|
||||
</div>
|
||||
|
||||
#### Signed System Volume
|
||||
|
||||
macOS's system components are protected in a read-only signed system volume, meaning that neither you nor malware can alter important system files.
|
||||
macOS's system components are protected in a read-only [signed system volume](https://support.apple.com/guide/security/signed-system-volume-security-secd698747c9/web), meaning that neither you nor malware can alter important system files.
|
||||
|
||||
The system volume is verified while it's running and any data that's not signed with a valid cryptographic signature from Apple will be rejected.
|
||||
|
||||
#### System Integrity Protection
|
||||
|
||||
macOS sets certain security restrictions that can't be overridden. These are called Mandatory Access Controls, and they form the basis of the sandbox, parental controls, and System Integrity Protection on macOS.
|
||||
macOS sets certain security restrictions that can't be overridden. These are called [Mandatory Access Controls](https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/1/web/1), and they form the basis of the sandbox, parental controls, and [System Integrity Protection](https://support.apple.com/en-us/102149) on macOS.
|
||||
|
||||
System Integrity Protection makes critical file locations read-only to protect against modification from malicious code. This is on top of the hardware-based Kernel Integrity Protection that keeps the kernel from being modified in-memory.
|
||||
|
||||
@@ -172,7 +186,7 @@ System Integrity Protection makes critical file locations read-only to protect a
|
||||
|
||||
##### App Sandbox
|
||||
|
||||
On macOS, whether an app is sandboxed is determined by the developer when they sign it. The App Sandbox protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the App Store.
|
||||
On macOS, whether an app is sandboxed is determined by the developer when they sign it. The [App Sandbox](https://developer.apple.com/documentation/xcode/configuring-the-macos-app-sandbox) protects against vulnerabilities in the apps you run by limiting what a malicious actor can access in the event that the app is exploited. The App Sandbox *alone* can't protect against [:material-package-variant-closed-remove: Supply Chain Attacks](../basics/common-threats.md#attacks-against-certain-organizations){ .pg-viridian } by malicious developers. For that, sandboxing needs to be enforced by someone other than the developer themselves, as it is on the [App Store](https://support.apple.com/guide/security/gatekeeper-and-runtime-protection-sec5599b66df/1/web/1#:~:text=All%20apps%20from%20the%20App%20Store%20are%20sandboxed%20to%20restrict%20access%20to%20data%20stored%20by%20other%20apps.).
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
@@ -224,7 +238,7 @@ You can enable a column in Activity Monitor called "Restricted" which is a flag
|
||||
|
||||
##### Antivirus
|
||||
|
||||
macOS comes with two forms of malware defense:
|
||||
macOS comes with two forms of [malware defense](https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1):
|
||||
|
||||
1. Protection against launching malware in the first place is provided by the App Store's review process for App Store applications, or *Notarization* (part of *Gatekeeper*), a process where third-party apps are scanned for known malware by Apple before they are allowed to run. Apps are required to be signed by the developers using a key given to them by Apple. This ensures that you are running software from the real developers. Notarization also requires that developers enable the Hardened Runtime for their apps, which limits methods of exploitation.
|
||||
2. Protection against other malware and remediation from existing malware on your system is provided by *XProtect*, a more traditional antivirus software built-in to macOS.
|
||||
@@ -233,7 +247,7 @@ We recommend against installing third-party antivirus software as they typically
|
||||
|
||||
##### Backups
|
||||
|
||||
macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create encrypted backups to an external drive or a network drive in the event of corrupted/deleted files.
|
||||
macOS comes with automatic backup software called [Time Machine](https://support.apple.com/HT201250), so you can create [encrypted backups](https://support.apple.com/guide/mac-help/keep-your-time-machine-backup-disk-secure-mh21241/mac) to an external drive or a network drive in the event of corrupted/deleted files.
|
||||
|
||||
### Hardware Security
|
||||
|
||||
@@ -241,21 +255,21 @@ Many modern security features in macOS—such as modern Secure Boot, hardware-le
|
||||
|
||||
Some of these modern security features are available on older Intel-based Mac computers with the Apple T2 Security Chip, but that chip is susceptible to the *checkm8* exploit which could compromise its security.
|
||||
|
||||
If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will automatically be updated for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
|
||||
If you use Bluetooth accessories such as a keyboard, we recommend that you use official Apple ones as their firmware will [automatically be updated](https://support.apple.com/en-us/120303#:~:text=Firmware%20updates%20are%20automatically%20delivered%20in%20the%20background%20while%20the%20Magic%20Keyboard%20is%20actively%20paired%20to%20a%20device%20running%20macOS%2C%20iOS%2C%20iPadOS%2C%20or%20tvOS.) for you by macOS. Using third party accessories is fine, but you should remember to install firmware updates for them regularly.
|
||||
|
||||
Apple's SoCs focus on minimizing attack surface by relegating security functions to dedicated hardware with limited functionality.
|
||||
Apple's SoCs focus on [minimizing attack surface](https://support.apple.com/en-vn/guide/security/secf020d1074/web#:~:text=Security%2Dfocused%20hardware%20follows%20the%20principle%20of%20supporting%20limited%20and%20discretely%20defined%20functions%20to%20minimize%20attack%20surface.) by relegating security functions to dedicated hardware with limited functionality.
|
||||
|
||||
#### Boot ROM
|
||||
|
||||
macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as secure boot. Mac computers verify this with a bit of read-only memory on the SoC called the boot ROM, which is laid down during the manufacturing of the chip.
|
||||
macOS prevents malware persistence by only allowing official Apple software to run at boot time; this is known as [secure boot](https://support.apple.com/en-vn/guide/security/secac71d5623/1/web/1). Mac computers verify this with a bit of read-only memory on the SoC called the [boot ROM](https://support.apple.com/en-vn/guide/security/aside/sec5240db956/1/web/1), which is [laid down during the manufacturing of the chip](https://support.apple.com/en-vn/guide/security/secf020d1074/1/web/1#:~:text=which%20is%20laid%20down%20during%20Apple%20SoC%20fabrication).
|
||||
|
||||
The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
|
||||
The boot ROM forms the hardware root of trust. This ensures that malware cannot tamper with the boot process, since the boot ROM is immutable. When your Mac boots up, the boot ROM is the first thing that runs, forming the first link in the chain of trust.
|
||||
|
||||
Mac computers can be configured to boot in three security modes: *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **kernel extensions** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
|
||||
Mac computers can be configured to boot in [three security modes](https://support.apple.com/guide/deployment/startup-security-dep5810e849c/web#dep32fb404e1): *Full Security*, *Reduced Security*, and *Permissive Security*, with the default setting being Full Security. You should ideally be using Full Security mode and avoid things like **[kernel extensions](https://support.apple.com/guide/deployment/system-extensions-in-macos-depa5fb8376f/web#dep51e097f45)** that force you to lower your security mode. Make sure to [check](https://support.apple.com/guide/mac-help/change-security-settings-startup-disk-a-mac-mchl768f7291/mac) that you're using Full Security mode.
|
||||
|
||||
#### Secure Enclave
|
||||
|
||||
The Secure Enclave is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own separate boot ROM.
|
||||
The **[Secure Enclave](https://support.apple.com/guide/security/secure-enclave-sec59b0b31ff/web)** is a security chip built into devices with Apple Silicon which is responsible for storing and generating encryption keys for data at rest as well as Face ID and Touch ID data. It contains its own [separate boot ROM](https://support.apple.com/en-vn/guide/security/sec59b0b31ff/web#sec43006c49f).
|
||||
|
||||
You can think of the Secure Enclave as your device's security hub: it has an AES encryption engine and a mechanism to securely store your encryption keys, and it's separated from the rest of the system, so even if the main processor is compromised, it should still be safe.
|
||||
|
||||
@@ -263,17 +277,21 @@ You can think of the Secure Enclave as your device's security hub: it has an AES
|
||||
|
||||
Apple's Touch ID feature allows you to securely unlock your devices using biometrics.
|
||||
|
||||
Your biometric data never leaves your device; it's stored only in the Secure Enclave.
|
||||
Your biometric data [never leaves your device](https://www.apple.com/legal/privacy/data/en/touch-id/#:~:text=Touch%C2%A0ID%20data%20does%20not%20leave%20your%20device%2C%20and%20is%20never%20backed%20up%20to%20iCloud%20or%20anywhere%20else.); it's stored only in the Secure Enclave.
|
||||
|
||||
#### Hardware Microphone Disconnect
|
||||
|
||||
All laptops with Apple Silicon or the T2 chip feature a hardware disconnect for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
|
||||
All laptops with Apple Silicon or the T2 chip feature a [hardware disconnect](https://support.apple.com/guide/security/hardware-microphone-disconnect-secbbd20b00b/web) for the built-in microphone whenever the lid is closed. This means that there is no way for an attacker to listen to your Mac's microphone even if the operating system is compromised.
|
||||
|
||||
Note that the camera does not have a hardware disconnect, since its view is obscured when the lid is closed anyway.
|
||||
|
||||
#### Secure Camera Indicator
|
||||
|
||||
The built-in camera in a Mac is designed so that the camera can't turn on without the camera indicator light [also turning on](https://support.apple.com/en-us/102177#:~:text=The%20camera%20is%20engineered%20so%20that%20it%20can’t%20activate%20without%20the%20camera%20indicator%20light%20also%20turning%20on.%20This%20is%20how%20you%20can%20tell%20if%20your%20camera%20is%20on.).
|
||||
|
||||
#### Peripheral Processor Security
|
||||
|
||||
Computers have built-in processors other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
|
||||
Computers have [built-in processors](https://support.apple.com/en-vn/guide/security/seca500d4f2b/1/web/1) other than the main CPU that handle things like networking, graphics, power management, etc. These processors can have insufficient security and become compromised, therefore Apple tries to minimize the need for these processors in their hardware.
|
||||
|
||||
When it is necessary to use one of these processors, Apple works with the vendor to ensure that the processor
|
||||
|
||||
@@ -286,8 +304,8 @@ When it is necessary to use one of these processors, Apple works with the vendor
|
||||
|
||||
#### Direct Memory Access Protections
|
||||
|
||||
Apple Silicon separates each component that requires direct memory access. For example, a Thunderbolt port can't access memory designated for the kernel.
|
||||
Apple Silicon separates each component that requires [direct memory access](https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1). For example, a Thunderbolt port can't access memory designated for the kernel.
|
||||
|
||||
## Sources
|
||||
#### Terminal Secure Keyboard Entry
|
||||
|
||||
- [Apple Platform Security](https://support.apple.com/guide/security/welcome/web)
|
||||
Enable [Secure Keyboard Entry](https://support.apple.com/guide/terminal/use-secure-keyboard-entry-trml109/mac) to prevent other apps from detecting what you type in the terminal.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user