Privacytools (“PTIO”) is a project with the noble mission to “provide knowledge and tools to protect your privacy against global mass surveillance

Sounds useful, no? Sadly, their website does the opposite of its claim: it leads people straight into mass surveillance centers through endorsements of bad players. The site is rife with entities that privacy seekers should be avoiding.

They not only show poor judgment by endorsing privacy abusers who work directly against their mission, but they also neglect to enumerate the traps and pitfalls on the endorsement pages. Apart from the transparency problem, security experts expose lots of privacy abuses in the website bug tracker which have little influence on decisions made by the staff that’s in control of commits.

Dangerous and misinformed endorsements

  • Signal PTIO claims to “provide knowledge and tools to protect your privacy against global mass surveillance”, yet PTIO knowingly and willfully sends privacy seekers directly into several mass surveillance traps via OWS Signal.

  • Keybase PTIO endorses Keybase despite reckless and malicious wrongdoing – which PTIO is aware of.

  • DuckDuckGo (“DDG”) is falsely marketed (but very well marketed) as privacy-respecting. It’s a popular choice among naive users. Experts know better. Sadly, PTIO does not. Copious privacy abuses are linked to DDG. PTIO betrays the public trust through this reckless and uncautioned endorsement. PTIO down plays the non-controversial and superior alternatives.

  • Qwant Has a history of hostility toward Tor users. e.g.:

    Metager and Mojeek have never mistreated Tor users, and yet they rank low in PTIO endorsements.

Incompetence and deception

  • Searx PTIO has a fundamental misunderstanding of what Searx is. It’s smart to endorse searx, but not as a search “provider”. Searx is not a service. Searx is free software search engine. PTIO erroneously claims “No logs, no ads and no tracking”. It’s a deception. Anyone can run a public searx instance and implement logs, ads, tracking, and any other anti-feature they want. There are many instances. And some searx instances do in fact push ads to pay their bills. All but one searx instance will push privacy abusing CloudFlare results to users – and at least half a dozen of them are evil to the extent of proxying through CloudFlare themselves. It only makes sense to endorse particular searx instances. There is one searx instance that is uniquely above all privacy respecting, which filters out CloudFlare results: searxes.eu.org.

  • Corruption scandal: PTIO member met with Startpage reps to discuss something that would personally benefit him when Startpage endorsement was being dropped. He attended the meeting without informing other PTIO insiders and only admitted to it afterwards after being probed. Of course if PTIO when opts to put their repo on Microsoft Github, the kind of talent they attract are sell-outs.

Hypocrisy- refusal of PTIO to eat their own dog food

PTIO is totally blind on the importance of setting an ethical example that is consistent with their own mission. If PTIO cannot handle ethical privacy-respecting tools themselves, how can they possibly expect to give novices confidence? PTIO’s credibility is in the shitter as it proudly displays branding for the following on their website:

shameful example why it’s a problem
Microsoft Github PTIO uses a Microsoft Github repo to manage bug reports. There are copious problems with this foolish choice. PTIO makes a failed attempt to reason that they want to be where the most people are. With that kind of rationale, they’ve self-defeated their mission.
Twitter PTIO claims Twitter is “for outreach”. If PTIO needs to reach Twitter users, they can have a Twitter account. But to link into Twitter from their website takes the hypocrisy beyond outreach. Users who land on their clearnet website have already been reached. It’s both foolish and reckless to lead people from the open web back into Twitter.
Facebook Richard Stallman gives good advice to those who refuse to accept the reality that they don’t really need Facebook. If you believe you cannot live without Facebook, you still cannot justify linking into FB from the free world. To link from FB to the open web is sensible. To link the other direction is to be an excessive and needless enabler of privacy abuse.
Microsoft LinkedIn same issue as Twitter and Facebook
Reddit Amazon-hosted. Same issue as Twitter and Facebook

It’s plainly evident when navigating privacytools.io that there’s a serious credibility problem.