Are VPN good for privacy today, should we used them to protect our privacy?

Not free, none have all advantages and wouldn't let my ISP only know my traffic so these times I'm really overwhelmed by all of this

Used Tor for a bit but it's not practically useful, slow (okay but not the main problem) and blocked by a lot of websites..

Maybe a chain of VPN could be good? I really don't know, can you help me?

Basically I don't want to have no protection but don't think VPNs are really the solution...

PS: maybe a rented machine with self hosted like VPN could be good?

Because it's kind of hard! Even if I follow their instructions. Maybe I'm just dumb . . . 🙁

They've decided to incorporate ChatGPT.

https://www.mozilla.org/en-US/about/legal/terms/firefox/

To replace everything. Mail, calendar, drive, vpn, password manager, documents etc. What are the pros and cons relative to proton? What are the mobile apps like? What assurances do you have they won't go full proton in the future? And other questions

Flock Safety’s car-tracking cameras have been spreading across the United States like an invasive species, preying on public safety fears and gobbling up massive amounts of sensitive driver data. The technology not only tracks vehicles by their license plates, but also creates “fingerprints” of each vehicle, including the make, model, color and other distinguishing features.

Through crowdsourcing and open-source research, DeFlock.me aims to “shine a light on the widespread use of ALPR technology, raise awareness about the threats it poses to personal privacy and civil liberties, and empower the public to take action.” While EFF’s Atlas of Surveillance project has identified more than 1,700 agencies using ALPRs, DeFlock has mapped out more than 16,000 individual camera locations, more than a third of which are Flock Safety devices.

Flock Safety’s cease and desist later is just the latest in a long list of groups turning to bogus intellectual property claims to silence their critics.

I'm using Proton right now. Someone suggest I should get a Gmail instead for higher chance of success. Is that true? How risky is it for Google sanning those mails in terms of privacy?

No photo

I need to change phones. It seems the holy grail of privacy on phones is GrapheneOS, but it only works on pixels, which are huge compared to my already awkward iPhone 13 mini (5.2 x 2.5 in / 132 x 64 mm).

Is there any phone out there that is fast, small, and easily supports a privacy OS?

Thanks!

Embedding facial recognition surveillance in a city-wide CCTV network represents a shocking expansion of police surveillance, and turns Cardiff into an Orwellian zone of biometric surveillance. This unprecedented use of the technology could pave the way for the mass rollout of permanent facial recognition surveillance across the UK. Live facial recognition technology turns us into walking barcodes and makes us a nation of suspects. This network of facial recognition cameras will make it impossible for Cardiff residents and visitors to opt-out of a biometric police identity check.

John Oliver cited a 5000% rise in search queries related to leaving Meta and deleting accounts. Among the topics mentioned in the analysis, attention was drawn to early Facebook's naivete with regard to moderation requirements, the constitutional framework, and a history of governmental interference.

Oliver debunks common right-wing "cry censorship" talking points, as well as the objective difficulty of moderation endeavors, and how direct threats by Trump may have influenced Zuckerberg's turnaround.

Oliver went on to suggest Signal, Mastodon, Bluesky, and Pixelfed as alternatives that "do not seem as desperate to fall in line with Trump". For those reluctant to completely ditch Meta, Oliver revealed a new site with step-by-step instructions to "make yourself less valuable to them".

The guide was a collaboration with the EFF, and includes settings' tweaks for Facebook and Meta, whose 98% of revenue comes from micro-targeting ads, the host previously cited, to increase privacy, and recommends Firefox, Privacy Badger, as "other measures" to take in order "to block advertisers and other third parties from tracking you".

The segment culminated in a mock advert, in which the new Meta's approach to moderation is coined as "Fuck it", and hints to racism, internet scams, and calls to genocide running rampant on Meta's platforms.

The clip reminds the origins of Facebook as a site to "rank college girls by hotness", and its implication in genocide in Myanmar, which was more thoroughly discussed in an Oliver's previous special on Facebook in 2018.

Recently I had to go through a almost one year process of Degoogling and canceling a lot of my data from the Internet. Unfortunately, I noticed that a lot of specific information are not available in only one source and I had to do separate researches for each problem that I had. So, I decided to write this guide to share my experience hoping that it will make this process easier for who will read it. You are absolutely free to share this guide here, on other sites, with your friends and family. Feel free to comment and add a feedback.

I want to start with a very immediate list of FOSS applications that I’m using on my Degoogled Android phone. The most important thing here is to never login with Google on your phone and also never use it to login to internet services such as forums or news websites.

System administration

*MicroG suite : This provides minimal libraries for applications that uses Google Play Services.

*F-droid : Is an alternative store that can be used in place of Google Play.

*Aurora Store : A Open Source front-end for Google Play. However, downloading applications from it does not guarantee that you will not be tracked.

*App Manager – Android package manager : This gives you a lot of control on applications that are installed in your phone. It shows also the trackers and eventual vulnerabilities.

*Shelter : This is one of the most useful apps on F-droid, it permits you to clone preparatory apps such as Instagram in a sandboxed environment on the work profile.

*Logcat Reader

*PCAPdroid : A network monitor

*Irregular Expressions : A Keyboard to write with different styles

*Simple Keyboard : This is very important, a keyboard on your phone should be as lightest as possible.

*Termux : This is more than a terminal emulator. It comes with a almost complete GNU/Linux environment and lets you to install many CLI applications used on these machines.

Generic

*Organic Maps : An alternative to Google Maps. It uses OpenStreetMaps and works quite well. It is also true that it relies a lot on user’s contributions. So if you will visit a place which is not on the map, remember to add it.

*Fossify Calendar, gallery, voice recorder, contacts, messages, phone, ecc : This suite is a FOSS fork of the old

“simple mobile tools” suite that was acquired by a Israeli company.

*OpenCalc : A calculator app

*VLC : A well known audio/video player which supports a lot of different formats.

*Librera Reader : A pdf and document reader

*Open Camera

*ObscuraCam : Use it to blur faces

*Scrambled Exif : Remove metadata from pictures. (use it before publishing a photo on social medias)

*PixelKnot : Embed a secret message in a picture

*QR Scanner (PFA)

*Collabora Office : (Not directly present on F-Droid but they have their own repository, check on their website)

*Nextcloud : A very good alternative to Google Drive. *Call Recorder

*Firefox and Thunderbird : Be careful, even if Firefox browser is generally more privacy friendly than others, it cannot avoid fingerprinting. The only way to avoid it is to use the Tor Browser.

*Tor Browser for Android : This is a modified version of Firefox that uses Tor to connect to the Internet in order to protect your anonymity.

*Print

*Signal

Security

*Aegis : A 2FA app (two-factors authentication)

*Bitarden: A password manager (Not directly present on F-Droid but they have their own repository, check on their website)

*AFWall+ : A firewall for Android

*Hypatia : An Antivirus

*DroidFS : It permits you to crypt files in vaults that are not readable by other apps.

*Orbot : A proxy to route app activities through Tor

*LocationPrivacy

*Ripple : A panic button that will trigger apps with a panic responder.

*I2P : An alternative to Tor

*InviZible Pro : An app that permits you to enhance your privacy on the Internet by using DNSCrypt, Tor or I2P. Be careful, this is an all-in one application and should not be used if you are already connected to tor. *Léon – The URL Cleaner : Remove trackers from URLs

*PersonalDNSfilter : Use it to block unwanted ads

*PilferShush Jammer : Block the microphone usage by other apps.

**Not on F-Droid **

*Prey : An Anti-thief app. The free version is GPL licensed

But this list is not enough in my opinion. It is important also to know how to protect our privacy with actions that are not directly involved in setting up applications and filters. If we are going to think that our privacy will be protected just by pushing a button, we are doing a mistake. Using DuckDuckGo and Searx as search engines its a good thing but not enough.

Important mistake to avoid : If you have your Google account as a login for some websites wait before closing it, you may lose access to them. Your Google account should be the last thing that you are going to delete. Make sure that you have deleted all relevant information from the Internet before closing it.

Today corporations and repressive governments are using a variety of methods to profile users and some of them are very subtile.

Fingerprinting This is a way to identify a user by looking at unique characteristics of his browser. When we connect to a website, our browser must exchange some basic information in order to load a page. Some of these information can be the type of device, screen size, browser settings, language settings, operating system, ecc. With all these information together it is possible to recognize a specific user in the middle of many others. This is unfortunately very difficult to avoid but Tor Browser can be a solution while a VPN cannot really help here.

Firefox also permits to activate a resist fingerprint setting but this solution will break some websites and probably is not effective as Tor Browser. Instructions to activate it can be found here: https://support.mozilla.org/en-US/kb/resist-fingerprinting

Open Source Intelligence (OSINT) It has little to do with free software. This is a method of data collection that looks for information about something or someone through public available sources. The problem is that today these sources are much more difficult to control for an average user than 20 years ago.

A classic example: You are a very careful person about your social medias, you don’t post anything controversial and maybe you don’t even have a real name on Instagram. But You may have some relatives that likes to share a of lot pictures and for your birthday you have been tagged by them and they wrote your name in a post. If they have a very loose privacy settings (which is likely), this information will be publicly available on the Internet.

Another example : You are a exchange student in a foreign university and of course you want to meet new people. You may take a group photo during a party with some people that you don’t really know. This photo gets shared many times and maybe becomes also a post. After a lot of years one of the persons in the photo gets convicted for a serious crime. This photo will continue to be available on the internet and a insurance company that you asked for a service may increase the price or not provide it since you “are a person with criminal contacts”

Last example (and this is what really happened to me) : You are a 18-19 old teen writing dumb comments and posts on Facebook or Instagram. This gets cached by search engines and external websites. Many years after, you are just searching your name and surname on the internet and you find out that a search engine has cached a very dumb comment from many years ago that you have even deleted.

All these examples shows how its easy to lose control over our data. Many companies uses automated software to see websites on which you are registered just by putting the email on your CV in a box.

You must also be aware of data breaches. You can be registered on a website with your email set as private. If a data breach happens, your address is going to be disclosed and become publicly available. You can check this on: https://haveibeenpwned.com/ If you don’t use a site for years, delete your account.

Another tool that is frequently used to see where a user is registered is: https://epieos.com/ This website searches where your email address is set as public. It can also search for a phone number.

So the problem here is not only to DeGoogle but also to remove our personal information for all other places. Removing a content from Google is a little thing today.

Fortunately, there are some ways to remove our contents from the Internet but they must be planned well. The first thing to do is always to remove the content from the original site, in this way the content on search engines becomes outdated and easier to delete even if you don’t live in the EU.

Social medias

First thing: Never publish photos of your children on the Internet, in the future they may hate you for that. We are going to live in times where nontransparent AI will scrap for all possible content.

Now, even if you have a private profile on Instagram, your likes and comments are going to be visible on public pages and reels. Delete them all. Why someone should be able to find what you liked 6-7 years ago? Does the discussion that you had on a Facebook page of your local newspaper still matter? You may need months to delete all these stuff but it is worth. Remember to do a regular follow up on the deletion page to see if some buggy content still reappears after some weeks.

Use different usernames for every social media and never put your real name.

Power move : If you have your real name on Instagram and you want to delete it from search engines : first modify your real name, then change your username. By doing this, you will modify the link of your profile and it will be cached by search engines without your name. Change also a photo in order to avoid the possibility of reverse photo lookup.

**Other sites **

In some cases you will have to contact the webmaster of a specific site in order to cancel your data. It happened to me with a local news page.

**Search engines **

Here we are, this is the magic moment. Remember that if you are going to just remove something from a search engine without actually deleting the original content, this will continue to be available and someone may find it even without Google.

So, I can speak for what I know : These solutions refers for content removal in the EU. If its not relevant to you, skip to “How to use email addresses”

Google

This is the page for content removal in the European Union: https://support.google.com/websearch/answer/9673730?hl=en#zippy=%2Cwhich-removal-option-do-i-choose Note that if you are living in the EU and ask to remove results about you, it will usually remove these results only for all EU versions of Google. This means that if someone has a VPN he can actually see them by connecting to a United States server. The best strategy is to remove the original contents from sites also by contacting the owners. Then the results on Google will become outdated and most of them will disappear. In some cases like Facebook comments, they can remain in the search results even if they are already removed because they were cached by the search engine. In this case, this tool should be used once the content is removed: https://support.google.com/webmasters/answer/7041154?hl=en If you are from a EU country and you already removed it so it continues to exist in external Google versions, make this request with a VPN connected to a foreign server.

Bing

Bing (EU citizens):https://www.bing.com/webmaster/tools/eu-privacy-request Bing (Non-EU citizens):https://www.microsoft.com/en-us/concern/bing

For cached pages : https://www.bing.com/webmasters/help/bing-content-removal-tool-cb6c294d

Many search engines (also DuckDuckGo) are partnered with Bing and removing content from it will also remove content from them most of the time.

DuckDuckGo For who lives in the EU, this is this page: https://duckduckgo.com/duckduckgo-help-pages/r-legal/privacy-rights/

Internet archive

Be careful: some of your content was maybe cached by the Wayback Machine. Always check if this is the case. This is a very useful internet museum but sometimes it may be problematic since a lot of people does not even know about its existence while it takes data from a lot of sites. This is the removal page: https://help.archive.org/help/how-do-i-request-to-remove-something-from-archive-org/

**How to use email addresses **

My advice is to have as many addresses as possible and split the websites login between them. You can write a .txt file with lists of services attached to every address. Like this :

Logins: Mail xxxxx1 Instagram, Facebook, Tinder

Mail xxxxxx2 Bank 1, bank 2

Mail xxxxxx3 Local news1, other site2, ecc

I would suggest you to have at least: One email with a fake name and surname One email with a completely invented username in a foreign language (Tutanota is great for this)

Personally, I would recommend Protonmail and Tutanota for communications with real people. Then, one email should be left only for banking and government accounts.

Use fake emails to register to websites that you will not use often but they are pushing you to create an account. Of course, this applies only to sites that are not related with shopping. An online transaction will reveal your identity.

A normal email provider such as Yahoo is ok for professional life, so no one will make too much questions. Eventually, your Linkedin account should be linked only to this address. Use it with Thunderbird so you can avoid proprietary JavaScript. I would also recommend to use a separate phone number for work.

Bonus: Other Alternatives to Google and AI

If you are pushed to use Google Maps because the place that you are looking for is still not on OpenStreetMaps, remember to add it so other people will not have to use Google to find it. Remember that public transport information that you find on Google Maps is always available on local transports websites. Its just 2-3 minutes of research.

Remember that it is possible to use fair and open source AI models on your computer with: https://gpt4all.io/index.html?ref=top-ai-list Download a model that will not send your data to corporations, there are plenty of them.

This is more or less everything that I learned during this year, remember that human factor makes always the difference. Think about your personal situation. What do you want to show? To who ? And what do you what to hide? From who? And how? Think in a way to protect your privacy according to your personal situation.

I hope that this guide will be useful for average users that wants to regain control of their private life and that at the same time, it will be a impoverishment factor for evil corporations and their supporters.

Please suggest a good and relatively affordable private email provider. I am considering tuta, mailbox right now. I know proton has gone rogue.

I cannot self host one and the email provider must be somewhat reputable as I will be using this for my work portfolio. Anything with €1-€3 per month is encouraged.

At this pace, I'll either never change my car or will never buy a car again.

I ran my old 2004 Samsung television into the ground: the EL backlight was so worn out that the picture had large dark holes in it, and the TV would take 20 minutes to warm up and display something.

And today it wouldn't start at all anymore. It's deader than a dead dodo. But hey, 20 years for a modern TV ain't bad. I'm pretty pleased with that.

So I went to the supermarket to find the cheapest set I could find. I asked the salesman if they had a cheap, but most importantly NON-SMART TV - thinking non-smart TVs are probably the cheapest of them all, if they still existed at all.

The man said "We have this dumb 43" TV here, but it's the last one, and then we won't get anymore dumb TVs for 3 months."

I looked at the price and it was - gasp - $20 MORE than the cheapest Android-encumbered smart TV of the same size.

I asked the man how come and he said "Well, dumb TVs are hard to get and they sell almost immediately. So they're worth more than the smart ones."

Wow. So people actually WANT dumb TVs and are willing to pay a premium for em. It means attitudes towards the value of privacy are changing and that's great!

cross-posted from: https://lemmy.dbzer0.com/post/36880616

Help Combat Internet Censorship by Running a Snowflake Proxy (Browser or Android)

Internet censorship remains a critical threat to free expression and access to information worldwide. In regions like Iran, Russia, and Belarus, journalists, activists, and ordinary citizens face severe restrictions when trying to communicate or access uncensored news. You can support their efforts by operating a Snowflake proxy—a simple, low-impact way to contribute to a freer internet. No technical expertise is required. Here’s how it works:

---

What Is Snowflake?

Snowflake is a privacy tool integrated with the Tor network. By running a Snowflake proxy, you temporarily route internet traffic for users in censored regions, allowing them to bypass government or institutional blocks. Unlike traditional Tor relays, Snowflake requires minimal bandwidth, no configuration, and no ongoing maintenance. Your device acts as a temporary bridge, not a permanent node, ensuring both safety and ease of use.

---

Is This Safe for Me?

Short answer: Yes.

Long answer: pobably. Here is why:

• Your IP address is not exposed to the websites they access. So, you don't have to worry about what they are doing either. You are not an exit node.
• No activity logs. Snowflake cannot monitor or record what users do through your connection. The only stored information is how many people have connected to your bridge. Check docs for further info on this.
• Low resource usage. The data consumed is comparable to background app activity—far less than streaming video or music.
• No direct access to your system
• No storage of sensitive data. Snowflake proxies do not store any sensitive data, such as IP addresses or browsing history, on your system.
• Encrypted communication. All communication between the Snowflake proxy and the Tor network is encrypted, making it difficult for attackers to intercept or manipulate data.

You are not hosting a VPN or a full Tor relay. Your role is limited to facilitating encrypted connections, similar to relaying a sealed envelope.

Your IP address is exposed to the user (in a P2P-like connection). Be mindful that your ISP could also potentially see the WebRTC traffic and the connections being made to it (but not the contents), so be mindful of your threat model.

For most users, it is generally safe to run Snowflake proxies. Theoretically, your ISP will be able to know that there are connections being made there, but to them it will look like you're calling someone on, say, Zoom.

Historically, as far as we know, there haven't been any cases of people getting in legal trouble for running entry relays, middle relays, or bridges. There have a been a few cases of people running exit nodes and getting in trouble with law enforcement agencies, but none of them have been arrested or prosecuted as far as I know it. If you are aware of any cases, let me know so I can update this post.

Do not hesitate to check Snowflake's official documentation for further reference and to make informed decisions.

---

How to Set Up a Snowflake Proxy

Option 1: Browser Extension (Brave, Firefox, or Chrome)

1. Install the Snowflake extension.
2. Click the Snowflake icon in your browser toolbar and toggle "Enable Snowflake."
3. Keep the browser open. That’s all.

Note: Brave users can enable Snowflake directly in settings. Navigate to brave://settings/privacy and activate the option under "Privacy and security."

---

Option 2: Android Devices via Orbot

1. Download Orbot (Tor’s official Android app).
2. Open the app’s menu, select "Snowflake Proxy," and toggle it on.
3. For continuous operation, keep your device charged and connected to Wi-Fi.

Your device will now contribute as a proxy whenever the app is active.

---

Addressing Common Concerns

• Battery drain: Negligible. Snowflake consumes fewer resources than typical social media or messaging apps.
• Data usage: Most users report under 1 GB per month. Adjust data limits in Orbot’s settings or restrict operation to Wi-Fi if necessary.

---

Why Your Participation Matters

Censorship mechanisms grow more sophisticated every year, but tools like Snowflake empower ordinary users to counteract them. Each proxy strengthens the Tor network’s resilience, making it harder for authoritarian regimes to isolate their populations. By donating a small amount of bandwidth, you provide someone with a critical connection to uncensored information, education, and global dialogue.

Recent surges in demand—particularly in Russia—highlight the urgent need for more proxies. Your contribution, however small, has an impact.

By participating, you become part of a global effort to defend digital rights and counter censorship. Please, also be mindful of your threat mode and understand the potential risks (though very little for most people). Check Snowflake's official documentation for further reference and don't make any decisions based on this post before taking your time to read through it.

Please share this post to raise awareness. The more proxies, the stronger the network.

– llama

In an unexpected mask off "secure" email and VPN provider Proton took the stance of siding with the fascist MAGA Reps. Proton's services are no option for me and many others any longer. Let's collect and discuss alternatives (E2E encrypted email and VPN) here 🔐👇

Always try to provide:

-Server location (jurisdiction)

-Governance

-Integrity/trustworthiness/transparency

-User experience/ease of use (grade 1 to 10, lets take Proton as a benchmark with an 8)

-Pricing and links

If you know alternative setups, feel free to share, too.

#ProtonExodus

Background: https://lemmy.ca/comment/13913116

Edit:typo

The following is a cross-post from my mastodon thread

In the wake of metas enshitiffication I have seen people recommend Signal and Matrix as private open source alternatives to meta products. In the following thread I will outline how if your goal is software freedom anti surveillance and anti censorship the best option for direct and group messaging is neither Signal nor Matrix but instead the up and coming https://simplex.chat/

Signal is centralised meaning its vulnerable to censorship it almost got backdoored by uks online safety bill and that bill still has a damocles sword clause hanging over signal. Signal is also not anonymous, your account is linked to you through your phone number, if your contacts are compromised then your conversations can easily be linked back to you and your contacts all be correlated. In contrast simplex is like having "a burner phone for every contact" meaning even if one contact is correlated you have no consistent identity that can be compromised by default. Also simplex has a custom onion routing protocol to hide your ip from relay servers by default and it makes it very easy to connect over tor if simplex is blocked in your country im pretty sure signal doesnt do that. Matrix has been floated as potentially being a decentralised and e2ee open source alternative to Signal, but Signal shares one massive pro with SimpleX which is that both have post quantum encryption meaning that quantum computers that many researchers say are a few short years away from being able to decrypt all historical data that is encrypted using classical techniques ie not post-quantum encryption - such as the private messages you are sending across matrix today Afaik Matrix currently has no plans to add post quantum (PQ) encryption today and previously they were relying on it being implemented in MLS a standard that Matrix has been trying to adapt to their decentralised framework for years with stagnant process. Whats more afaict the motion to add PQ to MLS quietly expired and wasn't renewed so it's likely not coming any time soon. SimpleX has PQ on top of their classical encryption implemented and working today and you can download the app and have PQ rn (the additional classical encryption is insurance in case it turns out PQ has some classical attack vector, hybrid encryption is recommended by sec researchers at this stage) In conclusion both Signal and SimpleX are PQ unlike matrix but SimpleX and Matrix are decentralised and less vulnerable to censorship than Signal, while only SimpleX supports Tor connections and protects ur IP with or without Tor, and has no persistent unique identifier creating a "burner phone for every contact" scenario where compromised contacts cant necessarily be used to correlate ur other contacts/groups simply by looking at ur phone number/username in those groups

Heres some evidence and argumentation to support building post quantum encryption now, state and capital are hoovering up encrypted data rn to decrypt for profit as soon as it becomes cheap enough to do so with quantum computers https://www.youtube.com/watch?v=-UrdExQW0cs

And here's the best explainer of SimpleX on youtube, sorry about the racist thumbnail the guys a right winger but his knowledge on OPSEC is valuable. If you don't know why the thumbnail is racist search "Terry Davis glow in dark" (the search results for which I have to give a racist slur cw for but theres no slurs in this video) https://www.youtube.com/watch?v=0cRu98XSap0

edit: see whitepaper for technical privacy details https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md

I have never liked Apple and lately even less. F.... US monopolies

(I know many of you already know it but this incident I experienced made me so paranoid about using smartphones)

To start off, I'm not that deep into privacy rabbit hole but I do as much I can possibly to be private on my phone. But for the rest of phones in my family, I generally don't care because they are not tech savvy and pushing them towards privacy would make their lives hard.

So, the other day I pirated a movie for my family and since it was on Netflix, it was a direct rip with full HD. I was explaining to my family how this looks so good as this is an direct rip off from the Netflix platform, and not a recording of a screening in a cinema hall(camrip). It was a small 2min discussion in my native language with only English words used are record, piracy and Netflix.

Later I walk off and open YouTube, and I see a 2 recommendations pop-up on my homepage, "How to record Netflix shows" & "Why can't you screen record Netflix". THE WHAT NOW. I felt insanely insecure as I was sure never in my life I looked this shit up and it was purely based on those words I just spoke 5min back.

I am pretty secure on my device afaik and pretty sure all the listening happened on other devices in my family. Later that day, I went and saw which all apps had microphone access, moved most of them to Ask everytime and disabled Google app which literally has all the permissions enabled.

Overall a scary and saddening experience as this might be happening to almost everyone and made me feel it the journey I took to privacy-focused, all worth it.

23andMe is not doing well. Its stock is on the verge of being delisted. It shut down its in-house drug-development unit last month, only the latest in several rounds of layoffs. Last week, the entire board of directors quit, save for Anne Wojcicki, a co-founder and the company’s CEO. Amid this downward spiral, Wojcicki has said she’ll consider selling 23andMe—which means the DNA of 23andMe’s 15 million customers would be up for sale, too.

23andMe’s trove of genetic data might be its most valuable asset. For about two decades now, since human-genome analysis became quick and common, the A’s, C’s, G’s, and T’s of DNA have allowed long-lost relatives to connect, revealed family secrets, and helped police catch serial killers. Some people’s genomes contain clues to what’s making them sick, or even, occasionally, how their disease should be treated. For most of us, though, consumer tests don’t have much to offer beyond a snapshot of our ancestors’ roots and confirmation of the traits we already know about. (Yes, 23andMe, my eyes are blue.) 23andMe is floundering in part because it hasn’t managed to prove the value of collecting all that sensitive, personal information. And potential buyers may have very different ideas about how to use the company’s DNA data to raise the company’s bottom line. This should concern anyone who has used the service.

DNA might contain health information, but unlike a doctor’s office, 23andMe is not bound by the health-privacy law HIPAA. And the company’s privacy policies make clear that in the event of a merger or an acquisition, customer information is a salable asset. 23andMe promises to ask its customers’ permission before using their data for research or targeted advertising, but that doesn’t mean the next boss will do the same. It says so right there in the fine print: The company reserves the right to update its policies at any time. A spokesperson acknowledged to me this week that the company can’t fully guarantee the sanctity of customer data, but said in a statement that “any scenario which impacts our customers’ data would need to be carefully considered. We take the privacy and trust of our customers very seriously, and would strive to maintain commitments outlined in our Privacy Statement.”

Certain parties might take an obvious interest in the secrets of Americans’ genomes. Insurers, for example, would probably like to know about any genetic predispositions that might make you more expensive to them. In the United States, a 2008 law called the Genetic Information Nondiscrimination Act protects against discrimination by employers and health insurers on the basis of genetic data, but gaps in it exempt providers of life, disability, and long-term-care insurance from such restrictions. That means that if you have, say, a genetic marker that can be correlated with a heart condition, a life insurer could find that out and legally deny you a policy—even if you never actually develop that condition. Law-enforcement agencies rely on DNA data to solve many difficult cases, and although 23andMe says it requires a warrant to share data, some other companies have granted broad access to police. You don’t have to commit a crime to be affected: Because we share large chunks of our genome with relatives, your DNA could be used to implicate a close family member or even a third cousin whom you’ve never met. Information about your ethnicity can also be sensitive, and that’s encoded in your genome, too. That’s all part of why, in 2020, the U.S. military advised its personnel against using consumer tests.

Spelling out all the potential consequences of an unknown party accessing your DNA is impossible, because scientists’ understanding of the genome is still evolving. Imagine drugmakers trolling your genome to find out what ailments you’re at risk for and then targeting you with ads for drugs to treat them. “There’s a lot of ways that this data might be misused or used in a way that the consumers couldn’t anticipate when they first bought 23andMe,” Suzanne Bernstein, counsel at the Electronic Privacy Information Center, told me. And unlike a password that can be changed after it leaks, once your DNA is out in the wild, it’s out there for good. Some states, such as California, give consumers additional genetic-privacy rights and might allow DNA data to be deleted ahead of a sale. The 23andMe spokesperson told me that “customers have the ability to download their data and delete their personal accounts.” Companies are also required to notify customers of any changes to terms of service and give them a chance to opt out, though typically such changes take effect automatically after a certain amount of time, whether or not you’ve read through the fine print. Consumers have assumed this risk without getting much in return. When the first draft of the human genome was unveiled, it was billed as a panacea, hiding within its code secrets that would help each and every one of us unlock a personalized health plan. But most diseases, it turns out, can’t be pinned on a single gene. And most people have a boring genome, free of red-flag mutations, which means DNA data just aren’t that useful to them—at least not in this form. And if a DNA test reveals elevated risk for a more common health condition, such as diabetes and heart disease, you probably already know the interventions: eating well, exercising often, getting a solid eight hours of sleep. (To an insurer, though, even a modicum of risk might make someone an unattractive candidate for coverage.) That’s likely a big part of why 23andMe’s sales have slipped. There are only so many people who want to know about their Swedish ancestry, and that, it turns out, is consumer DNA testing’s biggest sell.

Wojcicki has pulled 23andMe back from the brink before, after the Food and Drug Administration ordered the company to stop selling its health tests in 2013 until they could be proved safe and effective. In recent months, Wojcicki has explored a variety of options to save the company, including splitting it to separate the cash-burning drug business from the consumer side. Wojcicki has still expressed interest in trying to take the company private herself, but the board rejected her initial offer. 23andMe has until November 4 to raise its shares to at least $1, or be delisted. As that date approaches, a sale looks more and more likely—whether to Wojcicki or someone else.

The risk of DNA data being misused has existed since DNA tests first became available. When customers opt in to participate in drug-development research, third parties already get access to their de-identified DNA data, which can in some cases be linked back to people’s identities after all. Plus, 23andMe has failed to protect its customers’ information in the past—it just agreed to pay $30 million to settle a lawsuit resulting from an October 2023 data breach. But for nearly two decades, the company had an incentive to keep its customers’ data private: 23andMe is a consumer-facing business, and to sell kits, it also needed to win trust. Whoever buys the company’s data may not operate under the same constraints.

"WASHINGTON (AP) — A judge on Monday ruled that Google’s ubiquitous search engine has been illegally exploiting its dominance to squash competition and stifle innovation in a seismic decision that could shake up the internet and hobble one of the world’s best-known companies..."

I installed NetGuard about a month ago and blocked all internet to apps, unless they're on a whitelist. No notifications from this particular system app (that can't be disabled) until recently when it started making internet connection requests to google servers. Does anyone know when this became a thing?

Edit 2: I bought my Pixel 6 phone outright, directly from Google's Australian store. I have no creditors.

Were the courts not enough control for creditors? Since when are they allowed to lock you out of your purchased property without a court order?

I don't even live in the US, so what the actual fuck?

Edit 1: You can check it's installed (~~stock~~ Pixel 6 android 14) Settings > Apps > All Apps > three dot menu, Show system > search "DeviceLockController".

I highly recommend getting NetGuard, you can enable pro features via their website if you have the APK for as low as 0.10€, but donate more, because it's amazing. You can also purchase via Google Play store.