Advanced Search
Content Type: News & Analysis
On 11 March 2025, The Atlantic journalist, Jeffrey Goldberg was added to a Signal chat where senior US Government officials were discussing the United States’ military strikes in Yemen.This happened to Goldberg as an accident. Yet, security services around the world have pushed for this to be part of their clandestine surveillance operations: the so-called “Ghost Protocol”.Governments have been trying to gain access to private online conversations since private online conversations have existed…
Content Type: News & Analysis
As the New York Times reports the health programmes are being cut by USAID cuts, the US Government declares them as “inconsistent with the national interest or agency policy priorities.” Sadly at PI we know the kind of foreign aid that governments believe are in the national interest: surveillance funding.We’re alarmed by aid budgets being cut by governments world-wide. People will be hurt, and people will die.And while most of the news has been dominated by the US’s cuts, the UK and France…
Content Type: Video
Links- Read our in-depth article about what happened and what it tells us about the security and robustness of the modern internet- Find more about the 911 outages across several US states- CrowdStrike's own review of the problem- Our podcast on the XZ exploit- Facebook VPN exploitation- The philosopher Caitlin was thinking of was Paul Virilio
Content Type: Long Read
On 13 March 2025, we filed a complaint against the UK government challenging their use of dangerous, disproportionate and intrusive surveillance powers to undermine the privacy and security of people all over the world. Here, we answer some key questions about the case and the recent events that led to this development.Note: This post was last updated on 13 March 2025.What’s the fuss about?A month ago, it was reported that the UK government demanded Apple Inc – maker of the iPhone, iPads, Macs…
Content Type: Guide step
We suggest using Two-Factor authentication, as it provides an extra security step in order to access your account. This way, besides asking for your username and password, Threads will verify your identity by sending a unique code to your device.
This can be done by SMS (text message) or using an authentication app suggested by Threads. You can also set up your own password manager and authenticator app to do this. Check our guide on password managers to learn more.
On mobile app:
Go to your…
Content Type: Guide step
This is the first step in improving your privacy on Threads. When you first create your account, it is set as "public" by default, meaning anybody can find it and see what you share.
Making your account private lets you share your content with a select group of people that you care about. Anyone else that might want to access it needs to send you a follow request to get your approval first.
On mobile app:
Go to your profile by clicking the bottom right corner icon. Then tap the two stripe icon…
Content Type: Guide step
Generally, it’s tough to minimise targeted ads on phones because ads can be delivered based on data from the device level (such as what operating system your phone is using or based on unique numbers that identify your phone), browser level (what you search for within a browser), and within the apps you use. An app could target ads at you based on your location (tied to your unique device id number(s)) for example. Apps, including Instagram, direct you to opt-out of targeted ads at the device…
Content Type: Guide step
Blocking someone on Threads will make them unable to find your profile and posts. When you block someone, they do not get a notification about your action. Blocking someone means you will stop getting notifications from that person. You cannot follow an account you have blocked. Keep in mind that if your profile is set to public, anyone that you have blocked can find you if they login through another account.
On the mobile app or on your browser (procedure is exactly the same):
Go to the…
Content Type: Guide step
Telegram allows you to have end to end encrypted chats, which means only you and other parties in the chat can read the messages. No one else can decipher them without access to either your or the other party's device — not even Telegram. As we've written before, end to end encryption is an essential feature to help protecting the confidentiality and integrity of transmitted information. However, Telegram does not enable secret chats by default.
To start a secret chat, open the profile -- not…
Content Type: Guide step
Tracking pixels are a common online tracking technique used in email messages. They consist in embedding a unique, disguised or invisible, image in an email message to gather data about your interactions with it.
When you open a message containing a tracking pixel, your email client makes a request to load the image so that it can display it to you: in practice, this request acts as a notification to the server. Since only you are served this exact pixel, when your email client requests it to…
Content Type: Guide step
In the current digital landscape, passwords are the predominant method for user authentication across most platforms. From a privacy perspective, passwords present a advantage over some other methods like biometrics, as they do not disclose any additional or unique data about you – apart from the selected username
Given the widespread adoption of passwords, manually managing multiple, unique passwords for each online account becomes more difficult. Having unique random passwords for each…
Content Type: Guide step
In your day-to-day life, your smartphone silently captures and stores a digital footprint of your whereabouts by keeping a location history: this history is then used to enhance your mobile experience, such as by aiding in navigation and customizing app experiences according to your location habits.
Yet, it's essential to recognize the potential risks tied to this seemingly innocuous practice. Understanding how your location data is handled becomes vital, as it can impact your privacy in ways…
Content Type: Guide step
Many mainstream Internet platforms, such as YouTube and X, often collect extensive user data, track online activities, and employ algorithms to create content recommendations based on individual preferences. For a privacy-conscious user, this is nothing short of a nightmare. Making use of alternative front-ends allows you to access the content you want, while minimising the data collected about you. Essentially, this corresponds to using a different website to access the same content. By using…
Content Type: Advocacy
We believe the Government's position of refusing to confirm or deny the existence of the Technical Capability Notice or acknowledge Apple's appeal is untenable and violates principles of transparency and accountability.
Content Type: Guide step
The practice of buying and selling email addresses is a common one among digital data brokers. Say you register at an online shop to buy an item from a brand. The shop can then sell your email address to that same brand, so they can advertise to you directly in your email inbox. This is a form of targeted advertising, and we have written about its privacy implications to you as a digital citizen. Online marketing is not the sole reason you should consider concealing your personal email address…
Content Type: Guide step
Depending on where in the world you are visiting from, websites may seek consent as one way to justify their collection of data about you. This has become general practice across the web, and the typical way to ask for user consent is via banners that pop up first thing when the webpage loads. Often these banners will make use of design elements and user interfaces aiming to mislead or influence you in giving away consent to collect and process your data - these are called Dark Patterns and are…
Content Type: People
George is a Legal Officer at Privacy International. He works on legal advocacy and litigation targeting surveillance, the exploitation of personal data and privacy-damaging practices in the healthcare sector.George was admitted as a solicitor in England and Wales in September 2023. Prior to joining PI, George worked as an associate specialising in data protection at a commercial law firm. George has a Master of Laws (LLM) in international human rights law, a Master of Sciences (MSc) in Business…
Content Type: Explainer
Imagine this: a power that secretly orders someone anywhere in the world to abide and the receiver can’t tell anyone, can’t even publicly say if they disagree, and can’t really question the power in open court because the secret order is, well, secret. Oh and that power affects billions of people’s security and their data. And despite being affected, we too can’t question the secret order.In this piece we will outline what’s ridiculous, the absurd, and the downright disturbing about what’s…
Content Type: News & Analysis
Edit: 13 March 2025 - You can find more about what happened next on our case pageOn February 21st, Apple disabled their ‘advanced data protection’ service for UK customers. That means no-one in Great Britain can now enable a powerful security safeguard that people who use Apple devices everywhere else on the planet can: user controlled end-to-end encryption of stored data.This is likely in response to a disturbing secret government power. Well, that’s what we think happened. We can’t know for…
Content Type: Examples
With the stated aim of improving the security of satellite communication, a multinational partnership of companies involved in space engineering has partnered with the European Space Agency (ESA) to operationalise the Quantum Key Distribution Satellite (QKDSat) owned by Honeywell. The UK Space Agency is supporting the scheme within its larger aim to reduce vulnerability in data transfers.https://www.militaryaerospace.com/communications/article/55243719/honeywell-and-esa-announce-public-private-…
Content Type: Examples
Anduril has been awarded a 5 year contract to weave in its Lattice software into the US Space Force's Space Surveillance Network (SSN), which monitors objects in space. The agreement will enable swift data sharing between space sensors, repositories, and personnel, and will allow the quick integration of new partners as needed. https://defensescoop.com/2024/11/21/anduril-space-surveillance-network-upgrade-contract-sdanet/Publication: DefenseScoopWriter: Mikayla Easley
Content Type: Examples
The Agreement between the Chief Digital AI Office of the USDOD and Anduril is worth $100 million, and uses the latter's software 'Lattice Mesh' to expand the 'mesh' within the US military ecosystem. Anduril has stated that this will allow the delivery of critical data which will enable real-time generative AI solutions which fit specific military needs. https://defensescoop.com/2024/12/03/anduril-awarded-100m-deal-cdao-scale-edge-data-mesh-capabilities-ota/ Publication…
Content Type: Examples
The US Army has chosen to extend its relationship with Palantir for up to four years for use of its 'Vantage' system as its main data platform. The Army Data Platform uses Palantir software to process data and utilises Artificial Intelligence (AI), significantly enhancing surveillance capabilities. Palantir has been the main provider of this Platform since 2018. https://www.defensenews.com/land/2024/12/18/us-army-extends-palantirs-contract-for-its-data-harnessing-platform/ …
Content Type: Examples
The contract will run until 2031, and will provide the US Air Force with drones (Unmanned Aerial Vehicles) which can serve multiple purposes, including mimicking enemy drones, data collection, and military strikes. These drones will enable enhanced surveillance by the US military. Firestorm will be using their pre-existing drone technology as well as developing drones with new capabilities. https://defence-blog.com/san-diego-based-firestorm-secures-major-us-air-force-deal/#…
Content Type: Examples
DroneAcharya, which has recently merged with drone technology start-up AVPL International, has been awarded a contract worth 1.87m Indian Rupees ($21, 660) by the Indian Ministry of Defence. The agreement involves hardware and training for the piloting of drones. This will enhance the Indian military's surveillance capabilities to use drones for intelligence gathering, reconnaissance, and monitoring. Drone Acharya's share prices rose by 4% after news of the Public-Private Partnership went…
Content Type: Video
Links Guest's publications PI's technology, data and elections checklistTransparencia Electoral's reportTransparencia's index on data protection in LatAm electionsR3D's report: Censura electoral Links to content discussed in episodeObama's 2012 targeted social media campaignOur work on Cambridge AnalyticaDeepfake use in electionsOur report with the Carter Center on the Kenyan Presidential electionsListen to our episode about our work in Kenya (Election Observation: Data,…
Content Type: Guide step
Depending on where in the world you are visiting from, websites may seek consent as one way to justify their collection of data about you. This has become general practice across the web, and the typical way to ask for user consent is via banners that pop up first thing when the webpage loads. Often these banners will make use of design elements and user interfaces aiming to mislead or influence you in giving away consent to collect and process your data - these are called Dark Patterns and are…
Content Type: Press release
Privacy International (PI)FOR IMMEDIATE RELEASEUnited Kingdom goes after Apple's encrypted dataThe United Kingdom has used its investigatory powers to force disclosure of private data held by Apple Inc."The United Kingdom's unprecedented attack on individuals' private data around the globe is disproportionate and unnecessary.""This is a fight the UK should not have picked. The reported details suggest the UK is seeking the ability to access encrypted information Apple users store on iCloud, no…
Content Type: Advocacy
Our joint stakeholder report made the following recommendations: Strengthen the implementation of Data Protection Act, 2019 and make clear in law and in relevant guidelines that personal data from the electoral register which has been made accessible is still subject to, and protected, by data protection law, including for onward processing.Ensure that there is an effective legal and regulatory framework in place to guarantee a human rights-based approach in the design and deployment of…