this post was submitted on 07 Jun 2026
92 points (96.9% liked)

Privacy

49788 readers
345 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
 

IE like Crypto AG:

In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.

top 50 comments
sorted by: hot top controversial new old
[–] Captainautism@lemmy.dbzer0.com 47 points 1 month ago (1 children)
[–] Rat_in_a_hat@lemmy.ca 19 points 1 month ago

Israeli actually, like express VPN

[–] IratePirate@feddit.org 40 points 1 month ago (1 children)

Maybe not a honeypot, but definitely too large for my taste by now: Proton. With Mail, VPN, password manager, file storage, AI and whatnot, it's one ginormous basket to put all of your eggs into, hopping it'll hold.

[–] Quill7513@slrpnk.net 15 points 1 month ago (2 children)

the owner is fine with fascism because fascism makes his product more lucrative

load more comments (2 replies)
[–] sic_semper_tyrannis@lemmy.today 31 points 1 month ago (4 children)

Probably various VPNs on the market

[–] ATS1312@lemmy.dbzer0.com 21 points 1 month ago (1 children)

Especially Israeli owned VPNs. Which seems to be most of them lately.

load more comments (1 replies)
[–] birdwing@lemmy.blahaj.zone 14 points 1 month ago* (last edited 1 month ago)

Especially the ones aggressively marketed, or noted as independent when they cannot give concrete evidence for whence their finances and ownership come. Always question and investigate, and make sure trusted people know you do so.

[–] dessalines@lemmy.ml 14 points 1 month ago (3 children)

I always assume the more popular it is, the more likely it is of being compromised.

I have no idea if it's the case, but I switched away from mullvad after seeing billboards and ads of it everywhere, even on city infrastructure like trains and buses.

[–] Tundra@sh.itjust.works 20 points 1 month ago* (last edited 1 month ago)

If the company is owned by "Kape" its ikely a Israeli honeypot:

https://medium.com/illumination/vpns-the-privacy-trap-4aef67f39634

Kape’s portfolio includes ExpressVPN, acquired in 2021 for $936 million; CyberGhost, purchased in 2017; Private Internet Access, bought in 2019 for $127 million; and ZenMate.

Together, these services account for three of the six most popular VPN products globally, serving approximately 7.4 million paying subscribers.

Kape also owns VPNMentor and Wizcase, review platforms that rank VPN services — including Kape’s own products — for consumers seeking expert guidance.

[–] marcie@lemmy.ml 10 points 1 month ago* (last edited 1 month ago)

if it makes you feel better i know an employee there and theyre a communist and say a lot of mullvad employees are lefties too, idk if they have a union or anything. nym vpn has chelsea manning backing it. not really a traditional vpn though its basically unfree tor that is not slow as balls, has the benefit of really good server coverage and few people blocking it. coolest thing is you can use a seedbox to route traffic to pay it down.

[–] sic_semper_tyrannis@lemmy.today 10 points 1 month ago (2 children)

Mullvad is very likely one of the few good ones. I'd suggest reevaluating it.

[–] Sinonatrix@hexbear.net 11 points 1 month ago

My trust in them was definitely shaken after the recent news about fingerprinting exit IPs: https://tmctmt.com/posts/mullvad-exit-ips-as-a-fingerprinting-vector/

They were very responsive but this seemed like a huge fuck-up to me, to the extent that I question whether it was purposeful.

Not sure who else to trust because other providers like Proton seem even worse

load more comments (1 replies)
[–] Korkki@lemmy.ml 9 points 1 month ago

Most people only use vpn providers for streaming location hopping, torrenting, p*rn and on public networks. For day to day 24/7 use you are just trusting your VPN provider not to spy on your traffic instead of your ISP.

[–] Korkki@lemmy.ml 25 points 1 month ago (11 children)

Signal I think. I don't mean that the end2end algorithm or messaging itself are itself unsafe, the algo has been shown to be secure. This is what people usually rebuke this with, with the reminder of Signal's OSS nature.

The issue the servers and the social networking data that can be harvested. The server code only partially exists in public and we just have to trust that that is actually what is running on whatever AWS server without tampering and self hosting is nearly impossible in practice if technically possible and nobody does it. The social network data (who talks to who) is more valuable than the actual messages logs, which give a massive, but mainly useless datasets. Until LLMs, like 10-15 years ago they were basically impossible to parse for any useful info without using large quantities of eye pairs. Basically if you are an organizer, criminal, government, part of a hunted opposition, you will leak the whole core group structure of your org with attached phone numbers. Whoever with that data can then target their devices and persons with other means. Plus it's literally built on top of CIA money. I think signal is totally safe and adequate for friends and family type of use, but not much else, but then all in all so is whatsapp, mostly since signal and Whattsapp share the same end to end algorithm.

[–] dessalines@lemmy.ml 22 points 1 month ago (1 children)

Signal is def one, otherwise US government orgs like RFA and OTS wouldn't be defending and pushing for it so hard in western privacy spaces, nor fund it.

[–] Tundra@sh.itjust.works 9 points 1 month ago

Have a look at Deltachat

Its starting to make headway: FOSS, Decentralised and anyone who is tech inclined can setup their own Relay.

load more comments (10 replies)
[–] SnotFlickerman@lemmy.blahaj.zone 23 points 1 month ago (2 children)

I know your example is the opposite, but any service that is run and hosted in the US.

It's one of the major issues with Signal.

[–] birdwing@lemmy.blahaj.zone 9 points 1 month ago

Not to mention Graphite and Pegasus, Israeli spyware.

[–] Maeve@kbin.earth 6 points 1 month ago

You got that right.

[–] zebidiah@lemmy.ca 22 points 1 month ago

Not a privacy app, but you should definitely not think anything said on discord is private in any sense whatsoever

Dating apps.

[–] NihilsineNefas@slrpnk.net 16 points 1 month ago (2 children)

Any VPN that isn't actively being sued by world gov/agencies to try and get their data is suspicious.

Alternatively any VPN company with the ability to store data is untrustworthy.

Also every cryptocurrency that exsts.

load more comments (2 replies)
[–] electric_nan@lemmy.ml 15 points 1 month ago (2 children)

Be careful of accepting some of the criticism of Signal in this thread. For most of us, we have to make choices about secure comms from subject matter experts. Almost all the criticism I see of Signal comes from anonymous or otherwise random users online. If you believe in such a thing as expertise, please seek it out when evaluating something like this.

[–] yogthos@lemmy.ml 23 points 1 month ago (4 children)

It is absolutely irrelevant who makes the criticism, what needs to be addressed is the criticism itself. If somebody gives you advice to simply trust people blindly then you should be very suspicious of their motivations.

load more comments (4 replies)
[–] davel@lemmy.ml 12 points 1 month ago (1 children)

Who are the experts, and who pays their salaries? Crypto AG wasn’t lacking in experts.

load more comments (1 replies)
[–] RobotToaster@mander.xyz 14 points 1 month ago (1 children)

Bitcoin.

Hell, monero is the only crypto I think isn't a honeypot, since so many exchanges refuse to list it. That could just be how the government wants us to think though 🤔

[–] SnotFlickerman@lemmy.blahaj.zone 17 points 1 month ago* (last edited 1 month ago) (1 children)

It's not even that Bitcoin is a honeypot, it's that it isn't actually private at all, and through good ol detective work a wallet can be connected to a person, as well as their inflows and outflows and what wallets they're sending or receiving money from.

[–] mrmacduggan@lemmy.ml 9 points 1 month ago

yeah, the whole point of Bitcoin is literally everyone sees your transaction on there. not very cryptic if you ask me

[–] HiddenLayer555@lemmy.ml 14 points 1 month ago* (last edited 1 month ago) (1 children)

All of the "delete my information from data brokers" services IMO, especially the ones that advertise on YouTube. Always smelled fishy to me.

Either that or they're just more data brokers trying to get exclusivity.

[–] GaumBeist@lemmy.ml 6 points 1 month ago

Reject Convenience did a pretty thorough rundown on what they're doing: https://www.youtube.com/watch?v=iX3JT6q3AxA

It's been a minute since I watched, but my key takeaways were that they just reach out to one type of broker which barely scratches the surface of the Data Economy iceberg, and since there's no legal precedent outside of California and the EU, it's purely up to the brokers to decide whether or not they want to comply.

So I think it's probably more likely they really are just private companies preying on people's anxieties about privacy and relative ignorance about the topic, rather than some kind of governmental conspiracy

[–] potatoguy@mbin.potato-guy.space 13 points 1 month ago (3 children)

Sometimes I think that DNS providers could be, like NextDNS (I use them).

[–] SnotFlickerman@lemmy.blahaj.zone 5 points 1 month ago (3 children)

I wish there was a possible way to run an authoritative DNS yourself. The best I can do is a recursive server blah.

load more comments (3 replies)
load more comments (2 replies)
[–] GaumBeist@lemmy.ml 11 points 1 month ago (3 children)

Proxies and VPNs seem like the most obvious targets. They mostly prey on people who don't understand the technical workings thereof (had my mom ask if she needed to get a VPN bc firefox opened on ad for theirs, claiming it enhanced privacy), and serve little benefit to people who are doing the kind of illegal activities that make governments take notice. They serve as a single point of compromise for anyone, and they work worldwide so that all your traffic can be monitored even when you're on a different ISP/in a different country. It's like the perfect MITM, and people are even willing to pay to have themselves monitored.

The truth is that at best they benefit people who only don't want their network-provider watching, but don't care who else may be. It's the perfect setup for a 3-letter agency to just sit and monitor everything anyone does, waiting for someone who's just a little too careless to access illegal content thinking they're anonymous.

load more comments (3 replies)
[–] Tenderizer78@lemmy.ml 10 points 1 month ago (2 children)

Tor comes to mind.

Technologically it's private, but if you're America and have the resources to create and control sufficiently many nodes you can undermine the protections.

[–] jabberwock@lemmy.dbzer0.com 5 points 1 month ago

Wait 'til you hear who invented it...

That said, considering how many illegal services continue to run on it, I don't think it's as porous as some make it out. Definitely has well-documented weaknesses but the project maintainers tend to address them fairly straightforward.

Of course, you're also just as likely to be buying drugs off an Onion market that the FBI seized and kept running just to catch more bad guys, despite it also hosting illegal content itself.

load more comments (1 replies)
[–] 45o3b@lemmy.ml 9 points 1 month ago (14 children)

This thread basically illustrates the challenges for a beginner, such as myself.

I've been locked into the Google ecosystem for nearly two decades and am now trying to free myself.

I'd like to migrate to a hybrid solution that involves self-hosted NextCloud synchronized with a cloud provider that I can trust more than Google.

However:

Proton apparently makes false, or at least misleading, marketing claims and doesn't fight a vast majority of its inbound government requests.

Tuta has been publicly accused by a member of the intelligence community of being a honeypot.

The rest of the email providers seem to implement even fewer protections, relative to these two.

So, what's a guy to do?

Now, to be clear, I'm not saying that either of these companies are bad or that I believe that they're actually honeypots. I'm just trying to illustrate the challenges faced by newcomers (and probably all of us).

While I'd prefer to absolutely maximize privacy and security on all fronts, given that my first goal is de-googling, I will probably start with Proton and NextCloud and re-evaluate from there, but I'm open to suggestions.

Thank you all -- I really appreciate this community.

[–] dessalines@lemmy.ml 9 points 1 month ago

Email is a really tough one especially, because it wasn't designed with security in mind, and of course even if you're on a secure email service, 99% of the emails you send and receive are going to be with non-secure services hoovered up by google or AWS.

Anything is better than google at least.

load more comments (13 replies)
[–] umbrella@lemmy.ml 8 points 1 month ago* (last edited 1 month ago) (1 children)

beyond the obvious ones? signal.

load more comments (1 replies)
[–] Zerush@lemmy.ml 8 points 1 month ago

Often ignored, online games. Non of the VPN which logs the history, TOR also isn't the panacea (network made by US secret service). Mandatory monitoring the traffic with Portmaster, PiHole or similar. FOSS from GitHub with a grain of salt. Good to have analytic tools in the bookmarks, eg Blacklight, Webbkoll, Exodus Privacy, Browserleaks, etc., preferable to use european alternatives. Using decentralized or /and selfhosted services. Common sense and always read TOS and PP before using the app or service.

[–] edel@lemmy.ml 8 points 1 month ago* (last edited 1 month ago) (5 children)

Of course, nobody is going to have evidence here, if there was any the cover would be lifted. But one can guess chances here:

Proton: "Unlikely"... but there is a but. They never cater for the ultimate privacy and they make typical blunders of a company wanted to growth really fast. Now, that they want to be a behemoth in Privacy makes it more vulnerable to requests from law enforcement. Also, law enforcement and intelligence agencies have it easier to penetrate within Proton massive headcount growth.

Tuta: "Very Unlikely". The people behind started very young and had a sustainable growth. The people are very visible (unlike Crypto AG) so least likely to be working for an "agency".

Mullvad: "Very Unlikely". I think their story is similar to Tuta (haven´t followed it that much though).

GrapheneOS: "Very Unlikely". But in the last year I have raised some minor concerns, but I haven change my rating yet....

/e/: "Very Unlikely". I know the dude behind for 2 decades, he wouldn´t. However, /e/ never claimed full privacy and from the beginning says he would comply 100% with "lawful" requests, but it is not a honeypot, not that would make much difference to an intelligence agency if they wanted it.

Signal: "Potentially"... yes, yes... audited, solid privacy code... but still does not make sense to me many aspects; financially solvent from day one, the extreme unquestioned massive and vast support from launching till today... if i have to bet in all of these providers, this platform would have been my take as potential compromised one. I still use it to communicate with family since I trust better than WhatsApp, but I would not use it for critical journalistic info.

load more comments (5 replies)
[–] uberdroog@lemmy.world 8 points 1 month ago (1 children)
[–] davel@lemmy.ml 34 points 1 month ago* (last edited 1 month ago)

Bluesky is like the furthest thing from a privacy app, which it doesn’t even claim to be.

[–] birdwing@lemmy.blahaj.zone 6 points 1 month ago* (last edited 1 month ago) (1 children)

Look what autocratic(ising) governments don't do shit against. And what their opposing governments tell about the autocrat(ising) ones.

Those are more likely to be honeypots imho.

[–] davel@lemmy.ml 10 points 1 month ago

DeepSeek the service censors, but you can run it yourself uncensored.

[–] hexagonwin@lemmy.today 6 points 1 month ago (3 children)

i don't think anyone here considers it a private service at all, but i'm almost certain cloudflare is a honeypot

load more comments (3 replies)
load more comments
view more: next ›