The problem in the privacy community
The privacy community in the internet is divided. Most of the community believe in fake privacy initiatives, only trust mainstream solutions or might even go as wrong as recommending proprietary software and other bad actors like Cloudflare.
By seeing the bad state of the privacy community, I decided to create this site which tries to advocate for real privacy and not just an illusion of it.
I’ve written a brief analysis of well-known privacy sites which don’t provide real privacy.
Probably the most popular privacy site. I used to visit this site too when I was getting started.
This site contains affiliate links and discount codes. While we understand that maintaining something like this requires a lot of time and effort, we consider that the addition of affiliate links and discount codes for certain services may affect the criteria for adding or removing that service, or listing them instead of others which do not give them profits.
Furthermore, this site recommendations are very poor, often targeted at non technical people thus sacrificing privacy. But in some cases they recommend privacy violators instead of alternatives which would require the exact same effort to set up! We consider this unacceptable. This applies to almost every site in this page.
First problem: It’s Cloudflared. Cloudflare is a well known privacy violator and it’s service acts as a MITM attack.
The are a lot of issues with their recommendations. For example, they recommend browsers which are known to send telemetry like Firefox or Brave instead of the mitigated Librewolf and Ungoogled Chromium. Additionally they recommend the Duckduckgo browser when it is clearly outclassed as a Chromium browser by Ungoogled Chromium and Bromite.
- They list Cloudflare as a DNS provider, when Cloudflare is a well known privacy violator.
- In the email providers, they recommend Tutanota and Protonmail which don’t allow third party email clients and have other red flags. Read the digdeeper’s article and the ShadowWiki one.
- Duckduckgo, Startpage, Swisscows and Brave search are recommended. All of them are bad for their own reasons. Check our Search Engine comparison for more information.
- They recommend Thunderbird which is spyware and bloated.
- In Instant Messengers, they recommend Signal and Threema. The first one requiring a phone number and the second one has a proprietary server. Both of them centralised.
- In their addons recommendantion, they recommend uBlock Origin and there’s no mention of the more powerful uMatrix/eMatrix.
There’s probably more, but I didn’t bothered. The fact that it is Cloudflared shows how little they care. There was a huge drama months ago between PrivacyTools.io and PrivacyGuides.org which seemed to be about the donations money. Maybe they only care about donations and that’s why they list awful options like Signal, Thunderbird or Cloudflare. Or maybe they are just incompetent. I don’t know, but it sucks. And it was one of the reasons for the creation of our site.
Created by a former maintainer of PrivacyTools.io. This site at least isn’t Cloudflared. Let’s see if it’s any better than PrivacyTools in their recommendations:
- Firefox and Brave are recommended instead of Librewolf and Ungoogled Chromium.
- Additionally, they recommend Safari which is proprietary and spies on you.
- Cloudflare’s DNS is still recommended
- As mail clients, they recommend Thunderbird and the proprietary Apple Mail.
- Once again, Tutanota and Protonmail are in the email provider list.
- Duckduckgo, Startpage and Brave search are recommended, again.
Probably more, but this alone shows that there’s no real privacy here. Yet another privacy website which instead of digging deeper for real private alternatives they recommend the mainstream solutions. They go as far as recommending proprietary spyware like Apple Mail or Safari. Big red flag.
The New Oil
The New Oil targets non technical users too much. They recommend iOS. iOS is a proprietary blackbox which can’t be fixed. At least Android can be degoogled and you are able to mitigate most of it’s spyware. But with iOS you can’t. They doesn’t mention Android custom ROMs which are far more privacy respecting than the factory one.
They critize Firefox and Brave but still recommend them, not mentioning the truly private alternatives like Librewolf and Ungoogled Chromium/Bromite.
For email, once again, they recommend Tutanota and Protonmail. One fun fact is that they give Protonmail more “Pros” and less “Cons” than Tutanota. Casually they happen to link Protonmail with an affiliate link while they don’t have one for Tutanota.
As instant messengers they recommend Signal, Threema and Wire. See our IM comparison if you don’t know why this is bad.
There’s much more to be said about this topic, this was extracted from a discussion in the Spyware MUC
One of the greatest problems in the community are a security researcher known as the Madaidan and a GrapheneOS dev, Micay. They almost have the same ideas when it comes to security (and unfortunately privacy). GrapheneOS devs attack everything with the excuse of security. Android ROMs are a security nightmare because they don’t have firmware updates and the bootloader is unlocked. Calyx is very insecure due to signature sppofing. Firefox is quite insecure, so you must use Google’s browsers. A known member of the GrapheneOS matrix room has been attacking F-Droid and enhancing GrapheneOS store and the Aurora Store.
Micay, in the FAQ of GrapheneOS, says that the Linux kernel is insecure and that he’s excited about replacing it with a microkernel (Oh, did you know that Google’s Fuchsia is a microkernel?). As they see it, we have to use Google hardware and software because every alternative is ridicously insecure.
They also recommend using smartphones (GrapheneOS in a Google device or non-jailbreaked iOS up to date) over desktop computers because computers weren’t design with security in mind. And if you want to use a desktop, they recommend Windows 11 with secure boot. What a joke. Windows is a major privacy offender. You can’t be private in Windows. You may even get a hosts file with a ton of blocked domains to block Microsoft’s telemetry. But then, Windows will detect that behavior like a virus and it deletes it.
Yeah, sure, a Google phone with proprietary bootloader and a proprietary TITAN M chip is the best option for privacy.
Madaidan tends to recommend corporate software like Chromium, MacOS or Windows. He will shit on Linux and he completely ignores OpenBSD, which has been awarded as an excellent security focused desktop OS. He recommends Signal, in spite of requiring Personal Identifiable Information like a phone number and being centralized. He doesn’t mention XMPP, which outclass Signal. In his browser article he doesn’t even recommend configuring your browser and he’s against content blockers, saying that everyone configures their browser differently and that you’ll stand out.
That is the average excuse to use Google Chrome. But there are other options: Moonchild, the main Pale Moon dev takes the other approach, since he knows that blending in is almost impossible, he makes his fingerprint unique in purpose, randomizing it with every page reload.
At the end, these recommendations are harmful for the user’s privacy. If you want a truly secure boot, take a desktop with support for Libreboot/Coreboot and make GRUB verify with GPG. That’s a true secure, verified boot. Not like Microsoft’s, which only purpose is to force you into using Windows.
Further reading and sources
- The undercoverman
- The Spyware MUC