Happy winter and merry festivities!

Last year I made a post outlining many gift ideas for privacy enthusiasts. I'm back this year with an updated list. Privacy enthusiasts, by nature, are sometimes difficult to buy gifts for. This list is here to make it easier for you to come up with ideas, even if you don't directly gift what's on the list. I've decided to make a rule this year: only physical items. You can't put a subscription under the tree.

3D printers

3D printers can turn plastic into any shape you want. While a lot of 3D printers include proprietary privacy-invasive software, there are open-source options such as RepRap. The privacy benefit of these comes in the form of homemade firearms. Traditional firearms include many elements to trace the ammunition back to the firearm, but homemade firearms (such as ones made using a 3D printer) exclude these. The reliability of the firearm depends on the quality of the 3D printer, but the designs are getting easier and easier to make.

Accessories

Especially for phones, there are a few of privacy accessories that are simple but effective.

• Faraday bags
• Lens covers (which some phone cases include)
• Microphone blockers (which is more effective as a recording jammer)
• Monitor filters (better known as privacy screen protectors)

Anonymous dress

Anonymous dress is clothing that conceals your identity in public. Obtaining these items of clothing is a chore, so it's always easiest when it is gifted by somebody else. Black, unthemed clothing does the best job of protecting privacy. The holy grail of anonymous dress is:

• A balaclava to hide your face.
• A baseball cap to further hide your face, although a sun hat does a better job.
• A hooded down jacket to hide body shape and skin color. There are significantly long down jackets that extend below the knees that can somewhat conceal your gait too. Last year I included jackets that spoof AI recognition or blind infrared cameras, but those are very difficult to find and can be very identifying.
• Elevator shoes to conceal your height.
• Sunglasses to hide your eyes. Reflectacles do the best job of this.
• Touchscreen gloves to prevent fingerprints and still be able to use touchscreens. Normal gloves work when paired with a capacitive stylus.
• An umbrella to hide your clothing from surveillance cameras.

Ciphers

Not all encryption is digital. Traditionally, complex codes and ciphers were created to conceal messages. Hardware devices like the enigma machine were used to further aide the process. Modern versions of those devices, as well as related items such as invisible ink are still around and can be a fun project.

Computers

Laptops, desktops, and servers are all useful devices for accessing digital services privately. While there is no best choice, some lists can help shine some light on which hardware is considered secure:

• PrivSec.dev Laptop Hardware Security
• Qubes OS Hardware Compatibility List

Concealment devices

Concealment devices are things that look like ordinary objects, but in some way or another, have a hidden compartment used for storage. These are excellent ways to hide sensitive items such as cash, backup security tokens, and more. These are excellent gifts if you're giving one-on-one rather than at a party.

Cryptocurrency wallets

Cryptocurrency wallets are devices used to securely store (the keys for) cryptocurrency such as the private cryptocurrency Monero. The two best options are:

• Ledger
• Trezor

Dumb tech

Dumb tech is the opposite of smart tech. It doesn't connect to every device in your house. It doesn't broadcast that data to a corporation. It doesn't get exposed in a data breach. It doesn't get hacked. It doesn't go down when the internet goes offline. Things like dumb TVs or dumb cars are becoming harder to find but more and more valuable for privacy.

Mail

Mail is almost always sensitive. For that reason, it's useful to protect the contents by using security envelopes. For delivering packages privately, it's also useful to have a label printer capable of printing shipping labels.

Money

Banks and payment service providers are almost always incredibly privacy invasive and offer poor security. While some of these issues can be mitigated with services like Privacy, it doesn't fix the underlying issue. Anonymous payments not only protect your privacy, but protect your money too, and having the ability to make payments like these is what allows privacy to further grow. Anonymous payment methods include:

• Cash
• Gift cards (when purchased with cash and adequate anonymous dress)
• Monero (which is physical when paired with a cryptocurrency wallet)
• Stored-value card (when purchased with cash and adequate anonymous dress)

Optical discs

Optical discs are a physical way to store movies, shows, music, games, and more. The idea is that, instead of paying a subscription and streaming content, you can pay a one-time fee and get the full quality media offline. This is also excellent for ripping to create a digital archive to stream from your own servers for free.

Paper

Your most sensitive information is put at risk the moment it becomes digitized, so pen and paper isn't so bad for some uses:

• Earlier this year, Amazon removed the option to download and transfer ebooks. It's becoming increasingly harder to "own" an ebook, especially without using privacy-invasive software. For that reason, books are much better for privacy.
• Calendar apps are convenient for reminders, but they often sync to cloud services or include telemetry. Physical calendars are a good way to have peace of mind knowing that your personal events are away from prying eyes and can be erased without a trace.
• Notebooks are also useful for the same reasons as books. There are also numerous benefits to writing things down instead of typing them.

Paper shredders

Paper shredders destroy sensitive documents to prevent obtaining sensitive information by digging through landfills. However, shredded documents can be recovered using automated software. The paper shredder industry hasn't discovered fire yet, it seems.

Power cables

Most cables carry both power and data. However, that can be exploited by cleverly designing fake power stations that discreetly steal data when plugged into devices. Some cables only deliver power, without delivering data. These are incredibly useful for protecting vulnerable devices in public settings.

Printers

Printers suck. So much so that not even Framework wanted to make one. Nevertheless, a new printer called Open Printer is in the works. Until it's finished, the best option is to gift a printer that allows printing over a wired connection.

Promotional merchandise

There is no shortage of promotional merchandise for privacy. Some of my favorites include:

• Electronic Frontier Foundation
• Naomi Brockwell TV
• Privacy Guides

I also recently found products like this that serve a functional benefit of telling people you don't want to be recorded without explicitly talking to them.

Rayhunter

Rayhunter is a device created by the Electronic Frontier Foundation to detect Stingray attacks. It can be installed on supported devices, which are great gifts for high threat model people.

Safes

Safes are a secure box to store sensitive items. I shouldn't need to explain why this is a good idea.

Security seals

Security seals are a special type of sticker that makes it very clear if the seal has ever been broken. This is useful to place on the case of computers or other containers that shouldn't be opened often.

Security tokens

Security tokens are hardware devices used to authenticate accounts at a hardware level. When setup correctly, they are one of the most secure way to login. The most popular open source options are:

• Nitrokey
• OnlyKey
• SoloKeys

Smartphones

GrapheneOS is the most private and secure operating system available. They recently announced that they are partnering with an OEM to manufacture devices designed for GrapheneOS. However, until that device is made available, Google Pixels are still the only device GrapheneOS can be installed on.

USB flash drives

USB flash drives are the unsung heroes for so many areas of privacy. Whether it be installing operating systems such as Qubes OS and Tails, or creating offline Seedvault backups for GrapheneOS, USB flash drives have a multitude of uses. Just remember: it's better to have many, smaller USB flash drives than one, large USB flash drive.

Wi-Fi hotspots

Wi-Fi hotspots are (for privacy use-cases) hardware devices that allow connecting devices to the cellular network in a much more private way. The best one that supports an excellent privacy organization is the Calyx Internet Membership.

Wired headphones

Wired headphones not only provide higher quality audio output, but they also avoid the history of security issues with Bluetooth and the surveillance capitalism that comes with Bluetooth Low Energy beacons. Which type of wired headphones you gift depends on a lot of factors, but one that pairs nicely with Google Pixels are the Pixel USB-C earbuds sold by Google themselves.

Wireless routers

Wireless routers often leak everything sent through them. For that reason, custom software such as OpenWrt was designed to replace the privacy invasive software preinstalled on routers. OpenWrt also created their own router called the OpenWrt One. Earlier this year, they announced that they would be creating a new router called the OpenWrt Two. It hasn't come out yet, but maybe it will be on the list next year.

Conclusion

There is no shortage of privacy tech. The same technology that empowers privacy is the thin veil slowing down the world from its dystopian target. Giving the gift of privacy means giving the gift of a better future for those of us fighting on the front lines.

Lack-of-AI notice

I’ve been burned before, so I always try to mention that none of my content is AI generated. It isn’t even AI assisted. Just because something is comprehensive and well-structured does not make it AI generated. Every word I write is my own. Thank you for your understanding.

I wanted to share an interesting statistic with you. Approximately 1 out of every 25 people with a Google Pixel phone is running GrapheneOS right now. While it's difficult to get an exact number, we can make educated guesses to get an approximate number.

How many GrapheneOS users are there? According to an estimate released by GrapheneOS today, the number of GrapheneOS devices is approaching 400,000. This estimate is based on the number of devices that downloaded recent GrapheneOS updates. Some users may have multiple devices, such as organizations, and some users may download and flash updates externally, but it's the best estimate we have.

How many Google Pixel users are there? Despite Google's extensive data collection, this one is surprisingly harder to estimate, since Google hasn't released an exact number. There's a number floating around that Google has 4-5% of the smartphone market, which is between 10 million and 13.2 million users in the United States. I can't find the source of where this information came from. That number is problematic, too, because Japan supposedly uses more Google Pixel phones than the United States. The Pixel 9 series was also a big jump in market share for Google. I couldn't find any numbers smaller than 10 million, and it made the math nice, so that is what I went with.

Putting the numbers together, it means that 4% of Google Pixel users are running GrapheneOS. That means in a room of 25 Google Pixel users, 1 of them will be a GrapheneOS user. If you include all custom Android operating systems, that number would certainly be much, much higher.

To put it into perspective, each pixel in this image represents ~5 Google Pixel users. Each white pixel represents that those ~5 people use GrapheneOS:

Even with generous estimates to Google's market share, GrapheneOS still makes up a large portion of their users.

FreeTube wasn't loading a video, so I tried opening it in the YouTube website instead. Rather than being able to watch a 13 second video (here it is in case anyone wants to know), I managed to capture is one of the most dystopian screenshots I've personally seen. Every single element of this image is truly astounding if you look close enough and think about it for a moment.

13 seconds of your life now costs you even more time to prove you're not trying to scrape a video from a hundred billion dollar corporation with nearly infinite resources, advertisements and clickbait grabbing at your attention, every interaction logged and sold to thousands of data brokers, and you can't even show your appreciation without selling more information by creating an account. How did we get here?

Introduction

I wanted to explain the structure of freedom, and why part of what constitutes a free society is the right to privacy. One of the most difficult parts of educating people on privacy is the confusion about what it actually is. People often confuse privacy with secrecy, privacy with anonymity, and privacy with security. I want to distinguish between multiple related terms and show the structure of how, in order to have a truly free society, you need the right to privacy.

What is privacy?

I want to be very clear about what privacy actually is and is not. Privacy is not hiding everything about yourself. Hiding things is secrecy. Privacy is not hiding who you are. Hiding who you are is anonymity. Privacy is not protecting your information. Protecting your information is security.

Privacy is the ability to choose what you share. That gives us our first clue about the structure of a free society. Secrecy relies on privacy, because if you can't choose what you share then you cannot keep secrets.

An example of secrecy would be hiding how much you make at your job. An example of privacy is choosing to exercise that secrecy. In the moments between someone asking you how much you make and telling them you don't feel comfortable sharing that, you take a moment to decide whether or not you want (or consent) to telling them. That is privacy.

Why the distinction?

The distinction between privacy and secrecy is incredibly important for making arguments about privacy. People may say "I have the ability to choose what I share, because I am able to choose your level of privacy if I want to." What they really mean is that they can choose your level of secrecy. You don't choose to be under surveillance, but you can choose to protect yourself from surveillance, not by hiding everything you do but by eliminating the things that are tracking you in the first place.

In reality, many people cannot choose the same level of secrecy. Privacy is eroded in the background, and many people don't realize how far surveillance really goes. Becoming secretive is not the solution, because that is the same as eliminating your free speech in the face of being persecuted. This is our second clue about the structure of a free society, because free speech relies on both privacy and secrecy.

What is security?

Security is, simply, measures taken to protect something. Encryption is an an example of security, because it is used to protect sensitive data from unwanted intrusion. I want to make a clear distinction between security and safety. Security protects you before an intrusion occurs, whereas safety protects you after an intrusion occurs.

An example of safety is a surveillance camera. A surveillance camera cannot stop a crime from occurring, but it can record evidence to convict a criminal after the fact. On the other hand, strong locks are an example of security, because they protect a store from being broken into before a theft takes place.

I deliberately call them surveillance cameras instead of security cameras, because safety is different from security. When the news talks about security measures, often times they are really referring to safety measures. Safety measures are often privacy invasive, because they usually require a level of data retention to be effective.

Security protects against unwanted intrusion. If there is unwanted intrusion on data, that means it was shared without consent. Because of that, if there is no security, there is no privacy either. That gives us our third clue about a free society. A free society does not need safety, it needs security, and privacy is not possible without security.

What is anonymity?

Anonymity means hiding your identity. Because it directly relies on hiding something, it's immediately obvious that anonymity relies on secrecy. Anonymity is the best defense against a corrupt government, because it allows us to speak up against corruption without fear of persecution. Even with perfect secrecy, we ourselves can still be convicted by exercising our right to privacy. This is the final piece we need to see what a free society relies on, because without a way to combat corruption, there is no way to be free.

What is freedom?

We've finally arrived at the final section, which puts together the pieces to show what is necessary for a free society. While this is only part of what freedom requires, it is not a part that can be ignored.

This pyramid of freedom shows the dependencies for each element. Security is the foundation that everything else is built on. Privacy relies on security to prevent unwanted violation of consent. Secrecy relies on privacy to prevent sharing without consent. Anonymity relies on secrecy to hide your identity. Finally, freedom relies on anonymity to fight against corruption.

You may notice safety is not on there. While safety can be good, it often violates some aspect of the pyramid. It isn't necessary for a free society. In fact, safety doesn't even need security. Surveillance cameras are breached all the time, but that doesn't change their purpose or effectiveness.

Conclusion

Privacy is essential for a free society, but it isn't the only essential liberty. Security is the foundation that privacy is built on, and even that is eroded away by conflating security with safety. Knowing the distinctions and relationships between the various elements is incredibly useful when speaking up about privacy, because even if you can defend every "nothing to hide" argument, people still tend to have a fundamental misunderstanding about what privacy really is.

Lack-of-AI Notice

I've been burned before, so I always try to mention that none of my content is AI generated. It isn't even AI assisted. Just because something is comprehensive and well-structured does not make it AI generated. Every word I write is my own. Thank you for your understanding.

This was my first time testing an easier way for me to create posts by first drafting them in Iotas. I had a couple hiccups such as forgetting to insert the image and forgetting to double newline paragraphs, but it worked alright.

I've collected a lot of privacy tips over the years, ranging from somewhat common to very niche. After seeing this post, I wanted to share them, along with ways to mitigate each of them. I've tried to find sources for each of them, but some of them simply don't have good sources. You can help by finding good sources (Wikipedia, research papers) covering the specific topic. As with all my posts, this is not AI-generated, just well-structured.

Good sources

Glove Prints

Problem: Thin gloves like surgical gloves can still leave fingerprints on surfaces.

Source: https://en.wikipedia.org/wiki/Glove_prints

Mitigation: Wear thick, textured gloves

Main Hum

Problem: The hum of the electrical grid can be used to determine when, and sometimes where, an audio recording took place.

Source: https://en.wikipedia.org/wiki/Electrical_network_frequency_analysis

Mitigation: Only record audio in places far away from electrical appliances.

Stylometry

Problem: Your writing style can uniquely identify you.

Source: https://en.wikipedia.org/wiki/Stylometry

Mitigation: Use AI rewriting tools to obfuscate your writing style.

Infrared Glasses

Problem: Sunglasses don't block infrared cameras.

Source: https://www.reflectacles.com/irlenses

Solution: Buy infrared blocking/reflecting sunglasses such as Reflectacles.

Tracking Dots

Problem: Printers add tracking dots that identify which printer was used to print a document and when it was printed.

Source: https://en.wikipedia.org/wiki/Printer_tracking_dots

Mitigation: Use a printer that may not come with this feature (such as the upcoming Open Printer or use public printers like those found in libraries.

WiFi Motion

Problem: Wi-Fi routers are able to track motion under specific conditions.

Source: https://www.cognitivesystems.com/wifi-motion/ (and others)

Mitigation: Radio jammers may provide some protection against this, since the technology is still fragile.

PrintListener

Problem: Your fingerprint can be uncovered using the sound of your finger gliding across your screen.

Source: https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf

Mitigation: Use a ballpoint pen with a stylus tip, which are somewhat common to find at most events.

Laser Microphone

Problem: You can record audio using the vibration of nearby objects, like windows.

Source: https://en.wikipedia.org/wiki/Laser_microphone

Mitigation: Have sensitive conversations in closed-off or soundproof rooms or outside in remote areas.

Keystroke Recording

Problem: Your keystrokes can be uncovered using audio recordings of typing.

Source: https://arxiv.org/pdf/2403.08740

Mitigation: Use virtual keyboards.

Typing Patterns

Problem: You can be identified based on your typing patterns.

Source: https://expertbeacon.com/your-typing-style-is-as-unique-as-your-fingerprint-heres-what-that-means/ (and others)

Mitigation: Type into a text editor and copy-paste into the form you want to submit.

Unshredder

Problem: Shredded documents can be reconstructed.

Source: https://www.unshredder.com/ (and others)

Mitigation: Burn sensitive documents or use piranha solution.

Microbial Cloud

Problem: You can be identified using your unique microbial cloud.

Source: https://peerj.com/articles/1258/

Mitigation: Shower obsessively, I'm not sure.

Gait Recognition

Problem: The way you walk can identify you.

Source: https://en.wikipedia.org/wiki/Gait_analysis

Mitigation: Place gravel in your shoes or intentionally walk funny.

Store Tracking

Problem: Stores track your location using Wi-Fi and Bluetooth signals from your device.

Source: https://en.wikipedia.org/wiki/Indoor_positioning_system (and others)

Mitigation: Disable Wi-Fi and Bluetooth when not in use.

Gyrophone

Problem: Gyroscopes can record audio

Source: https://crypto.stanford.edu/gyrophone/files/gyromic.pdf

Mitigation: Disable sensor permissions for apps that don't need it on GrapheneOS.

Camera Styles

Problem: Cameras can be identified using picture styles.

Source: https://www.scientificamerican.com/article/tracing-photos-back-to-the-camera-that-snapped-them/

Mitigation: Use Polaroid cameras or obfuscate pictures before sharing them.

Amazon Sidewalk

Problem: Offline Amazon devices can access the internet by communicating with nearby online Amazon devices.

Source: https://en.wikipedia.org/wiki/Amazon_Sidewalk

Mitigation: Don't use Amazon devices.

Deep-TEMPEST

Problem: Data sent over a wired connection (like HDMI) can be received wirelessly.

Source: https://arxiv.org/pdf/2407.09717

Mitigation: Use shielded cables or encrypt wired connections in transit.

Cartridge Memory

Problem: Offline printers exfiltrate data through ink cartridges.

Source: https://support.hp.com/us-en/document/ish_6681254-6681301-16

Mitigation: Use a printer that does not come with this feature (such as the upcoming Open Printer.

WhoFi

Problem: You can be identified based on how your body blocks Wi-Fi signals.

Source: https://www.theregister.com/2025/07/22/whofi_wifi_identifier/

Mitigation: Use a Radio jammer.

Stingray

Problem: Most phones are vulnerable to Stingray attacks.

Source: https://en.wikipedia.org/wiki/Stingray_phone_tracker

Mitigation: Use Rayhunter to detect Stingray attacks.

EICAR

Problem: Surveillance cameras can scan QR codes.

Source: https://www.linkedin.com/pulse/qr-code-car-hack-fun-impractical-w-garrett-myler

Mitigation: Some surveillance cameras will crash if they scan a QR code with an EICAR Anti-Virus Test File.

Pulse-Fi

Problem: Wi-Fi can measure your heartrate

Source: https://ieeexplore.ieee.org/abstract/document/11096342

Mitigation: Cover your skin to reduce effectiveness.

Mediocre sources

Security Envelopes

Problem: The contents of envelopes can be read without being opened by seeing through the paper.

Source: General knowledge.

Mitigation: Use security envelopes or thick packaging.

Branding

Problem: Even when fully covered, the clothing you wear can identify you.

Source: General knowledge.

Mitigation: Use plain unbranded clothing bought secondhand from yard sales or Goodwill.

Body Shape

Problem: Even when fully covered, your body shape can identify you.

Source: General knowledge.

Mitigation: Wear baggy black clothing like down jackets.

ID Address

Problem: State ID cards have your address listed on them.

Source: General knowledge.

Mitigation: Passports are valid photo IDs that do not have your address listed.

Bluetooth Contacts

Problem: Any Bluetooth device you pair your phone to can access your contacts.

Source: Various online discussions.

Mitigation: Use a phone that allows you to deny that permission when pairing Bluetooth devices.

Voice Changers

Problem: Voice changers can be reversed.

Source: Various online discussions.

Mitigation: Use voice changers that highly obfuscate your voice (beyond something like a pitch shift) or use a program that converts live speech-to-text into live text-to-speech.

Analog Speakers

Problem: Speakers can be used as microphones.

Source: Various online discussions. You can try this yourself by plugging a speaker into your microphone jack.

Mitigation: Use built-in speakers or remove all speakers entirely.

Spray Paint

Problem: Spray paint can't blackout surveillance camera lenses.

Source: Various online videos of failed criminals.

Mitigation: Use duct tape or other adhesives that are not only cheaper but provide better protection.

Censorship

Problem: Pixelated or blurred images can be reversed.

Source: Various reversal tools.

Mitigation: Censor information using solid boxes.

Bad sources

Radio

Problem: Receiving antennas can be geolocated using signal interference.

Source: I couldn't find a suitable source covering this specifically. This is a general source.

Mitigation: Receive media via offline methods.

Vehicle Telemetry

Problem: Cars will collect telemetry locally to be shared when you visit auto repair shops.

Source: I couldn't find a suitable source.

Mitigation: Use dumb cars or commute using bicycles, buses, etc.

Detaining

Problem: Police can detain you without a valid reason if you carry an ID.

Source: I couldn't find a suitable source.

Mitigation: Don't carry your ID unless you need to.

Copper Strips

Problem: Buildings can be wiretapped using microphones as thin as paint.

Source: I couldn't find a suitable source.

Mitigation: Have sensitive conversations in areas unlikely to be wiretapped, or buildings with plain concrete walls.

Biometric Unlock

Problem: Police don't require a warrant to unlock your phone using biometrics.

Source: Various sources have conflicting information.

Mitigation: Lock your phone without biometrics or use two-factor fingerprint unlock on GrapheneOS.

Pedometers

Problem: Pedometers can reveal information such as your religion.

Source: A website I still can't find.

Mitigation: Use dumb pedometers that don't include timestamps.

Almost one year ago I made this post about how the Wikipedia page for the "Nothing to hide" argument removed the text stating that it is a logical fallacy. I advocated for it to be added back. Three days after that post it was added back.

Exactly one year, to the day, after the logical fallacy text was removed, it got removed again. On October 19th of this year, a different user removed the text from the Wikipedia page, despite plenty of evidence that the "Nothing to hide" argument is a logical fallacy.

I am back here, once again, advocating that the text be added back.

P.S. It's an absolutely crazy coincidence that the same edit happened to the same page on the same day exactly one year apart.

After making a post about comparing VPN providers, I received a lot of requested feedback. I've implemented most of the ideas I received.

Providers

• AirVPN
• IVPN
• Mozilla VPN
• Mullvad VPN
• NordVPN
• NymVPN
• Private Internet Access (abbreviated PIA)
• Proton VPN
• Surfshark VPN
• Tor (technically not a VPN)
• Windscribe

Notes

• I'm human. I make mistakes. I made multiple mistakes in my last post, and there may be some here. I've tried my best.
• Pricing is sometimes weird. For example, a 1 year plan for Private Internet Access is 37.19€ first year and then auto-renews annually at 46.73€. By the way, they misspelled "annually". AirVPN has a 3 day pricing plan. For the instances when pricing is weird, I did what I felt was best on a case-by-case basis.
• Tor is not a VPN, but there are multiple apps that allow you to use it like a VPN. They've released an official Tor VPN app for Android, and there is a verified Flatpak called Carburetor which you can use to use Tor like a VPN on secureblue (Linux). It's not unreasonable to add this to the list.
• Some projects use different licenses for different platforms. For example, NordVPN has an open source Linux client. However, to call NordVPN open source would be like calling a meat sandwich vegan because the bread is vegan.
• The age of a VPN isn't a good indicator of how secure it is. There could be a trustworthy VPN that's been around for 10 years but uses insecure, outdated code, and a new VPN that's been around for 10 days but uses up-to-date, modern code.
• Some VPNs, like Surfshark VPN, operate in multiple countries. Legality may vary.
• All of the VPNs claim a "no log" policy, but there's some I trust more than others to actually uphold that.
• Tor is special in the port forwarding category, because it depends on what you're using port forwarding for. In some cases, Tor doesn't need port forwarding.
• Tor technically doesn't have a WireGuard profile, but you could (probably?) create one.

Takeaways

• If you don't mind the speed cost, Tor is a really good option to protect your IP address.
• If you're on a budget, NymVPN, Private Internet Access, and Surfshark VPN are generally the cheapest. If you're paying month-by-month, Mullvad VPN still can't be beat.
• If you want VPNs that go out of their way to collect as little information as possible, IVPN, Mullvad VPN, and NymVPN don't require any personal information to use. And Tor, of course.

ODS file: https://files.catbox.moe/cly0o6.ods

I made a spreadsheet comparing different open source VPN providers.

Part 2 here

Providers

• IVPN
• Mozilla VPN
• Mullvad VPN
• NymVPN
• Proton VPN

Notes

• Please do not start a flame war about Proton.
• Please do not start a flame war about cryptocurrencies. Monero is the only cryptocurrency listed because of its privacy.
• The very left column is the category for each row, the middle section is the various VPN providers, and the right section is which VPNs are the best in each category.
• IVPN has two differing plans, which is why "Standard" and "Pro" are sometimes differentiated.
• For accounts, "Generated" means a random identifier is created for you to act as your account, "Required" means you must sign up yourself. Proton VPN allows guest use under specific conditions (e.g. installed from the Google Play Store), but otherwise requires an account.
• Switzerland is seen as more private than Sweden. Gibraltar is seen as privacy neutral.
• All prices are in United States Dollars. Tax is not included.
• Pricing is based on the price combination to achieve the exact time frame. For example, Proton VPN does not have a 3 year plan but you can achieve 3 years by combining a 2 year plan with a 1 year plan.
• The availability section is security based. Availability is framed around a GrapheneOS and secureblue setup.
• The Proton VPN Flatpak is unofficial, but based on the official code.
• Availability on secureblue is based on the ujust install-vpn command. Security features must be disabled on secureblue in order to use the GUI for IVPN and Mullvad VPN, but not for Proton VPN. Mozilla VPN and NymVPN are available as Flatpaks, which are safer than layering packages.
• I wanted to include more categories, such as which programming languages they are written in, connection speed, and security, but that became far too difficult and complex, so I decided to omit those categories.

Takeaways

• NymVPN is very very new, but it's off to a strong start. It wins in almost every category. I actually hadn't heard of it until I started this project.
• If you want a free VPN, Proton VPN is the only one here that meets that requirement.
• If you want to pay week-by-week, IVPN is the only one that allows that.
• If you're paying month-by-month on a budget, Mullvad VPN is the cheapest option.
• NymVPN is the cheapest plan for anything past 1 month.
• If you want to use Accrescent as your main app store, IVPN is the only VPN available there for now.
• If you want to pay for a bundle of apps, including a VPN, Proton sells more than just a VPN.
• Mozilla VPN is terrible. The only thing it has going for it is a verified Flatpak, but NymVPN also has that so it doesn't even matter.

I can't figure out which crate(s) I should be using to create GUI applications. I only want to create simple 2D games like Conway's Game of Life, so I don't need anything fancy. At most I would like to be able to easily create polygons.

I've already looked at Are we game yet?, but it would be a waste of time to learn 20 different crates in order to decide on which one to use. Bevy is far too heavy and doesn't even work if you are low on memory. SDL3 isn't natively supported without some workarounds (but SDL2 is fine). Winit tries to use insecure X11 unless I manually add it as a dependency with the Wayland feature. I plan to eventually learn GTK4+Adwaitta, but that's unnecessary for simple games.

GUI in Rust seams like a mess. There's so many crates ranging from simple to complicated. Information becomes outdated quickly, so LLMs often fail to help. There's few clear comparisons between crates to help you decide, so it becomes a headache. I'm just looking for a modern, safe, easy, minimal GUI crate.

Does anyone have any advice?

I would spend the time to write this in my usual lovely article style, but I'm too upset to do that right now. To put it bluntly: email and phone numbers suck. They both need to die.

Emails

Security

Email, like many other protocols, was not originally designed with privacy or security in mind. You can get "less bad" email providers such as Proton Mail or Tuta Mail, but those only have basic privacy when contacting other emails using the same provider.

Email is one of many protocols designed in the early days of the internet before privacy and security were considered. Since then, there have been Band-Aid solutions added to email to give it some semblance of security, but it is still fundamentally insecure. It lacks many of the features that modern communication protocols like the Signal Protocol and SimpleX Chat Protocol have.

Aliases

One major flaw with emails is that people commonly use the same email for everything. That not only becomes a unique identifier, but it makes it nearly impossible to fight spam and puts all your accounts at risk if your email is breached.

A solution was created to fix this problem in the form of email aliasing services such as addy.io or SimpleLogin. These services allow you to create a large number of random email addresses that all forward to your real email address. This allows you to avoid using a unique identifier for every website, and block spam by simply disabling the email alias.

Email aliasing is great... when it's accepted. Many services have begun blocking email aliases because aliasing eliminates a unique identifier. People (allegedly) use aliasing to create multiple accounts to abuse free services.

Overuse

Email is required to sign up on almost every website. As mentioned previously, it has many security flaws and email aliasing only partially helps. Websites abuse the fact that emails are supposed to be a unique identifier, so they use it for things like multi-factor authentication or login alerts. Neither of those are what email was designed for, and you only end up putting your account at risk by using it compared to authenticator apps like Aegis Auth or Ente Auth.

Email is also used to sign up for news letters, receive shipping alerts, send sensitive information for jobs and job applications, contacting most businesses, even logging into some computers. All of these pose a risk if you don't use email aliasing or if your email is breached. What upsets me most is seeing open source software requiring email addresses, like GitLab, Codeberg, many Lemmy instances, etc. These shouldn't request anything past a username and a password.

Email overuse has gotten so bad that many disposable email services like Maildrop have been created in order to generate throwaway emails to get past authwall screens. These should never be used for real accounts because anyone can access them and, as I mentioned before, most websites will allow you to login only by verifying your email.

Anonymous Email

Email providers are being hit with mass sign-ups because of how often email is used. Because of this, many email providers block you from signing up if you are connected to a VPN or Tor. This means that in order to create a single email address to do almost anything across the internet, you must give away your IP address to the email provider first, effectively deanonymizing yourself. The internet was supposed to be built to be free, but giving away your personal information to access content doesn't sound very free to me.

Kill Emails

Emails are outdated, overused, and not private. They were never designed to be (ab)used the way they are right now. Even something as simple as setting up Git or GnuPG asks for your email, or signing up for a local event. This needs to stop. Using fake emails doesn't solve the underlying problem.

Phone Numbers

Gratis

If you thought free emails were bad, imagine paying to have your privacy disrespected. A single phone number will cost you a monthly subscription, even if you only need to receive a single text. Prepaid SIM cards are becoming a dying art, especially in the United States. Most mobile phone operators will make you buy and activate an eSIM, which requires an egregious amount of personal information to activate (including email). Most payphones have been abolished too, meaning you can hardly pay by the minute anymore.

Security

Phone numbers don't even pretend to be private or secure. It's sent unencrypted to anyone with a $15 antenna, and intercepted by almost every government in the world. Salt typhoon showed just how abysmal cellular security really is. RCS and iMessage are slight steps up in terms of privacy (providing at least some encryption), but it barely provides any protection.

Phone numbers in this respect are even worse than email. SS7 attacks can trivially intercept communications by anyone without any user interaction. That is an easy way to grab multi-factor authentication codes sent via SMS. Despite all of these known issues, people still insist on using phone numbers for almost everything.

Aliases

While not free, you can use services such as MySudo to create phone number aliases. These aliases are really just real phone numbers, all of which you own. Unfortunately, these phone numbers are VoIP numbers, which many services block.

Overuse

Like emails, phone numbers are used in a lot of applications. Because they cost money, they are a better unique identifier than emails, since people are less likely to own multiple. Phone numbers may be required to create accounts, apply for jobs, do almost anything government related, and much more. All of this is done unencrypted and intercepted.

My favorite: in many places, you have to use a phone to contact non-emergency services. The homeless and other people who can't afford phone numbers are unable to report crimes since there are no pay phones. Even visiting the police station in person will get you turned away and told that you must call (speaking from experience) no matter how much you try to convince them.

Thankfully, many times when a phone number is asked for you can put in a fake phone number without risk. For many applications, throwaway number services will also work. Applying for jobs, a lot of the time you will be asked for your phone number. If you simply inform them that you do not have a phone number, most will accept that or (at worst) give you a funny look. I would prefer email when applying for jobs anyways since you aren't sprung with a sudden call.

Anonymous Phone Numbers

The only way to get an anonymous phone number (without risking buying second hand) is to buy a burner phone with cash, a prepaid (e)SIM, and use as much fake information as possible (even the area code). This will easily run you $45+, and requires a subscription to keep using it. Beware that the phone you use it with may disrespect your privacy in other ways.

Kill Phone Numbers

Phone numbers are one of the least private and least secure methods of communication. It is under active mass surveillance, and costs way too much money. It's good to see younger generations moving away from phone numbers towards third party services (no matter how bad they are), because that means that there is hope of killing phone numbers once and for all.

Kill Both

Anyone can create an email. Anyone can buy a phone number. It should not be used as a unique identifier, and certainly should not be used for authentication purposes. We need to stop overusing insecure, nonprivate communications, and start normalizing using Signal usernames or SimpleX Chat addresses for general use. Currently, if you stick only those on your resume for your contact information, you will most likely not receive a message back. That needs to stop. Phone numbers and emails can get leaked and cause endless spam/scams compared to other forms of communication. There is no reason to keep using either option when so many better options are available.

Try to create a full software stack without using services that request your email or phone number, and you will begin to see just how bad the problem has gotten. Some services like Mullvad VPN and KYCnot.me have begun requiring no personal information at all to create an account, not even a password. They randomly generate account numbers to be used to login. I want to see more of that instead of...

spoiler

Please enter your first name.

• Must be at least 3 characters.

Please enter your last name.

• Must be at least 3 characters.

Please enter your date of birth.

• You must be at least 13 years old.
• The birthday we let you enter (01/01/1900) seems invalid.

Please enter your username.

• That username is taken
• Some characters are not allowed

Please enter a display name.

• Some characters are not allowed, but the requirements are different from anything else.

Please enter your email.

• Sorry, but that email is blocked
• We've sent a code to fakeemail@please.stop
• No email received

Please enter your phone number.

• We don't accept VoIP numbers.
• We've also sent a code to +1 (555) 867-5309, because why not.

Please enter your password. We don't know what passkeys are.

• Password must be longer
• Password is too long. We don't know what hashing is.
• Password must not contain these characters. We still don't know what hashing is.
• Password must contain these characters. We don't know what a passphrase is.

Please enter your password again.

• Passwords do not match.

• [ ] I agree to the Terms of Service.

• [ ] I agree to the Privacy Policy.

• [ ] I agree that the information I entered is correct.

Sorry, you've been blocked. Your IP address has been flagged for abuse.

Please enable JavaScript to continue.

Something went wrong, and we couldn't create your account. Please start over.

Your account has been flagged as spam.

Please enable email or SMS 2FA before activating 2FA through an app.

Please verify your email or phone number every time you log in.

New Email: We noticed a new login. What's a VPN? Doesn't everyone store browser cookies forever?

All email notifications are enabled by default.

Please verify your email and phone number before deleting your account.

Your account information you requested to download will be emailed to you within 3-5 business days as if a human needs to approve it.

We've reset your password for no reason at all. Please verify your email or phone number to reset your password.

Lost access to your email or phone number? Tough luck. Please contact support.

Need to contact support? Email us or call us.

This call may (will) be monitored or (and) recorded for "quality and assurance purposes".

"Can you please verify your phone number?" ...you mean the phone number I'm calling you from?

Bluesky had some controversy when it first came out. Now that it's been around for a while, I'm curious what the consensus is. How does it compare to Mastodon? Is Bluesky now self-hostable and compatible with the Fediverse?

I am looking for recommendations for an open source self-hosted ~~version control system~~ source code hosting service. I found a few, but I can't decide on which one to pick:

• Gogs
• Gitea
• Forgejo

If there's a better one than the ones I've listed here, I'd love to hear about it!

I care primarily about privacy and security, if that makes any difference.