We may think that we know the differences between privacy, security and anonymity, however we often mix them up. People will often criticize a product or service as “not private” when they really mean “not anonymous.” Privacy, security, and anonymity often complement each other but they are not always dependent on each other and they are definitely not the same thing. A service can be private without being anonymous, or even secure without being private. Which one should you prioritize? To some extent, there are no wrong answers. It really comes down to your threat model and what your desired goal is. It is perfectly fine to pick a product that provides privacy even though it doesn't provide anonymity. Futhermore, it's okay to pick a product that doesn't provide security if it does provide one of the other features. The important thing is that you need to be aware what these products and services are and aren’t offering you so that you can use them correctly.

There’s lots of ways to define privacy, security, and anonymity. Someone showed me this definition and I really liked it. It seems to pretty much hit the nail on the head when applying these terms specifically to data privacy and cybersecurity:

Anonymity: The sender and/or recipient's real ID is unknown

In the real world this could be a secret admirer sending a valentines day card. Online this could be when the ip (or fp/opsec) footprints cannot lead back to the poster: e.g. Tor

Privacy: The contents of the message can only be seen/heard by the intended recipient(s)

In the real world this could be a whispered conversation between two people in the middle of Siberia. Online this could be a Signal message, which is end-to-end encrypted and only the recipient & sender can read the contents

Security (in the context of privacy/anonymity): The parties involved are who they say they are

In the real world this could be something unique and verifiable such as a passport or fingerprints. Online this could be certificates or PGP signatures.

These topics often overlap: Privacy can help your security because if people don't know information about you, they can't effectively target you. For example, an attacker that doesn't know who you bank with cannot know which bank to target. Security can protect your privacy by forcibly controlling who has access to that information about you. Let’s take a few examples:

Security without Privacy or Anonymity

The most obvious example of this that comes to mind is Google. Google has had almost no major data breaches in all their years of existence, yet they know almost everything about everyone to the point that the former CEO Eric Schmidt remarked "We can more or less know what you're thinking about." Google offers world-class security with zero privacy or anonymity.

Security & (some) Privacy without Anonymity

Consider the renowned encrypted messaging app Signal. Because your phone number is required, you can be unmasked by a court order or even a web search depending on the phone number you use. However, Signal is renowned for having some of the best security in the world, and the content of your messages and the information you transfer will be protected and controlled even if your identity is not. Top-notch security and privacy over the content of your messages, but anonymity cannot be guaranteed.

Anonymity without Security

Cash is a great example of this. Paying for a product in cash preserves your anonymity - unless the business requires it, you don't have to give any kind of information at all. Yet, you have no security if the seller doesn't deliver the item (unless you have a receipt). You have no protection from fraud or anything like that.

Security with Privacy & Anonymity

XMPP is arguably the best example of this. XMPP allows you to sign up without any real information, over a VPN or Tor connection for total anonymity. Additionally, the conversations can be protected by OMEMO encryption, meaning the data itself is also private. When used properly, this is as closed to perfect as you can get, if a bit user-unfriendly. (Editor's note: XMPP is not officially endorsed by PrivacyTools for reasons listed here.)

Closing Thoughts

These three concepts are not necessarily dependent on each other. A secure product does not guarantee privacy, a private product does not guarantee security, and anonymity does not guarantee either. Also as I said before, there is nothing wrong with valuing one facet over another.  It's also okay to use Signal even though it doesn't give you total anonymity. Just be sure you understand how a product is meant to be used and where it both shines and falls short. It would be awful to use Google thinking that it will give your communications total privacy and then your financial details get stolen by a rogue employee. Or if you used a service like Signal to organize protests in a hostile country only to be arrested once your phone number is unmasked. Know the limitations of the services you choose and decide what features are important to you. It’s also important to know that privacy and security are sliding scales. This is could be an entire blog post on its own. Think of passwords. Any password – even “password” - is technically more secure than no password at all. But a 16-character randomly-generated password is even more secure than “password.” Sometimes it’s okay to find a solution that offers a blend – less privacy in one area in exchange for more security in another, or vice versa. Once again, it all comes back to your threat model, your needs, and your resources.

Cover photo by Philipp Katzenberger. Originally published on The New Oil.

Since April 2019, one of the primary goals of PrivacyTools has been to promote the creation and use of decentralized and federated networks to replace the centralized giants like Google and Facebook that have taken control of the internet over the last decade. Already we've launched Mastodon and WriteFreely instances with thousands of users, and our Matrix homeserver is one of the largest in the Matrix fediverse.

This week, we're happy to announce another instance in our foray into federated platforms, tube.privacytools.io, an open and curated PeerTube instance that you can use to view videos on any instance in the interconnected PeerTube network.

What is PeerTube?

PeerTube is software you can install on a server that allows you to create your very own video hosting website, a "homemade YouTube" if you will. The difference between PeerTube and YouTube is that PeerTube is not a massive platform centralizing videos from all their users on a single server farm. Instead, PeerTube connects many small and independent video hosting providers, using the same technology as Mastodon and WriteFreely: ActivityPub.

PeerTube is the only video hosting platform that combines open code, federation, and peer-to-peer broadcasting/viewing into a single service, ensuring that the network is completely free and robust, even if your video goes viral!

In an ideal world, every content creator would host their own PeerTube instance and upload their videos there, and every viewer would host their own PeerTube and use it to follow others. Federated platforms thrive with as many instances as possible, and if that is something that excites you, you should definitely check out joinpeertube.org for more details on setting up an instance.

Our Instance

Of course, there are always users who simply don't have the time, knowledge, or budget to host their own services, and that's fine too! That's why we launched our instance with open registration, so you can join the PeerTube community just by creating an account. An account on our instance will allow you to like, comment on, and subscribe to the numerous videos and video creators on the PeerTube platform.

Of course, since PeerTube is ActivityPub-based, you can actually subscribe with any ActivityPub platform, including subscribing to creators with a Mastodon account:

An account on PeerTube simply gives you a more video-centric viewing experience compared to Mastodon, but you have the option to choose what works best for you!

For Content Creators

We do realize that for video creators, hosting your own PeerTube platform is a unique challenge. Depending on your size, servers and bandwidth can quickly become costly. And even though PeerTube tries to mitigate this as much as possible with Peer-to-Peer video viewing, that cost may still be significant to you.

That's why we are offering free, unlimited video hosting to privacy and technology focused content creators. That's no limit to either video storage or bandwidth, and we believe our infrastructure can handle many, many viewers at high performance to get your content out to as many people as possible.

Uploading to PeerTube is as simple as pasting a link to an existing YouTube video you hold the copyright to, or uploading it manually yourself. If you don't want to upload to PeerTube regularly, please reach out anyways, we can run automated scripts on our side of things that will mirror your YouTube channel for you with very little effort, with your permission.

Techlore is the first content creator to partner with us to bring his YouTube content to the PeerTube network! We're very excited to get his videos out to our community. If you want to experience the PeerTube viewing experience for yourself, check out his channel on our instance.

But maybe you already host a PeerTube instance already, or the idea of setting one up doesn't scare you. Please, reach out to us anyways! We are happy to follow informative non-spammy instances to boost your content on our discover page, and provide instance redundancy to reduce the bandwidth load on your own instance. PeerTube's redundancy controls allow our server to mirror your content, so that viewers will automatically download content from us as well.

Over the last week we've been working with Sun Knudsen, a privacy content creator who recently launched his own PeerTube instance to mirror his YouTube content. By enabling video redundancy with his server, we're able to share the bandwidth load without harming user viewing experiences. Check out his channel for some more great content!

Finally, if you're not a content creator, but you know someone else who would be perfect for the PeerTube platform, please encourage them to reach out!

Our instance will be highly curated: We are primarily looking for content creators who will help advance the message of online privacy and self-hosted technologies, so unfortunately we can't provide accounts for every creator under the sun. But, even if your content isn't quite compatible with the tone of our local PeerTube community, we are still happy to help you find the perfect instance for your content, or help set up your own node in the fediverse.

Final Thoughts

We are very happy to support PeerTube and we believe there is tons of fantastic content to watch on the network.

PeerTube is currently in the middle of a crowdsourcing campaign through the end of this year. They have currently surpassed their target of €20,000 for the month of July and are well on their way to raising their final goal of €60,000 by November.

Contributions will fund the development of many new features coming to PeerTube's future, including additional plugin and playlist functionality, and live-streaming! If you are interested in contributing to the future of federated and Peer-to-Peer online video, please consider sending some support their way.

And of course, if you like what we're doing here at PrivacyTools, consider a contribution to our project as well. The donations of all our fantastic supporters will allow us to continue hosting and promoting great services for years to come!

If nothing else, create a PeerTube account or instance, and get watching :)

Media

Branding Resources

You are being watched. Private and state-sponsored organizations are monitoring and recording your online activities. Since 2015, PrivacyTools has been providing services, tools and knowledge to protect your privacy against global mass surveillance.

Press Contacts

Jonah Aragon
PrivacyTools
jonah@privacytools.io

With the ongoing COVID-19 pandemic, many of us have had to make rapid lifestyle adjustments to keep up with social distancing and isolation rules. More of us are working and studying from home, and using telecommunication tools for conferences and lectures is becoming a daily habit for people around the world.

One of these tools in particular, Zoom, has seen a huge increase in use since the COVID-19 outbreak. This is due in part to their clever marketing and support materials they've provided to teachers, students, office workers, and employers. Consumer Reports privacy researcher Bill Fitzgerald has suggested Zoom is using the pandemic as a selling opportunity.

Zoom's Privacy Woes

Of course, everyone is keen to continue work and keep productivity at a steady rate through this crisis, and to many employers Zoom appears to be a great option to do so. And Zoom is happy to take on customers who will likely continue to use their services after the pandemic subsides, where they can continue to mine the personal data of their users.

Many institutions and workplaces did not have preparations in place for a crisis of this scale, requiring them to adopt technology without taking the time to consider the privacy and security implications of the solutions chosen, — of which there are a number — prompting bans from organizations like the United Kingdom's Ministry of Defence and SpaceX. Zoom may not be suitable for you or your organization, as privacy breaches continue to pop up. Just days ago it was revealed that Zoom was leaking email addresses and other profile information to other users with an address on the same domain. More bad news for Gmail users!

Zoom is not the best choice for protecting communications privacy. Zoom falsely claims to support end-to-end encryption (E2EE), when in fact Zoom only uses regular transport layer security (TLS) such as that used when visiting https websites. This means that Zoom can see the contents of your conversations and calls, when this would not be possible with true end-to-end encryption.

If you do have the ability to choose what platform you use, we recommend considering Jitsi or BigBlueButton, two options which can be hosted by your business or institution internally, rather than relying on their cloud offerings. At PrivacyTools, we've also compiled a list of recommendations for Real-Time Communication you can also check out, especially if you need more than just video.

But sometimes we don't have the opportunity to choose the platforms we must use to communicate with our coworkers, students, and friends. If you are required to use Zoom or software like this, that you do so using a Virtual Machine (VM). A VM is a program that works like a completely separate computer inside your computer. The "host" operating system, which is your main system, continues to run everything you might need, while a "guest" operating system also runs completely independently. You can run any programs you want — like Zoom! — inside this guest operating system, and they will be completely isolated from your system and files. It won't even know the host exists!

Using a VM will help with maintaining some security, especially if you need to use a personal device at home to work. Bugs like these recently discovered exploits that allowed malicious websites to enable your webcam, the use your camera without consent and the discovery of a user's Windows username and ability to steal credentials would not have been possible, as Zoom would be completely isolated on your device and would not be able to run at all when your VM was shut down. It's also worth noting that Zoom has decided on a complete feature freeze in an attempt improve security and privacy.

When Zoom is confined in the VM, it cannot see what applications are open outside on your host operating system. We recommend users avoid attaching their webcam, (if they can). However, some users have reported that it is encouraged or required by their school or employer. Fortunately in these cases, you can still attach your webcam as-needed to the guest operating system for full functionality.

Setting Up Zoom in a VM

Creating a Virtual Machine for applications like Zoom is a relatively easy task for most tech-savvy users. We are going to outline the basic steps you need here, but if you need more guidance I've created a separate guide with detailed instructions and screenshots to help you through the process.

What You'll Need

• A computer capable of running a Virtual Machine. Most modern machines should be, but it is worth double-checking.
• A Virtual Machine "hypervisor": This is what actually runs the VM. For most people the free VirtualBox program works well, and it is what we use in our guide. Advanced users may wish to use a solution like Parallels, VMWare Workstation, Hyper-V, or Gnome Boxes, all of which will support this functionality as well.
• VirtualBox users who need webcam support should also download the VirtualBox Extension Pack from their download page.
• A Debian ISO (Linux installer download, torrent)

Overview

1. Verify your Debian ISO is legitimate. If it's compromised now it might not boot, or you might be inadvertently installing malware!
2. Install VirtualBox and the VirtualBox Extension Pack if you haven't already.
3. Create a new VM in VirtualBox. Set the type to Linux / Debian, give it a good amount of RAM (30-40% of your total RAM is good for most users), and create a virtual hard disk.
4. Open the VM's settings and attach the Debian ISO you've downloaded. You can also adjust the video memory (typically setting this to 128MB or higher is best).
5. Start your new Debian VM and complete the Debian installer that should automatically start.
6. Install VirtualBox Guest Additions in Debian.
7. Attach any devices (like webcams) you might need to use to the VM, and reboot the VM.

Now you can install pretty much any software you'd like in your new Linux VM, and it will be completely isolated from your main machine. Remember if any of this is confusing, I've created a more complete walkthrough you can download that explains these steps in detail. Once you're in, you can use the web browser built into Debian to download Zoom, and you're good to go!

As the world finds itself preoccupied with COVID-19, the United States government is trying to pass a law to ban encryption.

It's called the EARN IT act, and while it claims to combat the sexual exploitation of children online, it has potentially devastating repercussions for encryption and companies that use it.

EARN IT focuses specifically on Section 230, which has historically given tech companies freedom to expand with minimal liability for how people use their platforms. Under EARN IT, those companies wouldn't automatically have a liability exemption for activity and content related to child sexual exploitation. Instead, companies would have to "earn" the protection by showing that they are following recommendations for combatting child sexual exploitation laid out by a 16-person commission.

(Source: WIRED "The EARN IT Act Is a Sneak Attack on Encryption")

The US government has never been a fan of cryptography even though they make extensive use of it themselves. The "Crypto Wars" provide more than enough evidence to suggest that this might not be the only reason they wish to ban the use of encryption by the public. A suspicion only further realized when you understand the breadth of the National Security Agency's spying capabilities as demonstrated by Edward Snowden.

The logic behind the EARN IT act does not seem to add up.  If we ban things because unsavory people use them then why does the US allow guns, for example? The problem is that strong lobbies who have the power to influence both politicians and the voting public exist to ensure that things like guns are never banned. Meanwhile, privacy advocates have such a small voice in comparison.

It is also important to note that encryption is available to everyone, yet only a few use it for the wrong reasons. I am not responsible for the actions of anyone except myself. Group punishment is rarely the best option. PGP and similar encryption software were created to improve the privacy of communications and online file storage. The idea of secrecy or privacy is bound to attract some of the wrong people, and yet encryption is also a force for great good. It is used by governments to keep their secrets safe and privacy-seekers to take control of their information. It is used by activists, victims, and thousands of others who rely on it for their personal safety. And it is used by millions of regular people who use encryption — perhaps not even realizing it — on a daily basis to keep their identity, finances, medical information, and more out of the hands of criminals and ne'er-do-wells.

People with the wrong intent will always find ways to get around anti-encryption laws, and there are many forms of communication that would be impossible to police. Memespeech for example, is a supposedly censor-proof method of encryption which hides messages inside normal passages of free speech by adjusting the letter formatting. While Memespeech was built as a counter to the EARN IT act, it demonstrates that any encryption technology — including itself — could be easily built and utilized by the wrong people. Banning encryption unfortunately won't prevent pedophiles from communicating, it will only harm law-abiding citizens.

If you live in the United States, the best thing you can do right now is to call your representatives and tell them not to pass the bill. The EFF has built a helpful tool if you are struggling with this.

In this time of struggle, we must continue to pay a close eye on all aspects of our governments and their actions. The US government is already taking advantage of the situation, as they are currently also in talks with phone companies to use phone location data to help track the spread of the virus. Even if this power could be used responsibly to help prevent the spread of disease, historically we have seen that when power is handed to governments in the midst of a crisis, it is incredibly difficult to take it away in the aftermath.

And if you find these ideas alarming, it is also important to realize your privacy is being abused on a daily basis. If you aren't already aware of this and actively doing something against it, this is a great time to get started and find out more. There are lots of great websites, communities, and video channels to help you learn.

Cover photo by Gage Skidmore

One of the most common questions users have when it comes to privacy is about messaging services. It seems almost all of them mention some level of privacy or encryption to entice the user to sign up for their service, but how can you be sure you’re using the most secure, privacy respecting platform?

The answer actually lies in one’s threat model, which is often an ignored step in choosing all privacy related apps and services, meaning a lot of users limit their internet and communication experience because they believe they need Edward Snowden level privacy settings.

The truth is, each user needs to decide what their privacy goals are. Is your goal to stop corporations from tracking you, targeting you, and profiting from your data? Or, are you are trying to hide communications from the government or law enforcement, which is common for journalists and activists who want to protect their sources or communications from government eyes?

Once you understand your goals you can start to look at messengers and their upsides and downsides, and it’s important to remember, there is no perfect solution. Each service, no matter how secure can be compromised, because at the end of the day, you’re dealing with other humans who can screenshot, copy, or forward your messages to parties you did not intend to see them. So, it’s also important to know who you are messaging, verifying their keys, and ensuring that you place the utmost trust in them with the content you are sending.

If your goal is to simply avoid corporate tracking and the harvesting of your data from your communications, you can eliminate apps such as Facebook Messenger and WhatsApp, both services owned by Facebook and while offering encrypted messaging (optional in Messenger), Facebook reads your non-encrypted messages, and WhatsApp has fallen victim to security breaches.

For this type of user, your options are much more wide as you may be more willing to share your email address or phone number at signup and can be less concerned with metadata (we will get to that shortly), and you want to look for a messenger that simply isn’t scanning your content or behavior to sell it.

If your goal is to evade more massive state-sponsored surveillance programs, the aforementioned apps are out of the question, but so are many others.

This is because when it comes to these apps, and other like it, you don’t own the encryption keys, the service does, so they are able to decrypt your messages, for their own use, or for the use of government officials who request it. This is something important you’ll want to remember as you choose the messenger that is right for you.

Even Apple’s iMessage, which is encrypted, while more secure than Facebook’s offerings, still control the keys and can access your messages if necessary. Apple does also collect data based on your behavior, so while using iMessage isn’t the same as handing your data over to Facebook, you’re still messaging with a variety of privacy vulnerabilities. On Android, you’re using SMS messages which are even less secure and can be easily hijacked by someone with just enough know-how.

Metadata

One important aspect of messaging apps you need to be sure of is what kind of metadata it exposes, what is encrypted and what isn’t.

Wire, a popular encrypted messenger app has always been criticized for its decision not to encrypt user metadata, such as the date and time of registration, IP geographical coordinates, and the date and time of creation, creator, name, and list of participants in a conversation.

Metadata can be used to place you in a certain location, speaking to a certain person and can be used against you by law enforcement, even if they have no idea and no access to what the conversation was about.

Apps such as Signal, or Wickr encrypt metadata, making the conversations between two or more parties more secure and harder to track individual users with.

When it comes to avoiding corporate data mining, your metadata won’t be as useful, especially if you’re using a service that is not profiting from your data to begin with. For those avoiding state-sponsored surveillance, metadata can be a killer.

Encryption

This article will not get into the complexities of the best kinds of end-to-end encryption (E2EE), but ensuring your messenger has it, that must be discussed.

The popular messaging app Telegram has come under fire the most for this. Telegram says on their homepage that, “Telegram messages are heavily encrypted and can self-destruct.” Yet, this statement is only partially true. Yes, you can set your messages to self-destruct, a great privacy feature for some, and yes, they do offer encryption, but what they don’t tell users is that encryption isn’t turned on by default.

In an interview with Gizmodo, Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union said that, "There are many Telegram users who think they are communicating in an [end-to-end] encrypted way, when they’re not because they don’t realize that they have to turn on an additional setting,” he continued to say that while he’s happy they offer the encryption, it’s not useful if it’s turned off.

Apps such as Signal, Keybase, and Wickr offer E2EE by default. Less popular but quickly growing apps such as Element, offer E2EE but like Telegram, have not made it a default setting, though the Matrix.org team has said that default encryption is on their road map.

Ensuring your conversations and metadata are E2EE is one of the best practices you can have when choosing a messenger.

Sign Up Process

When it comes to your goals and threat model, you will need to decide how much, if any, information you’re willing to give this company on signup. Do they require a phone number and or SIM card? Do they require an email address, or do they allow completely anonymous signups, and how anonymous is anonymous? Are they storing that info (remember the metadata) unencrypted?

Giving up your phone number or email won’t be a big deal for many, as any good privacy policy will state they won’t use it for any purpose other than those you’ve granted permission for. Yet, for those avoiding state-sponsored surveillance, you may have a regularly changing number, no number, or would rather not risk giving that information up. Same goes for email.

So, you will want to find a service that fits this need. While Signal is currently testing signup without a phone number, currently you’re unable to do so. Element, Wickr, many XMPP services, don’t require anything but choosing a username.

Source Code

Open source may be the most used phrase in all of privacy and security, and for good reason. It’s really helpful to be able to review the source code of the product you’re trusting. Experts can look for backdoors, leaks, and other bugs. Organizations that opt to open source their code are showing good faith effort to increase trust between them and the user.

Yet, open source can also limit your options, again, depending on your threat model and goals. Signal, Wire, and Keybase all offer open source repositories of their applications, and sometimes even the server software itself.

Open source also doesn’t mean secure. This is often misunderstood, and people hear open source and assume it must be good. Look at the apps code you want to use, you don’t need to be able to check it, but are others? An open source app that no one follows, or contributes to is no more or less secure than a closed source app.

Wickr, Threema, and others are closed source. They don’t offer the ability to check the source, but that doesn’t immediately rule them out either. When the Electronic Frontier Foundation (EFF) had a comparison chart for messenger apps, it gave Wickr 5-stars. This doesn’t mean it’s perfect for someone like Snowden, but for those avoiding Facebook and Google, it could be a usable option.

It’s also important to remember there’s no way to check that someone is always using the source code in their repository in the app or server you’re downloading from the Apple Store or Google Play. When it comes to this, reputation becomes a key player in your decision, as does trust, which we will get to next.

If you’re unsure what to do here, it’s always a safe bet to stick with open source that has a large contributor base and strong reputation. It’s always best to use open source options when they are available and only recommend closed source when there isn’t a usable open source option. This is generally a good way to pick a messenger app as well.

Ownership & Trust

An often overlooked, but increasingly important part of choosing a secure messenger is, who owns the company that’s providing your service? What would the gain or lose from selling your data and who does the company answer to?

Wire recently lost a great deal of trust and standing in the privacy world because they quietly sold their company and moved it to the US. They also changed parts of their privacy policy making it harder for users to tell when Wire would share customer data. They did all of this while never updating their current users of such changes, either to the change of the privacy policy, or the move to the US.

Wire also took in more than $8 million in venture capital funding. So now, users wanted to know more about who owned their data and what jurisdictional rights were changing with the move from Europe to the United States?

These are questions we must ask of all services. Wire now has investors to answer to who will want a return on their millions of dollars.

Signal on the other hand is a non-profit which does not rely on investors and instead relies on donations, sponsorships, and grants. Because of their non-profit status in the US, they must also be highly transparent about not only where the money comes from, but how they spend it. So, users can see where this money goes, and who it’s going to.

Matrix.org (the service Element uses) runs a similar business model as Signal, located in the UK instead of the US, they reply on donations, partnerships, and grants. Matrix.org is heavily supported by New Vector, a venture capital backed company, however, Matrix.org as a non-profit is transparent about its spending, income, and influences.

Not all services are non-profit, and that should not rule them out immediately. You can also follow their funding goals. Wire lost credibility because instead of simply relying on user signups, they wanted to be the next Skype for Business and wanted to build a larger enough user base to get the attention of investors. Meanwhile apps such as Wickr, while for-profit, is transparent about taking limited investors to become sustainable on subscriptions.

This can take some time, because it’s important to know who the investors are, and what the organizational goals are. Will they eventually need to resort to data harvesting to sustain itself, if they do, and you decide to leave the platform, will you leave behind data you don’t want them to get their hands on?

Making your choice

Now it’s time to choose a messenger and no one can do that for you. Popularity will need to play a role here, there’s no point in joining the new up and coming messenger service if you don’t have a single contact using it as well. One reason Telegram has been so popular is they have managed to convince more than 100 million people to sign up. If you sign in today, you’ll likely see a group of your friends in there. Signal isn’t as far behind, and others are catching up.

You’ll need to decide who you trust, and who your other contacts trust, and then compare all of that with your goals and your threat model. How much information are you willing to give on signup, does metadata matter to your threat model, and is the service you’re choosing likely to sell itself to the highest bidder once enough people sign up?

The important thing to remember is there is no one size fits all for messengers, and that each user must decide what is best for them. If someone is an avid WhatsApp or Facebook Messenger user, even Telegram is a step in the right direction. Yet, if that user is concerned with more than just giving data over to Facebook, they may need to look at more secure options.

Ensure you keep your messenger apps up to date. You don’t want to discover you’ve been compromised because a bug found in version 1 was fixed in version 2 but you didn’t bother upgrading your apps.

One last piece of advice is that users need to be diligent and never become complacent in their decision. You must be willing to change services if the goals and values of your messenger of choice change in a way that no longer match yours. Look for news of sales, mergers, or acquisitions that could compromise the organization.

Dan Arel is a journalist, author, and privacy advocate. He's also the editor of ThinkPrivacy.io. This article was originally published to Hacker Noon on November 27th, 2019.

There's a massive problem in the privacy world. Websites, social media accounts, and other platforms are constantly popping up out of nowhere, telling you to buy The Greatest Service Ever in order to solve all your privacy woes, whatever that may be. These websites often employ marketing teams to make sure their "reviews" are what you see first when you begin your research. Some of them are even operated by VPN providers themselves, operating under anonymous business entities to hide their bias, or doing it right out in the open, hoping you'll mistake their advertising-filled press releases and blogs as insider knowledge of the VPN space.

When a seemingly "unbiased review" on a site is merely a paid advertisement in disguise, that website is breaking their reader's trust. From a consumer's point of view, affiliate marketing and other paid promotional techniques like this make it near impossible to know when a review is genuine or not.

This isn't going to be a lengthy blog post on advertising being bad, far from it. In fact, many of the VPN providers we recommend engage in responsible advertising across various platforms. The key is transparency: Their advertisements should look like advertisements, and nothing else.

The Bad

I'm really looking to take the time here and identify "the bad" sites and resources that use these techniques to profit off a community just looking for reliable answers. Lots of sites like these will claim they're acting in your best interest, but they're just here to make money.

One common thing I'll see on these sites is a ranked list of providers that are ostensibly the best ones to choose from. These sites have supposedly done all the work for you, so you can just click and go, assured you're making the right choices.

So here's my issue with ranking VPN providers: Let's face it, VPN providers are all offering the same service, and they will either protect your information or they won't. Ranking providers like this only serves as an easy way to guide users to a certain choice (in this case, the choice that will make the reviewers the most money).

Let's look at one of these "review" sites for example, which will go unnamed for the purposes of this article. On their homepage they prominently list 10 providers as the "best" VPN services, in this order:

1. NordVPN
2. Surfshark
3. ExpressVPN
4. PerfectPrivacy
5. IPVanish
6. Mullvad
7. CyberGhost
8. Trust.Zone
9. ibVPN
10. Private Internet Access

To their credit, this review site also helpfully included an advertising disclosure in their footer. On this fairly well hidden away page, they note that they participate in affiliate programs from 8 providers, as follows:

• NordVPN
• SurfShark
• ExpressVPN
• Perfect-Privacy
• IPVanish
• CyberGhost
• Trust.Zone
• Private Internet Access

Hmm. Look familiar? Of the 73 providers this site had reviewed at the time of writing this article, all eight of the VPN providers paying this review site happened to make their top 10 recommendations. In fact, you'd have to scroll down to #6 before you found a provider that wouldn't pay them, practically buried.

Furthermore, their list includes NordVPN, a company notable for not disclosing security breaches in a timely fashion, and ExpressVPN, a provider notable for once using weak 1024-bit encryption keys to protect their users. By any objective standard, these providers do not deserve to be included in a top 10 recommendations list for securing anybody's information. This review site in particular claims to have set criteria for their recommendations, but this just demonstrates that any criteria can be adjusted to fit any goal you may have.

If these sites truly wanted to be helpful, they would consolidate all the relevant information and present it to their users without making the choice for them. A provider is going to be better or worse for every user depending on their particular situation, and encouraging making an informed choice between options presented equally is far more beneficial to putting one over the other in a largely arbitrary fashion.

But that isn't to say they should just throw all the providers in a big table and call it a day. Almost worse than the ranking scheme above is when sites provide out of context lists of providers, often just with pricing and a link. Sometimes they will link you to a full review (more on that in a bit), but for the most part these sites just expect you to follow their recommendations blindly.

These read like advertisements, because they usually are. Once again we see the usual suspects — NordVPN, ExpressVPN... — paraded as the gold standard in the VPN space, not out of any inherent value, but based on the value of their affiliate programs. To further this point, let's take a look at how much each of the five providers above will pay you for a referral (on a one month plan).

1. ExpressVPN: $13 for first month
2. NordVPN: $11.95 for first month
3. VPNArea: $4.95 for first month
4. VPN.ac: $2.90 for first month

Unfortunately, Perfect Privacy would not share their commission rates publicly, but if anyone has any information on that I'd be happy to receive it. What I will say is that based on the information above, I would not be surprised if it fell right between ExpressVPN and NordVPN's rates. Their one month plan costs $12.99, so assuming a 100% match on the first month (the standard from NordVPN and ExpressVPN) that would add up quite nicely.

Once again, we see a lineup of providers ordered in a way that appears to conveniently pay the most to the website owner. And therein lies the issue with affiliate programs. Once you begin receiving financial compensation on a per-signup basis, you are now motivated to push the most users to the sites that pay more on a monthly basis, rather than the sites that will actually help the user.

Occasionally, these recommendations are coupled with a "review" that is supposedly independent and unbiased, but in reality are simply more marketing tools to persuade you towards their opinions. In most cases, these reviewers will simply copy the VPN provider's own press releases and even media, presenting their advertising as fact to their readers. These reviews are always hidden away as well, with main navigation links directing users towards the more affiliate-link-laden lists and tables that they'd much rather you browse. The true value of these review articles is the Search Engine Optimization (SEO) advantage they bring in the rankings on Google, and not much more. More traffic = More clicks, at the expense of good, independent content and integrity.

The Good

This isn't to say all tables or lists are bad, it's how they're presented rather that makes or breaks a site. ThatOnePrivacySite.net for example sets what is perhaps the gold standard of VPN comparisons:

Here's the difference. They include virtually every provider — the good and the bad — and present them at equal value to sort through. Instead of providing their readers with answers, they provide them with information that can be used to deduce their own recommendations, based on their values as an individual.

But some users just want the answers, and that's fine too. I think there is still definitely a way to provide recommendations without introducing financials or bias into the equation. At PrivacyTools, we've developed a set list of criteria, and we make that abundantly clear when you read our list of recommended VPN providers.

We also refrain from using affiliate links. As we've discussed, they are fundamentally flawed ways to market a service, and using them would break the trust our community has in our recommendations.

We do have a newly-introduced sponsorship program, but all of our finances are handled in an incredibly transparent fashion. As a non-profit organization, the funding we receive cannot be used for private profit, and our community can see both where we receive money from and how it is being spent thanks to Open Collective. Additionally, the recommendations on www.privacytools.io are handled by an entirely separate team of editors and contributors than the administrative team such as myself that handles the sponsorships and finances. The editors have sole control over our recommendations and operate entirely independently and on a volunteer-basis to ensure the choices we make are for the benefit of the privacy community over one individual.

Ultimately, as a matter of policy our sponsors have no say over our recommendations, or whether they are recommended or a competitor is removed. We have given our community vast access to our website and internal workings to keep us in check and ensure we're staying true to our word. This separation of management and editors is a strategy that has served the media industry well for decades, and makes all of our team and organization a more credible and trustworthy source of information.

In Summary

We have a lot of points we want to get across. The current landscape of privacy reviewers and "experts" weighing in on topics regarding the very companies that pay for their reviews is morally reprehensible, and just another way for big tech companies to collect all of our data more easily.

Review sites should make it abundantly clear when their reviews are paid for by the VPN companies in any fashion, whether that be via affiliate programs or good old-fashioned sponsorships. This can't be via a hidden-away disclosure in the footer or not published at all, but clear and close in proximity to the claims published on their site. Customers are not expecting or seeking out these disclosures when they visit review sites, and can't be expected to immediately discern whether you're speaking from a place of unbiased fact, or from a place with the greatest financial incentive. Better yet, they should reconsider their entire business model. We built PrivacyTools from the ground up in 2015 based solely on a community donation model that still keeps us sustained. It's the more difficult way to build a site to be sure, actually working to gain the trust of a huge community, but the difference in quality and integrity is remarkable.

VPN providers should consider spending less money on paid reviews, and more money on securing and validating their infrastructure. Regular security audits are one fantastic way for companies to demonstrate their dedication to keeping their users secure. We strongly believe VPN services should consider the PrivacyTools VPN Criteria, especially in regard to the ownership of their organization. Your VPN provider should not be hiding away in Panama controlled by anonymous leadership. While you as a user deserve privacy, transparency should be required of providers if you are expected to trust them. I would not give my money to some anonymous overseas investor, why would I give all of my internet traffic to some anonymous overseas administrator?

Finally, when you're choosing a VPN provider, do your own research. Understand what a VPN actually does for you. Understand what it is a security audit proves, find out who owns and operates the VPN service you want to use, and make sure their policies and technologies reflect your values. Again, we'll recommend ThatOnePrivacySite and PrivacyTools as great resources to get you started, but ultimately gathering the information yourself and making an informed decision is the only way to make sure your privacy is being respected.

Update 11/21: I've clarified this article to make it clear that I cannot objectively prove how much a "review site" is profiting off any particular provider, without having access to their private financial statements. The findings in this article were based on public information from affiliate programs and opinions were drawn accordingly.

It has recently come to the attention of the PrivacyTools team that Wire, the popular end-to-end encryption messaging platform had been sold or moved to a US company. After a week of questioning, Wire finally confirmed they had changed holding companies and would now be a US based company in a move they called “simple and pragmatic,” as they worked to expand their foothold in the enterprise market. This also came alongside the news that Wire had accepted more than $8 million in Venture Capital (VC) funding from Morpheus Ventures, as well as other investors.

Morpheus Ventures holds a portfolio including companies in healthcare, voice AI, life insurance, and retail customer data analytics: All sectors that have historically used invasive data collection methods to survive. Why would a VC with a portfolio centered on consumer data want to invest in a company whose mission claims to protect that very same information?

Earlier this year, Wire announced they had entered a partnership with FedResults, in a move that would bring Wire's secure messaging platform to US federal agencies. This raised a few eyebrows, but did not alarm the privacy community as Wire remained Swiss based and beholden to Switzerland's strict privacy laws. Today however, while much of Wire's business will continue to be run out of their Swiss offices, with new US-based ownership it is not entirely clear how much jurisdiction the United States will have over Wire data.

This is alarming because it is well known that Wire stores unencrypted metadata for every user.

In an interview with TechCrunch, Wire CEO Morten Brøgger said of privacy laws: “We are in Switzerland, which has the best privacy laws in the world” — it’s subject to Europe’s General Data Protection Regulation framework (GDPR) on top of its own local laws — “and Wire now belongs to a new group holding, but there no change in control.”

Even if he is correct, the move and statement do bring up further questions. With Wire now being a US company with contracts partnering it with US federal authorities, will those authorities now have leverage to compel Wire to give up metadata on users? Wire has investors to answer to and will not be able to risk losing large deals with clients like the US federal government. This is of course a hypothetical situation, but one to be considered nonetheless as we decide which services to recommend on PrivacyTools.

Wire also quietly made an adjustment to its own privacy policy. A previous version of the policy (July 18, 2017) stated it would only share user data when required by law. Now (Updated September 1, 2018), it reads they will share user data when "necessary." What does necessary mean, and necessary to whom? Necessary to law enforcement, shareholders, or advertisers? The word "necessary" is an alarming change because "necessary" is purposefully vague terminology that could conceivably be used as a tool to justify any action. This change doesn't leave the user with much confidence as to when the company may share your data.

Yet another red flag, and one of the more important ones to us, was is that Wire decided not to disclose this policy change to its users, and when asked why, Brøgger was flippant in his response, stating: “Our evaluation was that this was not necessary. Was it right or wrong? I don’t know.”

We feel we do know, and the answer was that it was wrong. Privacy and security are not built solely on strong technology, but on trust. Yes, we can review Wire's open source code on GitHub, but we can't ever be sure that code is the same exact code that runs on their servers in practice. Yet, we have trusted them in the past because Wire had built a trustworthy reputation for themselves. We now feel that Wire has lost this reputation. By deciding to withhold information regarding its ownership and policies from its users, Wire has broken the trust our community has placed in it, and worse yet sounds almost dismissive of the worries voiced by the privacy community that had long held them in high regard.

Because of these ongoing concerns, and this break in trust in Wire's organization, PrivacyTools has made the decision to remove Wire from its recommendations. It is worth noting that does not necessarily mean Wire is unsafe, but we believe it is our duty to recommend products that we as a team feel comfortable standing behind. We need to believe in the security, privacy, and integrity of our recommendations, and we no longer feel we can do that with Wire at this time.

May 3rd, 2020 Update: Startpage has answered all of our questions for them and has clarified their policies. We have decided to relist them on PrivacyTools, and you can read our latest announcement for more details.

Dear PrivacyTools community,

On the 15th of October, it was brought to our attention that Startpage.com was reportedly (partially?) taken over by a company called the Privacy One Group, which is in turn owned by a company called System1. We found this quite remarkable as the two companies seem to have conflicting business models. Startpage has been known for basing their advertisements on what their users enter in their search bar. System1 on the other hand, is a pay-per-click advertising company that "has developed a pre-targeting platform that identifies and unlocks  consumer intent across channels including social, native, email, search,  market research and lead generation rather than relying solely on what  consumers enter into search boxes."

We reached out to System1 CEO Ian Weingarten for an explanation. We received a very general response that did not address key questions.

Seemingly prompted by our ongoing concerns, Startpage released a public letter addressed to us from their CEO, and hosted a Q&A on their Subreddit to try and explain the situation. While some of our questions were answered, we noted that the company seemed to be evasive, essentially restating information from a previously published blog post or posting the same response to different questions. People had to really dig to get answers and puzzle all information together, instead of getting a clearly explained and comprehensive answer from the start. Requests for clarification to some important questions went ignored.

Because of the conflicting business model and the unusual way the company reacted, claiming to be fully transparent but being evasive at the same time, we have no choice but to de-list Startpage from our recommendations until it is fully transparent about its new ownership and data processing. Remaining questions include:

• The % of Startpage and Surfboard Holding B.V. (the Startpage holding company) System1 acquired in December 2018.
• The current % ownership by System1 at the time of the audit (and any other major owners).
• Information about Privacy One Group Ltd. Where is it registered and in what city, state and country does it operate? (We have not been able to verify registration information.)
• A diagram of data flows, including flows to outside organizations, like System1, Privacy One etc.

This de-listing does not necessarily mean Startpage is violating its privacy policy. We have no evidence of that. But because there are still so many unanswered questions, we can no longer recommend the service with good confidence. If Startpage aims to be re-considered, they will have to answer the questions above, preferably along with an explanation of why it took them so long to get proper answers out to the public.

Sincerely,
Blacklight447
Editor-in-Chief, PrivacyTools

Mozilla Firefox is one of the most popular web browsers around, and for good reason. It's fast, secure, open-source, and it's backed by an organization that actually respects your privacy. Unlike many other Chrome alternatives and forks, it has a massive development team behind it that publishes new updates on a constant, regular basis. Regular updates doesn't only mean shiny new features, it means you'll also receive security updates that will keep you protected as you browse the web.

Because of all of this, we recommend Firefox as our general-purpose browser for most users. It's the best alternative to Chrome and Edge for privacy conscious individuals.

Firefox is fantastic out of the box, but where it really shines is customizability. By adjusting Firefox privacy settings and using helpful add-ons, you can increase your privacy and security even further. Making those changes is what we're going to go over in this Firefox privacy guide.

Before we get started, there's a couple things that should be noted that are not only applicable to this guide, but privacy in general:

Considerations

Protecting your privacy online is a tricky proposition, there are so many factors to take into consideration on an individual basis for any one guide or site to cover comprehensively. You will need to take into account things like threat modeling and your general preferences before making any changes or following any recommendations.

Threat Modeling

What is threat modeling? Consider who you're trying to keep your data hidden from. Do you need to keep your information hidden from the government, or just the average stranger? Maybe you are just looking to alternatives to Big Tech like Google and Facebook. You'll also want to consider how much time and resources you want to spend hiding your data from those "threats". Some solutions might not be feasible from a financial or time standpoint and you'll have to make compromises. Taking all those questions into account creates a basic threat model for you to work with.

We want to publish a more complete guide on threat modeling in the future, so stay tuned to this blog for further updates. But for now, just keep those thoughts in the back of your mind as we go through this article. Not every solution might be for you, or conversely you may need to pay more attention to certain areas we aren't able to cover completely.

Browser Fingerprinting

Another consideration is your browser's fingerprint. When you visit a web page, your browser voluntarily sends information about its configuration, such as available fonts, browser type, and add-ons. If this combination of information is unique, it may be possible to identify and track you without using more common tracking tools, like cookies.

That's right, add-ons contribute to your fingerprint. Another thing a lot of people miss when they are setting up their browser is that more is not always the best solution to their problems. You don't need to use every add-on and tweak we recommend installed, and the more you configure the greater chance there is that your browser will appear more unique to websites. Think about your specific situation and pick and choose the add-ons and tweaks we recommend only if you think they will help you.

Firefox Privacy Settings

We'll start off with the easy solutions. Firefox has a number of privacy settings built in, no add-ons necessary! Open your Options page (Preferences on macOS) and we'll go through them one at a time.

DNS over HTTPS

DNS (or the Domain Name System) is what your browser uses to turn domain names like privacytools.io into IP addresses like 145.239.169.56. Because computers can only make connections to IP addresses, it's necessary to use DNS every time you visit a new domain. But DNS is unencrypted by default, that means everyone on your network (including your ISP) can view what domains you're looking up, and in some situations even change the IP answers to redirect you to their own websites! Encrypting your DNS traffic can shield your queries and add some additional protection to your browsing.

Encrypted DNS takes many forms: DNS over HTTPS (DoH), DNS over TLS, DNSCrypt, etc., but they all accomplish the same thing. They keep your DNS queries private from your ISP, and they make sure they aren't tampered with in transit between your DNS provider. Fortunately, Firefox recently added native DoH support to the browser. On the General page of your preferences, scroll down to and open Network Settings. At the bottom of the window you will be able to select "Enable DNS over HTTPS" and choose a provider:

Keep in mind that by using DoH you're sending all your queries to a single provider, probably Cloudflare unless you choose another provider that supports DNS over HTTPS. While it may add some privacy protection from your ISP, you're only shifting that trust to the DoH provider. Make sure that's something you want to do.

It should also be noted that even with DoH, your ISP will still be able to see what domain you're connecting to because of a technology called Server Name Indication (SNI). Until SNI is encrypted as well, there's no getting around it. Encrypted SNI (eSNI) is in the works — and can actually be enabled on Firefox today — but it only works with a small number of servers, mainly ones operated by Cloudflare, so its use is limited currently. Therefore, while DoH provides some additional privacy and integrity protections, its use as a privacy tool is limited until other supplemental tools like eSNI and DNSSEC are finalized and implemented.

Change Your Search Engine

This is an easy one. In the Search tab, change your Default Search Engine to something other than Google.

Out of the built-in options, DuckDuckGo is the most privacy respecting service, but there's a number of search engines we would recommend that can be easily installed as well.

Enhanced Tracking Protection

Now we'll delve into the biggest set of options for people like us, Firefox's Privacy & Security tab. First up is their Enhanced Tracking Protection. This set of filters is set to Standard by default, but we'll want to change it to Strict for more comprehensive coverage.

In rare occasions, Strict browsing protections might cause some of the websites you visit to not function properly. But there's no need to worry! If you suspect the Strict browsing protection is breaking a website you visit frequently, you can disable it on a site by site basis with the shield icon in the address bar.

Disabling Enhanced Tracking Protection will of course decrease your privacy on that site, so you will have consider whether that's something you are willing to compromise on, on a site-by-site basis.

Another benefit of Firefox's Enhanced Tracking Protection is that it can actually speed up your browsing! Advertising networks and social media embeds can sometimes make your browser download huge files just to show an ad or a like button, and blocking those out trims the fat, in a sense.

Disabling Telemetrics

When you use Firefox, Mozilla collects information about what you do, what kind of extensions you have installed, and various other aspects of your browser. While they claim to do this in a privacy-respecting way, sending as little data as possible is always preferred from a privacy standpoint, so we would go ahead and uncheck all the boxes under Firefox Data Collection and Use just to be safe.

Clearing Cookies and Site Data

This one is for more advanced users, so if you don't understand what this is doing you can skip this section. Firefox provides the option to delete all your cookies and site data every time Firefox is closed. Cookies and site data are little pieces of information sites store in your browser, and they have a myriad of uses. They are used for things like keeping you logged in and saving your website preferences, but they also can be used to track you across different websites. By deleting your cookies regularly, your browser will appear clean to websites, making you harder to track.

This will likely log you out of websites quite often, so make sure that's an inconvenience you're willing to put up with for enhanced privacy.

Firefox Privacy Add-ons

Of course, just the browser settings alone won't go quite far enough to protect your privacy. Mozilla has made a lot of compromises in order to provide a more functional browsing experience for the average user, which is completely understandable. But, we can take it even further with some browser add-ons that prevent tracking and make your experience more private and secure.

We recommend a number of fantastic add-ons for Firefox, nine at the time of writing, but they aren't all necessary for everyone. Some of them provide redundant functionality to each other, and some of them accomplish similar tasks to the settings we've enabled above.

When you are installing add-ons for Firefox, consider whether you actually need them for your personal browsing. Remember that fingerprinting warning from earlier? Adding as many extensions as possible might make you stand out more, which is not the goal.

Keeping all that in mind, there are three add-ons I would consider necessary for virtually every user:

• uBlock Origin
• HTTPS Everywhere
• Decentraleyes

Out of the box, these add-ons only complement the settings we've described in this article already, and they have sane defaults that won't break the sites you visit.

uBlock Origin

uBlock Origin is an efficient ad- and tracker-blocker that is easy on memory, and yet can load and enforce thousands more filters than competing blockers. We trust it because it is completely open-source. Additionally, unlike its competitors it has no monetization strategy: There's no "Acceptable" ads program or a similar whitelist like many other adblockers feature.

HTTPS Everywhere

HTTPS is the secure, encrypted version of HTTP. When you see an address starting with https:// along with the padlock in your browser's address bar, you know that your connection to the website is completely secure. This is of course important when you're logging into websites and sending your passwords and emails in a form. But it also prevents people on your network and your ISP from snooping in on what you're reading, or changing the contents of an unencrypted webpage to whatever they want.

Therefore, HTTPS Everywhere is a must-have extension, all it does is upgrade your HTTP connections to HTTPS wherever possible. And because it works silently in the background, you probably will never notice it! We trust HTTPS Everywhere because it is completely open-source, and is developed by the Electronic Frontier Foundation, a non-profit dedicated to private and secure technologies.

Of course, it only works with sites that support HTTPS on the server's side, so you'll still need to keep an eye on your address bar to make sure you're securely connected. But fortunately more and more websites have implemented HTTPS thanks to the advent of free certificates from organizations like Let's Encrypt.

Decentraleyes

When you connect to many websites, your browser is most likely making connections to a myriad of "Content Delivery Networks" like Google Fonts, Akamai, and Cloudflare, to download fonts and Javascript that make the website run. This generally makes websites look and feel better, but it means you're constantly making connections to these servers, allowing them to build a fairly accurate tracking profile of you.

Decentraleyes works by impersonating those CDNs locally in your browser. When a website wants to download a program like jQuery, instead of connecting to a remote CDN Decentraleyes will serve the file from its own cache of files. This means that you'll won't have to make remote CDN connections for the files that Decentraleyes supports, and therefore the remote CDNs can't track your browser. Because everything is stored locally instead of on a far away server, Decentraleyes has the added benefit of speeding up your browsing as well. Everything happens instantly, and you won't see a difference in the websites you visit.

Additional Firefox Privacy Add-ons

There is of course more functionality that can be achieved at the expense of more time spent configuring your browser and reduced website functionality. If you're looking for the most privacy options possible however, they may be for you. Check out our page on Browser add-ons at privacytools.io for further information and additional resources.

More Privacy Functionality

Firefox has developed a number of other privacy tools that can be used to enhance your privacy or security. They may be worth looking into, but they have some drawbacks that would prevent me from recommending them outright.

Firefox Private Network

Firefox Private Network is a new extension developed by Mozilla that serves as a Virtual Private Network (VPN), securing you on public WiFi networks and other situations where you might trust Mozilla more than the ISP or network administrator. It is free in beta, but will likely be available at some subscription pricing once the test pilot ends.

Firefox Private Network is still just a VPN, and there are a number of drawbacks you would want to consider before using it. We wrote an entire article on choosing a VPN provider that is worth a read, but it boils down to the fact that your VPN provider will be able to see your web traffic. All you are accomplishing is shifting the trust from your network to the VPN provider, in this case Cloudflare, the operators behind this service.

Additionally, unlike a traditional VPN, only data through the Firefox browser is protected, not every app on your machine. This means that it won't adequately protect you from many of the threats people typically want to protect against when they use a VPN, like IP leaks.

And finally, Cloudflare and Mozilla are both US companies. There are a number of concerns with entrusting internet traffic to the US and other fourteen eyes countries that should not be overlooked.

If you require a Virtual Private Network, we would look elsewhere. There are a number of recommended providers like Mullvad that will provide a better experience at a low cost.

Multi-Account Containers

Mozilla has an in-house add-on called Multi-Account Containers that allows you to isolate websites from each other. For example, you could have Facebook in a container separate from your other browsing. In this situation, Facebook would only be able to set cookies with your profile on sites within the container, keeping your other browsing protected.

A containers setup may be a good alternative to techniques like regularly deleting cookies, but requires a lot of manual intervention to setup and maintain. If you want complete control of what websites can do in your browser, it's definitely worth looking into, but we wouldn't call it a necessary addition by any means.

Additional Resources

Web Browsers at PrivacyTools — Our comprehensive set of recommendations for browsers and tweaks you can make to enhance your privacy is a great next step for more advanced users looking to protect their privacy online.

arkenfox user.js — For more advanced users, the arkenfox user.js  is a "configuration file that can control hundreds of Firefox settings [...] which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage".

Mozilla's Privacy Policy — Of course, we always recommend reading through the privacy statement of any organization you deal with, and Mozilla is no exception.

Firefox Privacy Summary

In conclusion, we believe that Firefox is the most promising browser for privacy-conscious individuals. The non-profit behind it seems truly dedicated to promoting user control and privacy, and the good defaults coupled with the sheer customizability of the browser allow you to truly protect your information when you browse the web.

For more Firefox privacy-related information, or for recommendations for non-desktop platforms, give our full page on web browsers a read.

So you know what a VPN is, but there are so many options to choose from! Well before we dive into this, let's get one thing off the bat:

Avoid Free VPNs

Privacy-respecting VPNs can provide their service because you pay them for it. Free VPNs are worse than your ISP when it comes to respecting your privacy, because selling your data is the only way they can make money, whereas an ISP is primarily paid for by you.

If you’re not paying for it, you’re the product.

This isn't to say all paid VPNs automatically become trustworthy, far from it. In fact many paid VPN providers have been known to or suspected to have sold their users' data or have done some otherwise shady things with it. Always completely evaluate the VPN provider you choose, rather than just take theirs or anyone else's word for it. The main takeaway here is that it is impossible to provide a service like a VPN — which requires servers, bandwidth, time, and energy to maintain — for free for thousands of users, without having some sort of other monetization model.

Choosing a VPN

Alright, now we can get into it. The first thing we need to decide is why exactly you need a VPN. Most people will fall into the following two camps:

1. Avoiding Geographical Restrictions

Maybe you want to watch BBC online, possibly avoid creeps at cafés, but don’t really care about your VPN logging your traffic — just like your ISP does.

Therefore: You want a VPN with servers in countries like US, UK — basically where services like Netflix work. (Tip: Netflix is continually banning VPNs, so be sure to use one that isn’t blocked. You might want to look into the r/NetflixViaVPN Subreddit for help with this one).

2. Maximizing Your Privacy Online

Being privacytools.io, this is the big one for us. If you really care about your privacy, you'll want to look for a provider that at the very least does the following:

• Supports modern technologies like OpenVPN or WireGuard.
• Accepts anonymous payments like cash, gift cards, or cryptocurrencies.
• Provides strong, future-proof encryption for their connections.
• And, is public about their leadership and ownership.

These 4 points should always be considered when you're evaluating a VPN provider. Additionally, note what jurisdiction the provider is incorporated in, and where their servers are located. This is probably the most important factor to consider, and also the most time-consuming, as privacy laws in various countries vary wildly.

Let me explain what these points mean exactly in more detail, so you know what to look for.

Modern Technology

You should be able to connect to your VPN with any OpenVPN client. L2TP, PPTP, and IPSec are all insecure technologies that should not be used. A new technology called WireGuard looks very promising, but is still in active development and not recommended for use.

While we're looking at technology, take a look at whether your provider has their own client for you to download and connect with. These applications usually make using your VPN a lot simpler, and sometimes safer. If they do, ask the following questions:

• Is this client open-source? Having an open-source client is important because it allows you or anyone else to audit the code and see exactly what's happening. Closed source clients are essentially a black box you'd be putting all your data into, not the best idea!
• Does the client have a killswitch? Not many generic OpenVPN clients come with this functionality, but many custom VPN clients will. A killswitch option allows you to completely disable your internet connection when the VPN is disconnected. This will make sure that you don't accidentally connect to the internet with your ISP's connection.

Anonymous Payments

This one's an easy one. Take a look at how you're able to pay for your provider's subscription. Some providers will take cash in the mail as payment, a great way to pay without leaving a digital money trail. Others will allow you to pay with gift cards from major retailers like Amazon, Target, and Wal-Mart (which you can hopefully obtain anonymously with cash, replacing the mail middleman from before). Still others will accept various cryptocurrencies.

If not leaving a money trail is important, you'll want to make sure you aren't paying with something linked to you financially, like a credit or debit card, or PayPal. If your provider doesn't accept the payment forms above, you aren't entirely out of luck however. You can still use a prepaid debit card to pay for things as anonymously as possible. But consider: If your provider isn't dedicated to making easy, anonymous payment alternatives available to you, how focused are they on your privacy?

Strong Security

Most providers using OpenVPN will also be using strong encryption methods, but still make sure you double-check before choosing a provider. What you'll want to look for from your provider at a minimum is:

• RSA-2048 encryption. Ideally, they should support RSA-4096 connections, for maximum security.
• Perfect Forward Secrecy (PFS). This technology makes each VPN session use a different key every time, so that if an attacker manages to decrypt one of your connections, they won't also be able to see all your other data.

In addition, look into whether your provider has ever had their security practices audited by an independent third-party. For example, TunnelBear publishes yearly audits of their entire service, or — the privacytools.io recommended VPN — Mullvad, which has published a comprehensive security audit of their client applications.

Independent audits are important because, while ultimately the actual security of the service will come down to trusting the providers, a successful security audit demonstrates that the provider at least has the capability to provide you with a secure connection, instead of just taking their claims at face value.

Public Trust

You want to remain private, but your provider shouldn't. If your provider is hiding their ownership information and their leadership from you behind some Panamanian shell company, what other business practices might they be hiding?

You wouldn't trust your finances to someone with a fake identity, so why trust them with your internet data?

Find out where your choice is incorporated. Who owns it? What other companies have their executives worked for?

Frequent transparency reports are a huge plus too. They should publish information related to government requests, so you know what their responses look like. All VPN providers will need to respond to legitimate legal requests, but does your choice reject or counter as many as possible?

So what next?

If you're currently using a commercial VPN, use this information to evaluate their business. Do they seem trustworthy?

At privacytools.io we've evaluated a huge number of VPN providers along similar criteria to these. In our opinion, as of October 2019, Mullvad leads the pack with respect to all these criteria, with IVPN and ProtonVPN falling just slightly behind but catching up quickly. There are still a huge number of providers out there however. The way to find the best solution for you, is by researching providers with your criteria in mind.

Join the discussion on our forum below, and chat with our community about any questions you have or any interesting things you discover.

Please note that we are not affiliated with or receive financial compensation from any commercial VPN providers. A lot of VPN providers engage in questionable affiliate marketing strategies which generates a lot of misinformation on VPNs in general online. At privacytools.io we are trying to make guides and recommendations based on objective research and criteria. Join our forum to get involved!

A VPN—or Virtual Private Network—is a tool that secures your internet connection from attackers on your network. Before I explain how that all works, let's talk about the internet without them.

Your Internet Service Provider (ISP) can see everything you do online. Well, nearly everything: When websites use HTTPS (or TLS, or SSL. these terms are often used interchangeably when referring to website encryption), indicated by the padlock in your web browser, your ISP cannot see exactly what you're doing on the website. So, they usually can't see what specific pages you look at or what you type in to forms. However, they can still see what websites you're visiting (domains and IP addresses).

That sounds bad, right? But that’s not even the worst part! (I know, right?) Not only can your ISP see what you’re doing online, they can (and do) insert ads into websites, sell your browsing history (which is now legal in the US), restrict access to some websites, and do other awful stuff, because they have complete control over your Internet connection.

Furthermore, this doesn't only happen at your home. Every network you connect to—your cellular network, your Wi-Fi at work, the internet at Starbucks—has their own ISP that will be able to read your data.

Fortunately, more and more websites are beginning to use HTTPS, thanks to free certificates from Let's Encrypt and Cloudflare. But many sites still don't (at least by default), and even HTTPS doesn't solve the problem that your ISP can see the websites you're visiting.

How VPNs can protect us

Luckily, you can hide all this information from your ISP using a VPN. Instead of letting your ISP see all the websites you visit, VPNs only let them see that you are connected (using an encrypted connection) to the VPN provider's servers.

Basically, instead of connecting directly to the Internet, you connect to one of your VPN providers’ servers, which connects you to the Internet.

So, you <----> Internet becomes you <----> VPN <----> Internet and your ISP can only see the you <----> VPN part.

More ways VPNs can protect us

So VPNs are pretty handy, but hiding your traffic from your ISP isn't the only advantage a VPN provides.

Did you know that if you’re on a public Wi-Fi network, anyone connected to the same network can see as much as your ISP can? Obviously, this isn’t an issue at home, unless you have very creepy neighbors and an open Wi-Fi network. However, it is a problem in public places with Wi-Fi, such as cafés.

Because your connection to the VPN is encrypted and it’s the only active connection on your device, that creepy guy with the laptop sitting in the corner is no longer a threat to your Internet connection. Like the ISP, the only thing he'd be able to see is that single connection to your VPN.

So, is that all? Not yet. There’s still one big advantage. Websites  that you’re connected to can see this (usually) near-unique identifier called an IP address. But when you use a VPN the websites don’t see your IP address, they see one of the VPN server's IP addresses.

This also provides an added side-benefit: Most VPN providers have servers in many countries, thus you can make it appear to websites as if you’re browsing from a completely different country (which apart from privacy is useful due to some content and services being available only to specific regions, like Netflix and Hulu).

But even if you use a different IP address than your “normal” one,  isn’t it still personally identifiable? Nope. Many people use the same  server, letting the websites you visit see only that you’re using the  same VPN as many other people.

Drawbacks of a VPN

But VPNs aren't all powerful tools to protect your privacy. In fact, there are a number of glaring issues that should not be overlooked when making the decision to use one.

Most importantly, using a VPN only shifts the power to view your traffic from your ISP to the VPN provider itself. That means that all the traffic your ISP used to be able to see, your VPN provider will still be able to. Therefore, choosing a trustworthy VPN is important. Many will be able to find a provider that they can trust more than their ISP, but some may not.

Using a commercial VPN provider is almost like entrusting your data to a black box. There are no ways to verify claims like "no logging", you just need to take them at their word. Some providers will work harder than others to validate their claims for you—by releasing audits of their policies and code for example—, but at the end of the day it ultimately comes down to trust.

Finally, using a VPN will not make you anonymous in any way. Your VPN provider or especially dedicated attackers will be able to trace a connection back to you fairly trivially. Your VPN provider will also likely have a money trail leading back to you.

So what?

If you're looking for perfect anonymity, there are better options. Software like the Tor Browser provides privacy and anonymity by design, whereas VPNs provide privacy based on trust alone. You cannot rely on "no logging" claims to protect you.

If you just need protection on a public Wi-Fi network, from your ISP, or just from copyright warnings in the mail, a VPN might be the solution for you.

The VPN Providers page on privacytools.io lists recommendations and reasonings for privacy-respecting and trustworthy VPN providers.

Wondering what exactly makes a VPN choice good or bad? We've published a guide on some of the criteria we use to evaluate VPN providers. Looking into the details of any VPN provider you choose will help you make a more fully informed decision about who you trust your internet traffic to.

Please note that we are not affiliated with or receive financial compensation from any commercial VPN providers. A lot of VPN providers engage in questionable affiliate marketing strategies which generates a lot of misinformation on VPNs in general online. At privacytools.io we are trying to make guides and recommendations based on objective research and criteria. Join our forum to get involved!

DNSCloak is an open-source DNSCrypt and DNS over HTTPS (DoH) client for iOS, which gives users the ability to encrypt their DNS requests through the use of an on-device VPN profile.

While highly configurable, its user interface can be unintuitive to less tech-savvy users and doesn't easily allow users to add custom DoH resolvers, apart from the default "public-resolvers" list that the DNSCrypt project provides.

Before diving in, it's important to understand that while there is a lot of nuance to DNSCrypt and DoH, these two DNS protocols essentially achieve the same goals: They both provide users with the ability to encrypt all DNS traffic to the users' desired upstream provider(s), while preventing DNS hijacking, spoofing, and eavesdropping by 3rd parties.

The development of these DNS protocols is exciting. However, unlike Android 9 which has built-in support for DNS over TLS (another protocol with similar goals), iOS unfortunately does not allow users to easily enable any form of encrypted DNS (but may in the future). Thus, DNSCloak fills the gap for iOS users to start benefitting from these protocols today.

This guide will walk you through setting up DNSCloak to connect to any public resolver that supports DoH.

Adding a Custom Resolver

DNSCloak provides a "Config Editor" which allows you to "override or add any dnscrypt-proxy option."

You can learn more about the various configuration options from the example configuration file in dnscrypt-proxy's code repository. But, if you scroll all the way to the bottom you'll find a [static.'myserver'] section along with a stamp property. This stamp is for adding your resolver's DNS stamp, an encoded string that contains all the required information needed to connect to an encrypted DNS resolver. You can think about stamps as QR code, but for DNS.

Generating a Stamp

Some providers will provide you with a DNS stamp pre-made for you. If your provider does this, great! You can skip ahead to the next section. At the time of writing this post, CZ.NIC is the only provider listed on privacytools.io that doesn't provide their users with a DNS stamp for their DoH resolver on their website, making adoption a bit more difficult. Thankfully however, we can create a DNS stamp ourselves.

To generate a DNS stamp, DNSCrypt hosts a DNS stamp calculator (which you can also download, compile, and run offline) that we can fill out with the information from our DNS provider. We'll be using CZ.NIC's information as an example to generate our stamp.

We will need to know three things about the DoH resolver you choose:

1. IP address
2. Host name
3. Path

Browse to CZ.NIC's webpage—there is an English language option at the top of the page—and scroll down to "How to turn on DNS-over-HTTPS (DoH)" and note the URL (in this case, https://odvr.nic.cz/doh).

Next, find the IPv4 addresses of the DoH resolver in any of the Windows, macOS, or Linux setup sections, and copy one of them (in this case, 193.17.47.1 or 185.43.135.1).

Now we can paste what we’ve gathered into the stamp calculator:

• IP address: 193.17.47.1
• Host name: odvr.nic.cz
• Path: /doh

We’ll find that the DNS stamp is sdns://AgMAAAAAAAAACzE5My4xNy40Ny4xAAtvZHZyLm5pYy5jegQvZG9o.

Adding Resolvers to DNSCloak

Now that we have a DNS stamp generated, we can copy and paste our new configuration into the bottom of DNSCloak’s Config Editor, like so:

[static.'CZ.NIC-193.17.47.1']
stamp = 'sdns://AgMAAAAAAAAACzE5My4xNy40Ny4xAAtvZHZyLm5pYy5jegQvZG9o'

Select the checkmark icon in the top right corner to save your configuration, and it should be good to go!

Get connected, and we can finally validate DNSCloak is working as expected by visiting DNSLeakTest.com:

Adding Cloudflare’s Resolver for Firefox

Another public DoH resolver that we may want to use is Cloudflare’s public resolver for Firefoxwhich has a stricter logging policy than Cloudflare’s default resolver.

We can generate a stamp with this information:

• IP address: 1.1.1.1
• Host name: mozilla.cloudflare-dns.com
• Path: /dns-query

You can now paste the following stamp we generated into DNSCloak’s Config Editor and start using the resolver.

[static.'Cloudflare Resolver for Firefox']
stamp = 'sdns://AgUAAAAAAAAABzEuMS4xLjEAGm1vemlsbGEuY2xvdWRmbGFyZS1kbnMuY29tCi9kbnMtcXVlcnk'

Summary

Keep in mind that encrypted DNS won’t hide the host name (for example, blog.privacytools.io) of the sites you visit from your ISP due to SNI*.

If you’re looking for anonymity, you should use Tor Project’s Onion Browser (but be aware of its limitations). On the other hand, if you simply want to hide your browsing history from your ISP, you should look into self-hosting a VPN with Outline or using WireGuard (if supported) or Passepartoutwith a VPN provider you are willing to trust with your browsing history instead.

But for additional security and increased privacy from 3rd parties, encrypted DNS is a great place to start.

* At the time of this post, encrypted SNI is available for testing only in Firefox Nightly, and will hopefully become integrated with other browsers and platforms in the near future.

Outline is a suite of open-source software developed for journalists to safely access their network and the internet while traveling in countries where their activities may be monitored or censored. Despite this, the Outline platform is ideal for a wide range of users, especially less technical users, and users in censored countries like China who may have little to no knowledge about how VPNs or proxies work. Outline consists of two parts, the Outline Manager and Outline Clients. The Outline Manager is a tool you can use to easily setup remote Outline Servers on your own machines with very little technical skills. The Outline Clients in turn can connect to Outline Servers you configure, to keep your traffic secured.

Technically, Outline is not a true VPN. Rather it uses an open-source SOCKS5 proxy called Shadowsocks which is “designed to protect your Internet traffic”. The Outline client applications however make use of the VPN capabilities of your operating system to send all your traffic through your Outline Server, with no need to configure each application to use the proxy. Thus for most users and most use-cases, there’s no difference in functionality between using a normal VPN and an Outline server.

Shadowsocks has the benefit of being far more lightweight than OpenVPN, and it is much more optimized for mobile devices, as it does not require any keep-alive connections. It has existed since 2012 and it is widely used in China due to its censorship-resistant functionality: It is very difficult or impossible to detect and block Shadowsocks traffic automatically.

Please note that like any VPN, Outline/Shadowsocks cannot provide nearly the same degree of anonymity as projects like Tor. The primary use-case of Outline and VPNs in general is to keep your traffic hidden from malicious Internet Service Providers and nation-wide mass surveillance. It’s a great solution for protecting your data on public wifi networks, but if you want to stay hidden from attackers targeting you, there’s better tools for the job elsewhere.

Outline is developed by Jigsaw, which is a subsidiary of Alphabet Inc (Google). It is important to note that neither Jigsaw nor Google can see your internet traffic when using Outline, because you will be installing the actual Outline Server on your own machine, not Google’s. Outline is completely open source and was audited in 2017 by Radically Open Security and in 2018 by Cure53, and both security firms supported Jigsaw’s security claims. For more information on the data Jigsaw is able to collect when using Outline, see their article on data collection.

Prerequisites

All you will need to complete this guide is a computer running Windows, macOS, or Linux. You will also need to know some basic commands: How to SSH in to a server you purchase. We will also assume you know how to purchase and set up a Linux server with SSH access, more info in Step 2.

Step 1 — Download & Install Outline Manager

Outline allows you to setup and configure your servers from an easy-to-use management console called Outline Manager, which can be downloaded from getoutline.org. It has binaries available for Windows, macOS, and Linux.

Simply download and install the Outline Manager application to your computer.

Note: getoutline.org is blocked in China and likely other countries, however you can download the releases directly from their GitHub page as well.

Step 2 — Choose a Server Provider

Outline has the ability to create servers on three different providers automatically: DigitalOcean, Google Cloud, and Amazon Web Services. In some situations, Google Cloud or AWS may be preferable, because they are less likely to be blocked by hostile ISPs/governments and will therefore allow you to more likely circumvent internet censorship. However, keep in mind that the server provider you choose—like any VPN provider—will have the technical ability to read your internet traffic. This is much less likely to happen when using a cloud provider versus a commercial VPN, which is why we recommend self-hosting, but it is still possible. Choose a provider you trust.

Additionally, keep in mind that many US-based cloud providers block all network traffic to and from countries sanctioned by the United States, including AWS and Google Cloud. Users in or visiting those countries may wish to find a Europe-based hosting provider to run their Outline Server on.

Another factor to consider is your provider’s network and latency. Choosing a server closer to you (geographically speaking) will give you better latency, and choosing a server with good bandwidth (>1 Gbps) will minimize the performance hit when using the VPN. Both factors are important to keeping a good browsing experience, but keep in mind using any VPN will always be slower than just your plain old internet connection.

Finally, if you want to go with DigitalOcean you can use my affiliate link to receive a $50 credit: https://m.do.co/c/fb6730f5bb99. That’s 10 months of free VPN hosting, at $5/month/server. Don’t feel obligated to use this link, but you’ll receive free credit, and if you spend $25 with DigitalOcean after using it I will get credited, which will enable me to continue writing guides like this! DigitalOcean has a great performing network in my personal experience, and in the experience of the Outline team it works well in regard to circumventing censorship: Not many IP addresses of theirs are blocked.

For this guide we are not going to use an automatic provider in Outline Manager, rather we will manually configure a Linux server. We are using Debian 10. Other distros may work as well, but you may need to install Docker manually.

Step 3 — Configure Your Server

First, we need to update our system and install curl. Connect to your server via SSH and enter the following commands:

sudo apt update
sudo apt upgrade
sudo apt install curl

Next open Outline Manager on your local machine and you should be given 4 options to configure a server. Select the “Set Up” button under the “Advanced, Set up Outline anywhere” option.

Outline will give you a string to paste. More technical users can view the script that line runs in a browser to validate exactly what is being run and installed on your server, but we have examined the script and have seen no alarming commands.

Connect to your server over SSH and paste the code from above in the Outline Manager box into the Terminal. The process will take a minute or two and will ask you a couple questions. You can just press enter to accept the default configuration whenever it asks.

After it completes, it will give you a long line starting with {"apiUrl" (depending on your Terminal’s color support it will appear as green). Copy that line, and paste it in the second box back in Outline Manager. Then, click “Done”.

Step 4 — Connect Your Devices

Download the Outline app on the device you want to connect. Outline has applications for the following operating systems:

• Android
• iOS
• Windows
• macOS
• Chrome OS
• Linux

You should also be able to use any Shadowsocks client, including alternative clients for each operating system and a client for OpenWRT routers. And like with the Manager, you can download Outline releases from their GitHub page as well.

Back in Outline Manager, select your server in the sidebar. On the far right side of “My access key” there is an icon of a laptop and phone. Click that icon, and select “Connect This Device” in the popup window. It will give you a string to copy, starting with ss://. Simply paste that string into the configuration of any Shadowsocks client to add your server!

Once you add your server, that’s it! In the Outline clients it’s just a matter of pressing “Connect”, and all your traffic will be proxied through your server! You can use this connection to keep your traffic safe when you’re on public WiFi networks, or just to keep your browsing hidden from your ISP.

Conclusion

That should be all you need to get your very own VPN up and running! Do not share your access key with anyone, this is the key starting with ss://. If you want to grant other users access to your server, click “Add a new key” in Outline Manager and give them a new, unique key. If you share a key, anyone with knowledge of that key will be able to see all the traffic of anyone else using the key. It should go without saying, but don’t send people keys over unencrypted channels: No Facebook Messenger, no emails. Stick with Signal, Wire, or Briar if you don’t have a secure app already.

With Outline, there is no need to worry about the security of your server. Everything is set to automatically update with no intervention required! Another thing to note: The port on your Outline server is randomly generated. This is so the port can’t be easily blocked by nation/ISP level censors, however, this VPN may not function on some networks that only allow access to port 80/443, or on servers that only allow traffic on certain ports. These are edge-cases, but something to keep in mind, and if they apply you may need to look for more technical options.