As awareness of global surveillance grows, more people are looking for information about the Five Eyes, Nine Eyes, and 14 Eyes surveillance alliances. This guide is regularly updated with new information and gives you everything you need to know in 2022. We also list recommended privacy services (Email, VPN, and Private Search Engines) that are outside of the Five Eyes.
The terms “Five Eyes” (a.k.a. FVEY), “Nine Eyes”, and “14 Eyes” often appear in the privacy community, especially when discussing VPNs and other privacy tools. So what are these organizations?
In short, these are international surveillance alliances representing various countries around the world. These alliances work together to collect and share mass surveillance data with each other. Beginning with the UKUSA agreement and Five Eyes intelligence sharing, these networks have been spying on people for decades, with established policies going back to World War II, as we’ll discuss below.
The government agencies behind these efforts often work with internet service providers and other large tech companies to tap key infrastructure for the collection of private data (data surveillance). This turns your internet service provider, for example, into a local adversary that is spying on you for state agencies. And no, this is not a theory.
Your internet service provider is logging everything!
In 2021, the US Federal Trade Commission published a 74 page report documenting how internet service providers are collecting vast amounts of private data from their customers and then selling the data to third parties. We examined this report, the implications, and some solutions in our article on internet service providers logging browsing activity.
These practices are well-documented in the PRISM surveillance documents and also the infamous Room 641a example with AT&T and the NSA. Fortunately, there are some simple solutions to keep your data safe that we’ll cover below.
In this guide, we’ll explain all the different “X” eyes surveillance alliances and why this topic is important when choosing privacy tools. Here’s what we’ll cover:
- Five Eyes
- Six Eyes?
- Nine Eyes
- 14 Eyes
- NSA and GCHQ cooperation within 5 Eyes
- ECHELON surveillance system
- The importance of avoiding 5 Eyes
- Recommended privacy services that are outside of the 5 Eyes, including
- Secure email services
- VPNs
- Private search engines
So let’s get started!
Five Eyes
The Five Eyes (FVEY) surveillance alliance includes the following countries:
- Australia
- Canada
- New Zealand
- United Kingdom
- United States
The history of this alliance goes back to WWII and the UKUSA Agreement, which was officially enacted after the war in 1946. This agreement formalized a partnership between the United Kingdom and the United States for gathering and sharing intelligence data.
The partnership continued throughout the Cold War and has only strengthened since the “Global War on Terror” kicked off in the early 2000s. Edward Snowden brought renewed focus to the Five Eyes surveillance alliance in 2013 when he exposed the surveillance activities of the US government and its allies.
Below are the different “5 Eyes” surveillance agencies working together to collect and record your activities:
In addition to these national organizations, there exists the Five Eyes Intelligence Oversight and Review Council (FIORC). According to the FIORC web page on the US Director of National Intelligence website,
FIORC was created in the spirit of the existing Five Eyes partnership, the intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.
It further states that,
The Council members exchange views on subjects of mutual interest and concern; compare best practices in review and oversight methodology; explore areas where cooperation on reviews and the sharing of results is permitted where appropriate; encourage transparency to the largest extent possible to enhance public trust; and maintain contact with political offices, oversight and review committees, and non-Five Eyes countries as appropriate.
The following non-political intelligence oversight, review, and security entities of the Five Eyes countries are part of FIORC:
- The Office of the Inspector-General of Intelligence and Security of Australia
- The National Security and Intelligence Review Agency of Canada
- The Office of the Intelligence Commissioner of Canada
- The Commissioner of Intelligence Warrants and the Office of the Inspector-General of Intelligence and Security of New Zealand
- The Investigatory Powers Commissioner’s Office of the United Kingdom
- The Office of the Inspector General of the Intelligence Community of the United States
You can get more information about FIORC, including a copy of the organization’s charter, here.
It is no surprise that some of the Five Eyes countries listed above are also the worst abusers of online privacy:
- United Kingdom – Since the passage of the Investigatory Powers Act in 2016, internet service providers and telecoms have been recording browsing history, connection times, and text messages. The data is stored for two years and is available to UK government agencies and their partners without any warrant.
- United States – The US government has been implementing Orwellian mass surveillance collection methods with the help of large telecoms and internet service providers (see the PRISM program). In March 2017, internet service providers were given the legal authority to record user activity and sell this to third parties. Of course, internet providers have been collecting data on their customers for many years, long before this law passed in 2017.
- Australia – Australia has also implemented sweeping data retention laws similar to the United Kingdom.
Broad authority among 5 Eyes countries
Whether it is the NSA in the United States or the GCHQ in the United Kingdom, the “5 Eyes” is home to the most powerful surveillance agencies in the world. A privacy company sharing a jurisdiction with entities like these is just asking for trouble.
In particular, the intelligence agencies in the Five Eyes countries have tremendous authority to force companies to record and hand over data. In the United States, the Patriot Act ushered in a new level of power for federal data collection, especially through the use of National Security Letters. We see these same trends unfolding in the UK, Australia, and other locations as well.
Six Eyes?
In an August 2020 Nikkei interview, Japanese Defense Minister Taro Kono discussed tighter cooperation with Five Eyes, telling an interviewer that,
These countries share the same values. Japan can get closer [to the alliance] even to the extent of it being called the ‘Six Eyes‘.
Reportedly both the United States and United Kingdom have shown some interest in this, perhaps in response to the growing risks of armed conflict with China. While this appears to be just talk right now, we’ll keep an eye on the situation and update our articles as necessary.
Nine Eyes
The Nine Eyes countries include:
- 5 Eyes countries +
- Denmark
- France
- Netherlands
- Norway
The existence of the Nine Eyes alliance is referenced in various sources online and became well-known following the Snowden revelations in 2013. It is just an extension of the Five Eyes alliance with similar cooperation to collect and share mass surveillance data.
14 Eyes
The 14 Eyes surveillance countries include:
- 9 Eyes countries +
- Germany
- Belgium
- Italy
- Sweden
- Spain
As before, the original surveillance agreement was extended to these other countries. The official name of this group of countries is referred to as SIGINT Seniors Europe (SSEUR).
NSA and GCHQ cooperation within 5 Eyes
Various government document releases, which have come out through official FOIA channels, reveal the close relationship between the NSA and GCHQ. Being the two most powerful surveillance entities in the world, with historical ties, it is no surprise that they work closely together.
A top-secret NSA document from 1985, which was released in 2018 via a FOIA request, reveals that this close cooperation continues today, based on the broadly-written UKUSA Agreement:
The UKUSA Agreement, dated 5 March 1946, has twelve short paragraphs and was so generally written that, with the exception of a few proper nouns, no changes to it have been made. It was signed by a UK representative of the London Signals Intelligence Board and the U.S. Senior Member of the State-Army-Navy Communications Intelligence Board (a predecessor organization which evolved to be the present National foreign Intelligence Board). The principles remain intact, allowing for a full and interdependent partnership. In effect, the basic agreement allows for the exchange of all COMINT results including end product and pertinent collateral data from each pattern for targets worldwide, unless specifically excluded from the agreement at the request of either party.
Another top-secret NSA document from 1997 (officially released in 2018) further elaborates on the close cooperation between the NSA and GCHQ:
Some GCHQ [redacted] exist solely to satisfy NSA tasking. NSA and GCHQ jointly address collection plans to reduce duplication and maximize coverage through joint sites and cross-tasking, despite site closures.
With the reference to “joint sites” above, it’s important to discuss ECHELON.
ECHELON surveillance system
ECHELON is a network of spy stations utilized by Five Eyes countries for large-scale espionage and data collection.
The Guardian described ECHELON as a a global network of electronic spy stations that can eavesdrop on telephones, faxes and computers. It can even track bank accounts. This information is stored in Echelon computers, which can keep millions of records on individuals.
Officially, however, Echelon doesn’t exist. Although evidence of Echelon has been growing since the mid-1990s, America flatly denies that it exists, while the UK government’s responses to questions about the system remain evasive.
Despite these denials, there have been whistleblowers who have confirmed what’s going on behind the scenes. Both Perry Fellwock and Margaret Newsham came forward to document various aspects of ECHELON to the public.
Avoid the 5 Eyes
While there are privacy concerns with the other countries in the greater 14 Eyes alliances, the big one to avoid is the Five Eyes. Therefore, when data security is critical, simply avoid the Five Eyes: US, UK, Canada, Australia, and New Zealand
Some people say concerns about these surveillance jurisdictions are overblown or misguided, and that it really doesn’t matter. You often hear this argument from VPN companies (and their marketers) that are based in the US or Canada, for example. This line of thinking is misinformed and ignores reality.
There are many examples that prove the real-world risks associated with privacy-focused companies operating in Five Eyes jurisdictions. Here are just a few that we’ve discussed before on RestorePrivacy over the years:
- Riseup, a Seattle-based VPN and email service, was forced to collect user data for government agents and was also hit with a “gag order” to prevent any disclosure to their users. (They also could not update their warrant canary.)
- Lavabit, another US-based email service, was forced to provide encryption keys and full access to user emails. Rather than comply, the owner decided to shut down Lavabit email.
- IPVanish, a US-based VPN service, was forced to collect user data for an FBI criminal investigation. This all transpired while IPVanish was claiming to be a “no logs VPN” — and they could not alert their users to what was happening. (See the IPVanish logs case.)
- HideMyAss, a UK VPN service was also ordered by a court to collect user data and hand this over to authorities for a criminal investigation. News about this came out after-the-fact.
VPNs operating in the US, and by extension all of their users, can also be the targets of lawsuits involving copyright infringement. A recent court case involved TorGuard VPN, which was forced to block torrenting on all US servers as part of the settlement agreement. This is why we recommend avoiding US-based VPNs when using a VPN for torrenting.
These are just a few cases that have publicly come to light, but you can be sure there are other examples we don’t know even about.
Secret demands for user data + gag orders = privacy nightmare
As we can see from these examples, when authorities compel businesses to collect and hand over data, they usually serve them with a gag order as well. This is done through National Security Letters and it prevents the business from disclosing any information to their customers.
These laws basically give the government the authority to compel a legitimate privacy-focused company to become a data collection tool for state agencies, without any warning or notification. Even warrant canaries are ineffective in places like the United States.
Ignoring the jurisdiction of a privacy-focused business is foolish and ignores these well-documented risks.
Recommended privacy services (in good jurisdictions)
One of the main purposes of RestorePrivacy is to test, research, and recommend privacy and security tools that meet specific criteria. Given our emphasis on data security and trust, jurisdiction is a key factor we consider.
In terms of jurisdiction, our main concern is avoiding Five Eyes countries. After all, some of the 9 and 14 Eyes countries do indeed have strong privacy laws, especially in comparison to the US and UK.
Secure email outside Five Eyes
Using a secure and private email service in a safe jurisdiction is a no-brainer. Consider this:
- Yahoo was found to be scanning emails in real-time for US surveillance agencies.
- Gmail was found to be giving third parties full access to user emails and also tracking all purchases via receipts in your inbox.
- Advertisers were allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
Alternatives – Here are some of our favorite secure email services that we tested:
- Mailfence review (Belgium)
- Tutanota review (Germany)
- ProtonMail review (Switzerland)
- Mailbox.org review (Germany)
- Posteo review (Germany)
- Runbox review (Norway)
- Countermail website (Sweden)
- CTemplar review (Iceland)
- KolabNow website (Switzerland)
- Startmail website (The Netherlands)
All of our email reviews are here.
Best VPNs outside the Five Eyes
As mentioned above, internet service providers are actively collecting data for government agencies around the world. They do this by either actively snooping on connections or simply recording all your DNS requests. Additionally, advertisers and other third-parties will track and record your online activity that is tied to your unique IP address.
A good VPN service is absolutely essential for basic online privacy, especially when ISPs are logging everything. A VPN encrypts all your traffic between your computer/device and the VPN server you are connected to. Not only does this make your traffic and online activities completely unreadable to your ISP and other third parties, it also hides your IP address and location.
Here are the best VPN services that are located outside of the Five Eyes countries:
- NordVPN (Panama) – see our NordVPN review
> Grab the 68% Off NordVPN Coupon - Surfshark (The Netherlands) – see our Surfshark VPN review
- ExpressVPN (British Virgin Islands) – see our ExpressVPN review
- VPN.ac (Romania) – see our VPN.ac review
- VyprVPN (Switzerland) – see our VyprVPN review
- Perfect Privacy (Switzerland) – see our Perfect Privacy review
- OVPN (Sweden) – see our OVPN review
- TrustZone VPN (Seychelles) – see our TrustZone VPN review
- ProtonVPN (Switzerland) – see our ProtonVPN review
We do our best to keep the VPN reviews updated to reflect the latest test results, company changes, and new features.
Note: Some people are worried about logs and data collection with VPNs. Fortunately, there are a few verified no logs VPNs that have undergone independent audits to confirm their no-logs policies:
- NordVPN was audited to PwC AG in Zurich, Switzerland to confirm essential privacy-protection measures and the no-logs policy. NordVPN has committed to annual third-party audits, while also undergoing independent security audits and penetration testing carried out by Versprite.
- ExpressVPN has been audited twice by PwC to verify its no-logs policy. Additionally, ExpressVPN has passed security audits conducted by Cure53.
- VyprVPN underwent a no-logs audit carried out by Leviathan Security a few years ago.
Private search engines outside Five Eyes
Most of the big search engines, such as Google, record all your search queries and then link this to your identity and data profile, so you can be hit with targeted ads. Unless you want to give Google and its partners all your search activities, consider using alternatives.
Here are some private search engines you may want to consider:
There are a few search engines based in Five Eyes countries that we still recommend. These include:
- DuckDuckGo (United States)
- Mojeek (United Kingdom)
- Brave Search (United States)
For additional tools and tips, see the main privacy tools page.
Trust and jurisdiction
In the end, jurisdiction is just one of many factors to consider when selecting reliable privacy tools for your unique needs. How much it matters depends on your own circumstances, particularly your threat model and the types of adversaries you are looking to protect yourself against.
For those seeking higher levels of privacy and security, jurisdiction is indeed important, especially when you consider the growing power of governments to force companies to hand over data and log users.
Trust is also a major factor you should consider. After all, a VPN can operate in a “good” overseas jurisdiction, yet still lie to customers and provide data to government agencies. Take for example PureVPN, a “no logs” service based in Hong Kong that gave US authorities connection logs for a criminal case.
This is where trust is key. Fortunately, to strengthen trust, more privacy-focused businesses are undergoing independent audits and third-party verifications. In addition to the VPN audits we mentioned above, we also see this trend with password managers and occasionally with secure email services.
Are these the only international intelligence alliances?
Most definitely not. In addition to the Five Eyes (FVEY), Nine Eyes, and 14 Eyes (SIGINT Seniors Europe), there are other organizations we know of. Examples include the SIGINT Seniors Pacific, the Quadrilateral Security Dialog (the Quad), and the Club de Berne. There may also be other such organizations that we still don’t know about.
Will Japan become a “Sixth Eye”?
Japan has publicly suggested that they would like to work more closely with the Five Eyes, and perhaps some day become a Sixth Eye. As of now it appears to be only talk, but growing tension between Japan and China seems to be moving Japan toward ever stronger connections with the Five Eyes countries. Only time will tell if we’ll be talking about Six Eyes instead of Five Eyes soon.
Conclusion: Use services operating in safe jurisdictions for 2022
The Five Eyes is the most powerful surveillance alliance in the world. While it arguably works well to protect its member countries (USA, UK, Canada, Australia, and New Zealand), it makes those countries less than ideal jurisdictions for pro-privacy companies and products.
Ultimately, we also need to acknowledge that everyone has different needs, use cases, and threat models. This means that selecting products and services is a very subjective matter, and only you can find the best fit for your needs.
Good luck and stay safe!
This guide on the 5 Eyes, 9 Eyes, and 14 Eyes was revised and updated on March 14, 2022.
Hello. Question.
The article suggests at times in avoiding Five Eyes. Does that not include the other Eyes since they both also contain Five, or is it just okay to avoid Five but still go with 9 and 14 despite them containing 5?
Thanks.
I recommend avoiding 5 Eyes: US, UK, Australia, Canada, and New Zealand. Based on my research, the other “Eyes” are not concerning. But it all depends on your threat model and the adversaries you are trying to avoid.
Thank you very much. This opens me up on trying some of the more secure email services then that are in the 9 and 14 like Posteo or Mailfence. This just-not-the-5s opens me up to trying to find a new provider over Gmail that gives me what I need.
Thank you for your comments.
Hello,
I am curious — if we live in a 14-Eyes country, and this means the GOV agencies can monitor the inputs of data going over our VPN connections and then the server connection is also in a cooperating country monitoring the output — couldn’t that mean it would be easy to analyze the traffic and identify the user?
This is what I have read on some places and am wondering about this “attack”?
— Thanks
No, VPN servers are encrypted and under the control of the VPN itself, even if they sit in a data center in a “14 Eyes” country, that doesn’t matter. Unless of course the VPN has botched their server security, or left the server unencrypted, the server will be secure and user data will not be available, even if the server gets seized. There was a case last year when Windscribe VPN left a server in Ukraine unencrypted and it got seized. This was an example of bad security and a VPN that intentionally chose not to follow “industry best practices” and left its server (and users) exposed. We do not recommend Windscribe VPN.
The biggest threat to VPN users is when the VPN itself is forced to log users. As pointed out above, this happened with IPVanish when the US forced the “no logs” VPN to log customers for the FBI — and this has also happened with other US-based VPN services and email providers, going back to at least 2013. This is why we emphasize the importance of jurisdiction (outside 5 Eyes) when choosing a VPN service.
Thanks for the list. I hear the terms thrown around a lot but never gone into in depth. Security is important to me, I’m tired of big corporations and big government spying on my and watching my every move and though. Especially dangerous in today’s society where you can get canceled for the comments of 10+ years ago or arrested for just being in the vicinity of a crime when it goes down. Google is by far my biggest concern however, their spyware is so baked into everything they create and they’re planted themselves in the schools now. Kids don’t have textbooks anymore, now they have Chromebooks that require them to have google accounts in order to use, and the teachers require them to have their real info on those accounts. It’s very scary where we are heading as a society now that big brother is inserted right between kids and their education, all the way from preschool.
This worry me a lot as well. DK here. Cheap Chromebooks and edu suite for “free”. We are seen as weird people, it feels like. What do you mean by real info? Kids have linux on their pc’s. Browser and search engines updated from this page 🙂 we talk a lot about data, but difficult, because they want to play roblox etc and have to use drive in school. No education for kids or teachers. 9 year old had to tell that s in https is secure, not site. I don’t know what to do. I’m just a normal user as well and there are so many questions i want to ask.
Are there any webmail services search engines outside the 9 eyes?! except swisscows
I do not see China or Russia mentioned anywhere. I would think they are as bad as any of the 5 Eyes.
Hi Sven,
I enjoy your site and check it often to stay on top of security and privacy news.
I thought you might be interested in this story: [https://www.lifesitenews.com/news/canadian-ethics-committee-votes-10-0-to-investigate-trudeau-governments-spying-on-33-million-cell-phone-users/]
Concrete proof of government spying!
Thanks for sharing, and not surprising.
Thoughts on expressVPN? I need a very fast VPN, and I don’t know if any of these non-five-eye ones meet the standard like express does. When I set it up, I researched and found they had been tested and validated to meet strict privacy requirements by third parties.
Just curious if you have looked into the validity of third party validation, high speed consideration from non five eye providers, thoughts in general.
Thank you for the article.
Hey there, yes we have done lots of speed tests on a 500 Mbps line, and the fastest by far was NordVPN. I have also seen a few Youtubers post speed test videos of Nord hitting speeds over 800 Mbps with some US servers (tested on a fiber connection). And for comparison, NordVPN has also consistently outperformed ExpressVPN in our head-to-head speed tests.
For the fastest speeds, you should:
1) Use a good VPN provider.
2) Use the WireGuard VPN protocol (this is NOT supported by ExpressVPN, because they use Lightway)
3) Connect to a nearby server
My recommendation would be NordVPN. It has also passed no logs VPN audits and third-party security audits conducted by Versprite in 2020 and 2021.
Surfshark is another decent option that supports WireGuard, but it’s not quite as fast as NordVPN. Either way, you’ll have a 30 day refund window to test it out and see if the VPN gives you the speeds you need. And here’s a link for 68% off NordVPN.
You didn’t even mention Israel? The US has extensive data sharing agreements at the highest level of data origination with IL. PROMIS software, Talpiot Program, and public/private partnerships….. seems like missing IL was a curious maneuver.
You’re right that there is a lot of surveillance cooperation between Israel and the US. We could add it to the list with the next udpate.
I would like to ask if it would be a problem using Nord VPN since it’s parent company Nord Sec has offices registered in UK (a 5 eye country)? Please you could reply me privately or publicly, I’d appreciate it.
Hi Kirsten, the question is always where the company is legally based/headquartered, as that determines what laws the service itself operates under. Most tech companies these days, including VPNs, have staff all over the world. However, the service itself still operates under the parent company’s jurisdiction, which in the case of NordVPN, is Panama.
Hi RP Community,
More news from , on Australian privacy law…
https://www.abc.net.au/news/2021-11-28/social-media-laws-online-trolls/100657004
We Aussies have a fantastic independent public broadcaster.
I think they are the best – but that is maybe bias.
The article above for me goes both ways: nobody likes trolls and nobody likes surveillance.
Regards,
BoBeX
Hi
The following was published on a New Zealand Government controlled news outlet on 11/11/21:
“The Waihopai Five Eyes spy domes will be decommissioned and dismantled as they have become “virtually obsolete”, the Government Communications Security Bureau says.” The radomes had provided less than 0.5 per cent of the intelligence used in reports by the GCSB in the past year. The Waihopai base itself will continue to be used, as will a GCSB base at Tangimoana, in Manawatū”
In your opinion has the Waihopai surveillance technology become redundant or are New Zealand’s new owners requiring the facility to be shut down?
My guess is that the domes are no longer useful in today’s digital surveillance landscape, with other tools collecting data and filling the void.
Why is duckduckgo not in the list of private search engines list? Is it good to use duckduckgo?
DuckDuckGo is in the US (5 Eyes) – but I just added it as an additional option with that disclaimer. See our guide on private search engines for more info.
Hi Sven,
RP readers maybe aware the Identify and Disrupt Bill Act, Sept 2021 has come into affect in Australia.
There has been ghastly little discussion and comment in Australia on the development.
One strong positive is that we have a free and open media and our national broadcaster (ABC) is consistently returned as Australia’s most trusted organisaton. They do a good job keeping our governments accountable.
Here is a 20 min podcast discussing the law, the specific powers granted by the law, how it is going to be administered, who it will affect and the potential ramifications.
https://www.abc.net.au/radionational/programs/latenightlive/how-australias-pile-of-national-security-legislation-stacks-up/13553368
Regards,
BoBeX
I checked few yt videos and blogs where people are using Linode and OpenVPN as VPN server. Given that the Linodes(servers) region are limited and infact falls under 5/9 eyes jurisdiction. Is that worth pursuing.
What do you think of OVPN? They have spent two months in court fighting to keep information private and the movie copyright companies only have up once they realised there truly is no logs and no method of monitoring. https://www.ovpn.com/en/blog/ovpn-wins-court-order
They also state “OVPN is one of very few VPN providers that have had their no logs claims proven in court. OVPN is the only Swedish VPN provider that has proven that no logs are stored.”
It sounds good but I worry that most servers are in 14 eye countries, if the encryption is good and there legitimately are no logs then does 5/9/14 still matter? I hope you can reply either publicly or privately. Thanks.
OVPN is a great option, see the OVPN review here.
As an Australian (my personal bias noted here) I can not be completely comfortable with the implication that we may not a good society with good institutions.
We are a good place to live. We as a community of Australians understand that liberty is paramount yet liberty should be moderated in the interest of the community.
Our values are this, our community is this and our institutions are this.
It is very hard to draw law enforcement attention in Australia. You have to be engaging in an activity that is rejected by the community.
We are far from perfect.
🙂
Watched your health dept denying Iver-mectin – which saves lives and your police beating and arresting freedom protesters in the last year?
Perhaps your main stream media did not cover it?
It is not just in your country.
“It is very hard to draw law enforcement attention in Australia. You have to be engaging in an activity that is rejected by the community.” Wow. Not morally wrong, not violent, not infringing on others’ rights, but “rejected by the community.” No doubt ‘the community’ here means all the people who agree with BoBex. This isn’t even a slippery slope, it’s already dystopian.
You are very naive if you think Australia holds individual liberty as one of it’s core value’s, I too am a Australian and I can assure you, do not trust either side of our government to reverse the continued weathering away of our rights and freedoms.
for instance, I’ve already had coronavirus and I am soon to be forced to take a vaccine that will serve absolutely no purpose and will serve as nothing more than a potential risk (albeit a small one) I won’t be able to travel, the #NoJabNoPay legislation is a utterly outrageous, friends cannot run their businesses, the police used the QR code covid application to track criminals and arrest them, something they explicitly said they would not do.
So please don’t pretend that Australia doesn’t have the potential to impose a tyrannical authoritarian society upon their citizens, it started long before Covid but damn if this isn’t the best and most recent example that Australia doesn’t care about your individual rights or freedoms.
To quote Henry Kissinger…
“The world needs the right kind of catastrophe and countries will demand and join for a New World Order”…..
Now who out there cant see that the common cold/flu virus has been genetically modified to be worse than it ever was and given a new name to fear called Covid-19? just like terrorism and the fear of it, in the beginning it was Al-Queda, and now its ISIS.
As you stated, already had covid and now faced with russian roulette in the form of a vaccination, that won’t prevent you from getting covid again, but will severely alter your immune system leaving you susceptible to the next virus that is unleashed to enshrine your compliance by demand of government installed by its intent to bestow you with fear.
People never realise nor comprehend that governments around the world operate in a realm of cause and effect, create the cause… to obtain the effect.
Interesting. I wonder how your opinions have evolved or if they have remained the same after the announcement and enforcement of more lockdowns.
As an Australian, reading this is absolutely abhorrent. It almost feels written by a governmental party.
We have a lot of great things here, yes. However to believe that it is hard to draw law enforcement attention by only engaging in “activity that is rejected by the community” is a daydream at best.
We have data retention laws enabling the collection of almost all data, to which a file can be created on a member of the community. I work in the CyberSec field here. I have a very clear understanding about the data collection the ASD conduct.
We are giving up more “liberty” each time we pass a law to “moderate” said liberty in the interest of the “community”.
I hate to think BoBeX would use the term “If you have nothing to hide..”.
We do not have a sovereign freedom here. We only have the illusion of it.
Australia is clearly a horrendous place to live, and your values are garbage.
Individual freedom is the greater good. You have no liberty if your life is subject to the whims of everyone else and the state. Keep deluding yourself in complacency.
I admit that this made me laugh out loud, although the notion that someone can actually think like that (as opposed to the generic no scruples stuff said by those linked to the government all the time) is frightening, not funny. Thankfully there are those (like RP) who value freedom and talk about it openly, because some of the things we have seen in the past year have made it hard not to believe that some people simply don’t have principles (other than obeying authority, of course).
Sven,
Thank you for this place. I was wondering if you may know some secure browsers to use! I currently use Firefox and Brave. I am not sure these are the safest?
Also, are there password storage programs secure that may be recommended? Mine is probably being hacked.
Got any advice finding using a Linix Based Tablet making me also secure?
Thank you
Yep, I recently reorganized the top menu to have it include our most popular guides, including:
Secure Browsers
Best Password Managers
I’m not sure on Linux-based tablets, but you might want to check out PineTab.
This is a great article. But it needs to be updated, with new discussion to include:
(1) developing VPN encryption protocols offered by various providers, like Wireguard, for example, which may be arguably superior to more common alternatives;
(2) the likelihood — or possibility, at least — that Proton is a company funded and/or developed in cooperation with the CIA;
(3) the fact of many superb service features offered by Torguard, all of them outweighed by the failure of its US jurisdiction;
(4) the VPN service provider Mullvad, who have emerged quickly as candidates for the #1 alternative, by offering truly anonymous subscriptions/payment, Wireguard encryption, and operation inside Swiss jurisdiction.
Thanks!
Also… No mention of TOR?
Mullvad is not in Swiss jurisdiction. It’s in Sweden (14 eyes.)
Hey there,
and thank you for the pretty article. I think the case for “no logs” is a bit hard to swallow. It makes it harder to find criminals, too, that deserve proper punishment, like the cyber-harassment in the example you gave. Though the VPN-provider should have said it, that they keep logs, to not be hypocritical, if they said so, no one would want their VPN!
Nonetheless, for why I wrote: ProtonVPN seems to have an audit behind it now, too, so you might update the corresponding section for audited VPNs.
https://protonvpn.com/blog/open-source/
Yes, this was a security audit, which is very good, but the section in the article was referencing an audit to confirm no-logs claims.
Excellent post I want to read more about the topic Thanks for sharing.
Henry,
Do you ever think about someone obtaining your userids and passwords to accounts with your financial institutions? If you don’t use computers, do you perform all transactions via checks, at banks, and on the phone?
Are you at all concerned with someone stealing your identity by obtaining your tax forms sent to the IRS (via snail mail and/or electronic transfer)?
If you don’t think privacy is that important, just send us all your full name, mother’s maiden name, ssn, credit card numbers, and all user ids, passwords and account numbers. Then you may not be, or appear to be, as care free.
Hey Sven, thank you for this rundown – vital information. And no, I have no criminal activity to conceal, and don’t plan on doing any in the future. That’s not the point. The point is that governments should not be able to invade people’s privacy (a computer is basically an extension of your brain, when you think of it,) without probable cause and due process of law. It’s the principle of the thing.
But a related issue relating to VPN choices – perhaps fit subject for an article of its own – but for which I have been able to find zero information, is about the similar privacy-destruction measures being taken by corporations, most egregiously by Microsoft, with its Orwell 10 rollout – the announcement that in agreeing to its Terms of Use – which you must agree to if you want to use the OS at all – you the user grant to the Microsoft workforce in their cubicles in Redmond, WA the right to monitor any and all activity that you do on your computer, right down to keystroke logging. Which means your passwords, PINs, account numbers, correspondence, your manuscripts (if you’re a writer,) information about family and friends, etc. And “Oh, but you can disable those features. Have a nice day” is the same thing as someone selling you a house, keeping his own set of keys, and telling you “Oh, I promise I’ll never come in while you’re gone. Have a nice day.”
I’d used Anonymizer for years with little hassle until it was sold; after flailing around for a replacement I bought a 3-year subscription to NordVPN… only to discover that it was impossible to install on any of my systems without first… downloading Microsoft’s latest spyware.
So I need to find a VPN that will install and run on older Microsoft Operating Systems, and utterly independent of any need to download and install any of Microsoft’s latest “updates” or the need to use Orwell 10. Allowing a corrupt corporation to violate my privacy is no better than allowing a corrupt government to violate my privacy, IMO.
I wonder if such a product even exists – but I’ve been unable to find any information anywhere, in any VPN review, about backward-compatibility with “no longer serviced” Operating Systems, and/or VPNs that can be installed with minimal interaction with Microsoft beyond the basic OS itself. Please advise, and please consider adding this information to VPN reviews. We need to know what kind of garbage a VPN will require a person to install just to enable installing the VPN itself. If the prerequisite system software is a privacy hazard itself, it defeats the whole purpose.
Thanks,
Z
The big issue with older operating systems is security. New security issues and vulnerabilities are being found all the time, hence updates and patches. And if your security is compromised, your privacy goes down with it, so the two go hand in hand. But you can avoid Windows and go with Linux. As to your question, you’d just have to check with the various VPNs as to whether they support the OS you are using at this time.
I agree with Z. Recently just bought a ‘throw away’ PC because of this issue. We appreciate the work you do re privacy so i was a bit surprised to hear an Autobot response, ie need to update security vulnerability, clear your cache.
I for one don’t really care about ‘hackers’ if that is the security vulnerability you’re talking about. I would rather have a hacker get bored with my internet activity and move on than a bunch of paranoid delusional hall monitor bureaucrats storing every damn thing i do.
How about a pro, con how to, create your own vpn, but doesn’t apple or your isp know if you create a VPN using your own laptop?
Thanks again man, you are doing important work
I agree with question risen by JD regarding the creation of user VPNs.
There is almost as many online tutorials regarding “create your own VPN” as there are paid promotions for VPNs (Not really as many but still lots);
And these tutorials are still sponsored not by VPNs but by cloud hosting companies and I believe (my view) that these are difficult to trust because of said sponsorship.
In these tutorials they imply the same benefits that the VPN companies do.
My view and concern (notably a non-technical one) is that creating your own VPN and mis-configuring it would likely expose more threats than not using a VPN at all.
What is the view of the RP team and community?
Yes, there are many problems with the average internet user trying to “roll your own VPN”. Aside from the complexity and high chance of misconfiguring something, there are also these problems:
– Your traffic is not getting mixed with other users, which means everything done on that “private” server is traced directly back to you and your hosting account.
– Your hosting provider is probably logging everything you do on their server.
– You won’t have access to a large network of servers, which you’ll get with most good VPNs.
Curious about other OS such as Ubuntu. Are they worth pursuing? I discovered that most software is not compatible with anything except Microsoft. Sad but true?
Yes, Linux is a great OS for more privacy and security.
Give VPN.ac a look at and see if it fits your need.
They got one sale at BF and CM and going two years subscript it’s under$50.
Hi Z,
My approach to your use case is to put the VPN client on my home router. All devices using my home network have their traffic routed via NordVPN. If the VPN tunnel is down, all of my traffic is dropped.
-Valheru
So i have just finished setting up Pivpn (openvpn) on my raspberry pi.
After reading this article i am now wondering if using a trusted paid vpn provider is safer or more secure than using my own vpn server for free (i am using openvpn).
And if using a paid service is better i’d also like to know what makes the paid vpn better then using my own free vpn server.
The biggest advantage a paid VPN offers is the ability to mix your traffic with other users. With only you using your VPN, everything is tied back to you. Another advantage of a paid VPN is a large server network around the world, and secure apps for all major devices. You can see our top picks are here.
Riseup, “… was forced to collect user data for government agents …”
The government cannot force a company to “program” or to alter their code, to accommodate the federal government. Apple proved that. While the government can “scare” them, fighting it in court is the worst thing to keep “secrecy” because all trails are PUBLIC.
So Riseup was just a Government B****!
Well, there are also secret court systems where rulings and verdicts are not even public. Check out the FISA courts, for example.
That used to be, before the DemonDem transfer of power. They will parse everything and it will come out to their favor – twisted or mostly not the truth.
What about PC security software, like BitDefender Totl Security? How much browsing data are they privy to and storing?
See the antivirus privacy article.
I seem to be the only that thinks this is bad for cyber citizens or the average web user folks in their online privacy when using a product or service from one of the MLAT counties. Anyone else?
Hi out there, thank you for your privacy workout!
By the way, one source has been lost: The “sources” link of the Nine Eyes.
Carry on.
Thanks, I just updated the link with the archived version:
http://archive.is/MAgbt
Dear Sven,
Firstly, I have to say that I’m overjoyed to see Restore Privacy experience something of a Renaissance. You and your privacy-centric compatriots are doing wonderful work spreading the good word, as always. Anyways, I note that you make mention of CTemplar as a credible and private email provider. Having signed up a while back after hearing of the service’s features, I have to say it at least purports to be top-of-the-line; I lack the skills to verify the accuracy of CTemplar’s claims, but my experience has been good. Do you plan to release a review of CTemplar any time in the future? I consider this website one of the foremost privacy publications, and hold its declarations in high regard (although I still fact check them as I would anything). It’d be no doubt help the burgeoning company, who have themselves informed me they aren’t planning to market CTemplar any time soon (probably for financial reasons). All replies are most appreciated.
Thanks!
Anonymous
Hi Anonymous, yep, we can get a review of CTemplar on the To Do List. I think Heinrich is also testing out CTemplar at the moment, so he can do a review soon. Thanks for your support.
crypto ag case shows… from 5 to over 100 eyes LOOOOL
you have been warned about the sec_state
Freedom of speech also involves reading what we were taught about the past that was not so.
Those who control the present control the past, who controls the present controls the future.
If we knew the truth about the past we would know why we are losing our freedom Now.
“When a well-packaged web of lies has been sold gradually to the masses over generations, the truth will seem utterly preposterous and its speaker a raving lunatic.” Dresden James.
Good luck, Internet privacy will do little to save you from what is to come.
In the mean time hard wire your Wifi with an Ethernet cable.
https://www.youtube.com/watch?v=ICA19oKPi5I
And dont put your laptop on your lap.
If you don’t post this comment at least read for yourself you will see the world in a different light.