mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2026-04-28 16:31:34 +00:00
Compare commits
84 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 jonah
|
331d05cda2
|
||
|
jonah
|
23b37858ab | ||
 Tiagoquix
|
f631efa5a8 | ||
|
jonah
|
13bb6dba63
|
||
|
Em
|
48892749cc | ||
|
jonah
|
4fc69e1dca
|
||
|
jonah
|
b949185f00
|
||
|
ph00lt0
|
ce17fa6ff4
|
||
|
Daniel Nathan Gray
|
f261bc7b9d | ||
|
Triple I - Triple T
|
7b7f7b0ef7 | ||
|
redoomed1
|
e40cb300ad | ||
|
LesCyclopes
|
a54659075e | ||
|
Melissa Silva
|
5d16e24bbf | ||
|
jonah
|
8f7014158e
|
||
|
jonah
|
d5910f17ca | ||
|
eylenburg
|
0f920c47e3 | ||
|
fria
|
40f3814402 | ||
|
fria
|
4d4cb82345 | ||
|
redoomed1
|
ef23d72ede | ||
|
fria
|
cb2ea5e18c | ||
|
redoomed1
|
6fe04d10e7 | ||
|
fria
|
5dc4a15c2f | ||
|
redoomed1
|
da3a3b59f6 | ||
|
Rahul Sandhu
|
49d627d740 | ||
|
jonah
|
0cc8ce0beb | ||
|
n3thshan
|
100db6c823 | ||
|
redoomed1
|
f0cc351c6b | ||
|
fria
|
330ec3a4e1 | ||
|
redoomed1
|
fff721a748 | ||
|
Triple I - Triple T
|
441c4155ba | ||
|
redoomed1
|
23f873ac33 | ||
|
jonah
|
be042fe060
|
||
|
redoomed1
|
6c40408f36 | ||
|
redoomed1
|
0596b57099 | ||
|
Justin Ehrenhofer
|
60e2e901d3 | ||
|
Overwatch
|
eda031ee4a | ||
|
aglovewithoutlove
|
5ad16d7aea | ||
|
jonah
|
d4f8d68610
|
||
|
Em
|
d2dccb6481 | ||
|
fria
|
4198b8d3a5 | ||
|
Em
|
5dedaa7a13 | ||
|
jonah
|
ab2199e9ca
|
||
|
fria
|
78726b4c4a | ||
|
efb4f5ff-1298-471a-8973-3d47447115dc
|
f45720b1be | ||
|
jonah
|
a20561f516
|
||
|
jonah
|
8dd1bade3d
|
||
|
jonah
|
14aac5dbdd | ||
|
redoomed1
|
a7a05a8dd4 | ||
|
Dr Ian Preston
|
373bb1920d | ||
|
jonah
|
7d3d849474
|
||
|
fria
|
16b3e5e16f | ||
|
Em
|
2dd653b12f | ||
|
redoomed1
|
8089e6483e | ||
|
jonah
|
2f95961b9e
|
||
|
redoomed1
|
008d01db23 | ||
|
jonah
|
ee51ff205b
|
||
|
jonah
|
f616c94bd6
|
||
|
William W.
|
c2a904f2c2 | ||
|
jonah
|
c718483844 | ||
|
jonah
|
9b47e749d5 | ||
|
fria
|
999c805c4d | ||
|
jonah
|
047ef27590 | ||
|
rollsicecream
|
47f4ca1979 | ||
|
fria
|
dc6f326f96 | ||
|
jonah
|
b55f1cdb44
|
||
|
jonah
|
0f6ee45157
|
||
|
fria
|
0f10d3b35a | ||
|
jonah
|
c738b4a446
|
||
|
redoomed1
|
81632962a7 | ||
|
fria
|
9b9bb71005 | ||
|
Ganwtrs
|
f9bd8204f2 | ||
|
fria
|
6503cfa9db | ||
|
redoomed1
|
2a6330f774 | ||
|
redoomed1
|
0eee5798b8 | ||
|
jonah
|
30f05ff291
|
||
|
Em
|
7e5ec73759 | ||
|
Em
|
32d84e9a42 | ||
|
jonah
|
19947442a6
|
||
|
Em
|
e55eb0986b | ||
|
jonah
|
e5500a11da
|
||
|
Daniel Gray
|
0c4f98e7fb | ||
|
jonah
|
ac96552200
|
||
|
jonah
|
1a7eb59fee
|
||
|
Em
|
575818a637 |
@@ -1,6 +1,5 @@
|
||||
:1337 {
|
||||
reverse_proxy /articles/* http://127.0.0.1:8001
|
||||
reverse_proxy /videos/* http://127.0.0.1:8002
|
||||
reverse_proxy /en/* http://127.0.0.1:8000
|
||||
redir / /en/
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
// For format details, see https://aka.ms/devcontainer.json.
|
||||
{
|
||||
"name": "Privacy Guides",
|
||||
"image": "ghcr.io/privacyguides/privacyguides.org:sha-55c050b",
|
||||
"image": "ghcr.io/privacyguides/privacyguides.org:sha-5648a3f",
|
||||
// "build": {
|
||||
// "dockerfile": "../Dockerfile",
|
||||
// "context": ".."
|
||||
@@ -19,10 +19,6 @@
|
||||
"8001": {
|
||||
"label": "Articles",
|
||||
"onAutoForward": "silent"
|
||||
},
|
||||
"8002": {
|
||||
"label": "Videos",
|
||||
"onAutoForward": "silent"
|
||||
}
|
||||
},
|
||||
"otherPortsAttributes": {
|
||||
@@ -52,24 +48,10 @@
|
||||
"group": "Live server"
|
||||
}
|
||||
},
|
||||
{
|
||||
"label": "Videos",
|
||||
"type": "shell",
|
||||
"command": "mkdocs serve --config-file=mkdocs.videos.yml --dev-addr=localhost:8002",
|
||||
"group": "test",
|
||||
"runOptions": {
|
||||
"runOn": "folderOpen"
|
||||
},
|
||||
"presentation": {
|
||||
"reveal": "always",
|
||||
"panel": "dedicated",
|
||||
"group": "Live server"
|
||||
}
|
||||
},
|
||||
{
|
||||
"label": "Main",
|
||||
"type": "shell",
|
||||
"command": "./run.sh --cmd=mkdocs --insiders --production",
|
||||
"command": "./run.sh --cmd=mkdocs --insiders",
|
||||
"group": "test",
|
||||
"runOptions": {
|
||||
"runOn": "folderOpen"
|
||||
|
||||
@@ -40,6 +40,11 @@ Dockerfile @jonaharagon
|
||||
/docs/financial-services.md @jonaharagon @SamsungGalaxyPlayer
|
||||
/docs/advanced/payments.md @jonaharagon @SamsungGalaxyPlayer
|
||||
|
||||
# Activism
|
||||
|
||||
/docs/activism.md @EmAtPrivacyGuides
|
||||
/docs/activism/ @EmAtPrivacyGuides
|
||||
|
||||
# Blog authors
|
||||
|
||||
/blog/.authors.yml @jonaharagon @dngray @freddy-m
|
||||
|
||||
@@ -90,8 +90,9 @@ jobs:
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
- name: Build Website (Privileged)
|
||||
|
||||
@@ -73,14 +73,14 @@ jobs:
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
strict: true
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
|
||||
build_i18n:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
|
||||
needs: [submodule, metadata]
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [es, fr, he, it, nl, ru, zh-Hant]
|
||||
lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW]
|
||||
fail-fast: false
|
||||
uses: ./.github/workflows/build.yml
|
||||
with:
|
||||
@@ -90,6 +90,8 @@ jobs:
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
strict: true
|
||||
secrets:
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
|
||||
build_blog:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build blog') }}
|
||||
@@ -101,24 +103,21 @@ jobs:
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
build_videos:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build videos') }}
|
||||
build_zimfile:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build zimfile') }}
|
||||
needs: [submodule, metadata]
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
uses: ./.github/workflows/build-zimfile.yml
|
||||
with:
|
||||
ref: ${{github.event.pull_request.head.ref}}
|
||||
repo: ${{github.event.pull_request.head.repo.full_name}}
|
||||
continue-on-error: true
|
||||
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
|
||||
|
||||
combine_build:
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog]
|
||||
if: |
|
||||
(always() && !cancelled() && !failure()) &&
|
||||
needs.build_english.result == 'success' &&
|
||||
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') &&
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') &&
|
||||
(needs.build_videos.result == 'success' || needs.build_videos.result == 'skipped')
|
||||
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped')
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
@@ -140,5 +139,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_english, build_i18n, build_blog, build_videos]
|
||||
needs: [build_english, build_i18n, build_blog, build_zimfile]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -1,116 +0,0 @@
|
||||
name: 🛠️ Build Videos
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
required: true
|
||||
type: string
|
||||
repo:
|
||||
required: true
|
||||
type: string
|
||||
context:
|
||||
type: string
|
||||
default: deploy-preview
|
||||
continue-on-error:
|
||||
type: boolean
|
||||
default: true
|
||||
privileged:
|
||||
type: boolean
|
||||
default: true
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ inputs.continue-on-error }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
if: inputs.privileged
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python (no pipenv)
|
||||
if: ${{ !inputs.privileged }}
|
||||
uses: actions/setup-python@v5
|
||||
|
||||
- name: Install Python Dependencies
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Install Python Dependencies (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Set base navigation URLs for production build
|
||||
if: inputs.context == 'production'
|
||||
run: |
|
||||
{
|
||||
echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
- name: Build Website (Privileged)
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Build Website (Unprivileged)
|
||||
if: ${{ !inputs.privileged }}
|
||||
run: |
|
||||
BUILD_INSIDERS=false mkdocs build --config-file mkdocs.videos.yml
|
||||
|
||||
- name: Package Website
|
||||
run: |
|
||||
tar -czf site-build-videos.tar.gz site
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: site-build-videos.tar.gz
|
||||
path: site-build-videos.tar.gz
|
||||
retention-days: 1
|
||||
@@ -0,0 +1,609 @@
|
||||
name: 🥝 Build Zimfile
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
required: true
|
||||
type: string
|
||||
repo:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
VIDEOS_SITE_BASE_URL: https://www.privacyguides.org/videos/
|
||||
NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/
|
||||
HOMEPAGE_CTA_ABOUT_LINK: about.html
|
||||
HOMEPAGE_CTA_DONATE_LINK: about/donate.html
|
||||
BUILD_OFFLINE: true
|
||||
PRODUCTION: true
|
||||
CARDS: false
|
||||
GITREVISIONDATE: false
|
||||
GITAUTHORS: false
|
||||
|
||||
jobs:
|
||||
package_eng:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
LANGUAGE_SWITCHER: false
|
||||
MAIN_SITE_BASE_URL: /en/index.html
|
||||
MAIN_SITE_ABOUT_URL: /en/about.html
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
|
||||
ARTICLES_SITE_BASE_URL: /articles/index.html
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
env:
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build English
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=en
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/en/assets
|
||||
SEARCH_DIR: site/en
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Build Articles
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Your central privacy and security resource to protect yourself online." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_all" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
package_eng_kb:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
LANGUAGE_SWITCHER: false
|
||||
ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/
|
||||
NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
env:
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build English
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=en
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/en/assets
|
||||
SEARCH_DIR: site/en
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_kb_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: List Files (for debugging)
|
||||
run: |
|
||||
ls -la site/
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Knowledge base articles and recommendations from Privacy Guides." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_kb" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
package_eng_articles:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
MAIN_SITE_BASE_URL: https://www.privacyguides.org/en/
|
||||
MAIN_SITE_ABOUT_URL: https://www.privacyguides.org/en/about/
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: https://www.privacyguides.org/en/tools/
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: https://www.privacyguides.org/en/basics/
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Build Articles
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s articles/index.html index.html
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_en_articles_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I articles/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l eng \
|
||||
-t "Privacy Guides" \
|
||||
-d "Long-form articles from the Privacy Guides team and other contributors." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_en_articles" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
build_mul:
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: true
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
MAIN_SITE_BASE_URL: /en/index.html
|
||||
MAIN_SITE_ABOUT_URL: /en/about.html
|
||||
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
|
||||
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
|
||||
ARTICLES_SITE_BASE_URL: /articles/index.html
|
||||
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
|
||||
|
||||
steps:
|
||||
- name: Add GitHub Token to Environment
|
||||
run: |
|
||||
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download Submodules
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: repo-*
|
||||
path: modules
|
||||
|
||||
- name: Move mkdocs-material-insiders to mkdocs-material
|
||||
run: |
|
||||
rmdir modules/mkdocs-material
|
||||
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
|
||||
|
||||
- name: Move brand submodule to theme/assets/brand
|
||||
run: |
|
||||
rmdir theme/assets/brand
|
||||
mv modules/repo-brand theme/assets/brand
|
||||
|
||||
- name: Copy Translation Files
|
||||
if: matrix.lang != 'en'
|
||||
run: |
|
||||
cp -rl modules/repo-i18n/i18n .
|
||||
cp -rl modules/repo-i18n/includes .
|
||||
|
||||
- name: Install Python (pipenv)
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
cache: "pipenv"
|
||||
|
||||
- name: Install Python Dependencies
|
||||
run: |
|
||||
pip install pipenv
|
||||
pipenv install
|
||||
sudo apt install pngquant
|
||||
|
||||
- name: Generate Donating Members List
|
||||
env:
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build Website
|
||||
run: |
|
||||
./run.sh --build --production --insiders --offline --lang=${{ matrix.lang }}
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=3
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
--count=12
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/${{ matrix.lang }}/assets
|
||||
SEARCH_DIR: site/${{ matrix.lang }}
|
||||
|
||||
- name: Build Articles
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
pipenv run mkdocs build --config-file mkdocs.blog.yml
|
||||
|
||||
- name: Delete Unreferenced Assets
|
||||
if: matrix.lang == 'en'
|
||||
run: |
|
||||
bash tools/delete-unreferenced.sh
|
||||
env:
|
||||
ASSETS_DIR: site/articles/assets
|
||||
SEARCH_DIR: site/articles
|
||||
|
||||
- name: Package Website
|
||||
run: |
|
||||
tar -czf site-zimready-${{ matrix.lang }}.tar.gz site
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: site-zimready-${{ matrix.lang }}.tar.gz
|
||||
path: site-zimready-${{ matrix.lang }}.tar.gz
|
||||
retention-days: 1
|
||||
compression-level: 0
|
||||
|
||||
package_mul:
|
||||
runs-on: ubuntu-latest
|
||||
needs: [build_mul]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- name: Download Repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ inputs.repo }}
|
||||
ref: ${{ inputs.ref }}
|
||||
persist-credentials: "false"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Download All Sites
|
||||
uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: site-zimready-*
|
||||
merge-multiple: true
|
||||
|
||||
- name: Extract Sites
|
||||
run: |
|
||||
for file in *.tar.gz; do tar -zxf "$file"; done
|
||||
|
||||
- name: Remove Duplicate Files
|
||||
run: |
|
||||
cd site && bash ../tools/symlink-duplicates.sh
|
||||
ln -s en/index.html index.html
|
||||
ln -s en/about/notices.html license
|
||||
cd ..
|
||||
|
||||
- name: Set zimfile name
|
||||
run: |
|
||||
echo "ZIMFILE_NAME=privacyguides.org_mul_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
|
||||
|
||||
- name: List Files (for debugging)
|
||||
run: |
|
||||
ls -la site/
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs \
|
||||
-w index.html \
|
||||
-I en/assets/brand/logos/png/square/pg-yellow.png \
|
||||
-l mul \
|
||||
-t "Privacy Guides" \
|
||||
-d "Your central privacy and security resource to protect yourself online." \
|
||||
-c "Privacy Guides" \
|
||||
-p "Privacy Guides" \
|
||||
-e "https://www.privacyguides.org" \
|
||||
-n "privacyguides.org_mul_all" \
|
||||
/data/site/ /data/${{ env.ZIMFILE_NAME }}
|
||||
|
||||
- name: Upload ZIM File
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
path: ${{ env.ZIMFILE_NAME }}
|
||||
name: ${{ env.ZIMFILE_NAME }}
|
||||
compression-level: 0
|
||||
|
||||
- name: Run zimcheck
|
||||
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
|
||||
continue-on-error: true
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.6.0
|
||||
volumes: ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimcheck /data/${{ env.ZIMFILE_NAME }}
|
||||
@@ -31,7 +31,7 @@ on:
|
||||
type: boolean
|
||||
default: true
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY:
|
||||
MEMBERS_API_URL:
|
||||
required: false
|
||||
|
||||
permissions:
|
||||
@@ -65,8 +65,9 @@ jobs:
|
||||
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
|
||||
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
|
||||
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/articles/"
|
||||
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
|
||||
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
|
||||
echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/"
|
||||
} >> "$GITHUB_ENV"
|
||||
|
||||
- name: Set Metadata for Privileged Builds
|
||||
@@ -160,19 +161,6 @@ jobs:
|
||||
social-cache-${{ inputs.repo }}-${{ inputs.lang }}-
|
||||
social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-
|
||||
|
||||
- name: Restore Optimize Plugin Cache
|
||||
uses: actions/cache/restore@v4
|
||||
id: optimize_cache_restore
|
||||
if: inputs.cache
|
||||
with:
|
||||
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
path: |
|
||||
.cache/plugin/optimize
|
||||
restore-keys: |
|
||||
optimize-cache-${{ inputs.repo }}-
|
||||
optimize-cache-privacyguides/privacyguides.org-
|
||||
optimize-cache-
|
||||
|
||||
- name: Install Python Dependencies
|
||||
if: inputs.privileged
|
||||
run: |
|
||||
@@ -188,12 +176,12 @@ jobs:
|
||||
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd=mkdocs"" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Generate Donating Members List
|
||||
continue-on-error: true
|
||||
env:
|
||||
DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
continue-on-error: true
|
||||
run: |
|
||||
pip install requests
|
||||
python generate-members.py > includes/members.md
|
||||
python tools/generate-members.py > includes/members.md
|
||||
|
||||
- name: Build Website
|
||||
run: |
|
||||
@@ -202,7 +190,7 @@ jobs:
|
||||
- name: Run generate-topics.sh for top posts
|
||||
if: inputs.lang == 'en'
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -211,7 +199,7 @@ jobs:
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
if: inputs.lang == 'en'
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -242,16 +230,6 @@ jobs:
|
||||
.cache/plugin/social/manifest.json
|
||||
.cache/plugin/social/assets
|
||||
|
||||
- name: Find Optimize Plugin Cache
|
||||
uses: actions/cache/restore@v4
|
||||
if: steps.optimize_cache_restore.outputs.cache-hit != 'true' && inputs.cache
|
||||
id: optimize_cache_test
|
||||
with:
|
||||
key: optimize-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
lookup-only: true
|
||||
path: |
|
||||
.cache/plugin/optimize
|
||||
|
||||
- name: Save Privacy Plugin Cache
|
||||
uses: actions/cache/save@v4
|
||||
if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache
|
||||
@@ -268,13 +246,6 @@ jobs:
|
||||
.cache/plugin/social/manifest.json
|
||||
.cache/plugin/social/assets
|
||||
|
||||
- name: Save Optimize Plugin Cache
|
||||
uses: actions/cache/save@v4
|
||||
if: steps.optimize_cache_test.outputs.cache-hit != 'true' && inputs.cache
|
||||
with:
|
||||
key: optimize-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/optimize/manifest.json') }}
|
||||
path: .cache/plugin/optimize
|
||||
|
||||
- name: Upload Site
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
@@ -289,47 +260,3 @@ jobs:
|
||||
name: members.md
|
||||
path: includes/members.md
|
||||
retention-days: 1
|
||||
|
||||
offline_package:
|
||||
if: inputs.config == 'offline' && inputs.lang == 'en'
|
||||
needs: build
|
||||
runs-on: ubuntu-latest
|
||||
continue-on-error: ${{ inputs.continue-on-error }}
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
name: site-offline-en.tar.gz
|
||||
|
||||
- run: |
|
||||
tar -xzf site-offline-en.tar.gz
|
||||
tar -czf offline.tar.gz site/en
|
||||
zip -r -q offline.zip site/en
|
||||
|
||||
- name: Upload tar.gz file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline.tar.gz
|
||||
path: offline.tar.gz
|
||||
|
||||
- name: Upload zip file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline.zip
|
||||
path: offline.zip
|
||||
|
||||
- name: Create ZIM File
|
||||
uses: addnab/docker-run-action@v3
|
||||
with:
|
||||
image: ghcr.io/openzim/zim-tools:3.1.3
|
||||
options: -v ${{ github.workspace }}:/data
|
||||
run: |
|
||||
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site/en /data/offline-privacy_guides.zim
|
||||
|
||||
- name: Upload ZIM file
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: offline-privacy_guides.zim
|
||||
path: offline-privacy_guides.zim
|
||||
|
||||
@@ -27,7 +27,6 @@ on:
|
||||
- "main"
|
||||
paths:
|
||||
- "blog/**"
|
||||
- "videos/**"
|
||||
|
||||
concurrency:
|
||||
group: release-deployment
|
||||
@@ -61,19 +60,8 @@ jobs:
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
build_videos:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
deploy:
|
||||
needs: [build_blog, build_videos]
|
||||
needs: [build_blog]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main
|
||||
with:
|
||||
environment: production
|
||||
@@ -83,5 +71,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build_blog, build_videos]
|
||||
needs: [build_blog]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -89,18 +89,6 @@ jobs:
|
||||
echo "sha=$(cat metadata/SHA)" >> "$GITHUB_OUTPUT"
|
||||
echo "privileged=$(cat metadata/PRIVILEGED)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
deploy_netlify:
|
||||
needs: metadata
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
|
||||
with:
|
||||
netlify_alias: ${{ needs.metadata.outputs.pr_number }}
|
||||
netlify_site_id: ${{ vars.NETLIFY_SITE }}
|
||||
secrets:
|
||||
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
|
||||
|
||||
deploy_garage:
|
||||
needs: metadata
|
||||
permissions:
|
||||
|
||||
@@ -50,8 +50,8 @@ jobs:
|
||||
needs: submodule
|
||||
strategy:
|
||||
matrix:
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
|
||||
build: [build, offline]
|
||||
lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW]
|
||||
build: [build]
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build.yml
|
||||
@@ -64,7 +64,7 @@ jobs:
|
||||
continue-on-error: false
|
||||
cache: false
|
||||
secrets:
|
||||
RO_DISCOURSE_API_KEY: ${{ secrets.RO_DISCOURSE_API_KEY }}
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
|
||||
build_blog:
|
||||
needs: submodule
|
||||
@@ -77,20 +77,18 @@ jobs:
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
build_videos:
|
||||
build_zimfile:
|
||||
needs: submodule
|
||||
permissions:
|
||||
contents: read
|
||||
uses: ./.github/workflows/build-videos.yml
|
||||
uses: ./.github/workflows/build-zimfile.yml
|
||||
with:
|
||||
repo: ${{ github.repository }}
|
||||
ref: ${{ github.ref }}
|
||||
continue-on-error: false
|
||||
context: production
|
||||
|
||||
release:
|
||||
name: Create release notes
|
||||
needs: build
|
||||
needs: [build, build_zimfile]
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: write
|
||||
@@ -98,21 +96,20 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/download-artifact@v4
|
||||
with:
|
||||
pattern: offline*
|
||||
pattern: "*.zim"
|
||||
merge-multiple: true
|
||||
|
||||
- name: Create release notes
|
||||
uses: ncipollo/release-action@v1
|
||||
with:
|
||||
generateReleaseNotes: true
|
||||
artifacts: "offline.zip,offline.tar.gz,offline-privacy_guides.zim"
|
||||
artifacts: "*.zim"
|
||||
makeLatest: true
|
||||
|
||||
deploy:
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog]
|
||||
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
|
||||
secrets:
|
||||
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
|
||||
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
|
||||
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
|
||||
PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
|
||||
@@ -126,5 +123,5 @@ jobs:
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
needs: [build, build_blog, build_videos]
|
||||
needs: [build, build_blog, build_zimfile]
|
||||
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
|
||||
|
||||
@@ -53,6 +53,8 @@ jobs:
|
||||
repo: ${{ github.repository }}
|
||||
lang: ${{ matrix.lang }}
|
||||
continue-on-error: true
|
||||
secrets:
|
||||
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
|
||||
|
||||
cleanup:
|
||||
if: ${{ always() }}
|
||||
|
||||
@@ -57,7 +57,7 @@ jobs:
|
||||
|
||||
- name: Run generate-topics.sh for top posts
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
|
||||
--tag="top posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
@@ -65,7 +65,7 @@ jobs:
|
||||
|
||||
- name: Run generate-topics.sh for latest posts
|
||||
run: |
|
||||
bash generate-topics.sh \
|
||||
bash tools/generate-topics.sh \
|
||||
--source='https://discuss.privacyguides.net/latest.json' \
|
||||
--tag="latest posts" \
|
||||
--destination="./site/en/index.html" \
|
||||
|
||||
@@ -15,6 +15,7 @@ Jonah Aragon <jonah@privacyguides.org> <jonah@triplebit.net>
|
||||
Jonah Aragon <jonah@privacyguides.org> <jonah@privacytools.io>
|
||||
Jonah Aragon <jonah@privacyguides.org> <github@aragon.science>
|
||||
Jordan Warne <jordan@privacyguides.org> <jw@omg.lol>
|
||||
Jordan Warne <jordan@privacyguides.org> <contact@jordanwarne.net>
|
||||
Justin Ehrenhofer <justin.ehrenhofer@gmail.com> <12520755+SamsungGalaxyPlayer@users.noreply.github.com>
|
||||
Mare Polaris <ph00lt0@privacyguides.org> <15004290+ph00lt0@users.noreply.github.com>
|
||||
Niek de Wilde <niek@privacyguides.org> <github.ef27z@simplelogin.com>
|
||||
|
||||
Vendored
+2
-1
@@ -316,7 +316,6 @@ cryptofs
|
||||
siv-mode
|
||||
cryptolib-swift
|
||||
cryptomator-objc-cryptor
|
||||
Picocrypt
|
||||
VeraCrypt
|
||||
TrueCrypt
|
||||
cryptoprocessor
|
||||
@@ -569,3 +568,5 @@ allowlisted
|
||||
MyMonero
|
||||
Monero-LWS
|
||||
OkCupid
|
||||
Anom
|
||||
misgendering
|
||||
|
||||
Vendored
+2
-1
@@ -115,5 +115,6 @@
|
||||
"editor.formatOnSave": true,
|
||||
"[github-actions-workflow]": {
|
||||
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
||||
}
|
||||
},
|
||||
"python-envs.pythonProjects": []
|
||||
}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
https://www.privacyguides.org/funding.json
|
||||
Generated
+244
-195
@@ -64,11 +64,11 @@
|
||||
},
|
||||
"certifi": {
|
||||
"hashes": [
|
||||
"sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6",
|
||||
"sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3"
|
||||
"sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407",
|
||||
"sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5"
|
||||
],
|
||||
"markers": "python_version >= '3.6'",
|
||||
"version": "==2025.4.26"
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==2025.8.3"
|
||||
},
|
||||
"cffi": {
|
||||
"hashes": [
|
||||
@@ -145,101 +145,88 @@
|
||||
},
|
||||
"charset-normalizer": {
|
||||
"hashes": [
|
||||
"sha256:005fa3432484527f9732ebd315da8da8001593e2cf46a3d817669f062c3d9ed4",
|
||||
"sha256:046595208aae0120559a67693ecc65dd75d46f7bf687f159127046628178dc45",
|
||||
"sha256:0c29de6a1a95f24b9a1aa7aefd27d2487263f00dfd55a77719b530788f75cff7",
|
||||
"sha256:0c8c57f84ccfc871a48a47321cfa49ae1df56cd1d965a09abe84066f6853b9c0",
|
||||
"sha256:0f5d9ed7f254402c9e7d35d2f5972c9bbea9040e99cd2861bd77dc68263277c7",
|
||||
"sha256:18dd2e350387c87dabe711b86f83c9c78af772c748904d372ade190b5c7c9d4d",
|
||||
"sha256:1b1bde144d98e446b056ef98e59c256e9294f6b74d7af6846bf5ffdafd687a7d",
|
||||
"sha256:1c95a1e2902a8b722868587c0e1184ad5c55631de5afc0eb96bc4b0d738092c0",
|
||||
"sha256:1cad5f45b3146325bb38d6855642f6fd609c3f7cad4dbaf75549bf3b904d3184",
|
||||
"sha256:21b2899062867b0e1fde9b724f8aecb1af14f2778d69aacd1a5a1853a597a5db",
|
||||
"sha256:24498ba8ed6c2e0b56d4acbf83f2d989720a93b41d712ebd4f4979660db4417b",
|
||||
"sha256:25a23ea5c7edc53e0f29bae2c44fcb5a1aa10591aae107f2a2b2583a9c5cbc64",
|
||||
"sha256:289200a18fa698949d2b39c671c2cc7a24d44096784e76614899a7ccf2574b7b",
|
||||
"sha256:28a1005facc94196e1fb3e82a3d442a9d9110b8434fc1ded7a24a2983c9888d8",
|
||||
"sha256:32fc0341d72e0f73f80acb0a2c94216bd704f4f0bce10aedea38f30502b271ff",
|
||||
"sha256:36b31da18b8890a76ec181c3cf44326bf2c48e36d393ca1b72b3f484113ea344",
|
||||
"sha256:3c21d4fca343c805a52c0c78edc01e3477f6dd1ad7c47653241cf2a206d4fc58",
|
||||
"sha256:3fddb7e2c84ac87ac3a947cb4e66d143ca5863ef48e4a5ecb83bd48619e4634e",
|
||||
"sha256:43e0933a0eff183ee85833f341ec567c0980dae57c464d8a508e1b2ceb336471",
|
||||
"sha256:4a476b06fbcf359ad25d34a057b7219281286ae2477cc5ff5e3f70a246971148",
|
||||
"sha256:4e594135de17ab3866138f496755f302b72157d115086d100c3f19370839dd3a",
|
||||
"sha256:50bf98d5e563b83cc29471fa114366e6806bc06bc7a25fd59641e41445327836",
|
||||
"sha256:5a9979887252a82fefd3d3ed2a8e3b937a7a809f65dcb1e068b090e165bbe99e",
|
||||
"sha256:5baececa9ecba31eff645232d59845c07aa030f0c81ee70184a90d35099a0e63",
|
||||
"sha256:5bf4545e3b962767e5c06fe1738f951f77d27967cb2caa64c28be7c4563e162c",
|
||||
"sha256:6333b3aa5a12c26b2a4d4e7335a28f1475e0e5e17d69d55141ee3cab736f66d1",
|
||||
"sha256:65c981bdbd3f57670af8b59777cbfae75364b483fa8a9f420f08094531d54a01",
|
||||
"sha256:68a328e5f55ec37c57f19ebb1fdc56a248db2e3e9ad769919a58672958e8f366",
|
||||
"sha256:6a0289e4589e8bdfef02a80478f1dfcb14f0ab696b5a00e1f4b8a14a307a3c58",
|
||||
"sha256:6b66f92b17849b85cad91259efc341dce9c1af48e2173bf38a85c6329f1033e5",
|
||||
"sha256:6c9379d65defcab82d07b2a9dfbfc2e95bc8fe0ebb1b176a3190230a3ef0e07c",
|
||||
"sha256:6fc1f5b51fa4cecaa18f2bd7a003f3dd039dd615cd69a2afd6d3b19aed6775f2",
|
||||
"sha256:70f7172939fdf8790425ba31915bfbe8335030f05b9913d7ae00a87d4395620a",
|
||||
"sha256:721c76e84fe669be19c5791da68232ca2e05ba5185575086e384352e2c309597",
|
||||
"sha256:7222ffd5e4de8e57e03ce2cef95a4c43c98fcb72ad86909abdfc2c17d227fc1b",
|
||||
"sha256:75d10d37a47afee94919c4fab4c22b9bc2a8bf7d4f46f87363bcf0573f3ff4f5",
|
||||
"sha256:76af085e67e56c8816c3ccf256ebd136def2ed9654525348cfa744b6802b69eb",
|
||||
"sha256:770cab594ecf99ae64c236bc9ee3439c3f46be49796e265ce0cc8bc17b10294f",
|
||||
"sha256:7a6ab32f7210554a96cd9e33abe3ddd86732beeafc7a28e9955cdf22ffadbab0",
|
||||
"sha256:7c48ed483eb946e6c04ccbe02c6b4d1d48e51944b6db70f697e089c193404941",
|
||||
"sha256:7f56930ab0abd1c45cd15be65cc741c28b1c9a34876ce8c17a2fa107810c0af0",
|
||||
"sha256:8075c35cd58273fee266c58c0c9b670947c19df5fb98e7b66710e04ad4e9ff86",
|
||||
"sha256:8272b73e1c5603666618805fe821edba66892e2870058c94c53147602eab29c7",
|
||||
"sha256:82d8fd25b7f4675d0c47cf95b594d4e7b158aca33b76aa63d07186e13c0e0ab7",
|
||||
"sha256:844da2b5728b5ce0e32d863af26f32b5ce61bc4273a9c720a9f3aa9df73b1455",
|
||||
"sha256:8755483f3c00d6c9a77f490c17e6ab0c8729e39e6390328e42521ef175380ae6",
|
||||
"sha256:915f3849a011c1f593ab99092f3cecfcb4d65d8feb4a64cf1bf2d22074dc0ec4",
|
||||
"sha256:926ca93accd5d36ccdabd803392ddc3e03e6d4cd1cf17deff3b989ab8e9dbcf0",
|
||||
"sha256:982bb1e8b4ffda883b3d0a521e23abcd6fd17418f6d2c4118d257a10199c0ce3",
|
||||
"sha256:98f862da73774290f251b9df8d11161b6cf25b599a66baf087c1ffe340e9bfd1",
|
||||
"sha256:9cbfacf36cb0ec2897ce0ebc5d08ca44213af24265bd56eca54bee7923c48fd6",
|
||||
"sha256:a370b3e078e418187da8c3674eddb9d983ec09445c99a3a263c2011993522981",
|
||||
"sha256:a955b438e62efdf7e0b7b52a64dc5c3396e2634baa62471768a64bc2adb73d5c",
|
||||
"sha256:aa6af9e7d59f9c12b33ae4e9450619cf2488e2bbe9b44030905877f0b2324980",
|
||||
"sha256:aa88ca0b1932e93f2d961bf3addbb2db902198dca337d88c89e1559e066e7645",
|
||||
"sha256:aaeeb6a479c7667fbe1099af9617c83aaca22182d6cf8c53966491a0f1b7ffb7",
|
||||
"sha256:aaf27faa992bfee0264dc1f03f4c75e9fcdda66a519db6b957a3f826e285cf12",
|
||||
"sha256:b2680962a4848b3c4f155dc2ee64505a9c57186d0d56b43123b17ca3de18f0fa",
|
||||
"sha256:b2d318c11350e10662026ad0eb71bb51c7812fc8590825304ae0bdd4ac283acd",
|
||||
"sha256:b33de11b92e9f75a2b545d6e9b6f37e398d86c3e9e9653c4864eb7e89c5773ef",
|
||||
"sha256:b3daeac64d5b371dea99714f08ffc2c208522ec6b06fbc7866a450dd446f5c0f",
|
||||
"sha256:be1e352acbe3c78727a16a455126d9ff83ea2dfdcbc83148d2982305a04714c2",
|
||||
"sha256:bee093bf902e1d8fc0ac143c88902c3dfc8941f7ea1d6a8dd2bcb786d33db03d",
|
||||
"sha256:c72fbbe68c6f32f251bdc08b8611c7b3060612236e960ef848e0a517ddbe76c5",
|
||||
"sha256:c9e36a97bee9b86ef9a1cf7bb96747eb7a15c2f22bdb5b516434b00f2a599f02",
|
||||
"sha256:cddf7bd982eaa998934a91f69d182aec997c6c468898efe6679af88283b498d3",
|
||||
"sha256:cf713fe9a71ef6fd5adf7a79670135081cd4431c2943864757f0fa3a65b1fafd",
|
||||
"sha256:d11b54acf878eef558599658b0ffca78138c8c3655cf4f3a4a673c437e67732e",
|
||||
"sha256:d41c4d287cfc69060fa91cae9683eacffad989f1a10811995fa309df656ec214",
|
||||
"sha256:d524ba3f1581b35c03cb42beebab4a13e6cdad7b36246bd22541fa585a56cccd",
|
||||
"sha256:daac4765328a919a805fa5e2720f3e94767abd632ae410a9062dff5412bae65a",
|
||||
"sha256:db4c7bf0e07fc3b7d89ac2a5880a6a8062056801b83ff56d8464b70f65482b6c",
|
||||
"sha256:dc7039885fa1baf9be153a0626e337aa7ec8bf96b0128605fb0d77788ddc1681",
|
||||
"sha256:dccab8d5fa1ef9bfba0590ecf4d46df048d18ffe3eec01eeb73a42e0d9e7a8ba",
|
||||
"sha256:dedb8adb91d11846ee08bec4c8236c8549ac721c245678282dcb06b221aab59f",
|
||||
"sha256:e45ba65510e2647721e35323d6ef54c7974959f6081b58d4ef5d87c60c84919a",
|
||||
"sha256:e53efc7c7cee4c1e70661e2e112ca46a575f90ed9ae3fef200f2a25e954f4b28",
|
||||
"sha256:e635b87f01ebc977342e2697d05b56632f5f879a4f15955dfe8cef2448b51691",
|
||||
"sha256:e70e990b2137b29dc5564715de1e12701815dacc1d056308e2b17e9095372a82",
|
||||
"sha256:e8082b26888e2f8b36a042a58307d5b917ef2b1cacab921ad3323ef91901c71a",
|
||||
"sha256:e8323a9b031aa0393768b87f04b4164a40037fb2a3c11ac06a03ffecd3618027",
|
||||
"sha256:e92fca20c46e9f5e1bb485887d074918b13543b1c2a1185e69bb8d17ab6236a7",
|
||||
"sha256:eb30abc20df9ab0814b5a2524f23d75dcf83cde762c161917a2b4b7b55b1e518",
|
||||
"sha256:eba9904b0f38a143592d9fc0e19e2df0fa2e41c3c3745554761c5f6447eedabf",
|
||||
"sha256:ef8de666d6179b009dce7bcb2ad4c4a779f113f12caf8dc77f0162c29d20490b",
|
||||
"sha256:efd387a49825780ff861998cd959767800d54f8308936b21025326de4b5a42b9",
|
||||
"sha256:f0aa37f3c979cf2546b73e8222bbfa3dc07a641585340179d768068e3455e544",
|
||||
"sha256:f4074c5a429281bf056ddd4c5d3b740ebca4d43ffffe2ef4bf4d2d05114299da",
|
||||
"sha256:f69a27e45c43520f5487f27627059b64aaf160415589230992cec34c5e18a509",
|
||||
"sha256:fb707f3e15060adf5b7ada797624a6c6e0138e2a26baa089df64c68ee98e040f",
|
||||
"sha256:fcbe676a55d7445b22c10967bceaaf0ee69407fbe0ece4d032b6eb8d4565982a",
|
||||
"sha256:fdb20a30fe1175ecabed17cbf7812f7b804b8a315a25f24678bcdf120a90077f"
|
||||
"sha256:00237675befef519d9af72169d8604a067d92755e84fe76492fef5441db05b91",
|
||||
"sha256:02425242e96bcf29a49711b0ca9f37e451da7c70562bc10e8ed992a5a7a25cc0",
|
||||
"sha256:027b776c26d38b7f15b26a5da1044f376455fb3766df8fc38563b4efbc515154",
|
||||
"sha256:07a0eae9e2787b586e129fdcbe1af6997f8d0e5abaa0bc98c0e20e124d67e601",
|
||||
"sha256:0cacf8f7297b0c4fcb74227692ca46b4a5852f8f4f24b3c766dd94a1075c4884",
|
||||
"sha256:0e78314bdc32fa80696f72fa16dc61168fda4d6a0c014e0380f9d02f0e5d8a07",
|
||||
"sha256:0f2be7e0cf7754b9a30eb01f4295cc3d4358a479843b31f328afd210e2c7598c",
|
||||
"sha256:13faeacfe61784e2559e690fc53fa4c5ae97c6fcedb8eb6fb8d0a15b475d2c64",
|
||||
"sha256:14c2a87c65b351109f6abfc424cab3927b3bdece6f706e4d12faaf3d52ee5efe",
|
||||
"sha256:1606f4a55c0fd363d754049cdf400175ee96c992b1f8018b993941f221221c5f",
|
||||
"sha256:16a8770207946ac75703458e2c743631c79c59c5890c80011d536248f8eaa432",
|
||||
"sha256:18343b2d246dc6761a249ba1fb13f9ee9a2bcd95decc767319506056ea4ad4dc",
|
||||
"sha256:18b97b8404387b96cdbd30ad660f6407799126d26a39ca65729162fd810a99aa",
|
||||
"sha256:1bb60174149316da1c35fa5233681f7c0f9f514509b8e399ab70fea5f17e45c9",
|
||||
"sha256:1e8ac75d72fa3775e0b7cb7e4629cec13b7514d928d15ef8ea06bca03ef01cae",
|
||||
"sha256:1ef99f0456d3d46a50945c98de1774da86f8e992ab5c77865ea8b8195341fc19",
|
||||
"sha256:2001a39612b241dae17b4687898843f254f8748b796a2e16f1051a17078d991d",
|
||||
"sha256:23b6b24d74478dc833444cbd927c338349d6ae852ba53a0d02a2de1fce45b96e",
|
||||
"sha256:252098c8c7a873e17dd696ed98bbe91dbacd571da4b87df3736768efa7a792e4",
|
||||
"sha256:257f26fed7d7ff59921b78244f3cd93ed2af1800ff048c33f624c87475819dd7",
|
||||
"sha256:2c322db9c8c89009a990ef07c3bcc9f011a3269bc06782f916cd3d9eed7c9312",
|
||||
"sha256:30a96e1e1f865f78b030d65241c1ee850cdf422d869e9028e2fc1d5e4db73b92",
|
||||
"sha256:30d006f98569de3459c2fc1f2acde170b7b2bd265dc1943e87e1a4efe1b67c31",
|
||||
"sha256:31a9a6f775f9bcd865d88ee350f0ffb0e25936a7f930ca98995c05abf1faf21c",
|
||||
"sha256:320e8e66157cc4e247d9ddca8e21f427efc7a04bbd0ac8a9faf56583fa543f9f",
|
||||
"sha256:34a7f768e3f985abdb42841e20e17b330ad3aaf4bb7e7aeeb73db2e70f077b99",
|
||||
"sha256:3653fad4fe3ed447a596ae8638b437f827234f01a8cd801842e43f3d0a6b281b",
|
||||
"sha256:3cd35b7e8aedeb9e34c41385fda4f73ba609e561faedfae0a9e75e44ac558a15",
|
||||
"sha256:3cfb2aad70f2c6debfbcb717f23b7eb55febc0bb23dcffc0f076009da10c6392",
|
||||
"sha256:416175faf02e4b0810f1f38bcb54682878a4af94059a1cd63b8747244420801f",
|
||||
"sha256:41d1fc408ff5fdfb910200ec0e74abc40387bccb3252f3f27c0676731df2b2c8",
|
||||
"sha256:42e5088973e56e31e4fa58eb6bd709e42fc03799c11c42929592889a2e54c491",
|
||||
"sha256:4ca4c094de7771a98d7fbd67d9e5dbf1eb73efa4f744a730437d8a3a5cf994f0",
|
||||
"sha256:511729f456829ef86ac41ca78c63a5cb55240ed23b4b737faca0eb1abb1c41bc",
|
||||
"sha256:53cd68b185d98dde4ad8990e56a58dea83a4162161b1ea9272e5c9182ce415e0",
|
||||
"sha256:585f3b2a80fbd26b048a0be90c5aae8f06605d3c92615911c3a2b03a8a3b796f",
|
||||
"sha256:5b413b0b1bfd94dbf4023ad6945889f374cd24e3f62de58d6bb102c4d9ae534a",
|
||||
"sha256:5d8d01eac18c423815ed4f4a2ec3b439d654e55ee4ad610e153cf02faf67ea40",
|
||||
"sha256:6aab0f181c486f973bc7262a97f5aca3ee7e1437011ef0c2ec04b5a11d16c927",
|
||||
"sha256:6cf8fd4c04756b6b60146d98cd8a77d0cdae0e1ca20329da2ac85eed779b6849",
|
||||
"sha256:6fb70de56f1859a3f71261cbe41005f56a7842cc348d3aeb26237560bfa5e0ce",
|
||||
"sha256:6fce4b8500244f6fcb71465d4a4930d132ba9ab8e71a7859e6a5d59851068d14",
|
||||
"sha256:70bfc5f2c318afece2f5838ea5e4c3febada0be750fcf4775641052bbba14d05",
|
||||
"sha256:73dc19b562516fc9bcf6e5d6e596df0b4eb98d87e4f79f3ae71840e6ed21361c",
|
||||
"sha256:74d77e25adda8581ffc1c720f1c81ca082921329452eba58b16233ab1842141c",
|
||||
"sha256:78deba4d8f9590fe4dae384aeff04082510a709957e968753ff3c48399f6f92a",
|
||||
"sha256:86df271bf921c2ee3818f0522e9a5b8092ca2ad8b065ece5d7d9d0e9f4849bcc",
|
||||
"sha256:88ab34806dea0671532d3f82d82b85e8fc23d7b2dd12fa837978dad9bb392a34",
|
||||
"sha256:8999f965f922ae054125286faf9f11bc6932184b93011d138925a1773830bbe9",
|
||||
"sha256:8dcfc373f888e4fb39a7bc57e93e3b845e7f462dacc008d9749568b1c4ece096",
|
||||
"sha256:939578d9d8fd4299220161fdd76e86c6a251987476f5243e8864a7844476ba14",
|
||||
"sha256:96b2b3d1a83ad55310de8c7b4a2d04d9277d5591f40761274856635acc5fcb30",
|
||||
"sha256:a2d08ac246bb48479170408d6c19f6385fa743e7157d716e144cad849b2dd94b",
|
||||
"sha256:b256ee2e749283ef3ddcff51a675ff43798d92d746d1a6e4631bf8c707d22d0b",
|
||||
"sha256:b5e3b2d152e74e100a9e9573837aba24aab611d39428ded46f4e4022ea7d1942",
|
||||
"sha256:b89bc04de1d83006373429975f8ef9e7932534b8cc9ca582e4db7d20d91816db",
|
||||
"sha256:bd28b817ea8c70215401f657edef3a8aa83c29d447fb0b622c35403780ba11d5",
|
||||
"sha256:c60e092517a73c632ec38e290eba714e9627abe9d301c8c8a12ec32c314a2a4b",
|
||||
"sha256:c6dbd0ccdda3a2ba7c2ecd9d77b37f3b5831687d8dc1b6ca5f56a4880cc7b7ce",
|
||||
"sha256:c6e490913a46fa054e03699c70019ab869e990270597018cef1d8562132c2669",
|
||||
"sha256:c6f162aabe9a91a309510d74eeb6507fab5fff92337a15acbe77753d88d9dcf0",
|
||||
"sha256:c6fd51128a41297f5409deab284fecbe5305ebd7e5a1f959bee1c054622b7018",
|
||||
"sha256:cc34f233c9e71701040d772aa7490318673aa7164a0efe3172b2981218c26d93",
|
||||
"sha256:cc9370a2da1ac13f0153780040f465839e6cccb4a1e44810124b4e22483c93fe",
|
||||
"sha256:ccf600859c183d70eb47e05a44cd80a4ce77394d1ac0f79dbd2dd90a69a3a049",
|
||||
"sha256:ce571ab16d890d23b5c278547ba694193a45011ff86a9162a71307ed9f86759a",
|
||||
"sha256:cf1ebb7d78e1ad8ec2a8c4732c7be2e736f6e5123a4146c5b89c9d1f585f8cef",
|
||||
"sha256:d0e909868420b7049dafd3a31d45125b31143eec59235311fc4c57ea26a4acd2",
|
||||
"sha256:d22dbedd33326a4a5190dd4fe9e9e693ef12160c77382d9e87919bce54f3d4ca",
|
||||
"sha256:d716a916938e03231e86e43782ca7878fb602a125a91e7acb8b5112e2e96ac16",
|
||||
"sha256:d79c198e27580c8e958906f803e63cddb77653731be08851c7df0b1a14a8fc0f",
|
||||
"sha256:d95bfb53c211b57198bb91c46dd5a2d8018b3af446583aab40074bf7988401cb",
|
||||
"sha256:e28e334d3ff134e88989d90ba04b47d84382a828c061d0d1027b1b12a62b39b1",
|
||||
"sha256:ec557499516fc90fd374bf2e32349a2887a876fbf162c160e3c01b6849eaf557",
|
||||
"sha256:fb6fecfd65564f208cbf0fba07f107fb661bcd1a7c389edbced3f7a493f70e37",
|
||||
"sha256:fb731e5deb0c7ef82d698b0f4c5bb724633ee2a489401594c5c88b02e6cb15f7",
|
||||
"sha256:fb7f67a1bfa6e40b438170ebdc8158b78dc465a5a67b6dde178a46987b244a72",
|
||||
"sha256:fd10de089bcdcd1be95a2f73dbe6254798ec1bda9f450d5828c96f93e2536b9c",
|
||||
"sha256:fdabf8315679312cfa71302f9bd509ded4f2f263fb5b765cf1433b39106c3cc9"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.4.2"
|
||||
"version": "==3.4.3"
|
||||
},
|
||||
"click": {
|
||||
"hashes": [
|
||||
@@ -275,11 +262,11 @@
|
||||
},
|
||||
"filelock": {
|
||||
"hashes": [
|
||||
"sha256:adbc88eabb99d2fec8c9c1b229b171f18afa655400173ddc653d5d01501fb9f2",
|
||||
"sha256:c401f4f8377c4464e6db25fff06205fd89bdd83b65eb0488ed1b160f780e21de"
|
||||
"sha256:66eda1888b0171c998b35be2bcc0f6d75c388a7ce20c3f3f37aa8e96c2dddf58",
|
||||
"sha256:d38e30481def20772f5baf097c122c3babc4fcdb7e14e57049eb9d88c6dc017d"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==3.18.0"
|
||||
"version": "==3.19.1"
|
||||
},
|
||||
"ghp-import": {
|
||||
"hashes": [
|
||||
@@ -298,11 +285,11 @@
|
||||
},
|
||||
"gitpython": {
|
||||
"hashes": [
|
||||
"sha256:9e0e10cda9bed1ee64bc9a6de50e7e38a9c9943241cd7f585f6df3ed28011110",
|
||||
"sha256:c87e30b26253bf5418b01b0660f818967f3c503193838337fe5e573331249269"
|
||||
"sha256:85b0ee964ceddf211c41b9f27a49086010a190fd8132a24e21f362a4b36a791c",
|
||||
"sha256:8908cb2e02fb3b93b7eb0f2827125cb699869470432cc885f019b8fd0fccff77"
|
||||
],
|
||||
"markers": "python_version >= '3.7'",
|
||||
"version": "==3.1.44"
|
||||
"version": "==3.1.45"
|
||||
},
|
||||
"hjson": {
|
||||
"hashes": [
|
||||
@@ -336,11 +323,11 @@
|
||||
},
|
||||
"markdown": {
|
||||
"hashes": [
|
||||
"sha256:794a929b79c5af141ef5ab0f2f642d0f7b1872981250230e72682346f7cc90dc",
|
||||
"sha256:7df81e63f0df5c4b24b7d156eb81e4690595239b7d70937d0409f1b0de319c6f"
|
||||
"sha256:9f4d91ed810864ea88a6f32c07ba8bee1346c0cc1f6b1f9f6c822f2a9667d280",
|
||||
"sha256:d2900fe1782bd33bdbbd56859defef70c2e78fc46668f8eb9df3128138f2cb6a"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==3.8"
|
||||
"version": "==3.9"
|
||||
},
|
||||
"markupsafe": {
|
||||
"hashes": [
|
||||
@@ -435,12 +422,12 @@
|
||||
},
|
||||
"mkdocs-git-authors-plugin": {
|
||||
"hashes": [
|
||||
"sha256:acdacc8452db90a94d9c395a230b16965a9f2f51e0a6eef182ac7d3e02e394fb",
|
||||
"sha256:e19f0252ead3d626fd73e15bb56d6675704c3b62aa569ebc363f791291b8f60e"
|
||||
"sha256:28421a99c3e872a8e205674bb80ec48524838243e5f59eaf9bd97df103e38901",
|
||||
"sha256:29d1973b2835663d79986fb756e02f1f0ff3fe35c278e993206bd3c550c205e4"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==0.9.5"
|
||||
"version": "==0.10.0"
|
||||
},
|
||||
"mkdocs-git-revision-date-localized-plugin": {
|
||||
"hashes": [
|
||||
@@ -453,20 +440,21 @@
|
||||
},
|
||||
"mkdocs-glightbox": {
|
||||
"hashes": [
|
||||
"sha256:392b34207bf95991071a16d5f8916d1d2f2cd5d5bb59ae2997485ccd778c70d9",
|
||||
"sha256:e0107beee75d3eb7380ac06ea2d6eac94c999eaa49f8c3cbab0e7be2ac006ccf"
|
||||
],
|
||||
"index": "pypi",
|
||||
"version": "==0.4.0"
|
||||
},
|
||||
"mkdocs-macros-plugin": {
|
||||
"hashes": [
|
||||
"sha256:02432033a5b77fb247d6ec7924e72fc4ceec264165b1644ab8d0dc159c22ce59",
|
||||
"sha256:17c7fd1a49b94defcdb502fd453d17a1e730f8836523379d21292eb2be4cb523"
|
||||
"sha256:7d78a5b045f2479f61b0bbb17742ba701755c56b013e70ac189c9d87a91e80bf",
|
||||
"sha256:f47af0daff164edf8d36e553338425be3aab6e34b987d9cbbc2ae7819a98cb01"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.3.7"
|
||||
"version": "==0.5.1"
|
||||
},
|
||||
"mkdocs-macros-plugin": {
|
||||
"hashes": [
|
||||
"sha256:01b6003fbe9b55fdc97c0abb66f811d65abfd291dcf70f277990165553faa99a",
|
||||
"sha256:c52351295efdbdbb37a9f0ea639719055ddb64a00115457289940e85696a81d9"
|
||||
],
|
||||
"index": "pypi",
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.3.9"
|
||||
},
|
||||
"mkdocs-material": {
|
||||
"extras": [
|
||||
@@ -494,73 +482,68 @@
|
||||
},
|
||||
"msgpack": {
|
||||
"hashes": [
|
||||
"sha256:06f5fd2f6bb2a7914922d935d3b8bb4a7fff3a9a91cfce6d06c13bc42bec975b",
|
||||
"sha256:071603e2f0771c45ad9bc65719291c568d4edf120b44eb36324dcb02a13bfddf",
|
||||
"sha256:0907e1a7119b337971a689153665764adc34e89175f9a34793307d9def08e6ca",
|
||||
"sha256:0f92a83b84e7c0749e3f12821949d79485971f087604178026085f60ce109330",
|
||||
"sha256:115a7af8ee9e8cddc10f87636767857e7e3717b7a2e97379dc2054712693e90f",
|
||||
"sha256:13599f8829cfbe0158f6456374e9eea9f44eee08076291771d8ae93eda56607f",
|
||||
"sha256:17fb65dd0bec285907f68b15734a993ad3fc94332b5bb21b0435846228de1f39",
|
||||
"sha256:2137773500afa5494a61b1208619e3871f75f27b03bcfca7b3a7023284140247",
|
||||
"sha256:3180065ec2abbe13a4ad37688b61b99d7f9e012a535b930e0e683ad6bc30155b",
|
||||
"sha256:398b713459fea610861c8a7b62a6fec1882759f308ae0795b5413ff6a160cf3c",
|
||||
"sha256:3d364a55082fb2a7416f6c63ae383fbd903adb5a6cf78c5b96cc6316dc1cedc7",
|
||||
"sha256:3df7e6b05571b3814361e8464f9304c42d2196808e0119f55d0d3e62cd5ea044",
|
||||
"sha256:41c991beebf175faf352fb940bf2af9ad1fb77fd25f38d9142053914947cdbf6",
|
||||
"sha256:42f754515e0f683f9c79210a5d1cad631ec3d06cea5172214d2176a42e67e19b",
|
||||
"sha256:452aff037287acb1d70a804ffd022b21fa2bb7c46bee884dbc864cc9024128a0",
|
||||
"sha256:4676e5be1b472909b2ee6356ff425ebedf5142427842aa06b4dfd5117d1ca8a2",
|
||||
"sha256:46c34e99110762a76e3911fc923222472c9d681f1094096ac4102c18319e6468",
|
||||
"sha256:471e27a5787a2e3f974ba023f9e265a8c7cfd373632247deb225617e3100a3c7",
|
||||
"sha256:4a1964df7b81285d00a84da4e70cb1383f2e665e0f1f2a7027e683956d04b734",
|
||||
"sha256:4b51405e36e075193bc051315dbf29168d6141ae2500ba8cd80a522964e31434",
|
||||
"sha256:4d1b7ff2d6146e16e8bd665ac726a89c74163ef8cd39fa8c1087d4e52d3a2325",
|
||||
"sha256:53258eeb7a80fc46f62fd59c876957a2d0e15e6449a9e71842b6d24419d88ca1",
|
||||
"sha256:534480ee5690ab3cbed89d4c8971a5c631b69a8c0883ecfea96c19118510c846",
|
||||
"sha256:58638690ebd0a06427c5fe1a227bb6b8b9fdc2bd07701bec13c2335c82131a88",
|
||||
"sha256:58dfc47f8b102da61e8949708b3eafc3504509a5728f8b4ddef84bd9e16ad420",
|
||||
"sha256:59caf6a4ed0d164055ccff8fe31eddc0ebc07cf7326a2aaa0dbf7a4001cd823e",
|
||||
"sha256:5dbad74103df937e1325cc4bfeaf57713be0b4f15e1c2da43ccdd836393e2ea2",
|
||||
"sha256:5e1da8f11a3dd397f0a32c76165cf0c4eb95b31013a94f6ecc0b280c05c91b59",
|
||||
"sha256:646afc8102935a388ffc3914b336d22d1c2d6209c773f3eb5dd4d6d3b6f8c1cb",
|
||||
"sha256:64fc9068d701233effd61b19efb1485587560b66fe57b3e50d29c5d78e7fef68",
|
||||
"sha256:65553c9b6da8166e819a6aa90ad15288599b340f91d18f60b2061f402b9a4915",
|
||||
"sha256:685ec345eefc757a7c8af44a3032734a739f8c45d1b0ac45efc5d8977aa4720f",
|
||||
"sha256:6ad622bf7756d5a497d5b6836e7fc3752e2dd6f4c648e24b1803f6048596f701",
|
||||
"sha256:73322a6cc57fcee3c0c57c4463d828e9428275fb85a27aa2aa1a92fdc42afd7b",
|
||||
"sha256:74bed8f63f8f14d75eec75cf3d04ad581da6b914001b474a5d3cd3372c8cc27d",
|
||||
"sha256:79ec007767b9b56860e0372085f8504db5d06bd6a327a335449508bbee9648fa",
|
||||
"sha256:7a946a8992941fea80ed4beae6bff74ffd7ee129a90b4dd5cf9c476a30e9708d",
|
||||
"sha256:7ad442d527a7e358a469faf43fda45aaf4ac3249c8310a82f0ccff9164e5dccd",
|
||||
"sha256:7c9a35ce2c2573bada929e0b7b3576de647b0defbd25f5139dcdaba0ae35a4cc",
|
||||
"sha256:7e7b853bbc44fb03fbdba34feb4bd414322180135e2cb5164f20ce1c9795ee48",
|
||||
"sha256:879a7b7b0ad82481c52d3c7eb99bf6f0645dbdec5134a4bddbd16f3506947feb",
|
||||
"sha256:8a706d1e74dd3dea05cb54580d9bd8b2880e9264856ce5068027eed09680aa74",
|
||||
"sha256:8a84efb768fb968381e525eeeb3d92857e4985aacc39f3c47ffd00eb4509315b",
|
||||
"sha256:8cf9e8c3a2153934a23ac160cc4cba0ec035f6867c8013cc6077a79823370346",
|
||||
"sha256:8da4bf6d54ceed70e8861f833f83ce0814a2b72102e890cbdfe4b34764cdd66e",
|
||||
"sha256:8e59bca908d9ca0de3dc8684f21ebf9a690fe47b6be93236eb40b99af28b6ea6",
|
||||
"sha256:914571a2a5b4e7606997e169f64ce53a8b1e06f2cf2c3a7273aa106236d43dd5",
|
||||
"sha256:a51abd48c6d8ac89e0cfd4fe177c61481aca2d5e7ba42044fd218cfd8ea9899f",
|
||||
"sha256:a52a1f3a5af7ba1c9ace055b659189f6c669cf3657095b50f9602af3a3ba0fe5",
|
||||
"sha256:ad33e8400e4ec17ba782f7b9cf868977d867ed784a1f5f2ab46e7ba53b6e1e1b",
|
||||
"sha256:b4c01941fd2ff87c2a934ee6055bda4ed353a7846b8d4f341c428109e9fcde8c",
|
||||
"sha256:bce7d9e614a04d0883af0b3d4d501171fbfca038f12c77fa838d9f198147a23f",
|
||||
"sha256:c40ffa9a15d74e05ba1fe2681ea33b9caffd886675412612d93ab17b58ea2fec",
|
||||
"sha256:c5a91481a3cc573ac8c0d9aace09345d989dc4a0202b7fcb312c88c26d4e71a8",
|
||||
"sha256:c921af52214dcbb75e6bdf6a661b23c3e6417f00c603dd2070bccb5c3ef499f5",
|
||||
"sha256:d46cf9e3705ea9485687aa4001a76e44748b609d260af21c4ceea7f2212a501d",
|
||||
"sha256:d8ce0b22b890be5d252de90d0e0d119f363012027cf256185fc3d474c44b1b9e",
|
||||
"sha256:dd432ccc2c72b914e4cb77afce64aab761c1137cc698be3984eee260bcb2896e",
|
||||
"sha256:e0856a2b7e8dcb874be44fea031d22e5b3a19121be92a1e098f46068a11b0870",
|
||||
"sha256:e1f3c3d21f7cf67bcf2da8e494d30a75e4cf60041d98b3f79875afb5b96f3a3f",
|
||||
"sha256:f1ba6136e650898082d9d5a5217d5906d1e138024f836ff48691784bbe1adf96",
|
||||
"sha256:f3e9b4936df53b970513eac1758f3882c88658a220b58dcc1e39606dccaaf01c",
|
||||
"sha256:f80bc7d47f76089633763f952e67f8214cb7b3ee6bfa489b3cb6a84cfac114cd",
|
||||
"sha256:fd2906780f25c8ed5d7b323379f6138524ba793428db5d0e9d226d3fa6aa1788"
|
||||
"sha256:196a736f0526a03653d829d7d4c5500a97eea3648aebfd4b6743875f28aa2af8",
|
||||
"sha256:1abfc6e949b352dadf4bce0eb78023212ec5ac42f6abfd469ce91d783c149c2a",
|
||||
"sha256:1b13fe0fb4aac1aa5320cd693b297fe6fdef0e7bea5518cbc2dd5299f873ae90",
|
||||
"sha256:1d75f3807a9900a7d575d8d6674a3a47e9f227e8716256f35bc6f03fc597ffbf",
|
||||
"sha256:2fbbc0b906a24038c9958a1ba7ae0918ad35b06cb449d398b76a7d08470b0ed9",
|
||||
"sha256:33be9ab121df9b6b461ff91baac6f2731f83d9b27ed948c5b9d1978ae28bf157",
|
||||
"sha256:353b6fc0c36fde68b661a12949d7d49f8f51ff5fa019c1e47c87c4ff34b080ed",
|
||||
"sha256:36043272c6aede309d29d56851f8841ba907a1a3d04435e43e8a19928e243c1d",
|
||||
"sha256:3765afa6bd4832fc11c3749be4ba4b69a0e8d7b728f78e68120a157a4c5d41f0",
|
||||
"sha256:3a89cd8c087ea67e64844287ea52888239cbd2940884eafd2dcd25754fb72232",
|
||||
"sha256:40eae974c873b2992fd36424a5d9407f93e97656d999f43fca9d29f820899084",
|
||||
"sha256:4147151acabb9caed4e474c3344181e91ff7a388b888f1e19ea04f7e73dc7ad5",
|
||||
"sha256:435807eeb1bc791ceb3247d13c79868deb22184e1fc4224808750f0d7d1affc1",
|
||||
"sha256:4835d17af722609a45e16037bb1d4d78b7bdf19d6c0128116d178956618c4e88",
|
||||
"sha256:4a28e8072ae9779f20427af07f53bbb8b4aa81151054e882aee333b158da8752",
|
||||
"sha256:4d3237b224b930d58e9d83c81c0dba7aacc20fcc2f89c1e5423aa0529a4cd142",
|
||||
"sha256:4df2311b0ce24f06ba253fda361f938dfecd7b961576f9be3f3fbd60e87130ac",
|
||||
"sha256:4fd6b577e4541676e0cc9ddc1709d25014d3ad9a66caa19962c4f5de30fc09ef",
|
||||
"sha256:500e85823a27d6d9bba1d057c871b4210c1dd6fb01fbb764e37e4e8847376323",
|
||||
"sha256:5692095123007180dca3e788bb4c399cc26626da51629a31d40207cb262e67f4",
|
||||
"sha256:5fd1b58e1431008a57247d6e7cc4faa41c3607e8e7d4aaf81f7c29ea013cb458",
|
||||
"sha256:61abccf9de335d9efd149e2fff97ed5974f2481b3353772e8e2dd3402ba2bd57",
|
||||
"sha256:61e35a55a546a1690d9d09effaa436c25ae6130573b6ee9829c37ef0f18d5e78",
|
||||
"sha256:6640fd979ca9a212e4bcdf6eb74051ade2c690b862b679bfcb60ae46e6dc4bfd",
|
||||
"sha256:6d489fba546295983abd142812bda76b57e33d0b9f5d5b71c09a583285506f69",
|
||||
"sha256:6f64ae8fe7ffba251fecb8408540c34ee9df1c26674c50c4544d72dbf792e5ce",
|
||||
"sha256:71ef05c1726884e44f8b1d1773604ab5d4d17729d8491403a705e649116c9558",
|
||||
"sha256:77b79ce34a2bdab2594f490c8e80dd62a02d650b91a75159a63ec413b8d104cd",
|
||||
"sha256:78426096939c2c7482bf31ef15ca219a9e24460289c00dd0b94411040bb73ad2",
|
||||
"sha256:79c408fcf76a958491b4e3b103d1c417044544b68e96d06432a189b43d1215c8",
|
||||
"sha256:7a17ac1ea6ec3c7687d70201cfda3b1e8061466f28f686c24f627cae4ea8efd0",
|
||||
"sha256:7da8831f9a0fdb526621ba09a281fadc58ea12701bc709e7b8cbc362feabc295",
|
||||
"sha256:870b9a626280c86cff9c576ec0d9cbcc54a1e5ebda9cd26dab12baf41fee218c",
|
||||
"sha256:88d1e966c9235c1d4e2afac21ca83933ba59537e2e2727a999bf3f515ca2af26",
|
||||
"sha256:88daaf7d146e48ec71212ce21109b66e06a98e5e44dca47d853cbfe171d6c8d2",
|
||||
"sha256:8a8b10fdb84a43e50d38057b06901ec9da52baac6983d3f709d8507f3889d43f",
|
||||
"sha256:8b17ba27727a36cb73aabacaa44b13090feb88a01d012c0f4be70c00f75048b4",
|
||||
"sha256:8b65b53204fe1bd037c40c4148d00ef918eb2108d24c9aaa20bc31f9810ce0a8",
|
||||
"sha256:8ddb2bcfd1a8b9e431c8d6f4f7db0773084e107730ecf3472f1dfe9ad583f3d9",
|
||||
"sha256:96decdfc4adcbc087f5ea7ebdcfd3dee9a13358cae6e81d54be962efc38f6338",
|
||||
"sha256:996f2609ddf0142daba4cefd767d6db26958aac8439ee41db9cc0db9f4c4c3a6",
|
||||
"sha256:9d592d06e3cc2f537ceeeb23d38799c6ad83255289bb84c2e5792e5a8dea268a",
|
||||
"sha256:a32747b1b39c3ac27d0670122b57e6e57f28eefb725e0b625618d1b59bf9d1e0",
|
||||
"sha256:a494554874691720ba5891c9b0b39474ba43ffb1aaf32a5dac874effb1619e1a",
|
||||
"sha256:a8ef6e342c137888ebbfb233e02b8fbd689bb5b5fcc59b34711ac47ebd504478",
|
||||
"sha256:ae497b11f4c21558d95de9f64fff7053544f4d1a17731c866143ed6bb4591238",
|
||||
"sha256:b1ce7f41670c5a69e1389420436f41385b1aa2504c3b0c30620764b15dded2e7",
|
||||
"sha256:b8f93dcddb243159c9e4109c9750ba5b335ab8d48d9522c5308cd05d7e3ce600",
|
||||
"sha256:ba0c325c3f485dc54ec298d8b024e134acf07c10d494ffa24373bea729acf704",
|
||||
"sha256:bb29aaa613c0a1c40d1af111abf025f1732cab333f96f285d6a93b934738a68a",
|
||||
"sha256:bba1be28247e68994355e028dcd668316db30c1f758d3241a7b903ac78dcd285",
|
||||
"sha256:cb643284ab0ed26f6957d969fe0dd8bb17beb567beb8998140b5e38a90974f6c",
|
||||
"sha256:d182dac0221eb8faef2e6f44701812b467c02674a322c739355c39e94730cdbf",
|
||||
"sha256:d275a9e3c81b1093c060c3837e580c37f47c51eca031f7b5fb76f7b8470f5f9b",
|
||||
"sha256:d8b55ea20dc59b181d3f47103f113e6f28a5e1c89fd5b67b9140edb442ab67f2",
|
||||
"sha256:da8f41e602574ece93dbbda1fab24650d6bf2a24089f9e9dbb4f5730ec1e58ad",
|
||||
"sha256:e4141c5a32b5e37905b5940aacbc59739f036930367d7acce7a64e4dec1f5e0b",
|
||||
"sha256:f5be6b6bc52fad84d010cb45433720327ce886009d862f46b26d4d154001994b",
|
||||
"sha256:f6d58656842e1b2ddbe07f43f56b10a60f2ba5826164910968f5933e5178af75"
|
||||
],
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==1.1.0"
|
||||
"version": "==1.1.1"
|
||||
},
|
||||
"packaging": {
|
||||
"hashes": [
|
||||
@@ -672,11 +655,11 @@
|
||||
},
|
||||
"platformdirs": {
|
||||
"hashes": [
|
||||
"sha256:3d512d96e16bcb959a814c9f348431070822a6496326a4be0911c40b5a74c2bc",
|
||||
"sha256:ff7059bb7eb1179e2685604f4aaf157cfd9535242bd23742eadc3c13542139b4"
|
||||
"sha256:abd01743f24e5287cd7a5db3752faf1a2d65353f38ec26d98e25a6db65958c85",
|
||||
"sha256:ca753cf4d81dc309bc67b0ea38fd15dc97bc30ce419a7f58d13eb3bf14c4febf"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==4.3.8"
|
||||
"version": "==4.4.0"
|
||||
},
|
||||
"pycparser": {
|
||||
"hashes": [
|
||||
@@ -786,11 +769,77 @@
|
||||
},
|
||||
"requests": {
|
||||
"hashes": [
|
||||
"sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760",
|
||||
"sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6"
|
||||
"sha256:2462f94637a34fd532264295e186976db0f5d453d1cdd31473c85a6a161affb6",
|
||||
"sha256:dbba0bac56e100853db0ea71b82b4dfd5fe2bf6d3754a8893c3af500cec7d7cf"
|
||||
],
|
||||
"markers": "python_version >= '3.8'",
|
||||
"version": "==2.32.3"
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==2.32.5"
|
||||
},
|
||||
"selectolax": {
|
||||
"hashes": [
|
||||
"sha256:0933659b4250b91317ccd78167e6804389cdaf7ed86c5d034b058a550d23110f",
|
||||
"sha256:0a98c3f3d8fffb175456cb06096bc78103ddf6a209bea6392e0e4ea4e25aca71",
|
||||
"sha256:15679e9935ccf6c480a34baf8fe217c2b2023e0df18799f0232032dc8ac66d41",
|
||||
"sha256:21de62b5093b1cb6c5d4cab0bef5f708b9ee1483b640d42be9d955becfcd287a",
|
||||
"sha256:24f3f5de4051ca33ea769c8a99798c7e30e6500e090e363d5fcd3382b1ae8dfa",
|
||||
"sha256:25cfccfefc41361ab8a07f15a224524a4a8b77dfa7d253b34bbd397e45856734",
|
||||
"sha256:28696fa4581765c705e15d05dfba464334f5f9bcb3eac9f25045f815aec6fbc1",
|
||||
"sha256:29e71fbd58b90d2920ef91a940680cb5331710fe397925ce9d10c3f2f086bf27",
|
||||
"sha256:2bfe4327215a20af4197c5b7e3729a9552fb324bb57250dc7e7abfa0f848a463",
|
||||
"sha256:2f5c3523ad5199a4fb9b95b6e24ff9222d3605023ca394b23f7dd910e7536daf",
|
||||
"sha256:3625057ba0eab766db555f753959cc2759ec8ac49cded7c5f4d507d80fdf9433",
|
||||
"sha256:38462ae369897f71da287f1282079c11f1b878b99a4d1d509d1116ce05226d88",
|
||||
"sha256:394d356ea611a7853c13c910a57c1a80a8356f9c920aa8168b3f8aaa62e433d8",
|
||||
"sha256:3e5354d805dd76b4b38002f58e6ae2e7b429ac311bf3601992a6662d2bc86911",
|
||||
"sha256:3f58dca53d2d3dc18dfd2cb9210a5625f32598db24e3f857f5be58f21a8f3b88",
|
||||
"sha256:45682905dd88e268bb5906ce2c3927e89f77b910824a6f64419bfec482cd67be",
|
||||
"sha256:47587db7cef411d22f8224cf2926aacdb326c4c838d386035229f16ccc2d8d26",
|
||||
"sha256:484274f73839f9a143f4c13ce1b0a0123b5d64be22f967a1dc202a9a78687d67",
|
||||
"sha256:50b18a262ea01ca5522f9a30c28ecadb004be88296f6bd2ace21464f89a3cbcc",
|
||||
"sha256:5388c56456272b2c241fc1906db9cc993984cafdad936cb5e061e3af0c44144e",
|
||||
"sha256:558a0c665538bfd0549c40c4ea46523a77e8eae09f4e678191cf54c31c17517c",
|
||||
"sha256:565304311e45c582e85ec525b0646aede6f8db1f22bc08786e94f7b6552d4311",
|
||||
"sha256:6abdd8357f1c105c1add01a9f0373511fa832548b2e2778b00a8ba2a4508d6ed",
|
||||
"sha256:6c684d66a0f8e48786ef6d79b9e1e84cb1ffd0835232b4033bed37cf978d1303",
|
||||
"sha256:6d3f373efd1db18ac9b2222de2668aaa366a1f0b560241eab128f3ca68e8add1",
|
||||
"sha256:6ff48efe4364c8148a553a4105773a0accee9cc25e0f2a40ddac44d18a5a3000",
|
||||
"sha256:7073e3bcdc60ebdb5f8777c79b465471ec000ab556134da4e00f037d3321a2ec",
|
||||
"sha256:7c10452a3a14ee7aa49afb141c3725ef7ba930d5b5391798daf2e053c414a158",
|
||||
"sha256:8377c317bf1d5fd6ccc56dfb5a0928bbcbea3e800b7af54761cfbbb99dc94cb9",
|
||||
"sha256:85aeae54f055cf5451828a21fbfecac99b8b5c27ec29fd10725b631593a7c9a3",
|
||||
"sha256:90c435bc49395344abdaed80d98079466e8c8b6469118cec5cc9cae4dce8bcad",
|
||||
"sha256:912a1fc03157ebd066d8f59ae9ca2412ef95c7101a51590327c23071b02c97c7",
|
||||
"sha256:97b9971bb37b54ef4440134f22792d15c9ee12d890a526a7fe0b376502240143",
|
||||
"sha256:9858fef96e4e332fa64102f0ab1ecf8f88a9ea46a82d379fb421c8f736b60090",
|
||||
"sha256:9c969626b2295702076f50aac91e44c3bba639fa2e1a612bf6ae254bf29b4d57",
|
||||
"sha256:a3d44a295416b79815d2858ed4ccb71bf3b63087483a5d3705daa837c9dcf44d",
|
||||
"sha256:ac940963c52f13cdf5d7266a979744949b660d367ce669efa073b557f6e09a18",
|
||||
"sha256:aecf29641a4b092331d081fb59f12f6b3fd236c16b48ef6e86419454df787ae1",
|
||||
"sha256:af5cd03298cd75cb0fbf712d6ae4f8aca9c13a226d2821ca82f51cc9b33b032f",
|
||||
"sha256:b0c9005e9089a6b0c6fb6a9f691ddbbb10a3a23ebeff54393980340f3dbcdb99",
|
||||
"sha256:bc1676cd243812ca6ddd79ad53997996535e27db17fda3d440b470bb322f5959",
|
||||
"sha256:bd99ff0f5a6c017c471635d4ee45b61d25f24689331e407147b2cf5e36892480",
|
||||
"sha256:bdd1e63735f2fb8485fb6b9f4fe30d6c030930f438f46a4a62bd9886ab3c7fd9",
|
||||
"sha256:be12a160b1feacd3db1ea2274dcb70dfa9b123b7a1216849eec7b48b6783e903",
|
||||
"sha256:bf14ca824c4c9fd9b0534d0f316657495ffcedbaf77690be335242c688512b86",
|
||||
"sha256:c198a1d3693aeccf1c45871bf3fee4bd46428fa99cdb9f3dfee20e1b48c363c7",
|
||||
"sha256:c6b569fa67a122bfd7f0776c1c922daf122fb4502c8116a903c6168742b84db9",
|
||||
"sha256:cfb803d6bbe0ef3c8847cf5a01167cc428c0d9179946e1c994cc6178b5332d1a",
|
||||
"sha256:d0a6d8e02c6b9ba951d7b5a5dd2788a1d4bbdedc89782a4de165f1a87c4168ac",
|
||||
"sha256:d458db7fee5f6b1ce75664ce8a009343c0aac1993a7b844a997cfea3ad0ea77b",
|
||||
"sha256:d4ecc262db7afb0087e679176043178dc59791fce56659f62775a96d60596f1d",
|
||||
"sha256:d6a1cd0518fa7656ea1683c4b2d3b5a98306753f364da9f673517847e1680a3e",
|
||||
"sha256:db734ba4ef44fa3b57ad9374fd7ccfc7815c0ae5cfcbd5ee25fe8587092618d1",
|
||||
"sha256:deeab93386b6c9a75052515f5b9e7e3dd623c585871c0c2b3126970ff902603b",
|
||||
"sha256:dfee3340e8c89dd25a7dd621940b928960e4c9a70c4830d208f29b0adf288743",
|
||||
"sha256:e13befacff5f78102aa11465055ecb6d4b35f89663e36f271f2b506bcab14112",
|
||||
"sha256:e3112f05a34bf36d36ecc51520b1d98c4667b54a3f123dffef5072273e89a360",
|
||||
"sha256:e7f4cc1b7ce9691559decfd5db7cc500e71a9f6ccfe76c054f284c184a1d1dc9",
|
||||
"sha256:e9e4690894f406863e25ba49da27e1a6fda9bfc21b0b315c399d3093be080e81",
|
||||
"sha256:ea52e0c128e8e89f98ab0ccaabbc853677de5730729a3351da595976131b66e0",
|
||||
"sha256:edd2760699c60dde7d847aebd81f02035f7bddcd0ad3db8e73326dfc84a2dc8f"
|
||||
],
|
||||
"version": "==0.3.29"
|
||||
},
|
||||
"six": {
|
||||
"hashes": [
|
||||
@@ -834,11 +883,11 @@
|
||||
},
|
||||
"urllib3": {
|
||||
"hashes": [
|
||||
"sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466",
|
||||
"sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813"
|
||||
"sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760",
|
||||
"sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"
|
||||
],
|
||||
"markers": "python_version >= '3.9'",
|
||||
"version": "==2.4.0"
|
||||
"version": "==2.5.0"
|
||||
},
|
||||
"watchdog": {
|
||||
"hashes": [
|
||||
|
||||
@@ -42,7 +42,7 @@
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. Our mission is to inform the public about the value of digital privacy, and global government initiatives which aim to monitor your online activity. We are a non-profit collective operated entirely by volunteer team members and contributors. Our website is free of advertisements and not affiliated with any of the listed providers.
|
||||
|
||||
The current list of team members can be found [here](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
|
||||
The current list of team members can be found on [the executive committee page](https://www.privacyguides.org/en/about/#executive-committee). Additionally, [many people](#contributors) have made contributions to the project, and you can too!
|
||||
|
||||
*Featured on: [Tweakers](https://tweakers.net/reviews/10568/op-zoek-naar-privacyvriendelijke-tools-niek-de-wilde-van-privacy-guides.html), [The New York Times](https://nytimes.com/wirecutter/guides/online-security-social-media-privacy), [Wired](https://wired.com/story/firefox-mozilla-2022), and [Fast Company](https://www.fastcompany.com/91167564/mozilla-wants-you-to-love-firefox-again).*
|
||||
|
||||
@@ -63,9 +63,7 @@ All contributors to the site are listed [here](#contributors). If you have contr
|
||||
## Mirrors
|
||||
|
||||
- **GitHub Pages:** [privacyguides.github.io/privacyguides.org](https://privacyguides.github.io/privacyguides.org/en/)
|
||||
- **Netlify (AWS):** [illustrious-bavarois-56cf30.netlify.app](https://illustrious-bavarois-56cf30.netlify.app/en/)
|
||||
- **BunnyCDN:** [privacyguides-org-production.b-cdn.net](https://privacyguides-org-production.b-cdn.net/en/)
|
||||
- **Hetzner:** [direct.privacyguides.org](https://direct.privacyguides.org/en/) (discouraged!)
|
||||
|
||||
### Alternative Networks
|
||||
|
||||
@@ -117,7 +115,7 @@ Committing to this repository requires [signing your commits](https://docs.githu
|
||||
It is required to create a GitHub release to publish the current site to privacyguides.org. The current `main` branch can be previewed at [https://main.staging.privacyguides.dev](https://main.staging.privacyguides.dev) prior to release.
|
||||
|
||||
1. Create a new tag: `git tag -s YYYY.MM.DD -m 'Some message'`
|
||||
- Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit sha to next release, e.g. `YYYY.MM.DD-6aa14e8`
|
||||
- Tag numbering: `YYYY.MM.DD` - if two+ releases are published on the same day, append short commit to the next release, e.g. `YYYY.MM.DD-6aa14e8`
|
||||
- Enable GPG tag signing by default (`git config tag.gpgSign true`) to avoid missing signatures
|
||||
2. Push the tag to GitHub: `git push --tags`
|
||||
3. A GitHub Release will be automatically created and deployed to the live site.
|
||||
@@ -614,7 +612,7 @@ Privacy Guides wouldn't be possible without these wonderful people ([emoji key](
|
||||
|
||||
<!-- ALL-CONTRIBUTORS-LIST:END -->
|
||||
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside of this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
|
||||
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of **any** kind welcome, including contributions to Privacy Guides outside this repo, and contributions that aren't content related (like sharing ideas for Privacy Guides, promoting the project, answering questions on the forum, etc.).
|
||||
|
||||
CLI to generate this table:
|
||||
|
||||
|
||||
@@ -86,6 +86,10 @@ authors:
|
||||
mastodon:
|
||||
username: blacklight447
|
||||
instance: mastodon.social
|
||||
ptrmdn:
|
||||
name: Peter Marsden
|
||||
description: Guest Contributor
|
||||
avatar: https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ptrmdn/288/14291_2.png
|
||||
sam-howell:
|
||||
name: Sam Howell
|
||||
description: Guest Contributor
|
||||
|
||||
BIN
Binary file not shown.
|
After Width: | Height: | Size: 182 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 173 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 214 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 95 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 317 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 115 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 108 KiB |
BIN
Binary file not shown.
|
After Width: | Height: | Size: 118 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 68 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 107 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.6 MiB |
Binary file not shown.
|
After Width: | Height: | Size: 891 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 238 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 218 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 286 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 119 KiB |
+2
-2
@@ -1,5 +1,5 @@
|
||||
---
|
||||
description: Em is a full-time journalist at Privacy Guides.
|
||||
description: Em is the Activism & Outreach Lead at Privacy Guides. She is a public‑interest technologist and researcher who has been working on various independent projects in data privacy, information security, and software engineering since 2018.
|
||||
schema:
|
||||
-
|
||||
"@context": https://schema.org
|
||||
@@ -25,7 +25,7 @@ schema:
|
||||
|
||||
{ align=right }
|
||||
|
||||
[**Em**](https://emontheinternet.me/) is a full-time staff writer at *Privacy Guides*. She is a public‑interest technologist and researcher who has been working on various independent projects in data privacy, information security, and software engineering since 2018.
|
||||
[**Em**](https://emontheinternet.me/) is the Activism & Outreach Lead at *Privacy Guides*. She is a public‑interest technologist and researcher who has been working on various independent projects in data privacy, information security, and software engineering since 2018.
|
||||
|
||||
Em is passionate about digital rights, privacy advocacy, solid security, and code for the public good. In her free time, you can find Em on Mastodon giving privacy tips or boosting photos of cats and moss.
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
---
|
||||
description: Jonah Aragon is the Project Director and staff writer at Privacy Guides. His role includes researching and writing for this website, system administration, creating Privacy Guides Online Learning course content, reviewing the products recommended here, and most other day-to-day tasks.
|
||||
description: Jonah is Privacy Guides' editor and Program Director. With over a decade of technical writing experience, his role includes researching and writing for Privacy Guides. He also runs Triplebit, a non-profit ISP behind many privacy-related tools.
|
||||
schema:
|
||||
-
|
||||
"@context": https://schema.org
|
||||
@@ -29,9 +29,7 @@ schema:
|
||||
|
||||
{ align=right }
|
||||
|
||||
[**Jonah Aragon**](https://www.jonaharagon.com) is the Project Director and staff writer at *Privacy Guides*. His role includes researching and writing for this website, system administration, creating Privacy Guides Online Learning course content, reviewing the products recommended here, and most other day-to-day tasks.
|
||||
|
||||
He is also known for his work on the Techlore YouTube channel, including the Techlore Talks podcast he co-hosts.
|
||||
[**Jonah Aragon**](https://www.jonaharagon.com) is *Privacy Guides'* editor and Program Director. With over a decade of technical writing experience, his role includes researching and writing for Privacy Guides. He also runs Triplebit, a non-profit ISP behind many privacy-related tools.
|
||||
|
||||
[:simple-mastodon: @jonah@neat.computer](https://mastodon.neat.computer/@jonah "@jonah@neat.computer"){ .md-button rel=me }
|
||||
[:simple-bluesky: @jonaharagon.com](https://bsky.app/profile/jonaharagon.com "@jonaharagon.com"){ .md-button rel=me }
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
---
|
||||
description: Privacy-related news stories, product reviews, opinion pieces, and other important articles from Privacy Guides contributors.
|
||||
canonical_url: https://www.privacyguides.org/posts/tag/articles/
|
||||
hide:
|
||||
- footer
|
||||
---
|
||||
|
||||
@@ -221,7 +221,7 @@ On Android:
|
||||
2. Navigate to **Location**
|
||||
3. Switch **Use location** to **off**
|
||||
|
||||
If you use an Android phone, you should also check your Google account settings to [ensure location history is disabled](https://support.google.com/accounts/answer/3118687). Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong, zero-knowledge encryption.
|
||||
If you use an Android phone, you should also check your Google account settings to [ensure location history is disabled](https://support.google.com/accounts/answer/3118687). Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong encryption.
|
||||
|
||||
### Check Your Keyboard
|
||||
|
||||
@@ -265,7 +265,7 @@ You should be prepared to have your phone taken or lost during a protest. You ca
|
||||
|
||||
If you have an iPhone, you can make a local backup to a macOS computer or a Windows computer with iTunes. You can also back up to iCloud, but these backups are only secure if you enable [Advanced Data Protection](https://www.privacyguides.org/en/os/ios-overview/#icloud) on your iCloud account. We strongly encourage [enabling Advanced Data Protection](https://support.apple.com/en-us/108756) for all iCloud users in any case, as it protects not only device backups but most iCloud account data as well.
|
||||
|
||||
The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one with strong, zero-knowledge encryption so that the service provider is unable to access your data.
|
||||
The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one which uses strong client-side encryption, so that the service provider is unable to access your data.
|
||||
|
||||
- [Recommended Photo Backup Services](https://www.privacyguides.org/en/photo-management/)
|
||||
- [Recommended Cloud Drive Services](https://www.privacyguides.org/en/cloud/)
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Age verification laws and propositions forcing platforms to restrict content accessed by children and teens have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
|
||||
description: Age verification laws forcing platforms to restrict access to content online have been multiplying in recent years. The problem is, implementing such measure necessarily requires identifying each user accessing this content, one way or another. This is bad news for your privacy.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/age-verification-wants-your-face/ageverification-cover.webp
|
||||
|
||||
@@ -0,0 +1,313 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-08T18:00:00Z
|
||||
updated: 2025-09-15T16:30:00Z
|
||||
categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Chat Control is back to undermine everyone's privacy. There's an important deadline on October 14th, 2025. We must act now to stop it!
|
||||
schema_type: ReportageNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/chat-control-must-be-stopped/chatcontrol-cover.webp
|
||||
---
|
||||
|
||||
# Chat Control Must Be Stopped, Act Now!
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Ramaz Bluashvili / Pexels</small>
|
||||
|
||||
If you've heard of [Chat Control](the-future-of-privacy.md) already, bad news: **it's back**. If you haven't, this is a pressing issue you should urgently learn more about if you value privacy, democracy, and human rights. This is happening **right now**, and **we must act to stop it right now**.<!-- more -->
|
||||
|
||||
Take a minute to visualize this: Every morning you wake up with a police officer entering your home to inspect it, and staying with you all day long.
|
||||
|
||||
The agent checks your bathroom, your medicine cabinet, your bedroom, your closets, your drawers, your fridge, and takes photos and notes to document everything. Then, this report is uploaded to the police's cloud. It's "[for a good cause](encryption-is-not-a-crime.md)" you know, it's to make sure you aren't hiding any child sexual abuse material under your bed.
|
||||
|
||||
Every morning. Even if you're naked in bed. Even while you're having a call with your doctor or your lover. Even when you're on a date. Even while you're working and discussing your client's confidential information with their attorney. This police officer is there, listening to you and reporting on everything you do.
|
||||
|
||||
This is the in-person equivalent of Chat Control, a piece of legislation that would mandate **all** services to scan **all** private digital communications of **everyone** residing in the European Union.
|
||||
|
||||
This is an Orwellian nightmare.
|
||||
|
||||
## Act now!
|
||||
|
||||
This is happening **right now**. European governments will be finalizing their positions on the regulation proposal on September 12th, and there will be a final vote on **October 14th, 2025**.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Important: If you are reading this article after September 12th</p>
|
||||
|
||||
Regardless of the outcome on September 12th, the fight isn't over. The next deadline will be the **final vote on October 14th, 2025**.
|
||||
|
||||
If you've missed September 12th, make sure to contact your representatives **right now** to tell them to **oppose Chat Control** on October 14th.
|
||||
|
||||
</div>
|
||||
|
||||
- ==If you are not located in Europe==: Keep reading, this will affect you too.
|
||||
|
||||
- If you are still unconvinced: Keep reading, we discuss Chat Control in [more details](#why-is-this-bad) below.
|
||||
|
||||
- If you are located in Europe: You must **act now** to stop it.
|
||||
|
||||
<div class="admonition question" markdown>
|
||||
<p class="admonition-title">How to stop this? Contact your MEPs today</p>
|
||||
|
||||
Use this [**website**](https://fightchatcontrol.eu/) to easily contact your government representatives, and tell them they should **oppose Chat Control**. Even if your country already opposes Chat Control, contact your representatives to tell them you are relieved they oppose, and support them in this decision to protect human rights. This will help reinforce their position.
|
||||
|
||||
But if your country *supports* Chat Control, or is *undecided*, **it is vital that you contact your representatives as soon as possible**. To support your point, you can share this article with them or one of the many great [resources](#resources-to-learn-more-and-fight-for-human-rights) listed at the end.
|
||||
|
||||
At the time of this writing, the list of countries to contact is:
|
||||
|
||||
| **Supporting (15)** | | **Undecided (6)** |
|
||||
| ---------------------------------- | ----------------------------------- | -------------------- |
|
||||
| :triangular_flag_on_post: Bulgaria | :triangular_flag_on_post: Latvia | :warning: Estonia |
|
||||
| :triangular_flag_on_post: Croatia | :triangular_flag_on_post: Lithuania | :warning: Germany |
|
||||
| :triangular_flag_on_post: Cyprus | :triangular_flag_on_post: Malta | :warning: Greece |
|
||||
| :triangular_flag_on_post: Denmark | :triangular_flag_on_post: Portugal | :warning: Luxembourg |
|
||||
| :triangular_flag_on_post: France | :triangular_flag_on_post: Slovakia | :warning: Romania |
|
||||
| :triangular_flag_on_post: Hungary | :triangular_flag_on_post: Spain | :warning: Slovenia |
|
||||
| :triangular_flag_on_post: Ireland | :triangular_flag_on_post: Sweden | |
|
||||
| :triangular_flag_on_post: Italy | | |
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Patrick Breyer / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
## What is Chat Control?
|
||||
|
||||
"Chat Control" refers to a series of legislative proposals that would make it mandatory for *all* service providers (text messaging, email, social media, cloud storage, hosting services, etc.) to scan *all* communications and *all* files (including end-to-end encrypted ones), in order to supposedly detect whatever the government deems "abusive material."
|
||||
|
||||
The push for Chat Control started in 2021 with the approval of a [derogation](https://www.patrick-breyer.de/en/chatcontrol-european-parliament-approves-mass-surveillance-of-private-communications/) to the ePrivacy Directive by the European Parliament. This derogation escalated to a second proposal for *mandatory* scanning a year later, which was [rejected](https://fortune.com/europe/2023/10/26/eu-chat-control-csam-encryption-privacy-european-commission-parliament-johansson-breyer-zarzalejos-ernst/) in 2023. Nevertheless, lawmakers and lobbyists determined to undermine our safety and civil liberties are bringing it back again two years later, **literally trying to wear you down**.
|
||||
|
||||
We cannot let authoritarians wear us down until we lose all our privacy rights. Our privacy rights are fundamental to so many other human rights, to civil liberties, to public safety, and to functioning democracies.
|
||||
|
||||
Chat Control undermines all of this.
|
||||
|
||||
Cryptography professor and cybersecurity expert Matthew Green described the 2022 proposal document for Chat Control as "[**the most terrifying thing I've ever seen**](https://fortune.com/2022/05/12/europe-phone-surveillance-crackdown-child-sexual-abuse-material-sparks-outrage-among-cybersecurity-experts-privacy-activists/)".
|
||||
|
||||
And terrifying, it is.
|
||||
|
||||
The [most recent proposal for Chat Control](https://tuta.com/blog/chat-control-criticism) comes from the EU Council Danish presidency pushing for regulation misleadingly called the **Child Sexual Abuse Regulation** (CSAR). Despite its seemingly caring name, this regulation will **not** help fight child abuse, and will even likely worsen it, impacting negatively what is already being done to fight child abuse (more on this in the [next section](#would-this-protect-the-children)).
|
||||
|
||||
The CSAR proposal (which *is* the latest iteration of Chat Control) could be implemented as early as *next month*, if we do not stop it.
|
||||
|
||||
**The problem is this: Chat Control will not work, it is unreliable, it will escalate in scope, and it will endanger everyone (including the children).**
|
||||
|
||||
Even if you are not in Europe, know that Chat Control will affect everyone inside *and* outside of Europe one way or another. Regardless of where you are, you should be concerned and pay attention, and there are things you can do to fight back. This is important.
|
||||
|
||||
|
||||
<small aria-hidden="true">Still image from [video](https://stopscanningme.eu/video/csar-explainer.mp4): Stop Scanning Me / EDRi</small>
|
||||
|
||||
## Why is this bad?
|
||||
|
||||
The idea that it's possible to somehow [magically protect](encryption-is-not-a-crime.md/#magical-backdoor-only-for-the-good-guys-is-a-complete-fantasy) information properly while giving access to unquestionably well-intended law enforcement comes from either extreme naivety, lack of information, and plain dishonesty.
|
||||
|
||||
This proposal would effectively break any end-to-end encryption protections, and potentially expose all your files and communications to not only law enforcement, but eventually also to criminals of all sorts (with the data breaches, data leaks, and corruption that will inevitably follow).
|
||||
|
||||
Here's a summary of some dangers this regulation would create if approved:
|
||||
|
||||
- **Breaking end-to-end encryption**: Removing crucial protections for all sensitive files and communications of vulnerable populations, victims, whistleblowers, journalists, activists, and everyone else.
|
||||
|
||||
- **Mission creep**: Once this mass surveillance system is in place, authorities can decide to add more criteria such as searching all communications for references to drug use, protest attendances, political dissidence, or even [negative comments](https://www.lemonde.fr/en/international/article/2025/03/22/how-a-french-researcher-being-refused-entry-to-the-us-turned-into-a-diplomatic-mess_6739415_4.html) about a leader. Europol (the EU law enforcement agency) has already called for [expanding the program](https://www.youtube.com/watch?v=L933xDcSS3o&t=2016s).
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Criminal attacks**: Each time a backdoor exists, it doesn't take long for criminals to find access and steal our information. This could include criminals finding access to each service independently or to the entire database authorities would keep. A database that would be filled with material tagged as sexually explicit text or photos of children. This could even *create* new Child Sexual Abuse Material (CSAM) for criminals. For example, consenting teenagers innocently sexting together could have their photos collected in this database, after being wrongly flagged by the automated system. Then, criminals could steal their intimate photos from the governments.
|
||||
|
||||
- **False positives**: With a mass surveillance system this large, moreover a system with no transparency and little oversight, false positives are inevitable. Despite marketing promises from the [organizations lobbying government officials](https://www.patrick-breyer.de/en/chat-control-eu-ombudsman-criticises-revolving-door-between-europol-and-chat-control-tech-lobbyist-thorn/), we all know AI technologies regularly misfire and cannot be reliable for anything of such importance. Loving parents could get flagged as pedophiles just for innocently uploading a photo of their child in the bathtub on their *private* cloud. Teenagers exploring their sexuality consensually with each other could get tagged as sexual predators (a label that might stick on them decades later). The police could receive reports for breastfeeding mothers. The list is infinite.
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Overwhelming resources**: The inevitable false positives will completely overwhelm the agencies responsible for investigating flagged material. This will cost them precious time they will not have to investigate *actual* abuse cases. Organizations fighting child sexual abuse are already overwhelmed and lack resources to prosecute real criminals.
|
||||
|
||||
- **Hurting victims**: Such system of mass surveillance could prevent victims of child sexual abuse (and other crimes) to reach out for help. Knowing that all their communications would be scanned, they would lose all confidentiality while reporting crimes. The evidences they share could even be tagged by Chat Control, as if they were the perpetrator rather than the victim. Sadly, many will likely decide it's safer not to report at all.
|
||||
|
||||
- **Self-censorship**: With Chat Control in place, not only victims might censor themselves and stop reaching out for help, but everyone else as well. When people know they are being observed, they feel less free to be themselves and to share openly. This is doubly true for anyone who is part of a marginalized group, such as [LGBTQ+ people](importance-of-privacy-for-the-queer-community.md), or anyone who is being victimized or at risk of victimization.
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Lorna Schütte / [chatcontrol.eu](https://www.chatcontrol.eu)</small>
|
||||
|
||||
- **Undermining democracy**: This surveillance system would allow governments to spy on opposition. Chat logs from opposing candidates, activists, and journalists could all be accessed by authorities in order to silence opponents or blackmail candidates. Even if you trust your government to not do this now, this doesn't mean it could not be used in this way by the next government. We have all seen how fast the political landscape can change.
|
||||
|
||||
- **Violating the GDPR (and other laws)**: The General Data Protection Regulation (GDPR) offers wonderful protections to Europeans. Sadly, Chat Control would make a complete farce of it. The Right to Erasure (right to delete) could be reduced to ashes by Chat Control, including for any highly sensitive information wrongly caught in the CSAR net. Moreover, it would [violate Article 7 and Article 8](https://tuta.com/blog/chat-control-criticism) of the EU Charter of Fundamental Rights.
|
||||
|
||||
Protecting the children is only the excuse used in hope of convincing a misinformed public. **Chat Control is authoritarian mass surveillance.**
|
||||
|
||||
Authorities understand well how important protecting communication and information is. This is why they included an exemption to protect *their own* communications, but not yours.
|
||||
|
||||
## Would this protect the children?
|
||||
|
||||
No.
|
||||
|
||||
This cannot be stressed enough: **This regulation would not protect the children, it would *harm* the children**, and everyone else too, worldwide. Claiming otherwise is either naivety, or misinformation.
|
||||
|
||||
Last year, the civil and human rights association European Digital Rights (EDRi) put together a [joint statement from 48 organizations](https://edri.org/our-work/joint-statement-on-the-future-of-the-csa-regulation/) for children's protection, digital rights, and human rights, demanding that the European Parliament invest instead in proven strategies to fight child abuse. This appeal to reason does not seem to have been heard by most EU Member States.
|
||||
|
||||
There are many things we can do as a society to increase protections for children and fight abusers and criminals, but Chat Control is far from it all. Protection of the children is clearly only an excuse here, and a very misleading one.
|
||||
|
||||
|
||||
<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
|
||||
|
||||
### Mislabelling children as criminals
|
||||
|
||||
First, this automated system is flawed in many ways, and the false-positive rate would likely be high. But let's imagine that, magically, the system could flag CSAM at an accuracy rate of 99%. This still means 1% of reports would be false. Expanded to the size of European Union's population of approximately 450 million people, exchanging likely billions of messages and files every day, this still means millions could be falsely tagged as sexual predators, with all the [consequences](https://www.republik.ch/2022/12/08/die-dunklen-schatten-der-chatkontrolle) this implies.
|
||||
|
||||
Worse, the Swiss federal police reported that currently about 80% of all automated reports received were [false-positives](https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo). This means in reality, the error rate is likely far higher than 1%, and actually closer to an **80% error rate**. Of the approximate 20% of positive reports, in Germany, over 40% of investigations initiated [targeted children](https://www.polizei-beratung.de/aktuelles/detailansicht/straftat-verbreitung-kinderpornografie-pks-2022/) themselves.
|
||||
|
||||
Sometimes, flagged content is simply teenagers innocently sexting each other consensually. Not only would they be wrongly tagged as criminals under Chat Control, but they'd be triggering an investigation that would expose their intimate photos to some faceless officers or tech employees working on the system.
|
||||
|
||||
Even in a magical world where Chat Control AI is 99% accurate, it would still wrongly tag and **expose sensitive data from millions of children**. In reality, no AI system is even remotely close to this accuracy level, and proprietary algorithms are usually opaque black boxes impossible to audit transparently. The number of children Chat Control would harm, and likely traumatize for life, would be disastrous.
|
||||
|
||||
### Exposing children's sensitive and sexual information
|
||||
|
||||
Any content that could be deemed suspicious or explicit by the system, accurately or not, would be flagged and reported.
|
||||
|
||||
When this content is reported, it will likely be uploaded to a database for human review. This means that if a teenager was sending an intimate photo of themselves to another consenting teenager, they could be flagged as sharing CSAM, even if it's their own photo. Then, their photo would be sent to the police for review. Information that should very much have stayed protected and private between these two teenagers is now exposed to strangers. This is wrong, and dangerous.
|
||||
|
||||
Even innocuous communications such as daily conversations, teenagers chatting with each other, parents reporting information about their child to a [doctor](https://www.nytimes.com/2022/08/21/technology/google-surveillance-toddler-photo.html), and therapists talking with their patients, could all inadvertently expose children sensitive information. This is information that should have remained *private*, and would now be uploaded to a police database, likely [stored there forever](https://www.iccl.ie/news/an-garda-siochana-unlawfully-retains-files-on-innocent-people-who-it-has-already-cleared-of-producing-or-sharing-of-child-sex-abuse-material/) with few recourses to remove it.
|
||||
|
||||
The more we collect sensitive information about children (photos, faces, locations, identifications, medical information, private chats, experiences, etc.), the more we risk exposing children to harm. This includes systems used by authorities and governments. Even if everyone with legitimate access to this data is miraculously 100% exemplary and incorruptible citizens, the databases and scanning systems will still be vulnerable to attacks from criminals and hostile governments alike.
|
||||
|
||||
The only way to protect children's information properly is to **1) not collect it**, and **2) use end-to-end encryption to protect it** when we cannot avoid collecting it. Spying on everyone and every child is the opposite of that.
|
||||
|
||||
### Authorities' databases will be attacked
|
||||
|
||||
It's impossible to perfectly secure information online. There is a lot we can do to improve security (much more than is done now), but data breaches will happen.
|
||||
|
||||
If governments mandate a backdoor to have access to all our online communication and stored files, it's inevitable that at least some criminals will eventually get access to it as well. This is even truer if this system is closed-source, [privatized](https://fortune.com/europe/2023/09/26/thorn-ashton-kutcher-ylva-johansson-csam-csa-regulation-european-commission-encryption-privacy-surveillance/), and isn't subjected to frequent independent audits with strong accountability.
|
||||
|
||||
Once a vulnerability is found by criminals, they will have the same access as authorities have to our data. With Chat Control, this means pretty much all our data.
|
||||
|
||||
In addition, Chat Control could facilitate the proliferation of even more spyware and [stalkerware](https://stopstalkerware.org/) on the market, thriving on the vulnerabilities found in the powerful system. This would allow *anyone* to purchase access to spy on *anyone*, including databases of identified children. It could give a direct backdoor-access to pedophiles. How could *this* be helping to protect the children?
|
||||
|
||||
### The danger is inside
|
||||
|
||||
Even if the idea of online strangers accessing children's sensitive data is terrifying, the worse danger in often much closer.
|
||||
|
||||
Sadly, we already know that the [vast majority](https://content.c3p.ca/pdfs/C3P_SurvivorsSurveyFullReport2017.pdf) of child sexual abuse is perpetrated by adults close to the child, not strangers, and that two-thirds of CSAM images appear to have been [produced at home](https://theconversation.com/new-research-shows-parents-are-major-producers-of-child-sexual-abuse-material-153722). Chat Control would do nothing to fight this. In fact, it could facilitate it.
|
||||
|
||||
Child abuse is an incredibly important topic to discuss and to fight against as a society. Utilizing this issue as an excuse to pass a surveillance law that would endanger everyone, including the victims, is despicable.
|
||||
|
||||
When children are living with the abuser, the only escape is outside the home, and sometimes this means *online*. Abusers often use spying technologies to control and restrict access to help for their victims. If we make mass surveillance mandatory and normalized, this risks aggravating the stalkerware problem by obligating providers to implement backdoors in their systems. We would effectively be helping abusers at home to restrict access to help for their victims, including victims of CSAM. This is completely unacceptable.
|
||||
|
||||
### How to actually help the children
|
||||
|
||||
Despite the politicization of this issue to manipulate the public opinion in accepting mass surveillance, there are actually *proven* solutions to help to protect the children, online and offline.
|
||||
|
||||
First, governments should [listen](https://mogis.info/static/media/uploads/eu-libe-mogis-hahne-07032023_en.pdf) to [organizations already doing the work](https://edri.org/our-work/most-criticised-eu-law-of-all-time/). Most are understaffed and under-resourced to properly support the victims and prosecute the criminals. Thousands of more reports every day would not help them do any effective work. More capacity to conduct *targeted* investigation and arrest criminals, and more capacity to create safe spaces to support the victims and witnesses will help.
|
||||
|
||||
Privacy should be the default, for everyone.
|
||||
|
||||
If all our services were using end-to-end encryption when possible, and implemented proper security and privacy features and practices, this would effectively help to protect the children as well. Abusers and criminals are looking for leaked and stolen data all the time. When a cloud photo storage gets hacked, your photos are up for grabs online, including the photos of your children. When parents upload photos of their children and their address online, and this data gets exposed (leaked, breached, AI-scraped, etc.), this data then becomes accessible to criminals.
|
||||
|
||||
**Better privacy protections also means better protections for the children.**
|
||||
|
||||
Children themselves should receive better education on how their data is used online and how to protect it. Additionally, it is vital to provide better education on what behaviors aren't normal coming from an adult, and how to reach out for help when it happens. Children should have access to safe and confidential resources to report abuse, whether it's happening outside or inside their home.
|
||||
|
||||
Parents should be careful when sharing information about their children. And when they have to, they should benefit from complete confidentiality, knowing their communication is fully end-to-end encrypted and not shared with anyone else.
|
||||
|
||||
There is so much we can do to help to protect better the children online, surveillance is the opposite of it all.
|
||||
|
||||
## How would this affect me?
|
||||
|
||||
If this regulation is approved on **October 14th, 2025** (the date for the final vote), the consequences would be devastating for everyone, even outside the European Union.
|
||||
|
||||
We have seen how platforms implemented better privacy practices and features after the GDPR became effective in 2018, features that often benefited people worldwide. This could have the same effect in reverse.
|
||||
|
||||
Every platform potentially handling data of people located in the EU would be subjected to the law. Platforms would be obligated to scan all communications and all files of (at least) data subjects located in the EU, even data currently protected with end-to-end encryption. This would affect popular apps and services like Signal, Tuta, Proton, WhatsApp, Telegram, and much more.
|
||||
|
||||
### Outside of Europe
|
||||
|
||||
This would not only affect Europeans' data, but also the data of anyone outside communicating with someone located in the European Union. Because end-to-end encryption can only work if **both** ends are protected.
|
||||
|
||||
If Chat Control gets approved and applied, it will become very difficult to communicate with anyone located in the EU while keeping strong protections for your data. Many people might just accept the surveillance passively, and as a result lose their rights, their protections, and compromise their democratic processes. Overtime, this will likely lead to a slippery slope towards dystopian authoritarianism.
|
||||
|
||||
Outside of Europe, you could expect to see services removing some privacy-protective features, downgrading encryption, blocking European countries that are subjected to the law, or moving outside of Europe entirely. If localization-based scanning is too complicated to handle for an application, some companies might just decide it's simpler to scan communications for all users, worldwide.
|
||||
|
||||
Additionally, Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom, and the United States) have already [expressed support](https://www.youtube.com/watch?v=L933xDcSS3o&t=2163s) for Chat Control, and might be keen to try the same at home, if this gets approved and tested in Europe first.
|
||||
|
||||
### Inside of Europe
|
||||
|
||||
Without using tools that would be now deemed illegal, you would lose any protections currently granted by end-to-end encryption. It would become impossible for you to send an email, a text message, or a photo without being observed by your government, and potentially also by criminals and foreign governments, following the inevitable data breaches.
|
||||
|
||||
You would have to constantly self-censor to avoid triggering the system and getting reported to the authorities. At first, you would probably just have to stop sending nudes, sexting, or sending photos of naked children in the bathtub or playing at the beach. Then, this would escalate to never mentioning drug or anything that could sound like drug, even as a joke. Later, you might have to stop texting about going to a protest, and stop organizing protests online. Further down the line, you might even have to self-censor to make sure you are not saying anything negative about a leader, or a [foreign politician](https://www.reuters.com/world/us/trump-administration-resuming-student-visa-appointments-state-dept-official-says-2025-06-18/) even. This isn't that hypothetical, this sort of [oppressive surveillance](https://www.hrw.org/news/2017/11/19/china-police-big-data-systems-violate-privacy-target-dissent) already exists in some countries.
|
||||
|
||||
Many services you currently rely on right now would simply shut down, or move away from Europe entirely. Businesses might also move outside of Europe if they worry about protecting their proprietary information. This could cause massive layoffs, while organizations move to jurisdictions where they are allowed to keep their data protected and unobserved.
|
||||
|
||||
Finally, even if this doesn't affect you personally, or you don't believe it will, [**this isn't just about you**](the-privacy-of-others.md).
|
||||
|
||||
The data of vulnerable people would be exposed and their safety put at risk. Victims might decide to stop reaching out for help or reporting crimes. Sources requiring anonymity might decide the risk isn't worth reporting valuable information to journalists. Opponents of governments in power could be silenced. Every democracy in the European Union would suffer greatly from it.
|
||||
|
||||
Chat Control is completely antithetical to the values the European Union has been presenting to the world in recent years.
|
||||
|
||||
|
||||
<small aria-hidden="true">[Image](https://stopscanningme.eu/en/organise-now.html): Stop Scanning Me / EDRi</small>
|
||||
|
||||
## What can I do about it?
|
||||
|
||||
Even if the landscape seems dismal, **the battle isn't over**. There are many things you can do, right now, to fight against this authoritarian dystopia.
|
||||
|
||||
### For Europeans, specifically
|
||||
|
||||
- Contact your country representatives **TODAY**. The group Fight Chat Control has put together an [**easy tool**](https://fightchatcontrol.eu/#contact-tool) making this quick with only a few clicks.
|
||||
|
||||
- After September 12th, the battle isn't over. Although governments will finalize their positions on that day, the final vote happens on **October 14th, 2025**. If you missed the September 12th deadline, keep contacting your representatives anyway.
|
||||
|
||||
- Tell your family and friends to contact their representatives as well, talk about it, make noise.
|
||||
|
||||
### For Everyone, including Europeans
|
||||
|
||||
- Talk about Chat Control on social media often, especially this month. Make noise online. Use the hashtags #ChatControl and #StopScanningMe to help others learn more about the opposition movement.
|
||||
|
||||
- Share informative [videos and memes](#resources-to-learn-more-and-fight-for-human-rights) about Chat Control. Spread the word in various forms.
|
||||
|
||||
- Contact your European friends in impacted countries and tell them to contact their representatives NOW.
|
||||
|
||||
- Even outside the EU, you can contact your own representatives as well, to let them know regulations like Chat Control are horrible for human rights, and you hope your country will never fall for such repressive laws. Tell your political representatives that privacy rights are important to you. **Your voice matters.**
|
||||
|
||||
We need your help to fight this. For democracy, for privacy, and for all other human rights, we cannot afford to lose this battle.
|
||||
|
||||
|
||||
<small aria-hidden="true">Screenshot: [fightchatcontrol.eu](https://fightchatcontrol.eu/)</small>
|
||||
|
||||
## Resources to learn more, and fight for human rights
|
||||
|
||||
### Videos about Chat Control
|
||||
|
||||
- [**Stop Scanning Me**: Short video that summarizes perfectly the issues with Chat Control](https://stopscanningme.eu/video/csar-explainer.mp4)
|
||||
|
||||
- [**Stop Scanning Me**: German-language version of the same short video](https://www.patrick-breyer.de/posts/chat-control/)
|
||||
|
||||
- [**Louis Rossmann**: Video discussing why privacy matters, and the impact of Chat Control from a perspective outside of Europe](https://www.youtube.com/watch?v=3NyUgv6dpJc)
|
||||
|
||||
- [**Shaping Opinion**: Excellent interview with Chat Control expert Patrick Breyer (recommended)](https://www.youtube.com/watch?v=L933xDcSS3o)
|
||||
|
||||
- [**Patrick Breyer**: PeerTube channel with numerous videos related to Chat Control (German & English)](https://peertube.european-pirates.eu/c/patrick_breyer_mep_channel)
|
||||
|
||||
### Memes about Chat Control
|
||||
|
||||
- [**Stop Scanning Me**: Memes, banners, and other graphics](https://stopscanningme.eu/en/organise-now.html)
|
||||
|
||||
- [**Patrick Breyer**: Memes, explainers, maps, and other graphics](https://www.patrick-breyer.de/posts/chat-control/#WhatYouCanDo)
|
||||
|
||||
### Websites with more information
|
||||
|
||||
- [**Fight Chat Control** (Contact your representatives here **TODAY**!)](https://fightchatcontrol.eu/)
|
||||
|
||||
- [**Stop Scanning Me** (from EDRi)](https://stopscanningme.eu)
|
||||
|
||||
- [**Patrick Breyer** (expert and former Member of the European Parliament)](https://www.patrick-breyer.de/posts/chat-control/)
|
||||
|
||||
- [**European Crypto Initiative**](https://eu.ci/eu-chat-control-regulation/)
|
||||
|
||||
- [Follow **Fight Chat Control** on Mastodon for updates](https://mastodon.social/@chatcontrol)
|
||||
|
||||
---
|
||||
|
||||
**Update (9/15):** Added modifications related to the second important deadline for action, on October 14th.
|
||||
|
||||
**Update (9/8):** Added clarification about what Chat Control is for readers unfamiliar with it.
|
||||
@@ -9,7 +9,7 @@ categories:
|
||||
- Reviews
|
||||
authors:
|
||||
- em
|
||||
description: "If you have been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad."
|
||||
description: If you've been looking for a privacy-respectful replacement to Google Docs, now is the time to switch to the end-to-end encrypted office suite CryptPad.
|
||||
preview:
|
||||
logo: theme/assets/img/document-collaboration/cryptpad.svg
|
||||
review:
|
||||
|
||||
@@ -0,0 +1,250 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-30T16:30:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Privacy Enhancing Technologies
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Differential privacy is a mathematically rigorous framework for adding a controlled amount of noise to a dataset so that no individual can be reidentified. Learn how this technology is being implemented to protect you.
|
||||
preview:
|
||||
cover: blog/assets/images/differential-privacy/cover.webp
|
||||
---
|
||||
# What is Differential Privacy?
|
||||
|
||||
|
||||
<small aria-hidden="true">Image: Privacy Guides / Jordan Warne</small>
|
||||
|
||||
Is it possible to collect data from a large group of people but protect each individual's privacy? In this entry of my series on [privacy-enhancing technologies](../tags.md/#tag:privacy-enhancing-technologies), we'll discuss differential privacy and how it can do just that.<!-- more -->
|
||||
|
||||
## Problem
|
||||
|
||||
It's useful to collect data from a large group of people. You can see trends in a population. But it requires a lot of individual people to give up personally identifiable information. Even things that seem innocuous like your gender can help identify you.
|
||||
|
||||
Latanya Sweeney in a [paper](https://dataprivacylab.org/projects/identifiability/paper1.pdf) from 2000 used U.S. Census data to try and re-identify people solely based on the metrics available to her. She found that 87% of Americans could be identified based on only 3 metrics: ZIP code, date of birth, and sex.
|
||||
|
||||
Obviously, being able to identify individuals based on publicly available data is a huge privacy issue.
|
||||
|
||||
## History
|
||||
|
||||
### Before Differential Privacy
|
||||
|
||||
Being able to collect aggregate data is essential for research. It's what the U.S. Census does every 10 years.
|
||||
|
||||
Usually we're more interested in the data as a whole and not data of individual people as it can show trends and overall patterns in groups of people. However, in order to get that data we must collect it from individuals.
|
||||
|
||||
It was thought at first that simply [removing names and other obviously identifying details](https://simons.berkeley.edu/news/differential-privacy-issues-policymakers#:~:text=Prior%20to%20the%20line%20of%20research%20that%20led%20to%20differential%20privacy%2C%20it%20was%20widely%20believed%20that%20anonymizing%20data%20was%20a%20relatively%20straightforward%20and%20sufficient%20solution%20to%20the%20privacy%20challenge.%20Statistical%20aggregates%20could%20be%20released%2C%20many%20people%20thought%2C%20without%20revealing%20underlying%20personally%20identifiable%20data.%20Data%20sets%20could%20be%20released%20to%20researchers%20scrubbed%20of%20names%2C%20but%20otherwise%20with%20rich%20individual%20information%2C%20and%20were%20thought%20to%20have%20been%20anonymized.) from the data was enough to prevent re-identification, but [Latanya Sweeney](https://latanyasweeney.org/JLME.pdf) (a name that will pop up a few more times) proved in 1997 that even without names, a significant portion of individuals can be re-identified from a dataset by cross-referencing external data.
|
||||
|
||||
Previous attempts at anonymizing data have relied on been highly vulnerable to re-identification attacks.
|
||||
|
||||
#### AOL Search Log Release
|
||||
|
||||
A famous example is the AOL search log release. AOL had been logging its users searches for research purposes. When they released the data, they only replaced the users' real names with an identifier. Researchers were able to identify [user 4417749](https://archive.nytimes.com/www.nytimes.com/learning/teachers/featured_articles/20060810thursday.html) as Thelma Arnold based on the identifying details of her searches.
|
||||
|
||||
#### Strava Heatmap Incident
|
||||
|
||||
In 2018, the fitness app Strava announced a major update to its heatmap, showing the the workout patterns of users of fitness trackers like Fitbit.
|
||||
|
||||
Analyst [Nathan Ruser](https://x.com/Nrg8000/status/957318498102865920) indicated that these patterns can reveal military bases and troop movement patterns. This is obviously a huge op-sec problem and can endanger the lives of troops.
|
||||
|
||||
It was also possible to [deanonymize](https://steveloughran.blogspot.com/2018/01/advanced-denanonymization-through-strava.html) individual users in some circumstances.
|
||||
|
||||
#### Randomized Response
|
||||
|
||||
One of the earliest ideas for anonymizing data was [randomized response](https://uvammm.github.io/docs/randomizedresponse.pdf), first introduced all the way back in 1965 in a paper by Stanley L. Warner. The idea behind it is quite clever.
|
||||
|
||||
For certain questions like "have you committed tax fraud?" respondents will likely be hesitant to answer truthfully. The solution? Have the respondent flip a coin. If the coin is tails, answer yes. If the coin lands on heads, answer truthfully.
|
||||
|
||||
| Respondent | Answer | Coin Flip (not included in the actual dataset just here for illustration) |
|
||||
| --- | --- | --- |
|
||||
| 1 | Yes | Tails (Answer Yes) |
|
||||
| 2 | No | Heads (Answer Truthfully) |
|
||||
| 3 | Yes | Tails (Answer Yes) |
|
||||
| 4 | Yes | Tails (Answer Yes) |
|
||||
| 5| No | Heads (Answer Truthfully) |
|
||||
|
||||
Because we know the exact probability that a "Yes" answer is fake, 50%, we can remove it and give a rough estimate of how many respondents answered "Yes" truthfully.
|
||||
|
||||
Randomized Response would lay the groundwork for differential privacy, but it wouldn't truly be realized for many decades.
|
||||
|
||||
#### Unrelated Question Randomized Response
|
||||
|
||||
A variation used later in a [paper](https://www.jstor.org/stable/2283636) by Greenberg et al. called **unrelated question randomized response** would present each respondent with either a sensitive question or a banal question like "is your birthday in January?" to increase the likelihood of people answering honestly, since the researcher doesn't know which question was asked.
|
||||
|
||||
| Respondent | Question (not visible to researcher) | Answer |
|
||||
| --- | --- | --- |
|
||||
| 1 | Have you ever committed tax evasion? | No |
|
||||
| 2 | Is your birthday in January? | Yes |
|
||||
| 3 | Is your birthday in January? | No |
|
||||
| 4 | Have you ever committed tax evasion? | Yes |
|
||||
| 5 | Have you ever committed tax evasion? | No |
|
||||
|
||||
#### k-Anonymity
|
||||
|
||||
Latanya Sweeney and Pierangela Samarati introduced [k-anonymity](https://dataprivacylab.org/dataprivacy/projects/kanonymity/paper3.pdf) to the world back in 1998.
|
||||
|
||||
It's interesting that even all the way back in 1998 concerns constant data collection were already relevant.
|
||||
|
||||
> Most actions in daily life are recorded on some computer somewhere. That information in turn is often shared, exchanged, and sold. Many people may not care that the local grocer keeps track of which items they purchase, but shared information can be quite sensitive or damaging to individuals and organizations. Improper disclosure of medical information, financial information or matters of national security can have alarming ramifications, and many abuses have been cited.
|
||||
|
||||
In a dataset, you might have removed names and other obviously identifying information, but there might be other data such as birthday, ZIP code, etc., that might be unique to one person in the dataset. If someone were to cross-reference this data with outside data, it could be possible to deanonymize individuals.
|
||||
|
||||
k-anonymity means that for each row, at least k-1 other rows are identical. So for a k of 2, at least one other row is identical to each row.
|
||||
|
||||
##### Generalization
|
||||
|
||||
This is achieved through a few techniques, one of which is generalization. Generalization is reducing the precision of data so that it's not as unique.
|
||||
|
||||
For example, instead of recording an exact age, you might give a range like 20-30. You've probably noticed this on surveys you've taken before. Data like this that's not directly identifiable but could be used to re-identify someone is referred to as *quasi-identifiers*.
|
||||
|
||||
##### Suppression
|
||||
|
||||
Sometimes even with generalization, you might have outliers that don't satisfy the k-anonymity requirements.
|
||||
|
||||
In these cases, you can simply remove the row entirely.
|
||||
|
||||
##### Attacks on k-Anonymity
|
||||
|
||||
k-anonymity has been [demonstrated](https://www.usenix.org/system/files/sec22-cohen.pdf) to not prevent re-identification of individuals despite the data in a dataset being properly k-anonymized by "statistical experts".
|
||||
|
||||
Researchers were able to deanonymize 3 students from a k-anonymized dataset from Harvard and MIT's EdX platform by cross-referencing data from LinkedIn, putting potentially thousands of students at risk of re-identification.
|
||||
|
||||
### Dawn of Differential Privacy
|
||||
|
||||
Most of the concepts I write about seem to come from the 70s and 80s, but differential privacy is a relatively new concept. It was first introduced in a paper from 2006 called [*Calibrating Noise to Sensitivity in Private Data Analysis*](https://desfontain.es/PDFs/PhD/CalibratingNoiseToSensitivityInPrivateDataAnalysis.pdf).
|
||||
|
||||
The paper introduces the idea of adding noise to data to achieve privacy, similar to randomized response. However, differential privacy is much more mathematically rigorous and provable.
|
||||
|
||||
Of course, adding noise to the dataset reduces its accuracy. Ɛ defines the amount of noise added to the dataset, with a small Ɛ meaning more privacy but less accurate data and vice versa. It's also referred to as the "privacy loss parameter" or "privacy budget".
|
||||
|
||||
#### Central Differential Privacy
|
||||
|
||||
This early form of differential privacy relied on adding noise to the data *after* it was already collected, meaning you still have to trust a central authority with the raw data.
|
||||
|
||||
## Google RAPPOR
|
||||
|
||||
In 2014, Google introduced [Randomized Aggregatable Privacy-Preserving Ordinal Response](https://arxiv.org/pdf/1407.6981) (RAPPOR), their [open source](https://github.com/google/rappor) implementation of differential privacy.
|
||||
|
||||
Google RAPPOR implements and builds on previous techniques such as randomized response and adds significant improvements on top.
|
||||
|
||||
### Local Differential Privacy
|
||||
|
||||
In Google's implementation, noise is added to data on-device before it's sent off to any server. This removes the need to trust the central authority to handle your raw data, an important step in achieving truly anonymous data collection.
|
||||
|
||||
### Bloom Filters
|
||||
|
||||
Google RAPPOR makes use of a clever technique called bloom filters that saves space and improves privacy.
|
||||
|
||||
Bloom filters work by starting out with an array of all 0's
|
||||
|
||||
`[0, 0, 0, 0, 0, 0, 0, 0, 0]`
|
||||
|
||||
Then, you run data such as the word "apple" through a hashing algorithm, which will give 1's in specific positions, say position 1, 3, and 5.
|
||||
|
||||
`[0, 1, 0, 1, 0, 1, 0, 0, 0]`
|
||||
|
||||
When you want to check if data is present, you run the data through the hashing algorithm and check if the corresponding positions are 1's. If they are, the data *might* be present (other data might have flipped those same bits at some point). If any of the 1's are 0's, then you know for sure that the data is not in the set.
|
||||
|
||||
### Permanent Randomized Response
|
||||
|
||||
A randomization step is performed flipping some of the bits randomly. This response is then "memoized" so that the same random values are used for future reporting. This protects against an "averaging" attack where an attacker sees multiple responses from the same user and can eventually recover the real value by averaging them out over time.
|
||||
|
||||
### Instantaneous Randomized Response
|
||||
|
||||
On top of the permanent randomized data, another randomization step is performed. This time, different randomness is added on top of the permanent randomness so that every response sent is unique. This prevents an attacker from determining a user from seeing the same randomized pattern over and over again.
|
||||
|
||||
Both the permanent and instantaneous randomized response steps can be fine-tuned to for the desired privacy.
|
||||
|
||||
### Chrome
|
||||
|
||||
Google first used differential privacy in their Chrome browser for detection of [malware](https://blog.chromium.org/2014/10/learning-statistics-with-privacy-aided.html).
|
||||
|
||||
Differential privacy is also used in Google's [Privacy Sandbox](https://privacysandbox.google.com/private-advertising/aggregation-service/privacy-protection-report-strategy).
|
||||
|
||||
### Maps
|
||||
|
||||
Google Maps uses DP for its [place busyness](https://safety.google/privacy/data/#:~:text=To%20offer%20features%20like%20place%20busyness%20in%20Maps%2C%20we%20apply%20an%20advanced%20anonymization%20technology%20called%20differential%20privacy%20that%20adds%20noise%20to%20your%20information%20so%20it%20can%E2%80%99t%20be%20used%20to%20personally%20identify%20you.) feature, allowing Maps to show you how busy an area is without revealing the movements of individual people.
|
||||
|
||||
### Google Fi
|
||||
|
||||
[Google Fi](https://opensource.googleblog.com/2019/09/enabling-developers-and-organizations.html) uses differential privacy as well to improve the service.
|
||||
|
||||
## OpenDP
|
||||
|
||||
[OpenDP](https://opendp.org) is a community effort to build open source and trustworthy tools for differential privacy. Their members consist of academics from prestigious universities like Harvard and employees at companies like Microsoft.
|
||||
|
||||
There's been an effort from everyone to make differential privacy implementations open source, which is a breath of fresh air from companies that typically stick to closed source for their products.
|
||||
|
||||
## Apple
|
||||
|
||||
[Apple](https://www.apple.com/privacy/docs/Differential_Privacy_Overview.pdf) uses local differential privacy for much of its services, similar to what Google does. They add noise before sending any data off device, enabling them to collect aggregate data without harming the privacy of any individual user.
|
||||
|
||||
They limit the number of contributions any one user can make via a *privacy budget* (this is the same as Ɛ) so you won't have to worry about your own contributions being averaged out over time and revealing your own trends.
|
||||
|
||||
This allows them to find new words that people use that aren't included by default in the dictionary, or find which emojis are the most popular.
|
||||
|
||||
Some of the things they use differential privacy for include
|
||||
|
||||
- QuickType suggestions
|
||||
- Emoji suggestions
|
||||
- Lookup Hints
|
||||
- Safari Energy Draining Domains
|
||||
- Safari Autoplay Intent Detection
|
||||
- Safari Crashing Domains
|
||||
- Health Type Usage
|
||||
|
||||
That's just based on their initial white paper, they've likely increased their use of DP since then.
|
||||
|
||||
### Sketch Matrix
|
||||
|
||||
Apple uses a similar method to Google, with a matrix initialized with all zeros. The input for the matrix is encoded with the SHA-256 hashing algorithm, and then bits are flipped randomly at a probability dependent on the epsilon value.
|
||||
|
||||
Apple only sends a random row from this matrix instead of the entire thing in order to stay within their privacy budget.
|
||||
|
||||
### See What's Sent
|
||||
|
||||
You can see data sent with differential privacy in iOS under Settings > Privacy > Analytics > Analytics Data, it will begin with `DifferentialPrivacy`. On macOS, you can see these logs in the Console.
|
||||
|
||||
## U.S. Census
|
||||
|
||||
Differential privacy isn't just used by big corporations, in 2020 famously the U.S. Census used DP to protect the data of U.S. citizens for the first time.
|
||||
|
||||
As a massive collection of data from numerous U.S. citizens, it's important for the census bureau to protect the privacy of census participants while still preserving the overall aggregate data.
|
||||
|
||||
### Impetus
|
||||
|
||||
Since the 90s, the U.S. Census used a less formal injection of statistical noise into their data, which they did all the way through 2010.
|
||||
|
||||
After the 2010 census, the bureau tried to [re-identify individuals](https://www2.census.gov/library/publications/decennial/2020/census-briefs/c2020br-03.pdf) in the census data.
|
||||
|
||||
>The experiment resulted in reconstruction of a dataset of more than 300 million individuals. The Census Bureau then used that dataset to match the reconstructed records to four commercially available data sources, to attempt to identify the age, sex, race, and Hispanic origin of people in more than six million blocks in the 2010 Census.
|
||||
|
||||
Considering 309 million people lived in the U.S. in 2010, that's a devastating breach of personal privacy. Clearly more formal frameworks for protecting the privacy of individuals were needed.
|
||||
|
||||
>Nationwide, roughly 150 million individuals—almost one-half of the population, have a unique combination of sex and single year of age at the block level.
|
||||
|
||||
They could keep adding noise until these attacks are impossible, but that would make the data nigh unusable. Instead, differential privacy offers a mathematically rigorous method to protect the data from future re-identification attacks without ruining the data by adding too much noise. They can be sure thanks to the mathematical guarantees of DP.
|
||||
|
||||
## DPrio
|
||||
|
||||
Mozilla has been constantly working to make their telemetry more private over the years. Firefox uses [Prio](https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/), a [Distributed Aggregation Protocol](https://datatracker.ietf.org/doc/html/draft-ietf-ppm-dap)-based telemetry system. It uses Multi-Party Computation to split the processing of user data between multiple parties.
|
||||
|
||||
To accomplish this, [Mozilla](https://blog.mozilla.org/en/firefox/partnership-ohttp-prio/) partnered with [Divvi Up](https://divviup.org/blog/divvi-up-in-firefox/) as their DAP provider, and [Fastly](https://www.fastly.com/blog/firefox-fastly-take-another-step-toward-security-upgrade) as their OHTTP provider. OHTTP acts as a multi-hop proxy to separate traffic between two parties when making a connection: neither Mozilla nor Fastly will know both who you are and what you're connecting to.
|
||||
|
||||
In 2023 researchers from Mozilla also conducted research into making Prio differentially private. The so-named "[DPrio](https://petsymposium.org/popets/2023/popets-2023-0086.pdf)" would combine multi-party computation, OHTTP, and differential privacy in a very impressive display of privacy protection. Unfortunately I couldn't find any evidence to suggest that DPrio has been implemented, but something to keep a lookout for in the future.
|
||||
|
||||
## Future of Differential Privacy
|
||||
|
||||
Differential privacy unlocks the potential for data collection with minimal risk of data exposure for any individual. Already, DP has allowed for software developers to improve their software, for new possibilities in research in the health sector and in government organizations.
|
||||
|
||||
Adoption of scientifically and mathematically rigorous methods of data collection allows for organizations to collect aggregate data will allow for increased public trust in organizations and subsequently greater potential for research that will result in improvements to our everyday lives.
|
||||
|
||||
I think for there to be more public trust there needs to be a bigger public outreach. That's my goal with this series, I'm hoping to at least increase awareness of some of the technology being deployed to protect your data, especially since so much of the news we hear is negative. Armed with the knowledge of what's available, we can also demand companies and organizations use these tools if they aren't already.
|
||||
|
||||
It's heartening to see the level of openness and collaboration in the research. You can see a clear improvement over time as each paper takes the previous research and builds on it. I wish we saw the same attitude with all software.
|
||||
|
||||
## Further Research
|
||||
|
||||
Any programmers interested in learning how to implement differential privacy can check out the book *[Programming Differential Privacy](https://programming-dp.com)* to see Python examples.
|
||||
@@ -14,7 +14,6 @@ preview:
|
||||
# The Power of Digital Provenance in the Age of AI
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Kseniya Lapteva / Pexels | Logo: Content Credentials</small>
|
||||
|
||||
With the popularity of generative AI, it's becoming more and more difficult to [distinguish](https://uwaterloo.ca/news/media/can-you-tell-ai-generated-people-real-ones) reality from fiction. Can this problem be solved using cryptography? What are the privacy implications of the currently proposed systems?<!-- more -->
|
||||
|
||||
@@ -0,0 +1,285 @@
|
||||
---
|
||||
title: "Email Security: Where We Are and What the Future Holds"
|
||||
date:
|
||||
created: 2025-11-15T22:45:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Email
|
||||
license: BY-SA
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. But is it really a good idea to still be relying on the same decades old techology? What can we do about replacing it?
|
||||
preview:
|
||||
cover: blog/assets/images/email-security/cover.png
|
||||
---
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: fria / Privacy Guides</small>
|
||||
|
||||
Email is ubiquitous. If you want to function in modern society, you pretty much have to have an email address. What was originally just a simple protocol to send messages between machines has morphed beyond what it was originally intended for into the *de facto* authentication, identity, and "secure" communication channel for almost all technology users today. It's been updated many times to fix security issues and there are more updates to come, but is it worth trying to fix a decades-old protocol, or should we scrap it all and start over?<!-- more -->
|
||||
|
||||
## Current State of Email Security
|
||||
|
||||
The [**Simple Mail Transport Protocol (SMTP)**](https://www.rfc-editor.org/rfc/rfc5321.html) is the standard used to send emails.
|
||||
|
||||
Over the years, multiple protocols have been introduced to fix security issues and improve the usability of email, resulting in a complex mess that we're still feeling the consequences of to this day.
|
||||
|
||||
### Encryption
|
||||
|
||||
By default, there's no encryption in SMTP. Not transport encryption or end-to-end encryption, it's just a plaintext protocol.
|
||||
|
||||
To remedy this, several solutions have been created.
|
||||
|
||||
#### STARTTLS
|
||||
|
||||
[STARTTLS](https://www.rfc-editor.org/rfc/rfc3207) is a command that allows email clients to negotiate TLS encryption. Importantly, the negotiation phase happens in plaintext which leaves it vulnerable to attackers.
|
||||
|
||||
STARTTLS allows a bit more flexibility at the cost of some security. Since you don't really know if the recipient's email client supports TLS or not, it allows you to continue with the SMTP session anyway if you want to.
|
||||
|
||||
Since it's just using TLS, STARTTLS can't provide E2EE, just transport encryption. The encryption looks something like:
|
||||
|
||||
Encrypted between your email client and your SMTP server → decrypted at your SMTP server → Encrypted between your SMTP server and recipient's SMTP server → decrypted at recipient's SMTP server → encrypted between their SMTP server and their POP3/IMAP server → decrypted at their POP3/IMAP server → encrypted between their POP3/IMAP server and their email client → decrypted by their email client.
|
||||
|
||||
``` mermaid
|
||||
flowchart LR
|
||||
A[Email Client] -->|Optional TLS Encryption| B(SMTP Server)
|
||||
B --> |Optional TLS Encryption| C(Other SMTP Server)
|
||||
C -->|Optional TLS Encryption| D[POP3 or IMAP Server]
|
||||
D -->|Optional TLS Encryption| F[Other Party's Email Client]
|
||||
```
|
||||
|
||||
At each point in the process TLS encryption is not guaranteed. Now consider that you can have multiple recipients with their own SMTP servers as well, and you start to see how flimsy this protection can be. And since the initial negotiation is in plaintext, an attacker can simply strip away the STARTTLS command, preventing a secure connection from being established.
|
||||
|
||||
Authentication is left to another protocol to solve, this just handles the transport encryption.
|
||||
|
||||
#### SMTPS
|
||||
|
||||
Also known as "Implicit TLS" (as opposed to the "Explicit TLS" of STARTTLS), SMTPS starts with an encrypted connection, similar to HTTPS, removing the potential for an adversary to downgrade the connection.
|
||||
|
||||
The [current](https://datatracker.ietf.org/doc/html/rfc8314) recommendations are to use port 465 for SMTPS and port 587 for STARTTLS. Unfortunately, these ports aren't standardized and thus there is disagreement and confusion about what port should be used for SMTPS.
|
||||
|
||||
In the past, ports 25, 465, 587, and 2525 have all been used for SMTP at various points. This lack of a standardized port means that you end up with services using different ports and being unable to establish a secure connection. Particularly, there is still confusion in some email providers whether to use port 465 or port 587 for SMTPS, although the current recommendation is port 465.
|
||||
|
||||
#### POP3S
|
||||
|
||||
[Post Office Protocol version 3](https://en.wikipedia.org/wiki/Post_Office_Protocol) or POP3 is a protocol for retrieving mail from a mail server. It's one of the ways your email client can show you your mail.
|
||||
|
||||
POP3 also supports implicit TLS over port 995, so it can be encrypted by default as well.
|
||||
|
||||
#### IMAPS
|
||||
|
||||
[Internet Message Access Protocol](https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol) or IMAP is another protocol for retrieving mail from a mail server.
|
||||
|
||||
Like SMTPS and POP3s, IMAP supports implicit TLS. The implicit TLS port is 993.
|
||||
|
||||
#### OpenPGP
|
||||
|
||||
The above features only protect the email in transit and don't protect against the email providers involved, which is a massive security issue if you don't trust your email provider. On top of that, you as a user have no control over which parts of the chain are encrypted. If you want to be sure that no party in between you and your recipient can read or alter your emails, you need to use end-to-end encryption. Unfortunately, by default, email doesn't support end-to-end encryption.
|
||||
|
||||
[Pretty Good Privacy (PGP)](https://www.openpgp.org/about/) was originally created in 1997 by [Phil Zimmerman](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/). While originally proprietary software, an open source version of PGP called OpenPGP has been standardized by the [IETF](https://www.rfc-editor.org/rfc/rfc9580.html). As you can imagine from software originally conceived in the 90s, the user experience isn't the smoothest.
|
||||
|
||||
Unlike modern messengers like [Signal](https://signal.org), OpenPGP requires you to [manually manage your keys](https://dev.to/adityabhuyan/how-to-generate-your-own-public-and-secret-keys-for-pgp-encryption-1joh). This is a problem not only because it's cumbersome, but the security of E2EE rests on protecting the private key. If the private key is compromised, your messages are compromised.
|
||||
|
||||
PGP also lacks [forward secrecy](https://en.wikipedia.org/wiki/Forward_secrecy), meaning that if your private key is ever exposed, all previous messages you've ever sent using that key are also exposed. All it takes is a slight user error for a catastrophic compromise.
|
||||
|
||||
PGP encryption also usually doesn't encrypt important metadata like `To`, `From`, `Cc`, `Date`, and `Subject`, stored in the [email header](https://en.wikipedia.org/wiki/Email#Message_header); usually, only the body of the email is encrypted, which can be a major privacy issue. What the email is about, who you are, and who you're messaging can all be revealed even with E2EE. Some email clients use their hidden headers that can reveal more data about you.
|
||||
|
||||
#### S/MIME
|
||||
|
||||
Another common option for email encryption is [S/MIME](https://www.digicert.com/faq/email-trust/what-is-smime-or-encrypted-email), or Secure/Multipurpose Internet Mail Extensions. S/MIME works a bit like HTTPS, using [X.509 digital certificates](https://www.ssl.com/faqs/what-is-an-x-509-certificate/) and [certificate authorities](https://www.digicert.com/blog/what-is-a-certificate-authority) to encrypt and verify the authenticity of emails.
|
||||
|
||||
While a step up from the manual keys of PGP, S/MIME is still a pain to use, particularly because it usually requires purchasing and managing a certificate from a CA, which can be expensive and annoying. S/MIME also lacks forward secrecy just like PGP, so if there's ever a compromise of your private key, all previously sent messages are also compromised.
|
||||
|
||||
These issues make S/MIME nonviable for most people outside business settings.
|
||||
|
||||
#### Web Key Directory
|
||||
|
||||
A problem with PGP is getting your public key out to people without manually exchanging keys. This problem can be solved with Web Key Directory (WKD), which allows you to upload your public PGP key to a server and clients that want to send E2EE emails to you can ask that server to send you their public key.
|
||||
|
||||
You can read more on our [email security](https://www.privacyguides.org/en/basics/email-security/?h=email#what-is-the-web-key-directory-standard) page.
|
||||
|
||||
### Authentication
|
||||
|
||||
SMTP by default essentially has no authentication and allows spoofing the `MAIL FROM` header. Your email client will just blindly accept whoever the sender says they are without any authentication. Luckily, there are several solutions for this.
|
||||
|
||||
There are multiple methods that email providers can implement to verify the authenticity of an email sender.
|
||||
|
||||
#### SPF
|
||||
|
||||
The first solution implemented was [Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208). SPF uses [DNS TXT records](https://www.cloudflare.com/learning/dns/dns-records/dns-txt-record/).
|
||||
|
||||
Just like the name sounds, a DNS TXT record allows you to store text in a [DNS record](https://www.cloudflare.com/learning/dns/dns-records/). Here's an example of what a DNS TXT record might look like:
|
||||
|
||||
| example.com | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| @ | TXT | "color=blue" |99999|
|
||||
|
||||
SPF lists all the servers that are authorized to send from a specific domain. When an email is received, it checks the sending server against the list of authorized servers for that domain. An SPF record might look like this:
|
||||
|
||||
| example.com | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| @ | TXT | "v=spf1 ip4:200.56.78.99 ip4:156.67.109.43 include:_spf.google.com -all" |99999|
|
||||
|
||||
The IP addresses are the ones that are authorized to send email from this domain. The `include:` tag denotes what third-party domains are allowed to send email on behalf of `example.com`. The third-party SPF record will be checked and included in the allowed IP addresses.
|
||||
|
||||
While a good start, SPF still has several glaring weaknesses. Since it relies on DNS, an attack on the DNS infrastructure could cause spoofed DNS data to be accepted.
|
||||
|
||||
Since SPF doesn't authenticate individual users, it's still possible for a sender to impersonate another user. SPF does not authenticate the `MAIL FROM` header. If you try to send an email from a gmail.com domain, but the server doesn't match gmail.com, it will fail.
|
||||
|
||||
SPF has a few different modes, allowing for a hard fail, soft fail, or completely ignoring it. `-all` means an email that fails will be rejected, `~all` will mark emails that fail as insecure or spam but still send them, and `+all` will specify that any server is allowed to send emails on behalf of your domain.
|
||||
|
||||
This flexibility, while convenient, allows for the security benefits of SPF to be completely undermined.
|
||||
|
||||
#### DKIM
|
||||
|
||||
[DomainKeys Identified Mail (DKIM)](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/) relies on public key cryptography to verify the domain of an email.
|
||||
|
||||
Example of a DKIM DNS TXT record:
|
||||
|
||||
| name | record type | value | TTL |
|
||||
|-------------|--------------|--------|-----|
|
||||
| test-email._domainkey.example.com | TXT | "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY+7sGVwvyS8w+3HgJk7EviazH+C4L8gV4gOJzAq9oKJjZ5En7LDEw3FqAh8C0M59c9sBQcC+Kj8VxMBY9y+E0Pm1fPK9V7sI3Gm7yE7Y9yU4uVZr8R3N+5z+qZ+7V76RU4oZ0mtSvw8m3pX1hZyHd7NZfXaFfKfgd18W5T7YQIDAQAB" | 9999 |
|
||||
|
||||
DKIM records are stored under a specific name following the format
|
||||
|
||||
`[selector]_domainkey.[domain]`
|
||||
|
||||
The public and private keys are generated by the email provider, such as gmail.com. The public key is stored in a publicly available DNS TXT record like the one seen above and is used by the receiver to verify messages. The private key is kept secret by the email provider.
|
||||
|
||||
Emails sent from the email provider contain a DKIM header with a signature generated from the private key and the content of the message. If the email message is altered or signed with the wrong key, when the receiver verifies the signature using the public key it will be obvious it was altered.
|
||||
|
||||
An example of a DKIM header:
|
||||
|
||||
`v=1; a=rsa-sha256; d=example.com; s=test-email; h=from:to:subject bh=uMixy0BsCqhbru4fqPZQdeZY5Pq865sNAnOAxNgUS0s=;b=LiIvJeRyqMo0gngiCygwpiKphJjYezb5kXBKCNj8DqRVcCk7obK6OUg4o+EufEbBtRYQfQhgIkx5m70IqA6dP+DBZUcsJyS9C+vm2xRK7qyHi2hUFpYS5pkeiNVoQk/Wk4wZG4tu/g+OA49mS7VX+64FXr79MPwOMRRmJ3lNwJU=`
|
||||
|
||||
`v=` shows the version of DKIM, currently version one is the latest (we'll come back to that later). `a=` shows the algorithm used. `d=` shows the domain of the sender. `s=` denotes the selector that is used in the TXT record. `h=` shows the headers that were used to create the signature. `bh=` shows a hash of the body of the email. `b=` is the signature computed from the listed headers and the hash of the body listed in `bh`.
|
||||
|
||||
In this way, not only does DKIM provide assurance that the email was sent from the correct domain, it also protects the integrity of the message. However, since the keys are controlled by your email provider, it can't stop your email provider from tampering with your messages.
|
||||
|
||||
Note also that this has nothing to do with encryption of the message, only verifying the authenticity and sender. The message is still sent in plaintext unless another component encrypts it.
|
||||
|
||||
#### DMARC
|
||||
|
||||
[Domain-based Message Authentication Reporting and Conformance (DMARC)](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/) is an authentication method that builds on SPF and DKIM. DMARC tells a receiving email server what to do after checking the SPF and DKIM. If the email fails, the DMARC policy tells the receiver whether to mark it as spam, block it, or allow it through.
|
||||
|
||||
DMARC also uses TXT records. An example DMARC policy might look like
|
||||
|
||||
`v=DMARC1; p=quarantine; adkim=s; aspf=s;`
|
||||
|
||||
The `v=` shows the version of DMARC to use. The `p=` shows what should be done with emails if they fail, in this case `quarantine` means the receiver should put the email in the user's spam folder. `reject` can be specified as well to show that emails that fail should be outright blocked. `adkim=` tells how DKIM should be enforced, with `s` meaning "strict"; for relaxed, `r` is listed instead. Ditto for `aspf=`.
|
||||
|
||||
#### DNSSEC
|
||||
|
||||
You may have noticed that all of these authentication methods rely on DNS. Unfortunately, DNS wasn't designed to be secure when it was invented in the 1980s. Ironically, there's no authentication built into DNS by default, so by attacking DNS, a malicious actor can [poison](https://www.cloudflare.com/learning/dns/dns-cache-poisoning/) your DNS cache with false information.
|
||||
|
||||
[Researchers at CMU in 2014](https://www.sei.cmu.edu/blog/probable-cache-poisoning-of-mail-handling-domains/) found that emails that were supposedly to be sent by Gmail, Yahoo!, and Outlook.com were actually being sent by a rogue email server. This is disastrous for security and breaks the entire email authentication system. There are many such cases of attacks on DNS infrastructure and many more [possible attacks](https://www.akamai.com/glossary/what-are-dns-attack-vectors) on DNS.
|
||||
|
||||
The solution? [DNSSEC](https://www.cloudflare.com/learning/dns/dnssec/how-dnssec-works/). DNSSEC uses digital signatures to verify the authenticity of the DNS response. Unfortunately, DNSSEC isn't as widely used as it could be so DNS attacks are still a real threat.
|
||||
|
||||
DNSSEC forms a [chain of trust](https://en.wikipedia.org/wiki/Chain_of_trust), with each zone forming a parent/child relationship all the way up to the [root zone](https://www.cloudflare.com/learning/dns/glossary/dns-root-server/).
|
||||
|
||||
The public key infrastructure (PKI) that we rely on for things like HTTPS in browsers similarly relies on a chain of trust, but web PKI relies on many trusted entities whereas DNSSEC effectively reduces it to one: the IANA which signs the root zone key in a [root signing ceremony](https://www.cloudflare.com/learning/dns/dnssec/root-signing-ceremony/).
|
||||
|
||||
Effectively, DNSSEC is designed so that you can be sure the results of a DNS query are accurate.
|
||||
|
||||
#### DANE
|
||||
|
||||
DNS-Based Authentication of Named Entities or DANE applies the security of DNSSEC to email. It forces TLS to be used and binds the TLS certificate to DNS names directly using TLSA, thus allowing email providers to bypass the certificate authority system relied on by HTTPS.
|
||||
|
||||
#### MTA-STS
|
||||
|
||||
[MTA-STS](https://www.mailhardener.com/kb/mta-sts) or Mail Transfer Agent Strict Transport Security is a way to force TLS connections for email and validate that the DNS is correct. Instead of DNSSEC, MTA-STS relies on HTTPS and the web PKI to validate DNS. It's not stored as a DNS record but instead an HTTPS server that serves the file.
|
||||
|
||||
You can think of MTA-STS like HSTS, HTML Strict Transport Security, which forces the use of TLS for websites. It's the same principal, just applied to email.
|
||||
|
||||
The extra reliance on web PKI introduces more trust than with DNSSEC, but it's easier to implement and relies on the already-established infrastructure of the internet.
|
||||
|
||||
Both DANE and MTA-STS can be used together for a multilayered approach to email security.
|
||||
|
||||
### General Security
|
||||
|
||||
#### Email as a Backdoor into Your Accounts
|
||||
|
||||
Something seldom discussed is the fact that email is the default 2FA method for most accounts and also can be used to bypass your password through the password reset function on the login screen of most services. This essentially means the security of all of your accounts rests on the security of your email, which can be very shaky and lacks E2EE usually. It's most comparable to SMS 2FA which is also used a lot of the time as a method for getting into accounts when you forgot your password.
|
||||
|
||||
I touched on this a bit in my [passkey article](toward-a-passwordless-future.md), but we need to stop relying on email for security critical applications and start using proper recovery methods like recovery codes. Email should be used for what it's intended for: sending messages and updates to people, announcements, etc.
|
||||
|
||||
#### Third-Party Clients
|
||||
|
||||
Many email providers such as Gmail provide their own clients for you to view your inbox, send messages, etc. But many people choose to use third-party clients for their email needs.
|
||||
|
||||
While it's great that email can support that, it does mean you need to trust another party with your sensitive email and essentially the security of all of your accounts. Not to mention that email clients can have [vulnerabilities](https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/), so you need to be very careful about which one you trust.
|
||||
|
||||
#### Email Attack Surface
|
||||
|
||||
A big part of the reason email clients can be so vulnerable to exploits is the vast attack surface afforded by things like JavaScript support in emails. This puts email clients dangerously close to the same territory as browsers in terms of attack surface but without the same level of scrutiny or hardening effort that goes into browsers.
|
||||
|
||||
Since almost anyone can email you at any time, you have to trust that your email client vendor is able to protect you against [vulnerabilities](https://www.csoonline.com/article/1308164/microsoft-outlook-flaw-opens-door-to-1-click-remote-code-execution-attacks.html) and also has timely patches when they're found.
|
||||
|
||||
Luckily, lots of email clients let you disable JavaScript and HTML if you want, but not all do, and email clients can have lots of other vulnerabilities as well not related to JavaScript.
|
||||
|
||||
## Future of Email Security
|
||||
|
||||
It's been a multi-decade cross-industry effort to bring email up to snuff as a modern communication system, and we still have a long way to go. There's still efforts to improve the state of email security, so look out for these in the future.
|
||||
|
||||
### Improvements to OpenPGP
|
||||
|
||||
The IETF has a [working group](https://datatracker.ietf.org/wg/openpgp/about/) for OpenPGP that wants to add many improvements to OpenPGP, including post-quantum encryption, forward secrecy, and usability improvements.
|
||||
|
||||
Key transparency is also a planned feature, similar to what apps like [WhatsApp](https://scontent.xx.fbcdn.net/v/t39.8562-6/379264560_846690136905658_6336040801441930900_n.pdf?_nc_cat=108&ccb=1-7&_nc_sid=e280be&_nc_ohc=gNmDlLkE0DMQ7kNvwEyKONi&_nc_oc=AdmucQjSjoTw2nXUszYeZNStyUHGqvM2pj3oRVV7qI4xmLEJMmY2pUV29WcOnKC1KpA&_nc_zt=14&_nc_ht=scontent.xx&_nc_gid=5lSqV7L5iCqeiMSQDCwN0w&oh=00_AfXoxrF8ukQtSVZM_BCBDbveIDviQPfn0kDEV8pSbxX1SQ&oe=68AB9400) have implemented. Key transparency systems use an append-only, auditable and tamper-evident log of keys that allows you to automatically verify the authenticity of whoever you're messaging with.
|
||||
|
||||
There's even a plan to add the ability to verify keys manually using QR codes, similar to how some messengers let you manually verify keys.
|
||||
|
||||
### Improvements to S/MIME
|
||||
|
||||
The [LAMPS](https://datatracker.ietf.org/wg/lamps/about/) working group is looking at adding post-quantum encryption to S/MIME to protect against future quantum computer threats. This would include "dual-signature" schemes combining traditional encryption with PG encryption, similar to how some messengers handle it.
|
||||
|
||||
### DKIM2
|
||||
|
||||
[DKIM2](https://www.ietf.org/archive/id/draft-gondwana-dkim2-motivation-00.html) is the planned next version of DKIM.
|
||||
|
||||
An issue with the current version of DKIM is a malicious actor taking emails signed with DKIM from a different domain and replaying them, spamming them out to thousands of people and eroding trust in the original domain. The new DKIM2 specification would force each hop the email takes along its path to sign it, so any issues will be the fault of the previous hop.
|
||||
|
||||
DKIM2 aims to simplify the protocol and make it more standardized. For example, in practice, the vast majority of DKIM is singed using relaxed methods, so DKIM2 will only support relaxed.
|
||||
|
||||
The fact that DKIM relies on an explicit list of headers as part of the signature, there is inconsistent signing of headers and some security-critical headers might not be signed. In order to prevent attackers from adding headers that weren't originally part of the email, providers would sign headers with no information in them. DKIM2 would specify a fixed set of headers in alignment with best practices, so there won't be a need to specify headers.
|
||||
|
||||
### DMARCbis
|
||||
|
||||
[DMARCbis](https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/) is a proposed updated version of DMARC.
|
||||
|
||||
The `pct` tag is going away, which was a tag that would only allow a specified percentage of emails, say 50%, to be sent if they failed. Apparently, this wasn't implemented properly so now it's being replaced with the `t` mode that is a binary pass or fail.
|
||||
|
||||
The new `np` tag adds the ability to define what to do with a non-existent subdomain of a real domain. This will prevent cybercriminals from subverting DMARC by using a fake subdomain.
|
||||
|
||||
They are also adding [requirements](https://datatracker.ietf.org/doc/html/draft-ietf-dmarc-dmarcbis-41#name-conformance-requirements-fo) that mail providers must meet to fully conform to the specification, which should eliminate questions about best practices and how DMARC should be implemented.
|
||||
|
||||
### Deprecation of Cleartext Email
|
||||
|
||||
Since there are now protocols in place to at least allow for transport encryption at every stage of the email process, providers should work on [removing support](https://datatracker.ietf.org/doc/html/rfc8314#section-4.1) for unencrypted email entirely.
|
||||
|
||||
Transport encryption between servers now should be the minimum expected for email services going into the future.
|
||||
|
||||
### Passkeys
|
||||
|
||||
The adoption of [passkeys](https://fidoalliance.org/passkeys/) will eliminate the need for email as a recovery method, since users won't have to remember passwords. Email can be used for what it was originally intended for: a method of communication and sending updates and announcements, nothing more. This will take a concerted effort from service providers though, and it seems for now most services that support passkeys still require and email for some reason. Here's hoping this changes in the future.
|
||||
|
||||
The adoption of passkeys will also make email services themselves more secure, since at the moment they act as a sort of de facto recovery method for all of our accounts. They should focus on deprecating passwords for improved security.
|
||||
|
||||
### Wider Adoption of DNSSEC
|
||||
|
||||
DNSSEC should be universally adopted to prevent DNS poisoning attacks. This would drastically improve the security of email.
|
||||
|
||||
### Guidance for E2EE
|
||||
|
||||
The usability of E2EE in email is significantly lacking compared to other methods of communication, especially modern messengers like Signal that make the E2EE very seamless and simple. The handling of E2EE by email clients can also vary a lot and leave email users [vulnerable to bypasses](https://efail.de) for the E2EE.
|
||||
|
||||
An [RFC](https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html) to address usability issues and best practices for email clients exists, hopefully it can lead to a future of improved user experience and security in email.
|
||||
|
||||
### SMTP End-to-End Encryption
|
||||
|
||||
The biggest obstacle in the way of email privacy is it's not E2EE by default like most modern messengers we use daily. Some providers like Proton Mail will automatically encrypt emails between [Proton Mail](https://proton.me/support/manage-encryption#:~:text=Proton%20Mail%20encrypts%20all%20emails%20sent%20between%20Proton%20accounts%20with%20end%2Dto%2Dend%20encryption%20(E2EE)) users. The obvious next step is to build E2EE into SMTP itself.
|
||||
|
||||
An [RFC proposal](https://dcrubro.com/files/smtp-ee2esign-latest.txt) exists for just such an idea. I'm hopeful something like this can be standardized and widely adopted, and finally bring email into the 21st century.
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: Encryption is not a crime, encryption protects all of us. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
|
||||
description: Encryption is not a crime, encryption protects us all. Encryption, and especially end-to-end encryption, is an essential tool to protect everyone online. Attempts to undermine encryption are an attack to our fundamental right to privacy and an attack to our inherent right to security and safety.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/encryption-is-not-a-crime/encryption-is-not-a-crime-cover.webp
|
||||
|
||||
@@ -7,7 +7,7 @@ tags:
|
||||
- Pride Month
|
||||
authors:
|
||||
- em
|
||||
description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month this year, we will discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
|
||||
description: Data privacy is important for everyone. But for some marginalized populations, data privacy is indispensable for social connection, access to information, and physical safety. For Pride month, we discuss topics at the intersection of data privacy and experiences specific to the LGBTQ+ community.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/importance-of-privacy-for-the-queer-community/pride-cover.webp
|
||||
|
||||
@@ -8,7 +8,7 @@ tags:
|
||||
- Tor
|
||||
authors:
|
||||
- em
|
||||
description: You might have heard of Tor in the news a few times, yet never dared to try it yourself. Despite being around for decades, Tor is still a tool too few people know about. Today, Tor is easy to use for anyone. It not only helps journalists and activists, but anybody who seeks greater privacy online or access to information regardless of location. But what is Tor exactly? How can Tor help you? And why is it such an important tool?
|
||||
description: You might have heard of Tor already, yet never dared to try it yourself. Despite being around for decades, too few people know about Tor. It isn't only a tool for journalists and activists, but for anyone seeking greater privacy online. What is Tor exactly? And how can Tor help you?
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/in-praise-of-tor/tor-cover.webp
|
||||
|
||||
@@ -8,7 +8,7 @@ categories:
|
||||
- Reviews
|
||||
authors:
|
||||
- em
|
||||
description: "If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. KeePassium offers some synchronization features, but keeps your password database offline by default. You choose who to trust to store your passwords, and you can change it whenever you want."
|
||||
description: If you need a password manager for iOS or macOS that gives you full control over your data, KeePassium is a fantastic option. With KeePassium, you can keep your password database offline entirely, or choose whomever you trust to store it. You can also change this anytime.
|
||||
preview:
|
||||
logo: blog/assets/images/keepassium-review/keepassium.svg
|
||||
review:
|
||||
|
||||
@@ -66,7 +66,7 @@ All of these applications are optional. You can set up nearly any combination of
|
||||
| Arti | A [Tor](https://www.privacyguides.org/en/advanced/tor-overview) client written in Rust. | Connect to Tor nodes, broadcast transactions over Tor, and connect to TrueNAS apps over Tor. |
|
||||
| Java I2P | The officially distributed app to connect to the [I2P network](https://www.privacyguides.org/en/alternative-networks/#i2p-the-invisible-internet-project). | Connect to I2P nodes, broadcast transactions over I2P, and connect to TrueNAS apps over I2P. |
|
||||
| Monero Node | The officially distributed app for communicating with the Monero network. | The app provides the necessary information to send and receive Monero transactions. Most wallets (including the official Monero wallets and Cake Wallet) connect to Monero nodes. |
|
||||
| Monero-LWS | A "**L**ight**w**eight **S**erver" that allows "lightweight" wallets to send and receive Monero transactions. | Lightweight Monero wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
|
||||
| Monero-LWS | A "**L**ight-**W**allet **S**erver" that allows "light-wallets" to send and receive Monero transactions. | Monero light-wallet apps (including Edge Wallet and MyMonero) can connect to this server so that the wallet itself does not need to scan/sync Monero history; the server handles this scanning/syncing. |
|
||||
|
||||
## Configure TrueNAS Storage
|
||||
|
||||
|
||||
@@ -0,0 +1,157 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-15T17:30:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- fria
|
||||
tags:
|
||||
- Privacy Enhancing Technologies
|
||||
schema_type: BackgroundNewsArticle
|
||||
description: Learn about Secure Multi-Party Computation and how it can be used to solve real-world privacy problems.
|
||||
preview:
|
||||
cover: blog/assets/images/multi-party-computation/cover.webp
|
||||
---
|
||||
# What is Multi-Party Computation?
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Jordan Warne / Privacy Guides</small>
|
||||
|
||||
We know how to secure data in storage using E2EE, but is it possible to ensure data privacy even while processing it server-side? This is the first in a [series](../tags.md/#tag:privacy-enhancing-technologies) of articles I'll be writing covering the privacy-enhancing technologies being rolled out.<!-- more -->
|
||||
|
||||
## History
|
||||
|
||||
In a seminal [paper](https://dspace.mit.edu/bitstream/handle/1721.1/148953/MIT-LCS-TM-125.pdf?sequence=1) called "Mental Poker" by Adi Shamir, Ronald L. Rivest, and Leonard M. Adleman from 1979, the researchers attempt to demonstrate a way of playing poker over a distance using only messages and still have it be a fair game.
|
||||
|
||||
To explain, fan favorites Alice and Bob will make a return. First, Bob encrypts all the cards with his key, then sends them to Alice. Alice picks five to deal back to Bob as his hand, then encrypts five with her own key and sends those to Bob as well. Bob removes his encryption from all ten cards and sends Alice's cards back to her.
|
||||
|
||||
<div style="position: relative; padding-top: 56.25%;"><iframe title="Mental Poker Animation" width="100%" height="100%" src="https://neat.tube/videos/embed/k5jMvrTPLx5VcgzNq3ej1B?title=0" frameborder="0" allowfullscreen="" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" style="position: absolute; inset: 0px;"></iframe></div>
|
||||
|
||||
Notice that Bob needs to be able to remove his encryption *after* Alice has applied hers. This commutative property is important for the scheme to work.
|
||||
|
||||
This early scheme is highly specialized for this task and not applicable to different situations.
|
||||
|
||||
### Secure Two-Party Computation
|
||||
|
||||
Alice and Bob have struck it rich! They're both millionaires, but they want to be able to see who has more money without revealing exactly how much they have to each other.
|
||||
|
||||
Luckily, we can use **Multi-Party Computation** (**MPC**) to solve this "Millionaire's Problem," using a method invented by Andrew Yao called *garbled circuits*. Garbled circuits allow us to use MPC for any problem as long as it can be represented as a boolean circuit, i.e. a set of logic gates such as `AND` `OR` `XOR` etc.
|
||||
|
||||
### Garbled Circuits
|
||||
|
||||
We can split the two parties into an "Evaluator" and a "Generator". The Generator will be responsible for setting up the cryptography that'll be used, and the Evaluator will actually perform the computation.
|
||||
|
||||
We start by making the truth table for our inputs. In order to hide the values of the truth table, we assign each input a different label. Importantly, we need to assign a different label for each input, so 1 will not be represented by the same label for each. We also need to shuffle the order of the rows, so the values can't be inferred from that.
|
||||
|
||||
We can still tell what the value is based on knowing the type of logic gate. For example, an `AND` gate would only have one different output, so you could infer that output is 1 and the others are 0. To fix this, we can encrypt the rows using the input labels as keys, so only the correct output can be decrypted.
|
||||
|
||||
We still have a problem, though: how can the Evaluator put in their inputs? Asking for both labels would allow them to decrypt more than one output, and giving their input would break the whole point. The solution is something called "Oblivious Transfer".
|
||||
|
||||
The solution is for the Evaluator to generate two public keys, one of which they have the private key for. The Generator encrypts the two labels for the Evaluator's inputs using the provide public keys and sends them back. Since the Generator only has a private key for one of the labels, they will decrypt the one they want. The Generator puts the labels in order so that the Evaluator can choose which one they want to decrypt. This method relies on the Evaluator not to send multiple keys that can be decrypted. Because some trust is required, this protocol is considered "semi-honest".
|
||||
|
||||
There's a good explainer for Yao's garbled circuits [here](https://lcamel.github.io/MPC-Notes/story-en-US.html) if you're interested in a step-by-step walkthrough.
|
||||
|
||||
### Birth of Multi-Party Computation
|
||||
|
||||
Multi-Party Computation was solidified with the [research](https://dl.acm.org/doi/pdf/10.1145/28395.28420) of Oded Goldreich, Silvio Micali, and Avi Wigderson and the GMW paradigm (named after the researchers, similar to how RSA is named).
|
||||
|
||||
#### More Than Two Parties
|
||||
|
||||
Yao's protocol was limited to two parties. The GMW paradigm expanded the protocol to be able to handle any number of parties and can handle actively malicious actors as long as the majority are honest.
|
||||
|
||||
#### Secret Sharing
|
||||
|
||||
The GMW paradigm relies on secret sharing which is a method of splitting private information like a cryptographic key into multiple parts such that it will only reveal the secret if the shares are combined. The GMW protocol uses additive secret sharing, which is quite simple. You come up with a secret number, say 123, and you split it up into however many other numbers you want.
|
||||
|
||||
`99 + 24 = 123`
|
||||
|
||||
You distribute each number to a participant and add them all together to get the original secret. While simple, it doesn't play well with multiplication operations.
|
||||
|
||||
#### Zero-Knowledge Proofs
|
||||
|
||||
The GMW paradigm introduced protections against malicious adversaries, powered by zero-knowledge proofs (ZKP). ZKP allow one party to convince another party a statement is true without revealing any other information than the fact that the statement is true. The concept of ZKP was first introduced in a [paper](https://dl.acm.org/doi/pdf/10.1145/22145.22178) from 1985 by Shafi Goldwasser, Silvio Micali, and Charles Rackoff.
|
||||
|
||||
A humorous paper titled *[How to Explain Zero-Knowledge Protocols to Your Children](https://pages.cs.wisc.edu/~mkowalcz/628.pdf)* gives a storybook explanation of how they work (who says academic papers can't be fun?).
|
||||
|
||||
The main crux revolves around probability: if a party knows the proper way to get a result, they should be able to reliably get the correct answer.
|
||||
|
||||
To borrow the cave explanation, imagine Alice and Bob have taken up cave exploration. They've found a cave in the shape of a loop with a magic door connecting each entrance together and Alice claims to know how to open it. However, she doesn't want Bob to know the secret to open the door.
|
||||
|
||||
Alice, acting as the "Prover" goes into the cave. Bob, the "Verifier", stays outside and yells which side of the cave Alice should come out of. They repeat this many times. If Alice can reliably make it out of the correct side of the cave, then she must know how to open the magic door.
|
||||
|
||||
### BGW Protocol
|
||||
|
||||
While the GMW protocol was a huge leap forward for MPC, there were still huge limitations. The garbled circuit protocol is limited to boolean logic gates which makes implementing many different common operations much more difficult. It also requires communication for every single gate, which is highly inefficient.
|
||||
|
||||
The researchers Michael Ben-Or, Shafi Goldwassert, and Avi Wigderson in their paper *[Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation](https://dl.acm.org/doi/pdf/10.1145/62212.62213)* made several advancements in the efficiency and robustness of MPC, moving it closer to being practical to use in the real world.
|
||||
|
||||
#### Arithmetic Circuits
|
||||
|
||||
Instead of boolean circuits, the BGW protocol uses arithmetic circuits. These allow for easier mathematical operations like multiplication and addition instead of being limited to logic gates on individual bits. This makes a huge difference in the amount of communication between parties and thus the efficiency of the protocol.
|
||||
|
||||
#### Shamir's Secret Sharing
|
||||
|
||||
The BGW protocol utilizes [Shamir's Secret Sharing](https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf), which relies on polynomials instead of addition. This allows for more efficiency in multiplication and allows for setting a threshold where only a certain number of shares need to be present in order to reconstruct the secret.
|
||||
|
||||
#### Less Communication
|
||||
|
||||
The BGW protocol doesn't require as much communication between parties, partly thanks to its use of Shamir's secret sharing which works well with arithmetic operations.
|
||||
|
||||
Additionally, it doesn't require Oblivious Transfer or zero-knowledge proofs. Its use of Shamir's secret sharing and error correction codes instead provides the same properties in a more efficient way.
|
||||
|
||||
### Fairplay
|
||||
|
||||
The field was further advanced by the introduction of the [Fairplay](https://www.cs.huji.ac.il/w~noam/FairplayMP.pdf) system.
|
||||
|
||||
Up until this paper, MPC was limited to boolean circuits or arithmetic circuits: not exactly friendly if you're a programmer that's used to using higher level languages. Fairplay introduces a compiler, SFDL, which can compile higher level languages to boolean circuits and then securely computes the circuit.
|
||||
|
||||
Fairplay also brings some advancements in efficiency. It utilizes constant rounds, with a fixed 8 rounds, reducing the communication overhead. It also uses the free XOR technique so that encryption operations don't have to be performed on XOR gates, improving efficiency.
|
||||
|
||||
### Real-World Usage
|
||||
|
||||
As MPC saw gradual optimizations and improvements, it grew from an interesting thought experiment to something that could have real-world uses.
|
||||
|
||||
#### Danish Sugar Beet Auction
|
||||
|
||||
The first instance of MPC being used in a real-world scenario wouldn't occur until 2008.
|
||||
|
||||
Denmark's sugar beet industry faced a problem: with the EU significantly reducing its financial support for sugar beet production, they needed to figure out what price the thousands of sugar beet farmers were willing to sell at, and which price the company that bought all the sugar beets would be willing to buy them at, a so-called "double auction" where the buyer and seller figure out the **market clearing price**, or the price at which demand meets supply most effectively.
|
||||
|
||||
But who should be in charge of the auction? Farmers don't want to trust Danisco with their bids as it reveals information about each individual farmer's business. The farmers can't be in charge of it because they don't trust each other. They could use an external consulting firm, but then the entire operation would rely on that one firm's confidentiality and the reliability of their tools.
|
||||
|
||||
The [solution](https://a.storyblok.com/f/266767/x/e4c85ffa34/mpc-goes-live_whitepaper_2008-068.pdf) was to use a "virtual auctioneer" that relied on MPC to fairly carry the auction out.
|
||||
|
||||
It relied on three servers, with one representing each party: Danisco, DKS (the Danish sugar beet growers association), and The SIMAP project (Secure Information Management and Processing, a project sponsored by the Danish National Research Agency).
|
||||
|
||||
The solution was so successful that it was used every year until 2015 when it was no longer needed. A survey of the farmers found that the vast majority found the system simplified the process of trading contracts and that they were satisfied with the level of confidentiality it provided.
|
||||
|
||||
The first test run of MPC was a massive success and the potential was now proven.
|
||||
|
||||
#### The Boston Women's Workforce Council
|
||||
|
||||
In 2016, the [Boston Women's Workforce Council](https://www.boston.gov/sites/default/files/document-file-09-2017/bwwcr-2016-new-report.pdf) worked with 69 companies to investigate if women are paid the same as men.
|
||||
|
||||
Using MPC, the companies were able to process their data without revealing the actual wages of any employees. The wage data of 112,600 employees was collected, representing about 11% of the Greater Boston workforce.
|
||||
|
||||
You can read their detailed findings in the report, but they found that women were indeed being paid less than men: 77 cents for every dollar a man makes on average.
|
||||
|
||||
It was reported in 2023 that thanks to this data, the Boston Women's Workforce Council was able to reduce the wage gap by 30%.
|
||||
|
||||
#### Allegheny County
|
||||
|
||||
In 2018, Allegheny County Department of Human Services partnered with the [Bipartisan Policy Center](https://bipartisanpolicy.org/press-release/bpc-partners-with-allegheny-county-on-new-privacy-preserving-data-project/) to implement MPC, allowing for private and secure sharing of county data on services to the homeless, behavioral health services, causes and incidence of mortality, family interventions, and incarceration.
|
||||
|
||||
The experiment was considered a success, with a recommendation from the U.S. Commission on Evidence-Based Policymaking to further explore the use of MPC.
|
||||
|
||||
## MPC Today
|
||||
|
||||
Today, the [MPC Alliance](https://www.mpcalliance.org) represents a collective of companies that have come together to advance the use of MPC.
|
||||
|
||||
MPC is used for everything from [cryptocurrency](https://www.coinbase.com/learn/wallet/what-is-a-multi-party-computation-mpc-wallet) to HIPAA-compliant [medical](https://pmc.ncbi.nlm.nih.gov/articles/PMC6658266/) uses. There are ongoing efforts to [standardize](https://csrc.nist.gov/projects/threshold-cryptography) it from organizations like NIST, although it's a difficult proposition due to the sheer variation in MPC protocols and use cases.
|
||||
|
||||
There's been research into using MPC for secure and [verifiably fair](https://eprint.iacr.org/2014/075.pdf) [electronic voting](https://arxiv.org/html/2205.10580v4), something that's much needed as countries move toward [electronic voting](https://worldpopulationreview.com/country-rankings/electronic-voting-by-country). It's important to not completely dismiss the march of technology, but these things should be implemented with the utmost caution and scientific rigor. I feel that implementing black-box electronic voting without open and provably secure technologies like MPC is irresponsible and endangers elections.
|
||||
|
||||
MPC acts as an essential privacy tool in the toolbox. It intersects with other PETs like homomorphic encryption, a method of encrypting data in such a way that operations can still be performed on it without revealing the unencrypted data.
|
||||
|
||||
MPC is just one tool among many that's reshaping the privacy landscape. I'm excited to see how it's used in the future and what new advancements it unlocks.
|
||||
@@ -0,0 +1,216 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-08-20T17:00:00Z
|
||||
categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Privacy washing is a widely used deceptive strategy. Learning to detect it better is an important skill to develop to help us to respond to it and report it.
|
||||
schema_type: Opinion
|
||||
preview:
|
||||
cover: blog/assets/images/privacy-washing-is-a-dirty-business/washing-cover.webp
|
||||
---
|
||||
|
||||
# Privacy Washing Is a Dirty Business
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Marija Zaric / Unsplash</small>
|
||||
|
||||
Perhaps you haven't heard the term *privacy washing* before. Nonetheless, it's likely that you have already been exposed to this scheme in the wild. Regrettably, privacy washing is a widespread deceptive strategy.<!-- more -->
|
||||
|
||||
## What is privacy washing
|
||||
|
||||
Similarly to whitewashing (concealing unwanted truths to improve a reputation) and greenwashing (deceptively presenting a product as environmentally friendly for marketing purposes), privacy washing misleadingly, or fraudulently, presents a product, service, or organization as being responsible and trustworthy with data protection, when it isn't.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Your privacy is* important to us. <small aria-hidden="true">*not!</small></p></div>
|
||||
|
||||
The term has been used for over a decade already. It's saddening to see that not only is this [not a new problem](https://dataethics.eu/privacy-washing/), but it has only gotten worse through the years.
|
||||
|
||||
With the acceleration of data collection, the accumulation of data breaches, and the erosion of customers' trust, companies have an increased need for reassuring users to gain their business.
|
||||
|
||||
Despite consumers' rights and expectations, implementing proper data protection takes time, expertise, and money. Even if the long term benefits are colossal, the time invested often doesn't translate into direct *short term* profits, the main objective for most businesses. On the other hand, collecting more data to sell it to third parties often *does* translate into short term profits.
|
||||
|
||||
For these reasons, many companies quickly realize the need for *advertising* better privacy, but aren't necessarily willing to invest what it takes to make these claims true.
|
||||
|
||||
There comes privacy washing: <span class="pullquote-source">"Your privacy is* important to us." <small aria-hidden="true">*not!</small></span>
|
||||
|
||||
Privacy washing comes with a selection of washer cycles, from malicious trap to deceptive snake oil to perhaps the most common wash: plain negligence.
|
||||
|
||||
## Negligence, incompetence, or malevolence
|
||||
|
||||
In some other contexts, intentions might matter more. But when it comes to privacy washing, the result is often the same regardless of intentions: Personal data from users, customers, employees, patients, or children even being leaked and exploited in all sorts of ways.
|
||||
|
||||
Whether false claims come from negligence by failing to verify that data protections are properly implemented, incompetence to evaluate if they are, or maliciously trying to trick users in using a service that is actually detrimental to their privacy, harm is done, and sometimes permanently so.
|
||||
|
||||
Nonetheless, understanding the different types of privacy washing can help us to evaluate how to detect it, respond to it, and report it.
|
||||
|
||||
### Negligence and greed
|
||||
|
||||
> *They know what they are doing, but they care more about money*
|
||||
|
||||
The most common occurrence of privacy washing likely comes from negligence and greed. One of the biggest drivers for this is that the current market incentivizes it.
|
||||
|
||||
Today's software industry is largely inflated by venture capitalist funding, which creates expectations for a substantial return on investment. This funding model often encourages startups to quickly build an app following the [minimum viable product](https://en.wikipedia.org/wiki/Minimum_viable_product) principles, grow its user base as fast as possible, increase its value, and then sell it off for profits.
|
||||
|
||||
The problem is, this model is antithetical to implementing good privacy, security, and legal practices from the start. Data privacy cannot only be an afterthought. It must be implemented from the start, before users' data even gets collected.
|
||||
|
||||
Many startups fail to see how being thorough with data privacy will benefit them in the long term, and view privacy and security requirements only as a burden slowing down their growth. This mindset can result in perceiving privacy as a simple marketing asset, something businesses talk to users about for reassurance, but without putting any real effort into it beneath the surface.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Perhaps moving fast and breaking things wasn't such a good idea after all.</small></p></div>
|
||||
|
||||
Outside of privacy, this common startup mindset of playing fast and loose with customers and their safety frequently has **devastating** consequences. One recent and tragic example comes from OceanGate's Titan deep-sea submersible that [infamously imploded](https://globalnews.ca/news/11318623/titan-sub-report-oceangate-culture-critically-flawed/) during an exploration, killing its five passengers in an instant.
|
||||
|
||||
The final report blamed a problematic safety culture at OceanGate that was “critically flawed and at the core of these failures were glaring disparities between their written safety protocols and their actual practices.”
|
||||
|
||||
<span class="pullquote-source">Perhaps [moving fast and breaking things](move-fast-and-break-things.md) wasn't such a good idea after all.</span>
|
||||
|
||||
Alas, similar "glaring disparities" between policies and practices are widespread in the tech industry. While maybe not as dramatic and spectacular as an imploding submersible, [data leaks can also literally kill people](privacy-means-safety.md).
|
||||
|
||||
**Data privacy is the "passenger safety protocol" for software**, and it should never be trivialized.
|
||||
|
||||
Privacy isn't just "risk management", it is a human right. Analogous to safety protocols, organizations are responsible for ensuring their data protection policies are being followed, and are accurately describing their current practices. Anything less is negligence, at best.
|
||||
|
||||
Unfortunately, users (like passengers) often have very few ways to verify false claims about allegedly privacy-respectful features and policies. But this burden should never be on them in the first place.
|
||||
|
||||
### Incompetence and willful ignorance
|
||||
|
||||
> *They don't know what they are doing, or they just don't want to know*
|
||||
|
||||
Partly related to negligence, is plain incompetence and willful ignorance. Some organizations might be well-intentioned initially, but either lack the internal expertise to implement proper privacy practices, or conveniently decide not to spend much time researching about what their data protection responsibilities are.
|
||||
|
||||
For example, most businesses have heard by now of the requirement to present a privacy policy to their users, customers, and even web visitors. Deplorably, in a failed attempt to fulfill this legal obligation, many simply copy someone else's privacy policy and paste it on their own website. Not only this is very unlikely to be compliant with applicable privacy regulations, but it also possibly infringes *copyright* laws.
|
||||
|
||||
Do not simply copy-paste another organization's privacy policy and claim it as your own!
|
||||
|
||||
It's important to remember that legal requirements for policies aren't the end goal here. **The true requirements are the data protection *practices*.**
|
||||
|
||||
The policies *must* accurately describe what the *practices* are in reality. Because no two organizations have the exact same internal practices and third-party vendors, no two organizations should have the exact same privacy policy.
|
||||
|
||||
**Copy-paste privacy policies aren't compliance, they're deception.**
|
||||
|
||||
A privacy policy that isn't accurately describing an organization's practices is a form of privacy washing. Sadly, a quite commonly used one, like some quick light-wash cycle.
|
||||
|
||||
It's worth noting these days that creating a privacy policy using generative AI will lead to the exact same problems related to accuracy and potential infringement of both privacy and copyright laws. This is *not* a smart "shortcut" to try.
|
||||
|
||||
While lack of understanding of policies and legal requirements is only one example of how incompetence can become a form of privacy washing, there are infinitely more ways this can happen.
|
||||
|
||||
As soon as data is collected by an organization (or by the third-party software it uses), there is almost certainly legal obligations to protect this data, to restrict its collection and retention, and to inform data subjects.
|
||||
|
||||
Organizations that do not take this responsibility seriously, or blissfully decide to remain unaware of it, while presenting an empty privacy policy, are effectively doing privacy washing.
|
||||
|
||||
Implementing protections and limiting collection cannot be an afterthought. Once data is leaked, there is often nothing that can be done to truly delete it from the wild. The damage caused by leaked data can be tragic and permanent.
|
||||
|
||||
Organizations must take this responsibility much more seriously.
|
||||
|
||||
### Malevolence and fraud
|
||||
|
||||
> *They lie, and they want your data*
|
||||
|
||||
Greed and ignorance are common causes of privacy washing, but they can quickly escalate to fraud and ambush.
|
||||
|
||||
It's worth noting that a large amount of negligence or incompetence can be indistinguishable from malice, but there are organizations that deliberately lie to users to exploit them, or to trick them into unwillingly revealing sensitive information.
|
||||
|
||||
#### Anom, the secret FBI operation
|
||||
|
||||
Perhaps one of the most infamous example of this is the Anom honeypot. Anom was an encrypted phone company promising privacy and security, but that was in fact part of an undercover operation staged by the American Federal Bureau of Investigation (FBI), [Operation Trojan Shield](https://en.wikipedia.org/wiki/Operation_Trojan_Shield).
|
||||
|
||||
Investigative journalist Joseph Cox [reported](https://www.vice.com/en/article/inside-anom-video-operation-trojan-shield-ironside/) in 2021 that Anom advertised their products to criminal groups, then secretly sent a copy of every message on the device to the FBI. It was so secret, even Anom developers didn't know about the operation. They were told their customers were corporations.
|
||||
|
||||
A screenshot [shared](https://www.vice.com/en/article/operation-trojan-shield-anom-fbi-secret-phone-network/) by Motherboard shows an Anom slogan: "Anom, Enforce your right to privacy". It's hard to tell how many non-criminal persons (if any) might have accidentally been caught in this FBI net. Although this specific operation seems to have been narrowly targeting criminals, who knows if a similar operation could not be casting a wider net, inadvertently catching many innocent privacy-conscious users in its path.
|
||||
|
||||
#### Navigating VPN providers can be a minefield
|
||||
|
||||
Using a [trustworthy](https://www.privacyguides.org/en/vpn/) Virtual Private Network (VPN) service is a good strategy to improve your privacy online. That being said, evaluating trustworthiness is critical here. Using a VPN is only a transfer of trust, from your Internet Service Provider (ISP) to your VPN provider. Your VPN provider will still know your true IP address and location, and *could* technically see all your online activity while using the service, if they decided to look.
|
||||
|
||||
[Different VPN services are not equal](https://www.privacyguides.org/videos/2024/12/12/do-you-need-a-vpn/), unfortunately, snake oil products and traps are everywhere in this market. As with anything, do not assume that whoever screams the loudest is the most trustworthy. Loudness here only means more investment in advertising.
|
||||
|
||||
For example, take the interesting case of [Kape Technologies](https://en.wikipedia.org/wiki/Kape_Technologies), a billionaire-run company formerly known as Crossrider. This corporation has now acquired four different VPN services: ExpressVPN, CyberGhost, Private Internet Access, and Zenmate. This isn't that suspicious in itself, but Kape Technologies has also [acquired](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) a number of VPN *review* websites, suspiciously always ranking its own VPN services at the top. This is a blatant conflict of interest, to say the least.
|
||||
|
||||
Sadly, on the VPN market — [estimated](https://www.grandviewresearch.com/industry-analysis/virtual-private-network-market) at $41.33 billion USD in 2022 — what is called a ["review" is often just *advertising*](the-trouble-with-vpn-and-privacy-review-sites.md).
|
||||
|
||||
Moreover, many free VPN providers [break their privacy promises](https://iapp.org/news/a/privacy-violations-by-free-vpn-service-providers) regarding users' data. In 2013, Facebook [bought](https://gizmodo.com/do-not-i-repeat-do-not-download-onavo-facebook-s-vam-1822937825) the free VPN provider Onavo, and included it in a Facebook feature deceptively labeled "Protect". As is now standard behavior for Facebook, the social media juggernaut actually collected and analyzed the data from Onavo users. This allowed Facebook to monitor the online habits of its users even when they weren't using the Facebook app. This is very much the opposite of data privacy, and of any implied promises to "Protect".
|
||||
|
||||
Then there's the case of Hotspot Shield VPN, accused in 2017 of [breaking](https://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/) its privacy promises by the Center for Democracy & Technology, a digital rights nonprofit organization. While promising "anonymous browsing", Hotspot Shield allegedly deployed persistent cookies and used more than five different third-party tracking libraries. The parent company AnchorFree denied the accusations, but even *if* it wasn't the case for AnchorFree, how tempting would it be for a business with an ad-based revenue model to utilize the valuable data it collects for more of this revenue? And indeed, many free VPN services do [monetize](https://thebestvpn.com/how-free-vpns-sell-your-data/) users' data.
|
||||
|
||||
Worst of all are the *fake*, free VPN services. Like stepping on a landmine, criminals are [luring users](https://www.techradar.com/pro/criminals-are-using-a-dangerous-fake-free-vpn-to-spread-malware-via-github-heres-how-to-stay-safe) looking for a free VPN service and tricking them into downloading malware on their devices. While this goes beyond privacy washing, it's still a piece of software actively harming users and deceptively gaining their trust with the false promise of better privacy. Wherever privacy washing is being normalized by greedy or lazy organizations, criminals like this flourish.
|
||||
|
||||
#### Using compliance to appear legitimate
|
||||
|
||||
Another fraudulent case of privacy washing is organizations using false claims related to privacy law compliance to appear more legitimate.
|
||||
|
||||
Earlier this year, the digital rights organization Electronic Frontier Foundation (EFF) [called](https://www.eff.org/deeplinks/2025/01/eff-state-ags-time-investigate-crisis-pregnancy-centers) for an investigation into deceptive anti-abortion militant organizations (also called "[fake clinics](https://www.plannedparenthood.org/blog/what-are-crisis-pregnancy-centers)") in eight different US states.
|
||||
|
||||
These fake clinics were claiming to be bound by the Health Insurance Portability and Accountability Act (HIPAA) in order to appear like genuine health organizations. HIPAA is an American federal privacy law that was established in 1996 to protect sensitive health information in the United States.
|
||||
|
||||
Not only are many of these fake clinics **not** complying with HIPAA, but they collect extremely sensitive information without being bound by HIPAA in the first place, because they *aren't* licensed healthcare providers. Worse, some have [leaked this data](https://jessica.substack.com/p/exclusive-health-data-breach-at-americas) in all sorts of ways.
|
||||
|
||||
Thanks to the EFF's work, some of those fake clinics have now [quietly removed](https://www.eff.org/deeplinks/2025/08/fake-clinics-quietly-edit-their-websites-after-being-called-out-hipaa-claims) misleading language from their websites. But sadly, this small victory doesn't make these organizations any more trustworthy, it only slightly reduces the extent of their privacy washing.
|
||||
|
||||
### Deception and privacy-masquerading
|
||||
|
||||
> *They talk privacy, but their words are empty*
|
||||
|
||||
Perhaps the most obvious and pernicious examples of privacy washing are organizations that are clearly building products and features harming people's privacy, while using deceptive, pro-privacy language to disguise themselves as privacy-respectful organizations. There are likely more occurrences of this than there are characters in this article's text.
|
||||
|
||||
Buzzwords like "military-grade encryption", "privacy-enhancing", and the reassuring classic "we never share your data with anyone" get thrown around like candies falling off a privacy-preserving-piñata.
|
||||
|
||||
But **words are meaningless when they are deceitful**, and these candies quickly turn bitter once we learn the truth.
|
||||
|
||||
#### Google, the advertising company
|
||||
|
||||
An infamous recent example of this is Google, who [pushed](https://proton.me/blog/privacy-washing-2023) a new Chrome feature for targeted advertising in 2023 and dared to call it "Enhanced Ad Privacy"
|
||||
|
||||
This [enabled by default](https://www.eff.org/deeplinks/2023/09/how-turn-googles-privacy-sandbox-ad-tracking-and-why-you-should) technology allows Google to target users with ads customized around their browsing history. It's really difficult to see where the "privacy" is supposed to be here, even when squinting very hard.
|
||||
|
||||
Of course, Google, an advertising company, has long mastered the art of misleading language around data privacy to reassure its valuable natural resource, the user.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Google continued to collect personally identifiable user data from their extensive server-side tracking network.</small></p></div>
|
||||
|
||||
Everyone is likely familiar with Chrome's infamously deceptive "Incognito mode". In reality, becoming "Incognito" stopped at your own device where browsing history will not be kept, while <span class="pullquote-source">Google continued to collect personally identifiable user data from their extensive server-side tracking network.</span> Understandably, disgruntled users filed an official [class action lawsuit](https://www.theverge.com/2023/8/7/23823878/google-privacy-tracking-incognito-mode-lawsuit-summary-judgment-denied) to get reparation from this deception. In 2023, Google agreed [to settle](https://www.bbc.co.uk/news/business-67838384) this $5 billion lawsuit.
|
||||
|
||||
Despite claims of "privacy" in their advertising to users, Google, like many other big tech giants, has in reality spent millions [lobbying against](https://www.politico.com/news/2021/10/22/google-kids-privacy-protections-tech-giants-516834) better privacy protections for years.
|
||||
|
||||
#### World App, the biometric data collector
|
||||
|
||||
Similarly, Sam Altman's World project loves to throw privacy-preserving language around to reassure prospect users and investors. But despite all its claims, data protection authorities around the world have been [investigating, fining, and even banning](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board) its operations.
|
||||
|
||||
The World App (developed by the World project) is an "everything app" providing users with a unique identifier called a World ID. This World ID, which grants various perks and accesses while using the World App, is earned by providing biometric data to the organization, in the form of an iris scan.
|
||||
|
||||
Providing an iris scan to a for-profit corporation with little oversight will rightfully scare away many potential users. This is why the company has evidently invested heavily in branding itself as a "privacy-preserving" technology, claims that are [questionable](sam-altman-wants-your-eyeball.md/#how-privacy-preserving-is-it) to say the least.
|
||||
|
||||
Despite catchy declarations such as "privacy by default and by design approach", the World project has accumulated an impressive history of privacy violations, and multiplies contradicting and misleading statements in its own documentation.
|
||||
|
||||
There are some stains that even a powerful, billionaire-backed, privacy wash just cannot clean off.
|
||||
|
||||
#### Flo, sharing your period data with Facebook
|
||||
|
||||
In 2019, the Wall Street Journal [reported](https://therecord.media/meta-flo-trial-period-tracking-data-sharing) that the period tracking application Flo had been sharing sensitive health data with Facebook (Meta), despite its promises of privacy.
|
||||
|
||||
The app, developed by Flo Health, repeatedly reassured users that the very sensitive information they shared with the app would remain private and would not be shared with any third parties without explicit consent.
|
||||
|
||||
Despite this pledge, the Flo app did share sensitive personal data with third parties, via the software development kits incorporated into the app.
|
||||
|
||||
This extreme negligence (or malevolence) have likely harmed some users in unbelievable ways. Considering the state of abortion rights in the United States at the moment, it's not an exaggeration to say this data leak could [severely endanger](privacy-means-safety.md/#healthcare-seekers) Flo App's users, including with risk of imprisonment.
|
||||
|
||||
In response, users have filed several [class action lawsuits](https://www.hipaajournal.com/jury-trial-meta-flo-health-consumer-privacy/) against Flo Health, Facebook, Google, AppsFlyer, and Flurry.
|
||||
|
||||
Trivializing health data privacy while promising confidentiality to gain users' trust should never be banalized. This is a very serious infringement of users' rights.
|
||||
|
||||
## Remain skeptical, revoke your trust when needed
|
||||
|
||||
Regardless of the promises to safeguard our personal data, it's sad to say, we can never let our guard down.
|
||||
|
||||
Privacy washing isn't a trend that is about to fade away, it's quite likely that it will even worsen in the years to come. We must prepare accordingly.
|
||||
|
||||
The only way to improve our safety (and our privacy) is to remain vigilant at all time, and grant our trust only sparsely. We also need to stay prepared to revoke this trust at any time, when we learn new information that justifies it.
|
||||
|
||||
Always remain skeptical when you encounter privacy policies that seem suspiciously too generic; official-looking badges on websites advertising unsupported claims of "GDPR compliance", reviews that are lacking supporting evidence and doubtfully independent; and over usage of buzzwords like "military-grade encryption", "privacy-enhancing", "fully encrypted", and (more recently) "AI-powered".
|
||||
|
||||
It's not easy to navigate the perilous waters of supposedly privacy-respectful software. And it's even worse in an age where AI-spawned websites and articles can create the illusion of trustworthiness with only a few clicks and prompts.
|
||||
|
||||
Learning [how to spot the red flags, and the green(ish) flags](red-and-green-privacy-flags.md), to protect ourselves from the deceptive manipulation of privacy washing is an important skill to develop to make better informed choices.
|
||||
@@ -91,7 +91,7 @@ Developed and hosted by *XWiki* in Paris, France, **CryptPad** is a complete onl
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
{ align=right }
|
||||
|
||||
**Nextcloud** is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control.
|
||||
|
||||
|
||||
@@ -0,0 +1,422 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-10-15T03:50:00Z
|
||||
categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- em
|
||||
- jordan
|
||||
description:
|
||||
Real-name policies have existed for over a decade, but these problems have become exponentially harmful in today's world. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/real-name-policies/realname-cover.webp
|
||||
---
|
||||
|
||||
# Real-Name Policies: The War Against Pseudonymity
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Marija Zaric / Unsplash</small>
|
||||
|
||||
Real-name policies have existed for well over a decade already, and the problems they cause aren't new. But these problems have become exponentially harmful in today's world, where real-name policies are coupled with monopolistic platforms, increased mass surveillance, AI technologies, and facial recognition capabilities. It's time to fight back against this unsafe and discriminatory privacy-invasive practice.<!-- more -->
|
||||
|
||||
Pseudonymity, or the use of a nickname or fictitious name online, has always been deeply valued on the internet. It grants people protections and freedoms that are often impossible to benefit from offline.
|
||||
|
||||
Women, and especially women who are part of male-dominated online communities, have regularly used pseudonyms to hide their gender online in order to protect themselves from sexual harassment, stalking, and physical violence even.
|
||||
|
||||
Transgender and gender-diverse people also regularly use pseudonyms for protection, or use new chosen names to explore their gender identity online.
|
||||
|
||||
Victims of domestic violence, victims of stalkers, activists, and even journalists often use pseudonyms to protect themselves from aggressors or oppressive regimes.
|
||||
|
||||
**Pseudonymity saves lives.** And yet, it is constantly under attack.
|
||||
|
||||
## What are real-name policies exactly?
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</p></div>
|
||||
|
||||
So called "real-name" policies are platform policies requiring users and subscribers to sign up and display their "real name," often equated to a *legal* name.
|
||||
|
||||
Facebook for example claims not to require a legal name, but only the "real" name a person uses in their daily life. Yet, the social media giant regularly demands official IDs to verify this "real" name, effectively requiring people associate their account with their *legal* identity.
|
||||
|
||||
Facebook has even repeatedly taken the liberty to decide which name was "real", and changed the displayed name of users based on verification processes **without any prior consent from users**. For people in vulnerable situations, this can be a *very* dangerous practice.
|
||||
|
||||
Facebook is perhaps the most infamous platform implementing such discriminatory and intrusive policy, but sadly, it's not the only one.
|
||||
|
||||
<span class="pullquote-source">Increasingly more platforms demand that users provide their legal name and official identifications in order to keep using a platform.</span> And this will likely be aggravated significantly by the recent trend for [age-verification](https://www.privacyguides.org/videos/2025/08/15/age-verification-is-a-privacy-nightmare/) policies.
|
||||
|
||||
### Explicit and implicit policies
|
||||
|
||||
There is always two levels of real-name policies: The name displayed publicly to everyone (explicitly required), and the name the platform has associated with the account in its database (implicitly associated).
|
||||
|
||||
While a requirement to expose one's legal name publicly has clear privacy risks, storing legal names without displaying it to other users is also problematic.
|
||||
|
||||
For explicit requirements, users who are obligated to display their legal name publicly are not only forced to create a permanent association of this account with their legal identity (with all the problems this can bring), but are also potentially exposing their identity and account to current or future attackers.
|
||||
|
||||
For example, this can and does enable stalkers to find their victims online (and offline) to cause them harm.
|
||||
|
||||
For implicit associations, as soon as a legal name is collected and associated with an account in the backend, whether from providing official documentation for age verification, account recovery, payment, or any other processes; this data is at risk of getting leaked or breached, and eventually shared publicly as well.
|
||||
|
||||
Once this data is [exposed](https://discuss.privacyguides.net/t/discord-data-breach-customers-personal-data-and-scanned-photo-ids-leaked/31904), this account now also becomes permanently associated with a legal identity, publicly.
|
||||
|
||||
Even without having an openly stated real-name policy, platforms collecting official documentation—or otherwise storing legal names associated with accounts—can effectively end up exposing their users to similar risks.
|
||||
|
||||
### What is a real name anyway?
|
||||
|
||||
Of course, your true *real* name is whatever you decide others should call you. Only *you* can decide this, and others should be respectful of your choice.
|
||||
|
||||
Your *legal* name, however, is a **data marker attached to your person that can be used to trace many of your activities online and offline**, with a high degree of precision going as far back as when you were born.
|
||||
|
||||
For everyone, but especially for vulnerable communities, exposing legal names on certain platforms can represent a significant risk. The [use of pseudonymity](https://www.techradar.com/pro/vpn/using-your-real-name-on-social-media-heres-why-you-should-think-twice) is a critical part of online safety, and people should be able to continue using this protective measure without raising suspicion.
|
||||
|
||||
## Who is impacted the most by real-name policies?
|
||||
|
||||
Everyone is impacted by real-name policies, but groups that are at higher risk of discrimination, violence, and online harassment are disproportionally harmed by them.
|
||||
|
||||
Moreover, anyone who for various reasons uses a name that doesn't match their official ID; has a legal name that doesn't match an expected American name pattern; needs to conceal their gender online for safety; or has to protect their identity online due to their work as an activist, journalist, dissident, or whistleblower can be severely impacted, silenced, and even endangered by requirements to provide a legal name online.
|
||||
|
||||
### Victims of domestic violence
|
||||
|
||||
For many people, using pseudonyms isn't just a good privacy practice, but it can be a matter of life and death.
|
||||
|
||||
For anyone who is experiencing or has experienced domestic violence, creating a new online identity hidden from the perpetrator can be essential for survival, to prepare a safe escape, or to keep having access to essential support and resources.
|
||||
|
||||
When people are forced to only use one identity online, an identity attached to their legal identity, this empowers aggressors to find their victims, to silence them, to control them, and to harm them.
|
||||
|
||||
**Technologies and policies are never neutral.** When policies and features make it difficult or impossible for vulnerable people to use these technologies safely, they are effectively excluding vulnerable people from the platforms.
|
||||
|
||||
Even if this might seem minor from the outside, when Big Tech becomes so monopolistic that it's almost impossible to fully avoid it in our daily lives, when someone cannot access social groups and support without a Facebook account, and can't find a new job without LinkedIn, then it's not just a minor problem anymore, it's a major problem.
|
||||
|
||||
**Platforms and online services should be safely accessible to everyone.** And this includes allowing the use of protective pseudonymity without requiring legal identification that could put the most vulnerable in life-threatening situations.
|
||||
|
||||
### Victims of stalking
|
||||
|
||||
Similarly to victims of domestic violence, victims of stalking must protect their identity online to stay safe from their stalkers. When platforms obligate people to use their legal names, explicitly or implicitly, they directly endanger these victims.
|
||||
|
||||
If a stalker or an aggressor knows a victim's legal name (which is often the case), then it's trivial to find their account on any platforms and services, regardless of if they have blocked them on one.
|
||||
|
||||
A good protection to prevent severe harassment is to create alternative accounts using a different name or different pseudonym unknown to the aggressor. This can give victims the peace of mind of knowing their stalker will not be able to find them there.
|
||||
|
||||
For anyone tempted to argue real-name policies reduce the number of perpetrators, this isn't the case.
|
||||
|
||||
Stalkers and predators of all kind feel generally quite comfortable using their own legal names, this isn't a problem for them. They feel confident knowing that victims generally have little recourses and support, and that there will be no consequences for them even when their legal name is known.
|
||||
|
||||
Despite the claims, removing pseudonymity doesn't remove misbehavior online, this has been demonstrated [again](https://theconversation.com/online-abuse-banning-anonymous-social-media-accounts-is-not-the-answer-170224), and [again](https://theconversation.com/online-anonymity-study-found-stable-pseudonyms-created-a-more-civil-environment-than-real-user-names-171374), and [again](https://allabouteve.co.in/harassment-of-women-on-linkedin/). Real-name policies don't reduce crime, it only restricts the victims' ability to protect themselves from such crime.
|
||||
|
||||
### Activists and political dissidents
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it.</p></div>
|
||||
|
||||
For activists and political dissidents around the world, using pseudonymity online can be a way to reclaim freedom of speech and criticize power in a safer way. Under oppressive regimes, online privacy can mean life or death.
|
||||
|
||||
This is another example showing how essential privacy rights are to democracy. **Real-name policies facilitate censorship, discrimination, and political repression.**
|
||||
|
||||
A Honduran blogger using the pseudonym [La Gringa](https://lagringasblogicito.blogspot.com/2011/10/my-ripples-will-continue.html) used her blog and Facebook page to criticize the Central American government for years.
|
||||
|
||||
Protecting her legal identity is essential to allow her to speak freely and stay safe from state repression. This isn't an exaggeration, Honduras is one of the most dangerous country for journalists. The Committee to Protect Journalists (CPJ) [recorded](https://latamjournalismreview.org/articles/almost-five-years-after-murder-of-honduran-journalist-gabriel-hernandez-authorities-still-waiting-for-results-of-their-investigations/) that 37 press workers were killed in the country between 1992 and 2023. Of these murders, 90% were unpunished.
|
||||
|
||||
But Facebook silenced La Gringa with its real-name policy, requiring her to provide a copy of her official ID to continue advocating on the platform. Evidently, this request is asking her to put her life in danger and cannot be compromised on.
|
||||
|
||||
Facebook's policy is essentially silencing any dissident and marginalized voices in oppressive regimes.
|
||||
|
||||
By letting the community report infractions to Facebook's real-name policy, this effectively allows Facebook's rules to be weaponized against marginalized groups already plagued with constant discrimination.
|
||||
|
||||
It also empowers abusers to silence their victims, and sides with oppressive regimes around the world to censor any critics they might have.
|
||||
|
||||
As reporter Kevin Morris [commented](https://www.dailydot.com/news/la-gringa-facebook-ban-real-id-dangerous-honduras/) in his Daily Dot piece on the topic: <span class="pullquote-source">"Pseudonyms are hardly modern phenomena, and it's fair to say democracy wouldn't exist without it."</span>
|
||||
|
||||
### Women
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</p></div>
|
||||
|
||||
Women have long used pseudonyms on the internet in order to conceal their gender online, and spare themselves from the sexual harassment and discrimination omnipresent on some platforms. This is even more common in male-dominated communities like online gaming, for example.
|
||||
|
||||
It's not rare to hear some people claiming that "there aren't any women in their online community." Well, there probably is.
|
||||
|
||||
Platforms allowing pseudonyms foster a culture of inclusivity where everyone can participate free from discrimination, regardless of their gender. Real-name policies encourage the opposite: platforms where participants are forced to either endure the abuse and compromise their physical safety, or be excluded entirely.
|
||||
|
||||
As pseudonymous author *skud* [wrote](https://geekfeminismdotorg.wordpress.com/2010/06/10/hacker-news-and-pseudonymity/) for the *Geek Feminism* blog in 2010:
|
||||
|
||||
> [...] women online are regularly admonished to use pseudonyms to protect themselves. Many websites with a culture of pseudonymity [...] have a very high proportion of female members, perhaps in part because of the sense of privacy and security that pseudonymity brings. <span class="pullquote-source">A site which requires real/verified names is automatically flagging itself as a potentially/probably unsafe space for women, or for anyone else at risk of harassment, violence, job discrimination, and the like.</span>
|
||||
|
||||
Women aren't exactly a minority group. While platforms should be inclusive to everyone of course, including minority groups, enforcing a policy that obligates roughly 50% of the population to lower its safety protections in order to participate should be obviously unacceptable.
|
||||
|
||||
### Indigenous people
|
||||
|
||||
Notwithstanding its own policy, Facebook has regularly suspended accounts with legal names wrongly targeted as fake, based on criteria rooted in colonialism. Indigenous communities have been exceedingly impacted by Facebook's real-name policy, despite following all the platform's rules as requested.
|
||||
|
||||
In 2009, Facebook abruptly [cut off account access](https://ictnews.org/archive/facebook-no-friend-to-american-indian-names/) to an Indigenous American woman named Robin Kills The Enemy, wrongly accusing her of registering under a false name. But her name was authentic, and indeed her *legal* name.
|
||||
|
||||
Facebook eventually reinstated her account, but only after a long process where she had to modify the spelling.
|
||||
|
||||
The burden shouldn't be on Indigenous people to have to prove their identity just because a US-based corporation can't seem to understand the global diversity of naming conventions.
|
||||
|
||||
Following Kills The Enemy's experience, a journalist started a Facebook group called "Facebook: don't discriminate against Native surnames!!!" that was joined by over a thousand people only a few days after its creation. Many users shared similar experiences and questioned the platform's treatment of Indigenous surnames.
|
||||
|
||||
Another woman named Melissa Holds The Enemy described a month-long process to recover her account.
|
||||
|
||||
An Indigenous man named Oglala Lakota Lance Brown Eyes had his account [suspended](https://colorlines.com/article/native-americans-say-facebook-accusing-them-using-fake-names/) by Facebook demanding his "real" name.
|
||||
|
||||
After Brown Eyes sent all the required proofs, Facebook decided without warning to Americanize his displayed name to "Lance Brown." **This is blatant racism.**
|
||||
|
||||
His name was eventually corrected and Facebook apologized, but only after Brown Eyes threatened the company with a class action lawsuit.
|
||||
|
||||
Dana Lone Hill also got her account suspended because of her Indigenous surname, and was forced to go through Facebook's intrusive verification process in order to recover her account.
|
||||
|
||||
The list goes on and on. Indigenous people have been forced by Facebook to modify and Americanize their *actual legal names*.
|
||||
|
||||
Many were forced to add hyphens, change the alphabet used, smash words together, or even remove parts of their legal name in order to please Facebook's arbitrary preferences, ignoring its own "real-name" policy.
|
||||
|
||||
This is yet another demonstration of systemic racism perpetrated by a monopolistic corporation quick to ignore the human rights and diversity of its users.
|
||||
|
||||
### People with non-Anglophone names
|
||||
|
||||
In another case, a woman from Japan named Hiroko Yoda [wasn't able to sign up](https://www.telegraph.co.uk/news/newstopics/howaboutthat/2632170/Woman-called-Yoda-blocked-from-Facebook.html) for a Facebook account due to her surname.
|
||||
|
||||
Despite being a common surname in Japan, it seems Facebook judged it more important to ban anyone trying to "impersonate" the popular Star Wars character.
|
||||
|
||||
Of course, the Star Wars character uses a Japanese name because its creator has drawn [inspiration](https://en.wikipedia.org/wiki/Yoda#Creation) from the Japanese culture. But Facebook still seems to somehow think that Star Wars comes first, and Japanese people must pay the price for daring to share a surname with the American Jedi.
|
||||
|
||||
A Facebook user from Hawaii named Chase Nahooikaikakeolamauloaokalani Silva also had his account suspended despite using his legal name.
|
||||
|
||||
As a proud Hawaiian, it was important for him to be able to display his Hawaiian given name. But Facebook just didn't like his *legal* name.
|
||||
|
||||
Silva reported to [HuffPost](https://www.huffpost.com/entry/facebook-chase-nahooikaikakeolamauloaokalani-silva_n_5833248) that "Facebook should not be able to dictate what your name is, what you go by, what you answer to," and he's right.
|
||||
|
||||
More broadly, Facebook's policy [prohibits](https://en.wikipedia.org/wiki/Facebook_real-name_policy_controversy) name with "too many" words, capital letters, or first names with initials. This assumes the default for names is the Americanized format of one first name, one (short) middle name, and one last name.
|
||||
|
||||
But this isn't a reality for most of the world. This extremely narrow vision of what a name should look like and how it should be formatted isn't compatible with many if not most cultures.
|
||||
|
||||
It's unbelievable (and unacceptable) that a platform with an estimated 2.28 billion active users, who seems to want to eat even more of the world every year, is being so ignorant of non-American cultures and global naming conventions in its policies and practices.
|
||||
|
||||
### The transgender community
|
||||
|
||||
For transgender and gender-diverse individuals, their legal name may be a "[dead name](https://en.wikipedia.org/wiki/Deadnaming)." A dead name is a name that they were assigned at birth but no longer identify with. Commonly, transgender people change their name as part of their gender transition.
|
||||
|
||||
In many countries around the world, there can be many bureaucratic hurdles required to change one's name, meaning that many trans people are unable to update their legal name to reflect their gender identity. Because they no longer identify with their dead name, keeping it private is of great importance for their mental health and safety.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity.</p></div>
|
||||
|
||||
Referring to a trans person with their dead name is considered offensive and often involves misgendering someone too. For transgender people, being called a name that they no longer identify with invokes feelings of depression, anxiety, gender dysphoria, and lack of acceptance.
|
||||
|
||||
Using someone's dead name signals that you don't respect their identity and that you don't care about them enough to use their new name.
|
||||
|
||||
Unfortunately, transgender people still face widespread discrimination, that's why "dead naming" can be incredibly dangerous. Revealing someone's gender identity or sexuality without their consent is called "outing". By calling someone by their dead name, you may be inadvertently revealing someone is transgender. This can be not only traumatizing and frightening for the individual, but can also lead to violence or put this person in a dangerous situation.
|
||||
|
||||
The Trevor Project, a non-profit LGBTQ+ organization, conducts a yearly [survey](https://www.thetrevorproject.org/survey-2024/?_hsmi=305272848) on LGBTQ+ youth across the United States. In their 2024 release, they found that <span class="pullquote-source">"23% of LGBTQ+ young people reported that they have been physically threatened or harmed in the past year due to either their sexual orientation or gender identity."</span>
|
||||
|
||||
This is why when real-name policies come in, requiring transgender people to use their legal name for their social media accounts, this could force them to "come out" by displaying a name that they no longer identify with, therefore revealing they are transgender. The National LGBTQ Institute on Intimate Partner Violence [describes](https://lgbtqipvinstitute.org/coming-out-safely/) "coming out" as an "ongoing process, by which a person shares aspects of their identity with others."
|
||||
|
||||
Having aspects of their identity shared without their consent can put this person in significant physical danger because of unsupportive family members, friends, colleagues, and strangers. This is especially the case with LGBTQ+ youth, who are at heightened risk of online, verbal, physical harassment, or violence due to their identity.
|
||||
|
||||
Coming out can be a very daunting and scary process, particularly for transgender and gender-diverse people, and often can be an ongoing process over many years. In many cases, LGBTQ+ people choose instead to [hide their identity](https://www.stonewall.org.uk/news/new-research-shows-almost-40-of-lgbtq-employees-still-hide-their-identity-at-work) at social and work gatherings.
|
||||
|
||||
Platforms that enforce real-name policies take away the essential ability to control when and how that process plays out are nothing short of abusive. This might sound hyperbolic, however, "outing" is often used as a mean of control in abusive relationships to coerce an LGBTQ+ individual. The fact that social media platforms are exhibiting similar behavior is alarming.
|
||||
|
||||
Unfortunately, many websites don't allow updating the name attached to an account easily, often requiring to provide legal documentation showing proof that the name has been legally changed.
|
||||
|
||||
Having to provide your identification documents to use a website is not only terrible for your privacy, as it links your real life identity to your online account, it also puts your identity at risk.
|
||||
|
||||
Companies that process and verify identity documents are at a much higher risk of being targeted by malicious actors, because of the sensitive information they store and process.
|
||||
|
||||
One of the worst offenders of this is Facebook. They require everyone that signs up to use their legal name for their profile, and claim that this is to ensure safety on the platform so that everyone knows who they are talking to is who they say they are.
|
||||
|
||||
Many transgender and gender-diverse people use aliases on social media platforms to protect their identities and the identities of those around them, because they are more likely to be harassed or doxxed. Facebook's real-name policy has unforeseen consequences for these people, as one transgender Facebook user [found out](https://www.dailydot.com/news/facebook-real-names-cracking-down-transgender/):
|
||||
|
||||
> I woke up to find my Facebook account deleted. [...] I have had a Facebook since about 2007 or 2008. Other than when I was a kid and was afraid my parents would find out about my account (causing me to use an alias for a little while), my profile always bore my legal name. A week or so ago, however, I changed my display name to "Arc Angel."
|
||||
|
||||
Finally, because of the discrimination and danger that transgender people face in the real world, they often find refuge in online and internet communities. According to a report by [Hopelab](https://assets.hopelab.org/wp-content/uploads/2025/03/2025-Without-It-I-Wouldnt-Be-Here.pdf) of LGBTQ+ youth:
|
||||
|
||||
> Transgender young people more often agree that their online communities and friendships were important or very important (84%) when they began to explore their sexuality or gender compared to cisgender LGBQ+ young people (71%).
|
||||
|
||||
This is why it’s so important that they are able to freely express themselves with a pseudonymous or anonymous identity. If every online platform required these users to use their legal name, this would be extremely dangerous for transgender and gender-diverse people who often rely on online spaces for community, friendship, and support.
|
||||
|
||||
### LGBTQ+ people
|
||||
|
||||
Moreover, real-name policies disproportionately affect LGBTQ+ people, as they often prefer to not associate their legal name with their online activities. This is especially important for people living in countries where LGBTQ+ identities are [criminalized by law](https://en.wikipedia.org/wiki/Criminalization_of_homosexuality), meaning they can be jailed (or worse) if they associate their online activities with their real life identity.
|
||||
|
||||
Unfortunately, it gets even worse: harassers and trolls have weaponized Facebook's real-name policy, and are using it to silence their victims by mass reporting them as using a fake name.
|
||||
|
||||
In an [open letter](https://www.eff.org/document/open-letter-facebook-about-its-real-names-policy) to Facebook about its real-name policy in 2015, many LGBTQ+ and digital rights organizations warned Facebook that this was being used to silence LGBTQ+ people:
|
||||
|
||||
> Facebook users in the global LGBTQ community, South and Southeast Asia and the Middle East report that groups have deliberately organized (sometimes even coordinating via Facebook) to silence their targets using the "Report Abuse" button.
|
||||
|
||||
Despite all the recommendations and warnings by LGBTQ+ organizations and digital rights groups more than ten years ago, Facebook is still standing strong in its intention to keep the platform a "real name" only space.
|
||||
|
||||
Their help center still [states](https://www.facebook.com/help/229715077154790/Names+allowed+on+Facebook/) that you can only use a name that appears on your official identification documents:
|
||||
|
||||
> The name on your profile should be the name that your friends call you in everyday life. This name should also appear on a form of ID or document from our ID list.
|
||||
|
||||
Many platforms have been trying to improve the way they handle this and allow for users to select a preferred name that is displayed instead of their legal name. This is an improvement, however it isn't without issues.
|
||||
|
||||
Platforms shouldn't require you to provide your legal name to begin with.
|
||||
|
||||
### Stage performers and small businesses
|
||||
|
||||
In 2014, Facebook made the news for ramping up its real-name policy and suspending hundreds of accounts from marginalized and vulnerable people (more on this in the [next section](#facebook)). The platform was heavily criticized, and Facebook eventually reinstated many banned accounts.
|
||||
|
||||
At the time, drag performers were [severely impacted](https://www.cnn.com/2014/09/16/living/facebook-name-policy/) by the policy purge. Drag queen and activist Sister Roma reported having to change her Facebook profile to a legal name she had not used publicly for 27 years.
|
||||
|
||||
Retired burlesque dancer Blissom Booblé explained that using a pen name on Facebook was essential to continue her advocacy for LGBTQ+ homeless youth and to raise HIV awareness while staying free from discrimination at her workplace.
|
||||
|
||||
Drag queen Ruby Roo reluctantly complied with Facebook's policy in order to keep contact with his friends, but expressed concerns that people would not recognize him under his legal name. If nobody ever calls you by your legal name, does this still even count as your "real" name?
|
||||
|
||||
During an earlier purge in 2009, small-business entrepreneur Alicia Istanbul [suddenly lost access](https://www.sfgate.com/business/article/Real-users-caught-in-Facebook-fake-name-purge-3231397.php) to both her personal Facebook account and her jewelry design business page. Once this happens, the burden falls on users to carry on the lengthy and intrusive verification process to restore their accounts.
|
||||
|
||||
**There is no innocent until proven guilty with Big Tech.** This can represent significant losses in time and money for small businesses.
|
||||
|
||||
Additionally, many professionals such as teachers, doctors, therapists, and social workers regularly use pseudonyms so that clients and patients will not be able to find their personal accounts.
|
||||
|
||||
Everyone should have the right to separate their professional lives from their personal lives, and [using pseudonyms is a great practice](stay-safe-but-stay-connected.md/#pseudonymity) to this effect.
|
||||
|
||||
### Everyone else
|
||||
|
||||
Finally, everyone can be impacted negatively by real-name policies, not only marginalized or vulnerable groups.
|
||||
|
||||
Everyone should be able to choose the protections necessary for themselves, according to their own and unique [threat model](https://www.privacyguides.org/en/basics/threat-modeling/). If someone decides it's safer or more comfortable for them to use a platform under a pseudonymous account, they should be able to do so freely.
|
||||
|
||||
Privacy is a basic human right, and it should be accessible to all without requiring any justification.
|
||||
|
||||
The normalization of real-name policies online, aggravated by the growing identity and age verification industry, will have devastating consequences for everyone, and for democracies everywhere. **Real-name policies are authoritarian in nature and have a chilling effect on freedom of speech and other civil liberties.**
|
||||
|
||||
If we value privacy as a human right, we must push back against real-name policies, especially on social media.
|
||||
|
||||
## Where are real-name policies?
|
||||
|
||||
About ten years ago, pseudonymity became a heated news topic during the so-called [Nymwars](https://en.wikipedia.org/wiki/Nymwars), the wars against pseudo*nyms*.
|
||||
|
||||
The term mostly refers to a series of conflicts related to real-name policies in the 2010s. It emerged in relation to waves of policy enforcement from Facebook, Google, and the video-game giant Blizzard.
|
||||
|
||||
With the increasing push for age verification and "human authentication" online, the Nymwars are sadly likely to make a comeback very soon. And for some platforms, the war just never stopped.
|
||||
|
||||
Sometimes, your legal name might be required online of course. For example, for governmental and financial services. But way too many platforms and services collect legal names when there really isn't any strong justifications for it.
|
||||
|
||||
While Facebook was mentioned abundantly in previous examples, this problem isn't limited to Meta's social media. You've probably encountered real-name policies everywhere already, but here are some platforms (and even countries) that have been infamous for it:
|
||||
|
||||
### Facebook
|
||||
|
||||
In 2014, Facebook [made the news](https://www.aclunc.org/blog/my-name-why-aclu-facebook-today) (again) for enforcing a [horrible policy](https://www.zdnet.com/article/facebook-nymwars-disproportionately-outing-lgbt-performers-users-furious/) (again) that was [hurting](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community) marginalized and vulnerable groups the most ([again](https://www.hrc.org/news/metas-new-policies-how-they-endanger-lgbtq-communities-and-our-tips-for-staying-safe-online)).
|
||||
|
||||
Several human rights groups, including the Electronic Frontier Foundation, Human Rights Watch, and Access Now even joined the [Nameless Coalition](https://www.accessnow.org/nameless-coalition-calls-on-facebook-to-change-its-real-name-policy/) to demand changes to Facebook's policy.
|
||||
|
||||
Facebook presented this ramping up of their real-name policy enforcement as something important for "authenticity" online. Despite this dubitable claim, Facebook was in all likelihood simply worried about protecting its financial assets, as ever.
|
||||
|
||||
Back in 2012, Facebook's share price plummeted after a quarterly filing with the Securities and Exchange Commission [revealed](https://www.theguardian.com/technology/2012/aug/02/facebook-share-price-slumps-20-dollars) that an estimated 8.7% of accounts on the platform may be fake, and 5% of active accounts were duplicates (numbers that aren't really that alarming, actually). But this backlash from investors evidently scared Facebook enough to justify intensifying its policy enforcement for accounts using pseudonyms, or suspected of being fake, presumably in an attempt to soothe shareholders.
|
||||
|
||||
Despite the unpopularity of these policies, the real customer for Facebook isn't its users, but its advertisers (who demand access to your data, Facebook's true product).
|
||||
|
||||
Advertisers want some assurance that they are paying for *real* humans to see their ads, otherwise this diminishes Facebook's value to them. **It's important to remember that Facebook is, and has always been, an advertising company.**
|
||||
|
||||
Despicably, Facebook even [encouraged](https://thenextweb.com/news/facebook-now-wants-snitch-friends-arent-using-real-name) people to "snitch on [their] friends if they are not using their real name."
|
||||
|
||||
> Please help us understand how people are using Facebook. Your response is anonymous and won't affect your friend's account. Is this your friend's real name?
|
||||
|
||||
This kind of prompt fosters mistrust and allows users to weaponize policies against people they simply don't like. Victims of these "report attacks" are often the most vulnerable and the most marginalized in our society. **Real-name policies have nothing to do with safety, in fact, they're horrible for safety.**
|
||||
|
||||
A decade later, Facebook still encourages and enforces its real-name policy in order to protect its most valuable asset to sell: Your personal data.
|
||||
|
||||
### LinkedIn
|
||||
|
||||
LinkedIn is another well-known platform that enforces a real-name policy.
|
||||
|
||||
The employment-oriented social media states in its [User Agreement](https://www.linkedin.com/help/linkedin/answer/a1337288/names-allowed-on-profiles) that "LinkedIn does not allow members to use pseudonyms, fake names, business names, associations, groups, email addresses, or special characters that do not reflect your real or preferred professional name."
|
||||
|
||||
It's unclear how LinkedIn would enforce or verify what is an allowed "preferred professional name."
|
||||
|
||||
Although this might make slightly more sense on a platform focused on employment, the policy still excludes some professionals and industries that regularly work using pseudonyms, such as performers, writers, visual artists, activists, and privacy advocates even.
|
||||
|
||||
Additionally, the platform uses the same colonialist discrimination as Facebook, assuming that all names worldwide are composed of "first, middle, and last names" only.
|
||||
|
||||
### Google, Quora, and Blizzard abandoned their policies
|
||||
|
||||
Google made the news in 2011 when it started implementing and enforcing its own real-name policy for its (now defunct) social media platform Google+, and by proxy for YouTube accounts when Google [migrated](https://www.theguardian.com/technology/2014/jul/16/youtube-trolls-google-real-name-commenter-policy) YouTube comments to a Google+ system in 2013.
|
||||
|
||||
The policy was [largely criticized](https://www.eff.org/deeplinks/2011/07/case-pseudonyms) after a wave of account suspensions, where some famous accounts were banned. In July 2014, Google [abandoned](https://en.wikipedia.org/wiki/Nymwars#Google) the policy altogether and removed restrictions on account names.
|
||||
|
||||
The question-answering social platform Quora also enforced a real-name policy for a long time.
|
||||
|
||||
Verification wasn't required, but names deemed "false" could be reported by the community. Again, this kind of reporting system facilitates abuse by allowing the weaponization of platform policies against marginalized groups.
|
||||
|
||||
Thankfully, Quora [eliminated](https://quorablog.quora.com/Allowing-everyone-to-contribute-to-Quora) the requirement to use a "real" name in 2021, and now allows users to register with protective pseudonyms.
|
||||
|
||||
The video-game developer Blizzard Entertainment spawned strong criticism online when the company [announced](https://en.wikipedia.org/wiki/Blizzard_Entertainment#Privacy_controversy_and_Real_ID) in 2010 that it would be implementing a real-name policy for Blizzard's forums.
|
||||
|
||||
Gamers were not amused. The community came together to fight back in force against the announced policy. Game magazines and forums were inundated with replies and condemnations.
|
||||
|
||||
At one point, a Blizzard employee trying to demonstrate that the policy "wasn't a big deal" willingly shared his real name on a public post. After this revelation, forum members started to post the employee's personal information, including his phone number, age, picture, home address, and even information related to his family members.
|
||||
|
||||
Other members were quick to share their own experiences and show how [unsafe](https://web.archive.org/web/20100628055329/http://ve3d.ign.com/articles/news/55728/Is-Blizzards-Real-ID-Safe-Or-A-Playground-For-Sexual-Deviants) a real-name policy would be. Following the powerful community backlash, Blizzard decided to cancel its plan for the invasive policy.
|
||||
|
||||
### South Korea
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</p></div>
|
||||
|
||||
Terrifyingly, whole countries have enforced real-name policies online. In 2007, South Korea [implemented](https://www.koreatimes.co.kr/southkorea/20120823/online-real-name-system-unconstitutional) a name registration system for internet users in compliance with the country's Information Communications Law.
|
||||
|
||||
The law was initially enforced in an attempt to reduce malicious comments online, but **was later ruled unconstitutional and revoked in 2012**.
|
||||
|
||||
The Constitutional Court said in its verdict that "the system does not seem to have been beneficial to the public. <span class="pullquote-source">Despite the enforcement of the system, the number of illegal or malicious postings online has not decreased.</span>"
|
||||
|
||||
### China
|
||||
|
||||
Sadly, not every country implementing such a system came to the same conclusion.
|
||||
|
||||
In China, the [Internet real-name system](https://en.wikipedia.org/wiki/Internet_real-name_system_in_China) obligates all internet service providers and online platforms to collect users' legal names, ID numbers, and more. This affects services such as internet access, phone service, social media, instant messaging, microblogging, and online gaming.
|
||||
|
||||
In 2023, large Chinese platforms announced that they would make public the legal names of any accounts with over 500,000 followers.
|
||||
|
||||
In July 2025, China centralized this control further with the launch of the [national online identity authentication](https://en.wikipedia.org/wiki/National_online_identity_authentication) system, which requires citizens to submit their personal information in order to receive an "Internet certificate" to access online accounts.
|
||||
|
||||
This effectively imposes a real-name policy on *all* internet services in the country, and makes this information accessible at all time by the government.
|
||||
|
||||
The new national cyber ID system has been [criticized](https://www.scmp.com/tech/tech-trends/article/3318302/china-rolls-out-voluntary-cyber-id-system-amid-concerns-over-privacy-censorship) over privacy and censorship concerns.
|
||||
|
||||
So far, it is not mandatory to share identity through the national online identity authentication (although services are still obligated to identity their users in other ways).
|
||||
|
||||
However, in a country where freedom of speech and access to information is increasingly restricted, it's easy to imagine the national real-name system could become obligatory everywhere soon.
|
||||
|
||||
## Real-name policies don't make the web safer
|
||||
|
||||
It has been demonstrated again and again that real-name policies do not reduce abuse and misbehavior online, and only end up harming the most vulnerable.
|
||||
|
||||
Despite the evidence and failed attempts, platform owners and policymakers obstinately continue to push for the implementation of these dangerous, authoritarian systems.
|
||||
|
||||
Platforms will often claim these policies are to protect users from harassment, but when action is required to truly protect users they refuse to act. Facebook, the most infamous platform for enforcing its real-name policy, [ranks the *worst* for online harassment](https://www.theverge.com/news/713976/online-harassment-meta-social-media-environmental-activists).
|
||||
|
||||
So, who are these real-name policies truly protecting?
|
||||
|
||||
It's clear that, as is the case for other oppressive policies such as [Age Verification](age-verification-wants-your-face.md) and [Chat Control](chat-control-must-be-stopped.md), "safety" is only an excuse for people to accept what this is truly about: **Corporate profit and government control.**
|
||||
|
||||
Unfortunately, as long as these platforms' business model is to sell users' data to advertisers and other stakeholders, there is no incentive for them to protect our privacy and our right to use protective pseudonyms, as the EFF's Director of Cybersecurity Eva Galperin aptly pointed out in her [talk](https://www.youtube.com/watch?v=d5czLwsa-wE) at the HOPE conference in 2012. **More data just means more money to them.**
|
||||
|
||||
When governments impose similar invasive practices, it's a **dangerous and slippery slope towards totalitarianism**.
|
||||
|
||||
Citizens need to be able to express their views freely online and criticize their government and its leaders without fear of reprisal. Real-name policies (explicit and implicit) are only a tool for censorship, and there is no democracy and no freedom under government censorship.
|
||||
|
||||
Fighting against policies attacking online pseudonymity, such as real-name policies, age-verification policies, and Chat Control proposals, isn't just a banal fight to keep using silly nicknames online. It's a battle for democracy, for civil liberties, and for human rights.
|
||||
|
||||
## What you can do about real-name policies
|
||||
|
||||
- [**Choose better platforms**](https://news.elenarossini.com/my-fediverse-starter-guide) that do not require you to share your legal name and official IDs, such as [Mastodon](mastodon-privacy-and-security.md) or other platforms connected to the Fediverse.
|
||||
|
||||
- [**Inform yourself**](https://safetycrave.com/why-should-not-use-real-names-online/) on the dangers related to using legal names online, and share this information with others.
|
||||
|
||||
- [**Say no**](you-can-say-no.md) to sharing official documentation with commercial platforms when it isn't strictly required and when you can avoid it.
|
||||
|
||||
- [**Understand the difference**](https://www.privacyguides.org/videos/2025/03/14/stop-confusing-privacy-anonymity-and-security/) between privacy, security, anonymity, and pseudonymity.
|
||||
|
||||
- [**Use pseudonyms**](stay-safe-but-stay-connected.md/#practices-and-tools-that-help-in-various-contexts) on platforms where you can. Use a pseudonym persistent across platforms if you want these accounts to be linked together for trust, or use different pseudonyms to keep them separated.
|
||||
|
||||
- **Make your voice heard!** Contact your government representatives to let them know that privacy is important to you, and explain to them that pseudonymity is essential for safety, democracy, and free speech online. Complain against platforms using these invasive and exclusionary practices. Citizen action matters, and abusive policies can be reversed.
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Remember that pseudonymity isn't anonymity</p>
|
||||
|
||||
Keep in mind that only using a pseudonym isn't enough to make you anonymous online. There are many other ways to tie an identity together, such as IP addresses, [browser fingerprinting](https://www.privacyguides.org/videos/2025/09/12/what-is-browser-fingerprinting-and-how-to-stop-it/), photo comparison, facial recognition, and so on and so forth. Pseudonymity is a great practice to *improve* your privacy and safety online, but alone it does have limitations.
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,448 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-03T19:30:00Z
|
||||
categories:
|
||||
- Tutorials
|
||||
authors:
|
||||
- em
|
||||
description:
|
||||
Being able to distinguish facts from marketing lies is an essential skill in today's world. Despite all the privacy washing, there are clues we can look for to help.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/red-and-green-privacy-flags/dontcare-cover.webp
|
||||
---
|
||||
|
||||
# “We [Don't] Care About Your Privacy”
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Em / Privacy Guides | Photo: Lilartsy / Unsplash</small>
|
||||
|
||||
They all claim "Your privacy is important to us." How can we know if that's true? With privacy washing being normalized by big tech and startups alike, it becomes increasingly difficult to evaluate who we can trust with our personal data. Fortunately, there are red (and green) flags we can look for to help us.<!-- more -->
|
||||
|
||||
If you haven't heard this term before, [privacy washing](privacy-washing-is-a-dirty-business.md) is the practice of misleadingly, or fraudulently, presenting a product, service, or organization as being trustworthy for data privacy, when in fact it isn't.
|
||||
|
||||
Privacy washing isn't a new trend, but it has become more prominent in recent years, as a strategy to gain trust from progressively more suspicious prospect customers. Unless politicians and regulators start getting much more serious and severe about protecting our privacy rights, this trend is likely to only get worse.
|
||||
|
||||
In this article, we will examine common indicators of privacy washing, and the "red" and "green" flags we should look for to make better-informed decisions and avoid deception.
|
||||
|
||||
## Spotting the red flags
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">Marketing claims can be separated from facts by an abysmally large pit of lies</p></div>
|
||||
|
||||
It's important to keep in mind that it's not the most visible product that's necessarily the best. More visibility only means more marketing. <span class="pullquote-source">Marketing claims can be separated from facts by an abysmally large pit of lies</span>.
|
||||
|
||||
Being able to distinguish between facts and marketing lies is an important skill to develop, doubly so on the internet. After all, it's difficult to find a single surface of the internet that isn't covered with ads, whether in plain sight or lurking in the shadows, disguised as innocent comments and enthusiastic reviews.
|
||||
|
||||
So what can we do about it?
|
||||
|
||||
There are some signs that should be considered when evaluating a product to determine its trustworthiness. It's unfair this burden falls on us, but sadly, until we get better regulations and institutions to protect us, we will have to protect ourselves.
|
||||
|
||||
It's also important to remember that evaluating trustworthiness isn't binary, and isn't permanent. There is always at least some risk, no matter how low, and trust should always be revoked when new information justifies it.
|
||||
|
||||
<div class="admonition info" markdown>
|
||||
<p class="admonition-title">Examine flags collectively, and in context</p>
|
||||
|
||||
It's important to note that each red flag isn't necessarily a sign of untrustworthiness on its own (and the same is true for green flags, in reverse). But the more red flags you spot, the more suspicious you should get.
|
||||
|
||||
Taken into account *together*, these warning signs can help us estimate when it's probably reasonably safe to trust (low risk), when we should revoke our trust, or when we should refrain from trusting a product or organization entirely (high risk).
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Conflict of interest
|
||||
|
||||
Conflict of interest is one of the biggest red flag to look for. It comes in many shapes: Sponsorships, affiliate links, parent companies, donations, employments, personal relationships, and so on and so forth.
|
||||
|
||||
#### Content sponsorships and affiliate links
|
||||
|
||||
Online influencers and educators regularly receive offers to "monetize their audience with ease" if they accept to overtly or subtly advertise products within their content. If this isn't explicitly presented as advertising, then there is obviously a strong conflict of interest. The same is true for affiliate links, where creators receive a sum of money each time a visitor clicks on a link or purchase a product from this link.
|
||||
|
||||
It's understandable that content creators are seeking sources of revenue to continue doing their work. This isn't an easy job. But a trustworthy content creator should always **disclose** any potential conflicts of interest related to their content, and present paid advertising explicitly as paid advertising.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Before trusting content online, try to examine what the sources of revenue are for this content. Look for affiliate links and sponsorships, and try to evaluate if what you find might have influenced the impartiality of the content.
|
||||
|
||||
</div>
|
||||
|
||||
#### Parent companies
|
||||
|
||||
This one is harder to examine, but is extremely important. In today's corporate landscape, it's not rare to find conglomerates of corporations with a trail of ownership so long it's sometimes impossible to find the head. Nevertheless, investigating which company owns which is fundamental to detect conflicts of interest.
|
||||
|
||||
For example, the corporation [Kape Technologies](https://en.wikipedia.org/wiki/Teddy_Sagi#Kape_Technologies) is the owner of both VPN providers (ExpressVPN, CyberGhost, Private Internet Access, and Zenmate) and websites publishing [*VPN reviews*](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/). Suspiciously, their own VPN providers always get ranked at the top on their own review websites. Even if there were no explicit directive for the websites to do this, which review publisher would dare to rank negatively a product owned by its parent company, the one keeping them alive? This is a direct and obvious conflict of interest.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Look at the *Terms of Service* and *Privacy Policy* (or *Privacy Notice*) for declarations related to a parent company. This is often stated there. You can also examine an organization's *About* page, Wikipedia page, or even the official government corporate registries to find out if anyone else owns an organization.
|
||||
|
||||
</div>
|
||||
|
||||
#### Donations, event sponsorships, and other revenues
|
||||
|
||||
When money is involved, there is always a potential for conflict of interest. If an organization receives a substantial donation, grant, or loan from another, it will be difficult to remain impartial about it. Few would dare to talk negatively about a large donor.
|
||||
|
||||
This isn't necessarily a red flag in every situation of course. For example, a receiving organization could be in a position where the donor's values are aligned, or where impartiality isn't required. Nevertheless, it's something important to consider.
|
||||
|
||||
In 2016, developer and activist Aral Balkan [wrote](https://ar.al/notes/why-im-not-speaking-at-cpdp/) about how he refused an invitation to speak at a panel on Surveillance Capitalism at the [Computers, Privacy, & Data Protection Conference](http://www.cpdpconferences.org) (CPDP). The conference had accepted sponsorship from an organization completely antithetical to its stated values: [Palantir](https://www.independent.co.uk/news/world/americas/us-politics/trump-doge-palantir-data-immigration-b2761096.html).
|
||||
|
||||
Balkan wrote: "The sponsorship of privacy and human rights conferences by corporations that erode our privacy and human rights is a clear conflict of interests that we must challenge."
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them?</p></div>
|
||||
|
||||
This is a great example of how sponsors can severely compromise not only the impartiality of an organization, but also its credibility and its values. How could the talks being put forward at such a conference be selected without bias? <span class="pullquote-source">How could one claim to defend privacy rights while receiving money from organizations thriving on destroying them?</span>
|
||||
|
||||
It's worth nothing that this year's CPDP 2025 sponsors [included](https://www.cpdpconferences.org/sponsors-partners) Google, Microsoft, TikTok, and Uber.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Examine who sponsors events and who donates to organizations. Try to evaluate if an organization or event received money from sources that could be in contradiction with its values. Does this compromise its credibility? If a sponsor or donor has conflicting values, what benefit would there be for the sponsor supporting this event or organization?
|
||||
|
||||
</div>
|
||||
|
||||
#### Employment and relationships
|
||||
|
||||
Finally, another important type of conflicts of interest to keep in mind are the relationships between the individuals producing the content and the companies or products they are reporting on.
|
||||
|
||||
For example, if a content creator is working or previously worked for an organization, and the content requires impartiality, this is a potential conflict of interest that should be openly disclosed.
|
||||
|
||||
The same can be true if this person is in a professional or personal relationship with people involved with the product. This can be difficult to detect of course, and is not categorically a sign of bias, but it's worth paying attention to it in our evaluations.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Look for disclaimers related to conflict of interest. Research the history of an organization to gain a better understanding of the people involved. Wikipedia can be a valuable resource for this.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Checkbox compliance and copy-paste policies
|
||||
|
||||
Regrettably, many organizations have no intention whatsoever to genuinely implement privacy-respectful practices, and are simply trying to get rid of these "pesky privacy regulation requirements" as cheaply and quickly as possible.
|
||||
|
||||
They treat privacy law compliance like an annoying list of annoying tasks. They think they can complete this list doing the bare *cosmetic* minimum, so that it will all *look* like it's compliant (of course, it is not).
|
||||
|
||||
A good clue this mindset might be ongoing in an organization is when it uses a very generic privacy policy and terms of service, policies that are often simply copy-pasted from another website or AI-generated (which is kind of the same thing).
|
||||
|
||||
Not only this is *extremely unlikely* to truly fulfill the requirements for privacy compliance, but it also almost certainly infringes on *copyright* laws.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If you find few details in a privacy policy that are specific to the organization, try copying one of its paragraph or long sentence in a search engine (using quotation marks around it to find the exact same entry). This will help detect where other websites are using the same policy.
|
||||
|
||||
Some might be using legitimate templates of course, but even legal usable policy templates need to be customized heavily to be compliant. Sadly, many simply copy-paste material from other organizations without permission, or use generative AI tools doing the same.
|
||||
|
||||
If the whole policy is copied without customization, it's very unlikely to describe anything true.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Meaningless privacy compliance badges
|
||||
|
||||
Many businesses and startups have started to proudly display privacy law "[compliance badges](https://www.shutterstock.com/search/compliance-badge)" on their websites, to reassure potential clients and customers.
|
||||
|
||||
While it can indeed be reassuring at first glance to see "GDPR Compliant!", "CCPA Privacy Approved", and other deceitful designs, there is no central authority verifying this systematically. At this time, anyone could decide to claim they are "GDPR Compliant" and ornate their website with a pretty badge.
|
||||
|
||||
Moreover, if this claim isn't true, this is fraudulent of course and likely to break many laws. But some businesses bet on the assumption that no one will verify or report it, or that data protection authorities simply have better things to do.
|
||||
|
||||
While most privacy regulations adopt principles similar to the European General Data Protection Regulation (GDPR) [principle of accountability](https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/how-can-i-demonstrate-my-organisation-compliant-gdpr_en) (where organizations are responsible for compliance and for demonstrating compliance), organizations' assertions are rarely challenged or audited. Because most of the time there isn't anyone verifying compliance unless there's an individual complaint, organizations have grown increasingly fearless with false claims of compliance.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Never trust a claim of privacy compliance at face value, especially if it comes in the shape of a pretty website badge.
|
||||
|
||||
Examine organizations' privacy policies, contact them and ask questions, look for independent reviews, investigate to see if an organization has been reported before. Never trust a first-party source to tell you how great and compliant the first-party is.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Fake reviews
|
||||
|
||||
Fake reviews are a growing problem on the internet. And this was only aggravated by the arrival of generative AI. There are so many review websites that are simply advertising in disguise. Some fake reviews are [generated by AI](https://apnews.com/article/fake-online-reviews-generative-ai-40f5000346b1894a778434ba295a0496), some are paid for or [influenced by sponsorships and affiliate links](the-trouble-with-vpn-and-privacy-review-sites.md), some are in [conflict of interest](https://cyberinsider.com/kape-technologies-owns-expressvpn-cyberghost-pia-zenmate-vpn-review-sites/) from parent companies, and many are biased in other ways. Trusting an online review today feels like trying to find the single strand of true grass through an enormous plastic haystack.
|
||||
|
||||
Genuine reviews are (were?) usually a good way to get a second opinion while shopping online and offline. Fake reviews pollute this verification mechanism by duping us in believing something comes from an independent third-party, when it doesn't.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Train yourself to spot fake reviews. There are [many signs](https://www.bbb.org/all/spot-a-scam/how-to-spot-a-fake-review) that can help with this, such as language that suspiciously uses the complete and correct product and feature brand each time, reviewers who published an unnatural quantity of reviews in a short period of time, excessively positive review, negative reviews talking about how great this *other* brand is, etc. Make sure to look for potential conflicts of interest as well.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Fake AI-generated content
|
||||
|
||||
Sadly, the internet has been infected by a new plague in recent years: AI-generated content. This was mentioned before, but truly deserves its own red flag.
|
||||
|
||||
Besides AI-generated reviews, it's important to know there are also now multiple articles, social media posts, and even entire websites that are completely AI-generated, and doubly fake. This affliction makes it even harder for readers to find genuine sources of reliable information online. [Learning to recognize this fake content](https://www.cnn.com/interactive/2023/07/business/detect-ai-text-human-writing/) is now an internet survival skill.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If you find a blog that publishes 5 articles per day from the same author every day, be suspicious. Look for publication dates, and if they are inhumanly close to each other, this can be a sign of AI-generated content.
|
||||
|
||||
When reading an article, AI-generated text will often use very generic sentences, you will rarely find the colorful writing style that is unique to an author. AI-writing is generally bland with no personality shinning through. You might also notice the writing feels circular. It will seems like it's not really saying anything specific, except for that one thing, that is repeated over and over.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Excessive self-references
|
||||
|
||||
When writing an article, review, or a product description, writers often use text links to add sources of information to support their statements, or to provide additional resources to readers.
|
||||
|
||||
When **all** the text links in an article point to the same source, you should grow suspicious. If all the seemingly external links only direct to material created from the original source, this can give the impression of supporting independent evidences, when in fact there aren't any.
|
||||
|
||||
Of course, organizations will sometimes refer back to their own material to share more of what they did with you (we certainly do!), but if an article or review *only* uses self-references, and these references also only use self-references, this could be a red flag.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Even if you do not click on links, at least hover over them to see where they lead. Usually, trustworthy sources will have at least a few links pointing to *external* third-party websites. A diversity of supporting resources is important when conducting impartial research, and should be demonstrated there whenever relevant.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Deceptive designs
|
||||
|
||||
Deceptive design can be difficult to spot. Sometimes it's obvious, like a cookie banner with a ridiculously small <small>"reject all"</small> button, or an opt-out option hidden under twenty layers of menu.
|
||||
|
||||
Most of the time however, deceptive design is well-planned to psychologically manipulate us to pick the option most favorable to the company, at the expense of our privacy. The Office of the Privacy Commissioner of Canada has produced this informative [web page](https://www.priv.gc.ca/en/privacy-topics/technology/online-privacy-tracking-cookies/online-privacy/deceptive-design/gd_dd-ind/) to help us recognize better deceptive design.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Favor tools and services that are built for privacy from the ground up, and always default to privacy first. Train yourself to spot deceptive patterns and be persistent to choose the most privacy-protective option.
|
||||
|
||||
Don't be afraid to [say no](you-can-say-no.md), to reject options and products, and to also report them when deceptive design becomes fraudulent or infringes privacy laws.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Buzzword language
|
||||
|
||||
Be suspicious of buzzword language, especially when it becomes excessive or lacks any supportive evidences. **Remember that buzzwords aren't a promise, but only marketing to get your attention.** These words don't mean anything on their own.
|
||||
|
||||
Expressions like "military-grade encryption" are usually designed to inspire trust, but there is [no such thing](https://www.howtogeek.com/445096/what-does-military-grade-encryption-mean/) that grants better privacy. Most military organizations likely use industry-standard encryption from solid and tested cryptographic algorithms, like any trustworthy organizations and privacy-preserving tools do.
|
||||
|
||||
Newer promises like "AI-powered" are completely empty, if not *scary*. Thankfully, many "AI-powered" apps aren't really AI-powered, and this is a good thing because "AI" is more often [a danger to your privacy](https://www.sciencenewstoday.org/the-dark-side-of-ai-bias-surveillance-and-control), and not an enhancement at all.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Remain skeptical of expressions like "privacy-enhancing", "privacy-first approach", "fully-encrypted", or "fully compliant" when these claims aren't supported with evidences. Fully encrypted means nothing if the encryption algorithm is weak, or if the company has access to your encryption keys.
|
||||
|
||||
When you see claims of "military-grade encryption", ask which cryptographic algorithms are used, and how encryption is implemented. Look for evidences and detailed information on technological claims. Never accept vague promises as facts.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Unverifiable and unrealistic promises
|
||||
|
||||
Along the same lines, many businesses will be happy to promise you the moon. But then, they become reluctant to explain how they will get you the moon, how they will manage to give the moon to multiple customers at once, and what will happen to the planet once they've transported the moon away from its orbit to bring it back to you on Earth... Maybe getting the moon isn't such a good promise after all.
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves</p></div>
|
||||
|
||||
Similarly, <span class="pullquote-source">companies promising you software that is 100% secure and 100% private are either lying or misinformed themselves</span>.
|
||||
|
||||
No software product is 100% secure and/or 100% private. Promises like this are unrealistic, and (fortunately for those companies) often also *unverifiable*. But an unverifiable claim shouldn't default to a trustworthy claim, quite the opposite. Trust must be earned. If a product cannot demonstrate how their claims are true, then we must remain skeptical.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Same as for buzzwords and compliance claims, never trust at face value. If there are no ways for you to verify a claim, remain skeptical and aware this promise could be empty.
|
||||
|
||||
Be especially suspicious with organizations repeating exaggerated guarantees such as 100% secure. Organizations that are knowledgeable about security and privacy will usually restrain from such binary statement, and tend to talk about risk reduction with nuanced terms like "more secure", or "more private".
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Flawed or absent process for data deletion
|
||||
|
||||
Examining an organization's processes for data deletion can reveal a lot on their privacy practices and expertise. Organizations that are knowledgeable about privacy rights will usually be prepared to respond to data deletion requests, and will already have a process in place, a process that [doesn't require providing more information](queer-dating-apps-beware-who-you-trust.md/#they-can-make-deleting-data-difficult) than they already have.
|
||||
|
||||
Be especially worried if:
|
||||
|
||||
- [ ] You don't find any mentions of data deletion in their privacy policy.
|
||||
|
||||
- [ ] From your account's settings or app, you cannot find any option to delete your account and data.
|
||||
|
||||
- [ ] The account and data deletion process uses vague terms that make it unclear if your data will be truly deleted.
|
||||
|
||||
- [ ] You cannot find an email address to contact a privacy officer in their privacy policy.
|
||||
|
||||
- [ ] The email listed in their privacy policy isn't an address dedicated to privacy.
|
||||
|
||||
- [ ] You emailed the address listed but didn't get any reply after two weeks.
|
||||
|
||||
- [ ] Their deletion process requires to fill a form demanding more information than they already have on you, or uses a privacy-invasive third-party like Google Forms.
|
||||
|
||||
- [ ] They argue with you when you ask for legitimate deletion.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If this isn't already explicitly explained in their policies (or if you do not trust their description), find the privacy contact for an organization and email them *before* using their products or services, to ask about their data deletion practices.
|
||||
|
||||
Ask in advance which information will be required from you in order to delete your data. Also ask if they keep any data afterward, and (if they do) what data they keep. Once data is shared, this could be much harder to deal with. It's best to verify data deletion processes *before* trusting an organization with our data.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: False reassurances
|
||||
|
||||
The goal of privacy washing is to reassure worried clients, consumers, users, patients, and investors into using the organization's products or services. But making us *feel* more secure doesn't always mean that we are.
|
||||
|
||||
#### Privacy theaters
|
||||
|
||||
You might have heard the term "security theater" already, but there's also "[privacy theater](https://slate.com/technology/2021/12/facebook-twitter-big-tech-privacy-sham.html)". Many large tech organizations have mastered this art for decades now. In response to criticisms about their dubious privacy practices, companies like Facebook and Google love to add seemingly "privacy-preserving" options to their software's settings, to give people the impression it's possible to use their products while preserving their privacy. But alas, it is not.
|
||||
|
||||
Unfortunately, no matter how much you "harden" your Facebook or Google account for privacy, these corporations will keep tracking everything you do on and off their platforms. Yes, enabling these options *might* very slightly reduce exposure for *some* of your data (and you should enable them if you cannot leave these platforms). However, Facebook and Google will still collect enough data on you to make them billions in profits each year, otherwise they wouldn't implement these options at all.
|
||||
|
||||
#### Misleading protections
|
||||
|
||||
The same can be said for applications that have built a reputation on a supposedly privacy-first approach like [Telegram](https://cybersecuritycue.com/telegram-data-sharing-after-ceo-arrest/) and [WhatsApp](https://insidetelecom.com/whatsapp-security-risk-alert-over-privacy-concerns/). In fact, the protections these apps offer are only partial, often poorly explained to users, and the apps still collect a large amount of data and/or metadata.
|
||||
|
||||
#### When deletion doesn't mean deletion
|
||||
|
||||
In other cases, false reassurance comes in the form of supposedly deleted data that isn't truly deleted. In 2019, Global News [reported](https://globalnews.ca/news/5463630/amazon-alexa-keeps-data-deleted-privacy/) on Amazon's Alexa virtual assistant speaker that didn't always delete voice-recorded data as promised. Google was also found [guilty](https://www.cnet.com/tech/services-and-software/google-oops-did-not-delete-street-view-data-as-promised/) of this, even after receiving an order from UK's Information Commissioner's Office.
|
||||
|
||||
This can also happen with cloud storage services that display an option to "delete" a file, when in fact the file is [simply hidden](https://www.consumersearch.com/technology/cloud-storage-privacy-concerns-learn-permanently-delete-data) from the interface, while remaining available in a bin directory or from version control.
|
||||
|
||||
How many unaware organizations might have inadvertently (or maliciously) kept deleted data by misusing their storage service and version control system? Of course, if a copy of the data is kept in backups or versioning system, then it's **not** fully deleted, and doesn't legally fulfill a data deletion requirement.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Do not simply trust a "privacy" or "opt-out" option. Look at the overall practices of an organization to establish trust. Privacy features have no value at all if we cannot trust the organization that implemented them.
|
||||
|
||||
Investigate to find an organization's history of data breaches and how they responded to it. Was this organization repeatedly fined by data protection authorities? Do not hesitate to ask questions to an organization's privacy officer about their practices. And look for independent reviews of the organization.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: New and untested technologies
|
||||
|
||||
Many software startups brag about how revolutionary their NewTechnology™ is. Some even dare to brag about a "unique" and "game-changing" novel encryption algorithm. You should not feel excited by this, you should feel *terrified*.
|
||||
|
||||
For example, any startups serious about security and privacy will know that **you should never be ["rolling your own crypto"](https://www.infosecinstitute.com/resources/cryptography/the-dangers-of-rolling-your-own-encryption/)**.
|
||||
|
||||
Cryptography is a complex discipline, and developing a robust encryption algorithm takes a lot of time and transparent testing to achieve. Usually, it is achieved with the help of an entire community of experts. Some beginners might think they had the idea of the century, but until their algorithm has been rigorously tested by hundreds of experts, this is an unfounded claim.
|
||||
|
||||
The reason most software use the same few cryptographic algorithms for encryption, and usually follow strict protocols to implement them, is because this isn't an easy task to do, and the slightest mistake could render this encryption completely useless. The same can be true for other types of technology as well.
|
||||
|
||||
Novel technologies might sound more exciting, but *proven* and *tested* technologies are usually much more reliable when it comes to privacy, and especially when it comes to encryption.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
If a company brags about its new technology, investigate what information they have made available about it. Look for a document called a *White Paper*, which should describe in technical details how the technology works.
|
||||
|
||||
If the code is open source, look at the project's page and see how many people have worked on it, who is involved, since how long, etc.
|
||||
|
||||
More importantly, look for independent audits from trustworthy experts. Read the reports and verify if the organization's claims are supported by professionals in the field.
|
||||
|
||||
</div>
|
||||
|
||||
### :triangular_flag_on_post: Critics from experts
|
||||
|
||||
<div class="admonition quote inline end" markdown>
|
||||
<p class="admonition-title">if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag</p></div>
|
||||
|
||||
No matter how much an organization or product claims to be "privacy-first", <span class="pullquote-source">if you find multiple reports of privacy experts raising the alarm about it, consider this a dark-red red flag</span>.
|
||||
|
||||
If a company has been [criticized by privacy commissioners](sam-altman-wants-your-eyeball.md/#privacy-legislators-arent-on-board), data protection authorities, privacy professionals, and consumer associations, especially if this has happened repeatedly, you should be *very* suspicious.
|
||||
|
||||
Sometimes, criticized corporations will use misleading language like "we are currently working with the commissioner", this *isn't* a good sign.
|
||||
|
||||
The marketing department will try to spin any authority audits into something that sounds favorable to the corporation, but this is only privacy washing. They would not be "working with" the privacy commissioner if they hadn't been forced to in the first place. And **they wouldn't have been forced to if they truly had privacy-respectful practices**.
|
||||
|
||||
<div class="admonition success" markdown>
|
||||
<p class="admonition-title">What to do?</p>
|
||||
|
||||
Use a search engine to look for related news using keywords such as the company's name with "data breach", "fined", or "privacy".
|
||||
|
||||
Check the product's or corporation's Wikipedia page, sometimes there will be references to previous incidents and controversies listed there. Follow trustworthy sources of privacy and security news to stay informed about reported data leaks and experts raising the alarm.
|
||||
|
||||
</div>
|
||||
|
||||
## Looking for the green(ish) flags
|
||||
|
||||
Now that we have discussed some red flags to help us know when we should be careful, let's examine the signs that *can* be indicator of trustworthiness.
|
||||
|
||||
Like for red flags, green flags should always be taken into context and considered together. One, or even a few green flags (or greenish flags) aren't on their own a guarantee that an organization is trustworthy. Always remain vigilant, and be ready to revoke your trust at any time if new information warrants it.
|
||||
|
||||
### :custom-green-flag: Independent reviews
|
||||
|
||||
Independent reviews from trustworthy sources can be a valuable resource to help to determine if a product is reliable. This is never a guarantee of course, humans (even experts) can also make mistakes (less than AI, but still) and aren't immune to lies.
|
||||
|
||||
However, an impartial review conducted by an expert in the field has the benefit of someone who has likely put many hours investigating this topic, something you might understandably not always have the time to do yourself. But be careful to first evaluate if this is a genuine unbiased assessment, or simply marketing content disguised as one.
|
||||
|
||||
### :custom-green-flag: Independent audits
|
||||
|
||||
Similarly, independent audits from credible organizations are very useful to assess a product's claims. Make sure the company conducting the audit is reputable, impartial, and that you can find a copy of the audit's report they produced, ideally from a source that *isn't* the audited company's website (for example, the auditing organization might [provide](https://cure53.de/#publications) access to it transparently).
|
||||
|
||||
### :custom-green-flag: Transparency
|
||||
|
||||
Transparency helps a lot to earn trust, and source code that is publicly available helps a lot with transparency. If a piece of software publishes its code for anyone to see, this is already a significant level of transparency above any proprietary code.
|
||||
|
||||
Open source code is never a guarantee of security and privacy, but it makes it much easier to verify any organization assertions. This is almost impossible to do when code is proprietary. Because no one outside the organization can examine the code, they must be trusted on their own words entirely. Favor products with code that is transparently available whenever possible.
|
||||
|
||||
### :custom-green-flag: Verifiable claims
|
||||
|
||||
If you can easily verify an organization's claims, this is a good sign. For example, if privacy practices are explicitly detailed in policies (and match the observed behaviors), if source code is open and easy to inspect, if independent audits have confirmed the organization's claims, and if the organization is consistent with its privacy practices (in private as much as in public), this all helps to establish trust.
|
||||
|
||||
### :custom-green-flag: Well-defined policies
|
||||
|
||||
Trustworthy organizations should always have well-defined, unique, and easy to read privacy policies and terms of service. The conditions within it should also be fair. **You shouldn't have to sell your soul to 1442 marketing partners just to use a service or visit a website.**
|
||||
|
||||
Read an organization's privacy policy (or privacy notice), and make sure it includes:
|
||||
|
||||
- [x] Language unique to this organization (no copy-paste policy).
|
||||
|
||||
- [x] Disclosure of any parent companies owning this organization (if any).
|
||||
|
||||
- [x] A dedicated email address to contact for privacy-related questions and requests.
|
||||
|
||||
- [x] Detailed information on what data is collected for each activity. For example, the data collected when you use an app or are employed by an organization shouldn't be bundled together indistinctly with the data collected when you simply visit the website.
|
||||
|
||||
- [x] Clear limits on data retention periods (when the data will be automatically deleted).
|
||||
|
||||
- [x] Clear description of the process to follow in order to delete, access, or correct your personal data.
|
||||
|
||||
- [x] A list of third-party vendors used by the organization to process your information.
|
||||
|
||||
- [x] Evidences of accountability. The organization should demonstrate accountability for the data it collects, and shouldn't just transfer this responsibility to the processors it uses.
|
||||
|
||||
### :custom-green-flag: Availability
|
||||
|
||||
Verify availability. Who will you contact if a problem arises with your account, software, or data? Will you be ignored by an AI chatbot just repeating what you've already read on the company's website? Will you be able to reach out to a competent human?
|
||||
|
||||
If you contact an organization at the listed privacy-dedicated email address to ask a question, and receive a thoughtful non-AI-generated reply within a couple of weeks, this can be a good sign. If you can easily find a privacy officer email address, a company's phone number, and the location where the organization is based, this also can be encouraging signs.
|
||||
|
||||
### :custom-green-flag: Clear funding model
|
||||
|
||||
If a *free* service is provided by a *for-profit* corporation, you should investigate further. The old adage that if you do not pay for a product you are the product is sadly often true in tech, and doubly so for big tech.
|
||||
|
||||
Before using a new service, try to find what the funding model is. Maybe it's a free service run by volunteers? Maybe they have a paid tier for businesses, but remain free for individual users? Maybe they survive and thrive on donations? Or maybe everyone does pay for it (with money, not data).
|
||||
|
||||
Look for what the funding model is. If it's free, and you can't really find any details on how it's financed, this could be a red flag that your data might be used for monetization. But if the funding model is transparent, fair, and ethical, this *can* be a green flag.
|
||||
|
||||
### :custom-green-flag: Reputation history
|
||||
|
||||
Some errors are forgivable, but others are too big to let go. Look for an organization's track record to help to evaluate its reputation overtime. Check if there was any security or privacy incidents, or expert criticisms, and check how the organization responded to it.
|
||||
|
||||
If you find an organization that has always stuck to its values (integrity), is still run by the same core people in recent years (stability), seems to have a generally good reputation with others (reputability), and had few (or no) incidents in the past (reliability), this *can* be a green flag.
|
||||
|
||||
### :custom-green-flag: Expert advice
|
||||
|
||||
Seek expert advice before using a new product or service. Look online for reliable and independent sources of [recommendations](https://www.privacyguides.org/en/tools/) (like Privacy Guides!), and read thoroughly to determine if the description fits your privacy needs. No tool is perfect to protect your privacy, but experts will warn you about a tool's limitations and downsides.
|
||||
|
||||
There's also added value in community consensus. If a piece of software is repeatedly recommended by multiple experts (not websites or influencers, *experts*), then this *can* be a green flag that this tool or service is generally trusted by the community (at this point in time).
|
||||
|
||||
## Take a stand for better privacy
|
||||
|
||||
Trying to evaluate who is worthy of our trust and who isn't is an increasingly difficult task. While this burden shouldn't fall on us, there are unfortunately too few institutional protections we can rely on at the moment.
|
||||
|
||||
Until our governments finally prioritize the protection of human rights and privacy rights over corporate interests, we will have to protect ourselves. But this isn't limited to self-protection, our individual choices also matter collectively.
|
||||
|
||||
Each time we dig in to thoroughly investigate a malicious organization and expose its privacy washing, we contribute in improving safety for everyone around us.
|
||||
|
||||
Each time we report a business infringing privacy laws, talk publicly about our bad experience to get our data deleted, and more importantly refuse to participate in services and products that aren't worthy of our trust, this all helps to improve data privacy for everyone overtime.
|
||||
|
||||
Being vigilant and reporting bad practices is taking a stand for better privacy. We must all take a stand for better privacy, and expose privacy washing each time we spot it.
|
||||
@@ -6,7 +6,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs.
|
||||
description: Last week, OpenAI's CEO Sam Altman announced in San Francisco that the World project he co-founded, formerly known as Worldcoin, is opening six stores across the United States, allowing users of the project's app to scan their eyeballs. This is worrisome, to say the least.
|
||||
schema_type: AnalysisNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/sam-altman-wants-your-eyeball/orb-cover.webp
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.
|
||||
description: Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. But this convenience is a Trojan horse.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/selling-surveillance-as-convenience/surveillance-cover.webp
|
||||
|
||||
@@ -0,0 +1,94 @@
|
||||
---
|
||||
date:
|
||||
created: 2025-09-16T18:00:00Z
|
||||
categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- ptrmdn
|
||||
description: In 2020, London police failed to save two sisters in life, then violated their privacy in death. This is a call to arms for posthumous privacy rights.
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-fight-for-privacy-after-death/cover.webp
|
||||
---
|
||||
# Ghosts in the Machine: The Fight for Privacy After Death
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Photo: Panyawat Auitpol / Unsplash</small>
|
||||
|
||||
In the early hours of 6 June 2020, Nicole Smallman and her sister Bibaa Henry had just finished celebrating Bibaa's birthday with friends in a park in London. Alone and in the dark, they were both [fatally and repeatedly stabbed](https://en.wikipedia.org/wiki/Murders_of_Bibaa_Henry_and_Nicole_Smallman) 36 times.<!-- more -->
|
||||
|
||||
<div class="admonition note inline end" markdown>
|
||||
<p class="admonition-title">Guest Contributor</p>
|
||||
|
||||
Please welcome Peter Marsden as a first-time guest contributor! Privacy Guides does not publish guest posts in exchange for compensation, and this tutorial was independently reviewed by our editorial team prior to publication.
|
||||
|
||||
</div>
|
||||
|
||||
But the police didn’t just fail them in life—they failed them in death too. PC Deniz Jaffer and PC Jamie Lewis, both of the Metropolitan Police, [took selfies](https://www.theguardian.com/uk-news/2021/dec/06/two-met-police-officers-jailed-photos-murdered-sisters-deniz-jaffer-jamie-lewis-nicole-smallman-bibaa-henry) with the dead bodies of the victims, posting them on a WhatsApp group. And no privacy laws prevented them from doing so.
|
||||
|
||||
This horrific case is just one in the murky, often sinister realm of posthumous privacy. In the UK, Europe, and across the world, privacy protections for the dead are at best a rarity—and at worst, a deep moral and societal failing that we cannot and must not accept.
|
||||
|
||||
Let’s take a step back. The case of the Smallmans starkly draws attention to the denial in death of guarantees to the living.
|
||||
|
||||
<div class="admonition quote inline pullquote" markdown>
|
||||
<p class="admonition-title">This abrupt collapse in privacy rights leaves the deceased and their families <small>[...]</small> newly vulnerable, and at a time when they are already utterly broken.</p>
|
||||
</div>
|
||||
|
||||
As a *Privacy Guides* reader, you are no doubt aware that the UK and Europe have firm privacy protections in *The General Data Protection Regulation* (GDPR) and Article 8 of the *European Convention on Human Rights* (ECHR).
|
||||
|
||||
However, the picture elsewhere is less clear, with a challenging patchwork of laws and regional statutes being the only protection for those in the US and much of the rest of the world. And once you die? Almost universally, these protections [immediately cease](https://gdpr-info.eu/recitals/no-27/).
|
||||
|
||||
Here the problem begins. <span class="pullquote-source">This abrupt collapse in privacy rights leaves the deceased and their families—like the Smallman family—newly vulnerable, and at a time when they are already utterly broken.</span>
|
||||
|
||||
In the absence of law comes the pursuit of it, against a backdrop of flagrant privacy violations. What this pursuit means, in practical terms, is that two primary categories of posthumous privacy dominate legal debate: the medical, where the law has intervened tentatively, and the digital, where it simply hasn’t kept up.
|
||||
|
||||
Medical protections are tentative because of piecemeal development. Typically involving legal workarounds, they offer rare precedent for what might happen to your digital ghosts now and in the future, with the only clear trend being a reluctance to protect.
|
||||
|
||||
That said, the US is one country that has taken measures to protect the medical privacy of the dead. The *Health Insurance Portability and Accountability Act* (HIPAA) dictates that 50 years of protection must be given to your personally identifiable medical information after you die.
|
||||
|
||||
Except there’s a catch. State laws also apply, and state laws differ. In Colorado, Louisiana, and many others, its efficacy is severely challenged by laws dictating the mandatory release of information regarded as public—including autopsy reports and even [your genetic information](http://dx.doi.org.ezp.lib.cam.ac.uk/10.1177/1073110516654124).
|
||||
|
||||
In lieu of any protections, surviving relatives in Europe have found some success claiming that their own Article 8 rights—that ECHR right to privacy—have been violated through disclosures or inspections related to their deceased.
|
||||
|
||||
In one case, Leyla Polat, an Austrian national, suffered the awful death of her son just two days after birth following a cerebral hemorrhage. The family refused a postmortem examination, wanting to bury their child in accordance with Muslim beliefs; but doctors insisted it take place, covertly removing his internal organs and filling the hollows with cotton wool.
|
||||
|
||||
When this was discovered during the funeral rites, the boy had to be buried elsewhere, and without ceremony. After several court cases and appeals, The European Court of Human Rights [found](https://hudoc.echr.coe.int/rum#%7B%22itemid%22:%5B%22002-13361%22%5D%7D) that Leyla’s Article 8 and 9 rights had been violated.
|
||||
|
||||
As an aside: Stalin’s grandson [tried the same Article 8 route](https://hudoc.echr.coe.int/eng#%7B%22itemid%22:%5B%22001-150568%22%5D%7D) in relation to reputational attacks on his grandfather, reflecting attempts to apply the workaround more widely.
|
||||
|
||||
It’s not that there hasn’t been some progress. The fundamental problem is that protections—already sparse—are only as good as their material and geographic scopes, their interactions with other laws, and how they are interpreted in a court.
|
||||
|
||||
Nowhere is this more apparent than in the case of the Smallman sisters. Judge Mark Lucraft KC [found](https://www.judiciary.uk/wp-content/uploads/2022/07/R-v-Jaffer-Lewis-sentencing-061221.pdf) that PCs Jaffer and Lewis, in taking selfies with the murdered victims, had:
|
||||
|
||||
> *“…wholly disregarded the privacy of the two victims of horrific violence and their families for what can only have been some cheap thrill, kudos, a kick or some form of bragging right by taking images and then passing them to others.”*
|
||||
|
||||
Yet this acknowledgement of privacy violation is precisely just that. The crime the officers committed was misconduct in public office; they were not convicted on the basis of privacy law. That sense of progress—that we might be beginning to recognize the importance of posthumous privacy—has all but gone out of the window.
|
||||
|
||||
That does not leave your digital privacy in a good place. Whatever little protection you may be able to tease out for our medical privacy far, far exceeds the control you have over your virtual ghosts. And with AI just about everywhere, the prospects for your data after death are terrifying.
|
||||
|
||||
<div class="admonition quote inline end pullquote" markdown>
|
||||
<p class="admonition-title">Account deleted or not, our ghosts will all be stuck in the machine.</p>
|
||||
</div>
|
||||
|
||||
We’ve already established that data protections for the living—such as GDPR—expire at death. The simple reality is that dying places your data at the mercy of large technology corporations, and their dubious afterlife tools.
|
||||
|
||||
Even if you trust such tools to dispose of or act on our data, there is a disconnect between demand and take-up. A [study of UK nationals](https://www.tandfonline.com/doi/full/10.1080/13600869.2025.2506164#abstract) found a majority that wanted their data deleted at death were unaware of the tools, with large tech companies unwilling to share any details on their uptake. Reassuring stuff.
|
||||
|
||||
But the reality is, you shouldn’t. You’ll recall that [deletion doesn’t usually mean deletion](https://www.privacyguides.org/en/basics/account-deletion/), and after death even GDPR can’t force big tech to delete the data of those lucky enough to have benefited from it. <span class="pullquote-source">Account deleted or not, our ghosts will all be stuck in the machine.</span>
|
||||
|
||||
Recent reports have acknowledged dire possibilities. Almost worldwide, you can [legally train AI models on the data of a deceased person](https://www.reuters.com/article/world/data-of-the-dead-virtual-immortality-exposes-holes-in-privacy-laws-idUSKBN21Z0NE/) and recreate them in digital form—all without their prior consent. Organizations exist purely to scour your social media profiles and activity for this exact purpose. Your ghost could be used to generate engagement against your will, disclosing what you tried to hide.
|
||||
|
||||
You may ask: why should the law care? Why indeed, when it deems we [cannot be harmed](https://doi.org/10.1093/acprof:oso/9780199607860.003.0003) after death. To argue thus is to miss the point. **A lack of privacy after death harms the living, often in ways others cannot see.**
|
||||
|
||||
The effect of [postmortem anxiety](https://www.tandfonline.com/doi/full/10.1080/17577632.2024.2438395#d1e120) is a real one that deeply troubles individuals wishing to keep a part of them hidden from public—or even family—view, whether it be it an [illicit affair](https://www.cardozoaelj.com/wp-content/uploads/2011/02/Edwards-Galleyed-FINAL.pdf) or whatever else. Revelation at the point of death can be just as harmful to those still alive.
|
||||
|
||||
There is cause for optimism. Article 85 of the *French Data Protection Act* allows you to include [legally enforceable demands concerning your personal data](https://www.cnil.fr/fr/la-loi-informatique-et-libertes#article85) in your will. This is truly a landmark piece of legislation by the French that indicates what the global direction of travel should be, and what we should ultimately demand: protections for the dead, by the dead.
|
||||
|
||||
But even more urgently, we must demand that governments across the world introduce even the most basic legal framework for postmortem privacy that protects you, your family, and community from egregious harm.
|
||||
|
||||
The Smallmans deserved dignity, and so does everyone else in death. The law must catch up.
|
||||
|
||||
---
|
||||
|
||||
*This article hasn’t even begun to scratch the surface of the complexity of postmortem privacy, and there are innumerable relevant cases and laws that simply wouldn’t fit. If the topic has caught your interest, and you’d like to dig in more, [this white paper](https://doi.org/10.1016/j.clsr.2022.105737) by Uta Kohl is a good starting point.*
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- News
|
||||
authors:
|
||||
- em
|
||||
description: Privacy is intrinsically intertwined with politics. Each change in governance can have serious effects on privacy rights and privacy tools, for better or for worse. Let's examine with concrete examples how politics affect legislations that can have an immense impact on the privacy tools and features we use.
|
||||
description: Privacy is intrinsically intertwined with politics. Each change in governance can have substantial effects on privacy rights and privacy tools. Using concrete examples, we examine how politics can impact the tools we use.
|
||||
schema_type: NewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-future-of-privacy/cover.webp
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Explainers
|
||||
authors:
|
||||
- em
|
||||
description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must start building a culture of data privacy where everyone cares for the data of others.
|
||||
description: In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others? If you care about privacy rights, you must also care for the data of the people around you. Together, we must build a culture where everyone cares for the data of others.
|
||||
schema_type: NewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/the-privacy-of-others/cover.webp
|
||||
|
||||
@@ -19,7 +19,6 @@ schema_type: NewsArticle
|
||||
# Welcome to Privacy Guides
|
||||
|
||||
|
||||
|
||||
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
|
||||
|
||||
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.<!-- more -->
|
||||
|
||||
@@ -5,7 +5,7 @@ categories:
|
||||
- Opinion
|
||||
authors:
|
||||
- em
|
||||
description: If you, like myself, have been inhabiting the internet for a few decades, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when the distinction between online life and offline life was much greater than it is now. In today's world, can we really keep referring to our digital life as being somehow disconnected from our real life?
|
||||
description: If you've been on the internet for a while, you're probably familiar with the old adage IRL (In Real Life). The acronym was used a lot when online and offline life was much more separated than it is now. Today, can we truly keep talking about our digital life as being separated from our real life?
|
||||
schema_type: OpinionNewsArticle
|
||||
preview:
|
||||
cover: blog/assets/images/your-online-life-is-irl/irl-cover.webp
|
||||
|
||||
+23
-13
@@ -19,7 +19,7 @@ schema:
|
||||
|
||||
**Privacy Guides** is a socially motivated website that provides information for protecting your data security and privacy. We are a non-profit project with a mission to inform the public about the value of digital privacy, and about global government initiatives which aim to monitor your online activity. Our website is free of advertisements and not affiliated with any of the listed providers.
|
||||
|
||||
[:material-heart:{.pg-red} Make a Donation](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary }
|
||||
[:material-heart:{.pg-red} Become a Member](https://donate.magicgrants.org/privacyguides){ .md-button .md-button--primary data-portal="signup" }
|
||||
[:octicons-home-16:](https://www.privacyguides.org){ .card-link title=Homepage }
|
||||
[:octicons-code-16:](https://github.com/privacyguides/privacyguides.org){ .card-link title="Source Code" }
|
||||
|
||||
@@ -37,7 +37,7 @@ The best way to get individual help is from our community on Discourse. If you n
|
||||
|
||||
{ align=right }
|
||||
|
||||
Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/ematprivacyguides), and [Jordan](https://discuss.privacyguides.net/u/jordan).
|
||||
Have a tip for us, or need to share some sensitive information? The best way to get in touch with us securely is via `@privacyguides.01` on Signal. This group account is monitored by [Jonah](https://discuss.privacyguides.net/u/jonah), [Niek](https://discuss.privacyguides.net/u/niek-de-wilde), [Em](https://discuss.privacyguides.net/u/em), and [Jordan](https://discuss.privacyguides.net/u/jordan).
|
||||
|
||||
[:simple-signal: Chat on Signal](https://signal.me/#eu/zg9xcrIv5w-EtXt2FmTJgfWv01LmyTed8rpr7RDv35Mizq8ISZ9NJLmYtzsxI0Z4){ .md-button }
|
||||
|
||||
@@ -84,7 +84,7 @@ The project executive committee consists of five volunteers charged with managem
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Founder, Director
|
||||
:material-text-account: Founder, Program Director
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/jonah)
|
||||
|
||||
@@ -128,9 +128,9 @@ Our staff are paid to contribute to supplemental content at Privacy Guides, like
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Journalist
|
||||
:material-text-account: Activism and Outreach
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/ematprivacyguides)
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/em)
|
||||
|
||||
[:material-github:](https://github.com/EmAtPrivacyGuides "GitHub")
|
||||
[:material-mastodon:](https://infosec.exchange/@Em0nM4stodon "@Em0nM4stodon@infosec.exchange"){rel=me}
|
||||
@@ -140,7 +140,7 @@ Our staff are paid to contribute to supplemental content at Privacy Guides, like
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Content Producer
|
||||
:material-text-account: Digital Content Producer
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/Jordan)
|
||||
|
||||
@@ -148,17 +148,17 @@ Our staff are paid to contribute to supplemental content at Privacy Guides, like
|
||||
[:material-mastodon:](https://social.lol/@jw "@jw@social.lol"){rel=me}
|
||||
[:material-email:](mailto:jordan@privacyguides.org "Email")
|
||||
|
||||
- :japanese_goblin:{ .lg .middle } **Kevin Pham**
|
||||
- :video_camera:{ .lg .middle } **Nate Bartram**
|
||||
|
||||
---
|
||||
|
||||
:material-text-account: Community & News Intern
|
||||
:material-text-account: Digital Content Producer
|
||||
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/kevpham)
|
||||
[:material-account: Profile](https://discuss.privacyguides.net/u/nateb)
|
||||
|
||||
[:material-github:](https://github.com/kevpham123 "GitHub")
|
||||
[:material-mastodon:](https://mastodon.social/@kevpham "@kevpham@mastodon.social"){rel=me}
|
||||
[:material-email:](mailto:kevin@privacyguides.org "Email")
|
||||
[:material-github:](https://github.com/tnonate "GitHub")
|
||||
[:material-mastodon:](https://mastodon.thenewoil.org/@nateb "@nateb@mastodon.thenewoil.org"){rel=me}
|
||||
[:material-email:](mailto:nate@privacyguides.org "Email")
|
||||
|
||||
</div>
|
||||
|
||||
@@ -182,6 +182,10 @@ However, Privacy Guides *does* have social media accounts on a wide variety of p
|
||||
- [:simple-reddit: Reddit](https://reddit.com/r/PrivacyGuides)
|
||||
- [:simple-x: X (Twitter)](https://x.com/privacy_guides)
|
||||
- [:simple-youtube: YouTube](https://youtube.com/@privacyguides)
|
||||
- [:simple-tiktok: TikTok](https://www.tiktok.com/@privacyguides)
|
||||
- [:simple-facebook: Facebook](https://www.facebook.com/PrivacyGuides.org)
|
||||
- [:simple-instagram: Instagram](https://www.instagram.com/privacy.guides/)
|
||||
- [:simple-threads: Threads](https://www.threads.net/@privacy.guides)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -207,7 +211,13 @@ In 2022, we completed the transition of our main website framework from Jekyll t
|
||||
|
||||
We additionally launched our new discussion forum at [discuss.privacyguides.net](https://discuss.privacyguides.net) as a community platform to share ideas and ask questions about our mission. This augments our existing community on Matrix, and replaced our previous GitHub Discussions platform, decreasing our reliance on proprietary discussion platforms.
|
||||
|
||||
In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr), [Hebrew](https://www.privacyguides.org/he), [Dutch](https://www.privacyguides.org/nl), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides). We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
|
||||
In 2023, we launched international translations of our website in [French](https://www.privacyguides.org/fr), [Hebrew](https://www.privacyguides.org/he), [Dutch](https://www.privacyguides.org/nl), and more languages, made possible by our excellent translation team on [Crowdin](https://crowdin.com/project/privacyguides).
|
||||
|
||||
In 2024, we successfully fundraised to hire several full-time staff members, Em, Jordan, and Kevin; to help with content creation, community management, and video production. This has allowed us to expand our reach and provide more frequent updates to our audience.
|
||||
|
||||
In 2025, we launched our [newsroom](https://www.privacyguides.org/news), providing timely articles on the latest developments in privacy and security. We also hired Nate as a Digital Content Producer to bring more consistency to our educational video content.
|
||||
|
||||
We plan to continue carrying forward our mission of outreach and education, and finding ways to more clearly highlight the dangers of a lack of privacy awareness in the modern digital age, and the prevalence and harms of security breaches across the technology industry.
|
||||
|
||||
## :material-license: Site License
|
||||
|
||||
|
||||
@@ -5,8 +5,11 @@ description: The charitable mission of Privacy Guides relies on contributions fr
|
||||
<!-- markdownlint-disable MD036 -->
|
||||
Support our mission to defend digital rights and spread the word about mass surveillance programs and other daily privacy invasions. You can help Privacy Guides researchers, activists, and maintainers create informative content, host private digital services, and protect privacy rights at a time when the world needs it most.
|
||||
|
||||
[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" }
|
||||
[:material-hand-coin: Make a Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button md-button--primary" }
|
||||
<!-- markdownlint-disable-next-line -->
|
||||
[:material-heart:{ .pg-red } Become a Member](https://donate.magicgrants.org/privacyguides/membership){ class="md-button md-button--primary" data-portal="signup" }
|
||||
|
||||
[Become a Member (Cryptocurrency)](https://donate.magicgrants.org/privacyguides/membership){ class="md-button" }
|
||||
[One-Time Donation](https://donate.magicgrants.org/privacyguides/donate/privacyguides){ class="md-button" }
|
||||
|
||||
<small markdown>
|
||||
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
---
|
||||
title: "Privacy Activism"
|
||||
meta_title: "Guides and Tools for Privacy Activists"
|
||||
description: Privacy Guides' Activism section contains tools to support the community in its privacy advocacy and activism effort, both for individuals and organizations.
|
||||
hide:
|
||||
- toc
|
||||
- footer
|
||||
cover: activism/banner-activism.webp
|
||||
---
|
||||
The **Guides and Tools for Privacy Activists** project from [*Privacy Guides*](../about.md) offers a new way to empower the digital rights community.
|
||||
|
||||
This section contains information to help you become a better defender of privacy rights, both for individuals and organizations.
|
||||
|
||||
## We must fight for privacy rights collectively
|
||||
|
||||
Fighting to improve our privacy cannot *only* be a matter of individual protections.
|
||||
|
||||
When [regulations keep attacking](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/) the tools and services we rely on to protect our personal information, when corporations [exploit our data](../basics/common-threats.md/#surveillance-as-a-business-model) more aggressively every day, and when platforms exponentially [erode online pseudonymity](https://www.privacyguides.org/articles/2025/10/15/real-name-policies/), we must broaden our reach to fight for our rights.
|
||||
|
||||
==For privacy to become a valued and respected human right, we must work together== to defend privacy rights as a community.
|
||||
|
||||
This section will progressively grow with more tools to support the community in its privacy advocacy and activism effort. The Privacy Activist Toolbox is the first part of this new development.
|
||||
|
||||
<div class="toolbox-button-grid" markdown>
|
||||
|
||||
[:fontawesome-solid-toolbox:{ .toolbox-button-icon } Privacy Activist Toolbox](toolbox/index.md){ .toolbox-button .toolbox-bg }
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,4 @@
|
||||
hide:
|
||||
- toc
|
||||
social:
|
||||
cards_layout: toolbox
|
||||
@@ -0,0 +1,459 @@
|
||||
---
|
||||
title: "Privacy Activist Toolbox"
|
||||
description: The Privacy Activist Toolbox is a unique resource with tips for anyone interested in becoming a better privacy rights activist, or anyone who wants to start.
|
||||
hide:
|
||||
- feedback
|
||||
cover: activism/banner-activism-toolbox.webp
|
||||
---
|
||||
The **Privacy Activist Toolbox** is a resource for anyone interested in becoming a better privacy rights activist, or anyone who wants to start advocating for privacy rights.
|
||||
|
||||
This page is also a resource to help digital rights organizations that would like to expand their work focusing on privacy.
|
||||
|
||||
:material-cursor-default-click: By clicking on any of the tips listed on this page, you can access more information on each topic, as well as additional resources to support your advocacy.
|
||||
|
||||
---
|
||||
|
||||
## Toolbox Compartments
|
||||
|
||||
<div class="toolbox-button-grid" markdown>
|
||||
|
||||
[:fontawesome-solid-scale-balanced:{ .toolbox-button-icon } Check<br>Your Laws](#check-your-laws){ .toolbox-button .toolbox-bg-legal }
|
||||
|
||||
[:fontawesome-solid-toolbox:{ .toolbox-button-icon } Choose<br>Your Tools](#choose-your-tools){ .toolbox-button .toolbox-bg-tools }
|
||||
|
||||
[:fontawesome-solid-users-rays:{ .toolbox-button-icon } Expand Your<br>Perspective](#expand-your-perspective){ .toolbox-button .toolbox-bg-perspective }
|
||||
|
||||
[:fontawesome-solid-hands-holding-circle:{ .toolbox-button-icon } Support The<br>Community](#support-the-community){ .toolbox-button .toolbox-bg-community }
|
||||
|
||||
[:fontawesome-solid-handshake-angle:{ .toolbox-button-icon } Build<br>Alliances](#build-alliances){ .toolbox-button .toolbox-bg-alliances }
|
||||
|
||||
[:fontawesome-solid-heart-circle-check:{ .toolbox-button-icon } Make It<br>Accessible](#make-it-accessible){ .toolbox-button .toolbox-bg-accessibility }
|
||||
|
||||
[:fontawesome-solid-star:{ .toolbox-button-icon } Uphold<br>Integrity](#uphold-integrity){ .toolbox-button .toolbox-bg-integrity }
|
||||
|
||||
[:fontawesome-solid-heart:{ .toolbox-button-icon } Stay<br>Persistent](#stay-persistent){ .toolbox-button .toolbox-bg-persistence }
|
||||
|
||||
[:fontawesome-solid-hand-fist:{ .toolbox-button-icon } Take<br>Action!](#take-action){ .toolbox-button .toolbox-bg-action }
|
||||
|
||||
</div>
|
||||
|
||||
---
|
||||
|
||||
## Check Your Laws
|
||||
|
||||
<a href="tip-know-your-privacy-laws/">
|
||||
<div class="toolbox-tip-card toolbox-border-legal" markdown>
|
||||
|
||||
### 1. Know your privacy laws
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Being well-informed about the data protection regulations in your own jurisdiction can be a significant asset for your personal and collective battles to improve privacy, for yourself and for others. Learn more about what to look for when researching your local privacy laws.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-report-privacy-violations">
|
||||
<div class="toolbox-tip-card toolbox-border-legal" markdown>
|
||||
|
||||
### 2. Report privacy violations
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Once you become informed on your local privacy laws, get familiar with the process to report violations. Submitting an official complaint is often simple, and can have a significant impact for yourself and your community. Learn more about why and how you should report violations of your local privacy laws.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Choose Your Tools
|
||||
|
||||
<a href="tip-beware-of-privacy-snake-oil">
|
||||
<div class="toolbox-tip-card toolbox-border-tools" markdown>
|
||||
|
||||
### 1. Beware of privacy snake oil
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
In your privacy advocacy, it's essential to use and recommend tools that reliably protect privacy. For this, you need to investigate and remain highly skeptical of any dangerous or unproven marketing claims. Learn more about how to evaluate privacy claims and recommend tools that are trustworthy.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-migrate-outside-the-surveillance-ecosystem">
|
||||
<div class="toolbox-tip-card toolbox-border-tools" markdown>
|
||||
|
||||
### 2. Migrate outside the surveillance ecosystem
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
As privacy activists, it's important to not only support the tools and organizations with good privacy practices, but to also lead by example when it comes to moving away from the surveillance ecosystem. Learn more about why and how to move away from "Big Tech" and embrace alternatives.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-improve-your-social-media-and-build-resilient-communities">
|
||||
<div class="toolbox-tip-card toolbox-border-tools" markdown>
|
||||
|
||||
### 3. Improve your social media and build resilient communities
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Commercial social media platforms represent one of the biggest sources of data exploitation. By staying active on these platforms we continue to feed the beast, and indirectly support their invasion of our privacy rights. Learn more about how to minimize your presence there, and slowly build better social networks.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Expand Your Perspective
|
||||
|
||||
<a href="tip-dont-stop-at-individual-solutions">
|
||||
<div class="toolbox-tip-card toolbox-border-perspective" markdown>
|
||||
|
||||
### 1. Don't stop at individual solutions, consider the collective impact
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
When we think about our privacy, we often focus on the technical tools we can use. While this is indeed an important component, it's crucial not to lose sight of how regulations and invasive practices impact us collectively. Learn more about how to expand your perspective on data privacy.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-keep-in-mind-the-whole-landscape">
|
||||
<div class="toolbox-tip-card toolbox-border-perspective" markdown>
|
||||
|
||||
### 2. Keep in mind the whole landscape
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Privacy isn't just about the tools, the laws, or the practices of any individual or organization. To move our society in a place where everyone benefits from privacy by default, we must consider technologies, laws, and culture holistically. Learn more about remembering to consider the whole landscape.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-consider-everyones-unique-situation">
|
||||
<div class="toolbox-tip-card toolbox-border-perspective" markdown>
|
||||
|
||||
### 3. Consider everyone's unique situation
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Everyone has different needs and faces different dangers when their personal data is exposed. To give actionable privacy advice and recommendations, it's essential to keep in mind everyone's unique situation. Learn more about better evaluating each person's threat model.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Support The Community
|
||||
|
||||
<a href="tip-lift-your-allies-up">
|
||||
<div class="toolbox-tip-card toolbox-border-community" markdown>
|
||||
|
||||
### 1. Lift your allies up
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
At times, it might feel like the privacy community is niche and isolated. The battle for privacy rights is difficult, and its defenders are often scattered. This is why it's essential that we support and uplift each other at every opportunity. Learn more about how to lift your allies up and grow the movement.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-support-your-privacy-comrades">
|
||||
<div class="toolbox-tip-card toolbox-border-community" markdown>
|
||||
|
||||
### 2. Support your privacy comrades
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Fighting for privacy rights is a collective endeavor. You cannot do it alone. Anyone around you contributing is fighting the same battle by your side. This battle can be difficult and isolating at time. This is why it's critical to care for each other. Learn more about how you can support your privacy comrades.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div></a>
|
||||
|
||||
<a href="tip-be-kind-to-people-but-be-relentless-with-institutions">
|
||||
<div class="toolbox-tip-card toolbox-border-community" markdown>
|
||||
|
||||
### 3. Be kind to people, but be relentless with institutions
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Kindness is essential for privacy advocates. To grow our movement, we must meet people from a place of camaraderie. People don't change their mind by being berated. However, this isn't true for institutions. Learn more about how to integrate kindness in your work, while being relentless with institutions.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Build Alliances
|
||||
|
||||
<a href="tip-start-alliances-not-wars">
|
||||
<div class="toolbox-tip-card toolbox-border-alliances" markdown>
|
||||
|
||||
### 1. Start alliances, not wars
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
The privacy community consists of a patchwork of individuals and organizations that sometimes hold quite different views. When these divergences lead to infighting, we need to ask how these internal wars are impacting our community negatively. Learn more about how to start alliances instead of wars.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-value-allies-with-complementary-expertise">
|
||||
<div class="toolbox-tip-card toolbox-border-alliances" markdown>
|
||||
|
||||
### 2. Value allies with expertise complementary to yours
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
In privacy, like everywhere else, diversity is a strength. If you want your community to have a broad understanding of threat models, and be able to fight on multiple levels, you need to value a diversity of expertises. Learn more about recognizing, respecting, and retaining experts with skills different to yours.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-give-credit-where-credit-is-due">
|
||||
<div class="toolbox-tip-card toolbox-border-alliances" markdown>
|
||||
|
||||
### 3. Give credit where credit is due
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
To succeed, we must support each other. A good way to do this is to never forget to give credit where credit is due. When another advocate or organization says something you agree with, boost them up, spread their reach, and thank them publicly. Learn more about making your allies feel seen and valued.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Make It Accessible
|
||||
|
||||
<a href="tip-welcome-beginners">
|
||||
<div class="toolbox-tip-card toolbox-border-accessibility" markdown>
|
||||
|
||||
### 1. Welcome beginners
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
For our privacy rights movement to grow, we must bring more people in. To accomplish this, it's fundamental to discuss privacy in ways that are accessible to newcomers who aren't familiar with basic concepts yet. Learn more about improving your advocacy work to make it more approachable to beginners.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-keep-your-posts-and-community-inclusive">
|
||||
<div class="toolbox-tip-card toolbox-border-accessibility" markdown>
|
||||
|
||||
### 2. Keep your posts and community inclusive
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Inclusivity is not only the right thing to do, it's also essential to grow our movement. If we want privacy rights to succeed, it's imperative that we build communities where *everyone* feels safe and welcomed, regardless of who they are. Learn more about keeping your communications and communities inclusive.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-be-mindful-of-accessibility">
|
||||
<div class="toolbox-tip-card toolbox-border-accessibility" markdown>
|
||||
|
||||
### 3. Be mindful of accessibility
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Accessibility is indispensable to inclusivity, and should always be a priority in our work. To make our privacy communities welcoming to all, accessibility cannot be an afterthought. We must integrate it in our practice from the start. Learn more about improving the accessibility of your privacy work.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-make-it-cute">
|
||||
<div class="toolbox-tip-card toolbox-border-accessibility" markdown>
|
||||
|
||||
### 4. Make it cute
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
If you are developing a privacy-focused application or website, do not neglect the design aspect of it. This is a common mistake that can have a significant negative impact on adoption by a general audience. Learn more about making your design appealing and accessible to all. Make it cute!
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Uphold Integrity
|
||||
|
||||
<a href="tip-refuse-to-participate">
|
||||
<div class="toolbox-tip-card toolbox-border-integrity" markdown>
|
||||
|
||||
### 1. Refuse to participate
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
As privacy advocates and activists, it's important to be a voice for resistance and take a stand against abusive practices. One substantial way to do this is to refuse to participate in privacy-intrusive requests, or use invasive software. Learn more about refusing to comply with privacy-abusive practices.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-stay-true-to-your-principles">
|
||||
<div class="toolbox-tip-card toolbox-border-integrity" markdown>
|
||||
|
||||
### 2. Stay true to your principles
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
If you manage a digital rights group or organization, make sure you aren't subjecting your contributors to the very privacy-invasive tech you're fighting against. Sadly, it's not rare to see communities that aren't following their own advice for internal practices. Learn more about the importance of maintaining integrity *internally* as well as externally.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-protect-your-allies">
|
||||
<div class="toolbox-tip-card toolbox-border-integrity" markdown>
|
||||
|
||||
### 3. Protect your allies
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Through your privacy work, be careful to never collect or share the data of others without their explicit consent. It's crucial to protect your allies' data in all that you do, whether that's individual action or organizational leadership. Learn more about safeguarding the data of your privacy comrades.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Stay Persistent
|
||||
|
||||
<a href="tip-small-actions-matter">
|
||||
<div class="toolbox-tip-card toolbox-border-persistence" markdown>
|
||||
|
||||
### 1. Small actions matter
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
There is so much to do in the movement for better privacy rights. So much, that it's sometimes easy to feel discouraged when facing the scale of what's left to accomplish. But everything helps, and even the smallest action counts. Learn more about why every action and every victory matters, no matter how small.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-take-time-to-rest">
|
||||
<div class="toolbox-tip-card toolbox-border-persistence" markdown>
|
||||
|
||||
### 2. Take time to rest, but come back to fight with us
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
The battle for privacy rights will be a long one. This isn't a sprint, it's a marathon. If you want to be a good advocate, you *must* take the time to rest when needed. Burning out isn't an option, we cannot afford to lose your precious contribution! Learn more about why it's fundamental to learn to rest when you need it.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
|
||||
## Take Action!
|
||||
|
||||
<a href="tip-engage-boosts-and-contribute">
|
||||
<div class="toolbox-tip-card toolbox-border-action" markdown>
|
||||
|
||||
### 1. Engage, boost, and contribute
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
Once you have the knowledge, motivation, and energy, it's time to act! Perhaps you've read all of these tips, or read through our Knowledge Base already! But you don't need to know that much about privacy to start contributing. Learn more about how to start being a privacy activist.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<a href="tip-level-up-assemble-and-organize">
|
||||
<div class="toolbox-tip-card toolbox-border-action" markdown>
|
||||
|
||||
### 2. Level up! Assemble and organize
|
||||
|
||||
{class="toolbox-tip-icon"}
|
||||
|
||||
If you've been a privacy advocate for a while, maybe it's time to level up and grow as a leader in your community. Becoming a leader can mean starting a local group, or initiating bigger projects online. Learn more about how to become a *good* leader in the privacy rights movement.
|
||||
|
||||
Learn More :material-arrow-right-drop-circle:
|
||||
{align=right}
|
||||
|
||||
</div>
|
||||
</a>
|
||||
|
||||
<button class="toolbox-button-top">[Back to top :material-toolbox:](#toolbox-compartments)</button>
|
||||
<br>
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: Be Kind to People, But Be Relentless With Institutions
|
||||
description: Kindness and patience are essential qualities for privacy advocates. To grow our movement, we must meet people from a place of camaraderie.
|
||||
icon: fontawesome/solid/hands-holding-circle
|
||||
cover: activism/banner-toolbox-tip-kind.webp
|
||||
---
|
||||
Kindness and patience are essential qualities for privacy advocates. To grow our movement, we must meet people from a place of camaraderie. People don't change their mind by being berated. However, this isn't true for institutions.
|
||||
|
||||
Here's how you can **integrate kindness in your work**, while being relentless with institutions:
|
||||
|
||||
## Use kindness and patience while working with individuals
|
||||
|
||||
Whenever you talk with individuals in your privacy work, make sure to **stay kind and calm** when communicating with them.
|
||||
|
||||
Perhaps you are posting on social media, replying to posts or emails, answering questions after a talk, or writing advices on the best privacy tools to use. No matter the context, when communicating with individuals, ==kindness is your greatest asset== to persuade and bring more people to the movement.
|
||||
|
||||
Sadly, it's not rare to see replies to beginners' posts by more advanced peers online that are humiliating and berating their uninformed or misinformed questions. People don't learn and don't change their mind by being yelled at. Aggression isn't an effective way to communicate.
|
||||
|
||||
Furthermore, aggression is a horrible strategy to bring more people to your cause, which should be your ultimate goal as a privacy rights advocate and activist.
|
||||
|
||||
Instead, be gentle and [develop your empathy skills](https://www.verywellmind.com/what-is-empathy-2795562). Write from a place of compassion, to gradually attract more and more [new people](tip-welcome-beginners.md) to the cause.
|
||||
|
||||
Stay patient and compassionate, even when people ask questions that might sound obvious to you. Be patient when people don't understand the first time you explain something. Happily clarify with simpler terms when needed, without being condescending.
|
||||
|
||||
Accept that some people might not be able to adopt all of your suggestions at once. It's okay, let them grow at their own pace.
|
||||
|
||||
Give time for ideas to brew and change minds. Plant seeds for change, and gently wait for growth.
|
||||
|
||||
## Be relentless with corporations, governments, and public institutions
|
||||
|
||||
While patience and kindness are crucial to bring your message the right way to individuals, institutions do not function the same way.
|
||||
|
||||
Whether you are trying to report a privacy-abusive corporate practice, push back against an invasive regulation proposal, or raise awareness about a public institution's privacy malpractices, you must be firm, loud, and determined.
|
||||
|
||||
Respect and politeness are vital here as well. Violence or threat to representatives of these institutions would only be detrimental to your goals. However, patience shouldn't be extended to privacy-abusive organizations that aren't demonstrating any realistic intentions to improve.
|
||||
|
||||
==To bring significant changes to institutions and corporations, your message must be loud and clear.==
|
||||
|
||||
You should try to bring as many people and allied organizations to your cause, and be as loud as possible in the media. Your campaign must be powerful enough to grab media's attention, and to send a firm message that the people want change and will not back down.
|
||||
|
||||
Each time your message is ignored, and the abuse continues, **shout louder** (metaphorically). Bring even *more* people to the cause, until the popular discontent is so strong that they have no choice but to stop the abuse.
|
||||
|
||||
## More resources
|
||||
|
||||
- [Rich resource for campaign strategy and community organizing (The Commons Social Change Library)](https://commonslibrary.org/)
|
||||
|
||||
- [Campaign canvas template (Mobilisation Lab)](https://mobilisationlab.org/resources/campaign-canvas/)
|
||||
|
||||
- [Campaigning guides for activists (Activist Handbook)](https://activisthandbook.org/)
|
||||
|
||||
- [How to do public speaking for activism (Activist Handbook)](https://activisthandbook.org/communication/public-speaking)
|
||||
@@ -0,0 +1,165 @@
|
||||
---
|
||||
title: Be Mindful of Accessibility
|
||||
description: Accessibility should always be a priority in our work. To make our privacy communities welcoming to all, we must integrate it in our practice from the start.
|
||||
icon: fontawesome/solid/heart-circle-check
|
||||
cover: activism/banner-toolbox-tip-accessibility.webp
|
||||
---
|
||||
**Accessibility** is indispensable to [inclusivity](tip-keep-your-posts-and-community-inclusive.md), and should always be a priority in our work. To make our privacy communities welcoming to all, accessibility cannot be an afterthought. We must integrate it in our practice from the start. This means making sure the languages, visuals, tools, and venues we use are accessible to as many people as possible.
|
||||
|
||||
Here's what you can do to improve accessibility for your privacy-related content and communities:
|
||||
|
||||
## Accessibility for all, in all the ways
|
||||
|
||||
For many people who don't need any specific accommodations, accessibility is often only thought about in terms of solutions to *mobility* impairments, such as for people requiring the use of a wheelchair.
|
||||
|
||||
While this is indeed and important factor to consider, there are many other types of disabilities and accommodations we should be mindful of in our privacy work.
|
||||
|
||||
Considering how each part of our work could be accessed more easily by everyone is essential to grow our movement, and to diversify our privacy communities.
|
||||
|
||||
Ethically, it's also just the right thing to do, and should be the norm everywhere.
|
||||
|
||||
### Visual, auditory, and other sensorial accessibility
|
||||
|
||||
Anytime you are using images, audio, or any other sensorial elements in your advocacy work, you should always make sure to follow best practices to ensure your content will be accessible to people with visual, auditory, or other sensorial impairments.
|
||||
|
||||
- [x] If you use images in your websites or social media posts, make sure to always add proper [alt text](https://abilitynet.org.uk/resources/digital-accessibility/five-golden-rules-compliant-alt-text) to describe the information the image represents. Keep in mind visitors that might be using a [screen reader](https://en.wikipedia.org/wiki/Screen_reader).
|
||||
|
||||
- [x] When designing websites, posters, flyers, or zines, keep in mind [visual accessibility](https://webdesign.tutsplus.com/accessibility-basics-designing-for-visual-impairment--cms-27634a) for people with blindness, low vision, color blindness, and other visual impairments.
|
||||
|
||||
- [x] Be careful to refrain from using designs and videos with [flashing lights](https://developer.mozilla.org/en-US/docs/Web/Accessibility/Guides/Seizure_disorders), or display proper warning if you do. Flashing or flickering light effects, and even certain high-contrast static images, can trigger seizures in people with photosensitive epilepsy.
|
||||
|
||||
- [x] If you use [audio material](https://www.w3.org/WAI/people-use-web/abilities-barriers/auditory/) in your advocacy, try to include captions or transcripts in your content for people with auditory impairments. If you organize a larger event with speakers, try to see if you could hire a sign language interpreter.
|
||||
|
||||
- [x] Whenever you develop content or organize events, always be mindful of people with sensory impairments or [sensory sensitivities](https://accessforallllc.com/sensory-and-cognitive-accessibility/).
|
||||
|
||||
### Website accessibility
|
||||
|
||||
If you develop a website in your privacy work, make sure to follow the international standards for web accessibility.
|
||||
|
||||
This is very important to ensure readers using assistive devices will be able to access your content, and that people with visual impairments will not struggle to access your content.
|
||||
|
||||
- [x] Get familiar with the World Wide Web Consortium (W3C) [international Web standards](https://www.w3.org/WAI/standards-guidelines/). These standards have been reviewed for accessibility support by the Accessible Platform Architectures ([APA](https://www.w3.org/WAI/about/groups/apawg/)) Working Group.
|
||||
|
||||
- [x] Use a [web accessibility evaluation tool](https://www.w3.org/WAI/test-evaluate/tools/list/) to verify that your web content meets accessibility guidelines, or otherwise make sure to follow the [Web Content Accessibility Guidelines](https://www.pivotalaccessibility.com/2024/11/how-to-perform-a-web-accessibility-audit-step-by-step-guide/) (WCAG).
|
||||
|
||||
- [x] If your organization can afford it, hire a [web accessibility consultant](https://accessibilityinnovations.com/blogs/web-accessibility-consultant/).
|
||||
|
||||
### Global accessibility
|
||||
|
||||
Whether you write a post, an article, or a whole website in English, keep in mind that your audience is likely global.
|
||||
|
||||
People from all around the world will be able to read or watch your English content, many who don't speak English as their first language. Don't assume that your audience is only coming from your own country or region. This is a good thing, by the way! ==The battle for privacy rights must be global now.==
|
||||
|
||||
- [x] Be careful not to use too many references that are unique to your own country or region. If you do, make sure to explain what it is for people from other regions.
|
||||
|
||||
- [x] When talking about issues related to politics, make sure to specify what governmental entities are, and explain any special rights your country has (don't just name them). That way, outsiders will be able to understand and support your cause as well, even if perhaps they aren't directly impacted by this issue at the moment.
|
||||
|
||||
- [x] Don't assume everyone knows all the popular internet acronyms such as DIY (Do It Yourself) or IIRC (If I Recall Correctly). These acronyms are very challenging for non-native English speakers. When using acronyms in your content, always explain the full expression in parentheses at least once, or better yet, simply use whole words instead.
|
||||
|
||||
- [x] When inviting people to an event, consider that people from other time zones might be reading your invitation. If your event is online, always specify the [time zone](https://www.timeanddate.com/time/map/) for the announced time. If your event is in person, always specify the whole location with the country and region ([do *not* just name the city](https://www.roughmaps.com/destinations/20-places-around-the-world-that-share-the-same-name/22)).
|
||||
|
||||
### Physical accessibility
|
||||
|
||||
When organizing events and meetups in person, it's essential to keep in mind physical accessibility for people with mobility challenges of all kind. This includes accessibility around the venue, but also on the journey to the venue.
|
||||
|
||||
- [x] Ensure the venue you select is [accessible for people using wheelchairs](https://sites.augsburg.edu/events/policies/accessible-events/accessible-event-planning-guide/). Check that there is access to an elevator if it's on an upper floor, that there are access ramps and automatic doors if required, and that doorways and hallways are wide enough to accommodate a wheelchair.
|
||||
|
||||
- [x] Make certain that there will be enough comfortable seating for your guests, and that seating and eating areas will be accessible to guests using wheelchairs or other mobility aids.
|
||||
|
||||
- [x] Check that there are wheelchair-accessible bathrooms nearby.
|
||||
|
||||
- [x] Evaluate the accessibility of the transit options available to reach the venue you select, including specialized transits for people who are using wheelchairs, or other types of mobility aids. Publish a map of the transit accesses around your venue.
|
||||
|
||||
- [x] Research if your venue has access to parking and accessible parking spots. Publish this information with your invitation.
|
||||
|
||||
- [x] Verify the venue you select is accessible to people with visual or auditory impairments. For example, check if elevators are marked with Braille or raised letters, and make sure that hosts are informed on how to communicate with guests who are deaf or hard of hearing.
|
||||
|
||||
### Health accessibility
|
||||
|
||||
In-person accessibility isn't just about mobility. Accessibility is also important to consider for a variety of health conditions, including people who are vulnerable to infectious diseases, or require other accommodations related to their health.
|
||||
|
||||
- [x] Designate a trained person responsible for accessibility, and share their contact information in advance. That way, people will be able to contact this person if they have any questions before or during the event.
|
||||
|
||||
- [x] Encourage your participants to wear a mask, and try to select a venue with adequate ventilation to minimize the risks for people who are [vulnerable to respiratory infections](https://health.clevelandclinic.org/superspreader-events). If food is served, try to select a venue with an area allowing to consume food outside.
|
||||
|
||||
- [x] Make sure to bring a few boxes of [protective face masks](https://health.clevelandclinic.org/do-masks-work) to your event that guests can use for free. That way, people who might be at risk in dense crowd can decide to wear a mask once they arrived, or if they forgot to bring their own.
|
||||
|
||||
- [x] Try to prepare an area in your venue, or near your venue, where people can rest comfortably in a [quiet space](https://eventwell.org/ensuring-inclusive-events-the-importance-of-supervising-quiet-spaces-for-neurodivergent-attendees-and-vulnerable-adults/), if they feel tired or overstimulated during the event.
|
||||
|
||||
- [x] Promote a [scent-free](https://www.chrc-ccdp.gc.ca/resources/publications/environmental-sensitivities-and-scent-free-policies) environment to make your event welcoming to people who have scent allergies, environmental sensibilities, or other health conditions that can be affected by scents.
|
||||
|
||||
- [x] Provide training for hosts and event volunteers to make sure they are aware of available accommodations, and can give helpful information upon request.
|
||||
|
||||
### Dietary accessibility
|
||||
|
||||
If your event provides meals, snacks, or drinks, make sure to prepare well in-advance to consider the potential dietary restrictions of your guests.
|
||||
|
||||
- [x] List clearly what types of food and drinks with be served (or available) at the event.
|
||||
|
||||
- [x] Provide contact information for people to reach out in advance if they have special dietary requirements or requests that have not already been addressed.
|
||||
|
||||
- [x] Try to provide food and beverages that will cover a variety of dietary needs, such as vegan, nut-free, gluten-free, lactose-free, alcohol-free, or low-sugar options.
|
||||
|
||||
- [x] If you host a large event, consider keeping a few [epinephrine autoinjectors](https://greatergood.com/blogs/news/epinephrine-public-areas) available on site in your emergency kit, in case anyone experiences a dangerous allergic reaction.
|
||||
|
||||
- [x] Make sure guests will have access to free and clean water, especially if your event is scheduled during a heat wave.
|
||||
|
||||
- [x] Ensure there is a quiet and private room available for anyone who might be breastfeeding.
|
||||
|
||||
- [x] Provide all this information in advance with your invitation, so that guests can evaluate properly if the event is accessible to them.
|
||||
|
||||
### Safety accessibility
|
||||
|
||||
Safety is also an important aspect of accessibility. Everyone has a unique threat model, and, for a variety of reasons, some people might be at an elevated risk to their physical safety when going to and participating in an event in person.
|
||||
|
||||
- [x] Implement a [Code of Conduct](https://oshwa.org/resources/how-to-write-a-code-of-conduct/) for your event or community. Ensure there are clear channels to report bad behaviors, and that your Code of Conduct is enforced properly.
|
||||
|
||||
- [x] Verify that access to the bathrooms is safe and well lit at your venue.
|
||||
|
||||
- [x] Make sure the venue you select is safe to access by transits or cars, and that the nearest parking lot or bus stop is well lit if the event ends late at night.
|
||||
|
||||
- [x] If your venue is located in an area that might be more dangerous at night, consider setting up an [accompaniment service](https://www.concordia.ca/campus-life/security/services/safe-walk.html) with a set of volunteers offering to walk guests safely back to their bus stop, for example. Make this information known in advance.
|
||||
|
||||
- [x] Implement a clear [Photo Policy](https://events.ccc.de/congress/2025/infos/privacy.html#photo-policy) for your event, and forbid all nonconsensual photos. You can also provide "No Photos" or "Photos OK" stickers, buttons, or lanyards for guests upon arrival. That way, guests can explicitly opt out of being photographed at your event if they prefer not to. If your event hired an official photographer, make sure they are careful to never take photos that include people wearing these badges. Ideally, limit event photos to a minimum, and only take photos of people after asking for their explicit consent first.
|
||||
|
||||
### Financial accessibility
|
||||
|
||||
Another aspect of accessibility that is often overlooked is financial accessibility. Sadly, many people are unable to access certain events due to financial limitations, even if it would be very helpful to them to network and meet privacy advocacy peers. When you organize an event, be mindful of providing options to increase financial accessibility.
|
||||
|
||||
- [x] Try to keep your events free or partly free whenever possible, while remaining vigilant about accepting money from [financial sponsors](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#donations-event-sponsorships-and-other-revenues) that could be in contradiction with your privacy values.
|
||||
|
||||
- [x] Reserve a quantity of free tickets for people with more severe limitations.
|
||||
|
||||
- [x] Offer discounts for students or unemployed peers.
|
||||
|
||||
- [x] Create opportunities for part-time volunteering, where people can offer to help a little, then participate in the rest of the event for free.
|
||||
|
||||
- [x] Provide contact information for people who would like to request free or cheaper access, or discuss their unique situation with you.
|
||||
|
||||
### Beginners accessibility
|
||||
|
||||
[Welcoming beginners](tip-welcome-beginners.md) is crucial in all the work we do. To keep your content and events accessible to beginners, it's important to be mindful of the language you use, the ways you present content, and the places where you promote your events.
|
||||
|
||||
- [x] Always explain acronyms with whole words before only using the letters only.
|
||||
|
||||
- [x] Be careful when using jargon, try to be explicit and use simple words and analogies.
|
||||
|
||||
- [x] Beware of gatekeeping. Try to stay aware of newcomers that might be quiet or isolated from the group. [Be inclusive](tip-keep-your-posts-and-community-inclusive.md) and invite them to participate.
|
||||
|
||||
- [x] Specify that your event welcomes beginners.
|
||||
|
||||
- [x] Be mindful of advertising your event in places where potential newcomers might see it. Be careful about not inviting people only from places reaching out to people who are already part of the privacy community.
|
||||
|
||||
## More resources
|
||||
|
||||
- [How to make your social justice event accessible (*The Commons Social Change Library*)](https://commonslibrary.org/how-to-make-your-social-justice-event-accessible/)
|
||||
|
||||
- [Make your event accessible and inclusive (*Park People*)](https://parkpeople.ca/make-your-event-accessible-and-inclusive/)
|
||||
|
||||
- [How to host a COVID-safe party: Tips and tricks (*Party Pro*)](https://party.pro/covid/)
|
||||
|
||||
- [Dos and don'ts on designing for accessibility (UK Government)](https://accessibility.blog.gov.uk/2016/09/02/dos-and-donts-on-designing-for-accessibility/)
|
||||
|
||||
- [Five golden rules for compliant alt text (*AbilityNet*)](https://abilitynet.org.uk/resources/digital-accessibility/five-golden-rules-compliant-alt-text)
|
||||
|
||||
- [Accessibility developer guide (*Access for all*)](https://www.accessibility-developer-guide.com/)
|
||||
@@ -0,0 +1,123 @@
|
||||
---
|
||||
title: Beware of Privacy Snake Oil
|
||||
description: In your privacy advocacy, it's important to recommend tools that reliably protect your and other people's privacy. Learn how to evaluate privacy claims.
|
||||
icon: fontawesome/solid/skull-crossbones
|
||||
cover: activism/banner-toolbox-tip-snakeoil.webp
|
||||
---
|
||||
In your privacy advocacy, it's essential to use and recommend tools that *reliably* protect privacy. For this, you need to **investigate and remain highly skeptical** of any dangerous or unproven marketing claims.
|
||||
|
||||
Here's how to evaluate privacy claims, and recommend tools that are trustworthy:
|
||||
|
||||
## Why is there so much privacy snake oil?
|
||||
|
||||
Regrettably, it's quite common to see businesses using privacy promises as a mere marketing strategy to reassure understandingly concerned users. But many aren't genuinely doing the work to make these promises come true.
|
||||
|
||||
Many businesses want to have their cake and eat it too, by attracting users with false promises of privacy while exploiting their data for profit all the while. Other times, failure to meet privacy promises simply comes from incompetence or negligence.
|
||||
|
||||
Misleadingly, or fraudulently, presenting a product, service, or organization as being responsible and trustworthy with data privacy when it isn't is called "[privacy washing](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)."
|
||||
|
||||
There are many things you can learn to become more resistant to privacy washing, and become better at using and recommending genuinely privacy-preserving technologies.
|
||||
|
||||
## How to spot privacy snake oil
|
||||
|
||||
Never trust any privacy claims at face value.
|
||||
|
||||
Here are some red flags you should always keep in mind when evaluating a privacy tool, service, or organization:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: none;
|
||||
}
|
||||
.md-typeset .emoji-list-a ul li {
|
||||
margin-left: 0;
|
||||
}
|
||||
.emoji-list-a ul li::before {
|
||||
content: "";
|
||||
display: inline-block;
|
||||
width: 1.125em;
|
||||
height: 1.125em;
|
||||
margin-right: 0.5em;
|
||||
background-image: url(data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%2036%2036%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20xml%3Aspace%3D%22preserve%22%20style%3D%22fill-rule%3Aevenodd%3Bclip-rule%3Aevenodd%3Bstroke-linejoin%3Around%3Bstroke-miterlimit%3A2%22%3E%3Cpath%20d%3D%22M13%2034s0%202-2%202-2-2-2-2V2s0-2%202-2%202%202%202%202z%22%20style%3D%22fill%3A%2366757f%3Bfill-rule%3Anonzero%22%2F%3E%3Cpath%20d%3D%22M11%204c0-2.2%201.636-3.25%203.636-2.333l16.727%207.667c2%20.917%202%202.417%200%203.333l-16.727%207.667C12.636%2021.25%2011%2020.2%2011%2018z%22%20style%3D%22fill%3A%23f41811%3Bfill-rule%3Anonzero%22%2F%3E%3C%2Fsvg%3E);
|
||||
}
|
||||
.emoji-list-a ul li p {
|
||||
display: inline;
|
||||
}
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [**Conflict of interest**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#conflict-of-interest): Is the source that is telling you this product is trustworthy independent of the company or parent-company that owns this product?
|
||||
|
||||
- [**Biased reviews**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#fake-reviews): Is the review recommending this product truly independent, or has it received sponsorship money? Was the review AI-generated?
|
||||
|
||||
- [**Meaningless attestations**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#meaningless-privacy-compliance-badges): Are claims of privacy law compliance or trustworthiness supported by external sources, or do they only come from the organization itself?
|
||||
|
||||
- [**Buzzword language**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#buzzword-language): Is the advertising and description of the product using a lot of privacy buzzwords like "military-grade encryption" or "AI-powered"?
|
||||
|
||||
- [**Unsupported claims**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#checkbox-compliance-and-copy-paste-policies): Are the product's claims supported by documentation and detailed descriptions? It's not enough to write "end-to-end encrypted." This claim should be supported by a detailed account of *how* the data is end-to-end encrypted, including which protocols and algorithms it is using.
|
||||
|
||||
- [**Unrealistic claims**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#unverifiable-and-unrealistic-promises): Are the privacy claims being made realistic? Nothing can be 100% private or 100% secure. A trustworthy product will give you reasonable warnings about its limitations.
|
||||
|
||||
- [**Lack of deletion process**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#flawed-or-absent-process-for-data-deletion): Does this product or service offer a clear process to delete your data upon request? How much of your data can you delete, and how quickly can you delete it if you wanted to stop using this service tomorrow?
|
||||
|
||||
- [**Untested technologies**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#new-and-untested-technologies): Has this technology been tested by experts before? Are there any *external* parties who have verified its claims?
|
||||
|
||||
- [**Bad reputation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#critics-from-experts): What are privacy and security experts saying about this product or organization? Was the product or organization subjected to multiple critiques from privacy experts? Has the organization ever been impacted by major data breaches?
|
||||
|
||||
</div>
|
||||
|
||||
## How to trust privacy tools and services
|
||||
|
||||
You should never *completely* trust a product, service, or organization. Additionally, your trust should always be revocable, and you should revoke it when new information comes to light that warrants it. Even privacy professional sources that you trust might not always be up-to-date.
|
||||
|
||||
Things can change quickly in the tech world, and we must all be prepared to revoke our trust and adapt quickly when required.
|
||||
|
||||
With that in mind, here are some green flags you can keep in mind when evaluating a privacy tool, service, or organization:
|
||||
|
||||
<style>
|
||||
.emoji-list-b ul {
|
||||
list-style: none;
|
||||
}
|
||||
.md-typeset .emoji-list-b ul li {
|
||||
margin-left: 0;
|
||||
}
|
||||
.emoji-list-b ul li::before {
|
||||
content: "";
|
||||
display: inline-block;
|
||||
width: 1.125em;
|
||||
height: 1.125em;
|
||||
margin-right: 0.5em;
|
||||
background-image: url(data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%2036%2036%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20xml%3Aspace%3D%22preserve%22%20style%3D%22fill-rule%3Aevenodd%3Bclip-rule%3Aevenodd%3Bstroke-linejoin%3Around%3Bstroke-miterlimit%3A2%22%3E%3Cpath%20d%3D%22M13%2034s0%202-2%202-2-2-2-2V2s0-2%202-2%202%202%202%202z%22%20style%3D%22fill%3A%2366757f%3Bfill-rule%3Anonzero%22%2F%3E%3Cpath%20d%3D%22M11%204c0-2.2%201.636-3.25%203.636-2.333l16.727%207.667c2%20.917%202%202.417%200%203.333l-16.727%207.667C12.636%2021.25%2011%2020.2%2011%2018z%22%20style%3D%22fill%3A%2345dd2e%3Bfill-rule%3Anonzero%22%2F%3E%3C%2Fsvg%3E);
|
||||
}
|
||||
.emoji-list-b ul li p {
|
||||
display: inline;
|
||||
}
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-b" markdown>
|
||||
|
||||
- [**Good reputation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#reputation-history): What are privacy and security experts saying about this product or organization? Does the product or organization have a good reputation within the field?
|
||||
|
||||
- [**Access to evidence**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#verifiable-claims): Are you able to verify the privacy claims from independent sources that aren't related to the business itself?
|
||||
|
||||
- [**Independent review**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#independent-reviews): Was the product reviewed by an independent third-party who had significant access to test the product in a meaningful way?
|
||||
|
||||
- [**Transparency**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#transparency): Can you easily find detailed information about what data this organization collects, and how it processes and shares it? Would an independent expert have access to its software code to inspect it?
|
||||
|
||||
- [**Clear funding model**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#clear-funding-model): How does this organization make money? If it's free to use, does this organization rely on donations or grants? Is the product sold to users or to businesses? Where does the money come from?
|
||||
|
||||
- [**Availability**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#availability): Could you easily contact this organization if you needed to? Can you find an email address dedicated to privacy requests and questions? Can you find where the organization is located? Would you have access to at least two different ways to contact it?
|
||||
|
||||
- [**Expert recommendation**](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/#expert-advice): Is this product recommended by independent privacy experts and nonprofit digital rights organizations?
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Tool recommendations vetted by our community (*Privacy Guides*)](../../tools.md)
|
||||
|
||||
- [Extensive guide on how to evaluate better privacy tools and organizations (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/)
|
||||
|
||||
- [Privacy washing is a dirty business (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)
|
||||
|
||||
- [Understanding encryption and end-to-end encryption (*Privacy Guides* video)](https://www.privacyguides.org/videos/2025/04/03/is-your-data-really-safe-understanding-encryption/)
|
||||
@@ -0,0 +1,75 @@
|
||||
---
|
||||
title: Consider Everyone's Unique Situation
|
||||
description: To give actionable privacy advices, it's essential to consider everyone's situation. Learn more on how you can evaluate each person's unique threat model.
|
||||
icon: fontawesome/solid/users-between-lines
|
||||
cover: activism/banner-toolbox-tip-everyone.webp
|
||||
---
|
||||
Everyone has different needs, and everyone faces different dangers when their personal data gets exposed.
|
||||
|
||||
To give actionable privacy advices and recommendations, it's essential to **keep in mind everyone's situation**. There isn't a one-size-fits-all approach when it comes to data privacy.
|
||||
|
||||
Here's how you can get better at evaluating each person's unique [*threat model*](../../basics/threat-modeling.md):
|
||||
|
||||
## What is a threat model?
|
||||
|
||||
We regularly use the term "threat model" in cybersecurity and data privacy. This might sound obscure at first if you haven't seen it before, but it's quite simple: A threat model is an evaluation of what is dangerous for a certain person (or entity) in a given situation, and what protective measures should be prioritized.
|
||||
|
||||
For example, if you leave near the equator, polar bears might not be an important threat to your safety. However, if you live in Nunavut, it may be important to get information on how to prevent a polar bear attack.
|
||||
|
||||
Similarly, when you choose privacy protections for yourself or for others, you should first ask a few questions to understand better what information you are trying to protect, from whom, and in which context.
|
||||
|
||||
## What questions to ask?
|
||||
|
||||
To establish a threat model, ask the following questions:
|
||||
|
||||
1. What information leak could endanger this person or organization the most?
|
||||
2. Who this information should be protected from?
|
||||
3. How likely is it that this person or entity could access this information?
|
||||
4. What could happen if this person or entity had access to this information?
|
||||
5. What are the protections available to protect this information specifically from this person or entity?
|
||||
6. What would be the downside of using these protections?
|
||||
7. How long do these protections need to remain in place?
|
||||
|
||||
Ask, rinse, and repeat for each type of information. The answers to these questions will be unique for each person or organization. This is their unique threat model.
|
||||
|
||||
<details class="danger" markdown>
|
||||
<summary>Example scenario: Threat of stalking</summary>
|
||||
|
||||
**Needs:** Alice is a young celebrity sharing a lot of information about herself on social media. As part of her work, she has to be able to share photos of herself, her legal name, some of her travel information, and details about her personal life.
|
||||
|
||||
**Threat:** However, to protect herself from an aggressive stalker, she must protect information about her *home address* at all cost.
|
||||
|
||||
**Level of danger:** She already received threats online, and the danger to her safety is imminent if her home address were to be known to this aggressive stalker.
|
||||
|
||||
**Information to protect and solutions:** Everywhere that Alice is required to share her home address must be protected. She should use a PO box every time her personal address isn't absolutely necessary. She should make sure to only share her address with trusted people that are informed about this danger. And she should inspect all of her photos and metadata carefully, to make sure her location is never precisely [revealed](https://www.privacyguides.org/articles/2025/03/25/privacy-means-safety/#victims-of-stalkers).
|
||||
|
||||
</details>
|
||||
|
||||
<details class="danger" markdown>
|
||||
<summary>Example scenario: Surveillance Capitalism</summary>
|
||||
|
||||
**Needs:** Bob feels uncomfortable with companies using his information without his consent. He doesn't trust what they might do with this information later, or whom they might sell it to. He is especially worried about how companies and governments might use facial recognition with him.
|
||||
|
||||
**Threat:** To limit facial recognition, Bob doesn't want any companies to have access to a *photo of his face*.
|
||||
|
||||
**Level of danger:** If Bob or someone close to Bob posted a photo of his face online, the numerous bots constantly scanning the open web and social media platforms would have a copy of it in no time.
|
||||
|
||||
**Information to protect and solutions:** To prevent this, Bob should not post any photos of his face online. He should make sure to only choose profile pictures that don't show his face for social media, and inspect any other photos posted to make sure his face doesn't show up on reflective surfaces. He should also inform his friends and family that he doesn't want photos of himself to be posted online, and he should protect his phone camera roll and cloud storage from getting [scanned](https://www.forbes.com/sites/zakdoffman/2026/01/15/google-upgrade-starts-scanning-all-your-photos-be-very-careful/) by remotely controlled AI. Bob should also opt out of any online platforms demanding a facial scan or photo ID in order to [verify his age](https://www.privacyguides.org/videos/2025/08/15/age-verification-is-a-privacy-nightmare/) or identity.
|
||||
|
||||
</details>
|
||||
|
||||
## Respect people's choices when it comes to their own privacy, even if they are different from yours
|
||||
|
||||
When advising others on data privacy, it's easy to get carried away and forget that other people might have different threat models from our own.
|
||||
|
||||
Once we have provided the information to somebody who might need it, it's important to take a step back and respect their choices. If someone understands the risks, and decides that sharing this information *about themselves* is an acceptable level of risk to them, we cannot (and shouldn't try) to force them in using the same level of protection we have adopted ourselves, if they don't want to.
|
||||
|
||||
Of course, this might be a different story if their decision also affects the data of others. But if it only concerns their own data, the choice is theirs.
|
||||
|
||||
To be a good privacy advocate is to provide information and support when needed. But ultimately, privacy is about deciding what one is comfortable sharing about themselves or not. We can only choose this for ourselves, not for others.
|
||||
|
||||
## More resources
|
||||
|
||||
- [More detailed information on threat modeling (*Privacy Guides*)](../../basics/threat-modeling.md)
|
||||
|
||||
- [Examples of common threats (*Privacy Guides*)](../../basics/common-threats.md)
|
||||
@@ -0,0 +1,47 @@
|
||||
---
|
||||
title: Don't Stop at Individual Solutions, Consider The Collective Impact
|
||||
description: When we think about privacy, we often focus on technical individual solutions. But it's also crucial to consider the collective impact of privacy issues.
|
||||
icon: fontawesome/solid/users-rays
|
||||
cover: activism/banner-toolbox-tip-expand.webp
|
||||
---
|
||||
When we think about our privacy, we often focus on the technical tools we can use to protect it. While this is an important *component*, it's crucial not to lose sight of how regulations and invasive practices impact us collectively.
|
||||
|
||||
Here's what to keep in mind to **expand your perspective on data privacy** beyond individual solutions:
|
||||
|
||||
## The danger of focusing only on individual solutions
|
||||
|
||||
While it might feel easier to focus on our own needs, nobody lives in a vacuum. Even if you were able to somehow protect all the data you have custody of, there is a lot of data about you that isn't under your control, and a lot of data about *others* that impact you.
|
||||
|
||||
Moreover, it's important to consider others in different situations. For example, even if everyone who has access to a [VPN](../../vpn.md) service can stay protected from a particular issue, what about all the others? It's neither practical nor realistic to expect that *everyone* would be able to circumvent a problem by using a VPN.
|
||||
|
||||
While in some cases we might want to discuss immediate individual solutions in order to mitigate some harm, we must also attack the root cause of the problem.
|
||||
|
||||
If we only think of *individual* solutions when a corporation exploits our data, or a government adopts a privacy-invasive regulation, we risk letting our guard down by giving up the fight early. This makes the problem harder to fight later on, and results in more harm to our communities, and eventually to ourselves as well.
|
||||
|
||||
## Things to keep in mind when a privacy issue arises
|
||||
|
||||
Here are a few questions you can ask yourself whenever a new privacy issue arises in the news, to help expand your perspective beyond individual solutions:
|
||||
|
||||
- [ ] What are potential mitigation solutions, and who will realistically be able to use them?
|
||||
|
||||
- [ ] What will happen to the people who don't have the resources (in time, in money, in knowledge) to protect themselves individually?
|
||||
|
||||
- [ ] Will this issue impact some communities more than others? Who will this affect the most negatively?
|
||||
|
||||
- [ ] What will be the impact for the people who *cannot* protect themselves individually?
|
||||
|
||||
- [ ] What will be the impact for the people who *can* protect themselves individually?
|
||||
|
||||
- [ ] Are there other solutions that could be adopted to fight this issue for *everyone* at once, without relying on *individual* harm mitigations.
|
||||
|
||||
- [ ] How can we fight against this issue in a way that will benefit *everyone* impacted, including the people who aren't even aware of the issue?
|
||||
|
||||
## More resources
|
||||
|
||||
- [Why you should also care about other people's privacy (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
|
||||
- [Why privacy might be a safety matter for many (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/25/privacy-means-safety/)
|
||||
|
||||
- [Encryption must not be outlawed for our privacy tools to work (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/)
|
||||
|
||||
- [Dangerous regulation proposals like Chat Control could impact everyone without many individual solutions (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/)
|
||||
@@ -0,0 +1,95 @@
|
||||
---
|
||||
title: Engage, Boost, and Contribute
|
||||
description: Once you have the knowledge, motivation, and energy to fight for privacy rights, it's time to act! Learn more on what you can do to be a privacy activist.
|
||||
icon: fontawesome/solid/bullhorn
|
||||
cover: activism/banner-toolbox-tip-engage.webp
|
||||
---
|
||||
Once you have the knowledge, motivation, and energy, **it's time to act**! Perhaps you've read all the tips here, or have read through our [Knowledge Base](../../basics/why-privacy-matters.md) already! But you don't need to know that much about privacy to start contributing.
|
||||
|
||||
The most important part is that you care about privacy rights, and want to be part of the movement to defend them.
|
||||
|
||||
Here's what you can do to become a privacy activist:
|
||||
|
||||
## Be active! Participate and contribute!
|
||||
|
||||
Being a privacy activist means actively taking part in the movement to protect and improve fundamental privacy rights for everyone.
|
||||
|
||||
<div class="admonition quote toolbox-quote" markdown>
|
||||
<p class="admonition-title toolbox-quote">We want to help redefine 'activist' to a term that can include anyone who wants to work collectively to create social change. You don't have to be an expert, and you don't have to spend every waking minute trying to do 'activism'. You just have to be a person who wants to create change with other people.</p>
|
||||
|
||||
<p class="toolbox-quote-source" markdown>Source: [*Activist Handbook*](https://activisthandbook.org/theory/what-is-activism#our-response-take-the-%E2%80%98expert%E2%80%99-out-of-%E2%80%98activism%E2%80%99)</p>
|
||||
|
||||
</div>
|
||||
|
||||
There are many ways to actively engage in the privacy rights movement.
|
||||
|
||||
While a lot can be accomplished by *anyone* interested in joining, think about how you can orient your activism around *your* strengths, skills, and interests. This will help with sustainability.
|
||||
|
||||
If you find one way doesn't really work for you, and you get tired or bored quickly, then find another way to contribute. There isn't a one-size-fits-all approach. Find the ways that work best for you.
|
||||
|
||||
Perhaps you like to write, to draw, to record videos, or to build applications? Or maybe you prefer to engage with people directly, and become involved in the more social part of privacy advocacy? This can all be incredibly valuable contributions to the movement.
|
||||
|
||||
Ask yourself these questions:
|
||||
|
||||
- [ ] What do I enjoy doing that could also be useful to the cause?
|
||||
|
||||
- [ ] What are my interests? What do I want to learn more about?
|
||||
|
||||
- [ ] Which skills and social networks do I already have?
|
||||
|
||||
- [ ] How much time do I have to contribute each week?
|
||||
|
||||
- [ ] Who around me shares my privacy values and could be an ally?
|
||||
|
||||
## Things you can do to engage, boost, and contribute
|
||||
|
||||
Here are some ideas of what you can do to become a privacy activist in your community, and a valuable member of the privacy rights movement:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🚀" "✍️" "💪" "🙅" "🙌" "💵" "📍" "✊" "💛";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [**Spread** the words of your allies.](tip-lift-your-allies-up.md) Repost social media campaigns from digital rights organizations you like, and write about it on your own platforms. Encourage people to participate if there is a call to action.
|
||||
|
||||
- **Write** about the privacy issues you care about. Inform the public with accurate information and effective ways of action to push back against invasive technologies and legislations. This can be through your social networks, personal blog, or even a book!
|
||||
|
||||
- [**Participate**](tip-small-actions-matter.md) in the actions organized by others. Reply positively to social media posts related to privacy rights, repost the content of your allies, sign petitions, report violations, join an online forum, and contact your representatives about privacy rights in your region of the world.
|
||||
|
||||
- [**Refuse**](tip-refuse-to-participate.md) to participate in privacy-invasive requests, and refuse to use privacy-invasive technologies as much as doable for your situation. Sometimes doing nothing can be a powerful action. Try to prioritize your privacy principles over [convenience](https://www.privacyguides.org/articles/2025/06/07/selling-surveillance-as-convenience/), and report on your refusal experiences on social networks and with your local communities.
|
||||
|
||||
- [**Join or build** communities](https://discuss.privacyguides.net/) with people sharing your privacy values. Be a positive contributor and lift your allies up. [Support your privacy comrades](tip-support-your-privacy-comrades.md) and [ask for help](tip-take-time-to-rest.md) when you need it yourself. Look for nonprofit organizations [seeking volunteers](../../about/contributors.md).
|
||||
|
||||
- [**Contribute** financially](../../about/donate.md) if you can. If you cannot afford to participate in time, consider donating money. There are many digital rights nonprofit organizations that could do *so much more* if only they had more funding. Offering financial support when you can is a meaningful way to contribute to the privacy rights movement.
|
||||
|
||||
- **Go** to local meetups related to privacy and digital rights. Meet people who share your values in-person, and grow your network to find allies in your area.
|
||||
|
||||
- **Take part** in digital rights protests that support causes and raise awareness on privacy issues you care about. Actively look online for events to join in your local privacy rights community.
|
||||
|
||||
- **Invite** others to join you in the movement to defend privacy rights!
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition quote toolbox-quote" markdown>
|
||||
<p class="admonition-title toolbox-quote">People who do activism reclaim their own agency in deciding what kind of world they want to live in.</p>
|
||||
|
||||
<p class="toolbox-quote-source" markdown>Source: [*Activist Handbook*](https://activisthandbook.org/theory/what-is-activism#personal-is-political)</p>
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [What is activism? (*Activist Handbook*)](https://activisthandbook.org/theory/what-is-activism#personal-is-political)
|
||||
|
||||
- [How to be an activist for human rights causes (*WikiHow*)](https://www.wikihow.com/Become-an-Activist)
|
||||
|
||||
- [Learn to use ethical principles of persuasion (*The Community Tool Box* (University of Kansas))](https://ctb.ku.edu/en/table-of-contents/participation/promoting-interest/principles-of-persuasion/main)
|
||||
|
||||
- [Communicate your message: Making sure your message comes across (*Activist Handbook*)](https://activisthandbook.org/communication)
|
||||
@@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Give Credit Where Credit Is Due
|
||||
description: To succeed with our movement to defend privacy rights, we must support each other. One good way to do this is to give credit where credit is due.
|
||||
icon: fontawesome/solid/thumbs-up
|
||||
cover: activism/banner-toolbox-tip-credit.webp
|
||||
---
|
||||
To succeed in our battle, we must **support each other**. One good way to accomplish this is to never forget to give credit where credit is due. When another advocate or organization says something you agree with, boost them up, spread their reach, and thank them publicly.
|
||||
|
||||
Here are a few ways you can help your allies feel seen and valued:
|
||||
|
||||
## Why crediting people and organization is important
|
||||
|
||||
Giving credit to the right person or organization isn't only the ethical thing to do, it's also a way to **build alliances**, to bring more people to the cause, and to retain the allies you already have.
|
||||
|
||||
When people feel valued, they are usually inclined to work harder. People are also more likely to stick around places where they feel seen and appreciated. This is incredibly important for our movement.
|
||||
|
||||
When giving credit to organizations, you are also making a whole team feel valued. Organizations are made of people, after all. Caring about the people who work hard at your allied organizations is fundamental to build our movement.
|
||||
|
||||
## Ways to credit your allies in your advocacy work
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "💬" "🔗" "👍" "🙌" "💛" "😊" "🏆";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Quote** your allies' work in your own content and material. Make sure to always credit their name and link to their external resources when you do.
|
||||
|
||||
- **Link** to your allies' resources on your own platforms. Give them credit for their work, and encourage your own audience to consult your allies' material.
|
||||
|
||||
- **Support** your allies publicly on social media. Repost their content to increase their reach. Post about them while tagging them, to encourage your circle to follow them as well. Reply to their posts thanking them for their hard work for the cause.
|
||||
|
||||
- **Reach out** to offer your help on their projects, whenever you have the resources to do so.
|
||||
|
||||
- **Thank** your allies publicly when working with a group, whether it's for paid or volunteer work. Make the members of your group feel recognized and valued individually.
|
||||
|
||||
- **Attribute** the work of each contributor to the name they have agreed to share publicly, depending on the platform you use. Ask first how they prefer to be credited, but do not forget to credit them.
|
||||
|
||||
- **Nominate** your allies for rewards/awards if the opportunity arises, and make sure to add your vote to support them.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [3 ways to use recognition to boost performance and engagement (*HumanResourceMag*)](https://www.humanresourcemag.com/news/277/3-ways-to-use-recognition-to-boost-performance-and-engagement)
|
||||
|
||||
- [The fine line between teamwork and taking credit: Why recognition matters (*Gwendolyn F. McGraw*)](https://blog.gwendolynmcgraw.net/2025/07/12/the-fine-line-between-teamwork-and-taking-credit-why-recognition-matters/)
|
||||
+117
@@ -0,0 +1,117 @@
|
||||
---
|
||||
title: Improve Your Social Media and Build Resilient Communities
|
||||
description: Commercial social media platforms represent one of the biggest source of data exploitation. Learn how you can build better and more resilient social networks.
|
||||
icon: fontawesome/solid/seedling
|
||||
cover: activism/banner-toolbox-tip-plant.webp
|
||||
---
|
||||
Commercial social media platforms represent one of the biggest source of data exploitation. Facebook, Instagram, Threads, TikTok, and X all exploit their users' data to generate billions in profit every year. By staying active on these platforms, we continue to feed the beast and indirectly support this invasion of privacy rights.
|
||||
|
||||
Here's how you can **minimize your presence on commercial social media**, and slowly build more autonomous communities:
|
||||
|
||||
## Why it's important to move away
|
||||
|
||||
Moving away from large commercial platforms can be a complex process, but it's a very important one nonetheless.
|
||||
|
||||
[Reducing our dependence on Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md), including for social media platforms, is essential in our fight for better privacy rights.
|
||||
|
||||
Not only this allows us to stop feeding a surveillance machine that grows ever hungry for data every month, but it gives us an opportunity to build much more resilient communities, and support platforms that aren't devouring peoples' privacy.
|
||||
|
||||
Many are reluctant to quit commercial social media, despite the many issues that have only become worse in the past few years. It's not always easy to leave a place that feels like home and rebuild elsewhere. However, ==when the house is on fire, it's time to leave.==
|
||||
|
||||
The more we produce content, and the more we engage with our community on these privacy-invasive platforms, the more we contribute to sustain these predatory corporations making money and thriving at the expense of our followers' data.
|
||||
|
||||
It's a responsibility for any privacy advocates to stay true to their values, and minimize their presence on exploitive platforms as much as feasible.
|
||||
|
||||
## Minimizing your presence on commercial social media platforms
|
||||
|
||||
Here are a few things you can start doing to reduce your contribution to Big Tech social media. This is presented on an escalating scale. Go as far as realistically possible for your situation:
|
||||
|
||||
1. Create an account that mirrors your regular posts on a [privacy-respecting platform](#embracing-privacy-respectful-alternatives), and announce it prominently on your commercial social media accounts.
|
||||
|
||||
2. Regularly post on your commercial social media that you don't support this platform and encourage your followers to meet you on your new privacy-respecting social network instead.
|
||||
|
||||
3. Use your commercial social media profile pictures and banners to advertise your new social network account (this will help fight potential Big Tech [censorship](https://gizmodo.com/elon-musk-twitter-ban-mastodon-1849903839) of text posts promoting competitors).
|
||||
|
||||
4. Tell your followers on commercial social media that you will stop engaging in replies here, but will reply to questions and comments on your new social network profile, and follow through.
|
||||
|
||||
5. If this makes sense for your situation, after backing up your data, start deleting older content from your commercial social media profiles (you can use a tool like [Cyd](https://docs.cyd.social/docs/intro/) to help you with deletion).
|
||||
|
||||
6. Gradually decrease your posting activity on commercial social media, and increase your presence and engagement with your new social network account on a privacy-respecting platform.
|
||||
|
||||
7. Stop posting on your commercial social media account entirely. Only keep a pinned post and profile description with your new social network account information, and encourage your followers to meet you there.
|
||||
|
||||
8. When you are ready, delete your data and close your accounts on commercial social media entirely. Before leaving permanently, make sure to post an announcement (a week before maybe) about why you are leaving and how your followers can find you on your new social network.
|
||||
|
||||
## Embracing privacy-respectful alternatives
|
||||
|
||||
Perhaps you are already convinced to leave exploitive social media platforms for better places, but aren't sure where to go. Thankfully, there are alternatives that genuinely respect users and their privacy.
|
||||
|
||||
One such network is the [**Fediverse**](https://en.wikipedia.org/wiki/Fediverse), a decentralized collection of interconnected applications and servers that can communicate with each other.
|
||||
|
||||
The Fediverse was built from a desire for social connection, not from greed for profits. ==This is a fundamental difference that leads to substantial benefits.== Most servers that are part of the Fediverse network are hosted by volunteers who simply want to support their communities.
|
||||
|
||||
There are many applications that can connect to the Fediverse, the most famous probably being the microblogging platform [Mastodon](https://joinmastodon.org/). But you could also choose to join an app more similar to Instagram with [Pixelfed](https://pixelfed.org/), or more similar to YouTube with [PeerTube](https://joinpeertube.org/). They all connect together!
|
||||
|
||||
Here are some resources to help you learn more about this social network, and its many applications:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🎞️" "❓" "💛" "🔒" "🐘";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [Learn why the Fediverse is a better alternative (*Elena Rossini* video)](https://blog.elenarossini.com/fediverse-video/)
|
||||
|
||||
- [What is the Fediverse and how it's interconnected (*Stefan Bohacek* project)](https://jointhefediverse.net)
|
||||
|
||||
- [Social network recommendations (*Privacy Guides*)](../../social-networks.md)
|
||||
|
||||
- [Privacy and security on Mastodon (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/)
|
||||
|
||||
- [How to create a Mastodon account (*Doc Pop*)](https://docpop.org/2025/02/how-to-get-started-with-mastodon/)
|
||||
|
||||
</div>
|
||||
|
||||
## Building resilient communities
|
||||
|
||||
If you decide to make the Fediverse-connected social network Mastodon your new home, you will be able to choose between a variety of servers (instances) to create your account.
|
||||
|
||||
You can also simply choose the Mastodon organization's main server [mastodon.social](https://mastodon.social/about), if you don't feel like thinking about this too much. Mastodon has a feature allowing to migrate your account from one server to another, so this isn't a permanent decision. You can always move later if you choose to (you can't move your content for now, but you can move your followers).
|
||||
|
||||
That being said, if you're up for a more resilient solution, one option that is truly empowering is to host your own Mastodon server (or many other applications that are part of the Fediverse family).
|
||||
|
||||
Self-hosting your Mastodon server of course requires more time and resources. But, if you can afford it, hosting your own server will allow you to be much more independent and genuinely own your own data.
|
||||
|
||||
This is the best way to build a community that is truly resilient, and billionaire-resistant.
|
||||
|
||||
### Wikimedia has its own Mastodon instance!
|
||||
|
||||
As an example of an organization self-hosting its Mastodon account, the [Wikimedia Foundation](https://wikimediafoundation.org/) (the nonprofit organization hosting *Wikipedia*) has its [own](https://meta.wikimedia.org/wiki/Wikimedia.Social) Mastodon server at [wikimedia.social](https://wikimedia.social/about).
|
||||
|
||||
From their [Wikimedia's Mastodon account](https://wikimedia.social/@wikimediafoundation) on this server, you can see that the organization's official website is listed in green. This verifies the account's authenticity by linking together the website address with the Mastodon account. It's easy to do, and entirely free.
|
||||
|
||||
You can also see this page is visible to anyone, regardless of if they have a Mastodon account or not. This makes the information you want to share with your community much more accessible. It doesn't require your community to share any sensitive data if they prefer not to, like they would have to do to follow you on Facebook, Instagram, X, or TikTok.
|
||||
|
||||
Additionally, this allows you to keep full control over your profile page, regardless of social media ownership, or censorship. This is how you can build a truly resilient community for your privacy advocacy work.
|
||||
|
||||
Privacy Guides does this too, of course! You can [follow *Privacy Guides*](https://mastodon.neat.computer/@privacyguides) from our own self-hosted Mastodon server 💛
|
||||
|
||||
## More resources
|
||||
|
||||
- [Official Mastodon website](https://joinmastodon.org/)
|
||||
|
||||
- [List of curated smaller Fediverse servers (*Fedi Garden*)](https://fedi.garden/)
|
||||
|
||||
- [Find answers to all your questions about Mastodon and the Fediverse (*Fedi Tips*)](https://fedi.tips/)
|
||||
|
||||
- [Tutorial to optimize privacy and security on a Mastodon account (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/)
|
||||
|
||||
- [Organizations: Tutorial to verify your Mastodon account (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#verifying-yourself-and-others)
|
||||
|
||||
- [Organizations and Writers: Tutorial to attribute your articles to your Mastodon account, including when others share links on the network (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/22/mastodon-tutorial-privacy-and-security/#author-attribution-for-journalists-and-writers)
|
||||
@@ -0,0 +1,99 @@
|
||||
---
|
||||
title: Keep in Mind The Whole Landscape
|
||||
description: Privacy isn't just about the tools, or just about the laws, or just about the practices either. It's about all of it. Learn how to consider the whole landscape.
|
||||
icon: fontawesome/solid/globe
|
||||
cover: activism/banner-toolbox-tip-landscape.webp
|
||||
---
|
||||
Privacy isn't just about the tools, the laws, or the practices of any individual or organization. It's about *all* of that. To move our society in a place where everyone benefits from privacy by default, we must consider technologies, laws, and culture holistically.
|
||||
|
||||
Here's how to get better at **considering the whole landscape**:
|
||||
|
||||
## The technology
|
||||
|
||||
Technology plays a crucial role in how we protect our digital information. Most people are already familiar with the [tools and services](../../tools.md) we can use to better protect our privacy, and the ways technology can endanger our privacy rights. Technologies like encryption, for example, are essential in our connected world.
|
||||
|
||||
But if we only consider the technological aspect, it will not be enough to defend our privacy rights. When we only think and talk about technical solutions, we are missing the bigger picture, and with it, the bigger solutions as well.
|
||||
|
||||
## The legislative
|
||||
|
||||
While technologies can protect our data in several ways, it becomes almost irrelevant when regulations make these technologies illegal.
|
||||
|
||||
Of course, some people will always be willing to use protective technologies even once they're deemed illegal by their governments, but most will not. When our protections are outlawed, we all lose.
|
||||
|
||||
Sadly, this is an overlooked area for many privacy activists. This often contributes to making our community react too little and too late when privacy-invasive laws are proposed.
|
||||
|
||||
If we want to fight for privacy rights, we must take a much stronger and louder approach against intrusive regulation proposals, as soon as we are made aware of them. Because unfortunately, bad legislations *do* have the power to limit access to the technologies and methodologies we need to stay safe.
|
||||
|
||||
Here are a few examples:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🧑⚖️" "💬" "🪪" "👁️🗨️" "💰" "🔓";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- [**Bad Internet Bills**](https://www.privacyguides.org/videos/2025/12/16/taylor-lorenz-on-kosa-the-screen-act-and-repealing-section-230/) have been proposed in 2025 to undermine the privacy of all Americans, and everyone around the world using American technology.
|
||||
|
||||
- [**Chat Control**](https://www.privacyguides.org/articles/2025/09/08/chat-control-must-be-stopped/) proposals have been an ongoing issue since 2021.
|
||||
|
||||
- [**Age Verification**](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) regulations and proposals are growing around the world at a terrifying rate.
|
||||
|
||||
- [**Data Brokers**](../../data-broker-removals.md) are incessantly exploiting our data due to weak regulations.
|
||||
|
||||
- [**Funding cuts**](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/) from new regulations have frequently impacted negatively the organizations and privacy tools we rely on.
|
||||
|
||||
- [**Attacks on encryption**](https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/) have been carried out by [multiple](https://www.privacyguides.org/articles/2025/02/28/uk-forced-apple-to-remove-adp/) governments around the world, [for *decades*](https://www.privacyguides.org/videos/2025/05/08/when-code-became-a-weapon/).
|
||||
|
||||
</div>
|
||||
|
||||
## The culture
|
||||
|
||||
While considering the tools we use and the laws that should protect us, we shouldn't neglect the impact that our *culture* has on privacy rights.
|
||||
|
||||
Unfortunately, society seems to be going in the wrong direction about this lately. As privacy activists, we have a lot of work to do to improve our culture surrounding data privacy.
|
||||
|
||||
In the past few decades, technology has changed the way we interact with each other in unprecedented ways. The laws have not caught up with these changes yet, and our culture hasn't really either.
|
||||
|
||||
Only a couple of decades ago, it was incredibly rare to be unknowingly filmed by a stranger while wandering in public spaces. If that happened, it was likely a television channel covering some event, a closed-circuit security camera, or a criminal offense. Unless the recording was broadcasted by national television, it was unlikely this footage of ourselves would become available for the whole world to see.
|
||||
|
||||
Today, pretty much everyone on the planet has the power to film strangers and share the footage with the whole world in an instant. But sadly, very few people take the responsibility that comes with this power seriously enough. We must change that.
|
||||
|
||||
We must work together to develop and promote a culture of consent around data collection, both for organizations and individuals.
|
||||
|
||||
Here are a few practices to improve our culture surrounding data privacy that you can adopt yourself, and help promote in your advocacy work:
|
||||
|
||||
- [x] Never publish photos or information about children online.
|
||||
|
||||
- [x] Don't post pictures of others online without their explicit consent.
|
||||
|
||||
- [x] If posting photos that include others cannot be avoided, blur the faces of non-consenting people before publication.
|
||||
|
||||
- [x] Blur any visible vehicle license plates before publishing photos.
|
||||
|
||||
- [x] Avoid taking screenshots of other people's posts without their consent (as this prevents them from exercising their right to delete).
|
||||
|
||||
- [x] Never share the location or contact information of someone without their explicit consent.
|
||||
|
||||
- [x] Block external applications from accessing the contact information of others (e.g. don't allow the Facebook app to access your contacts).
|
||||
|
||||
- [x] Be mindful of how one's computer or phone stores and records other people's information. Never use an application that scans content with potential information about others, such as AI note-takers, AI assistants, or applications like Microsoft's Recall.
|
||||
|
||||
- [x] Never share the files of others with a third-party person or application without their prior permission.
|
||||
|
||||
- [x] Unplug smart devices equipped with a microphone or camera at home before any guests enter. If this isn't possible for some reason, then inform your guests about these devices *before* they enter your home, and *before* the device collects any information about them.
|
||||
|
||||
- [x] Never use devices like Meta's Ray-Ban glasses, i.e. devices equipped with a microphone and/or camera that might record others without their consent.
|
||||
|
||||
## More resources
|
||||
|
||||
- **Technology:** [Privacy tools and technology recommendations (*Privacy Guides*)](https://www.privacyguides.org/en/tools/)
|
||||
|
||||
- **Legislative:** [How governments and laws shape our digital lives (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
|
||||
- **Culture:** [Why protecting the data of other is our responsibility (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
@@ -0,0 +1,89 @@
|
||||
---
|
||||
title: Keep Your Posts and Community Inclusive
|
||||
description: Inclusivity is essential to grow our privacy movement. If we want privacy rights to succeed, we must build communities where everyone feels safe and welcomed.
|
||||
icon: fontawesome/solid/heart-circle-plus
|
||||
cover: activism/banner-toolbox-tip-inclusivity.webp
|
||||
---
|
||||
**Inclusivity** is not only the right thing to do, it's also essential to grow our movement. If we want privacy rights to succeed, it's imperative that we build communities where *everyone* feels safe and welcomed, regardless of who they are or where they come from.
|
||||
|
||||
Here's how you can keep your communications and communities inclusive:
|
||||
|
||||
## Why you need communities that are diverse and inclusive
|
||||
|
||||
In privacy, **diversity** is an incredible strength, a necessity even. When people with different lived experiences, identities, localities, specialties, and mentalities join our group, we benefit from a broader perspective as a whole.
|
||||
|
||||
Having a broad perspective is essential to understand the scope and impact of privacy issues, as well as the actionable solutions for diverse situations.
|
||||
|
||||
When people with different lived experiences and identities join our group, it expands our understanding of numerous [threat models](../../basics/threat-modeling.md), and allows us to adapt our message in ways that will be more inclusive.
|
||||
|
||||
When people from different localities join our group, this helps us to regionalize our content and communication to make it accessible to people all around the world, and expand our network. And when people with different mentalities join our group, it helps us to reach out to people with different ways of thinking more easily.
|
||||
|
||||
==The more diverse is a team, the more resources it has to understand and support a diverse population of people== interested (or potentially interested) in privacy rights.
|
||||
|
||||
Inclusivity allows diversity to thrive, and diversity will make it easier for your group to be inclusive.
|
||||
|
||||
Of course, for all those benefits to happen, it's crucial that [group leaders](tip-level-up-assemble-and-organize.md) be good listeners, and actively nurture diversity and inclusivity.
|
||||
|
||||
## Beware of gatekeeping
|
||||
|
||||
**Gatekeeping** is sadly a common social phenomenon in niche communities, especially in tech communities.
|
||||
|
||||
Gatekeeping happens when a group tend to restrict who can join it, or who gets opportunities within it. It can be done maliciously to exclude marginalized people, or inadvertently when it emerges from unconscious biases.
|
||||
|
||||
Many of us have had experiences where we felt excluded from other social groups where our privacy values weren't understood. Once we finally find a group that makes us feel like we belong, it's easy to quickly occupy the whole space and forget that newcomers might feel pushed aside if we do not actively try to include them.
|
||||
|
||||
Sometimes, gatekeeping happens unconsciously when we get overexcited about our own space, and when we tend to only communicate with the people we already know, or who look or sound like us.
|
||||
|
||||
To counter this bias, we must actively and continuously examine our own behaviors, and make sure to course correct to leave the doors of our communities opened, and welcoming to all. This isn't always an easy thing to do, but it's critical for our movement to grow.
|
||||
|
||||
## What can help keep your community inclusive
|
||||
|
||||
There are many things you can do to keep your community inclusive and diverse. Here are a few easy tips you can start implementing right now in your privacy advocacy practice, to make more people feel safe and welcomed:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🗣️" "👤" "🏷️" "🏳️🌈" "👍" "♿️" "💛" "📆" "🙌" "⛔️" "💬";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Keep your language inclusive:** Make sure to keep the door wide open in your communications. Be mindful of the language you use to make newcomers from all origins feel like they could belong in your community. Limit the use of technical jargon, regionalisms, and unnecessarily gendered language.
|
||||
|
||||
- **Listen to others:** Listen to people with experiences and identities different from yours, and try to genuinely understand their perspectives. If they don't feel safe sharing, make sure the space is safe enough for them to do so. Regularly reach out to them to ask questions, while not pressuring them to give answers if they prefer not to.
|
||||
|
||||
- **Ask people their preferred name(s):** Always ask people how they want something attributed to them (or not), and what their preferred public name is before publishing it anywhere. Never assume someone is comfortable sharing their legal name publicly, and never assume someone is comfortable using publicly the name they use privately. This is doubly important for any transgender or gender diverse persons, but it's also true for anyone who might have privacy concerns. Always ask for consent first.
|
||||
|
||||
- **Normalize the use of pronouns:** If you are in a leadership position, it's especially important to lead by example and display your preferred pronouns in your social media profiles, email signatures, and other relevant contexts. Encourage everyone on your team or in your group to do the same. This helps to normalize the practice, and makes a clear statement that your community is inclusive and welcoming to transgender and gender diverse people.
|
||||
|
||||
- **Give credit:** Make sure to appropriately [give credit](tip-give-credit-where-credit-is-due.md) where credit is due, and make people feel supported and seen. Recognition and appreciation are fundamental to inclusion.
|
||||
|
||||
- **Prioritize accessibility:** [Accessibility](tip-be-mindful-of-accessibility.md) should never be an afterthought, it should be designed in your content and events right from the start. Make sure that your website or software follows [accessibility standards](https://www.w3.org/WAI/standards-guidelines/wcag/), uses [alt text](https://webaim.org/techniques/alttext/) everywhere you can, and ensure that your [in-person events](https://parkpeople.ca/make-your-event-accessible-and-inclusive/) are accessible and enjoyable for everyone. Reach out to people experiencing disabilities to ask how you could improve accessibility for your content and events.
|
||||
|
||||
- **Moderate your community:** To keep your spaces inclusive, it's important to remove bad actors promptly. This is critical if you host a platform where people exchange together such as a forum, but it's also true for replies to your social media posts, your Signal groups, or your in-person gatherings. Whenever you become aware of a reply or answer that is abusive or bigoted, make sure to intervene quickly. If you neglect to moderate the community you are responsible for adequately, marginalized people targeted by these attacks will leave your community, and bad actors will prosper and multiply.
|
||||
|
||||
- **Observe special days:** Make sure that your group observes or celebrates special days that are relevant to members in your community. For example, people might have different religious celebrations that are important to them. Make sure you mention these celebrations, and give your members the time they need to observe them. Celebrating special days and months such as Pride Month, Black History Month, National Day for Truth and Reconciliation, and International Women's Day are also important events to acknowledge in your community.
|
||||
|
||||
- **Representation:** Pay special attention to the diversity of representation within your group, especially for people in positions of power. For your community to be inclusive, it's important for members to see that diverse people can access leadership, and to feel like your community leaders are aware of a diversity of experiences.
|
||||
|
||||
- **Be mindful of invisible barriers:** If you find your community to be quite homogeneous, take the time to think about what might keep people from different identities and origins to join your group. Perhaps there are some invisible barriers that you could identify and reduce, in order to make your group more inclusive and welcoming. If there are already a few members with diverse identities in your group, try to reach out to them for feedback on ways to improve inclusivity in your community.
|
||||
|
||||
- **Ask for feedback:** Regularly ask the members of your community and people from diverse groups what you could do to improve inclusivity. Genuinely listen, and be careful not to answer defensively if you receive negative criticism. Stay open and keep in mind that constructive feedback is important to make your group more inclusive and more diverse.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Justice, diversity, and inclusion: Start here guide (*The Commons Social Change Library*)](https://commonslibrary.org/diversity-inclusion-start-here/)
|
||||
|
||||
- [Do better and win bigger by taking on marginalisation (*Mobilisation Lab*)](https://mobilisationlab.org/resources/taking-on-marginalisation/)
|
||||
|
||||
- [Navigating differences in identity, ideology, and experience (*Museum of Protest*)](https://museumofprotest.org/guides/guide-navigating-differences/)
|
||||
|
||||
- [How to make your social justice event accessible (*The Commons Social Change Library*)](https://commonslibrary.org/how-to-make-your-social-justice-event-accessible/)
|
||||
|
||||
- [Diversity, equity, and inclusion resources and tools (*Nonprofit Learning Lab*)](https://www.nonprofitlearninglab.org/dei)
|
||||
@@ -0,0 +1,93 @@
|
||||
---
|
||||
title: Know Your Privacy Laws
|
||||
description: Being well-informed about the data protection regulations in your own jurisdiction can be a significant asset in your battles for better privacy rights.
|
||||
icon: fontawesome/solid/balance-scale
|
||||
cover: activism/banner-toolbox-tip-laws.webp
|
||||
---
|
||||
Being well-informed about the **data protection regulations** in your own jurisdiction can be a significant asset for your personal and collective battles to improve privacy, for yourself and for others.
|
||||
|
||||
Unfortunately, many people lucky enough to live in jurisdictions benefiting from such regulations often aren't aware of them, or of how to use them.
|
||||
|
||||
Here's what to look for when searching information about your local privacy laws:
|
||||
|
||||
## Where is the data subject
|
||||
|
||||
For most privacy regulations, legal protections will be applicable to **data subjects** who are citizens or reside in a specific region or country.
|
||||
|
||||
<div class="admonition info inline end" markdown>
|
||||
<p class="admonition-title">What is a data subject?</p>
|
||||
|
||||
Different laws might use different terms for this. Sometimes, a regulation might simply refer to a *person*, an *individual*, a *consumer*, a *patient*, or a *customer*.
|
||||
|
||||
Other times, the equivalent expression used will be a *data subject*.
|
||||
|
||||
A data subject is simply anyone from whom personal information is collected by an organization. **Data subject** will be used as an umbrella term on this page.
|
||||
|
||||
</div>
|
||||
|
||||
Contrary to what many believe, it's generally *your* local regulations that protect you, regardless of where the organization collecting your personal data is located (in addition, organizations are also subjected to their own local regulations).
|
||||
|
||||
Organizations that meet the data subject's local privacy law criteria are legally bound to comply with the laws of each region or country where their data subjects are residing (i.e. where they are conducting business).
|
||||
|
||||
There are a lot of nuances and regional variations to this, but in general you should focus on *where* the data subject is residing.
|
||||
|
||||
## Finding your local regulations
|
||||
|
||||
If your jurisdiction is protected by one or more privacy laws, it should be relatively easy to find this information online. *Privacy Guides* will soon publish a tool facilitating this task.
|
||||
|
||||
In the meantime, you can simply use a [trustworthy search engine](../../search-engines.md) and look for keywords with your location (be specific about country + states/provinces/region) and "privacy laws" or "data protection regulations."
|
||||
|
||||
Always make sure to find a result that is from an official government source.
|
||||
|
||||
<div class="admonition warning inline end" markdown>
|
||||
<p class="admonition-title">Beware of AI-generated information!</p>
|
||||
|
||||
Be careful to research this *without* using an automated chatbot or AI-generated information. These tools can have a high error rate, and the information displayed might not be reliable. Be sure to find the official government documentation in order to get the proper *legal* information.
|
||||
|
||||
</div>
|
||||
|
||||
While researching about your privacy protections, keep in mind that:
|
||||
|
||||
- [x] You might benefit from multiple privacy laws at once. For example, many regions have separate regulations specifically designed to protect health data, children's data, or employees' data.
|
||||
|
||||
- [x] You might benefit from protections by different government levels at once, such as federal, provincial, state level, etc. Look for them all!
|
||||
|
||||
- [ ] Your region might unfortunately not be protected by any significant privacy regulations at this time. If this is the case for you: It's time to contact your local representatives and advocate for a local privacy law!
|
||||
|
||||
## What to look for in a privacy law
|
||||
|
||||
Once you've found the official governmental documentation describing the data protection regulation that applies to your region, read it carefully to find:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "👤" "🏢" "💛" "📦" "🔍" "🧑⚖️" "☑️";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- Who is protected by the law, and in which situations?
|
||||
|
||||
- Which types of organizations are bound to comply with the law?
|
||||
|
||||
- What are your data subject rights? (Right to Delete? Right to Access? Right to Opt-out?)
|
||||
|
||||
- Does the law include special protections for specific types of sensitive data?
|
||||
|
||||
- Which types of data might be exempt from the law?
|
||||
|
||||
- Which entity is responsible for enforcing the law?
|
||||
|
||||
- What is the process to file a complaint?
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Map of data protection and privacy legislation worldwide (*UN Trade and Development*)](https://unctad.org/page/data-protection-and-privacy-legislation-worldwide)
|
||||
|
||||
- [The future of privacy: How governments shape your digital life (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/02/03/the-future-of-privacy/)
|
||||
@@ -0,0 +1,213 @@
|
||||
---
|
||||
title: Level Up! Assemble and Organize
|
||||
description: If you've been a privacy advocate for a while, maybe it's time to level up and grow as a leader in your community. Good leaders can benefit the whole movement.
|
||||
icon: fontawesome/solid/fist-raised
|
||||
cover: activism/banner-toolbox-tip-organize.webp
|
||||
---
|
||||
If you've been a privacy advocate for a while, maybe it's time to level up and **grow as a leader** in your community.
|
||||
|
||||
Becoming a leader can mean many things. Maybe for you, it's starting a local meetup, preparing educational workshops, organizing an event or protest, initiating online projects with a team, or even starting your own organization!
|
||||
|
||||
Here's what you can do to become a *good* leader in the privacy rights movement:
|
||||
|
||||
## Becoming a leader
|
||||
|
||||
There are many styles and scales of leadership. It could mean starting small by initiating actions that require fewer resources, or it can scale up to directing larger campaigns and organizations.
|
||||
|
||||
Regardless of the scale, it's important to become a *good* leader to lift your community up, which will benefit the whole movement.
|
||||
|
||||
Becoming a positive leader in your community doesn't mean running everything, and it doesn't mean being the only one taking decisions while telling others what to do either. First and foremost, ==it means supporting and inspiring people== to become the best privacy advocates they can be.
|
||||
|
||||
## Supporting others
|
||||
|
||||
Being a good leader is primarily being a good listener. A good leader will be attuned to their community, and support community members in reaching their full potential.
|
||||
|
||||
A good leader maximizes the activism strength and energy of each member. This allows the community to thrive, and multiplies the positive impact of everyone's effort.
|
||||
|
||||
<div class="admonition quote toolbox-quote" markdown>
|
||||
<p class="admonition-title toolbox-quote">Good leaders are the key to community organizing. They do not tell other people what to do, but help others to take charge. They do not grab center stage, but nudge others into the limelight.</p>
|
||||
|
||||
<p class="toolbox-quote-source" markdown>Source: [The Citizen's Handbook](https://citizenshandbook.org/1_08_lead.html)</p>
|
||||
|
||||
</div>
|
||||
|
||||
## Keys to positive leadership
|
||||
|
||||
Good leaders are like conductors. An orchestra conductor doesn't try to play each instrument by themselves, they trust the musicians to play each part on their own.
|
||||
|
||||
A good conductor ensures that each part is played in harmony with each other, to form a coherent whole, by communicating clearly and transparently with the musicians. They make sure that each musician has the tools and conditions they need to perform at the best of their skills, and always thank the musicians first when the audience applauds.
|
||||
|
||||
Here are a few tips that can help you become a positive leader in your community:
|
||||
|
||||
- [x] **Learn to delegate work** and split-up tasks. Do not try to do it all by yourself. Delegating and trusting others to do the work will also help prevent activism burnout.
|
||||
|
||||
- [x] **Trust the members of your group** according to their unique skill sets, and reach out to them when their [unique expertise](tip-value-allies-with-complementary-expertise.md) or experience is relevant to another part of the project.
|
||||
|
||||
- [x] **Show appreciation** both in private and in public, and [give credit](tip-give-credit-where-credit-is-due.md) where credit is due. This is incredibly important to retain the dedicated members of your group, and to attract new advocates.
|
||||
|
||||
- [x] **Inspire and support** your group members to reach their full potential, and to become the best privacy advocates they can be. Make sure their needs are met, and that they feel safe coming to you for requests.
|
||||
|
||||
- [x] **Build a team that is inclusive and diverse.** A [diverse team](tip-keep-your-posts-and-community-inclusive.md) will help your group gain a broader perspective, and be able to do more by having access to a diversity of experiences, skills, and networks. It will also help your message reach more people.
|
||||
|
||||
- [x] **Lead by example** adopting principles of [integrity](tip-stay-true-to-your-principles.md), transparency, and work-life balance. Valorize and exemplify these behaviors within your group.
|
||||
|
||||
- [x] **Plan and organize projects transparently.** Make sure the members of your group are aware of the direction you have in mind, and that they support it. Avoiding surprises internally will make your members feel safer, and will help with retention and satisfaction.
|
||||
|
||||
- [x] **Regularly ask** the members of your group which tasks they prefer to do, and in which direction they want to go. Your group members should enjoy what they are doing, otherwise they will not stick around. Review this regularly, as situations can change and evolve.
|
||||
|
||||
- [x] **Make sure your group members have all the rest and resources they need.** This is essential if you want a motivated team, with members that will invest the best of themselves in your group projects.
|
||||
|
||||
- [x] **Organize leisure opportunities** for your group to discuss together about things other than work, and bound as a team. This will help improve communication, increase morale, and build better relationships within your group, as well as nurture a sense of belonging. Don't make this mandatory, however. Respect everyone's personal availabilities and boundaries.
|
||||
|
||||
- [x] **Be (temporarily) replaceable.** If all the work your group does depends on your presence, all your projects will stop when you need to rest. This is a recipe for disaster, because you need to be able to [take time off](tip-take-time-to-rest.md) as much as any other members of your group. Have a backup plan ready, and communicate it with your group in advance. That way, if you fall sick, have to travel, or need time to take care of your family for a while, you will be able to take the time you need. Until you come back, you will be able to rest fully without stress, knowing your projects will keep running well despite your absence.
|
||||
|
||||
## Bigger projects to organize
|
||||
|
||||
There are so many ways to be a privacy activist, and so many types of actions that can help our movement.
|
||||
|
||||
In fact, it's important that we have a wide variety of initiatives to make this works. The more diverse our activism, the further we can spread the word and bring positive changes.
|
||||
|
||||
Here are a few ideas of actions you might want to consider in your privacy work:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🙌" "🔍" "✊" "✍️" "📃" "🗣️" "🎞️" "📖" "💛" "📚";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Form a group to develop a website** to inform and facilitate concrete action from the public to fight against a privacy issue. As an example, visit this impactful [web project](https://fightchatcontrol.eu/) to fight Chat Control developed by Joachim.
|
||||
|
||||
- **Develop a web page to inform the public on a privacy issues**, and conduct research to provide a list of which businesses or institutions are participating in the invasive practice, and which ones have pledged not to. As an example, check out this amazing [web page](https://www.banfacialrecognition.com/stores/#scorecard) to ban facial recognition in stores created by Fight for The Future.
|
||||
|
||||
- **Organize a campaign** to fight a specific issue, and reach out to other organizations to take part in a coalition. As an example, check this [website](https://stopscanningme.eu/en/) to push back against Chat Control developed by European Digital Rights (EDRi).
|
||||
|
||||
- **Start a petition** collecting citizen signatures to push against a privacy-invasive law or legislative proposal. As an example, read about the [petition](https://www.openrightsgroup.org/publications/joint-briefing-petition-debate-on-repealing-the-online-safety-act/) to repeal the invasive UK Online Safety Act, signed by over 550,000 people.
|
||||
|
||||
- **Gather experts to publicly support an open letter** opposing a privacy issue or supporting a privacy solution, and share it with the media. As an example, read this [open letter](https://csa-scientist-open-letter.org/Sep2025) opposing a Chat Control proposal, signed by over 800 scientists and researchers.
|
||||
|
||||
- **Speak publicly** to raise awareness on privacy issues and educate the public, if you are comfortable doing so. As an example, watch this moving TEDx [talk](https://www.youtube.com/watch?v=xSPRouBvgFE) by Carissa Véliz.
|
||||
|
||||
- **Start a privacy rights video channel** on your preferred privacy-preserving platform. As an example, check out Privacy Guides' [PeerTube](https://neat.tube/c/privacyguides/videos) and [Loops](https://loops.video/@privacyguides) channels.
|
||||
|
||||
- **Design educational online or printed material** to provide information about a specific privacy issue or protections. As an example, visit this [website](https://sls.eff.org/) about street level surveillance, or this border search pocket [guide](https://www.eff.org/document/eff-border-search-pocket-guide), both developed by the Electronic Frontier Foundation (EFF).
|
||||
|
||||
- **Write content to share your knowledge** about solutions to push back against Big Tech and surveillance capitalism, and encourage others to join your journey. As an example, explore this [blog](https://blog.elenarossini.com/tag/the-future-is-federated/) about joining the Fediverse written by Elena Rossini.
|
||||
|
||||
- Learn about more [types of actions](https://museumofprotest.org/methods/) you can use in your privacy activist work.
|
||||
|
||||
</div>
|
||||
|
||||
## Tools that can help you to assemble and organize
|
||||
|
||||
Here are a few privacy-focused tools and services that can help you to organize your groups and actions:
|
||||
|
||||
<div class="grid" markdown>
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**CryptPad** is a free open-source collaborative office suite that uses end-to-end encryption.
|
||||
|
||||
:page_with_curl: Use it as an alternative to Google Docs!
|
||||
|
||||
[More info](../../document-collaboration.md#cryptpad){ .md-button .md-button--primary }
|
||||
[:octicons-home-16:](https://cryptpad.fr/){ .card-link title="Homepage" }
|
||||
[:octicons-feed-star-16:](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/){ .card-link title="Our CryptPad review" }
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Mastodon** is a free and open-source microblogging social network.
|
||||
|
||||
:speech_balloon: Use it as an [alternative](tip-improve-your-social-media-and-build-resilient-communities.md) to commercial social media such as *X*, *Facebook*, *Instagram*, *Threads*, *TikTok*, or *Bluesky*.
|
||||
|
||||
[More info](../../social-networks.md#mastodon){ .md-button .md-button--primary }
|
||||
[:octicons-home-16:](https://joinmastodon.org/){ .card-link title="Homepage" }
|
||||
[:octicons-feed-star-16:](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/){ .card-link title="Notes on Mastodon Privacy & Security" }
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**Element** is a free open-source client for the [Matrix](https://matrix.org/) open standard for chat-room group communication.
|
||||
|
||||
:loudspeaker: Use it as a privacy-preserving alternative to *Slack* or *Discord*.
|
||||
|
||||
[More info](../../social-networks.md#element){ .md-button .md-button--primary }
|
||||
[:octicons-home-16:](https://element.io/){ .card-link title="Homepage" }
|
||||
|
||||
</div>
|
||||
|
||||
<div class="admonition recommendation" markdown>
|
||||
|
||||
{ align=right }
|
||||
|
||||
**PeerTube** is a free open-source video platform developed by the French nonprofit [Framasoft](https://framasoft.org/en/).
|
||||
|
||||
:video_camera: Use it to share videos with your community free from *YouTube*'s control.
|
||||
|
||||
[:octicons-home-16: Homepage](../../social-networks.md#peertube){ .md-button .md-button--primary }
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<style>
|
||||
.emoji-list-b ul {
|
||||
list-style: emoji-list-b;
|
||||
}
|
||||
@counter-style emoji-list-b {
|
||||
system: fixed;
|
||||
symbols: "🗺️" "📅" "☁️" "📂";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<details class="info emoji-list-b" markdown>
|
||||
<summary>More Alternatives 📗</summary>
|
||||
|
||||
- **Maps & Navigation:** [Organic Maps](../../maps.md#organic-maps) or [OsmAnd](../../maps.md#osmand)
|
||||
- **Calendar Sync:** [Tuta](../../calendar.md#tuta) or [Proton](../../calendar.md#proton-calendar)
|
||||
- **Cloud Storage:** [Proton Drive](../../cloud.md#proton-drive), [Tresorit](../../cloud.md#tresorit), or [Peergos](../../cloud.md#peergos)
|
||||
- **File Sharing:** [OnionShare](../../file-sharing.md#onionshare), [Send](../../file-sharing.md#send), or [Syncthing](../../file-sharing.md#syncthing-p2p)
|
||||
|
||||
More tools for community organization could include [LAUTI](https://lauti.org/) for community calendars, and [Mobilizon](https://mobilizon.org/) for events and groups. For more on better alternatives to use, you can check this [tip on why and how to migrate away from Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md) for your privacy advocacy work.
|
||||
|
||||
</details>
|
||||
|
||||
## More resources
|
||||
|
||||
### Leadership
|
||||
|
||||
- [Tips to become a good leader (*The Citizen's Handbook*)](https://citizenshandbook.org/1_08_lead.html)
|
||||
|
||||
- [Start a movement guide: Social movement building (*Activist Handbook*)](https://activisthandbook.org/organising/movement)
|
||||
|
||||
- [Positive leadership: 30 must-have traits and skills (*Positive Psychology*)](https://positivepsychology.com/positive-leadership/)
|
||||
|
||||
### Campaigns and Actions
|
||||
|
||||
- [New to activism, organising and campaigning? Start here! (*The Commons Social Change Library*)](https://commonslibrary.org/new-to-activism-organising-and-campaigning-start-here/)
|
||||
|
||||
- [How do we begin taking action in the community (*Community Tool Box*)](https://ctb.ku.edu/en/get-started)
|
||||
|
||||
- [The methods of nonviolent action (*Museum of Protest*)](https://museumofprotest.org/methods/)
|
||||
|
||||
- [Lobbying and advocacy: Start here (*The Commons Social Change Library*)](https://commonslibrary.org/lobbying-and-advocacy-start-here/)
|
||||
|
||||
- [Develop your activist strategy: Writing a strategy for your movement (*Activist Handbook*)](https://activisthandbook.org/strategy/develop)
|
||||
|
||||
- [Campaign accelerator training (*Mobilisation Lab*)](https://mobilisationlab.org/training-coaching/campaign-accelerator-training/)
|
||||
|
||||
<button class="toolbox-tip-button-next">[Go back to toolbox index :material-toolbox:](index.md)</button>
|
||||
@@ -0,0 +1,65 @@
|
||||
---
|
||||
title: Lift Your Allies Up
|
||||
description: The battle for privacy rights is difficult, and its defenders are scattered. This is why it's essential to support and uplift each other, every time we can.
|
||||
icon: fontawesome/solid/hand-holding-hand
|
||||
cover: activism/banner-toolbox-tip-lift.webp
|
||||
---
|
||||
At times, it might feel like the privacy community is niche and isolated.
|
||||
|
||||
The battle for privacy rights is difficult, and its defenders are scattered and spread out all around the world. This is why it's essential that we **support and uplift each other**, every time we can.
|
||||
|
||||
Here's how you can lift your allies up, and help to grow the movement:
|
||||
|
||||
## Your allies share your goals
|
||||
|
||||
It's easy to get lost in our own niche advocacy, and lose track of what others in our community are working on.
|
||||
|
||||
Nevertheless, if we want to [**build a movement**](tip-start-alliances-not-wars.md) (and to succeed, we must) we need all the help we can get, from every person and organization sharing our values.
|
||||
|
||||
- [x] Whenever you see an organization with a campaign compatible with your mission, lift them up!
|
||||
|
||||
- [x] Even if you are an organization yourself, lift others up too!
|
||||
|
||||
- [x] Even if you are also working on a similar project, lift them up with you!
|
||||
|
||||
It doesn't matter if you are working on something comparable yourself, or if perhaps you would word their work slightly differently. As long as the message is aligned with your mission and values, spread the words of your allies loud and far!
|
||||
|
||||
By lifting each other up, we will broaden the reach of the message we share, and ultimately this serves our goals and our community too.
|
||||
|
||||
In privacy advocacy, we truly need to adopt the mindset: ==The more, the merrier.==
|
||||
|
||||
## Concrete ways to support and lift your allies up
|
||||
|
||||
There are infinite ways to lift your allies up. Here are some ideas to get you started, whether you are an independent advocate, a digital rights organization, or a privacy-focused business:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "👍" "✍️" "💛" "🤝" "🙌" "✊";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- When an organization or business sharing you values starts a campaign, repost them on social media. Additionally, you can quote them or write about it yourself, while linking to their profile and campaign. Boost them up!
|
||||
|
||||
- If you are a writer, regularly link to material created by other trustworthy organizations and people sharing your values, while giving them credit.
|
||||
|
||||
- When an individual creates material favorable to your organization or project, take the time to repost them and thank them. This is bringing more people to your cause, without any work on your side!
|
||||
|
||||
- Change your mindset from competition to collaboration. See your peers as people fighting by your side. Whenever they win, you win too. Congratulate them on their successes, and support them in times of need.
|
||||
|
||||
- When you see that your allies need help with an expertise you have, try to offer your time and resources if you can afford it.
|
||||
|
||||
- When reaching out to your community, talk about your allies' work as well, and help people discover new resources. Everyone has different ways to absorb new information. Perhaps you can help others find resources that are more compatible with their needs, even if it's not your material. You are not losing a member when you refer people externally, you are winning, because you are contributing to grow the movement.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Bits of Freedom & Privacy Guides partnership announcement (*Privacy Guides*)](https://www.privacyguides.org/posts/2025/10/08/privacy-guides-bits-of-freedom-partnering-to-enhance-fixjeprivacy-nl/)
|
||||
|
||||
- [The Tor Project's allies uplifting Tor together (*Tor Project* short video)](https://www.youtube.com/shorts/-hFNMlsePsc)
|
||||
@@ -0,0 +1,55 @@
|
||||
---
|
||||
title: Make It Cute
|
||||
description: If you are developing a privacy-focused application or website, it's important that you do not neglect the design aspect of it. Make it cute!
|
||||
icon: fontawesome/solid/cat
|
||||
cover: activism/banner-toolbox-tip-cute.webp
|
||||
---
|
||||
If you are developing a privacy-focused application or website, it's important that you **do not neglect the design** aspect of it. This is a common mistake that can have a significant negative impact on adoption by a general audience. Make it cute!
|
||||
|
||||
Here's why you should make your design appealing and accessible to everyone:
|
||||
|
||||
## What happens when your app is ugly
|
||||
|
||||
Quality design for User Interface (UI) and User Experience (UX) is fundamental to product adoption. Unfortunately, this is regularly neglected by developers working on privacy-focused projects. Often, this is due to lack of resources, but sometimes it's simply an oversight.
|
||||
|
||||
The problem is that if your application or website isn't appealing visually, is awkward to use, difficult to understand, or use jargon inaccessible to newcomers, ==people who aren't already in your community are much less likely to adopt your product==, regardless of the privacy benefits it offers. Trying to tell people a billion times they should switch to using your app will be no help at all if it's unpleasant to use on a daily basis.
|
||||
|
||||
When your app is ugly, fewer people want to use it, and fewer people benefit from its protections. Minimizing the importance of visual appeal and ease-of-use will only impact your goals negatively.
|
||||
|
||||
## Beyond privacy features: Develop a product that is also accessible, functional, and cute!
|
||||
|
||||
If you've already done your homework to build the best app for people to protect their privacy, or the best website to provide privacy advice, here are other aspects you should consider to increase your product's popularity:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "☑️" "🎁" "🥰" "⭐️" "🚀";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- Make sure that your app or website is [accessible](tip-be-mindful-of-accessibility.md) as much as possible. Accessibility will not only make more people able to use your application, but it's likely to also improve user experience for everyone.
|
||||
|
||||
- Wrap your product in a pretty package. If you can afford it, hire a professional designer to polish your app or website interface, as well as your organization's logo and promotional material. Design can truly be a make-or-break moment. Do not neglect it!
|
||||
|
||||
- People like cute things! Make your app and content cute! Additionally, this helps to make technically-intimidating projects feel more accessible to newcomers and beginners.
|
||||
|
||||
- Use good design to reinforce your privacy features or topics. Visual elements can be great assets to bring more attention to your product or content, and to highlight important privacy features in your application. Use design to guide users instinctively towards good privacy. And use design to make the information you share on your website or other content easier to digest.
|
||||
|
||||
- Make sure your application or website isn't just cute and privacy-positive, but also *functional*. Without good user experience, you will not be able to retain the users or readers you have managed to attract with cuteness or privacy, and people will move back to their old bad habits.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Why are cute objects so seductive (*Laura Sabau Tatar*)](https://uxdesign.cc/why-are-cute-objects-so-seductive-8de1c58bd47c)
|
||||
|
||||
- [The importance of User Interface (UI) and User Experience (UX) design (*Geeks for Geeks*)](https://www.geeksforgeeks.org/websites-apps/importance-of-ui-ux-design/)
|
||||
|
||||
- [Why do open source applications often have less polished UIs than commercial software (*Darren Horrocks*)](https://www.darrenhorrocks.co.uk/why-open-source-ui-design-sucks/)
|
||||
|
||||
- [How to start with design in your open source project (*All Things Open*)](https://allthingsopen.org/articles/start-design-open-source-project)
|
||||
@@ -0,0 +1,129 @@
|
||||
---
|
||||
title: Migrate Outside The Surveillance Ecosystem
|
||||
description: As privacy activists, it's important to lead by example and support the tools and organizations with good privacy practices, by moving away from Big Tech.
|
||||
icon: fontawesome/solid/arrow-right-from-bracket
|
||||
cover: activism/banner-toolbox-tip-migrate.webp
|
||||
---
|
||||
As privacy activists, it's not only important to support the tools and organizations with good privacy practices, but also to lead by example when it comes to **moving away from the surveillance ecosystem**. We cannot afford to compromise our principles simply for [convenience](https://www.privacyguides.org/articles/2025/06/07/selling-surveillance-as-convenience/).
|
||||
|
||||
Here's why and how to move away from Big Tech and embrace alternatives:
|
||||
|
||||
## The cost of using Big Tech in our privacy work
|
||||
|
||||
While using the most popular mainstream tools and platforms for our work might seem efficient at first, there can be an immense cost to it, if these tools and platforms aren't aligned with our privacy values.
|
||||
|
||||
<style>
|
||||
.emoji-list-a ol {
|
||||
list-style: big-tech;
|
||||
}
|
||||
@counter-style big-tech {
|
||||
system: cyclic;
|
||||
symbols: "👁️🗨️" "⚠️" "🚨" "⛔️" "💛";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
1. The first drawback is that by using products that are antithetical to our values, we are directly participating in sustaining anti-privacy corporations and contributing to [surveillance capitalism](../../basics/common-threats.md/#surveillance-as-a-business-model).
|
||||
|
||||
2. The second drawback is that simply by using Big Tech tools, we are indirectly promoting the usage of services that are horrible for everyone's privacy.
|
||||
|
||||
3. The third drawback is that if we use these tools in our action and communications, we are then endangering the data of others who rely on our expertise to keep their data safe. They might think: "If this privacy advocate asks me to fill a Google form, it's probably safe enough to use Google products for sensitive data."
|
||||
|
||||
With great *knowledge* comes great responsibility. We must protect the data people share with us, even more than we would our own.
|
||||
|
||||
4. The fourth drawback is that, as privacy activists, demanding that others use tools violating their privacy rights to communicate with us can damage our credibility, and have a negative impact on the whole community. Observers might think: "If all these privacy advocates use Facebook groups, why should I listen when they recommend that I move away from Facebook?"
|
||||
|
||||
5. Finally, the fifth drawback is that we need to be *leading by example* and demonstrate that it **is** possible to live a connected life without using privacy-invasive tech.
|
||||
|
||||
Because a better world *is* actually possible, right now. It might not be as easy and as convenient, but it's certainly possible to thrive outside the Big Tech surveillance apparatus, especially for privacy activists and digital rights organizations.
|
||||
|
||||
As the saying goes: ==If not us, then who? If not now, then when?==
|
||||
|
||||
</div>
|
||||
|
||||
## How to migrate away from privacy-harmful tools and choose better alternatives
|
||||
|
||||
<div class="admonition question inline end" markdown>
|
||||
<p class="admonition-title">What is the best tool?</p>
|
||||
|
||||
For each proposed alternative, you should always first consider your own [threat model](../../basics/threat-modeling.md). One tool might be ideal for one person or organization, but another tool might be better for another. Make sure to understand well your threat model in order to choose the tools that are the best for your unique situation.
|
||||
|
||||
</div>
|
||||
|
||||
There are two good news about this:
|
||||
|
||||
- First, there are many wonderful alternatives that already exist to support all kind of tasks, and that will preserve your privacy and the privacy of the people you communicate with.
|
||||
|
||||
- Second, you don't have to do it all at once! Start your migration process slowly, but be persistent about it over the whole year.
|
||||
|
||||
Here's a list of alternative solutions you can start adopting to improve data privacy in your advocacy work:
|
||||
|
||||
### For individuals and organizations
|
||||
|
||||
<style>
|
||||
.emoji-list-b ul {
|
||||
list-style: tools-individuals;
|
||||
}
|
||||
@counter-style tools-individuals {
|
||||
system: fixed;
|
||||
symbols: "💬" "🧅" "📧" "📑" "☁️" "❓" "📆" "🗣️" "🍪" "🔇" "🤖" "💼" "📞" "🐘";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-b" markdown>
|
||||
|
||||
- **[Messaging communication](../../real-time-communication.md):** Move your text message communication, audio calls, and video calls to a secure messenger like Signal. Enable features like Signal's username option, and disappearing messages.
|
||||
|
||||
- **Sensitive messaging communication:** If your threat model requires a peer-to-peer solution that doesn't need a phone number and transits over the [Tor network](https://www.privacyguides.org/articles/2025/04/30/in-praise-of-tor/), you might want to use an application such as [Cwtch](https://docs.cwtch.im/) or [Briar](../../real-time-communication.md/#briar).
|
||||
|
||||
- **[Email communication](../../email.md):** Migrate to a privacy-respectful email service that offers end-to-end encryption, such as Proton Mail or Tuta. Make sure to inform yourself about the limitations of email privacy when using email for sensitive communication.
|
||||
|
||||
<section class="admonition success inline end" markdown>
|
||||
<p class="admonition-title">Service providers disclosure and compatibility</p>
|
||||
|
||||
If you use your own custom domain name for email addresses, let the people you communicate with know what your service provider is.
|
||||
|
||||
That way, they will know that if they use a compatible service provider, they might benefit from end-to-end encryption protections for the content of their communications with you without requiring any additional steps.
|
||||
|
||||
For example, this is the case when emailing from a Proton Mail account to another Proton Mail account, or from a Tuta Mail account to another Tuta Mail account.
|
||||
|
||||
</section>
|
||||
|
||||
- **[Document storing and sharing](../../document-collaboration.md):** Move away from privacy-invasive Google products to store and share documents. Instead, use an end-to-end encrypted solution such as [CryptPad](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/) for your collaborative documents and forms. Proton Drive also offers collaborative documents with *Proton Docs* and *Sheets*.
|
||||
|
||||
- **[Storing files](../../cloud.md):** Choose an end-to-end encrypted cloud solution to store and share files. Always keep in mind that if a cloud service provider doesn't offer solid end-to-end encryption, then it can potentially access any of your stored files.
|
||||
|
||||
- **Surveys:** Stop using products such as Google Forms to poll your community. Instead, choose a privacy-focused alternative such as [CryptPad Form](https://www.privacyguides.org/articles/2025/02/07/cryptpad-review/#form) or [Framaforms](https://framaforms.org/abc/en/).
|
||||
|
||||
- **[Online calendar](../../calendar.md):** Your online calendar can be an important source of sensitive data. Moreover, you might store other's people data in it, or use it to share event links with collaborators. It's essential to make sure to use a privacy-protecting solution for online and collaborative calendars.
|
||||
|
||||
- **Groups and events:** When organizing groups or events, be careful to choose platforms that are privacy-respectful and don't require participants to register personal information. Keep in mind that if you only use Facebook groups, you are contributing to people staying on a privacy-invasive platform. If you only use a closed Meetup group, you are demanding people create an account and share their sensitive data in order to join. Instead, use privacy-respectful platforms such as [Mobilizon](https://mobilizon.org/) or [LAUTI](https://lauti.org/) for groups and events, [Discourse](https://www.discourse.org/) for forums, or simply use your own website to advertise in-person events.
|
||||
|
||||
- **Website analytics and cookies:** If you own a website for your organization or for your individual advocacy, make sure to remove from it any [tracking technologies](https://blog.mozilla.org/en/firefox/cross-site-tracking-lets-unpack-that/) that could be sending your visitors' data to Google, Facebook, or other advertising corporations. You shouldn't need a cookie banner for your website, because *your website shouldn't use any non-essential cookies*. If you really need website analytics, try using a privacy-respectful alternative such as [Umami](https://umami.is/) or [Plausible Analytics](https://plausible.io/).
|
||||
|
||||
- **Smart devices:** Whether you are meeting with other advocates at home or organizing an event, make sure the location is free from Big Tech [surveillance devices](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/#notify-guests-if-you-are-using-a-smart-speaker) that might get easily forgotten. This may include a doorbell equipped with a camera, a smart speaker such as Amazon Echo, Google Home or Google Nest, or any other audio or video recording devices that is on. Physically unplug any such devices in the location *before* guests arrive. If you cannot unplug them, at least provide a proper warning to any guests before they enter the location and the device collects their audio or video data.
|
||||
|
||||
- **Usage of AI:** Be extremely careful if you are using AI platforms. Most current mainstream AI products will send at least some data or metadata to the company's remote server. This can create many privacy issues, ranging from mild to severe. Never use these products to upload data about another person without their *prior explicit consent*. Ideally, refrain from using any AI tools in your advocacy work entirely.
|
||||
|
||||
- **Candidates data:** If your organization hires people, be mindful of how you handle candidates' data. Try to select privacy-respecting solutions such as email communication instead of using commercial platforms that might share candidates' data with third-parties. Only request the minimum information required from applicants, and always delete all data you are no longer required to keep as soon as you don't need it anymore.
|
||||
|
||||
- **Availability:** Make sure you or your organization is reachable outside the Big Tech ecosystem. If your organization only has a Facebook page, then people without a Facebook account cannot reach out to you. The same is true for other commercial social media. Instead, try to rely on a website you control yourself, or a social network page you can host yourself.
|
||||
|
||||
- **[Social media](../../social-networks.md):** Move away from commercial social media platforms. Mainstream platforms are almost all abusing their users' data. By keeping an account there, you are indirectly encouraging your followers to stay there as well, perpetuating the platform's abuse.
|
||||
|
||||
While you may want to keep a minimal presence to advertise that you have now moved your activity to a more privacy-respectful platform, you should keep your engagement there to a minimum.
|
||||
|
||||
Instead, migrate your advocacy work to better social networks that aren't abusing users' data, and encourage your followers to migrate with you. Choose and support a platform that is more aligned with your privacy values, such as [Mastodon](https://www.privacyguides.org/articles/2025/07/15/mastodon-privacy-and-security/) or any other open-source non-commercial applications connected to the [Fediverse](https://blog.elenarossini.com/fediverse-video/).
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Alternatives to Big Tech that have been vetted by our community (*Privacy Guides*)](../../tools.md)
|
||||
|
||||
- [Privacy-respecting European tech alternatives (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/19/private-european-alternatives/)
|
||||
|
||||
- [Helpful articles and tips to migrate out of Big Tech (*The Opt Out Project*)](https://www.optoutproject.net/)
|
||||
|
||||
- [More advices on how to improve your privacy if you are just getting started (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/24/privacy-is-like-broccoli/#tools-and-services-you-can-start-using)
|
||||
@@ -0,0 +1,106 @@
|
||||
---
|
||||
title: Protect Your Allies
|
||||
description: Through your privacy work, it's crucial to protect the data of your allies in all that you do, whether it's individual action or leading an organization.
|
||||
icon: fontawesome/solid/shield-heart
|
||||
cover: activism/banner-toolbox-tip-protect.webp
|
||||
---
|
||||
Through your privacy advocacy work, be careful to never collect or share the data of others without their prior explicit consent. It's crucial to **protect your allies' data** in all that you do, whether it's individual action, organizing an event, or leading an organization.
|
||||
|
||||
Here's what you can do to safeguard the data of your privacy comrades:
|
||||
|
||||
## Where we might collect and share the data of others
|
||||
|
||||
There are many ways we might collect the data of others in the course of our advocacy, sometimes without even realizing it.
|
||||
|
||||
It's important to develop an awareness of the data we collect and share ourselves, and protect the data of others with the greatest care. Not only is this critical for [integrity](tip-stay-true-to-your-principles.md), but it's also fundamental to build and keep the trust of our allies. This in return is essential to build and grow our movement.
|
||||
|
||||
Here are a some examples of other people's data we might collect or share in the context of our privacy advocacy work, whether intentionally or inadvertently:
|
||||
|
||||
<div class="grid" markdown>
|
||||
|
||||
<div markdown>
|
||||
|
||||
- [ ] Contact information (personal advocacy or professional work)
|
||||
- [ ] Donation information (including legal names, emails, and phone numbers)
|
||||
- [ ] Purchase information (including legal names and shipping addresses)
|
||||
- [ ] Mailing list email addresses
|
||||
- [ ] Email content
|
||||
- [ ] Instant messaging content
|
||||
- [ ] Forum post content
|
||||
- [ ] Login credentials
|
||||
- [ ] Internet Protocol (IP) addresses
|
||||
- [ ] Website telemetry data
|
||||
- [ ] Website cookies and fingerprinting data
|
||||
- [ ] Chatbot logs
|
||||
- [ ] Survey answers
|
||||
- [ ] Shared documents
|
||||
|
||||
</div>
|
||||
|
||||
<div markdown>
|
||||
|
||||
- [ ] Shared photos and images
|
||||
- [ ] Legal names of people on work contracts or partnership agreements
|
||||
- [ ] Home addresses of people on work contracts or partnership agreements
|
||||
- [ ] Resumes and cover letters from job applicants
|
||||
- [ ] Recordings or screenshots of video or audio meetings
|
||||
- [ ] Behind-the-scene video footage from interviews
|
||||
- [ ] Videos we take during meetups, events, or protests
|
||||
- [ ] Photos we take during meetups, events, or protests
|
||||
- [ ] License plates information from event photos or event parking lot management
|
||||
- [ ] Security camera footage
|
||||
- [ ] Dietary restrictions/preferences and health information for events
|
||||
- [ ] Screenshots of people's social media posts
|
||||
- [ ] And so much more
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
## How to protect the data of others
|
||||
|
||||
Each time we collect data from others, we become its guardian. This isn't a small responsibility, and we should always treat the data of others as [toxic asset](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html).
|
||||
|
||||
We should always only collect and keep what was obtained consensually, and what is strictly required for operations.
|
||||
|
||||
Regardless of the data we have to collect, we should always make sure to:
|
||||
|
||||
1. **Minimize** data collection by verifying that it is absolutely necessary for the task ([data minimization](https://en.wikipedia.org/wiki/Data_minimization)).
|
||||
|
||||
2. **Ask for consent** from the data subject *before* collecting any data, and make sure consent is explicit and informed.
|
||||
|
||||
3. **Protect** the collected data with adequate and proportional security measures, ideally using [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) every time this is possible.
|
||||
|
||||
- If this data needs to be shared with a third-party or a service provider, obtain data subject's consent prior to sharing, and verify the third-party or service provider offers adequate protections and proper deletion mechanisms.
|
||||
|
||||
4. **Delete** the data as soon as it isn't needed anymore, and ensure deletion is done thoroughly.
|
||||
|
||||
### Some practices to normalize in our advocacy work
|
||||
|
||||
- [x] Asking for consent before sharing someone's information (legal name, location, contact information, photos, etc.).
|
||||
|
||||
- [x] Asking people what name and pronouns they want to be referred to publicly.
|
||||
|
||||
- [x] Asking people how (and if) they would like to be credited publicly.
|
||||
|
||||
- [x] Asking for permission before using the quote of someone else in our own work.
|
||||
|
||||
- [x] Asking for permission before publishing a screenshot of someone else's post.
|
||||
|
||||
- [x] Respecting people's choices to show their face publicly or not.
|
||||
|
||||
- [x] Asking for consent before taking photos at meetups or events.
|
||||
|
||||
- [x] Blurring the faces of strangers in crowd photos (especially for children).
|
||||
|
||||
- [x] Using consent badges for photo permission at event, or ideally forbidding taking nonconsensual photos entirely.
|
||||
|
||||
- [x] Warning people in advance when there are recording technologies on premise (such as smart speakers or other recording devices).
|
||||
|
||||
- [x] Not requiring guests to sign up for events. Making sure all the information is public, without requiring to provide any personal information in order to participate.
|
||||
|
||||
## More resources
|
||||
|
||||
- [Data is a toxic asset (*Bruce Schneier*)](https://www.schneier.com/blog/archives/2016/03/data_is_a_toxic.html)
|
||||
|
||||
- [The importance of protecting the data of others (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/03/10/the-privacy-of-others/)
|
||||
@@ -0,0 +1,79 @@
|
||||
---
|
||||
title: Refuse to Participate
|
||||
description: As privacy activists, we must be a voice for resistance and take a stand against abusive practices, by refusing to comply with privacy-intrusive requests.
|
||||
icon: fontawesome/solid/xmark-circle
|
||||
cover: activism/banner-toolbox-tip-refuse.webp
|
||||
---
|
||||
As privacy advocates and activists, it's important to **be a voice for resistance** and take a stand against abusive practices. One substantial way to do this is to refuse to participate in privacy-intrusive requests, or use invasive software.
|
||||
|
||||
Here's how you can refuse to comply with privacy-abusive practices, and why it's imperative that you do whenever possible:
|
||||
|
||||
## The risk of complying with privacy-invasive requests
|
||||
|
||||
Requests to invade our privacy are part of our daily lives in today's world. Whether it's a store cashier banally asking for our phone number after a purchase, or a prominent facial scan at the airport with no clear instructions on how to opt out, ==privacy-invasive requests have become so normalized== that most people barely notice them anymore.
|
||||
|
||||
The problem is, each time we mindlessly comply because we are tired, rushed, or failed to even notice how unnecessary and intrusive this is, we directly contribute in normalizing bad practices even more.
|
||||
|
||||
While it might be ambitious to expect people who aren't even aware of privacy issues to say no, as privacy advocates we have a responsibility to lead by example, and refuse every single time we legally can. Ideally, we should also document and report on our experience, as this presents a unique opportunity to raise awareness on the issue.
|
||||
|
||||
## The risk of using privacy-abusive platforms
|
||||
|
||||
Each time we use a platform, tool, or service that is privacy-invasive in our practice, we also contribute in normalizing the use of privacy-abusive software.
|
||||
|
||||
It's not always easy to [leave Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md) and adopt more privacy-preserving technologies in our daily work. Nevertheless, it's an essential part of our advocacy.
|
||||
|
||||
When we use products that do not reflect the values we are asking people to adopt, we not only undermine our own credibility as privacy advocates, but we also harm the privacy rights movement as a whole. It's crucial to lead by example and publicly refuse to use and participate in privacy-abusive platforms, as much as feasible for our situation.
|
||||
|
||||
## How to refuse to participate in abusive practices, and take a stand for privacy rights
|
||||
|
||||
There are many ways to refuse to participate in privacy-invasive practices and platforms. Here are a few things you can try to do in your daily life, and in your privacy advocacy work:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "⛔️" "🍪" "🏷️" "📦" "🌱" "⚙️" "🙅" "ℹ️" "🪪" "🚨" "🔒" "🤖" "📢";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- Use an [ad blocker](https://www.privacyguides.org/en/browser-extensions/) everywhere you can.
|
||||
|
||||
- Categorically and obstinately reject all cookies, every single time.
|
||||
|
||||
- Read apps' privacy-labels, and always favor applications that are the least intrusive.
|
||||
|
||||
- Migrate [away from abusive Big Tech](tip-migrate-outside-the-surveillance-ecosystem.md) products and platforms.
|
||||
|
||||
- Try to move out or reduce your usage of [privacy-exploiting social media](tip-improve-your-social-media-and-build-resilient-communities.md).
|
||||
|
||||
- Each time you install a new application or create a new account, go through the settings to disable all the privacy-invasive features you can disable. Make sure to disable any AI features as well.
|
||||
|
||||
- When requested to provide unnecessary personal information by a cashier or an online form, firmly refuse to provide anything that isn't legally necessary.
|
||||
|
||||
- Inform yourself in advance about potential legal options to opt out of privacy-invasive technologies such as airport facial scanner.
|
||||
|
||||
- Refuse to provide an official piece of ID online for purposes that aren't strictly necessary, such as government requests. Do not comply with intrusive [age-verification](https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/) processes. Leave your account abandoned instead, or [delete it](../../basics/account-deletion.md) if you still can. Additionally, consider contacting your government representatives and the platform's complaint email to voice your privacy concerns about such practice.
|
||||
|
||||
- [Report privacy violations](tip-report-privacy-violations.md) of your local privacy laws whenever you can.
|
||||
|
||||
- Depending on your position, refuse to collect or share personal information on others without their prior, explicit, and informed consent (unless you are *legally* required). Be mindful of the software or third-party partners you use that could inadvertently share more information about others than you intended, such as [website telemetry](https://sebastiangreger.net/2014/02/privacy-aware-design-replacing-google-analytics/) or [social media buttons](https://www.tunnelbear.com/blog/why-we-created-our-own-social-media-buttons-on-our-website/).
|
||||
|
||||
- Never share the personal information of others with an AI chatbot or platform. Decline to do this in your work, whenever possible.
|
||||
|
||||
- Promote refusal around you. Inform others of their rights and responsibilities to opt out. Create accessible guides to educate the public on how they can also refuse to participate.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [*Privacy Guides* tools and services recommendations](../../tools.md)
|
||||
|
||||
- [You can say NO (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/06/17/you-can-say-no/)
|
||||
|
||||
- [Selling surveillance as convenience (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/06/07/selling-surveillance-as-convenience/)
|
||||
|
||||
- [6 effective tips to politely say no (*Science of People*)](https://www.scienceofpeople.com/how-to-say-no/)
|
||||
@@ -0,0 +1,193 @@
|
||||
---
|
||||
title: Report Privacy Violations
|
||||
description: Submitting an official complaint for violation of your privacy rights is often simple, and can have a significant positive impact for your community.
|
||||
icon: fontawesome/solid/gavel
|
||||
cover: activism/banner-toolbox-tip-report.webp
|
||||
---
|
||||
Once you are [informed on your local privacy laws](tip-know-your-privacy-laws.md), it's important to get familiar with the process to **report violations of the law**. Submitting an official complaint is often simple, and can have a significant impact both for yourself and for your community.
|
||||
|
||||
Here's why and how you should report violations of your local privacy laws:
|
||||
|
||||
<div class="admonition note" markdown>
|
||||
<p class="admonition-title">International variations</p>
|
||||
|
||||
There are hundreds of privacy regulations currently in effect in the world. Moreover, each country might have multiple privacy laws protecting different regions/states/provinces, and different types of data (health data, children's data, employees' data, etc.).
|
||||
|
||||
This tip cannot cover each regulation individually. There will be variations for each privacy law applicable. Read this tip as a general advice and a starting point to guide you through your own regional research.
|
||||
|
||||
</div>
|
||||
|
||||
## Why reporting violations matters
|
||||
|
||||
For many (if not most) privacy regulations, there isn't a mechanism to systematically audit every single organization collecting data from people located in its jurisdiction.
|
||||
|
||||
Unless the enforcing authority decides to investigate an especially important abuse, the process often relies on individual complaints reporting violations of [**data subject**](tip-know-your-privacy-laws.md#where-is-the-data-subject) rights in order to trigger an investigation.
|
||||
|
||||
If you believe that your privacy rights have been violated by an organization, infringing your local privacy regulations, you can likely report this violation to the entity responsible for enforcing the law, the **Data Protection Authority** (DPA).
|
||||
|
||||
<div class="admonition info inline end" markdown>
|
||||
<p class="admonition-title">What is a Data Protection Authority?</p>
|
||||
|
||||
Again, different laws might use different terms for this, depending on the region. For example, in Canada the enforcing authority for a privacy law is often called a *Privacy Commissioner*. In Europe, the term used is a *Data Protection Authority*. In the state of California in the United States, the entity responsible for enforcing the California Consumer Privacy Act (CCPA) is the *California Privacy Protection Agency*.
|
||||
|
||||
This text will use **Data Protection Authority** or **DPA** as an umbrella term to refer to any authorities mandated to enforce a privacy regulation.
|
||||
|
||||
</div>
|
||||
|
||||
Reporting even small violations can help improve privacy rights not only for yourself but for everyone else as well.
|
||||
|
||||
Often, reporting is simple and can make a big difference down the line, especially in number.
|
||||
|
||||
Once an organization is ordered to bring corrective changes or is sanctioned for malpractice by a DPA, this can have many beneficial effects at the individual and collective level:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🧑⚖️" "🚮" "🚫" "⏭️" "🚨" "ℹ️" "🔍";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- A delinquent organization might be mandated by law to correct the problem. For example, a company without a clear privacy policy might be ordered to publish one.
|
||||
|
||||
- You might be able to get personal data that you were unable to delete before finally deleted with the help of your DPA (and similarly for access requests).
|
||||
|
||||
- An abusive organization might be banned from operating in your country entirely.
|
||||
|
||||
- Individual complaints can create a legal precedent that could speed up enforcement for similar violations in the future.
|
||||
|
||||
- Strong sanctions that are made public can send a powerful warning to other organizations to avoid making the same mistakes, and adopt corrective privacy-protective measures preventively.
|
||||
|
||||
- Cases and sanctions that are publicized can notify the public about potential problems, and potential solutions.
|
||||
|
||||
- If a DPA receives multiple complaints targeting a single organization, they might decide to launch a larger investigation and order the organization to improve its privacy practices more broadly.
|
||||
|
||||
</div>
|
||||
|
||||
## When you can report a violation
|
||||
|
||||
You can **submit a complaint** any time your local privacy rights have been violated by an organization required to comply with the law, and you weren't able to resolve the issue on your own.
|
||||
|
||||
To report a privacy law violation, first ask yourself these questions:
|
||||
|
||||
- [x] Following the criteria described in your local privacy regulation, is the organization obligated to comply with this law?
|
||||
|
||||
- [x] Is your affected information considered *personal information* under the law?
|
||||
|
||||
- [x] Which article(s) of the law has the organization breached?
|
||||
|
||||
When in doubt, never hesitate to send any questions you have to your local DPA.
|
||||
|
||||
The people working at your local DPA are the best specialists to contact to get the most accurate information specific to your local privacy protections.
|
||||
|
||||
## How to report a violation
|
||||
|
||||
Most regulations will have a clear process to submit an official complaint.
|
||||
|
||||
Once you've found the official documentation for your local privacy law(s), read through it to find who is responsible for enforcing the law (who is your DPA), and what the complaint process is.
|
||||
|
||||
Before submitting a complaint, you may want to:
|
||||
|
||||
### 1. Document everything you can
|
||||
|
||||
Try to collect as much information as possible to support your case.
|
||||
|
||||
Save copies of your email communication with the organization, take screenshots of the organization's chatbot replies to you, print to PDF the organization's privacy policy, etc.
|
||||
|
||||
### 2. Try contacting the organization directly
|
||||
|
||||
Depending on the context and violation, some legislations will require that you first contact the organization to attempt to resolve the problem directly.
|
||||
|
||||
For example, let's say you want to delete your account's data but cannot find a way to do this within the application. You could then contact the organization's *privacy officer* to request data deletion. If you don't receive any replies after a certain number of days (usually around 30 or 45 days, depending on regulations), you can then submit a complaint to your DPA to help you resolve this issue, if your local laws include a [Right to Erasure/Delete](https://gdpr-info.eu/art-17-gdpr/) or equivalent.
|
||||
|
||||
This is applicable for any other data subject rights.
|
||||
|
||||
### 3. File an official complaint with your Data Protection Authority
|
||||
|
||||
On the website of your local DPA, you should be able to find either a form to submit a complaint or an email address you can contact with the details.
|
||||
|
||||
When sending an official complaint, make sure to:
|
||||
|
||||
<style>
|
||||
.emoji-list-b ul {
|
||||
list-style: emoji-list-b;
|
||||
}
|
||||
@counter-style emoji-list-b {
|
||||
system: fixed;
|
||||
symbols: "📚" "🏢" "💬" "🔒" "📑";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-b" markdown>
|
||||
|
||||
- Follow the complaint process as described in the law or on the DPA's website.
|
||||
|
||||
- Have the name and contact information of the organization you want to report.
|
||||
|
||||
- Have a precise summary of the privacy violation and the steps you have taken so far to try resolving the issue.
|
||||
|
||||
- Be mindful of the information you share in your complaint.
|
||||
|
||||
This information could get shared with the organization you are complaining against, or even partially published later on. Read the DPA's privacy policy about complaint information, and do not hesitate to ask your DPA questions from an anonymous email address beforehand if needed.
|
||||
|
||||
- Be ready to share additional evidences if your DPA requests it.
|
||||
|
||||
This might include screenshots of the infraction, email communication with the delinquent organization, link to the organization's privacy policy, or any other evidences related to your case.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
<style>
|
||||
.emoji-list-c ul {
|
||||
list-style: emoji-list-c;
|
||||
}
|
||||
@counter-style emoji-list-c {
|
||||
system: cyclic;
|
||||
symbols: "🗺️";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-c" markdown>
|
||||
|
||||
- [European Union Member States Data Protection Authorities - List and Map (*EDPB*)](https://www.edpb.europa.eu/about-edpb/about-edpb/members_en)
|
||||
|
||||
</div>
|
||||
|
||||
### Complaint form and process examples (region/law/DPA)
|
||||
|
||||
<style>
|
||||
.emoji-list-d ul {
|
||||
list-style: emoji-list-d;
|
||||
}
|
||||
@counter-style emoji-list-d {
|
||||
system: fixed;
|
||||
symbols: "🇦🇺" "🇨🇦" "🇨🇦" "🇫🇷" "🇮🇪" "🇳🇬" "🇬🇧" "🇺🇸" "🇺🇸";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-d" markdown>
|
||||
|
||||
- [Australia (Privacy Act): Office of the Australian Information Commissioner](https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us)
|
||||
|
||||
- [Canada (PIPEDA): Office of the Privacy Commissioner of Canada](https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/)
|
||||
|
||||
- [Canada-Quebec (Law 25): Commission d’accès à l’information du Québec](https://formulaire.cai.gouv.qc.ca/)
|
||||
|
||||
- [France (GDPR): Commission Nationale de l’Informatique et des Libertés](https://www.cnil.fr/fr/plaintes)
|
||||
|
||||
- [Ireland (GDPR): Data Protection Commission](https://www.dataprotection.ie/en/individuals/exercising-your-rights/raising-concern-commission)
|
||||
|
||||
- [Nigeria (NDPA): Nigeria Data Protection Commission](https://services.ndpc.gov.ng/breach/)
|
||||
|
||||
- [United Kingdom (UK GDPR): Information Commissioner's Office](https://ico.org.uk/make-a-complaint/data-protection-complaints/)
|
||||
|
||||
- [United States-California (CCPA): California Privacy Protection Agency](https://www.cppa.ca.gov/webapplications/complaint)
|
||||
|
||||
- [United States-Texas (TDPSA): Office of the Attorney General](https://consumerprotection.texasattorneygeneral.gov/consumercomplaintportal/s/)
|
||||
|
||||
</div>
|
||||
@@ -0,0 +1,83 @@
|
||||
---
|
||||
title: Small Actions Matter
|
||||
description: There is so much to do to improve privacy rights. So much, that it's sometimes easy to feel discouraged. But everything helps, and even small action matters.
|
||||
icon: fontawesome/solid/puzzle-piece
|
||||
cover: activism/banner-toolbox-tip-small.webp
|
||||
---
|
||||
There is so much to do in the movement for better privacy rights. So much, that it's sometimes easy to feel discouraged when facing the scale of what's left to accomplish. But **everything helps**. Every small improvement counts, and every small victory should be celebrated.
|
||||
|
||||
Even if you don't feel like you have the [energy](tip-take-time-to-rest.md) to move a mountain today, there are plenty of small actions you can do.
|
||||
|
||||
Moreover, you don't have to move this mountain alone! If you push on it a little today, and a thousand people join you tomorrow, then a thousand more the day after, this mountain will eventually move.
|
||||
|
||||
Here's why every action and each victory matter, no matter how small:
|
||||
|
||||
## Small actions cumulate over time, and with numbers
|
||||
|
||||
Discouragement often emerges from envisioning too much of what's left to do at once. While it's important to [expand your perspective](tip-dont-stop-at-individual-solutions.md), when it comes to action, it's also important to segment the task at hand into smaller bites.
|
||||
|
||||
Even if you do not have the resources to organize a large campaign around a privacy issue, do not minimize the power that you have.
|
||||
|
||||
All the ==small contributions you can make will culminate over time==, and end up having a significant impact overall.
|
||||
|
||||
Additionally, you are [not alone](tip-lift-your-allies-up.md) in this battle. If you can make a small contribution today, and perhaps convince one or two other advocates to do the same, you have already contributed significantly to the movement.
|
||||
|
||||
## Divide your big ideas in small bites
|
||||
|
||||
Whenever you have a big idea to attack a privacy issue, make sure to [plan out your action](https://commonslibrary.org/effective-activist-strategic-plans/) by splitting up the task over time, and delegating to allies.
|
||||
|
||||
For example, if you want to organize a petition, perhaps ask one person to help with the website infrastructure, another with the design, another with the text, and another with the backend. Then, instead of trying to collect one million signatures by yourself, try to find allies and ask if they can help collect a few signatures each. Multiply your small impact by delegating to many.
|
||||
|
||||
Each person who signs the petition is contributing their own small action. Each person who helps spread the word about the petition is adding another small action. And each person who contributes to promoting the petition on their own channels helps as well. All this counts, and it all matters.
|
||||
|
||||
What can seem like a large project at first can become much more realistic and manageable after delegating and splitting up the tasks.
|
||||
|
||||
## Evaluate your resources, and see what's possible within these limitations
|
||||
|
||||
What you can accomplish will, of course, depend on the resources you have access to. If you are an individual, or a small organization with a very tight budget, you will not be able to commit as many resources as a large organization with lots of employees and stable funding.
|
||||
|
||||
But regardless of the resources you have, there's always something you can do to contribute.
|
||||
|
||||
Here are examples of some actions you might be able to do, from small tasks to larger projects:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "✍️" "💬" "🗣️" "📮" "💛" "🙌" "📗" "📢" "✊" "📚";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- Sign a petition related to an ongoing privacy issue, and encourage others to do the same.
|
||||
|
||||
- Write a social media post about an ongoing campaign from a digital rights organization you care about.
|
||||
|
||||
- Write a social media post about an ongoing privacy issue you care about.
|
||||
|
||||
- Contact your local representatives to tell them how privacy rights are important to you or your organization.
|
||||
|
||||
- Donate to a privacy organization and promote a privacy project you like.
|
||||
|
||||
- Contribute to a privacy project you like that is looking for volunteers.
|
||||
|
||||
- Build a web page to inform the public on a privacy issue (e.g. [Patrick Breyer's Chat Control page](https://www.patrick-breyer.de/en/posts/chat-control/)).
|
||||
|
||||
- Build a web form or application to inform the public and facilitate taking action against a specific privacy issue (e.g. [Fight Chat Control](https://fightchatcontrol.eu/), [Stop Online ID Checks](https://www.stoponlineidchecks.org/)).
|
||||
|
||||
- Find organizations sharing your values to sign a public joint statement about an ongoing privacy issue.
|
||||
|
||||
- Read more on small and big [tactics you can use for your privacy activism](https://activisthandbook.org/tactics#list-of-tactics) from the Activist Handbook.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Privacy is not dead: Beware the all-or-nothing mindset (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/02/17/privacy-is-not-dead/)
|
||||
|
||||
- [Learn about Points of Intervention to better plan and divide your actions (*The Commons Social Change Library*)](https://commonslibrary.org/points-of-intervention/)
|
||||
|
||||
- [Social change myths: What is a movement (*The Commons Social Change Library*)](https://commonslibrary.org/social-change-myths/)
|
||||
@@ -0,0 +1,130 @@
|
||||
---
|
||||
title: Start Alliances, Not Wars
|
||||
description: People in the privacy community can have different views that can create conflicts at times. For our community to thrive, we must start alliances, not wars.
|
||||
icon: fontawesome/solid/handshake-angle
|
||||
cover: activism/banner-toolbox-tip-alliances.webp
|
||||
---
|
||||
The privacy community consists of a patchwork of individuals, activists, organizations, and businesses that sometimes hold quite different views. These divergences can create conflict and friction at times.
|
||||
|
||||
While reporting falseness and abuse is important, when other differences lead to infighting, gossiping, competitive dunking, and organizations attacking others, we need to pause and ask how these internal wars are negatively impacting the community as a whole, both internally and from an outsider's perspective.
|
||||
|
||||
For our community to thrive and slowly build a movement, **we need more alliances, not wars**.
|
||||
|
||||
Here's how you can nurture alliances, instead of fueling conflicts:
|
||||
|
||||
## Acknowledge that you cannot win this battle alone, neither as a person nor as a single organization
|
||||
|
||||
To fight for privacy rights in this hostile environment, **we need to create a movement**. Effective movements grow from collaboration, not from competition. ==You cannot do it alone.==
|
||||
|
||||
Attacks on digital rights have increased exponentially in the past few years. Not one organization, and certainly not one person, can solve these complex issues on their own. Not even the most prominent ones.
|
||||
|
||||
Despite our differences and diverse points of view, we are all in this together. If we want to have a chance to succeed in making privacy a valued and respected human right, we must learn to support and uplift each other as a community. We must split up the tasks and learn to work together, even if it's only for sporadic actions.
|
||||
|
||||
When people and organizations sharing the same values come together, this builds a movement. And a movement is what is needed to push back against the countless attacks against privacy rights.
|
||||
|
||||
## Reject competition, embrace collaboration
|
||||
|
||||
Sadly, it's quite common in the privacy community to see privacy-focused businesses and organizations publicly dunking on each other instead of collaborating.
|
||||
|
||||
Perhaps some businesses and organizations think they are competing for the same scarce privacy-minded customers or donors. But this is a narrow vision that doesn't represent the bigger picture.
|
||||
|
||||
The digital privacy rights movement is in its infancy.
|
||||
|
||||
There are in fact many more potential customers and potential donors, more than enough for every current organizations and privacy-oriented businesses on the planet. The part that is scarce is people who understand why protecting their right to privacy is important, and how to do it.
|
||||
|
||||
By promoting privacy rights *together*, we all participate in growing a movement where more and more people become aware of these issues, and will be interested in taking part in the solutions.
|
||||
|
||||
Competition, and especially when this competition leads to businesses and organizations badmouthing each other, ends up damaging the whole movement, therefore impacting negatively all of our goals.
|
||||
|
||||
Additionally, tearing down perceived competitors sharing your values isn't a good look for you. It's draining for people already in the community, and often repulsive to potential new people on the outside. ==This behavior often results in pushing away newcomers== that were initially interested in joining our movement. This is bad for your competitors, sure, but it's *also* bad for *you*.
|
||||
|
||||
Newcomers get confused when they receive competing new information. Confusion leads to *inertia*, and inertia in the current Big Tech ecosystem means staying with Gmail instead of moving to Tuta or Proton mail, or any other privacy-focused email services. This is a bad outcome for *all* of us.
|
||||
|
||||
*None* of us win if people stop listening and stay with Big Tech, because we are too busy fighting each other. Instead of damaging the movement with infighting, combat inertia and build alliances with each other.
|
||||
|
||||
## How to start alliances
|
||||
|
||||
Here are a few ideas to start building alliances within the privacy community:
|
||||
|
||||
- **Keep a list** of organizations and other privacy activists sharing your values. Mastodon's [list feature](https://fedi.tips/how-to-use-the-lists-feature-on-mastodon/) can be very helpful to build a social network feed for this. Using an [RSS feed reader](../../news-aggregators.md) is another great way to do this.
|
||||
|
||||
- **Get familiar** with what your allies are working on. Think about ways their mission might be compatible with yours.
|
||||
|
||||
- **Reach out** to your allies and [amplify their voices](tip-lift-your-allies-up.md) whenever you can. Boost them up! 📣
|
||||
|
||||
- **Participate** in local events where you might be able to meet allies in-person, if this is something you can afford and do safely.
|
||||
|
||||
- **Organize** a campaign and invite value-compatible organizations and people to join your action. Try asking for support that doesn't require too many resources on their part at first. As you build a trust relationship with your allies, you might want to increase your level of collaboration.
|
||||
|
||||
- When a new privacy rights issue arises in the news, **reach out** to your allies and see how you could coordinate an action together, to make it more powerful. [Joint statements](https://museumofprotest.org/methods/signed-public-statements/) signed by multiple organizations and specialists can be an effective way to sway public opinion, bring an issue to the attention of the media, and get governments to listen.
|
||||
|
||||
- Ask your trusted allies about ways you could **collaborate** together. Think about how you could exchange or share resources to make both of your work stronger with partnerships.
|
||||
|
||||
## How to stop wars
|
||||
|
||||
Here are a few ways that might help to reduce the impact of infighting within the privacy community:
|
||||
|
||||
- **Do not badmouth** your competitors. This is a bad look for you, and has a negative impact on the whole community as well.
|
||||
|
||||
- **Do not engage** when people or organizations are dunking on each other on social platforms. Disengage and do not feed the fire.
|
||||
|
||||
- When trying to advertise your products or organizations, **focus on what you have** to offer that is beneficial and unique, instead of using comparison with your perceived competitors. Make sure to describe what you have to offer in simple terms, so that it's accessible to newcomers.
|
||||
|
||||
- **Be a part** of the privacy rights movement. Participate in promoting privacy rights for everyone, even if that means some people might buy another company's services, or donate to another organization.
|
||||
|
||||
- **Position yourself** as a mature leader in the movement who is above petty infighting. Instead, focus your energy on generously sharing resources for the cause, and promoting our shared values. Become a valued member of the privacy rights community.
|
||||
|
||||
## Examples of digital rights alliances and coalitions
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🧑⚖️" "👁️🗨️" "🪪" "✊";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Campaign:** [**Bad Internet Bills (2025)**](https://www.badinternetbills.com/)
|
||||
|
||||
**Host:** [Fight for The Future](https://www.fightforthefuture.org/)<br>
|
||||
**Participants:** ACLU, Defending Rights & Dissent, EFF, National Coalition Against Censorship, and more.
|
||||
<hr>
|
||||
|
||||
- **Campaign:** [**Stop Scanning Me (2022)**](https://stopscanningme.eu)
|
||||
|
||||
**Host:** [EDRi](https://edri.org/)<br>
|
||||
**Participants:** ApTI, Bits of Freedom, Chaos Computer Club, Digital Courage, EFF, Epicenter Works, Internet Society, La Quadrature du Net, and more.
|
||||
|
||||
<section class="admonition success" markdown>
|
||||
<p class="admonition-title">Coalition donation page example</p>
|
||||
|
||||
EDRi's *Stop Scanning Me* coalition provides a great example of collaboration with a [donation page](https://stopscanningme.eu/en/donate.html) listing all the coalition members with their countries of origin, and linking to external donation pages. EDRi humbly listed their own donation link at the bottom. We need more strong coalitions like this.
|
||||
|
||||
</section><hr>
|
||||
|
||||
- **Campaign:** [**The Nameless Coalition (2015)**](https://act.eff.org/action/dear-facebook-authentic-names-are-authentically-dangerous-for-your-users)
|
||||
|
||||
**Host:** [EFF](https://www.eff.org/)<br>
|
||||
**Participants:** Access, ACLU, Article 19, Center for Democracy and Technology, Human Rights Watch, OpenMedia, Transgender Law Center, and more.
|
||||
<hr>
|
||||
|
||||
- **Campaign:** [**Protect Our Privacy Coalition (2013)**](https://openmedia.org/press/item/more-30-organizations-unite-safeguard-canadians-privacy-rights-amid-spy-agency-scandal)
|
||||
|
||||
**Host:** [OpenMedia](https://openmedia.org/)<br>
|
||||
**Participants:** Amnesty International, BC CLA, Canadian Civil Liberties Association, EFF, FIPA, GreenPeace, Lead Now, and more.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Coalition building: Start here (*The Commons Social Change Library*)](https://commonslibrary.org/coalition-building-start-here/)
|
||||
|
||||
- [How to build a new coalition (*Activist Handbook*)](https://activisthandbook.org/organising/coalition-building/starting)
|
||||
|
||||
- [How to develop nonprofit relationships to expand and scale (*Nonprofit Learning Lab*)](https://www.nonprofitlearninglab.org/post/how-to-develop-nonprofit-relationships)
|
||||
|
||||
- [Templates, worksheets, and checklists for changemakers (*The Commons Social Change Library*)](https://commonslibrary.org/templates-worksheets-checklists-for-changemakers/)
|
||||
@@ -0,0 +1,69 @@
|
||||
---
|
||||
title: Stay True to Your Principles
|
||||
description: If you manage a digital rights group, it's important to make sure you aren't subjecting your contributors to the privacy-invasive tech you're fighting against.
|
||||
icon: fontawesome/solid/star
|
||||
cover: activism/banner-toolbox-tip-principles.webp
|
||||
---
|
||||
If you manage a digital rights group, meetup, chat room, event, or organization even, make sure you aren't subjecting your members and contributors to the very privacy-invasive tech you're fighting against. Sadly, it's not rare to see organizations and communities that aren't following their own privacy advice for internal practices.
|
||||
|
||||
Here's why it's important to **stay true to your principles** and lead by example:
|
||||
|
||||
## Be the groups and organizations you want to see in the world
|
||||
|
||||
As a leader in your digital rights community, it's critical to set an example and apply your privacy advice internally as well.
|
||||
|
||||
Sometimes, it's easy to just use the most popular tool and forget privacy best practices when we're in a rush. But the importance of maintaining integrity by applying *internally* the principles we promote externally shouldn't be downplayed.
|
||||
|
||||
Staying true to your privacy values internally has many benefits:
|
||||
|
||||
- [x] It significantly increases your credibility while telling others what tools and practices they should adopt when you are following the same advice yourself.
|
||||
|
||||
- [x] It supports the privacy-enhancing tools and projects you would like to see prosper.
|
||||
|
||||
- [x] It demonstrates that it is possible to manage a group or organization using privacy-focused services, practices, and partners. It makes you set a positive example.
|
||||
|
||||
- [x] It builds your reputation as someone who knows what they are talking about.
|
||||
|
||||
- [x] It gives you valuable insight to understand better your own recommendations, and their potential downsides. You will be better equipped to answer questions about how to deal with the disadvantages of some privacy-preserving tools and practices if you have adopted them yourself internally.
|
||||
|
||||
- [x] It makes your group or organization more attractive to recruit new qualified members or employees. Most privacy experts and advocates are in this field because they deeply care about privacy rights. By adopting good practices internally, you will show them that you are trustworthy, know what you're talking about, and will respect their own data if they work with you.
|
||||
|
||||
- [x] It normalizes the use of privacy-preserving technologies and privacy-respectful practices with your members, contributors, and employees, as well as with any external observers.
|
||||
|
||||
## How to stay true to your principles
|
||||
|
||||
There are many things you can do to stay true to your principles, both in your own personal life and in your privacy advocacy work.
|
||||
|
||||
Here are a few examples of practices and good habits you might want to adopt:
|
||||
|
||||
- [x] Make sure to [inform yourself about the privacy laws](tip-know-your-privacy-laws.md) you have to comply with in your work, and go above and beyond to respect them carefully.
|
||||
|
||||
- [x] Create a [Code of Ethics](https://www.wikihow.com/Develop-a-Code-of-Ethics) for your group or organization, and ensure it includes a special emphasis on enforcing your privacy values.
|
||||
|
||||
- [x] Build protocols to minimize data *collection* and maximize data *protection* when collecting data internally (e.g. from employees), and externally (e.g. from subscribers). Verify that your protocols are thoroughly followed by everyone in your group or organization.
|
||||
|
||||
- [x] Educate the members and contributors of your group or team. Make sure that everyone understands well your values, your Code of Ethics, and applies your established protocols.
|
||||
|
||||
- [x] Pick your vendors carefully. [Research](https://www.privacyguides.org/articles/2025/09/03/red-and-green-privacy-flags/) each third-party software you use, to select the most privacy-preserving option available.
|
||||
|
||||
- [x] Whenever relevant, request [Service-Level Agreements](https://en.wikipedia.org/wiki/Service-level_agreement) (SLA) from your service providers, to ensure you have a legally binding contract they have to comply with to respect your own terms of service.
|
||||
|
||||
- [x] Reject any offers for partnership or sponsorship from third-parties that have not been properly vetted for being trustworthy and sharing your privacy values, or who might only have profit and advertising in mind.
|
||||
|
||||
- [x] Keep your promises. As a privacy advocate, group, or organization, your reputation is the most valuable thing you have. ==If people cannot trust your integrity, they will not trust any of your advice either.== If you promise to never accept sponsorship from certain Big Tech companies, then make sure you are ready to hold this promise. If you promise to never accept venture-capital money for your privacy-preserving app, then keep your word and be ready to reject even attractive offers.
|
||||
|
||||
## Integrity is essential to build our movement
|
||||
|
||||
Staying true to our principles can be challenging at time. Nonetheless, when we are talking about privacy rights, we are also talking a lot about *trust*. Without integrity, there cannot be any trust.
|
||||
|
||||
Maintaining integrity with leading by example and keeping our promises is therefore essential to our fight for privacy rights. It's also fundamental to build our community, and to grow our movement with alliances.
|
||||
|
||||
Become a respected privacy-ally others in the community are eager to work with, by staying true to your principles, always.
|
||||
|
||||
## More resources
|
||||
|
||||
- [The complete guide to writing a Code of Ethics (*WikiHow*)](https://www.wikihow.com/Develop-a-Code-of-Ethics)
|
||||
|
||||
- [Privacy washing is a dirty business (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/08/20/privacy-washing-is-a-dirty-business/)
|
||||
|
||||
- [Policy and procedure templates for non-profit organizations (*The Commons Social Change Library*)](https://commonslibrary.org/policy-bank-policy-and-procedure-templates-for-not-for-profit-organisations/)
|
||||
@@ -0,0 +1,59 @@
|
||||
---
|
||||
title: Support Your Privacy Comrades
|
||||
description: Fighting for privacy rights is a collective endeavor. This battle can be difficult and isolating at time. That's why it's critical to care for each other.
|
||||
icon: fontawesome/solid/hand-holding-heart
|
||||
cover: activism/banner-toolbox-tip-support.webp
|
||||
---
|
||||
Fighting for better privacy rights, privacy tools, and privacy practices is a collective endeavor. You cannot do it alone. Anyone around you contributing is fighting the same battle by your side. This battle *can* be difficult and isolating at times. That's why it's critical to care for each other.
|
||||
|
||||
Here are things you can do to **support your privacy comrades**:
|
||||
|
||||
## Fighting for privacy rights can be isolating in unique ways
|
||||
|
||||
We live in a world of social connections. Regrettably, when we moved these connections online, we also gave power to large corporations to monitor and monetize our social relationships and communications.
|
||||
|
||||
Many privacy advocates will choose, rightly so, to completely [leave](tip-migrate-outside-the-surveillance-ecosystem.md) those abusive platforms. Sadly, a side effect of this is often severed relationships with loved ones, who refuse to join us on better, privacy-respectful environments. It's unfortunately common to lose friends when we quit Facebook, or refuse to join a Discord server. Taking a stand for our privacy values can come at the cost of some painful social losses.
|
||||
|
||||
Moreover, fighting to protect privacy rights while reading about attacks on those rights every day in the news can be draining.
|
||||
|
||||
Most advocates have experienced moments of great discouragement, and feelings of helplessness while facing the magnitude of the task at hand. ==Social support is a matter of survival== to recharge and continue this long battle for human rights.
|
||||
|
||||
This is why we must work to rebuild communities of our own. Supportive privacy communities that are [kind](tip-be-kind-to-people-but-be-relentless-with-institutions.md), [inclusive](tip-keep-your-posts-and-community-inclusive.md), and [accessible](tip-be-mindful-of-accessibility.md).
|
||||
|
||||
## Stay vigilant to spot signs of distress and fatigue
|
||||
|
||||
Whether you are participating in a [privacy-oriented forum](https://discuss.privacyguides.net/) or reading posts and replies of your privacy comrades on social media, pay attention to potential signs of distress.
|
||||
|
||||
Some people will periodically take time off from the internet to rest, which can be very healthy at time. But others might isolate from fatigue and discouragement. Keep your eyes open, and try to develop your compassion whenever you read comments that could be a clue someone is at the end of their rope, and in need of support.
|
||||
|
||||
## Help whenever you can
|
||||
|
||||
Here are a few things you can do to support your privacy comrades in times of need:
|
||||
|
||||
- [x] Work on strengthening your empathy skills, and demonstrate more compassion. This is a superpower to take care of your community.
|
||||
|
||||
- [x] Tell them you understand this is difficult, and that you are here to help if they need support.
|
||||
|
||||
- [x] Ask if they would like to talk more about their difficulties in private.
|
||||
|
||||
- [x] Offer your time to talk with them on a privacy-respectful chat, audio, or video call, if this is something you are comfortable doing.
|
||||
|
||||
- [x] Invite them to join your community or group of like-minded people, if you think they might be a good fit.
|
||||
|
||||
- [x] Organize a group or event to socialize with your privacy comrades regularly, offline or online, in a privacy-respectful way.
|
||||
|
||||
- [x] Depending on circumstances (and only if they might be open to it), refer them to a helpful resource in private. However, be careful not to fall into [the advice trap](https://www.psychologytoday.com/us/blog/the-questionologist/202103/how-guide-people-without-giving-advice), unless they specifically asked for advice.
|
||||
|
||||
- [x] Stay kind and do not take it personally if they refuse your help or disagree with your [*solicited* advice](https://www.verywellmind.com/whats-behind-different-types-of-unsolicited-advice-3144961). Let them know the door is always open to reach out to you whenever they might need help later.
|
||||
|
||||
## More resources
|
||||
|
||||
- [*Privacy Guides* Forum](https://discuss.privacyguides.net/)
|
||||
|
||||
- [What is empathy, and tips for strengthening your empathy skills (*Verywell Mind*)](https://www.verywellmind.com/what-is-empathy-2795562)
|
||||
|
||||
- [How to guide people without giving advice (*Psychology Today*)](https://www.psychologytoday.com/us/blog/the-questionologist/202103/how-guide-people-without-giving-advice)
|
||||
|
||||
- [Take care and prevent an activist burnout (*Activist Handbook*)](https://activisthandbook.org/wellbeing)
|
||||
|
||||
- [Build communities on privacy-respectful social networks, and invite your privacy comrades to join you there (*Privacy Guides*)](tip-improve-your-social-media-and-build-resilient-communities.md)
|
||||
@@ -0,0 +1,102 @@
|
||||
---
|
||||
title: Take Time to Rest, But Come Back to Fight With Us
|
||||
description: The battle for privacy will be a long one. This isn't a sprint, it's a marathon. If you want to be a good advocate, you must learn to rest when you need it.
|
||||
icon: fontawesome/solid/battery-quarter
|
||||
cover: activism/banner-toolbox-tip-rest.webp
|
||||
---
|
||||
The battle for privacy rights will be a long one. This isn't a sprint, it's a marathon.
|
||||
|
||||
If you want to be a good advocate, who will be able to fight with us for a long time, you *must* take the time to **rest when needed**.
|
||||
|
||||
Burning out isn't an option, we cannot afford to lose your precious contribution! And to prevent burning out, you must learn how to rest.
|
||||
|
||||
When you are starting to feel the activist and dystopia-fighter fatigue, it's important to take the time off you need until you feel rested. Then, come back to the battlefield to fight with us again!
|
||||
|
||||
Here's why it's fundamental to learn how to rest when you need it:
|
||||
|
||||
## Knowing when to rest is a strength, not a weakness
|
||||
|
||||
We have some bad news for you: **You are a human.**
|
||||
|
||||
This has many annoying side effects, such as having limited energy and a flesh-and-bone body you need to take care of. Trying to ignore this undeniable fact will only slow you down even more.
|
||||
|
||||
In our society's hustle culture, it's counterproductive that we often value overwork more than strategic rest.
|
||||
|
||||
The thing is, overwork isn't a sustainable strategy for the long battle ahead of us. ==What we need to succeed is privacy activists who will fight by our side for a very long time.== We need endurance and persistence. And for this to happen, we need ourselves and our [privacy comrades](tip-support-your-privacy-comrades.md) to be well-rested, by taking pauses and adopting the strategies we all need to recharge.
|
||||
|
||||
We need our movement to stay away from the often toxic hustle culture we have all observed from Big Tech companies, and instead embrace a culture of mutual support that encourages self-care.
|
||||
|
||||
We shouldn't try to imitate our opponents by "[moving fast and breaking things](https://www.privacyguides.org/articles/2022/04/04/move-fast-and-break-things/)."
|
||||
|
||||
We need to move at a *sustainable* pace, and build a powerful privacy rights movement that will last.
|
||||
|
||||
The important part isn't to fight for privacy rights 24/7. What matters most is that once you are well-rested after taking some time off, you come back to the battlefield to fight with us again.
|
||||
|
||||
<div class="admonition quote toolbox-quote" markdown>
|
||||
<p class="admonition-title toolbox-quote">Successful social change activists learn to be the tortoise rather than the hare. Looking after yourself and your family is important.</p>
|
||||
|
||||
<p class="toolbox-quote-source" markdown>Source: [*The Activists' Handbook* by Aidan Ricketts](https://aidanricketts.com/the-activists-handbook/)</p>
|
||||
|
||||
</div>
|
||||
|
||||
## Tips to help prevent privacy activism burnout
|
||||
|
||||
Unfortunately, activism burnout is quite common. And, in the privacy field, this is amplified by the well-documented effect of [privacy fatigue](https://www.sciencedirect.com/science/article/abs/pii/S0747563217306817).
|
||||
|
||||
Additionally, the fact that we have to incessantly push against a tidal wave of new privacy-invasive legislations and technologies is understandingly exhausting. But we can adopt many strategies to prevent activism burnout, minimize privacy fatigue, and learn how to rest and valorize self-care as an essential part of our work:
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "⛵️" "🧠" "⌛️" "📵" "📲" "🏡" "🙌" "🎉" "🧳" "🔋" "✊" "☎️" "💛";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Take breaks:** When you start feeling completely discouraged about the state of privacy rights in the world, it's time for a break. Take a few days off if you can, and try to enjoy activities that have nothing to do with your privacy advocacy.
|
||||
|
||||
- **Take care of your body:** Make sure not to neglect your bodily needs, this should always be a priority. Your body and your brain are the most essential tools you have for your privacy advocacy work. Take care of them first and foremost.
|
||||
|
||||
- **Sleep well:** Prioritize quality sleep and adopt a rigorous [sleep routine](https://sleepresearchfoundation.com/2024/03/03/top-10-tips-to-create-an-ideal-sleep-routine/) with a strict schedule.
|
||||
|
||||
- **Keep bedtime calm:** Try to avoid reading about stressful privacy news or exciting privacy technologies close to bedtime. This can all wait for you tomorrow.
|
||||
|
||||
- **Separate devices:** If you can afford it, use separate devices for your personal usage and your privacy activism work. This can help keeping a mental barrier between personal and professional, and limiting the "always-on" privacy-advocate mode.
|
||||
|
||||
- **Find friends:** Find a [community of peers](https://discuss.privacyguides.net/) you can talk to. Exchange resources and seek support from your community. Remember that you aren't alone in this battle.
|
||||
|
||||
- **Split the work:** Delegate tasks to privacy comrades. Seek allies and [alliances](tip-start-alliances-not-wars.md). Reach out for help, and don't take all the responsibilities of your projects on your own shoulders. Build a team, and learn to trust others with the work.
|
||||
|
||||
- **Celebrate!** Take the time to celebrate each victory, no matter how small. Celebrate with your peers too, and never miss an opportunity to [congratulate](tip-give-credit-where-credit-is-due.md) everyone's hard work.
|
||||
|
||||
- **Take vacations:** Plan longer breaks through the year with activities that will have nothing to do with your privacy advocacy work. Make sure they are long enough that you have time to even miss the privacy battlefield, and come back eagerly once you are fully rested.
|
||||
|
||||
- **Plan your (temporary) replacement:** If you are in a leadership position, make sure there is a system in place to take over your responsibilities fully when you need time off. You shouldn't be indispensable for your projects to keep going in the short term, and you should have the same access to time off as the rest of your team. As a leader, it's important to valorize rest for your team, leading by example. Rest is essential for you too.
|
||||
|
||||
- **Keep hope with long-term objectives:** If you feel discouraged by the current state of privacy rights, try to keep in mind the bigger picture. We will lose many fights on the journey to improvement. This is to be expected. But all the work we do matters, including the fights we lose. Try to focus on the movement as a whole, and on advancing privacy rights even just a little in our lifetime. See defeats as opportunities to learn from for the next stronger and better-organized battle.
|
||||
|
||||
- **Call for help:** If you feel like you are at the end of your rope and might be experiencing symptoms of [burnout](https://www.webmd.com/mental-health/burnout-symptoms-signs), seek professional help to support you.
|
||||
|
||||
- **Support others:** Don't forget to [support your privacy comrades](tip-support-your-privacy-comrades.md) when you feel well-enough yourself, to prevent exhaustion as a community.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Find a community of privacy comrades (*Privacy Guides* forum)](https://discuss.privacyguides.net/)
|
||||
|
||||
- [Privacy is like broccoli, take it one step at the time (*Privacy Guides*)](https://www.privacyguides.org/articles/2025/07/24/privacy-is-like-broccoli/)
|
||||
|
||||
- [Personal sustainability for activists (*The Commons Social Change Library*)](https://commonslibrary.org/personal-sustainability-for-activists/)
|
||||
|
||||
- [The role of privacy fatigue in online privacy behavior (*ScienceDirect*)](https://www.sciencedirect.com/science/article/abs/pii/S0747563217306817)
|
||||
|
||||
- [What can be done about activist burnout? (*Sharon Nepstad* YouTube video)](https://www.youtube.com/watch?v=BNm2ar3dEug)
|
||||
|
||||
- [How to avoid activist burnout (*Change Atelier*)](https://www.changeatelier.org/blog/how-to-avoid-activist-burnout)
|
||||
|
||||
- [Strategies to prevent activist burnout (*The Art of Living*)](https://www.newsletter.samuel-warde.com/p/strategies-to-prevent-activist-burnout)
|
||||
@@ -0,0 +1,51 @@
|
||||
---
|
||||
title: Value Allies with Complementary Expertise
|
||||
description: In privacy like everywhere else, diversity is a strength. If you want your community to have a broad set of skills, you need to value a diversity of expertises.
|
||||
icon: fontawesome/solid/circle-half-stroke
|
||||
cover: activism/banner-toolbox-tip-complement.webp
|
||||
---
|
||||
In privacy, like in other areas of life, **diversity is an incredible strength**. If you want your community to have a broad understanding of threat models, and be able to address issues on multiple levels, you need to value a diversity of expertises.
|
||||
|
||||
Gathering people with a wide range of skills and experiences in your community is critical to effective work. People with different skill sets and lived experiences will together be able to reach out to a broader audience, and provide much more accurate and useful advice covering a variety of situations.
|
||||
|
||||
Here's how to recognize, respect, and retain experts with skills that are different to your own:
|
||||
|
||||
## Recognize people with different skills
|
||||
|
||||
Privacy is a vast multidisciplinary field. It doesn't just encompass the privacy technologies we use to protect our data, but also the laws that determine the legality of the tools and practices we use. Furthermore, the culture plays an essential role in our fight for better rights, despite being often a neglected aspect of privacy.
|
||||
|
||||
Being an expert in privacy can mean so many things. No two specialists have the same knowledge.
|
||||
|
||||
Whatever your own privacy expertise might be, make sure to always stay aware of the [bigger picture](tip-keep-in-mind-the-whole-landscape.md), and recognize that other privacy specialists might have knowledge entirely different from yours. Your knowledge might intersect, or you might not share any at all.
|
||||
|
||||
This doesn't mean they are any less valuable. On the contrary, this ==diversity of knowledge gives us the best chance to succeed== in our common cause.
|
||||
|
||||
## Respect people with different knowledge
|
||||
|
||||
It's easy to fall in the trap of staying with our own group of peers who share the same knowledge as ours and discard the others. Unfortunately, this attitude is detrimental to our movement.
|
||||
|
||||
As a privacy activist, it's essential to **develop respect** for privacy advocates who specialize in privacy-related knowledge other than your own. You need them to fight *with* you, and they need you to fight with them.
|
||||
|
||||
Pay attention to the people in your groups that might be pushed aside because their area of expertise is different from the majority that are present. Try to make them feel respected and included in your groups and communities. Engage with them positively when they contribute, even if you don't understand their specialty.
|
||||
|
||||
If you specialize in technical tools, value people with legal and social knowledge and be public about your respect for these specialties. Conversely, if you are a privacy lawyer, bring technical or cultural experts to your groups, and value their roles working for our common cause.
|
||||
|
||||
## Retain specialists that are different
|
||||
|
||||
**Inclusivity is key** to retaining newcomers in your groups and communities. People who are new or different from the majority of the group should feel welcome and valued.
|
||||
|
||||
Work on developing your awareness of these dynamics in your groups. Try to improve your empathy skills, and [support better your privacy comrades](tip-support-your-privacy-comrades.md), especially those who might be different from the majority because of their expertise, demographic, or location. Reach out to them in private to make them feel welcome. Praise them publicly when they contribute in a way you like. [Give credit where credit is due](tip-give-credit-where-credit-is-due.md).
|
||||
|
||||
If you organize an event or hire people, make sure to fairly compensate all your contributors. Pay special attention to make sure people with different expertises or demographics aren't always the ones who have to work as volunteers.
|
||||
|
||||
Inclusivity, empathy, support, acknowledging successes publicly, and fair compensation are all tools that will help you retain diverse specialists with expertises that are complementary to yours in your communities.
|
||||
|
||||
This is something that is *incredibly* valuable in our fight for privacy rights, together.
|
||||
|
||||
## More resources
|
||||
|
||||
- [The psychology of activism and movement longevity (*Museum of Protest*)](https://museumofprotest.org/guides/guide-the-psychology-of-activism-and-movement-longevity/)
|
||||
|
||||
- [Is your team using its biggest resource (*Social Science Space*)](https://www.socialsciencespace.com/2013/07/is-your-team-using-its-biggest-resource/)
|
||||
|
||||
- [How to make people feel valued on projects (*PM Today*)](https://www.pmtoday.co.uk/how-to-make-people-feel-valued-on-projects/)
|
||||
@@ -0,0 +1,53 @@
|
||||
---
|
||||
title: Welcome Beginners
|
||||
description: For our privacy rights movement to grow, we must bring more people in. To accomplish this, it's fundamental to make our communities welcoming to newcomers.
|
||||
icon: fontawesome/solid/user-plus
|
||||
cover: activism/banner-toolbox-tip-beginners.webp
|
||||
---
|
||||
For our privacy rights movement to grow, we must **bring more people in**. To accomplish this, it's fundamental to discuss privacy in ways that are accessible to newcomers who aren't familiar with the basic concepts yet.
|
||||
|
||||
Here's how you can improve your advocacy work to make it more approachable to beginners:
|
||||
|
||||
## We cannot grow our movement without newcomers
|
||||
|
||||
Beginners and newcomers are *indispensable* to our privacy rights movement. Without them, we cannot grow. And without growth, we cannot win.
|
||||
|
||||
To attract new people to our communities and our cause, we need to create an environment that is welcoming, safe, and pleasant to be in. When newcomers face rudeness and criticism, they leave. And when they leave, we lose.
|
||||
|
||||
Kindness, patience, and compassion are the first steps to attract and retain newcomers. Then, knowledge accessibility is vital. There are many things you can do in your daily advocacy to help with this.
|
||||
|
||||
## What to keep in mind to make beginners feel welcomed
|
||||
|
||||
<style>
|
||||
.emoji-list-a ul {
|
||||
list-style: emoji-list-a;
|
||||
}
|
||||
@counter-style emoji-list-a {
|
||||
system: fixed;
|
||||
symbols: "🔤" "📟" "1️⃣" "🙋" "🆗" "📚";
|
||||
suffix: " ";
|
||||
</style>
|
||||
|
||||
<div class="emoji-list-a" markdown>
|
||||
|
||||
- **Beware of acronyms:** Do not assume that everyone knows the acronyms you use in your material, even the most common such as VPN (Virtual Private Network). Always make sure to write the whole expression at least once before carrying on with the acronym's letters only.
|
||||
|
||||
- **Explain technologies:** As for acronyms, don't assume that everyone has the same knowledge as you when it comes to technology, even the technologies that seem basic to you. Perhaps you have been in tech for so long that you have forgotten not everyone knows what an Operating System (OS) is. Nevertheless, make sure to provide a short explanation or example to keep your content welcoming to beginners. If you talk about Operating Systems, perhaps also add "such as macOS, Windows, or Linux" to add context that could make your point more accessible.
|
||||
|
||||
- **Start with the basics:** Depending on the context, do not neglect to discuss the most basic privacy concepts before jumping in the juicy tech. Fundamental ideas such as consent, data collection, data storage, or encryption are important to master in order to understand the benefits and dangers related to data privacy. Specific tech and services come and go, but *fundamental* ideas remain. Anyone who comprehends these core concepts will have a much easier time understanding all that follows.
|
||||
|
||||
- **No stupid questions:** There are no stupid questions, only impatient answerers. Whenever a beginner asks a question that seems obvious to you, refrain from replying with something dry or snarky such as "Google it," or its privacy-equivalent "DuckDuckGo it." This only has the effect of chasing people away from our community. If you don't feel like helping, just reply nothing. But if you do want to help, try to find an answer for them. If you are in a rush, something like "Hey! Sorry I don't have the answer, but maybe this [resource](../../basics/why-privacy-matters.md) might be helpful to you!" or "Sorry I'm not sure, but perhaps asking on this [forum](https://discuss.privacyguides.net/) might get you an answer."
|
||||
|
||||
- **Stay patient and compassionate:** Always stay patient with beginners and newcomers (and everyone else, actually). To keep people fighting with us and grow our movement, we cannot afford to lose anyone just because we felt angry that day. Develop your [empathy skills](tip-support-your-privacy-comrades.md) to provide support and reply with compassion. People stay where they feel safe and welcomed. ==Make them feel safe and welcomed.==
|
||||
|
||||
- **Do not confound lack of knowledge with lack of intelligence:** Everyone has a different set of knowledge. Lack of knowledge doesn't mean someone isn't intelligent, it just means they haven't come in contact with this area of knowledge yet. They probably know a lot of things you don't know at all. Be careful not to sound patronizing when communicating with newcomers (or anyone else really). This is a behavior sadly too common in the privacy community, and we all need to work on this to create an environment that is more welcoming and enjoyable for everyone.
|
||||
|
||||
</div>
|
||||
|
||||
## More resources
|
||||
|
||||
- [Building a community for beginners (*Jennifer Konikowski*)](https://www.jenniferkonikowski.com/blog/2017/2/10/building-a-community-for-beginners)
|
||||
|
||||
- [Creating a welcoming space for beginners (*Raquel Moss*)](https://www.raquelmoss.com/creating-a-welcoming-space-for-beginners/)
|
||||
|
||||
- [Bring kindness back to open source (*Scott Hanselman*)](https://www.hanselman.com/blog/bring-kindness-back-to-open-source)
|
||||
@@ -3,7 +3,7 @@ title: Private Payments
|
||||
icon: material/hand-coin
|
||||
description: Your buying habits are the holy grail of ad targeting, but you still have plenty of options when it comes to making payments privately.
|
||||
---
|
||||
Data about your buying habits is considered the holy grail of ad targeting: your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
Data about your buying habits is considered the holy grail of ad targeting: Your purchases can leak a veritable treasure trove of data about you. Unfortunately, the current financial system is anti-privacy by design, enabling banks, other companies, and governments to easily trace transactions. Nevertheless, you have plenty of options when it comes to making payments privately.
|
||||
|
||||
## Cash
|
||||
|
||||
@@ -17,7 +17,7 @@ Despite the above, cash is typically the best option when available.
|
||||
|
||||
You can easily purchase gift cards and prepaid cards at most grocery stores and convenience stores with cash. Gift cards usually don’t have a fee, though prepaid cards often do, so pay close attention to these fees and expiry dates. Some stores may ask to see your ID at checkout in an effort to reduce fraud.
|
||||
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g.: from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
Gift cards usually have limits of up to $200 per card, but some offer limits of up to $2,000 per card. Prepaid cards (e.g. from Visa or Mastercard) usually have limits of up to $1,000 per card.
|
||||
|
||||
Gift cards have the downside of being subject to merchant policies, which can have terrible terms and restrictions. For example, some merchants don’t accept payment in gift cards exclusively, or they may cancel the value of the card if they consider you to be a high-risk user. Once you have merchant credit, the merchant has a strong degree of control over this credit.
|
||||
|
||||
@@ -43,7 +43,7 @@ These tend to be good options for recurring/subscription payments online, while
|
||||
|
||||
## Cryptocurrency
|
||||
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only invest amounts which would not be disastrous to lose.
|
||||
Cryptocurrencies are a digital form of currency designed to work without central authorities such as a government or bank. While *some* cryptocurrency projects can allow you to make private transactions online, many use a transparent blockchain which does not provide any transaction privacy. Cryptocurrencies also tend to be very volatile assets, meaning their value can change rapidly and significantly. As such, we generally don't recommend using cryptocurrency as a long-term store of value. If you decide to use cryptocurrency online, make sure you have a full understanding of its privacy aspects beforehand, and only purchase amounts which would not be disastrous to lose.
|
||||
|
||||
<div class="admonition danger" markdown>
|
||||
<p class="admonition-title">Danger</p>
|
||||
@@ -72,7 +72,7 @@ Anonymous transactions on a transparent blockchain are *theoretically* possible,
|
||||
|
||||
### Wallet Custody
|
||||
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship-resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
With cryptocurrency there are two forms of wallets: custodial wallets and self-custody wallets. Custodial wallets are operated by centralized companies/exchanges, where the private key for your wallet is held by that company, and you can access them anywhere typically with a regular username and password. Self-custody wallets are wallets where you control and manage the private keys to access it. Assuming you keep your wallet's private keys secured and backed up, self-custody wallets provide greater security and censorship resistance over custodial wallets, because your cryptocurrency can't be stolen or frozen by a company with custody over your private keys. Key custody is especially important when it comes to privacy coins: Custodial wallets grant the operating company the ability to view your transactions, negating the privacy benefits of those cryptocurrencies.
|
||||
|
||||
### Acquisition
|
||||
|
||||
@@ -84,7 +84,7 @@ If you go this route, make sure to purchase Monero at different times and in dif
|
||||
|
||||
## Additional Considerations
|
||||
|
||||
When you're making a payment in-person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
When you're making a payment in person with cash, make sure to keep your in-person privacy in mind. Security cameras are ubiquitous. Consider wearing non-distinct clothing and a face mask (such as a surgical mask or N95). Don’t sign up for rewards programs or provide any other information about yourself.
|
||||
|
||||
When purchasing online, ideally you should do so over [Tor](tor-overview.md). However, many merchants don’t allow purchases with Tor. You can consider using a [recommended VPN](../vpn.md) (paid for with cash, gift card, or Monero), or making the purchase from a coffee shop or library with free Wi-Fi. If you are ordering a physical item that needs to be delivered, you will need to provide a delivery address. You should consider using a PO box, private mailbox, or work address.
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
meta_title: "The Best Android Operating Systems - Privacy Guides"
|
||||
title: "Alternative Distributions"
|
||||
title: Alternative Distributions
|
||||
description: You can replace the operating system on your Android phone with these secure and privacy-respecting alternatives.
|
||||
schema:
|
||||
-
|
||||
@@ -47,15 +47,19 @@ GrapheneOS provides additional [security hardening](https://en.wikipedia.org/wik
|
||||
|
||||
[:octicons-home-16: Homepage](https://grapheneos.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://grapheneos.org/faq#privacy-policy){ .card-link title="Privacy Policy" }
|
||||
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=Documentation}
|
||||
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title="Documentation" }
|
||||
[:octicons-code-16:](https://grapheneos.org/source){ .card-link title="Source Code" }
|
||||
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title=Contribute }
|
||||
[:octicons-heart-16:](https://grapheneos.org/donate){ .card-link title="Contribute" }
|
||||
|
||||
</div>
|
||||
|
||||
GrapheneOS supports [sandboxed Google Play](https://grapheneos.org/usage#sandboxed-google-play), which runs Google Play Services fully sandboxed like any other regular app. This means you can take advantage of most Google Play Services, such as push notifications, while giving you full control over their permissions and access, and while containing them to a specific [work profile](../os/android-overview.md#work-profile) or [user profile](../os/android-overview.md#user-profiles) of your choice.
|
||||
|
||||
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices).
|
||||
[Google Pixel phones](../mobile-phones.md#google-pixel) are the only devices that currently meet GrapheneOS's [hardware security requirements](https://grapheneos.org/faq#future-devices). The Pixel 8 and later support ARM's Memory Tagging Extension (MTE), a hardware security enhancement that drastically lowers the probability of exploits occurring through memory corruption bugs. GrapheneOS greatly expands the coverage of MTE on supported devices. Whereas the stock OS only allows you to opt in to a limited implementation of MTE via a developer option or Google's Advanced Protection Program, GrapheneOS features a more robust implementation of MTE by default in the system kernel, default system components, and their Vanadium web browser and its WebView.
|
||||
|
||||
GrapheneOS also provides a global toggle for enabling MTE on all user-installed apps at :gear: **Settings** → **Security & privacy** → **Exploit protection** → **Memory tagging** → **Enable by default**. The OS also features per-app toggles to opt out of MTE for apps which may crash due to compatibility issues.
|
||||
|
||||
### Connectivity Checks
|
||||
|
||||
By default, Android makes many network connections to Google to perform DNS connectivity checks, to sync with current network time, to check your network connectivity, and for many other background tasks. GrapheneOS replaces these with connections to servers operated by GrapheneOS and subject to their privacy policy. This hides information like your IP address [from Google](../basics/common-threats.md#privacy-from-service-providers), but means it is trivial for an admin on your network or ISP to see you are making connections to `grapheneos.network`, `grapheneos.org`, etc. and deduce what operating system you are using.
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 61 KiB After Width: | Height: | Size: 55 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 50 KiB After Width: | Height: | Size: 53 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 80 KiB After Width: | Height: | Size: 58 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 69 KiB After Width: | Height: | Size: 57 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 64 KiB After Width: | Height: | Size: 47 KiB |
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user