Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-08-17 10:41:10 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'privacyguides:main' into pr-biometrics

Browse source
This commit is contained in:
fria 2025-01-25 21:26:54 -06:00 committed by GitHub
commit 4c1a8ef03d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
41 changed files with 1372 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
blog/assets/images/activists-guide-securing-your-smartphone/cover.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 95 KiB

261
blog/posts/activists-guide-securing-your-smartphone.md Normal file
View file

@ -0,0 +1,261 @@
---
date:
created: 2025-01-23T19:15:00
categories:
- Tutorials
authors:
- jonah
description: Your phone is an essential tool, but it also represents a huge risk to your privacy and security. Understanding these best practices when it comes to securing your smartphone will help keep you and your data safe.
schema_type: AnalysisNewsArticle
---
# The Protesters' Guide to Smartphone Security
![Article cover photo showing a phone icon over a protest](../assets/images/activists-guide-securing-your-smartphone/cover.webp)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Koshu Kunii / Unsplash</small>
For most protesters, activists, and journalists, your smartphone is an essential tool you depend on for organizing with your peers, accessing and distributing information, and helping others. It also represents a great risk, as a tool that is easily appropriated by authorities for targeted and mass surveillance.<!-- more -->
The perennial question when it comes to protests is whether you should bring your phone at all. If you leave your phone at home, that is probably the safest your data will get, and you will be at very low risk of being tracked by mass surveillance tools. On the other hand, your phone is a critical resource when it comes to coordinating with others, getting updates on the protest from social media, or simply documenting what is going on with your phone's camera.
If possible, bringing a separate device like a "burner phone," an old phone you can reset, or even a regular old-fashioned camera is a much better option than bringing your primary phone. Any data you don't bring with you can't be taken from you at the scene.
However, getting access to or affording devices like these aren't a realistic option for many people. Whether you decide to take your smartphone or a secondary smartphone with you to the event, this guide will cover how to maximize that device's security and minimize risks to your privacy.
## Your Risks at a Protest
There are plenty of risks you should consider if you use your smartphone at a protest. We are going to try and cover the following in this guide:
1. Losing your device.
2. Authorities confiscating your smartphone.
3. Service disruption, either due to intentional interference by authorities or caused by networks being overloaded by large groups of people.
4. Targeted surveillance:
- Disrupting your service.
- Blocking delivery of calls/SMS to your number.
- Monitoring your unencrypted traffic.
- Monitoring communications over local radios like walkie-talkies, etc.
5. Mass surveillance:
- Interference with web services. Popular communication platforms like Twitter or TikTok could be throttled or blocked.
- Interference with messengers and voice services like Signal or WhatsApp.
- Authorities could use public Wi-Fi networks in the area to monitor traffic and identify nearby devices.
- Cell phone companies could provide records to authorities of devices near cell towers in the area to track and identify protesters.
Like all of our guides, we are going to cover the general best practices and provide helpful tips, but your individual situation may be different. You should always research and plan according to what you specifically are doing, and if you need legal advice you should always consult a qualified and licensed attorney.
## Secure Your Device
If your phone falls into the wrong hands, the information on it could be hugely damaging to yourself or others. Make sure you've taken the necessary steps to prevent it from being broken into.
### Use a Strong Screen Lock
At a bare minimum, you should use a 6-digit PIN, but ideally you should protect your phone with an alphanumeric passphrase. This prevents people from trivially accessing your data, and additionally protects your data with strong encryption.
Barring a massive security exploit (more on this [later](#consider-your-phones-security-patches)), most law enforcement tools work by essentially brute-forcing your PIN, running tons of guesses until it gets one right. This makes a long and unique passphrase your strongest protection against your data being stolen by people in possession of your device.
In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. **Know your rights** wherever you're located before attending a protest, so you aren't blindly following orders later.
### Disable Biometic Authentication
We commonly recommend using biometric features like Face ID or Touch ID to prevent "shoulder surfing" attacks, where an attacker steals your PIN by discreetly watching you enter it, or where your PIN is recorded by surveillance cameras in the area.
**However**, in this situation it may make more sense to disable biometric authentication. Authorities are trained and known to use biometrics quickly to forcefully unlock your device, so you should be mindful of this fact when deciding what to do. If you disable biometrics, be wary of shoulder surfing attacks and prying eyes by obscuring or covering your phone whenever you unlock it.
Whatever you do, make sure you know how to quickly shut down your phone or disable biometrics at a moment's notice. Many phones have begun replacing the standard "hold down the power button" function with voice assistants or other features, so practice performing the actual shutdown method beforehand to familiarize yourself.
Modern iPhones require you to hold down the side button and either volume button before the power-off slider appears. Even if you don't get a chance to slide to power off, getting to this screen will at least disable biometric authentication, making your phone a bit more secure than it otherwise might be.
In the United States, it is still a legal gray area when it comes to whether law enforcement can force you to use biometrics, but many court decisions have leaned toward saying they **can** compel you to use your fingerprint. Using a passphrase and disabling biometrics gives you more robust 5th Amendment rights. In other countries you should again familiarize yourself with your rights in this scenario, so that you can make the most informed decision.
### Hide Your Notifications
Even with your device locked, law enforcement can see everything you're up to simply by scrolling through your notifications. Reducing the amount of information accessible on the lock screen improves your security and the security of those you're messaging, so make sure your notifications are only visible when your device is unlocked.
On an iPhone:
1. Open **Settings**
2. Navigate to **Notifications**
3. Navigate to **Show Previews**
4. Select **Never** (or, **When Unlocked**)
On Android:
1. Open **Settings**
2. Navigate to **Notifications**
3. Touch **Notifications on lock screen**
- Select **Don't show any notifications**
4. Switch **Sensitive notifications** to **off**
### Disable Lock Screen Actions
In a similar vein, any functionality you have enabled while your device is unlocked can pose a security risk. It is always best practice to reduce your attack surface by disabling these options whenever possible. Even though these features are typically designed to not pose a security risk to your data, they have been known to be exploited in the past to bypass lock screens and other security features.
On an iPhone:
1. Open **Settings**
2. Navigate to **Face ID & Passcode**
3. Scroll to the **Allow Access When Locked** section
4. Switch all features you don't need **off**
On Android, disabling functionality while the phone is locked will vary widely by manufacturer. Some like Samsung provide more flexible options in their lock screen settings, but others like Google do not provide the option to disable the quick settings panel or other similar features.
### Avoid External Storage
Your Android phone might have the option to store files or photos on a microSD card, but these cards are not always subject to the same encryption standards as your phone's built-in storage. You should check whether your microSD card can be encrypted in your phone's settings, although this will prevent it from being read by other devices like your computer later.
Additionally, even *if* it's encrypted, it still won't benefit from the same security protections that your phone's built-in storage provides, such as advanced brute-force protections. Ideally you should remove all external storage devices from your phone during the event, and save photos, videos, and other files to your phone's encrypted internal storage.
### Consider Your Phone's Security Patches
Exploits against smartphones are discovered on a very regular basis, and spyware companies that work with law enforcement—like Cellebrite—abuse these exploits to crack into stolen devices. If your phone is no longer receiving regular updates from its manufacturer, you are in a very dangerous position as you may be vulnerable to the exploits used.
In general, we consider the latest iPhone and latest Google Pixel to be the most secured against this sort of threat. You can increase your security further by using a [hardened alternative operating system](https://www.privacyguides.org/en/android/distributions/) on your Google Pixel.
Robust security information about phones from other manufacturers is less common. If you use a different device you may still consider the risks to be worth it, but if confiscation is of *particular* concern to you, or especially if your phone no longer receives security patches, you may want to consider leaving the phone at home.
## Protect Against Surveillance
### Disable AirDrop
One of the most innocuous features enabled on millions of iPhones is also one of the most dangerous for those seeking to protect their privacy in public. Apple's AirDrop protocol [uses](https://www.usenix.org/system/files/sec21-heinrich.pdf) trivially bypassed security measures that authorities like the Chinese government have openly [bragged](https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that/) about cracking to identify users since at least 2022.
You should assume that any device with AirDrop enabled is constantly broadcasting your name, email address, and phone number to everyone around you, **even if** you have it set to "Contacts Only." Apple has known about this [flaw](https://www.macrumors.com/2021/04/23/airdrop-researchers-security-flaw/) since 2019 and has not issued any fix.
1. Open the **Settings** app
2. Navigate to **General**
3. Navigate to **AirDrop**
4. Select **Receiving Off**
### Lock Down Your Network
Your phone signals can be used to track you even if you don't make a call or send a text. Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.
On Android:
1. Open **Settings**
2. Navigate to **Network & internet**
3. Navigate to **SIMs**
4. Select your carrier or SIM card
5. Switch **Allow 2G** to **off**
On iPhone:
1. Open **Settings**
2. Navigate to **Privacy & Security**
3. Navigate to **Lockdown Mode**
4. Select **Turn On Lockdown Mode**
Note that enabling [Lockdown Mode](https://www.privacyguides.org/articles/2022/10/27/macos-ventura-privacy-security-updates/#lockdown-mode) on an iPhone will change a variety of settings to harden its security. Many of them are smart improvements, but certain apps and features [won't work](https://support.apple.com/HT212650) normally, so read the previous links here for more details.
### Use Airplane Mode Frequently
Even after mitigating the risks of 2G networks, your cellular activity can still be tracked. If not by law enforcement then by your carrier, who will likely be responsive to law enforcement's requests for data after the fact.
To prevent this, you should keep your phone turned off or use Airplane Mode to disable cellular connections whenever possible. Ideally you should only connect to networks in an emergency situation to communicate with others in your group, otherwise keeping messages and network transmissions to a minimum is key.
### Disable Location Services
If you have to keep your device powered on and connected, you can at least minimize the number of parties who have access to your location data. Be mindful of apps that you choose to share your location with, and consider disabling location services entirely while you're at the event.
On an iPhone:
1. Open **Settings**
2. Navigate to **Privacy & Security**
3. Navigate to **Location Services**
4. Switch **Location Services** to **off**
On Android:
1. Open **Settings**
2. Navigate to **Location**
3. Switch **Use location** to **off**
If you use an Android phone, you should also check your Google account settings to [ensure location history is disabled](https://support.google.com/accounts/answer/3118687). Google is frequently tapped by law enforcement to provide location data, because they don't protect your personal information with strong, zero-knowledge encryption.
## Other Tips
### Use Signal
[**Signal**](https://www.privacyguides.org/en/real-time-communication/#signal) is the most secure app for sending text messages and making voice calls with others. It is also impossible to configure Signal to lower its encryption security or other security standards, so you know that everyone in your group is using settings that are safe by default.
Signal is battle-tested for this situation. [Signal has responded to 6 government requests](https://signal.org/bigbrother/) since 2016, and in each case the only information they were able to provide was at most:
1. Whether the user was registered with Signal
2. When that user registered with Signal
3. When that user connected to Signal last
Keep in mind that using Signal could still expose your phone's location, simply due to making a network request as we covered above. You should still keep your phone in [Airplane Mode](#use-airplane-mode-frequently) and minimize the use of Signal or any other networked app during the event.
There *are* other [encrypted messengers](https://www.privacyguides.org/en/real-time-communication/), some of them even making use of technologies developed by Signal. However, they all come with trade-offs that could easily compromise your security. WhatsApp and Facebook Messenger are end-to-end encrypted for example, but they collect copious amounts of *metadata* about your messages, such as who you're sending them to, when you're sending them, your location when you're sending them, etc. Apple's iMessage service in the Messages app has strong encryption but similar metadata concerns, and only works if everyone in your group has an iPhone.
### Protect Your Access to Information
Phones can be easily lost, taken, broken, or they can simply run out of juice. Bring a spare mobile battery or a charged power bank with you, and try to minimize your phone usage to preserve power. You should also make sure your mobile plan is topped up and you have enough mobile data prior to the event.
You should also write down the number of an emergency contact or a lawyer on a physical piece of paper, or [even](https://xcancel.com/madeleine_rae/status/1266528386878443522) in Sharpie on your arm. You'll want this information easily accessible if you're arrested regardless of your phone's state or location.
### Change Your Camera Settings
Check your camera settings for things which may draw unwanted attention, like the flash or a shutter sound. You should go through these settings in advance and configure it for the safest possible use.
### Back Up Your Data
You should be prepared to have your phone taken or lost during a protest. You can limit the potential costs and headache to you if this happens by making sure you have an updated, encrypted backup of your data.
If you have an iPhone, you can make a local backup to a macOS computer or a Windows computer with iTunes. You can also back up to iCloud, but these backups are only secure if you enable [Advanced Data Protection](https://www.privacyguides.org/en/os/ios-overview/#icloud) on your iCloud account. We strongly encourage [enabling Advanced Data Protection](https://support.apple.com/en-us/108756) for all iCloud users in any case, as it protects not only device backups but most iCloud account data as well.
The backup situation on Android is not nearly as robust unfortunately, but you can back up photos and files with a variety of services. If you use an online backup service we recommend choosing one with strong, zero-knowledge encryption so that the service provider is unable to access your data.
- [Recommended Photo Backup Services](https://www.privacyguides.org/en/photo-management/)
- [Recommended Cloud Drive Services](https://www.privacyguides.org/en/cloud/)
- [Recommended File Sync Services](https://www.privacyguides.org/en/file-sharing/)
## At The Protest
### Keep Your Device Locked
You should always use your camera to take pictures or videos while your phone is locked, in case your device is taken while filming. This is easier if you've [disabled biometrics](#disable-biometic-authentication), because Face ID or similar features might unlock your device automatically when you don't want that to happen.
On an iPhone you can hold down the camera icon on the lock screen to open the camera without unlocking your device. You could also configure the Action Button to open the camera, or use the dedicated camera button on the latest iPhone model.
On a Google Pixel and most other Android devices, double-tapping the power button will open the camera without needing to unlock your device.
You should learn and/or set up device shortcuts to do things quickly, ideally while the device remains locked whenever possible, and ensure you're familiar with the shortcuts before the event.
### Have a Backup Communications Network
In the event of an internet blackout, it might be a good idea to have a backup network prepared, organized with other attendees. Messaging apps like [Briar](https://www.privacyguides.org/en/real-time-communication/#briar) can operate in a local mesh mode, connecting to other devices in the area with Bluetooth or local Wi-Fi connections instead of relying on centralized internet services.
You might also want to consider local radios like walkie-talkies, although keep in mind these devices are nearly always unencrypted and can be easily monitored by others, so you won't want to use them to transmit sensitive information.
## After The Event
### If Your Phone Was Taken
If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model. Here are some instructions for common devices you can try:
- [Finding a lost Android device](https://support.google.com/android/answer/3265955?hl=en)
- [Finding a lost iPhone](https://support.apple.com/en-us/104978)
If you were logged in to any online services on your phone, you should try and get them signed out. On many social media websites for example, you can go to your account's settings to see what devices are signed in and revoke their access remotely.
Please be aware of the **legal consequences** of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.
### Be Mindful of Others
If you post your photos online, be mindful of identifiable faces or other characteristics of your fellow protesters or bystanders. Law enforcement or vigilantes use these photos to track down other attendees and arrest or harass them.
To prevent this, you can obscure the faces of anyone in the image. Most phones have [built-in photo editing tools](https://www.privacyguides.org/en/os/ios-overview/#redacting-elements-in-images) that allow you to draw on an image. Blurring can sometimes be reversed, so blocking it out entirely is generally preferable.
Be careful of the editing tools you use, and don't select highlighters or other semi-transparent editing tools. Even if you scribble over an area of a photo multiple times with a dark/black "highlighter" tool until it *appears* black, that can often be reversed with photo editing software by adjusting the contrast of the image. Using a shape/rectangle tool to draw a black box over areas you wish to redact is much better than trying to manually cross out image elements with drawing tools.
The Signal app also has built-in tools for photo editing and blurring. You can send a photo to yourself in the "Notes to Self" chat, then save the edited image from that chat for sharing. Signal also automatically removes photo metadata, so if you use it you're already covered with our next section:
### Scrub Photo Metadata
Photos have hidden information, or *metadata*, embedded in them which include the type of phone/camera you used, the photo's location, and other potentially sensitive data.
You should use a [metadata removal tool](https://www.privacyguides.org/en/data-redaction/) to remove this data from images before you share them with others. If you send a photo to someone using Signal, that app removes this metadata automatically.

2
blog/posts/choosing-the-right-messenger.md
View file

@ -18,6 +18,8 @@ schema_type: AnalysisNewsArticle
!["Choosing The Right Messenger" cover image](../assets/images/choosing-the-right-messenger/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure youre using the most secure, privacy respecting platform?<!-- more -->
The answer actually lies in ones [threat model](https://www.privacyguides.org/basics/threat-modeling/), which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.

2
blog/posts/delisting-startpage.md
View file

@ -17,6 +17,8 @@ schema_type: NewsArticle
!["Delisting Startpage" cover image](../assets/images/delisting-startpage/cover.png)
<small aria-hidden="true">Illustration: Privacy Guides | Photo: Unsplash</small>
Dear *Privacy Guides* Community,
On the 15th of October, it was [brought to our attention](https://web.archive.org/web/20201127034309/https://www.reddit.com/r/privacy/comments/di5rn3/startpage_is_now_owned_by_an_advertising_company/) that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models.<!-- more --> Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "[has developed a pre-targeting platform that identifies and unlocks consumer intent across channels including social, native, email, search, market research and lead generation rather than relying solely on what consumers enter into search boxes.](https://web.archive.org/web/20201127034309/https://www.bizjournals.com/losangeles/news/2017/09/20/system1-raises-270-million-for-consumer-intent.html)"

2
blog/posts/delisting-wire.md
View file

@ -17,6 +17,8 @@ schema_type: NewsArticle
!["Delisting Wire" cover image](../assets/images/delisting-wire/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
It has recently come to the attention of the *Privacy Guides* team that **Wire**, the popular end-to-end encryption messaging platform [has been sold or moved to a US company](https://web.archive.org/web/20201128215737/https://forum.privacytools.io/t/wire-swiss-gmbh-is-now-owned-by-a-usa-holding-company/1932). After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.<!-- more -->
Morpheus Ventures holds a [portfolio](https://web.archive.org/web/20201128215737/https://morpheus.com/portfolio/) including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?

2
blog/posts/firefox-privacy-2021-update.md
View file

@ -17,6 +17,8 @@ schema_type: AnalysisNewsArticle
![Firefox Privacy cover](../assets/images/firefox-privacy/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
A lot changed between 2019 and now, not least in regards to Firefox. Since our last post, Mozilla has [improved](https://blog.mozilla.org/en/products/firefox/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/) privacy with [Enhanced Tracking Protection (ETP)](https://blog.mozilla.org/en/products/firefox/firefox-now-available-with-enhanced-tracking-protection-by-default/). Earlier this year Mozilla introduced [Total Cookie Protection](https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/) (Dynamic First Party Isolation dFPI). This was then further tightened with [Enhanced Cookie Clearing](https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/). Were also looking very forward to [Site Isolation](https://blog.mozilla.org/security/2021/05/18/introducing-site-isolation-in-firefox/) (code named Fission) being enabled by default in the coming releases.<!-- more -->
Now that so many privacy features are built into the browser, there is little need for extensions made by third-party developers. Accordingly, we have updated our very outdated [browser](https://www.privacyguides.org/desktop-browsers/) section. If youve got an old browser profile we suggest **creating a new one**. Some of the old advice may make your browser *more* unique.

2
blog/posts/firefox-privacy.md
View file

@ -17,6 +17,8 @@ schema_type: AnalysisNewsArticle
!["Firefox Privacy" cover image](../assets/images/firefox-privacy/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.<!-- more -->
Because of all of this, [we recommend Firefox](https://www.privacyguides.org/desktop-browsers/#firefox) as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.

2
blog/posts/mozilla-disappoints-us-yet-again-2.md
View file

@ -16,6 +16,8 @@ schema_type: AnalysisNewsArticle
![](../assets/images/mozilla-disappoints-us-yet-again-2/cover.jpeg)
<small aria-hidden="true">Image: Unsplash</small>
**"No shady privacy policies or back doors for advertisers" proclaims the Firefox homepage, but that's no longer true in Firefox 128.**
Less than a month after [acquiring the AdTech company Anonym](https://discuss.privacyguides.net/t/mozilla-acquires-anonym-raising-the-bar-for-privacy-preserving-digital-advertising/18936), Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This "Privacy-Preserving Attribution" (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.<!-- more -->

65
blog/posts/privacy-guides-hires-three-staff-members.md Normal file
View file

@ -0,0 +1,65 @@
---
date:
created: 2025-01-17
categories:
- Announcements
authors:
- niek-de-wilde
tags:
- Privacy Guides
description: Privacy Guides is welcoming three new additions to the team.
schema_type: NewsArticle
---
# Privacy Guides Hires Three Staff Members
At Privacy Guides, we are always looking for ways to be more effective at our mission of promoting privacy and security for everyone. To help us grow, reach a broader audience, and provide more high quality educational resources, we are thrilled to announce the hiring of three talented individuals to our team! Each of them brings a strong passion to their respective roles, and we are excited about working with them.<!-- more -->
## Em Journalist
![](https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/ematprivacyguides/288/8211_2.png){ align=right }
Were excited to welcome Em (she/her), our new journalist, who will play an important role in taking our [articles](https://www.privacyguides.org/articles/) to the next level. She will be focusing on creating in-depth, interesting posts that explore the most important topics in the world of online privacy, security, and digital rights. Em will also conduct interviews with experts in the industry, analyze reports and studies, and produce investigative news stories to keep our readers informed.
*Em is a privacy advocate and publicinterest technologist who has been fervently defending privacy rights online (and offline) since 2018. Her work focuses on raising awareness and informing the public and organizations on data privacy tools, practices, and regulations. She is a passionate writer and thorough investigator, continuously working on ways to improve adoption of better privacy practices, and regularly creating educational material to make protective tools accessible to the groups who need them most.*
*Em is also a human rights activist who deeply values inclusivity, diversity, accessibility, and software for the public good. In her free time, you can find Em on Mastodon sharing privacy tips or boosting photos of cats and moss.*
[:material-mastodon: Follow Em at @Em0nM4stodon@infosec.exchange](https://infosec.exchange/@Em0nM4stodon)
## Jordan Content Producer
![](https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/jordan/288/7793_2.png){ align=right }
We also welcome Jordan Warne (they/them), our new content producer who will manage our channels on various video platforms! Jordan has a strong background in video production and content strategy, and were confident that they will help us expand our reach and connect with a broader audience. Through informative, easy-to-understand videos, Jordan will simplify complex privacy topics and keep our community engaged. Expect a significantly larger presence on our [PeerTube](https://neat.tube/c/privacyguides/videos) and [YouTube](https://www.youtube.com/@privacyguides) channels in the coming months!
*Jordan is a passionate creative with an education in both cybersecurity and photography. Having completed a Diploma of Digital Imaging at Billy Blue College of Design, Jordan is equipped with the skills and experience to take Privacy Guides' video content to the next level. Having recently completed a Diploma of Information Technology (Cybersecurity) Jordan has the unique skillset to simplify complex cybersecurity topics and turn them into engaging and approachable content.*
*Outside producing high-quality videos, Jordan enjoys exploring the Australian bush, capturing intricate details of its flora and fauna through photography.*
[:material-mastodon: Follow Jordan at @jw@social.lol](https://social.lol/@jw)
## Kevin Intern
![](https://forum-cdn.privacyguides.net/user_avatar/discuss.privacyguides.net/kevpham/288/8198_2.png){ align=right }
Last but not least, we are excited to start working with Kevin Pham (he/him), our new intern focused on community & news, who will support both Em and Jordan in their roles while also engaging with our community across all platforms. His enthusiasm for digital privacy and his commitment to helping others make him a perfect fit for our team. He will help with managing our community, and interact with our growing online community to ensure that everyone has a voice. Kevins passion and eagerness to learn will no doubt contribute greatly to our mission.
*Kevin is a senior at Tufts University studying Political Science and Science & Technology Studies. Originally from Florida, he is now freezing up in the greater Boston area. Kevin is passionate about usable security and privacy for vulnerable populations. He has previously worked with Freedom of the Press Foundation's Digital Security Team and Cornell Tech's Clinic to End Tech Abuse to help journalists and domestic violence survivors alike.*
*Besides doomscrolling on social media, he loves cooking new recipes, reading philosophy essays, and perpetuating his caffeine addiction with Vietnamese coffee. Please feel free to reach out to him to discuss anything regarding best operational security practices and threat modeling...or just say hi!*
[:material-mastodon: Follow Kevin at @kevpham@mastodon.social](https://mastodon.social/@kevpham)
## What This Means for Privacy Guides
The expansion of the Privacy Guides team continues our commitment to provide the best quality resources and information on privacy and security. With Ems investigative work, Jordans video content, and Kevins hands-on support, we look forward to communicating easy to understand and factual information with a broader audience.
Were excited to see how these talented people will help Privacy Guides continue to grow, and we look forward to the amazing work they will contribute in the coming months.
Thank you for being a part of our community, and stay tuned for the exciting new content and updates that will be coming your way soon!
Welcome aboard, Em, Jordan, and Kevin! Lets make privacy accessible for everyone. 🚀
[:material-mastodon: Follow Privacy Guides at @privacyguides@neat.computer](https://mastodon.neat.computer/@privacyguides)
[:material-youtube: Subscribe to Privacy Guides on YouTube](https://www.youtube.com/@privacyguides)

2
blog/posts/privacy-guides-partners-with-magic-grants-501-c-3.md
View file

@ -12,6 +12,8 @@ schema_type: BackgroundNewsArticle
![](../assets/images/privacy-guides-partners-with-magic-grants-501-c-3/magicblog.webp)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
In February, the OpenCollective Foundation (OCF)—[our fiscal host of 4 years](https://blog.privacyguides.org/2019/10/31/weve-joined-the-open-collective-foundation/)—sent us an email to [announce](https://docs.opencollective.foundation/) that they would be shutting down, and they would no longer be able to collect donations on our behalf (or for any of the hundreds of projects they provided fiscal hosting services to). We immediately began to consider multiple options for the future of this project, including forming our own non-profit or finding another [fiscal host](https://en.wikipedia.org/wiki/Fiscal_sponsorship).<!-- more -->
We're excited to announce a [partnership](https://magicgrants.org/2024/07/22/Privacy-Guides-Fund) with MAGIC Grants, a Public 501(c)(3) charity with the mission of supporting privacy projects like ours and providing undergraduate scholarships for students interested in cryptocurrencies and privacy. They will immediately take over all of the operations previously provided by OCF, including accepting donations on our behalf, handling any of our accounting and taxes, reimbursing team members and volunteers, and taking legal ownership of assets like our domains and servers.

2
blog/posts/relisting-startpage.md
View file

@ -16,6 +16,8 @@ schema_type: NewsArticle
!["Relisting Startpage" cover image](../assets/images/relisting-startpage/cover.png)
<small aria-hidden="true">Illustration: Privacy Guides</small>
Dear *Privacy Guides* Community,
In October 2019, we learned that System1 had become the majority shareholder in Startpage.com via a new System1 subsidiary, Privacy One Group. Due to the uncertainty surrounding the acquisition and the initial lack of clear communication from the Startpage team towards the privacy community, we were forced to delist Startpage from our [search engine recommendations](https://www.privacyguides.org/en/search-engines/).<!-- more --> In an [explanatory blog post](delisting-startpage.md), we asked for more clarity surrounding the situation, stating:

2
blog/posts/security-privacy-anonymity.md
View file

@ -18,6 +18,8 @@ schema_type: OpinionNewsArticle
![](../assets/images/security-privacy-anonymity/cover.jpeg)
<small aria-hidden="true">Image: Unsplash</small>
We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other, but they are not always dependent on each other, and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize?<!-- more --> To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Furthermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and arent offering you so that you can use them correctly.
Theres lots of ways to define privacy, security, and anonymity. Someone showed me [this](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1760#issuecomment-10452) definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:

2
blog/posts/the-trouble-with-vpn-and-privacy-review-sites.md
View file

@ -19,6 +19,8 @@ schema_type: AnalysisNewsArticle
!["Unbiased Reviews" cover image](../assets/images/the-trouble-with-vpn-and-privacy-review-sites/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides | Photo: Unsplash</small>
Theres a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy *The Greatest Service Ever* in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their “reviews” are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping youll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.<!-- more -->
When a seemingly “unbiased review” on a site is merely a paid advertisement in disguise, that website is breaking their readers trust. From a consumers point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.

2
blog/posts/welcome-to-privacy-guides.md
View file

@ -20,6 +20,8 @@ schema_type: NewsArticle
![Privacy Guides cover image](../assets/brand/images/png/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
We are excited to announce the launch of [Privacy Guides](https://www.privacyguides.org/) and [r/PrivacyGuides](https://www.reddit.com/r/PrivacyGuides/), and welcome the privacy community to participate in our crowdsourced software recommendations and share tips and tricks for keeping your data safe online. Our goal is to be a central resource for privacy and security-related tips that are usable by anybody, and to carry on the trusted legacy of PrivacyTools.<!-- more -->
As we [announced](https://web.archive.org/web/20210729184422/https://blog.privacytools.io/the-future-of-privacytools/) on the PrivacyTools blog in July, we made the decision to migrate off our former privacytools.io domain for various reasons, including an inability to contact the current domain holder for over a year and [growing](http://www.thedarksideof.io/) [issues](https://fortune.com/2020/08/31/crypto-fraud-io-domain-chagos-islands-uk-colonialism-cryptocurrency/) [with the .IO top-level domain](https://code.privacyguides.dev/privacyguides/privacytools.io/issues/1324). As attempts to regain ownership of the domain have proven fruitless, we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to [www.privacyguides.org](https://www.privacyguides.org/), and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.

2
blog/posts/weve-joined-the-open-collective-foundation.md
View file

@ -16,6 +16,8 @@ schema_type: NewsArticle
![Privacy Guides cover image](../assets/brand/images/png/cover.png)
<small aria-hidden="true">Illustration: Jonah Aragon / Privacy Guides</small>
[Privacy Guides](https://www.privacyguides.org) provides knowledge, recommendations, and services to protect you against global mass surveillance programs and encourage self-control of your data online. Our website is free of advertisements and is not affiliated with any listed providers, because we believe that our ability to recommend solutions without receiving financial kickbacks is incredibly important in remaining unbiased.<!-- more -->
However, we have always accepted and solicited financial contributions from our community. Running this network of websites and services for free to the public is a time-consuming and costly endeavor. We do it because we believe it is the right thing to do, not because we are looking to make a profit. Any contributions have been either used to pay our expenses or saved in a reserve for expansion or times of need.

2
blog/posts/why-i-run-a-tor-relay.md
View file

@ -18,6 +18,8 @@ schema_type: OpinionNewsArticle
![Tor graphic](../assets/images/why-i-run-a-tor-relay/cover.png)
<small aria-hidden="true">Illustration: Tor Project</small>
It makes me smile when I come across someone struggling with the decision of whether to get a [VPN](https://www.privacyguides.org/vpn/). It makes me smile not because of the indecision and relative lack of knowledge, but because it wasn't so long ago I was in exactly the same position—perceiving VPNs to be some kind of extreme measure only the paranoid and the criminal resorted to. How wrong I was.<!-- more -->
In just a few months I've come to realize that something like a VPN is in fact a basic measure one might take in the effort to more freely roam the Internet—tainted as it is by censorship, surveillance and many other forms of state control. So where do you go from realizing these issues if you know them to be the threats that they are to democracy and freedom? You seek to *take control*.