Photograph via snooOG

Privacy in the digital age

Dedicated to the intersection of technology, privacy, and freedom in the digital world.

"I don't have anything to hide but I don't have anything I want to show you either" - @CryptopartyBLN

"Privacy is not a sign of wrongdoing. Privacy is a sign of freedom." - /u/blackhawk_12

Subreddit Rules and Wiki

(updated 2023-04-27)

Before posting in /r/privacy, read the Sidebar Rules.

Enjoy our Wiki! It has all sorts of nifty advice and explains most topics you’re interested in if you’re reading this.

Related Subreddits:


Consider donating to one of the organizations that fight for your rights.

Org Name
ACLU American Civil Liberties Union
EFF Electronic Frontier Foundation
EPIC Electronic Privacy Information Center
EDRi European Digital Rights
FSF Free Software Foundation
ORG Open Rights Group
Tor Tor
Torservers High bandwidth Tor exit nodes
Privacy International Building the global movement for the protection of privacy.


1,332,730 Subscribers


Is Edison Mail safe?

I use it for my email because it is SO convenient at everything and the UI is amazing but I am just concerned about privacy.

Every other app I used has not worked remotely as well.

Thank you

22:16 UTC


Is this a misuse of the term "end-to-end encryption"?

Total noob to encryption here looking for clarification. I'm looking into cloud-based file sharing and while one website advertises their product as "End-to-end encrypted" saying this:

End-to-end encryption: Storage encryption, encrypted communication and encryption during uploads and downloads

The actual security overview has this to say on encryption (software name replaced with XXX):

Data Encryption

SSL connections and client-specific keys create a safe connection between client and server.
XXX always encrypts any transferred, stored, or processed customer data according to the best
standards. XXX has both Encryption in Transit and full encryption at REST for S3 buckets, RDS
database and ElasticSearch index. Our TLS/SSL connections ensure reliable encryption of all data that enters XXX’s servers from the Internet. We use AES-256 encryption to encrypt all the data being
stored in XXX.

I've read a lot of encryption overviews and I've seen SSL and AES-256, and AWS in all of them (not even sure what these mean), but I'm sure all of these places (i.e. Notion, Google Drive, etc) are not end-to-end encrypted. Am I missing something in the definition of end-to-end encryption?

21:59 UTC


So the privacy nightmare gets worse not only were the govs asking for push notification data but they were also asking for traffic log data known as Netflow and DPI data from ISPs using NSLs and reverse geofence orders to bypass IP hiding services

This topic has been covered in the media a bunch of times before as well: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru



And even


But they don't just buy access to ISP traffic logs what a lot of these journalists don't discuss is they can legally compell ISPs using NSLs court orders basic reverse geofence warrants to get access to this data.

This is arguably ten times worse then push notifications because this completely invalidates the point of all of these anonymizations services. That means all those Nordic commercials was complete nonsense never helped anyone despite all those YouTubers sponsoring then about their only relevant purpose was for watching movies from other countries and maybe discounts by getting different country rates. They never helped when it came to privacy.

It's also annoying how much privacy sub censors so many words had to repost this thread like 10 different times because the filters are so strict.

So anyways I also asked about this topic over in the network sub and the admins locked the thread because they can't even legally discuss this topic talk about living in a dictatorship! some of the ISP guys even acknowledged there gag ordered but that they essentially do disclose this type of data to governments. Very disturbing all around.

21:06 UTC


What are your thoughts about Bluesky? (Ex Twitter)

I've just found out that even exists. There's "invite code only" Sign up, seems like a easy way to link users right from the scratch.

Any thoughts about this? It's the new Diaspora or just a new comeback of Twitter?

20:39 UTC


TikTok hearing Discord VC convos

I know TikTok gathers info from lots of sources on my phone much like other apps, but twice I’ve found it to give me an ad based on words spoken during conversations I’ve had on Discord voice chat just before opening the app. These terms were organic — not something I’d researched anywhere. I believe it hears those conversations.

My question is does anyone know if I swipe up on the app on iPhone (close it, I guess) will that prevent it from gathering data?

For that matter, if I have only TikTok open when using it and then close it before opening other apps, does that prevent extra info being transmitted?

Camera, microphone, and background app refresh are turned off.


1 Comment
20:28 UTC


What's a mobile browser for Android that takes the least amount of space with no data collection or ads?

I basically want something that just gets on sites and nothing else

no music or videos no profiles no logins no customization

19:50 UTC


Old Android as Security Camera

I was looking to use Haven as a solution to use a few old android devices as security cameras. I can't seem to get them to connect to Orbot. Does anyone know a solution or a good alternative?

1 Comment
19:27 UTC


Twitter/Messenger tracking

Hello everyone,

Quick question. I have a messenger account and a twitter account that I use daily. Obviously I know about meta’s tracking but I heard that twitter is also tracking users activity and collecting lots of data. Is this true?
Also, do is there any actual benefit from deleting the apps and use them via browser?

19:19 UTC


What’s the latest with Philips forcing Hue users to create an account/share data?

I’m curious if the privacy community has any update on this topic, and if there are any recommended hacks or alternatives.

The Hue products are nice, but I’ll drop them tomorrow if they force me to share more data.

I keep getting notifications in the Hue app that I need to sign up for an account “soon”, or else.

19:11 UTC


Does anyone still use Google?

I've been concerned with my digital privacy for years and have used alternatives to Google services for a while. Firefox, DDG, Proton, etc (but still use Apple).

I recently decided to give Google's services a try again, namely Chrome, Drive, and Gmail, and damn they make some good products. The new Pixel line up sounds awesome (the software), and Gemini is blowing my mind.

For the first time in awhile, I'm considering moving back into Google's ecosystem. I love their tech, but the privacy issues have been keeping me from pulling the trigger.

Any privacy advocates out there still use Google products?

Would love to get the pulse of this sub on it and hear your opinions.

19:09 UTC


Hardened Firefox, seeking opinions on Little Snitch settings

We have Firefox with uBlock Origin, LocalCDN, CanvasBlocker, Containers and various settings in the about:config per Extreme Privacy.

We noticed some dysfunctional behavior from Firefox when trying to update. Upon Little Snitch inspection, we found an item:


There are site that have recommendations for blocking information to Mozilla, and MB mentions blocking Mozilla in the books. Doesn't this block Firefox's ability to do automatic updates? If you block access to Mozilla, and want to update Firefox, wouldn't that make you have to check the site manually, then download the new version to your desktop and update it manually?

1 Comment
19:05 UTC


Is Zoom still a problem?

I see there was a lot posted 3 years ago about Zoom. I am wondering if people are still concerned about them. Have they improved?

17:57 UTC


Cryptomator is absolute useless

Does it seem that way to me or is Cryptomator becoming increasingly unstable from version to version? I can't even use it without problems these days. Uploading files to my unlocked Cryptomator container on the cloud = system window freezes. Going to another folder while uploading = system window freezes. Constant crashes and bugs. Folders not always possible to delete, bugs that have not been fixed for years.

I'm all the more annoyed that I donated money to them.

17:51 UTC


Is there a way for me to know what app sent me an Authy code?

I got a text message from 288-49 giving me a verification code and I read online this is from Authy. I did not request this code, so I am worried someone is trying to access an account I own. The text doesn't say from what app it is. Apparently many companies use this verification service. I've used it in the past and got a few codes from that number already. Should I be alarmed? Any steps I should take to protect myself? Thanks

17:10 UTC


Have I been hacked?

Hi everyone, I just read an email from the 15th August (it was in spam folder) by someone claiming that they got access to my email account (one I don't use anymore) and installed trojans, so now they have all my info. I believe it's fake, but I wanted to post it here just to make sure, because this email was on haveibeenpwned some time ago, although I changed my password. This is the text:

"Hi there!

I regret to inform you about some sad news for you. Approximately a month or two ago I have succeeded to gain a total access to all your devices utilized for browsing internet. Moving forward, I have started observing your internet activities on continuous basis.

Go ahead and take a look at the sequence of events provided below for your reference: Initially I bought an exclusive access from hackers to a long list of email accounts (in today's world, that is really a common thing, which can arranged via internet). Evidently, it wasn't hard for me to proceed with logging in your email account (my account).

Within the same week, I moved on with installing a Trojan virus in Operating Systems for all devices that you use to login to email. Frankly speaking, it wasn't a challenging task for me at all (since you were kind enough to click some of the links in your inbox emails before). Yeah, geniuses are among us.

Because of this Trojan I am able to gain access to entire set of controllers in devices (e.g., your video camera, keyboard, microphone and others). As result, I effortlessly downloaded all data, as well as photos, web browsing history and other types of data to my servers. Moreover, I have access to all social networks accounts that you regularly use, including emails, including chat history, contacts list, messengers, etc. My unique virus is incessantly refreshing its signatures (due to control by a driver) and hence remains undetected by any type of antiviruses.

Hence, I guess by now you can already see the reason why I always remained undetected until this very letter...

During the process of compilation of all the materials associated with you, I also noticed that you are a huge supporter and regular user of websites hosting nasty adult content. Turns out to be, you really love visiting porn websites, as well as watching exciting videos and enduring unforgettable pleasures. As a matter of fact, I was not able to withstand the temptation, but to record certain nasty solo action with you in main role, and later produced a few videos exposing your masturbation and cumming scenes.

If until now you don't believe me, all I need is one-two mouse clicks to make all those videos with everyone you know, including your friends, colleagues, relatives and others. Moreover, I am able to upload all that video content online for everyone to see. I sincerely think, you certainly would not wish such incidents to take place, in view of the lustful things demonstrated in your commonly watched videos (you absolutely know what I mean by that) it will cause a huge adversity for you.

There is still a solution to this matter, and here is what you need to do: You make a transaction of $730 to my account (an equivalent in bitcoins, which recorded depending on the exchange rate at the date of funds transfer) hence upon receiving the transfer, I will immediately get rid of all those lustful videos without delay. After that we can make it look like there was nothing happening beforehand. Additionally, I can confirm that all the Trojan software is going to be disabled and erased from all devices that you use. You have nothing to worry about, because I keep my word at all times.

That is indeed a beneficial bargain that comes with a relatively reduced price, taking into consideration that your profile and traffic were under close monitoring during a long time frame. If you are still unclear regarding how to buy and perform transactions with bitcoins - everything is available online.

Below is my bitcoin wallet for your further reference: bc1qjm7r49v08d2l7634rdlx2f84ueruvcff4jql4k

All you have is 48 hours and the countdown begins once this email is opened (in other words 2 days).

The following list includes things you should remember and avoid doing: There's no point to try replying my email (since this email and return address were created inside your inbox). There's no point in calling police or any other types of security services either. Furthermore, don't you dare sharing this info with any of your friends. If I discover that (taking into consideration my skills, it will be really simple, because I control all your systems and continuously monitor them) your nasty clip will be shared with public straight away. There's no point in looking for me too - it won't result in any success. Transactions with cry(p)tocurrency are completely anonymous and untraceable. There's no point in reinstalling your OS on devices or trying to throw them away. That won't solve the issue, since all clips with you as main character are already uploaded on remote servers.

Things that may be concerning you: That funds transfer won't be delivered to me. Breathe out, I can track down everything right away, so once funds transfer is finished, I will know for sure, since I interminably track down all activities done by you (my Trojan virus controls all processes remotely, just as TeamViewer). That your videos will be distributed, even though you have completed money transfer to my wallet. Trust me, it is worthless for me to still bother you after money transfer is successful. Moreover, if that was ever part of my plan, I would do make it happen way earlier!

We are going to approach and deal with it in a clear manner.

In conclusion, I'd like to recommend one more thing... after this you need to make certain you don't get involved in similar kind of unpleasant events anymore! My recommendation - ensure all your passwords are replaced with new ones on a regular basis."

16:58 UTC


Where can i get free or cheap numbers for telegram otp verification

Please help guys

16:21 UTC


How can I use these services more safely until I fully stop using them?

Hello everyone! I am pretty new to this "hobby," which I started a few days ago. One of my goals is to fully (or almost fully) stop using FAANG and other services that sell my data everywhere. So far, I have created a new email with a service that was recommended on this Subreddit and other forums. Obviously, the transition will take some time, I can not do it overnight, which is why I have to keep logging into them to check all the services I registered there with. Also, some of them (like Facebook) I might log in to from time to time. Facebook's groups are still a big thing in the place I live, and it is easy to buy things there without scrolling through hundreds of pages to find something you are interested in. I might create a fake account for that, though.

My question is, how can I use these services? Should I use a separate browser? Use VP.N or not, since they already know everything about me? Should I use a virtual machine with a more secure OS?

Additional question. Are you guys using one email with aliases or multiple ones? I was thinking of creating a couple emails and categorizing them, e.g., one for shopping, one for personal stuff, one for traveling and so on. Is it a good idea?

16:18 UTC


Mnemonikey: English phrase backups for PGP keys - v1.0.0 stable release

Hi fellow private citizens. I've got something special for you today.

Today I finally tagged the v1.0.0 stable release of Mnemonikey: A PGP key backup and recovery command-line tool and Golang library.

Mnemonikey uses bitcoin-style english phrase backups to encode a seed and timestamp which are used to deterministically derive a full PGP key. To see all the details, check out the README: https://github.com/kklash/mnemonikey


  • Recovery phrases are only 14 words long. They include a version number to ensure forwards compatibility if Mnemonikey is updated or patched in the future, as well as a checksum to confirm the phrase was typed correctly.
  • Open source with reproducible builds. You don't need to trust me as mnemonikey's publisher.
  • Supports subkey indexing, so you can create multiple subkeys of different types which are all recoverable.
  • Recovery phrases can be encrypted with an extra password.
  • Keys generated by mnemonikey can be loaded onto smart cards like Yubikeys.
  • Fully documented specification. You could easily rewrite mnemonikey in another language if you wanted to.
  • Fancy colored terminal output.
16:16 UTC


How to protect Telegram from the company's security service?

I actively use Telegram, and in the company at my place of work it is the main means of communication. But I don't want the security service or the system administrator to have access to my personal chats, and I also can't use another account for various reasons. There is no full-disk encryption, the operating system is Ubuntu 22.04.
How to protect Telegram from reading the history of personal messages in the workplace?
There is an idea to use the Web version of Telegram, but no other thoughts come.

15:54 UTC


Probably a bad idea to use Reddit to talk about privacy.

Reddit is just as bad as Google, Microsoft, Amazon, and all the other massive tech/social media companies. They're completely closed-source, they have a very vague privacy policy, they're destroying private Reddit clients, and they censor EVERYTHING.

Yes, Reddit is big and you can share ideas to a lot more people with a bigger platform. But, if we should be doing anything in this subreddit, I would think it's sharing & promoting a better place to talk about this stuff. Anything else would basically nullify the entire point of having a community of people who care about privacy.

It shouldn't be Reddit. Maybe start with Lemmy - it's a lot like reddit in a lot of ways, just with way less people. But, it's completely open source, and it only takes the information you let it. This might be the wrong choice though, which is why I'm not claiming to have *the* answer; just *one* answer.

Let me know what you think of all this, and what we should do to solve the issue.

14:11 UTC


Questions regarding meta e2e encryption

Meta is making e2e encryption default. however when you toggle to the instgram report button for comment it still functions. My quesiton is how is it e2e if a third part can view your dms and select which once are deemed bad once a report has gone through?

12:30 UTC


Pi-hole or Safari

Hi guys,

Now, I don't need this to turn into an "Is Apple good or bad". We use Apple devices in our home as a conscious decision and as a balance according to our threat model .

But right now using a Pi-hole makes it impossible to use the iCloud+ Private relay feature. So my question is this: Have you got any thoughts on what is best for my kids to do? Should I disable to Pi-hole so that they use Private relay? Or is Pi-hole better even though it then exposes their IP?

When they're a little older they can use a VePeN but right now they won't know what to do when they hit a page that doesn't accept that.

UPDATE: For anyone coming across this it seems you can whitelist the Private relay servers in Pi-hole. "mask.icloud.com" and "mask-h2.icloud.com"


12:04 UTC


How can businesses know where you live?

I don’t know if it’s a local thing but how can I bank that you’ve never been a part of, send you promotions to your house directly by mail? If you never interacted with them, how can they know your full name?

Is there a way to remove your name and address from wherever they took that information? And how can it be prevented?

11:59 UTC


If being anonymous is blending in why not chrome?

I'm new to this privacy and anonymity stuff so my question might be a easy one but i see people saying don't install more add-ons on your tor and stuff like that to blend in. But isn't blending in Chrome better cuz everyone (most of people) use it?

08:48 UTC


Powerful voice changer recommendations?

Hi, I want to post stream online but protect my identity with a voice changer.

This one seems pretty decent and doesn't sound robotic.


But I can't find the source of the software anywhere.

Anyone recognize this or have other open source / free voice changer recommendations?


04:47 UTC


online purchases

hey, i was wondering if anyone knew of a way to buy stuff online that accept credit cards and it be more private?

i know about MySudo and other card like that but i have the problem of living in Canada

i heard about Koho but i don't know much about it, it sounds like a normal credit card to me but i could be wrong.

would be nice to be able to send money to it and just have it going

02:55 UTC

Back To Top