Privacytools (“PTIO”) is a project with the noble mission to “provide knowledge and tools to protect your privacy against global mass surveillance

Sounds useful, no? Sadly, their website does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding.

They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that’s in control of commits.

Dangerous and misinformed endorsements

  • Signal PTIO claims to “provide knowledge and tools to protect your privacy against global mass surveillance”, yet PTIO knowingly and willfully sends privacy seekers directly into several mass surveillance traps via OWS Signal.

  • Keybase PTIO endorses Keybase despite reckless and malicious wrongdoing – which PTIO is aware of.

  • DuckDuckGo (“DDG”) is falsely marketed (but very well marketed) as privacy-respecting. It’s a popular choice among naive users. Experts know better. Sadly, PTIO does not. Copious privacy abuses are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior alternatives.

  • Qwant Has a history of hostility toward Tor users. e.g.:

    Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements.

Incompetence and deception

  • Searx PTIO has a fundamental misunderstanding of what Searx is. It’s smart to endorse searx, but not as a search “provider”. Searx is not a service. Searx is free software search engine. PTIO erroneously claims “No logs, no ads and no tracking”. It’s a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are many instances. And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users – and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org.

  • Corruption scandal: PTIO member met with Startpage reps to discuss something that would personally benefit him when Startpage endorsement was being dropped. He attended the meeting without informing other PTIO insiders and only admitted to it afterwards after being probed. Of course if PTIO when opts to put their repo on Microsoft Github, the kind of talent they attract are sell-outs.

Hypocrisy- refusal of PTIO to eat their own dog food

PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO’s credibility is in the shitter as it proudly displays branding for the following on their website:

shameful example why it’s a problem
Microsoft Github PTIO uses a Microsoft Github repo to manage bug reports. There are copious problems with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they’ve self-defeated their mission.
Twitter PTIO claims Twitter is “for outreach”. If PTIO needs to reach Twitter users, they can have a Twitter account. But to link into Twitter from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It’s both foolish and reckless to lead people from the open web back into Twitter.
Facebook Richard Stallman gives good advice to those who refuse to accept the reality that they don’t really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse.
Microsoft LinkedIn same issue as Twitter and Facebook
Reddit Amazon-hosted. Same issue as Twitter and Facebook

It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.

  • dirtfindrOP
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    5 years ago

    Whether a set of software is privacy respecting or not as is is not a matter of free vs proprietary.

    You’re not making sense. Software can be privacy respecting or privacy abusing independant of whether it’s free software or not. But if it’s free software you can do something about it – but not so if it’s non-free open-source. And also not so if network protectionism is in force. Privacy abuse arises out of the misplaced power you’re advocating. Even if a user can’t write code due to technical inability, they can still benefit from the rights given by free software.

    Once, again. That’s just not true. “Langis is an unofficial version of Signal and provided without waranty, it is Free Software” https://langis.cloudfrancois.fr/

    That’s been tried. When “Libre Signal” emerged as a free software replacement for Signal, OWS threatened to sue them and also threatened F-Droid. F-Droid didn’t have the legal resources so they had to give in and drop Libre Signal. The Libre Signal project became a ghost town. Langis users violate OWS ToS (network protectionism). Will Langis get away with it? Perhaps. OWS used a technicality to attack Libre Signal, claiming that “Libre Signal” was close enough to “Signal” to violate the trademark. The Libre Signal project opted not to simply rename because they still lacked the legal resources to take on the OWS legal team. OWS behaves very much like a profit-driven corporation, using its non-profit status merely as a token of perceived credibility. Even if Langis gets away with surviving a legal challenge (as it’s the users not the tool that are legally actionable – and the project also seems to be in France), you can’t claim the liberty is there when in fact liberties have been taken.

    A project with legit legal standing which might interest you is “Session.” It’s a free-software fork and it escapes the network protectionism issue by not using the OWS network. It is in fact a different project, tool, and network entirely… and also eliminates the requirement to register a mobile phone. It’s founded by alt right people, so it’s sketchy in that regard.