As motivated in An Opinionated Guide to Privacy Despite Authoritarianism, 2025 is a rough time and it might get way worse. I’ll assume you’ve read the previous post and have taken the suggested precautions. This guide seems most appropriate for people at higher risk, like opposition politicians, immigrants, and investigative journalists. However, the Trump regime gives little respect to legal boundaries. I think everyone should gear up for the potentially darker days ahead.

Overview

Don’t try to do everything at once. As in the first article, even a few hours can dramatically boost your privacy. If you’re short on money, then you can skip the hardware replacement recommendations.

I’m only speaking for myself

My day job is AI alignment research at Google DeepMind. I’m only expressing my own views. This guide synthesizes research from security experts and represents my personal practices.

New concepts

The difference between mass surveillance and targeted investigation

An Opinionated Guide to Privacy Despite Authoritarianism protects against mass surveillance that lets the government track lots of people at once. This guide partially addresses both mass and targeted investigation. In a targeted investigation, you now need to worry about physical threats as well: device seizure, physical surveillance, informants, and people who are investigating you in particular.

This guide is not sufficient to protect you against targeted investigation. Think of these guides as raising the cost for the government to surveil you. It’s still possible, but it’s tougher and less likely.

Protect your network, not just yourself

Other people are at risk too. Optimize your setup to leak as little information as possible about your friends, family, and colleagues. For example, using e2ee Proton Calendar and e2ee contact management with EteSync means that the government can’t figure out who you’re meeting with by just demanding data from your cloud calendar provider.

Know your rights

If you are at high risk (e.g. as an immigrant), educate yourself (aclu). Consider printing off a flyer to keep on your person—remembering in the heat of the moment is hard.

Harden your hardware in a dozen hours

Spending money wisely

Many of the most vulnerable are least able to follow the recommendations in this section. To them, I would say: switch from Windows to Linux Mint (free!) and then advance to the “Secure your digital footprint” section.

The subsections are in descending order of importance. If you have some money to spend, then I’d focus on:

1. Switching to GrapheneOS,
2. Switching to Linux (free) or MacOS (famously not free), and
3. Owning your home router (and modem if relevant).

Other purchases are not critical—e.g. buying an Apple TV to replace your standard smart TV operating system. These purchases will improve your privacy, but they aren’t critical.

Switch to GrapheneOS

Cost: $0 if you already have a Google Pixel phone; $550 if you run the setup yourself; $850 if you buy a phone with GrapheneOS pre-installed. Time: 6 hours.

Here’s the deal: iOS 26 fundamentally breaks all mobile vpns, meaning isps and the government will be able to track you. ’Tis a shame, because iOS is quite strong on privacy and minimizing telemetry. Android does better but still can leak your identity in rare cases. If you want to both use a smartphone and reliably avoid mass surveillance, you should switch.

Reminder that I work at Google DeepMind

Though I don’t think my employment much influenced my recommendations. Before I learned about the vpn fiasco, I was ready to recommend iOS for people at lower risk.

I recommend GrapheneOS installed on a Google Pixel phone (yes, it has to be a Pixel). GrapheneOS seems like the most private mobile OS available. Many people praise the operating system for its speed, battery life, and strong customizability.

I’m going to be real with you: the switch will be inconvenient at first. It took me an entire evening to get all my apps set up again. If you want to invest in avoiding a surveillance state, this is a good investment. You’ll end up with a phone that has nearly all the functionality you’d expect of an Android. Everything should just work, with a few exceptions:

1. About 10% of banking apps don’t work. Make sure that your bank is listed as compatible. If your app isn’t listed, that might be OK. For example, a friend found that First Tech bank’s app isn’t on the list, but he was still able to log in using the Brave web browser on my GrapheneOS phone. From there, GrapheneOS can pin the webpage to the home screen.
2. Google Pay won’t work, so you can’t pay by scanning with your phone directly. To replicate the experience, purchase a credit card holding accessory and put your card in the back. This should feel basically the same. I do miss using Google Pay for public transportation.

How to make the switch

If you’re technically comfortable, I recommend buying a Pixel 9a for about $499 directly from Google (if you buy from a carrier, you might hit issues). Then install the OS yourself—the process is surprisingly straightforward! If you aren’t comfortable setting it up yourself, you can buy a Pixel with GrapheneOS preinstalled for $799.

Getting started in GrapheneOS

1. Download F-Droid using the Vanadium browser. F-Droid is an app store which only carries publicly verified open source applications.
2. In F-Droid, download the Aurora app store. Aurora carries everything on the Google Play app store, but it’s open source and more anonymous. When you want to download an app, first check if it’s on F-Droid and then check Aurora.
3. Download Bitwarden and then download ProtonVPN.
4. For YubiKey 2fa compatibility, you’ll need to download Google Play Services and give it network access. You don’t need to give Google Play network access.
5. Download your other apps. — Be stingy in letting them access the network—only give them access if they should have it. — Instead of downloading apps for everything (e.g. a banking app), I just tapped “install web app” after loading the banking page. Web apps expose less of your data than native apps. — If you use Android Auto, then you’ll need to download it as well.
6. Set these security settings in Settings -> Security & privacy:
   1. Exploit protection:
      1. Auto reboot: 8 hours (makes it harder to crack your device, since your phone is only truly protected before you unlock it for the first time after powering it on).
      2. Usb-c port: Charging only (rules out large class of usb-c based attacks; just change this from settings if you need a data connection).
      3. Turn off Wi-Fi and Bluetooth automatically: 5 minutes (reduce passive tracking by nearby beacons).
      4. Hardened memory allocator: Enabled (protects against many common hacks).

Switch away from Windows

Cost: $0. Time: 20 hours.

For years, I dithered about switching away from Windows. Windows was all I knew. But now that I’ve switched, I’m glad I did. Microsoft Windows operates on a misaligned business model that extracts data, annoys you, and fundamentally doesn’t respect you.

Windows leaks your data like water through someone’s hands… after they’ve fully opened their hands, that is! Honestly, Windows is so frustrating. Even though it’s what I grew up with, after spending a few years away, I’m so glad I don’t have to deal with it anymore. Doubly so considering how Microsoft pushed out Windows 11 to force millions of consumers replace millions of computers which work just fine with Windows 10.

More specifically, Windows sends out so much information about you via so-called telemetry, which Microsoft makes extremely hard to disable. Compared to iOS and Linux, Windows is far more vulnerable to viruses and ransomware. The user experience also just sucks. You don’t have control over what’s happening and your system might just restart on you whenever it pleases.

Please don’t use Windows. To be safe, assume anything you type on a Windows machine will be transmitted back to Microsoft and the federal government.

Linux can be your new home

All things considered, I recommend that you switch to Linux. For the unaware, Linux is an open source operating system. Each line of code has been inspected by experts from around the world—from the first loading screen down to the calculator. Linux is both free and private. Linux comes in many different flavors, but I recommend Linux Mint. While I haven’t used it before, it’s strongly praised:

Ars Technica

Linux Mint just works. It isn’t “changing the desktop computer paradigm”, or “innovating” in “groundbreaking” ways. The team behind Mint is just building a desktop operating system that looks and functions a lot like every other desktop operating system you’ve used, which is to say you’ll be immediately comfortable and stop thinking about your desktop and start using it to do actual work.

If you have a Windows computer, you can just install Linux Mint on your computer. You don’t need to buy anything new. For example, you could follow PC Magazine’s guide: Don’t Like Windows 11? It’s Never Been a Better Time to Make the Switch to Linux. At first, you “dual boot” which just means you have two choices: you can boot up Windows or Linux.

• Open this page on your new Linux machine.

The Mac alternative

Mac is also way more private than Windows. I use a Mac and I’m happy with it, but if I could go back and change my choice, I might’ve gone with Linux. Reason being: Mac requires trust in Apple since MacOS is not open source. However, I think Apple has a good track record when it comes to user privacy (with a few exceptions). Furthermore, Apple is vertically integrated and so manufactures their own cpus and laptops. That produces a more secure experience.

• If you want me to make a choice for you, then if you need a low-compute laptop get a 4^th-generation MacBook Air. Otherwise, get a 4^th-generation MacBook Pro.

Own your home network

Cost: $250 one-time. Time: 1 hour.

If you are using the combination modem / router box that your isp rented to you, you are using a closed-source black box that they control completely. Beyond that, many standalone TP-Link routers have documented botnet vulnerabilities (possibly due to the influence of the Chinese government).

Your vpn will protect most of your information (unless you’re on iOS). However, the isp still learns information if they’re spying on you via your rented modem-router. They can spy on the details of what’s happening within your local network. For example, they would know “this household has an iPhone, two laptops, a smart TV, a Google Home, and the iPhone connects every weekday at 7 a.m.” Once you secure your own equipment, they only know “someone is using 50 GB / day via ProtonVPN.”

Plus, open-source routers have neat features. They can shield your entire network using a network-wide vpn connection (which is currently the only way to truly protect outgoing traffic from an iPhone). Open-source routers can also block requests to fetch ads before they even leave the network.

Buy the right modem

If you’re in the usa with a cable internet connection, you can buy your own modem. If you’re outside the usa or have fiber internet, just move to the next subsection to buy a router.

Sadly, you can’t just buy whatever modem you want. Each isp has a set of allowed modems.

• Consult your isp’s list and then buy a modem which has a “docsis” version of 3.0 or greater (the higher, the faster the max speed). Apparently Arris, Motorola, and Netgear tend to be good choices.

My experience upgrading my modem

I get my internet through Xfinity. I consulted their list of approved modems and then I purchased an Arris SB8200. The newer Arris S34 was supported, but I read that it was finicky to set up (and my network connection isn’t faster than 800mbps anyways). At about $168, the Arris SB8200 modem would pay for itself after 11 months of not paying my isp $15 / month.

Always buy a new modem

Don’t buy a refurbished modem. It could still be tied to the previous owner’s account, leading to hours of frustrating calls with tech support. More seriously, there’s a faint chance that someone tampered with the device to spy on the next buyer.

Buy a router that respects you

Don’t rent a router from a company that wants to harvest your data. Instead, I strongly recommend buying a router from GL.iNet. These devices come preinstalled with OpenWrt—the gold standard for open-source router software. I recommend the GL.iNet Flint 2, which costs $140 and is powerful enough for a whole house.

Because its software is open-source, it is subject to public scrutiny. You have no idea what shady stuff Comcast may have installed on the default router. GL.iNet routers offer two additional benefits:

1. Easy to install your ProtonVPN connection for your entire home, protecting all your devices automatically (including mobile iOS devices which cannot otherwise form secure vpn connections). Normally, a smart TV would not even be able to use a vpn.
2. Easy to enable AdGuard, which blocks huge numbers of outgoing requests to ads and trackers.

For my router, I future-proofed with the GL.iNet Flint 3. For the setup itself, I used my laptop. To configure my hardware, I needed to tell ProtonVPN to “allow lan connections.”

1. Set up ProtonVPN on your router via OpenVPN,
2. Exempt your laptop so it uses its own vpn, retaining your ability to switch vpn servers on the fly.
   1. Go to the dashboard at 192.168.8.1,
   2. Navigate to vpn settings,
   3. Go from “global mode” to “policy mode” with policy type “do not use vpn for the following”, and
   4. In the vpn tunnel, exempt the devices which run their own secure vpn connections.
   5. Create a new tunnel (priority 1) which does not use vpn (see below for target configuration).
3. In the vpn tab, disable “All other traffic” to ensure that only vpn-protected traffic goes through.
4. In the Applications tab, enable AdGuard Home. (Even though my Brave browser has strong ad-blocking, AdGuard still blocks about 2.5% of dns requests!)

Here’s what my vpn settings looked like by the end:

Wi-Fi network advice

1. Use Bitwarden’s password generator in “passphrase” mode to generate passwords like “kudos ahead reborn smog refined unquote.”
2. To avoid exposing your private network to potential intruders, create a separate guest Wi-Fi network with a separate password.
3. Make sure to enable WPA3-SAE for the strongest encryption for connections between your device and the router.

Beware popular security cameras

Apparently many security camera solutions are horrible for privacy. Make sure you’re either keeping your videos local or that the video is encrypted so that only you can decrypt it. Reolink seems good and is compatible with Home Assistant!

Control smart home devices with Home Assistant

Cost: $130. Time: 10 hours. Optional, but make sure you secure your smart device microphones.

I love my Google Home setup but it sends data home which isn’t e2ee. The solutions: either stop using always-listening devices or switch to the open source Home Assistant platform.

• Disable the microphones on any Google Home or Amazon Echo devices. These devices can still work with Home Assistant, but you might want to turn them off until you get that set up.
  • Alternatively, block them from phoning home at the router level using AdGuard.
• Purchase the Home Assistant Green for $130.
• Follow the included instructions. Make sure to look around for videos which explain the application. It’s not totally intuitive.

Run an Apple TV instead of your normal smart TV

Cost: $130. Time: 30 minutes to set up.

Normal smart TVs track lots of your data. Apple TVs are much better.

Breaking down why Apple TVs are privacy advocates’ go-to streaming device

It remains technologically possible for Apple to introduce intrusive tracking or ads to Apple TV boxes, but for now, the streaming devices are more private than the vast majority of alternatives, save for dumb TVs (which are incredibly hard to find these days). And if Apple follows its own policies, much of the data it gathers should be kept in-house.

• Purchase an Apple TV.
• Disconnect your smart TV from the internet. Use the Apple TV as a hub instead.

Secure your digital footprint in 3 hours

Be pseudonymous when possible

Minimize how often you provide your real name, your real email address, your real phone number, or your real credit card. You won’t achieve perfect security, but you’re reducing the amount of data obviously tied to you.

My well-known pseudonym is “TurnTrout”, but in 2018 I decided to link my real-life identity. When I need a private pseudonym, I use Bitwarden’s username generator. I recommend you do the same, generating a new pseudonym for each site unless you want to link in your real identity.

Use email aliases instead of handing out your real email to random sites

Time: 15 minutes initial setup.

If you use aliases, you make it harder for scammers and surveillance to track your online identity. You can also disable an alias if a site uses that alias to spam you.

• Link your Proton Unlimited account with SimpleLogin to generate random-looking single-use email addresses.¹

• Follow Bitwarden’s guide on setting up Bitwarden to generate email aliases on-demand when you’re generating new passwords—check the “forwarded email alias” subsection. Bitwarden is lovely, isn’t it?

Use virtual cards for online purchases

Cost: Free for up to 10 new virtual cards per month. Time: 15 minutes.

Companies buy your data because it helps them predict what you’ll do. The government wants it for similar reasons. As we do not live in a world with e2ee transactions between buyers and sellers, we must settle for imperfect protection.

Services like Privacy.com generate single-use or merchant-locked virtual credit cards. This prevents merchants from:

• Charging you after cancellation,
• Making it hard for you to cancel (just delete the virtual card),
• Exposing your real card in data breaches.

Protect yourself.

• Install the desktop browser extension for Brave.
• Install the mobile app.
• On Privacy.com account settings, make your purchases show up as “Privacy.com” on your bank and credit card statements.

You can buy digital services pseudonymously

Real-world items will require shipping to a real address. Unless you’re going to set up random addresses via mail-forwarding services, you’ll need to provide identifying information. That information may be sold to data brokers and then bought by the government.

However, you can pay for digital services pseudonymously using a virtual card, an email alias, and a random fake name (but don’t do this for anything which legally requires your real information). When merchants sell those data to brokers, the brokers won’t be able to link it to you. That takes you off the grid some!

Virtual cards provide minor protection against persecution via bank statements

If the government later demands that e.g. Bank of America give the names of everyone who donated to the Democrats in the last year, then even if the bank complies, your name won’t be on the list. However, the government could still get the information from Privacy.com. For true anonymity, use cash or prepaid cards.

Opt out of financial institution data sharing

Time: 15 minutes.

These companies share tons of your data as well. By law, they have to let you opt out.

• Minimize data sharing via your:
  • Bank(s).
  • Credit card(s).
  • Other instruments.

Delete PayPal

Time: 30 minutes plus a few more hours depending on how much you use PayPal.

PayPal just got hacked and 16 million customers had their passwords leaked, meaning PayPal wasn’t following even the most basic security precautions. To add ad to insecurity, in 2025, PayPal started sharing your data with a lot of companies:

I recommend deleting your PayPal.

• Download a pdf of your current year’s statements.
• Download your data under “Data & privacy.”
• Delete your PayPal.

If you want to keep your PayPal, at least mitigate by opting out of their data sharing:

• Opt out of data sharing.

Minimize sharing your data with llms

Minimize or avoid putting private information into cloud-based llms. Once you upload your data, assume it may be used for training or even available on the Internet Archive. But if you have a sensitive topic to get off your chest, what else can you do?

Apple’s private cloud compute framework

The framework promises significantly more privacy than standard inference. If you have an Apple computer, consider using after maxing out the privacy settings.

Run an llm on your local machine

For the technically inclined.

As of October 2025, I’m using ollama to run Qwen3-8b on my MacBook Pro M3 (36gb ram). I use OpenWebUI as a frontend. I set the model and OpenWebUI to run at system startup so that I can query my local model whenever I please. The information I type never leaves my machine except through the model’s internet interactions. Peace of mind!

However, the obvious downside is that Qwen3-8b is much less smart than the latest Gemini model. I can’t exactly get a high-quality research report from poor little Qwen!

Eventually I’ll likely be able to run a local model on my MacBook Pro but with the abilities of Gemini 2.5 Pro. At that point, frontier models will be even more capable, and perhaps I’ll miss some other perk instead. That brings me to another stopgap solution I’ve devised.

opensuperwhisper runs local speech-to-text on Mac

This open source application works on MacBook Pro M1 and later. Just run brew install opensuperwhisper and then open it from the Applications folder.

Regularly delete your chat history for frontier models

OpenAI and Google offer the ability to turn off chat history (with limited-time retention for safety purposes). For Anthropic’s Claude, you have to enable “incognito chat” before each session.

I use Gemini the most. If I trust Google to delete data promptly (and I do), then at any point in time where the government comes knocking, my chat history will be mostly empty. As with any company, I’d still be vulnerable to online chat monitoring compelled by the government.

Technical question: Why can’t llm conversations be e2ee?

This brings us to a set of techniques under the umbrella of fully homomorphic encryption (fhe). If you homomorphically encrypt your data, then the model can “digest” that data and spit out (encrypted) answers—without being able to decode what your data mean.

Several issues arise. First, as of October 2025, no one knows how to run models on fhe data without significant slowdowns. Second, fhe makes llm tool calls difficult and llm web searches impossible. Third, if the leading model providers did this, they wouldn’t have visibility into potential misuse of their models.

Track todos with Lunatask

Time: 30 minutes.

I used to track my tasks with Todoist, but I never felt fully comfortable. I transferred to Lunatask—which is (guess what?) open source and e2ee. Lunatask is also just a better app in my opinion. It prioritizes tasks for you (no more juggling self-imposed due dates), maintains personal / work separation by not showing “work” tasks while in the “personal” zone, and easily slots tasks into your schedule (just drag and drop).

• Migrate to Lunatask.

Advance your mobile and travel security in 1 hour

Browse your favorite websites privately

Time: 10 minutes.

Even if you’re using a vpn to hide your traffic with Brave stopping tracking, the website still knows what you’re doing since you’re logged in. However, if you consume content using a different “frontend” (kinda like a viewport), you can still get the benefits with much lower privacy cost. For example, browsing XCancel instead of X:

The downside is you usually can’t interact with the site. You can usually just lurk. These sites can also be unreliable, so be ready to ask the extension to redirect you to the original site.

• Install the LibRedirect extension, which automatically redirects you to an open source frontend which respects your privacy.
• In the settings, enable redirects for your favorite sites; you may need to mess with the defaults.

If you want to browse the original site again, you can disable the extension or select the option “only redirect in incognito mode.”

Surreptitious “beacons” track your every movement

Time: 20 minutes.

In Stores, Secret Surveillance Tracks Your Every Move

Most people aren’t aware they are being watched with beacons, but the “beacosystem” tracks millions of people every day. Beacons are placed at airports, malls, subways, buses, taxis, sporting arenas, gyms, hotels, hospitals, music festivals, cinemas and museums, and even on billboards.

In order to track you or trigger an action like a coupon or message to your phone, companies need you to install an app on your phone that will recognize the beacon in the store. Retailers (like Target and Walmart) that use Bluetooth beacons typically build tracking into their own apps. But retailers want to make sure most of their customers can be tracked—not just the ones that download their own particular app.

So a hidden industry of third-party location-marketing firms has proliferated in response. These companies take their beacon tracking code and bundle it into a toolkit developers can use.

The makers of many popular apps, such as those for news or weather updates, insert these toolkits into their apps. They might be paid by the beacon companies or receive other benefits, like detailed reports on their users.

Location data companies often collect additional data provided by apps. A location company called Pulsate, for example, encourages app developers to pass them customer email addresses and names.

Companies like Reveal Mobile collect data from software development kits inside hundreds of frequently used apps. In the United States, another company, inMarket, covers 38 percent of millennial moms and about one-quarter of all smartphones, and tracks 50 million people each month. Other players have similar reach.

Disable location tracking on Android

The following steps stop your phone from being passively detected by Bluetooth beacons and otherwise minimize your information footprint.

1. Turn off the Timeline. Google creates a minute-by-minute “Timeline” of where you’ve been.
   1. Go to Settings > Google > Manage your Google Account > Data & privacy. Under “History settings”, tap “Location History” and select “Turn off.”
   2. Delete your history as well.
2. Turn off “Web & App Activity.” Even with Location History off, Google will still save your location every time you, for example, search for a place in Google Maps or check the weather. This “activity” is saved along with your location.
   1. Visit the same “Data & privacy menu” as above. Tap “Web & App Activity.” Turn it off.
   2. Uncheck any box that says “Include Chrome history and activity from sites, apps, and devices that use Google services.”
3. Disable location services. For example, when Bluetooth scanning is enabled (even with Bluetooth “off”), Android phones report lists of nearby beacons any time an app refreshes location services.
   1. Search for “Bluetooth scanning” or “Improve accuracy” in your settings and disable it. This setting does not affect your ability to use the actual Bluetooth feature. You may notice a minor decrease in location accuracy.
   2. Search for “Wi-Fi Scanning” and disable it.
   3. Search for “Location Accuracy” and disable it.

If you’re switching to GrapheneOS (which you hopefully are), use its granular per-app network and sensor permissions to prevent apps from accessing Bluetooth unnecessarily. Conservative permission settings should totally stop your phone from passively responding to nearby beacons, since those wait for responses from shady apps.

Minimize the uptime of your Bluetooth radio

If data companies have the information, so can the government. Obviously, the most privacy-boosting remedy is turning Bluetooth off, cold-turkey—but I don’t want to forsake my AirPods in my day-to-day life. Here’s what to do instead.

GrapheneOS instructions

GrapheneOS includes a “Bluetooth timeout” feature that automatically disables Bluetooth after a period of inactivity. Enable in Settings > Network & internet > Bluetooth > Bluetooth timeout.

iOS instructions

On my MacBook, I only use Bluetooth for two reasons: listening to audio and using a wireless game controller. So I made simple automations in the Shortcuts app: IF $APP opened, THEN turn on Bluetooth (and have it notify you when it runs). Now, Bluetooth should be turned off when I don’t need it.

Similarly, make simple automations which encompass your use cases.

Android instructions

If you have a Samsung phone, you can use the Modes and Routines feature. In that case, follow the iOS instructions using that feature. Otherwise, you can’t automate this due to Android’s restrictions on third-party applications modifying the state of the Bluetooth radio. So… yeah. I don’t have another thing for you to do besides “turn it off when you aren’t using it.”

Only carry smart devices when you need them

I have an Oura ring but I don’t particularly trust them. Their offerings are proprietary, closed source, and not e2ee. They require cloud analysis of my health data. At the same time, I want to track my sleep health.

I used to wear my Oura everywhere. But I realized I only need to wear my Oura while sleeping, meaning the ring doesn’t even need to leave my home. I put on the ring at night and take it off in the morning. While Oura can still decrypt and read my sleep data, I find the tradeoff worth it for the sleep information. I decreased my daily “digital signature” by carrying one fewer device.

Minimize “centralized” notifications

Time: 10 minutes.

For most mainstream applications, the government can see exactly what notifications you get, when, and what app the notification is for. This information amounts to a detailed picture of what you’re doing, when, and maybe even who you’re talking to.

A letter from Senator Wyden to former Attorney General Garland

[Push notifications] aren’t sent directly from the app provider to users’ smartphones. Instead, they pass through a kind of digital post office run by the phone’s operating system provider. For iPhones, this service is provided by Apple’s Push Notification Service; for Android phones, it’s Google’s Firebase Cloud Messaging.

These services ensure timely and efficient delivery of notifications, but this also means that Apple and Google serve as intermediaries in the transmission process. As with all of the other information these companies store for or about their users, because Apple and Google deliver push notification data, they can be secretly compelled by governments to hand over this information.

• Audit which apps have notifications enabled. Disable notifications for every single app which doesn’t have to provide critical, real-time alerts. Each notification you prevent is one less metadatum logged on a server you don’t control. Reducing notifications also promotes peace of mind.
• On Android, prefer apps on the F-Droid app store. Almost all of these apps send notifications independently. Note that Signal only uses Google’s notification system to say “hey check the Signal servers for the real notification.” Proton notifications are e2ee so the government would only see “the user got a Proton Mail notification.”

iOS: Disable AirDrop

The Protesters’ Guide to Smartphone Security

One of the most innocuous features enabled on millions of iPhones is also one of the most dangerous for those seeking to protect their privacy in public. Apple’s AirDrop protocol uses trivially bypassed security measures that authorities like the Chinese government have openly bragged about cracking to identify users since at least 2022.

You should assume that any device with AirDrop enabled is constantly broadcasting your name, email address, and phone number to everyone around you, even if you have it set to “Contacts Only.” Apple has known about this flaw since 2019 and has not issued any fix.

• Settings -> General -> AirDrop -> "Receiving Off".

Disable 2g to avoid “stingray” attacks

Stingray attacks use a machine which pretends to be a fake “cell tower” with super strong signal. Your phone switches to the “cell tower” because the signal seems stronger. Then the machine tricks your phone into downgrading to a 2g connection. At that point, criminals and / or police make your phone basically admit who you are. They do this to everyone within half a kilometer.

How ice Is Using Fake Cell Towers To Spy On People’s Phones

Despite having been criticized by civil rights groups for using Stingrays during the last Trump administration, ice continues to use the technology. Earlier this year, new media publication Straight Arrow News said it had analysed “mobile network anomalies” around a Washington state protest against ice raids that were consistent with Stingray use.

Forbes found contract records showing ice purchased nearly $1 million worth of “cell site simulator vehicles” in May this year, indicating it’s taking the surveillance tool fully mobile. That was part of a contract first signed under the Biden administration in 2024.

Stingrays can pick up metadata from plain old texts and calls. Avoid by using Signal—it’s e2ee, so they would just be “intercepting” nonsense ciphertext. I think the only way to avoid being located at all is to enable airplane mode or to even use a Faraday cage to shield your phone from all radio signals.

GrapheneOS

GrapheneOS has more comprehensive protections than just disabling 2g. But you should also do that.

• Enable “2g network protection”—just search “2g” in settings.

Android

You can just disable 2g in your settings (search “2g”). The 2g speed sucks anyways and that protocol basically out of use in the usa at this point. (Just remember, if you later end up without coverage in a remote location, you can try reenabling 2g.)

• Disable 2g.

iOS

You’re less lucky. You can enable lockdown mode to disable 2g connections, but that mode also will break convenient everyday applications. Unless you expect to be under targeted scrutiny (e.g. at a protest if protests become criminalized), you probably shouldn’t turn that mode on. Sadly, as of October 2025, Apple has yet to provide a standalone 2g toggle.

Tracking stingray usage

In 2024, we gained a tool to potentially track these devices. For $20 to buy the hardware and for a dash of technical expertise, you can help collect data on nearby law enforcement stingray usage. You can read about some conclusions the eff drew one year later.

Be prepared at border checkpoints

In the usa, my understanding is that the dhs cannot compel an American citizen to unlock a password-locked device. If you say “no”, however, they might keep your device for a while and try to crack it on their own. If you’re not a citizen, the rules are different. You should read more elsewhere.

However, if the “lock” is not a password but merely a biometric, the legal waters seem darker. Therefore, I recommend turning off your devices before the checkpoint, which should force password entry on next unlock and prevent your phone’s information from being pried out as easily. Alternatively, modern phones also enable this if you hold down the screen-power and volume-up buttons.

• On Android, you might have to enable “lockdown mode” as an option. Make sure it’s enabled if necessary.

US government watches immigrant speech on social media

Assume that all social media activity is monitored by ice’s Homeland Security Investigations teams, who maintain dedicated personnel for social media surveillance.

Eff to Department Homeland Security: No Social Media Surveillance of Immigrants

Eff submitted comments to the Department of Homeland Security (dhs) and its subcomponent U.S. Citizenship and Immigration Services (uscis), urging them to abandon a proposal to collect social media identifiers on forms for immigration benefits. This collection would mark yet a further expansion of the government’s efforts to subject immigrants to social media surveillance, invading their privacy and chilling their free speech and associational rights for fear of being denied key immigration benefits.

Specifically, the proposed rule would require applicants to disclose their social media identifiers on nine immigration forms, including applications for permanent residency and naturalization, impacting more than 3.5 million people annually. Uscis’s purported reason for this collection is to assist with identity verification, as well as vetting and national security screening, to comply with Executive Order 14161. Uscis separately announced that it would look for “antisemitic activity” on social media as grounds for denying immigration benefits, which appears to be related to the proposed rule, although not expressly included it.

Additionally, a day after the proposed rule was published, Axios reported that the State Department, the Department of Justice, and dhs confirmed a joint collaboration called “Catch and Revoke”, using AI tools to review student visa holders’ social media accounts for speech related to “pro-Hamas” sentiment or “antisemitic activity.”

Not much you can do besides being pseudonymous. Be as brave as you can be in your situation. Try not to give in to the chilling effect—I recommend that US citizens not give a damn.

Track belongings using AirTags instead of Tiles

Tile devices allegedly don’t encrypt your location data, meaning criminals and law enforcement could intercept the data and watch your Tiles move around the map as they please. AirTags are e2ee, keeping your location data private. After reading that article, I immediately tossed all my Tiles and bought six AirTags.

Disable Wi-Fi calling

Wi-Fi calling is considered to be telephone data (through your carrier) and so isn’t protected by your vpn. Phones which connect to Wi-Fi calling will let your carrier track your precise location—not just the rough region you’re in, as usually guessed from your cell tower data.

Avoid distinctive device names

Time: 5 minutes.

If my AirPods are called “TurnTrout’s AirPods”, then anyone who scans for Bluetooth knows that TurnTrout is nearby. I don’t need to be leaking that information, so I made my device names generic: “MacBook Pro”, “AirPods”, and so on. True, generic names make it slightly harder to figure out which device to connect to, but the cost is small—just connect in a less ambiguous environment.

• Rename your devices to have generic names.

As a reminder, your Bluetooth devices and other broadcastable names may include other smart devices:

1. Laptop
2. Phone
3. Watch
4. Oura ring
5. Wireless headphones
6. Smart speaker
7. Mobile hotspot

Other tips:

1. Turn off specialized devices when not using them. For example, a smart speaker.
2. Disconnect from unknown Bluetooth devices.
3. Putting on some music in your friend’s car? Give it minimal permissions—don’t let it suck up your entire contacts list.

Medium-term strategic shifts

Keep emergency cash reserves

The US government may engage in financial warfare against its critics. Stephen Miller threatened retaliation against Americans who exercised their free speech rights. He warned that “radical leftists” (read: those who publicly disagree with the Trump administration) will have trouble accessing their money:

Stephen Miller, White House Deputy Chief of Staff for Policy

The power of law enforcement, under President Trump’s leadership, will be used to find you, will be used to take away your money, take away your power, and, if you’ve broken the law, to take away your freedom.

Before we reach that point, I recommend you immediately:

• Withdraw enough cash to live for at least a month,
• Store it securely at home (consider a fireproof and waterproof safe), and
• Ensure your passport is current and ready for international travel.

Tech workers can push for privacy improvements

Securing even one of these timely improvements would be a significant win for protecting privacy and freedom across the world. I’ve drafted suggestions which shouldn’t conflict with core business models.

Readers who work at Apple

By order of importance:

1. Enable the “Always-on vpn” toggle for consumers, not just enterprise users. Make the default setting “yes.” Current iOS policy directly feeds metadata into isps, exposing millions of unaware users to tracking and potential political persecution.
2. Make adp the default setting where legally permissible.
3. Tighten the Wi-Fi Positioning Systems to no longer (theoretically) enable mass surveillance and privacy invasion:
   1. Stop returning the locations of up to 400 unrequested nearby bssids with every successful query. Just return the inferred location of the queried bssid. This feature allowed the researchers to discover 172 times more bssids than they could by guessing.
   2. Implement a per-device and per-account rate limit that is sufficient for legitimate location lookups but too low for mass data harvesting.
   3. Require queries to be tied to an authenticated Apple ID to allow Apple to ban abusive users.
   4. Follow Google’s model of requiring an api key and charging a small fee for queries. The cost of a global scan would be “prohibitively expensive for all but powerful adversaries.”
4. Add a toggle to disable the 2g radio without having to enter lockdown mode. Safeguard user privacy by defaulting to e.g. “2g off (except emergency calls).” It doesn’t make sense to be in the middle of strong 5g service but still be open to 2g (and thus to stingrays).
5. Fix the AirDrop vulnerability originally reported in 2019. Security researchers have even developed a secure open source solution: “PrivateDrop.”

Readers who work at Meta

6. Migrate WhatsApp from e2ee to zero-knowledge encryption to protect metadata. If not, more clearly warn users that their metadata are not e2ee.
7. Encrypt WhatsApp backups by default (prompting the user to make an authentication key). Many users are unaware that their backups are unencrypted.
8. Extend (zero-knowledge) e2ee to Instagram conversations.
9. Extend (zero-knowledge) e2ee group chats in Messenger.

Readers who work at other tech firms

Focus on changes with minimal technical burden or conflict with core company incentives. Start with easy wins like default settings changes. Those require no new engineering but affect the large set of users who never change settings.

Gradually transition workplaces from Slack to Element

Slack is not e2ee. The government can read those messages if it seized the servers. The Trump regime’s intimidation tactics will chill discussion of e.g. AI policy, especially among non-US citizens. Lots of people I know fit that description. Foreseeable censorship and state-driven retaliation will probably put them at serious risk.

Create a space where people can speak freely without fear of government surveillance. Element is an open-source, e2ee communication platform built on the Matrix protocol. Unlike Slack, Element encrypts messages, calls, and file transfers end-to-end. Even if the hosting servers are compromised, your conversations remain private. Unlike Slack, you have the option of self-hosting your data. While Slack tries to keep you in their ecosystem, the Matrix protocol is decentralized and federated, providing easy future migration and interoperability.

Element offers a migration wizard to directly migrate users and content. Furthermore, the Slack to Matrix migration tool can import even more data, including DMs and private channels.

Migration details and timeline

Data type	Migration support	Notes
Public channels		The Migration Wizard migrates complete Slack Workspace including all users, public channels, messages and files
Files		Files shared in public channels are included in migration
Users		Users can be transitioned en masse with automatically generated email addresses and passwords
Channel structure		Element’s Slack Migration Wizard recreates Slack channels as Element rooms
Message threads		Conversation threads within public channels are preserved
Private channels		Requires Slack to Matrix tool and Slack Enterprise Grid export with private channels included
Direct messages		Requires Slack to Matrix tool and requires Business+ or Enterprise Grid export; won’t work on DMs with Slack Connect accounts
Group DMs		Requires Slack to Matrix tool and Enterprise Grid export
Apps & integrations		Custom apps and integrations must be reconfigured in Element
Custom emoji		Custom workspace emoji are not migrated
Workspace settings		Settings, preferences, and customizations must be set up fresh
User permissions		Users are auto-joined to migrated channels, but permission structures may need reconfiguration

To retain the benefits of Slack Connect, you can keep those Slack channels open while interacting with those channels using Element.

Example migration timeframe

Phase 1: establish parallel infrastructure (weeks 1–2)

• Set up an Element workspace for your team or organization.
• Choose between Element Cloud (easiest, $5–10 / user / month) or self-hosted Matrix server (free but requires technical expertise).
• Create equivalent channels / rooms for sensitive discussions.
• Invite a small pilot group.

Phase 2: gradual adoption (weeks 3–8)

• Start moving sensitive conversations to Element:
  • Policy discussions that could be politically risky.
  • Organizing around workplace issues.
  • Any communication with non-US citizens about political topics.

Phase 3: expand usage (months 2–6)

• Create bridges between platforms if needed for the transition period.
• Gradually move more conversations to Element.
• Establish Element as the default for any sensitive topics.
• Import from Slack and have your users move over for essential business, keeping Slack available as a backup.

Phase 4: full transition (optional)

• Evaluate whether full migration makes sense for your organization.
• For maximum security, fully deprecate Slack and delete message history.
• Or maintain dual platforms with clear boundaries, like “Slack is now read-only.”

Gradually migrate your social network away from X

The cup runneth over with reasons to leave X. There’s always Elon Musk’s repeated “heil Hitler” salutes from back in January 2025, or his illegally cutting usaid and thereby dooming a projected 26 million people by 2040, but even the platform itself learns to hook into your brain and keep you stressed and scrolling. This platform has done horrible things to world discourse and maybe it’s done horrible things to you, too. Most relevant, though, is the censorship which Elon inflicts upon X. Although I don’t use X regularly, I plan to migrate my account to places with stronger technical defenses against centralized censorship.

The catch: if you leave X, you leave your followers and connections behind by default—although you can export your interaction data. To reconnect with your X followers on the alternative platform Bluesky, you would need to find each follower’s Bluesky handle on your own (or vice versa, for your followers finding you). In other words: We love our friends more than we hate these platforms, so we stay stuck.²

Later, I propose a two-month migration during which you cross-post major updates to multiple platforms. You’ll build a following and hopefully bring over some of your friends as well. Admittedly, this isn’t so much about privacy as about building censorship-resistant infrastructure.

Bluesky: better but still subject to central censorship (for now)

Government censorship comes to Bluesky, but not its third-party apps … yet

Bluesky restricted access to 72 accounts in Turkey at the request of Turkish governmental authorities, according to a recent report by the Freedom of Expression Association. As a result, people in Turkey can no longer see these accounts, and their reach is limited.

The report indicates that 59 Bluesky accounts were blocked on the grounds of protecting “national security and public order.” Bluesky also made another 13 accounts and at least one post invisible from Turkey.

Given that many Turkish users migrated from X to Bluesky in the hopes of fleeing government censorship, Bluesky’s bowing to the Turkish government’s demands has raised questions among the community as to whether the social network is as open and decentralized as it claims to be. (Or whether it’s “just like Twitter” after all.)

The pitch for Mastodon

Mastodon’s structure is resilient against censorship. Mastodon can’t “chicken out” like Bluesky seems to have done because Mastodon operates on a federated model. The “Fediverse” is a collection of interlinked servers which use a shared protocol. The servers can interoperate seamlessly. Users can easily port their data from one server to another. Censorship becomes hard—more like “whack a mole” with a million moles, where the moles may be using quite sophisticated vpns.

Sadly, Mastodon isn’t too popular, boasting only 750,000 active users sprinkled across dozens of major servers in October 2025. In contrast, Bluesky houses 4.1 million daily users. X stacks up about 260 million. In particular, Bluesky has a more vibrant AI research scene—many of my readers care about this.

I still made a Mastodon and will try cross-posting using Buffer. You can follow me at @turntrout on mastodon.social (that’s the main server). To get started yourself, check out this guide.

Mastodon kinda sucks because of low engagement. Bluesky has expected future suckage because of censorship potential. I guess the play is to just make accounts on both and hope that one of them takes off?

None of these platforms have reliable e2ee messaging

Pessimistically assume that every interaction on X (including “encrypted” DMs) may be read by the company and the government.

E2ee and social media

Neither Bluesky nor Mastodon offers or has announced plans for e2ee. The platforms’ decentralized nature makes e2ee technically challenging. Assume that anything you post or DM can be read by platform administrators and potentially compelled by governments. For private conversations, continue using Signal.

X migration plan

1. Set up new accounts on Bluesky and / or Mastodon.
2. Pin an announcement with your new handles to your X profile.
3. DM your closest contacts directly—don’t rely on them seeing your post.
4. For the next 2 months, cross-post across all platforms using the Buffer tool.
5. Engage actively on your new platform to build momentum.
6. Set a sunset date for X and stick to it.
7. Export your data from X.
   • Request to download your data.
   • Download the data when ready.
8. Resist the urge to check X “just in case.” Consider deleting your account outright.

What next?

I’m scared by what’s happening to the country I love. I don’t have a full gameplan. But what I do know is this: these precautions make us stronger. They make us think better by freely communicating information which the regime might wish to suppress. They make us feel better by reducing the risk of persecution, putting us at ease. Most importantly, these precautions help us work together. By securing our infrastructure, we enable acts of kindness and bravery.

We’ll need a lot of both in the coming years.

Thanks

Garrett Baker gave feedback on drafts of these posts.

☙❧

Previous
An Opinionated Guide to Privacy Despite Authoritarianism

Find out when I post more content: newsletter & rss

Thoughts? Email me at alex@turntrout.com (pgp)

Appendix: Precautions which didn’t make the cut for the main article

Automated license plate readers: can’t do anything about them

The government tracks your car movements with exquisite attention. They use Automated License Plate Readers (alprs) to track all drivers—not just “the bad guys.” Unfortunately, there are no publicly known passive countermeasures to these devices, and such countermeasures are illegal in the US anyways. It’s hard to travel the usa without the government knowing.

The remedy is to support data retention limits, restrict inter-agency sharing, demand transparency, organize community opposition, and support organizations like the Electronic Frontier Foundation and the American Civil Liberties Union which legally challenge this surveillance system. For a privacy-respecting jurisdiction, look no further than New Hampshire: alpr data must be deleted within 180 seconds unless the data match against an active person of interest.

Ensure true e2ee for incremental backups

Cloud backups survive house fires, but many cloud services can decrypt your data. I used to use Backblaze’s backup client but then realized that they briefly store the encryption key on their own devices. Meaning I have to tell them how to decrypt my data!

iCloud (with adp) doesn’t work because I want complete incremental backup of all the files on my computer in order to protect against losing work if something happens to my system. Therefore, the backup software should be scanning my entire home directory (with exceptions), and also make it easy for me to restore files.

I instead started using Duplicati to send encrypted backup data to Backblaze B2 storage on an hourly basis. I start the server on startup and it automatically backs everything up. If you want, you can download my configuration template.

I also have local Time Machine backups on an external hard drive. These backups are also encrypted, so if an adversary grabbed my drive, they wouldn’t be able to read my data. As usual, I store the encryption keys in my Bitwarden.

Protect against geo-guessing

Even without metadata, your photo still might be “geo-guessed.” In the game “GeoGuessr”, people compete to guess the location of a Google Street View photograph (with the ability to explore nearby using the Street View). Radu, the 2025 world champion, can sometimes guess obscure road locations with 200-meter precision. Recently, geospy.ai entered the marketplace to power law enforcement. Humans and AI are far more likely to fail locating a patch of forest, but likely to succeed at picking up on subtle cues in urban and rural environments.

If you share a photo but don’t want to share your location… Assume that’s not possible, unless you’re an expert.

Buy webcam covers

Cost: $10. Low-priority.

I purchased two webcam covers for my laptops.³ Even if a hacker compromises webcam and also the “your video is on” light, I still never expose my video feed when I don’t expect to. However, this attack is rather rare. Probably this defense just makes you feel better. I just figured I might as well cover the possibility.