Exit Chat Control · Become Ungovernable

68 min read Original article ↗

PART 00 · THE WHY

Understand the threat

Before you change tools, understand what you are protecting against. Otherwise you install random apps and feel safe when you are not.

Chat Control 1.0 and 2.0, plainly

“Chat Control” is the nickname for two EU texts that allow (or would require) scanning your private messages for child sexual abuse material (CSAM). The stated goal is legitimate; the method, blanket scanning of the communications of unsuspected people, amounts to mass surveillance.

Chat Control 1.0Chat Control 2.0 (CSAR)
TextRegulation (EU) 2021/1232, ePrivacy derogationProposal COM/2022/209 (Ylva Johansson, May 2022)
Scanning

Voluntary, platforms may scan

Mandatory via “detection orders” and “risk-mitigation measures”
Who

Mostly unencrypted US services: Gmail, Messenger/Instagram, Skype, Snapchat, iCloud Mail, Xbox

All platforms, including end-to-end encrypted messengers

The heart of Chat Control 2.0 is a technique called client-side scanning. The idea: instead of breaking encryption in transit, software is installed directly on your phone to inspect every message, photo or link before it is encrypted and sent. Signal put it in one line: it is “like malware on your device”.

Technical honesty, read twice

Against client-side scanning, neither a VPN nor end-to-end encryption is enough if the app or the operating system cooperates. The scan happens on the device, before encryption: the VPN has nothing to protect, and encryption kicks in too late. What actually protects you is choosing free/open-source software that refuses to implement scanning, favourable jurisdictions, self-hosting, and taking back control of your device (an untampered OS). Everything else in this guide follows from this truth.

Worst of all: the tool doesn’t even work

Everyone’s privacy is sacrificed for a technology that fails. The European Parliament’s own study concludes no system detects this content without a high error rate (because across billions of messages, even a tiny false-positive rate yields millions of false accusations). Irish police figures show it: of automated reports, only about 20% were actual material, and over 11% were outright false positives. Landmark research (“Bugs in Our Pockets,” 2021) further shows that once client-side scanning is installed, it is inevitably repurposed (terrorism, copyright, opinions).

The pretext: “protecting children”

No one is against protecting minors, which is exactly what makes it such an effective lever. Fighting child abuse serves as an emotional Trojan horse: who would dare object? Under that banner, a principle is made acceptable that, on its own, would be flatly rejected, the automated inspection of the private communications of hundreds of millions of unsuspected people. Children are the stated motive; the real target is everyone’s encryption and privacy.

The tell: the companies pushing hardest for this scanning are the ones whose business model is surveillance. On 19 March 2026, a joint appeal urged EU lawmakers to entrench “voluntary” detection, signed by:

GoogleLinkedInSnapchatMicrosoftTikTokMeta

“Failure to do so would be irresponsible.” The tech giants’ argument for keeping message scanning alive.

Those same players even announced they would keep scanning messages after the legal basis lapsed on 4 April 2026. Citizens are thus asked to entrust the inspection of their intimate conversations to the very companies known for harvesting and monetising their data. This is the real face of Chat Control: an attack on privacy wrapped in a motive no one can refuse.

This is not “just” surveillance

They try to reassure you: “it’s only Gmail, Instagram, Snapchat, Messenger.” That’s false, and it’s the most alarming part. Three shifts hide behind that downplaying.

  1. It’s not targeting, it’s dragnet. This doesn’t watch suspects: it installs systematic collection of entire populations’ communications. Surveillance at state scale, continuously.
  2. It’s no longer reading, it’s the power to block. Software that inspects a message before it’s sent can also refuse to send it. Client-side scanning builds the infrastructure of prior censorship: blocking speech before it even reaches its recipient.
  3. Once the infrastructure exists, it gets repurposed. A system built “for the children” becomes a general-purpose control tool. The motive changes; the machine stays.

The logical next step: the digital euro

The same logic is about to reach your money. The ECB’s digital euro rests on a traceable currency, bars companies from holding any, and comes with a holding cap: the ECB has floated about €3,000 per person as a working assumption, and the position voted in the European Parliament’s committee (June 2026) leaves the cap for the Commission to set on the ECB’s recommendation, reviewed every two years. The ECB swears the currency won’t be “programmable,” but the cap and the traceability are very much on the menu. When it lands, will you say “relax, it’s only a cap”? That’s the very same rhetorical trap as “it’s only Gmail.” The real question is never what is controlled today, but the control infrastructure being installed for tomorrow.

Which profile are you?

No tool is magic and nobody needs to do everything. Find your profile: each section tells you how far to go.

Beginner

🟢 The ordinary citizen

You just want your conversations and private life to stop being scanned and monetised. Goal: everyday privacy, without becoming an expert.

Intermediate

🟡 The pseudonymous account

Information account, activist page, creator: you fear being deanonymised, doxxed, or losing your account. Goal: separate your real identity from your public one.

Advanced

🔴 The whistleblower

Journalist, activist, source, facing a powerful adversary (state, employer). Goal: strong anonymity, anti-correlation, passing documents without being caught.

PART 01 · MEMO · THE DIGITAL SWAP

Delete / Adopt

The big picture at a glance. Each tool is detailed in the numbered sections below.

Delete

  • WhatsApp (Meta)

  • Messenger (Meta)

  • Instagram (Meta)

  • Snapchat
  • Skype (Microsoft)

  • Discord
  • Gmail (Google)

  • Outlook (Microsoft)

  • Google Drive / Photos
  • OneDrive (Microsoft)

  • TikTok
  • Telegram (normal chats)

Adopt

  • Signal
  • SimpleX Chat
  • Session
  • Bitchat
  • Element (Matrix)

  • Nostr
  • Mastodon
  • Proton Mail
  • Tuta Mail
  • Mullvad (VPN & browser)
  • GrapheneOS

PART 02 · FOUNDATIONS · 🟢

Encrypted messaging

The first move, the one that protects you fastest: leave WhatsApp, Messenger and Telegram for a genuinely encrypted (ideally open-source) messenger.

You leaveYou adoptWhy
WhatsAppSignalSame simplicity, without Meta or metadata harvesting
MessengerSignal / SimpleXMessenger isn’t E2EE by default and was scanned under Chat Control 1.0
TelegramSignal / SimpleXTelegram isn’t end-to-end encrypted by default

What it's for

An encrypted messenger for your texts, calls, video and groups. The direct replacement for WhatsApp, just as simple.

Why it matters

End-to-end encryption by default, non-profit, an audited protocol that is the world standard. Almost no metadata kept, and the team has pledged to leave the EU rather than install scanning.

For whom & when

Everyone, starting today. It’s the first and most useful step. One catch: a phone number, which you can hide behind a username.

Install & use
  1. Install from signal.org (App Store, Google Play, or the direct APK on Android).

  2. Confirm your number by SMS, then set a PIN.
  3. Settings > Privacy: create a username to hide your number, and turn on registration lock.

  4. Invite your contacts. On desktop, link the desktop app to your phone.

What it's for

An encrypted messenger with no account, no number and no identifier. You connect by sharing a link or QR code.

Why it matters

By design, even the servers can’t know who talks to whom. It’s currently the strongest option against metadata correlation.

For whom & when

Pseudonymous accounts, sensitive contacts, high-risk. A bit younger than Signal, with a few rough edges.

Install & use
  1. Install from simplex.chat (F-Droid, Google Play, App Store or APK).

  2. Pick a local display name (never your real name: it stays on your device).

  3. To add a contact, share a one-time invitation link or a QR code.

  4. Turn on the passcode lock, and (advanced) configure your own SMP servers.

What it's for

Signal-grade encryption, but with no phone number and onion routing.

Why it matters

Your identity is a random “Session ID.” Traffic goes through a decentralised network (Lokinet) that sharply reduces metadata.

For whom & when

When a phone number is a liability. Smaller ecosystem, best kept for conversations that matter.

Install & use
  1. Install from getsession.org (all platforms).

  2. “Create account” generates your Session ID and a recovery phrase.

  3. Write the recovery phrase on paper: it’s the only key to your account.
  4. Share your Session ID (or QR) with your contacts.

What it's for

A peer-to-peer messenger that works with no internet: over Bluetooth, Wi-Fi Direct or Tor.

Why it matters

No server, so nothing to shut down or seize. Survives internet shutdowns and network censorship.

For whom & when

Protests, disasters, remote areas, blackouts. Android only, and both people need the app.

Install & use
  1. Install from briarproject.org or F-Droid (no iOS).

  2. Create a local account (nickname + password), stored only on the phone.

  3. Add a nearby contact by scanning their QR code, or remotely via a link.
  4. When the network is down, turn on Bluetooth: messages hop device to device.

What it's for

Jack Dorsey’s mesh messenger: nearby phones relay messages hop by hop, with no internet, server or account.

Why it matters

End-to-end encryption (AES-256-GCM) and a “panic mode” that wipes everything with three taps on the logo.

For whom & when Protests and blackouts, alongside Briar. Use with caution.

Caution: unaudited

Its own repo warns it “has not received external security review.” Great for resilience, but don’t stake lives on it yet.

Install & use
  1. Install from the App Store (iOS) or the APK/GitHub (Android).
  2. Open the app and pick a nickname. No account to create.
  3. Nearby devices auto-discover over Bluetooth.
  4. In danger, triple-tap the logo to wipe everything (panic mode).

What it's for

A hardened build of Signal for Android, compatible with the same network.

Why it matters

Database encrypted at rest, automatic locking, and a “FOSS” variant fully free of Google services.

For whom & when

Advanced users, especially on GrapheneOS, with a high threat model. Android only.

Install & use
  1. Add the Molly repo in F-Droid, or grab the APK from molly.im.

  2. Choose Molly-FOSS if you want zero Google dependencies.

  3. Register with your number (same network as Signal).
  4. Set a database password and automatic locking.

Against Chat Control

Prefer open-source apps outside the big US platforms, whose teams have publicly pledged to leave the EU rather than install client-side scanning (Signal has). Reminder: if the OS itself enforces scanning, the app can’t help, hence section 12.

PART 03 · 🟢

Encrypted email & PGP

Gmail reads your email and lives in the US, under “Five Eyes” jurisdiction. Leaving Gmail/Outlook is a huge win for minimal effort.

What it's for

An encrypted inbox that replaces Gmail or Outlook, and the pivot account for the whole Proton ecosystem.

Why it matters

Based in Switzerland, outside “Five Eyes” jurisdiction. OpenPGP-compatible: automatic encryption between Proton accounts and to other PGP services.

For whom & when

Everyone. It’s the best starting point to leave Google (see section 05 for the rest of the suite).

Install & use
  1. Create an account at proton.me (the free tier is enough to start).

  2. Import your old messages and contacts with Easy Switch (built in).

  3. Set up forwarding from Gmail and tell your contacts your new address.
  4. Install the mobile app, turn on two-factor auth, and use Proton Bridge if you want Thunderbird.

What it's for

A German email service, fully open-source and free of any Google service.

Why it matters

It also encrypts the subject line and some metadata, with post-quantum-resistant encryption. EU jurisdiction.

For whom & when

Those who want maximum encrypted metadata and fully free software. It doesn’t use PGP: to write encrypted to outsiders, you password-protect the message.

Install & use
  1. Create an account at tuta.com and install the app (available on F-Droid).

  2. To write encrypted to a non-user: click the lock and set a password, shared with your correspondent through another channel.

  3. Turn on two-factor authentication.

What it's for

Two ethical, low-cost European email providers, with server-side PGP support.

Why it matters

Privacy- and eco-conscious, built on open standards (IMAP, PGP). They work with any mail client.

For whom & when

Those who want a “classic” mailbox (read in Thunderbird) but ethical, rather than a closed encrypted app.

Install & use
  1. Create an account (paid, roughly €1 to €3 per month).
  2. Enable server-side PGP encryption (the “Guard” feature at mailbox.org).
  3. Set the account up in Thunderbird or the mobile app of your choice.

PGP in one minute

PGP (Pretty Good Privacy) is key-based encryption: you have a public key you hand out, and a private key you keep secret. Anyone with your public key can send you a message that only you can decrypt. It’s the basis of provider-independent encrypted email. Proton Mail handles it automatically; for manual use, OpenPGP works via Thunderbird (built in since v78).

PART 05 · NETWORK · DNS · 🟡

Encrypted DNS & Cloudflare

DNS is the directory that turns a site name (example.com) into a machine address. The catch: by default your internet provider runs that directory, so it sees every site you visit, even when the page is HTTPS. Encrypting your DNS takes that list back from your ISP. It’s a quiet setting but one of the most effective.

What it's for

An encrypted, Swiss, non-profit DNS resolver that also blocks known malicious domains.

Why it matters

Swiss jurisdiction, no retention of your IP address, protection against phishing and malware. An excellent “set and forget” choice.

For whom & when

Everyone, especially those who want simplicity and a good jurisdiction.

Install & use
  1. On Android: Settings > Network > Private DNS > enter dns.quad9.net.

  2. On iPhone/Mac: install the DoH profile from quad9.net. On PC: set DNS-over-HTTPS in the browser or the system.

What it's for

Two encrypted resolvers that also block ads and trackers for the whole device.

Why it matters

Mullvad DNS (Sweden, no-log) is free and offers blocklists. NextDNS is highly customisable, with a dashboard and per-device profiles, but it’s US-based and logs by default (turn it off in settings).

For whom & when

Those who want system-wide ad-blocking without installing a per-browser extension.

Install & use
  1. Mullvad DNS: use the address shown at mullvad.net/help/dns as your private DNS (same method as Quad9).

  2. NextDNS: create a profile at nextdns.io, disable logging, then apply the config to your devices.

What it's for

Cloudflare’s 1.1.1.1 encrypted DNS and WARP app: fast, free, and a real upgrade over your ISP’s resolver.

Why it matters

It’s useful, with an audited no-logging pledge. But be clear-eyed: Cloudflare already sits in front of a huge share of the web (as a technical middleman, it can see plaintext traffic to those sites). Routing your DNS there too means concentrating even more of your footprint with one US company under US law.

For whom & when

Fine for everyday use and malware-blocking (1.1.1.1 for Families). Avoid or diversify for sensitive use: prefer Quad9 or Mullvad DNS instead.

What it's for

An ad and tracker blocker that protects your whole network at once, installed on a small computer like a Raspberry Pi.

Why it matters

Where uBlock Origin protects one browser, Pi-hole filters every device in the home, including those where you can’t install an extension: phones, smart TVs, connected objects. Ads and trackers are blocked at the DNS level, before they even load. AdGuard Home is an alternative with a more modern interface.

For whom & when

Households that want to clean up all their devices at once, and who have (or want) a Raspberry Pi or small server.

Install & use
  1. On a Raspberry Pi (or a container), run Pi-hole’s official installer.
  2. In your router’s settings, set the Pi-hole’s address as the DNS server.
  3. From now on, every device on your network is filtered automatically.

PART 06 · 🟢

VPN: the truth

A VPN is useful, but sold with a lot of lies. Here’s what it actually protects.

What a VPN does NOT do

A VPN does not protect you from Chat Control’s client-side scanning: that reads your messages on your device, before encryption and therefore before the VPN. It’s also not an invisibility cloak: your OS and apps see more than your VPN provider does.

What a VPN does well

It hides your activity from your ISP and masks your IP address (and thus location) from the sites you visit. Useful against network surveillance, geolocation and censorship. One piece of the puzzle, not the solution.

What it's for

A VPN that masks your IP address and encrypts your traffic up to its servers, without ever asking for a single piece of personal information.

Why it matters

It’s the privacy gold standard. No email, no name: at signup you’re given a plain account number. Audited no-log policy, a single honest price (€5 per month, no tiers, no false promises), and payment in cash or Monero. That’s exactly what matters the day a state tries to cut off VPN access: an account that can’t be tied to your identity, and a payment banks can’t block.

For whom & when

Everyone, from the citizen bypassing an ID check to the high-risk profile. It’s the VPN to recommend first.

Install & use
  1. Go to mullvad.net. If the site is blocked in your country, open it through the Tor Browser or its .onion address. Click “Generate account number”: no email or name is asked. Save this number in your password manager and never share it, it’s your only access key.

  2. Choose the duration and payment method. The price is flat. Three routes: bank card (simplest if not blocked), cash sent by post, or cryptocurrency.

  3. Anonymous crypto payment: click “Create a one-time payment address.” Mullvad shows an address (Bitcoin or Monero) and an exact amount. Send that amount from your wallet. For maximum anonymity, prefer Monero (private by default); Bitcoin is simpler but traceable. See section 09 to buy crypto. Allow about 30 minutes for confirmation.

  4. Download the app from mullvad.net/download (via Tor if the site is filtered) and install it. On mobile, use the App Store, Google Play, or the official APK if the app was pulled from your store.

  5. Launch the app, enter your account number, then connect to a server outside your country, ideally outside the EU (Switzerland, US…). Enable the “kill switch” (which cuts the internet if the VPN drops) and Mullvad’s DNS.

What it's for

The VPN from the Proton ecosystem, with a genuine free tier (rare and honest).

Why it matters

Swiss-based, audited, open-source. Its free tier has no ads, no data resale and no data cap (only the number of countries is limited). It’s the ideal on-ramp for a beginner, especially if you already use Proton Mail.

For whom & when

Beginners, and anyone already in the Proton ecosystem who wants a single account for everything.

Install & use
  1. Go to protonvpn.com and sign in with your Proton account (or create one).

  2. Install the app (Windows, macOS, Linux, Android, iOS).
  3. Use “Quick Connect” or pick a country, then enable the kill switch and NetShield (ad and tracker blocking).

What it's for

A small, especially rigorous and transparent VPN provider, on the same model as Mullvad.

Why it matters

Audited no-log policy, no mandatory email, payment in crypto or cash. It even offers anti-tracking options (network-level tracker blocking) and signup with no identifier at all.

For whom & when

A solid alternative to Mullvad, for pseudonymous and high-risk profiles who want to diversify.

Install & use
  1. At ivpn.net, generate an account (an ID is created for you, no email).

  2. Pay in crypto or cash, as with Mullvad.
  3. Install the app, connect outside the EU, enable the kill switch and the WireGuard protocol.

What it's for

A private encrypted network linking your devices to your server, without ever exposing it on the public internet.

Why it matters

Instead of opening ports (and getting attacked), Tailscale builds a WireGuard tunnel between your authorised devices only: your server has no public attack surface. Headscale is the self-hosted version, so you depend on no third party. WireGuard alone gives full control, at the cost of manual setup.

For whom & when

Every self-hoster. It’s the safe way to reach your Nextcloud or photos from outside.

Install & use
  1. Install Tailscale on your server and on your phone/PC, connect them to the same account.

  2. Your devices instantly see each other on a private network; reach your server at its Tailscale address.

  3. For zero dependency, replace the coordination server with self-hosted Headscale.

PART 07 · CENSURE · DIGITAL IDENTITY · 🟡

Censorship & identity checks

The same pretext (“protect minors”) is used to force identity checks to access the internet. It’s the planned end of online anonymity, and therefore a form of censorship. Here’s the state of play, then how to escape it lawfully.

Where we stand (2025-2026)

  • France. The SREN law (May 2024) tasks regulator Arcom with age verification; since April 2025, covered sites must implement it. A decree imposing age checks was upheld by the Conseil d’État on 15 July 2025, and a bill banning under-15s from social media passed the Assemblée on 26 January 2026, which means verifying the age, and thus the identity, of everyone.
  • UK. Since 25 July 2025, the Online Safety Act requires “highly effective” age verification (ID, credit card, facial estimation). The immediate result: VPN signups jumped over 1,400% within hours. The House of Lords even debated, in early 2026, an age limit on VPN use itself.
  • EU. The Commission unveiled an age-verification app (April 2025), piloted in five countries, designed to plug into the European digital identity wallet (EUDI Wallet, eIDAS 2) that every state must offer by end of 2026. EFF and EDRi warn: the “zero-knowledge” proof is only optional, and this builds an online-ID infrastructure far beyond child protection.

Escaping it lawfully

The counter comes down to one idea: take an IP address in a country that doesn’t impose these checks, and obtain the tools anonymously, even if they get blocked one day.

  • An offshore VPN. Connect to a server outside the filtering country (ideally outside the EU and the “14 Eyes”), with an audited no-log policy. This restores access to networks demanding an ID.
  • Anonymous payment. Pay for the VPN in crypto or cash (Mullvad, IVPN, Proton accept it). Crucial: if VPNs ever get “banned,” payment processors could refuse cards; cash and crypto would be the only options left.
  • Tor to fetch a blocked VPN. If the provider’s site becomes unreachable from your country, use the Tor Browser (or a .onion address) to download the client. Once installed, the VPN is far faster for daily use.
  • Switch your store country. An Apple/Google account set to another country brings back apps pulled from your local store.

The law is shifting, check

Bypassing a geo-restriction is legal in most European countries, but the ground shifts fast: Utah (US) has criminalised VPN circumvention, and the UK Lords are eyeing VPN limits. Check your country’s law before relying on any method. This guide is about protecting privacy, not hiding a crime.

PART 08 · TAKE BACK CONTROL · 🟡

Leave Google

Google is a single account that knows your email, calendar, files, movements and searches. Replace the whole suite.

GoogleProtonOthers
GmailProton MailTuta, mailbox.org
Google DriveProton DriveNextcloud, Cryptomator
Google CalendarProton CalendarTuta Calendar
Google PasswordProton PassBitwarden, KeePassXC
Google One VPNProton VPNMullvad, IVPN

The appeal of Proton (Swiss, non-profit foundation, open-source): one account replaces all of Google, with end-to-end encryption and a jurisdiction outside “Five Eyes”. You can migrate gradually, service by service. If you’d rather not recentralise on one provider, every row has an independent alternative.

PART 09 · 🟡

Encrypted storage

What it's for

An end-to-end encrypted cloud for your files and photos, part of Proton.

Why it matters

Unlike Google Drive or iCloud, Proton can’t read your files: they’re encrypted before leaving your device. Swiss jurisdiction, same account as Proton Mail.

For whom & when

Everyone, as a simple, direct replacement for Google’s or Apple’s cloud.

Install & use
  1. Enable Proton Drive in your Proton account and install the app.
  2. Turn on automatic photo backup, then disable Google’s/Apple’s.

What it's for

A vault that encrypts your files before uploading them to any cloud, even Google Drive or Dropbox.

Why it matters

The perfect trick if you must keep an existing cloud: you keep the convenient service, but the provider only sees encrypted gibberish. You alone hold the key.

For whom & when

Those who can’t leave a mainstream cloud yet, but want to protect their files right now.

Install & use
  1. Install Cryptomator (desktop and mobile) from cryptomator.org.
  2. Create a “vault” in your cloud’s synced folder, choose a strong password.
  3. Put your files in the vault: they’re encrypted then synced automatically.

What it's for

Your own cloud (files, calendar, contacts, notes) hosted on your server.

Why it matters

The ultimate degree of control: your data never leaves your hardware. Detailed in section 10 (Self-hosting).

For whom & when Self-hosters. See the full card in section 10.

PART 10 · 🟡

Password manager

One strong, unique password per service: the foundation of everything that follows. Drop the notebook, drop the reused password.

What it's for

A password vault that remembers, generates and fills your passwords for you, across all your devices.

Why it matters

Free, audited, cross-platform, and end-to-end encrypted. You only need to remember one strong password. It’s even self-hostable (via Vaultwarden) so you depend on no one.

For whom & when

Everyone. It’s the foundation of all security: one strong, unique password per service.

Install & use
  1. Create an account at bitwarden.com and choose a long master password (a phrase). Never forget it: it can’t be recovered.

  2. Install the browser extension and the mobile app.
  3. As you log in, let Bitwarden save and then replace your old passwords with generated ones.

What it's for

A local vault: an encrypted file only you hold, with no cloud and no account.

Why it matters

Nothing leaves your device, unless you choose to sync the file yourself (for example via Cryptomator). It’s the purist’s choice, with no middleman at all.

For whom & when

Advanced profiles who want full control and zero online dependency.

Install & use
  1. Install KeePassXC (desktop) and a compatible mobile app (KeePassDX on Android, Strongbox on iOS).

  2. Create a database file protected by a master password.
  3. To have it on all devices, sync that file through an encrypted cloud.

What it's for

The password manager of the Proton ecosystem, with built-in disposable email aliases.

Why it matters

Ideal if you’re already on Proton: one account for mail, cloud and passwords. Its email aliases save you from giving your real address everywhere.

For whom & when Those who want everything in one place with Proton.

PART 11 · SECURITY · 2FA · 🟡

Two-factor auth & hardware keys

A password, even a strong one, can leak. Two-factor authentication (2FA) adds a second proof at login: even if your password is stolen, the account stays locked. It’s essential on your sensitive accounts (email, password manager, social).

Avoid SMS 2FA

A code sent by SMS is the weak link: it’s vulnerable to “SIM-swap” (an attacker gets your number transferred) and to interception over the phone network (SS7). Studies estimate most SIM-swap attempts succeed. Use SMS only as a last resort, never as your main protection.

What it's for

A small physical key (USB, often with NFC) that proves your identity with a single touch.

Why it matters

It’s the strongest 2FA: it resists phishing, because the key checks the site’s real address before responding. Nitrokey is the fully open-hardware, open-firmware alternative. A fake site can’t trick you.

For whom & when

Those who want maximum security on key accounts. Buy two (one main, one backup).

Install & use
  1. Get two keys from yubico.com or nitrokey.com.
  2. In each account’s security settings (email, password manager…), add a “security key” or “passkey.” Enrol both keys.

  3. Keep the backup key in a safe, separate place.

What it's for

Apps that generate the six-digit codes changing every 30 seconds, replacing Google Authenticator.

Why it matters

Aegis (Android) keeps your codes in a local encrypted vault, no cloud. Ente Auth adds end-to-end encrypted sync across devices, and has been audited. Far safer than SMS, and free.

For whom & when

Everyone: it’s the default 2FA level to adopt, ahead of hardware keys.

Install & use
  1. Install Aegis (F-Droid) or Ente Auth (all platforms).
  2. On each account, enable “authenticator app” 2FA and scan the QR code shown.
  3. Write down the backup codes on paper and make an encrypted backup of your vault.

PART 13 · 🟡

Financial sovereignty

Money is surveilled and censorable too. Activists’ accounts have been frozen, donations blocked, and every card payment is tracked. Financial privacy is part of sovereignty.

What it's for A digital money you hold yourself, without going through a bank.

Why it matters

In self-custody (your keys in a wallet only you control), no one can freeze or block your funds. Its privacy isn’t perfect (the ledger is public), but it escapes banking censorship, useful the day a payment is refused.

For whom & when

Guarding against account freezes or de-banking, and paying anonymously for a service like a VPN.

Install & use
  1. Get some bitcoin (an exchange, or peer-to-peer).
  2. Move them right away to a wallet you control: a hardware wallet (Trezor, ColdCard) or an open-source app. Don’t leave them on the exchange.

  3. Back up your recovery phrase on paper, never as a photo or online.

What it's for

The privacy cryptocurrency: amounts, sender and recipient are hidden by default.

Why it matters

It’s the exact opposite of Bitcoin here: transactions are private by design. It’s the best way to pay for a service without leaving a trail back to you.

For whom & when

Those who want maximum financial privacy. Note: Monero is already delisted from several European exchanges, so you often need a decentralised swap.

Install & use
  1. Install a wallet (the official one at getmonero.org, or Cake Wallet on mobile).
  2. Get XMR through a decentralised exchange service (for example a “swap” from another crypto).

  3. Back up your recovery phrase on paper.

Legality & caution

Financial privacy is legal. Don’t confuse it with tax evasion: declare what must be declared. Cryptocurrencies are volatile and scams are common; never risk what you can’t lose, and learn before you act.

PART 14 · BLIND SPOT · THE AI MADNESS · 🟡

Conversational AI

While we fight to encrypt our messages, hundreds of millions of people pour their most intimate thoughts into ChatGPT, Gemini or Copilot, on US servers. This is the blind spot of the whole story. Sheer madness.

What you type into a cloud AI is a written, timestamped, stored confession. Worse than a message: you spill your anxieties, your health, your finances, your work secrets, often more honestly than to a friend. And unlike an encrypted messenger, it’s all readable in plaintext on the server.

What the facts say (2025-2026)

Consumer tiers train on your data by default. In January 2026, a US judge ordered OpenAI to produce 20 million ChatGPT conversations as evidence: the affected users were neither notified nor consulted. Deleting a chat does not guarantee it’s gone. And in one leak, 47,000 exposed conversations held emails, phone numbers and re-identifiable intimate details.

The counter: local AI

What it's for Software to run an AI model directly on your own computer.

Why it matters

Your questions never leave the device: no server, no account, no telemetry, and it works offline. Quality depends on your hardware, but nothing leaks. Ollama and LM Studio are the easiest; Jan and GPT4All aim for maximum privacy.

For whom & when

Anyone who uses AI for even slightly personal topics and doesn’t want to hand them to a US server.

Install & use
  1. For a gentle start, install LM Studio or Jan (a graphical interface, like a normal app).

  2. Download a model offered in the app (for example Llama or Mistral), matched to your machine’s power.

  3. Chat away: everything happens locally. Ollama is the command-line version for the more technical.

What it's for An app that runs AI models directly on your phone, fully offline.

Why it matters

Your prompts never leave the phone: no account, no cloud, no telemetry, and it works in airplane mode. Open source (MIT), it downloads GGUF models (Gemma, Qwen, Phi, Llama) from Hugging Face and runs them on your device’s CPU, GPU or NPU. The mobile counterpart to Ollama and LM Studio.

For whom & when

Anyone who reaches for ChatGPT on their phone for personal questions and doesn’t want to hand them to a US server.

Install & use
  1. Install PocketPal from the App Store or Google Play (or build it from source).

  2. Open Models, pick one that fits your phone, and download it.

  3. Load it and chat: everything runs offline, on the device.

What it's for

Cloud AI access, but built for privacy, when a local AI isn’t possible.

Why it matters

Duck.ai (DuckDuckGo) gives anonymised access to several models. Lumo (Proton) encrypts exchanges and doesn’t train on them. Far better than consumer ChatGPT, but it’s still a remote server.

For whom & when

Those who want cloud convenience without feeding the giants. Keep non-sensitive topics there.

The simple rule

Never paste into a cloud AI what you wouldn’t tell a stranger who’s recording: identity, health, passwords, work secrets, confessions. For anything sensitive, use a local AI.

PART 15 · REPLACE THE REST · 🟡

Google and Apple are not just email: maps, notes, calendar, photos, video calls, everything is tied to your identity. Here’s how to replace each brick, one at a time, without losing convenience.

What it's for

Map and navigation apps, built on OpenStreetMap, that work offline.

Why it matters

Google Maps logs every trip and builds a chillingly precise location history. Organic Maps tracks nothing and shows no ads; OsmAnd targets power users (hiking, contour lines, detailed navigation).

For whom & when

Everyone. Live traffic and transit are less complete than Google’s, but everyday navigation is excellent.

Install & use
  1. Install from F-Droid, the App Store or Google Play.
  2. Download the maps of the regions you need in advance for offline use.

What it's for

End-to-end encrypted notes and documents, to replace Google Docs, Notion or Evernote.

Why it matters

Standard Notes (by Proton) encrypts your notes by default. Joplin handles Markdown notebooks with optional encryption and the sync of your choice. CryptPad (French) offers a real-time, fully encrypted Google Docs equivalent.

For whom & when Everyone for notes; CryptPad for multi-person collaboration.

Install & use
  1. Standard Notes / Joplin: create an account, install the app, and enable encryption (on by default in Standard Notes, to switch on in Joplin).

  2. CryptPad: use cryptpad.fr or another instance, no account needed to start.

What it's for

Video-conferencing tools with no account or heavy install, to replace Zoom, Google Meet or Teams.

Why it matters

Jitsi Meet runs in the browser, no account, and can be self-hosted (it’s also the basis of Brave Talk). Element Call is end-to-end encrypted and federated via Matrix. For a simple, fully encrypted call, Signal calls also do the job.

For whom & when

Everyone. On a public Jitsi server, multi-party calls are transport-encrypted; end-to-end encryption is optional.

Install & use
  1. Jitsi: go to meet.jit.si, create a room name, share the link. Nothing to install.
  2. Element Call: from the Element (Matrix) app, start a call in a room.

What it's for

Two ways to keep your photos without handing them to Google or Apple.

Why it matters

Ente is a managed, end-to-end encrypted service, with on-device recognition and search: simple and safe. Immich is a Google Photos clone you host yourself (face and object search included), for those comfortable running a server.

For whom & when

Ente for everyone; Immich for self-hosters. Note: Immich is not end-to-end encrypted, its security depends on your server.

Install & use
  1. Ente: install the app, create an account, turn on automatic backup of your camera roll.
  2. Immich: deploy it on your server (see section 10) via Docker, then connect the mobile app.

What it's for

Disposable email aliases: a unique address per site, forwarding to your real inbox without ever revealing it.

Why it matters

You stop giving out your real address everywhere. If a site is breached or spams you, you cut that one alias, and you instantly know who leaked your data. SimpleLogin is integrated with Proton; addy.io offers unlimited aliases on the free tier.

For whom & when

Everyone, and especially pseudonymous accounts that want to compartmentalise their signups.

Install & use
  1. Create an account, install the browser extension.
  2. At each signup, generate a new alias instead of typing your real address.

What it's for

A way to back up your phone and computer, encrypting the data before it leaves for any cloud.

Why it matters

iCloud/Google backups are often accessible to the provider, and thus to courts. Cryptomator encrypts your files before sending them to any cloud; restic makes automatic encrypted backups; Proton Drive is end-to-end encrypted. On iPhone, enable “Advanced Data Protection” to encrypt your iCloud backups.

For whom & when

Everyone should encrypt their backups. Golden rule: two encrypted copies, on two media, in two places.

Install & use
  1. iPhone: Settings > your name > iCloud > Advanced Data Protection: turn it on.
  2. PC: install Cryptomator, create a vault, put your files in it before syncing to the cloud.

What it's for

Getting your personal information removed from the “data brokers” that collect and resell it.

Why it matters

In Europe, the GDPR (Article 17) gives you a right to erasure: you can demand, for free, that a company delete your data, in principle within a month. Services like Incogni automate these requests at scale, for a fee.

For whom & when

Those who want to reduce their exposure. Note: data reappears over time, and this doesn’t touch public records or social media. Doing it yourself is free but tedious.

Install & use
  1. For a manual request: write to the broker citing GDPR Article 17 and ask for deletion.
  2. To automate: subscribe to a removal service and let it send the requests on your behalf.

PART 16 · ADVANCED SELF-DEFENCE · 🔴

Self-hosting

The ultimate level of sovereignty: host your services yourself. Your data lives on your hardware, under the jurisdiction you choose.

What it's for

Systems that turn an old PC or a Raspberry Pi into a personal server, with an app catalogue you install in a few clicks.

Why it matters

Self-hosting sounds scary, but these tools do the heavy lifting. YunoHost even runs your own email and single sign-on. Umbrel offers a 300+ app store, popular with privacy and Bitcoin folks. Start9 encrypts backups and gives every service a Tor address by default.

For whom & when

Advanced profiles ready to spend an afternoon building their own cloud. It’s the most radical structural counter to Chat Control.

Install & use
  1. Get an old computer, a Raspberry Pi, or rent a small server (VPS) in a protective country.

  2. Install YunoHost, Umbrel or Start9 following their official guide.
  3. From the catalogue, install Nextcloud, a Matrix server, a photo gallery, etc.
  4. Reach it privately with Tailscale (VPN section) rather than exposing the server to the public.

What it's for

Your own cloud: files, calendar, contacts, photos, notes and collaborative documents, on your server.

Why it matters

It’s the full replacement for Google Drive, Calendar and Contacts, but at home. You choose the jurisdiction and no one else controls your files. Note: it’s “your server” privacy, not end-to-end encryption by default; you must keep it updated.

For whom & when

Self-hosters. The easiest path is to install it via YunoHost or Umbrel.

What it's for

Your own Matrix chat server, powering Element and encrypted calls.

Why it matters

By hosting the server, you also control the metadata (who talks to whom, when), Matrix’s weak point in federation. It’s community chat that you alone own.

For whom & when

Communities, collectives, newsrooms that want their own independent federated space.

What it's for

A site of your own, on your own domain name, where your content depends on no platform.

Why it matters

The day a network deletes or suspends your account, all your work vanishes. A personal site is your anchor: your posts stay there, archived and up to date, whatever happens. It’s exactly what cautious information accounts do. A static site (built with Hugo, Astro or Jekyll) is enough and publishes almost for free; for a dynamic blog, a self-hosted WordPress or Ghost does the job.

For whom & when

Information accounts, creators, activists, anyone who publishes and fears platform censorship.

Install & use
  1. Buy a domain name (ideally from a privacy-respecting registrar).
  2. Choose a static-site generator (Astro, Hugo) and host the output, or install WordPress/Ghost on your server.

  3. Always point to it from your social accounts: your audience finds you even if one account falls.

The jurisdiction point

Self-hosting also means choosing where your data lives. A server at home or in a protective country escapes the scanning duties imposed on big platforms. It’s the most radical structural counter to Chat Control.

PART 17 · 🔴

Tor

The network that separates who you are from what you do online.

What it's for

A network that separates who you are from what you do online, accessible via the Tor Browser.

Why it matters

Your traffic bounces through several encrypted relays worldwide: none knows both your identity and your destination. It’s the tool of journalists and sources, and the way to reach a blocked site (for example to download a censored VPN).

For whom & when

High-risk profiles, and anyone who must decouple their activity from their real IP. Use it occasionally, not as an everyday browser.

Install & use
  1. Download the Tor Browser from torproject.org (Windows, macOS, Linux, Android).

  2. Launch it and click “Connect.” If Tor is blocked in your country, enable a “bridge.”
  3. Browse without maximising the window, without installing extensions, and without logging into your real accounts.

Limits, not magic

Tor protects transport, not your habits: log into your real account and you deanonymise yourself. It’s slower, and the exit node sees unencrypted traffic (use HTTPS). For serious anonymity, pair it with Tails (section 12).

PART 18 · 🔴

Free operating systems

The keystone. If client-side scanning can be imposed by the operating system itself, the only real counter is to control that OS. That’s true on the phone (GrapheneOS) and on the computer (Linux). Don’t underestimate this: as long as you stay on Windows, macOS or a Google Android, you don’t truly control your machine.

What it's for

A fully de-Googled Android, installed on a Pixel phone: mobile sovereignty.

Why it matters

It’s the structural defence par excellence against an OS or app store that would scan you. Google services in an optional sandbox, per-app network permissions, isolated profiles, auto-reboot that purges keys from memory, a duress PIN that wipes the phone. So respected for security that it’s used by spyware targets.

For whom & when

Exposed profiles, but also any citizen willing to buy a Pixel to take back control of their phone.

Install & use
  1. Get a compatible Google Pixel phone (it’s the only supported hardware, for security reasons).

  2. On a computer, go to grapheneos.org/install and follow the web installer (a few clicks, no terminal needed).

  3. For your apps, install the free F-Droid store; add sandboxed Google Play only if needed.

  4. Set a long passphrase (not a 4-digit PIN) and learn the “Lockdown” mode.

What it's for

A free operating system for your computer, replacing Windows or macOS. It comes in many flavours, called “distributions.”

Why it matters

It’s many people’s blind spot: they encrypt their messages but keep a Windows that streams telemetry to Microsoft nonstop (whose “Recall” feature tried to screenshot the screen continuously), or a macOS that reports the apps you launch. Linux doesn’t spy on you, it’s free, it revives old computers, and it finally makes you master of your machine. It’s easier than its reputation: modern distributions look like Windows or macOS.

For whom & when

Anyone can make the switch. To start, Linux Mint (closest to Windows) or Fedora; Debian for stability. No need to wipe anything: you can test first, then install alongside your current system.

Install & use
  1. Not sure which distribution? Answer the distrochooser.de/fr quiz, which points you to the right one for your needs.

  2. Try it without installing anything, right in your browser, at distrosea.com.

  3. Once convinced, download the distribution’s image and create a bootable USB (with Ventoy or Balena Etcher).

  4. Boot from the USB to try the system “live,” then run the install. Enable the disk encryption it offers.

What it's for

A system that boots from a USB stick, routes all traffic through Tor and leaves no trace when shut down.

Why it matters

On shutdown, everything is forgotten: it’s “amnesic.” Ideal for sensitive, one-off work on a computer that isn’t yours, leaving nothing behind.

For whom & when

Whistleblowers, journalists, sources. The reference tool for high-risk work.

Install & use
  1. Download Tails from tails.net and follow the wizard to create the USB stick.

  2. Reboot the computer from that USB. Use it, then shut down: everything vanishes.

What it's for

Two niche systems: Qubes compartmentalises your PC into sealed virtual machines; postmarketOS runs Linux on old phones.

Why it matters

Qubes isolates each activity (work, banking, risky browsing) in its own compartment: a compromise doesn’t reach the rest. postmarketOS extends the life of phones abandoned by their maker.

For whom & when Expert users with a very high threat model.

Harden your device

Even without switching OS, you gain a lot: install apps via F-Droid (free store) or Aurora Store, replace Google services with microG, create separate profiles, cut needless network permissions, disable automatic cloud backup and the advertising ID.

PART 19 · HARDWARE · 🔴

Telephony & physical device

The best app is useless if the device itself betrays you. Here are the hardware threats and the moves that neutralise them.

The phone number is a tracker

Your number ties together your SIM card, your device (its IMEI identifier), your location and your identity (most countries require ID to buy a SIM). It’s the thread that lets everything be cross-referenced.

  • Use number-free messengers (SimpleX, Session) for sensitive contacts, and always prefer Signal over SMS.
  • For a separate identity, a “data-only” SIM or prepaid eSIM limits the link at the point of sale (check your country’s rules).

IMSI-catchers & the phone network

“IMSI-catchers” (or “stingrays”) are fake cell towers that force phones to connect so they can log their identifier and sometimes intercept communications, often by downgrading to weakly encrypted 2G. In parallel, an old network flaw (SS7) still allows SMS interception and remote phone location: one more reason to drop SMS.

  • Disable 2G in settings (possible on Android and GrapheneOS) to cut the main interception vector.
  • At a protest or in a sensitive area, switch to airplane mode or slip the phone into a Faraday bag (which blocks all signal). The EFF even publishes a free tool, Rayhunter, to detect IMSI-catchers.

Biometrics or passcode?

A finger can be forced, a passcode can’t

Your face or finger can be applied to the sensor while you’re restrained (at a border, during an arrest); a password in your head cannot. Before a risky situation, force a return to the passcode: on iPhone, hold the side button and a volume button (the “SOS” screen); on Android/GrapheneOS, use Lockdown in the power menu, which disables biometrics until the PIN is entered. Choose a long passphrase, not a four-digit PIN. GrapheneOS even offers a duress PIN that wipes the phone.

De-Microsoft, de-Apple

Don’t forget the computer: Windows streams telemetry nonstop (and its “Recall” feature tried to screenshot the screen continuously), macOS reports the apps you launch. The real exit is Linux (see section 12). Short of that, disable telemetry, the advertising ID and “Recall,” and add an outbound firewall (like Little Snitch on Mac).

PART 20 · 🔴

Anonymity & OPSEC

For the pseudonymous account and the whistleblower. Here you no longer protect just a message: you protect an identity.

Pseudonymity vs anonymity

The golden rule: never cross your real identity with your public one. Not the same email, number, device, network, posting hours or writing style. A single leak links the two.

  • Identity-less accounts : SimpleX and Session need no number; pair them with disposable email aliases. Beware resold, traceable “virtual numbers”.
  • Clean metadata : a posted photo often carries the date, device model and sometimes GPS coordinates (EXIF data). Strip it with Metadata Cleaner, mat2 or ExifTool before posting; watch file names and document metadata too.
  • Network anti-correlation : use Tor/Tails to decouple your activity from your home IP. Never mix your personal and pseudonymous networks. A SIM in your name betrays your location no matter what else you do.
  • Compartmentalisation : a device, or at least a profile, dedicated to the public identity, a separate password manager, and never a cross-login between the two worlds.

Passing documents as a source

SecureDrop is the anonymous submission system many newsrooms use to receive documents from sources. Many outlets also publish a PGP key and a Signal contact. Never submit from your work hardware or usual network.

Honesty, don’t overestimate yourself

Strong anonymity against a state adversary is hard and fallible. This guide gives bearings, not guarantees. If lives depend on it, train with the authoritative references: EFF Surveillance Self-Defense, Freedom of the Press Foundation, Privacy Guides. Strictly defensive and journalistic context.

PART 21 · GOING FURTHER

The full free ecosystem

Fully de-Googling means replacing each brick with a free equivalent. The common logic (free software + control of your device + self-hosting) is the real counter to client-side scanning.

Office

  • LibreOffice
  • OnlyOffice

Media

  • VLC
  • Jellyfin
  • FreeTube / NewPipe
  • Audacity · OBS
  • GIMP · Inkscape
  • Calibre · Shotcut

Cloud & network

  • Nextcloud
  • Pi-hole
  • KDE Connect

Free mobile

  • F-Droid · Aurora
  • microG
  • postmarketOS

Security

  • Bitwarden
  • KeePassXC
  • Wireshark

Email & desktop

  • Thunderbird
  • FairEmail

Dev & advanced

  • Termux · git
  • QEMU / KVM · Wine
  • Flatpak · GNU/Linux

PART 22 · TAKE ACTION

Migration & digital civil disobedience

A step-by-step plan

  1. Week 1 🟢 : Install Signal and bring your close ones over. Move to Proton Mail or Tuta. Set up a password manager and uBlock Origin.
  2. Week 2 🟡 : Move files to an encrypted cloud, replace Chrome/Google Search, get a VPN, open a Mastodon account.
  3. Then 🔴 : Depending on your profile: GrapheneOS, Tor/Tails, self-hosting, OPSEC discipline.

Common mistakes

Believing one tool is enough; reusing your real number for an anonymous account; installing ten apps without changing habits; forgetting the weak link is often the device itself.

PART 23 · THE RECEIPTS

Thirty years of precedents

Every generation is told the surveillance is new, limited and temporary. Dated and sourced: the same script since 1993. Click a date to cite an entry.

  1. the promise

    The Clipper Chip

    The NSA pushes an encryption chip with a government-held key escrow, "for law enforcement, under warrant only". Flaws demonstrated (Blaze, 1994), massive rejection: abandoned by 1996. The first crypto war, same script as today.

    EPIC · Clipper Chip →

  2. revealed

    ECHELON confirmed by the European Parliament

    Six days before 9/11, the European Parliament adopts in plenary (367–159–39) the report of its temporary committee (approved in committee on 3 July) confirming the existence of a global network intercepting private and commercial communications (US, UK, Canada, Australia, New Zealand).

    European Parliament · A5-0264/2001 →

  3. the creep

    23 days after 9/11

    A secret presidential order starts the NSA’s warrantless domestic spying. The crisis creates the program; the program outlives the crisis. The Patriot Act follows on 26 October, also "temporary": its sunset clauses get renewed for 14 years.

    EFF · NSA Spying Timeline →

  4. revealed

    Room 641A

    AT&T technician Mark Klein hands EFF the documents describing the NSA’s secret room in the San Francisco switching hub: interception at the infrastructure level, on all traffic, not on suspects.

    EFF · Jewel v. NSA evidence →

  5. the creep

    EU Data Retention Directive

    The EU mandates retention of the whole population’s telecom metadata (6–24 months), "against serious crime". No one is a suspect, everyone is on file. Chat Control’s exact blueprint, twenty years earlier.

    Directive 2006/24/EC →

  6. revealed

    Snowden: "collect it all"

    The Guardian publishes the secret FISA order forcing Verizon to hand over all customers’ metadata, then PRISM. In March, intelligence director Clapper had sworn to Congress it wasn’t happening; days after the leak he calls that the "least untruthful" answer he could give.

    The Guardian · 5 June 2013 →

  7. struck down

    The CJEU strikes down blanket retention

    Digital Rights Ireland (joined cases C-293/12 and C-594/12): the 2006 directive is annulled outright: indiscriminate surveillance of the whole population violates the Charter of Fundamental Rights. A tiny volunteer NGO brought down an EU directive.

    CJEU · C-293/12 & C-594/12 →

  8. the creep

    The UK "Snooper’s Charter"

    The Investigatory Powers Act legalises bulk collection and state hacking, and forces ISPs to keep everyone’s browsing history. Three weeks later the CJEU (Tele2/Watson) repeats that blanket retention is unlawful; London keeps it anyway.

    legislation.gov.uk →

  9. the creep

    Australia vs mathematics

    The Assistance and Access Act lets the state secretly order a company to re-engineer its products ("technical capability notices"). Critics warn this weakens encryption in all but name, even though the Act nominally bans "systemic weaknesses". The PM had set the tone: "the laws of Australia prevail over the laws of mathematics".

    legislation.gov.au · C2018A00148 →

  10. revealed

    Crypto AG: the safe-maker kept the keys

    The Washington Post reveals (backed by the CIA’s own internal history) that the CIA and BND secretly owned Crypto AG, the Swiss encryption vendor of 120 governments, since 1970. In the 1980s, 40% of the diplomatic cables NSA decoded came through it. Moral: a "trusted" backdoor is a backdoor.

    Washington Post · Operation Rubicon →

  11. struck down

    La Quadrature du Net at the CJEU

    The Court upholds the ban on blanket retention against France and Belgium (joined cases C-511/18, C-512/18 and C-520/18), and against the UK the same day in Privacy International (C-623/17), while carving out "national security" windows. Twin lesson: lawsuits work, and every exception becomes the next rule. The Commission has never opened an infringement case against states that retain anyway.

    CJEU · C-511/18, C-512/18 & C-520/18 →

  12. the promise

    Chat Control 1.0, "temporary"

    Regulation 2021/1232 allows "voluntary" scanning of private messages, derogating from ePrivacy. Sunset on 3 August 2024, promised. Regulation 2024/1307 extends it to 3 April 2026, where it expires… then rises from the dead (see below).

    Regulation (EU) 2021/1232 →

  13. revealed

    The Pegasus Project

    80+ journalists across 17 newsrooms in 10 countries document the spying on journalists, lawyers, dissidents and heads of state via NSO’s spyware. Amnesty’s forensics (peer-reviewed by Citizen Lab) prove zero-click infections of fully patched iPhones: when the device is targeted, encryption is not enough. Exactly the client-side scanning logic.

    Amnesty · Forensic Methodology Report →

  14. struck down

    Apple announces on-device scanning… then walks it back

    Apple unveils on-device CSAM photo scanning for the iPhone. Researchers and NGOs revolt: it is the infrastructure of generalisable surveillance. December 2022: Apple abandons it, and will later invoke, in an August 2023 letter, a "slippery slope of unintended consequences". The very mechanism Chat Control 2.0 wants to mandate.

    WIRED · Apple kills CSAM scanning →

  15. the creep

    Chat Control 2.0: mandatory scanning

    The Commission proposes the CSAR regulation (COM/2022/209): "detection orders" that can force scanning on every platform, including end-to-end encrypted ones. 2021’s voluntary becomes 2022’s mandatory: scope creep in the literal sense.

    COM/2022/209 →

  16. the creep

    Online Safety Act: the "spy clause"

    The UK grants itself the power to order messengers to scan encrypted content (section 121). "Where technically feasible" is not in the Act: it was the minister’s concession, Lord Parkinson’s statement to the Lords (6 September 2023), after Signal and WhatsApp threatened to leave. The government admits it is not feasible, but keeps the power on the books.

    Online Safety Act 2023 · s.121 →

  17. the creep

    The "temporary" gets its first extension

    Regulation 2024/1307 pushes Chat Control 1.0’s sunset from 3 August 2024 to 3 April 2026. An emergency measure that renews itself is no longer an exception: it is a regime.

    Regulation (EU) 2024/1307 →

  18. the creep

    UK: show ID to use the internet

    The Online Safety Act switches on "highly effective" age verification (ID, credit card, face estimation) for large parts of the web. Proton measures hourly VPN signups jumping over 1,400%; the Lords are already debating limits on VPNs.

    Ofcom · age assurance →

  19. the creep

    The Council moves to delete the sunset clause

    The Council’s trilogue position (doc. 15318/25): simply delete the sunset clause of "voluntary" scanning, making it permanent. The Danish presidency draft contemplated mandatory client-side scanning. In February 2026 the EDPS answers the Commission’s December proposal to extend the derogation to 2028 (COM(2025) 797): substantial degradation of confidentiality, indiscriminate analysis disproportionate.

    EDPS · Opinion 7/2026 →

  20. struck down

    Parliament says no

    The European Parliament rejects extending voluntary scanning to 2028 (228 for, 311 against, 92 abstentions). Consequence: the legal basis expires on 3 April 2026. Citizen pressure and NGO work held the line. For three months.

    European Parliament · 26 March 2026 →

  21. revealed

    The law lapses, the scanning continues

    With the derogation lapsed, the giants that signed the 19 March joint appeal to entrench the regime (Google, Meta, Microsoft, Snap, TikTok) announce they will keep scanning messages, legal basis or not. The admission that "compliance" was scenery.

    The Record · Big Tech vows to keep scanning →

  22. the creep

    The Council resurrects the lapsed text

    Three months after the lapse, the Council adopts its position to reinstate voluntary scanning until 3 April 2028, sent to Parliament at second reading: the procedure where rejection needs an absolute majority (361 of 720), not a majority of votes cast.

    Council of the EU · 2 July 2026 →

  23. struck down

    Rejection fails, but E2EE is carved out

    Urgent procedure passed on 7 July (331/304/11), vote on the 9th: 314 MEPs vote to reject the Council’s position: a simple majority, short of the 361 required. But Parliament then adopts the amendments excluding end-to-end encrypted communications from the scanning regime (369 and 362 votes), and a last attempt to reject the amended position fails too (276/286/30). The amended text returns to the Council, which has about three months (until around 9 October 2026) to accept the amendments (voluntary scanning of non-E2EE services until 3 April 2028) or open conciliation. As of 10 July 2026, nothing is in force: the derogation that expired on 3 April was never revived (full roll calls).

    European Parliament · 9 July 2026 →

PART 24 · THE DRIFT, LIVE

Big Brother observatory

Chat Control is one front among five. What passed, what is on the table, what was pushed back, region by region, theme by theme.

Region

Theme

2024-03-13EUAI & biometricsin force

Prüm II: face search across every police force in Europe

Regulation 2024/982 adds facial images, including of suspects never convicted, to the automated exchange of police data between member states, through a central router. A pan-European biometric identification capability, adopted with no real national debate; EDRi calls it a risk of "state over-reach and mass surveillance".

Regulation (EU) 2024/982 · Prüm II →

2024-05-20EUIdentityin force

eIDAS 2.0: the identity wallet lands, browsers under state trust

Every member state must provide a European digital identity wallet (EUDI Wallet) by 24 December 2026; banks, telecoms, health services and very large platforms will have to accept it. The same wallet will prove your age, open the account, sign the payment: one gateway, hence one control point; the EDPS documents cross-use tracking risks. And Article 45 forces browsers to recognise state-designated web certificates: over 500 researchers warned (last-chance-for-eidas.org) this is the infrastructure of encrypted-traffic interception.

Commission · EUDI regulation →

2024-05-21EUMessagingIdentityproposed

The "Going Dark" plan: police access by design

The High-Level Group on "access to data", staffed almost entirely by law-enforcement representatives, adopts 42 recommendations on 21 May 2024: "lawful access by design" (police access built into products from the drawing board), harmonised metadata retention, a duty to identify every user, messengers included. In December 2024, 55 civil-society organisations, companies and associations sign an open letter calling the outcome a "mission failure": a blueprint for mass surveillance. It is the matrix of everything that follows.

Commission · HLG recommendations →

2024-12-17EUMediain force

Romania: election annulled, the DSA arbitrates the visible

On 6 December, Romania’s Constitutional Court annuls the first round of the presidential election, citing an undeclared coordinated campaign on TikTok; on 17 December the Commission opens formal DSA proceedings against the platform (recommender systems, political advertising), still ongoing in 2026. Whatever the outcome, the precedent stands: "who decides what is visible during an election" is now settled between platforms, the Commission and constitutional courts.

Commission · DSA proceedings v. TikTok →

2024-12-25WorldIdentityMediain force

Vietnam: verified identity or silence

Decree 147 forces platforms to verify every user’s identity (phone or ID number), store the data and hand it to the authorities; only verified accounts may post, comment or stream. The equation is stated plainly: no verified identity, no public speech.

The Guardian · Dec 2024 →

2025-02-21WorldMessagingin force

London demands a backdoor, Apple pulls its encryption

By secret order (a Technical Capability Notice under the Investigatory Powers Act), the Home Office demands access to encrypted iCloud data, with worldwide scope confirmed by case filings. Apple responds by withdrawing Advanced Data Protection (end-to-end encrypted iCloud) from all UK users rather than build the key. Under US pressure London "withdraws" the demand in the summer… then issues a fresh order in early September 2025, revealed on 1 October, rescoped to British users’ data. In mid-2026, UK users still live without E2EE on their backups.

EFF · Deeplinks · Oct 2025 →

2025-03-20FranceMessagingrejected

France: the Narcotrafic backdoor falls

Article 8 ter of the Narcotrafic law would have forced encrypted messengers to give intelligence services access to correspondence: the "ghost participant" mechanism. Deleted in committee, its reinstatement is rejected 119 votes to 24 by a cross-party coalition on the night of 20 March 2025, against the interior minister’s wishes. A national parliament can say no; the government has not given up: the access demand returns in cycles, here and then in Brussels.

La Quadrature du Net · March 2025 →

2025-04-01EUMessagingproposed

"ProtectEU": breaking encryption becomes official policy

The Commission’s internal security strategy (COM(2025) 148) announces a roadmap for "lawful and effective access to data" and a "Technology Roadmap" on encryption, plus a beefed-up Europol. Scattered police demands become a multi-year political programme of the Union: access to encrypted communications, in writing.

COM(2025) 148 · ProtectEU →

2025-04-18WorldAI & biometricsIdentityin force

ICE buys "ImmigrationOS" from Palantir

30 million dollars for a platform that cross-references federal databases and provides "near real-time visibility" on people slated for removal. Targeted surveillance of an entire population becomes an off-the-shelf software product, operated by a private company.

WIRED · April 2025 →

2025-05WorldMessagingIdentitysuspended

Even Switzerland: the ordinance that would drive Proton out

The revised surveillance ordinance (VÜPF) would extend user-identification and retention duties (6-month IP logs) to any service above 5,000 users. Proton’s CEO vows to leave the country if it passes ("we would be less confidential than Google") and freezes Swiss investment; Threema protests too. By early 2026 the project is stalled: near-unanimous opposition in consultation, parliament demands a rewrite. The historic haven of confidentiality tried, by mere ordinance, what the EU debates in Chat Control.

Statewatch · Feb 2026 →

2025-06-18WorldMediaIdentityin force

US visas: your social media set to public, or nothing

The State Department requires student-visa applicants to set their social profiles to public (cable of 18 June 2025), screening for any "hostility" toward the United States; the DS-160 form had already required five years of handles since 2019. Extended to H-1B on 15 December, then to 14+ visa categories in March 2026. Entry conditioned on ideological inspection of online speech: a worldwide incentive to self-censor.

US State Department · June 2025 →

2025-06-24EUMessagingAI & biometricsproposed

The roadmap: state decryption scheduled through 2030

The Commission publishes its "lawful access to data" schedule (COM(2025) 349): new retention rules, cross-border interception by 2027, AI analysis of seized data by 2028, and a "next-generation decryption capability" for Europol from 2030. The EU is planning, over five years, the legal and technical bricks to read what is unreadable today. The EFF sums it up: "this roadmap makes everyone less safe".

Commission · 24 June 2025 →

2025-07-14EUIdentityadopted

Age verification: the pilot app in five countries

The Commission publishes its DSA "Article 28" guidelines and an age-verification blueprint (a "mini-wallet"), piloted with Denmark, France, Greece, Italy and Spain, designed to converge into the EUDI Wallet by late 2026. Even "privacy-preserving", the logic installs an identity check at the entrance of the internet: proving a civil-status attribute to view legal content becomes a normal gesture.

Commission · blueprint · July 2025 →

2025-07-15FranceIdentityin force

France: the Conseil d’État reinstates the age check

Under the SREN law and the Arcom framework ("double anonymity"), adult sites must verify visitors’ age. Aylo (Pornhub) cuts access to France in protest; the administrative court suspends the decree in June, the Conseil d’État overturns that suspension on 15 July: the obligation stands, the sites re-block. The first full-scale deployment of the "ID card to enter the internet", with blocking as the compliance lever.

Conseil d’État · 15 July 2025 →

2025-07-15WorldIdentityin force

China: the national internet ID, centralised with the police

Launch of the "cyberspace ID": a single identifier issued jointly by the Ministry of Public Security and the Cyberspace Administration of China, backed by face recognition and the national ID card, used to log into online services, effective 15 July 2025. Officially voluntary, on top of real-name registration already mandatory everywhere. When online identification is centralised by the state, anonymity disappears by design and internet access becomes a revocable privilege. It is the finished model of what Western age checks and wallets sketch.

South China Morning Post · July 2025 →

2025-08-08EUMediaMessagingin force

EMFA: journalist protection, holed by its exceptions

The European Media Freedom Act becomes fully applicable. Its Article 4 bans spyware against journalists in principle… then allows it by exception for a list of serious crimes; during negotiations the Council, France in the lead, pushed a blanket "national security" carve-out, denounced by RSF. The first European text meant to shield journalists from state spying codifies, in the negative space, the conditions under which that spying stays legal.

Regulation (EU) 2024/1083 · EMFA →

2025-09-01WorldMessagingIdentityin force

Russia: the state messenger pre-installed by decree

Every smartphone sold in Russia must ship with MAX, the messenger built by VK and designated the "national app"; civil servants and teachers are ordered onto it. Independent analyses describe extensive tracking and integration with the FSB’s interception system. The end point of the anti-encryption logic: a messenger readable by the services, imposed through the hardware distribution channel itself.

Reuters · Aug 2025 →

2025-09-01WorldMediain force

Russia: searching becomes an offence

"Deliberately" searching online for content classified as "extremist" (a list of 5,000+ entries, opposition included) becomes finable (including through a VPN), and advertising circumvention tools is banned. A historic threshold: the state no longer punishes what you say, but what you try to find out. The logical end point of inspecting individual usage.

Reuters · July 2025 →

2025-09-09EUMessagingunder negotiation

500 scientists: "technically infeasible"

More than 500 cryptographers and researchers from 34 countries (some 800 from 37 countries by October) sign against the Danish CSAR draft: reliable detection is impossible at this scale, circumvention is trivial for criminals, and any client-side scanning "inherently undermines" end-to-end encryption. Germany’s federal criminal police (BKA) data make the point separately: of 205,728 NCMEC reports received in 2024, 99,375 (48.3%) were "not criminally relevant". The scientific consensus is unambiguous. And the project continues.

Open letter · Sept 2025 →

2025-09-26WorldIdentityunder negotiation

"BritCard": a digital ID to be allowed to work

The Starmer government announces a digital identity ("BritCard" is its informal nickname, not an official name) that will become mandatory for right-to-work checks by the end of the parliament, in the name of fighting illegal immigration. A petition passes one million signatures in about two days (2.9 million+ since); the government holds course (a bill features in the May 2026 King’s Speech). Conditioning the right to work on a state identifier installs a central checkpoint on everyone’s economic life.

gov.uk · Sept 2025 →

2025-10-12EUMessagingrejected

Berlin brings down mandatory scanning

Signal president Meredith Whittaker states publicly that the messenger would leave the European market rather than undermine its encryption; the CDU/CSU group compares suspicionless scanning to steaming open everyone’s mail. The item is pulled from the agenda of the 14 October JHA Council: the blocking minority holds. The balance of power can flip, but the project never dies: reworked as "voluntary", it returns six weeks later.

EU Perspectives · Oct 2025 →

2025-10-12EUAI & biometricsIdentityin force

EES: face and fingers become the passport

The Entry/Exit System goes live: fingerprints and a facial image of every non-EU traveller are collected into a centralised database, replacing the passport stamp (full rollout 10 April 2026); ETIAS, a paid authorisation built on those databases, is next. The EU shifts to a border-as-database: the body becomes the default travel identifier, stored in systems designed to interconnect.

Commission · EES →

2025-10-25WorldMessagingadopted

UN Cybercrime Convention: surveillance exported by treaty

Negotiated at Russia’s initiative and adopted in late 2024, the convention gathers 72 signatories in Hanoi: 71 states plus the EU. EFF and Human Rights Watch warn: broad definitions, mandatory mutual assistance to collect electronic evidence (real-time interception included) for "serious crimes" as defined by the requesting country’s law, with optional safeguards. A legalised worldwide channel through which the most repressive regime’s standards can travel.

UN · UNODC · Oct 2025 →

2025-10-30EUMoneyunder negotiation

Digital euro: the architecture is built before the safeguards

The ECB closes its "preparation phase" and starts the next one: a pilot exercise in mid-2027, possible first issuance in 2029, while the regulation is not yet passed. The Eurogroup agreed in September on governance and the process for setting holding caps. A central-bank digital currency is an infrastructure where every transaction is natively recordable; it is being built while its legal limits are still unwritten.

ECB · 30 Oct 2025 →

2025-12-10WorldIdentityAI & biometricsMediain force

Australia: 4.7 million accounts switched off in a month

A world first: from 10 December 2025, under-16s are banned from the ten platforms designated by the eSafety regulator, which must estimate age (behavioural inference, face-scan selfies, ID documents) under penalty of A$49.5M fines. In mid-January 2026 the prime minister announces 4.7 million accounts deactivated, removed or restricted. To exclude minors you must estimate everyone’s age: biometrics becomes the toll booth of the social web, and governments worldwide are watching the laboratory.

Australian PM · Jan 2026 →

2025-12-17FranceAI & biometricsin force

Algorithmic CCTV: the Olympics "experiment" heads for year seven

Authorised "experimentally" by the 2023 Olympics law (expiry March 2025), algorithmic video surveillance is extended to the end of 2027, cleared by the Constitutional Council. By May 2026 the Senate is already voting the sequel (the "Ripost" law): extension to the end of 2030 and expansion to every publicly accessible space. The classic ratchet: the exception rolls over, the scope widens, the evaluation can wait.

Le Monde · 18 Dec 2025 →

2026-01-12EUMediaMessagingrevealed

Pegasus in Poland: the accused finds asylum… inside the EU

Former justice minister Zbigniew Ziobro, facing 26 charges (including funding Pegasus from a victims’ aid fund and using it against opponents), says he has been granted political asylum in Hungary after his immunity was lifted; in May 2026 he flees on to the United States. The judicial reckoning for state political spying reaches an unprecedented dead end: an EU member state shelters the alleged culprit, and accountability stops at the internal border.

Le Monde · 12 Jan 2026 →

2026-02-12WorldMessagingin force

Russia: WhatsApp cut off for 100 million users

The full sequence took six months: August 2025, WhatsApp and Telegram calls are throttled (the platforms "refuse to share data with the authorities"); December, the slowdown widens; February 2026, WhatsApp is fully blocked, confirmed by the Kremlin. The lesson is plain: demand the data, strangle the service that refuses, then cut it off. Refusing to break encryption is punished by exclusion from the country.

Reuters · Feb 2026 →

2026-02-26EUMediaMessagingrevealed

Predator in Greece: the vendors convicted, the buyers untraceable

An Athens court convicts four executives tied to Intellexa (founder Tal Dilian, plus Hamou, Bitzios and Lavranos) for illegal access to private communications in the Predator scandal (~87 targets: journalists, ministers, military officers; a count reported by The Record and ICIJ). The EU’s first criminal conviction of spyware merchants. But no political official is convicted: whoever ordered the wiretaps remains officially untraceable.

Amnesty International · Feb 2026 →

2026-05FranceMessagingMediaunder negotiation

Black boxes: intelligence wants the full URLs

MPs widen the "black boxes" (the algorithmic metadata analysis created in 2015 against terrorism, made permanent since) to organised crime and, for the first time, to the full URLs of pages visited. The Constitutional Council struck down a similar scheme in 2025; the government tries again, adjusted. A full URL reveals what you read, not just who you talk to: a qualitative leap toward automated inspection of reading habits, under administrative (not judicial) authorisation.

Le Monde · 7 May 2026 →

2026-05-19EUAI & biometricsin force

Palantir in Europe: the vendor changes, the question doesn’t

In mid-May 2026, Germany’s domestic intelligence service (BfV) drops Palantir for France’s ChapsVision. France’s DGSI (which had renewed its Palantir contract in November 2025, through 2028) takes the same path later: on 16 June 2026 Sébastien Lecornu announces a migration to ChapsVision in the course of 2027. Meanwhile police in Bavaria and Hesse keep using Gotham (North Rhine-Westphalia until October 2026), challenged before the Constitutional Court. The public debate has slid from "should police files be fused by AI" to "which vendor should do it": sovereignty has replaced proportionality, and mass analysis itself is no longer questioned.

Le Monde · 19 May 2026 →

2026-06-12WorldMessagingunder negotiation

FISA 702 lapses, collection carries on anyway

Section 702, the warrantless collection of communications transiting US providers, was due to expire in April 2026. Two short extensions later, the authority lapses mid-June with Congress deadlocked over requiring a warrant for FBI searches of Americans. But existing certifications remain valid until March 2027: the machine runs another year on no renewed basis. A "temporary" surveillance power never quite switches off.

Brennan Center · 2026 →

2026-06-23EUMoneyunder negotiation

Digital euro: "not programmable", yet conditional

Parliament’s ECON committee adopts its position (43 votes to 14, one abstention): course set for a launch by 2029. The ECB’s own FAQ swears the digital euro "will not be programmable money", while presenting "conditional payments" as optional services; under the MEPs’ position, the holding cap would be set later by the Commission on the ECB’s recommendation, reviewed every two years. The gap between the promise and the platform rests on a political decision, not a technical impossibility: the conditionality and traceability infrastructure will exist from day one.

European Parliament · 23 June 2026 →

2026-06-24EUMessagingMoneyAI & biometricsproposed

Europol: budget raised to €3 billion, a mandate on encryption

The Commission proposes Europol’s biggest overhaul in 25 years: budget up from €1.9bn to €3bn, 900 extra staff, a mandate extended to encrypted communications, crypto-assets and AI-assisted fraud; a "technology and innovation hub" whose encryption work follows the ProtectEU roadmap (which schedules a Europol decryption capability by 2030); an automated "European police data space". ProtectEU’s armed wing: a supranational agency one MEP already warns "must not lead to mass surveillance".

Commission · 24 June 2026 →

2026-07EUMediaMessagingrevealed

Pegasus in Parliament: the watchdog was being watched

Citizen Lab reveals that MEP Stelios Kouloglou, a substitute member of the PEGA committee, the very body that investigated Pegasus and spyware abuse in Europe, was hacked with Pegasus while serving on it (infections dated 21 October 2022 and 6–7 March 2023), with possible access to confidential deliberations. Citizen Lab explicitly declines to attribute the attack; a coalition of NGOs demands an EU response. Spying on the body tasked with overseeing spyware is the ultimate inversion of democratic oversight, and nobody is named responsible.

Citizen Lab · July 2026 →

PART 25 · YOU ARE NOT ALONE

Allied initiatives

The organisations fighting this in courtrooms and parliaments, and the projects keeping the receipts.

Campaigns & advocacy

  • Fight Chat Controlfightchatcontrol.eu

    Citizen-led platform (anonymous collective): MEP contact tool, per-member-state position tracking, 1.0 vs 2.0 comparison. Relaunched for every vote.

  • Stop Scanning Me · EDRistopscanningme.eu

    Coalition of 60+ organisations: 200,000+ signature petition, open letter grown from 300 to 450 scientists, joint letter of 133 NGOs.

  • Patrick Breyer · chatcontrol.eupatrick-breyer.de

    The former Pirate MEP who coined "Chat Control". The reference chronicle of the file, vote by vote, document by document, since 2020.

  • EDRiedri.org

    The European digital rights network (50+ NGOs). Legal analysis, Brussels advocacy, campaign coordination.

  • La Quadrature du Netlaquadrature.net

    Since 2008: CJEU litigation (the 2020 retention ruling), the Technopolice campaign, analysis of French surveillance laws.

  • noybnoyb.eu

    Max Schrems’ NGO: systematic GDPR litigation that brought down two EU-US transfer deals (Schrems I and II).

  • EFFeff.org

    Thirty years of litigation and tools (Jewel v. NSA, Certbot, Privacy Badger, Rayhunter) and the Surveillance Self-Defense guide.

  • Signal Foundationsignal.org

    Pledged to leave the EU rather than install scanning. Meta/WhatsApp (Oct 2025) and Threema ("all options") followed with opposition.

Documentation projects

  • EFF · NSA Spying Timelinensa-timeline.eff.org

    US surveillance chronology 1791-2015, built on the Jewel v. NSA evidence record: every entry dated and sourced. The receipts model our Precedents section borrows.

  • Atlas of Surveillanceatlasofsurveillance.org

    14,900+ documented police deployments across 6,000+ US jurisdictions (drones, face recognition, IMSI catchers…), compiled by 1,000+ students and volunteers. Geographic rather than chronological.

  • Technopolicetechnopolice.fr

    La Quadrature’s 2019 campaign documenting the "Safe City" city by city, company by company: procurement records, participatory forum, leak channel.

  • OONIooni.org

    The largest open dataset on internet censorship: millions of measurements since 2012, 200+ countries, CC-licensed data and a public API. Censorship, proven in real time.

  • Digital Violence · Forensic Architectureforensic-architecture.org

    The interactive map of the Pegasus/NSO ecosystem: export licenses, infections, and the physical consequences for the people targeted.

  • Surveillance Watchsurveillancewatch.io

    Interactive map of the spyware industry: who builds, who funds, who buys.

  • NetBlocksnetblocks.org

    Real-time observatory of internet shutdowns and blocking, country by country, incident by incident.

  • Big Brother Awardsbigbrotherawards.de

    Since 2000, the annual "award" for the worst privacy offenders (editions in several countries): a chronicle by example, year after year.

PART 26 · THE ARSENAL

Open-source directory

66 free-software tools in 14 categories. Every entry is open source: verifiable code, no goodwill required.

Messaging

  • SignalAGPL-3.0

    Replaces WhatsApp. E2EE by default, non-profit foundation.

  • SimpleX ChatAGPL-3.0

    No identifier at all: even servers can’t know who talks to whom.

  • SessionGPL-3.0

    No phone number, onion routing.

  • Element · MatrixAGPL-3.0

    Replaces Discord/Slack. Federated, self-hostable.

  • BriarGPL-3.0

    P2P with no internet (Bluetooth/Tor): protests, blackouts.

  • MollyGPL-3.0

    Hardened Signal for Android (fully FOSS variant).

Email

  • ThunderbirdMPL-2.0

    The reference free mail client, OpenPGP built in.

  • Proton Mail (apps)GPL-3.0

    Open-source apps of the Swiss encrypted service.

  • Tuta (apps)GPL-3.0

    Free apps, post-quantum encryption, EU jurisdiction.

Browsing & search

  • FirefoxMPL-2.0

    Replaces Chrome. The independent engine.

  • Tor BrowserMPL-2.0

    Network anonymity, anti-fingerprinting.

  • Mullvad BrowserMPL-2.0

    The Tor Project’s browser, without the Tor network.

  • BraveMPL-2.0

    Chromium that blocks ads and trackers by default.

  • uBlock OriginGPL-3.0

    THE ad and tracker blocker.

  • SearXNGAGPL-3.0

    Self-hostable metasearch engine.

VPN & network

  • WireGuardGPL-2.0

    The modern VPN protocol everyone builds on.

  • Mullvad VPN (app)GPL-3.0

    Client of the no-account VPN (cash/Monero accepted).

  • Proton VPN (apps)GPL-3.0

    Free clients, honest free tier.

  • TorBSD-3-Clause

    The network that separates who you are from what you do.

  • TailscaleBSD-3-Clause

    Private WireGuard network between your devices.

  • HeadscaleBSD-3-Clause

    The Tailscale coordination server, on your hardware.

DNS

  • Pi-holeEUPL-1.2

    Blocks ads and trackers for the whole network.

  • AdGuard HomeGPL-3.0

    Pi-hole alternative with a modern UI.

Passwords & 2FA

  • BitwardenGPL-3.0

    Cross-platform password manager.

  • VaultwardenAGPL-3.0

    Lightweight self-hosted Bitwarden server.

  • KeePassXCGPL-2.0/3.0

    100% local vault, zero cloud.

  • AegisGPL-3.0

    2FA codes (TOTP) in a local encrypted vault (Android).

  • Ente AuthAGPL-3.0

    2FA with end-to-end encrypted sync.

Storage, photos & backups

  • NextcloudAGPL-3.0

    Replaces the whole Google suite, at home.

  • CryptomatorGPL-3.0

    Encrypts your files BEFORE any cloud.

  • SyncthingMPL-2.0

    Device-to-device sync, no server.

  • resticBSD-2-Clause

    Encrypted, deduplicated, automatic backups.

  • ImmichAGPL-3.0

    Self-hosted Google Photos (faces, search).

  • Ente PhotosAGPL-3.0

    E2EE photos, on-device recognition.

Everyday tools

  • LibreOfficeMPL-2.0

    The free office suite.

  • OnlyOfficeAGPL-3.0

    Self-hostable collaborative office.

  • JoplinAGPL-3.0

    Markdown notes, optional encryption and sync.

  • Standard NotesAGPL-3.0

    Notes encrypted by default.

  • CryptPadAGPL-3.0

    Collaborative Google Docs, fully encrypted.

  • Organic MapsApache-2.0

    Offline maps with zero tracking (OpenStreetMap).

  • OsmAndGPL-3.0

    Power-user maps (hiking, contour lines).

  • Jitsi MeetApache-2.0

    Video calls with no account, self-hostable.

  • MastodonAGPL-3.0

    Replaces X/Twitter. Federated, no imposed algorithm.

  • PixelfedAGPL-3.0

    The fediverse’s Instagram.

  • PeerTubeAGPL-3.0

    Federated YouTube.

  • LemmyAGPL-3.0

    Federated Reddit.

  • Damus (Nostr)GPL-3.0

    Nostr client: your identity is a key pair.

Local & agentic AI

  • OllamaMIT

    Run LLMs locally, one command.

  • llama.cppMIT

    The local inference engine that made it all possible.

  • JanAGPL-3.0

    100% local ChatGPT-like, simple UI.

  • GPT4AllMIT

    Privacy-minded local LLMs, CPU-friendly.

  • PocketPal AIMIT

    Run LLMs offline on your phone (iOS/Android), no account.

Operating systems

  • GrapheneOSMIT

    De-Googled, hardened Android (Pixel).

  • TailsGPL-3.0

    Amnesic USB OS, everything through Tor.

  • Qubes OSGPL-2.0

    Compartmentalisation via sealed VMs.

  • F-DroidGPL-3.0

    The 100% free app store.

  • postmarketOSGPL-3.0

    Linux on abandoned phones.

Self-hosting

Finance

OPSEC & whistleblowing

  • SecureDropAGPL-3.0

    Anonymous document drop for newsrooms.

  • OnionShareGPL-3.0

    Share files over Tor, no middleman.

  • Rayhunter (EFF)GPL-3.0

    IMSI-catcher detector.

  • mat2LGPL-3.0

    Strips metadata before publishing.

  • ExifToolArtistic/GPL

    Read and erase EXIF metadata.

PART 27 · THE PLAN

Migration checklist

Fourteen steps, from ten-minute wins to weekend projects. Ticks are saved in this browser only. Nothing leaves your device.

0 / 14 steps done

Manifesto

Changing tools is an act of individual responsibility, one that belongs to each of us: it is how you refuse an illegitimate mass surveillance.

Encrypting is protecting your private life. Self-hosting is pulling yourself out of Big Tech's surveillance. Taking back control of your tools is becoming ungovernable and sovereign.

The fight is political. Support the organisations opposing it, like the fightchatcontrol.eu initiative, and write to your representatives. That is what almost brought Chat Control down.

But since the solution will probably come neither from the ballot box nor from the European Parliament, it falls to each of us to win our freedom and protect our privacy with every tool the Internet offers.