Forem: Luftie The Anonymous

Appeal To Android Developers - Our Last Chance

Luftie The Anonymous — Wed, 29 Apr 2026 09:28:05 +0000

Hello Dear Readers

Today's article will not be funny as Luftie usually used to write, and I will not joke here. This article is going to have an severe tone and leave you with severe thoughts and concerns to consider on an personal level.

I'm not a fear-mongering "journalist" (although I don't reckon I'm one, but my work allows me to call myself so), I hate spreading fear because that belongs to garbage media 🗑️ like Linkedin, Instagram, Youtube or X (twitter). So if you would feel threatened or would get anxious, that's not the purpose here 😌.

I may be emotional and sometimes seem frustrated and sick in this article, but this is coming directly from me, what I think about this all.

In order not to prelong the article, I want to briefly emphasize what will this article be about:

google Android Monopoly Act
google x European Union Data Sharing Act
Developer Request For Action

Because of those 2 topics, I decided to firmly write an article so that every developer here sees it.

google Android Monopoly Act

I called it this way, because it is exactly what Sundar Pichai with his fellows plan to introduce. Primarily our Hindi friend stated that

This update is about to reduce the amount of malware in Android eco-system.

Logically deducting, google should block it's self. Ok, what Pichai said, is only a cover for real incentives.

That sounds great in PR, but the real incentive is control, money and power. Power to invigilate and make users and developers obedient, just as you were a dog. You have no other choice to use your phone with android based OS, than android phone with google Play Services support and only official app-store. Otherwise ? Otherwise you will starve and be excluded from the herd.

This is the harsh truth, willy nilly. Regardless what size of foil cap are you planning to buy for me. I'm going to bark about this so that everyone sees it, my account of dev.to will get blocked, because I allegedly would have posted violent content towards one or another, which is not true.

Never have I encouraged to violent acts and neither will I. I only encouraged to resist things that are pertaining us, our privacy, our freedom.

What Pichai really wants ?

He wants to:

Deprive Android users of choice, whether users want to download the app from open-source app store or official one

Importantly, Pichai wants to decide for a user what OS they should have, leaving simultaneously no option than official android, therefore custom ROMs users suffer and are vulnerable to have issues with usage.

But what's most important for us, us developers. It deprives us also of freedom of choice.

It prohibits us to choose where we want to publish our app to be downloaded, because there will be only one choice.

It will drain our wallets financially and I know a lot of ambitious developers, mainly from from Africa, who are developing open-source projects on android, and they cherish the fact they do not have to pay 25 $ to google to be able to launch the app in official app store.

It extends the invigilation methods on developers, because if a developer would deploy their app that would prolly not appeal to the any government-institution or google themselves, google has direct access to who you are and you are treated as criminal from day 0. Why ?

Because the rules are that, in order to be able to deploy apps to their app store, you also need to pass your ID to google now.

I committed this massive failure back 2024, I uploaded my ID and I'm ashamed. Ashamed because I promised myself back then already to start taking care about privacy. Though due to my desire to make my start-up appear and succeed at all cost, I violated even my personal rules, I was trying to be Mr. Pie (Perfect In Everything), but I failed tremendously. But that's the past and I don't give a single shit about it.

As for devs, I see that we are exposed on another threat, namely censorship. Yes you heard correctly, now as developers have only single source of release of their apps, they might challenge censorship issues. So your app can be taken down, removed and you might be incarcerated, sued or whatever legal actions would they take towards you.

Another Issues I see, are onboarding issues and console usage, to be honest I was developing mobile apps for 2 years and was always confused with the console and sometimes lost quarters to find the button or feature I want to use. It's highly counter intuitive.

Your google play developer account might get suspended from whatever reason, interrupting your work and write emails to unlock the account, coming along with the fact they know your address, they have your ID and know what you look like, they might sue you, and the law is easy "Money Talks", whoever has better lawyers, whoever has more money, there one will be innocent.

It ruins the entire idea of open-source android apps, because noone can download it without the app being required to appear in a google store (even for testers), without complying to google's restrictive requirements before publishing, which causes waste of time.

My Take on google

google is indeed a big company and are earning a lot of money and produce and build phenomenal technology. The question is whether they earn so much due to lack of better products or is it because of the mail monopoly and the setup by default and regular users do not even think about using other tools like email provider.

I would say it's because of their oligopolistic (together with Apple) dominance over mobile phones OS and because they bribe manufacturers to put that google's android on their phones.

As you can already suspect and see after me writing name google with lowercase, I don't love google and genuinely condemn their actions and their company as well.

I can't really believe how anti-human this corporation is. In order to get to someone from any support you're redirected to FAQ-section where finding answer will take you ages.

And if there is already a human, they will answer you at fastest in 2 days. And also the responses from them are written in such way you wish to become a terrorist and visit google's headquarter in person.

Me myself removed the account from google play Developer Console, and took back my money.

Which also was not so easy, because I had done the transaction from an already non-existing bank-account and bank that does not exist anymore and requested to send the refund to my current account.

After a week they sent the money back to me. They are 3 trillion+ $ company and they have issues to send the refund on different account.

EU x google Data Sharing Act

This one is quite fresh, so let's describe what's going on.

The European Commission issued preliminary findings on April 16, 2026, proposing that google must allow third-party search engines and AI chatbots to access its search data under the Digital Markets Act framework.

What's that shit 😮 for ?

The EU promises to ensure that "data is a key input for online search and for developing new services, including AI." The stated aim is to:

Level the competitive playing field so rivals can challenge google Search's dominance
Allow competitors to optimize their services using the same data inputs google has
Prevent market foreclosure and "practices that risk closing markets or limiting choice"
Ensure fair, reasonable, and non-discriminatory access to search data with transparent pricing parameters

What Data Must Be Shared ?

google would be required to share the following search data with competitors:

Search rankings data — how google ranks search results
Query data — the actual searches users perform
Click data — which results users click on
View data — which results users view without clicking
AI-related data — equally effective access to data used by google's own AI services like Gemini

The data must be made available to eligible "data beneficiaries", which include third-party search engines and AI chatbots with search capabilities.

The Specific Requirements Under Consideration

The EU's proposed measures would regulate:

Eligibility criteria — which companies qualify as data beneficiaries
Scope of data sharing — exactly what data must be shared
Technical means and frequency — how often and through what systems data is transferred
Data anonymization protocols — measures to strip personal information while maintaining data usefulness

From google's side there is of course opposition, however I treat it personally as PR only.

Clare Kelly, google's senior competition counsel, stated:

"Hundreds of millions of Europeans trust google with their most sensitive searches — including private questions about their health, family, and finances — and the Commission's proposal would force us to hand this data over to third parties, with dangerously ineffective privacy protections."

Ms. Kelly notices the sensitiveness of searches and private data, but on their own they state in the policy that they see all of your emails and thus own your sensitive information. Which than is processed and misused.

Pricing parameters — fair pricing mechanisms for data access
Access governance processes — rules for how beneficiaries use shared data

Privacy Concerns: EU Data-Sharing Mandate and Potential Threats

The proposal generates unprecedented privacy risks for EU citizens, despite framing the measure as pro-competition.

Below I listed down what threats I see coming from this data-sharing act:

Search queries reveal the most intimate aspects of human life—medical conditions, mental health struggles, financial desperation, sexual orientation, relationship crises, and illegal curiosities—information people would never voluntarily share with multiple corporations.
Once this data is distributed to "eligible data beneficiaries" such as Microsoft, Apple, Meta, and Amazon, users lose any meaningful control over their most sensitive information.
The EU's proposed anonymization safeguards are insufficient: academic research consistently demonstrates that anonymized search datasets can be re-identified when cross-referenced with other data these companies already control (email patterns from Microsoft, device usage from Apple, social graphs from Meta).

Real-world threat scenarios I could think of include:

A person searching for depression treatment, suicidal ideation, and debt relief being microtargeted by predatory lenders or high-interest financial services;
Someone researching gender dysphoria or LGBTQ+ resources in conservative EU regions having that data sold or breached, exposing them to discrimination or legal risk;
A woman searching for abortion information in restrictive countries having her data shared across borders with law enforcement;
Aggregated "anonymous" search patterns revealing population-level health crises, enabling governments or insurers to deny coverage to high-risk groups;
Data breaches at any of the multiple vendors now holding search records exposing millions simultaneously rather than concentrating risk in one company.

The proposal does not grant users transparency into who accesses their data, control over sharing, or meaningful consent mechanisms—instead, it mandates data distribution as a condition of market access. This transforms the surveillance apparatus from monopolistic to oligopolistic, spreading vulnerability across more companies, jurisdictions, and profit incentives while maintaining the same fundamental loss of user autonomy.

Timeline

Public Consultation Phase: Interested parties (including google, competitors, and civil society) can submit comments until May 1, 2026.

Binding Decision: The Commission expects to finalize its ruling by July 27, 2026, which will determine the exact scope and terms of data sharing

This represents a major escalation in EU antitrust enforcement targeting Big Tech, with significant implications for how competitive search and AI development will operate in Europe.

Developer Request For Action (DRFA)

Due to the surging surveillance and more threats to our digital privacy. I call you, you developers, who are the core of every digital product and service. Because it's thanks to you that we use apps in the app-stores. It's all your work spent on every app, extension, website, software comes from a developer.

That's why if you're actively creating or are just about to join mobile dev, I request you to:

Not sign up to google play developer console account and remove your account from google play developer console as soon as possible.

There are many alternative solutions to have deployed the app instead directly on the app store, one needs only to truly want to implement them.

You can run a push notification campaign and in-app alerts saying about the problem and that you plan to move to open-source app-stores where you will continue.

Make people aware of the actual threat and problem. Will you loose some customers ? Sure, but you will gain other ones.

Talk to your regulatory institutions about the issues

I recently have distributed 500+ email messages to MPs and requested them for taking action pertaining the European Union implementation and plan do so either for the google's psychopathic desires.

// Detect dark theme var iframe = document.getElementById('tweet-2049049335061434493-244'); if (document.body.className.includes('dark-theme')) { iframe.src = "https://platform.twitter.com/embed/Tweet.html?id=2049049335061434493&theme=dark" }

If you use X, feel free to follow, like and repost.

Fill out the survey where you oppose the update

The more opposition there appears, the higher the probability that this update will not be implemented. So please go and fill out the survey, tell google what you think of this through their own developer verification survey.

Visit Keep Android Open Website

There is well described, why the google's update violates privacy with their actions, if I didn't convince you, perhaps the website will.

Talk other developers and organizations out of signing up.
Add the FreeDroidWarn library to your apps to warn users.
Run a website? Add the countdown banner.

Summary

One could argue, why to even bother, it won't give anything anyways. It's wrong. Chat Control got revoked, due to public pressure, there are a lot of cases were pressure simply works. So can it be now as well.

That's it for today, if you are mobile-dev please consider the measurements from the article. Don't forget to like and share it with friends.

Partner Block

If you're about to purchase your first crypto wallet or a new wallet, you remember to checkout OneKey product and with my promocode: Luftie, you get 10% discount on all products available in their shop, but also 10% off on fees on perpetuals and defi fees like staking etc.

Donations

If you appreciate my work, feel free to donate me and message with screenshot on Signal or Telegram :)

Donation Addresses:

Monero (XMR): 44mBpaeJSuxTSFTXRxAb289mNiPgHTk6tMaKXPjg2DNQMbmxP1dFA86Q9QnHoU8T62XhQputbGkESiQBD31QrtfN377wGD3

Bitcoin: bc1q5dxqaf2xva57rlac8gj5g3apmm0edvanvscyhw

Ether (ETH): 0x524C676f9e31b6a4CaE067c41d01E9878b7FF14B

Solana (SOL): DgsvUBEvQdQVk7bxQSA2cEjFuJRwMFokeGbMXtq6MY4X

Mobile Coin (MOB): 7xB623noRRqqMxbTwqvbJWfcpycYyWEvWQAALigKn4VrwhuHZxsFP4Xkexp5MyK53pE8mfomXzDPaLXuwuQPw8RNveTQDSEuDQcPopv6Foyfei6DCkzJJx1j68j4xuXRQ94Q4SoC22vRMWKA58eNmvG2Nx2sy6wY1pu7ZzZTozYqL1vEDzGK1ajGNB9VLxppXarkpw3kBjUVbtjYzWo2iENpBpfVQ4tXaetUiGrv7EvPDa

Thank you very much for any support, also leave the comment down below: What do you think of google ? Do you like the direction they head towards ?

Till next one ;D

Privacy and Security Setup to use in 2026 PART 3 (Payments)

Luftie The Anonymous — Sun, 26 Apr 2026 14:40:32 +0000

GM, Dear Readers !

In last 2 articles, I elaborated on things like OS, Browsers, Search Engines, Messengers and Mail Providers that we could use for increasing our level of privacy.

Now as we're going deeper and deeper into the digital privacy and digital freedom, let's ask another question.

What about private payments ? How about being able to pay privately for stuff irl 🏪 and online 🌐 ?

Before I start with the meaty 🥩 part, if you haven't read my previous articles, check those last 2 ones out. They have low visibility, but have real value and a lot of knowledge in them, so please share with friends and share your feedback.

Luftie The Anonymous

Apr 21

Privacy and Security Setup to use in 2026 (Messengers + Mail) PART 2

#programming #opensource #security #os

Comments

24 min read

Luftie The Anonymous

Apr 17

Privacy and Security Setup to use in 2026 PART 1 (OS, Browser, Search Engines)

#discuss #privacy #tooling #security

Comments 4

31 min read

Unfortunately my markdown skills are very limited 😆 and idk how to implement such list or series with interactive table with direct links to the article, just like @francistrdev does it 🧠 (to be honest I'm envious about his skills, shout out to you amigo, love your articles) !

In order not to digress however 😄, currently there is a lot of supervision and restriction when it comes to payments. Those restrictions are implemented by the governments and institutions around the world are implying as though everyone was a criminal, therefore requiring your ID, details on where you live, your picture and more.

That data and images are then stored in the companies cloud storage, which is prone to be hacked and exploited, thus your data might be obtained by an unwanted third-party like data-broker or hacker.

You cannot pay cash 💰 when the price exceeds some amount (legally you can't ⚖️, others said it's not for hoi polloi, we know it's possible though 🫣). Trust in banks is naive, banks algorithms are flawed and are able to block your account after you make e.g. Github Copilot purchase, you have then to call the bank to unlock your card, being at the same time honeypot for your financial data.

Meaning that banks 🏛️ are giving access to data to any law-enforcement 👮 without a single moment of hesitation 🫣.

All of your transactions in the bank 📃, all the details, all that can be passed to a spy-agencies 🕴 of the state.

Quick Disclaimer (one of many today :D ): I spent entire week, sleeping each day about 4 hours a day on average, working on this article. From it's style, fact checking, reviewing my cryptographic knowledge validity, listening to the podcasts with founders, investigation of compliance, asking questions for validation, waiting on the answers to edition, removing the providers that turnt out to be violating the privacy, while I already had a ready version of an article to push.

I don't write it to make you feel sorry to me or imposing my effort to trigger some of your feelings but rather to personally express my admiration 🫶 to journalists, especially independent ones, who do they work well and in a righteous way just like I tried to do (hopefully I managed to :) ).

Because I gone through a huge pile 🗄️ of articles with rankings/juxtapositions of cryptocurrencies without much details about their mechanism or non-kyc cards, that haven't been checked 🚫 by the authors, if they are fully non-kyc.

I did it the hard way and made thorough "investigation" aka. research 🕵 (I kind of like the word investigation, because for some crypto companies or projects, it might be useful to procedure one 🤣).

Long story short, If you enjoy my articles, I decided to open options for you to send donations 🫴🪙, the details are on the end of the article.

My articles always will be free, though I leave a free space for people that might want to appreciate my work and so helping me.
Thank you very much for your donations in advance 😄 !

These funds would be certainly used for:

purposes of newer articles e.g. test of some tool/device and giving a review on it.
for help to my mom 🧕 financially to keep the house on running 💸 smoothly (currently I'm before applying at the uni and well I'm jobless 📂, so I'm sort of parasite 🦠 some of you might think, but I help as much as I can to take the burden off of her 🫂).
purchase of new equipment 🖥️ to my lab 🧪 aka. room ⛺ for potential co-worker to have workplace and cool experience of working together and perhaps start working jointly 👥 on some project that could then turn into a start-up and potential business (I would never forget the people, who would put a trust in me and help me 🤧).

Perhaps in the future I will grow to a bigger brand 🕶️ and all of the sudden I will start selling hoodies, t-shirts 👕, caps 🧢 with some themes of mine, we will see 😁 On this moment on I want you to make qualitative articles, so we go slowly to the core part of the article now on.

Additionally, as you could see this article will be only about Payments and I excluded AI from the article. You could ask:

Luftie, wtf is going on ? Why can't you keep one plan and stick to it ?

Grasp you chair and hold it thightly.....

Because my articles are good and long, bitch ;D If I kept Payments and AI format, this article would so long like distance from 🌏 Earth to exit of our galaxy 🛸 ! Now I reduced it to a length similar to a distance from Hicksville in South-Portugal 🇵🇹 to Shenzhen 🇨🇳

So I guess you're fine with it and we can fasten ➰ our belts for this beautiful and thriving just like Rust 🦀 on your car journey !.... I mean article, I mean..... JUST SHUT UP and read it 😘

Shout out to Rustaceans 😅 !

Article Navigation Guide

This article will have multiple sections so you can skip to what interest you the most, so in order to e.g. just find a part of article that is interesting to you here's the overview:

Payments

-- Cash

-- Cryptocurrencies

--- Intro, Good Web3 Practices + SURPRISE 🤩

---- # Blockchain 101 explanation

---- # 1 Rule
----- Detailed Cryptographic Explanation of nuances

---- # 2 Rule + Surprise 🥳

---- # 3 Rule

---- # 4 Rule

---- # 5 Rule

---- # 6 Rule

---- # 7 Rule

---- # 8 Rule

---- # 9 Rules

--- Privacy Coins

--- Where to buy anonymously

--- Other Coins

-- Virtual, Prepaid and Physical Cards with no-kyc

-- Alternative forms of payment

DISCLAIMER ⚠️

The presented content does not encourage to commit any actions towards using such solutions, I do not take any responsibility if you use one of those tools and loose money. It's not a financial advice, the article has rather an informative and educational purpose.

The article has not been sponsored by any companies presented in the juxtaposition of card providers or the blockchain organisation.
All opinions on the products are personal, not influenced by any forms of incentive.

The article in some paragraphs comprises writers personal, subjective opinions, experiences, that can include curse-words, if you're sensitive to language used, please don't take things personally or don't read it at all.

Payments

First of all why might you want to commit transactions privately ? Well that's because:

you would not like to get questions from some financial institutions in your country where do you have the money from to commit the transaction ?
you would not like to have an blocked (bank) account all of the sudden and frozen funds on the account.
you want to diversify your risk when it comes to payments, because you are afraid that your bank-account can be suspended and funds frozen due to fake allegations or any other reasons.
you don't want your government or any entity besides you and the other party to know about the transaction.
you would like to make finally a utility tool out of crypto instead of just hodling it and waiting for moon time :D

There are yet other reasons why you might like to make transactions privately, I could make a whole article about, but it would be too longish. So now let's discuss the payment options !

1. Cash

I guess there will be no wonder at all if I say that the most private way of committing a transaction is apparently Cash !

It's of course not digital form of payment, however cash enables you to pay whenever and wherever you would like to and you have the certainty that those funds will not be stolen. Cash is untrackable, basically government does not track where each coin, banknote is, so paying cash is anonymous and you do not live any digital or trackable fingerprint afterwards.

You could use cash however in multiple cases for digital I will name later.

Tradeoffs: Large amount of cash can be tough to transport, you could not transport such large amount of cash in the airport and you would need to report it. But not only in the airport, if police would stop you and open the trunk they prolly detain you, even if it's not determined by the law of certain country that you're guilty. Also cash can be lost, so you need to take care of the banknotes so you don't loose them.

Cryptocurrencies

As I'm really deep into this industry and I know the standards and behaviors that are common for this industry (similiar to other indurstries) and because all of the ways to pay privately will be almost only rely on crypto-currency in terms of replenishment procedure, issuance fee payment and independent payment procedure (meaning you will not have to rely on another person).

At first I want to emphasize, that cryptocurrencies are still considered as high-risk assets due to their volatility, low capitalisation.

You might think how come, though Bitcoin was lately for 128k $ ?!

It all comes to math and the market cap, the maximal market cap of cryptocurrencies was about 4.28 Trillion Dollars (October 2025), now it's about 2.6 Trillion Dollars, so you see that the market cap gone severely down more than 30% in 6 months, which is fast in comparison to traditional markets.

Also to depict the size of cryptocurrencies in juxtaposition with other markets. At the time of writing the article, Global Real Estate Market is worth about 4 trillion Dollars, Total Gold value is about 33 trillion Dollars, Silver is 4.26 Trillion dollars. It's projected that cryptocurrencies have share of ~2% in Global GDP. So we talk about really microscopic market, compared to the other markets like Stocks or Real Estates.

My take is that cryptocurrencies always will be treated such more of speculative, more volatile than other advanced markets and lesser regulated asset than the others, it always will be such market (unless people understand not to purchase stupid flashy coins, without reading the details and investing in another 100 shitcoins).

One should educate themselves to know what they are doing, before taking any action related to this market whether it goes about first purchase or entering this market should be backed by education.

Here I will provide a guide for beginners with crypto, covering the security, not financial rules. So that regardless of who you are, this will fit everyone.

Because not every developer and especially not every person is acquainted with cryptocurrencies at all. Let's now jump into the details.

Intro, Good Web3 Practices + SURPRISE 🤩

What is Blockchain ?

Blockchain in a short description is a type of distributed system 🌐, a decentralized ledger 📄 of transactions, distributed over many computers that running a specific computer program, these computers are called nodes, maintained by variously named, depending on the consensus protocol the network operates on maintainers (people), for the most popular cryptocurrency (Bitcoin) it would be miners, for Ethereum it would be validators.

For the rest of the explanation I will stick to the word miners. The Miners are giving their computational power to the network to validate transactions on the network made by the networks participants.

Why do miners keep the network on going ?

Their incentive to keep validating the transaction and supplying the network with their computational power is trying to solve computational puzzle 🧩 for something called block, which is basically a stack of transactions, which is pushed ➡️ in certain intervals (e.g. In Bitcoin it's 10 minutes or in Ethereum 12 seconds) to the blockchain as a sealed registered, irreversible change of the balances of network users, if they are sound with previous block states.

What makes cryptocurrencies special 🤔 ?

It offers trustless transactions, and it's durability. Meaning that one Node (a miners devide) that has the last state enables the others to reclaim the state and restart the entire process of validating transactions and mining based on the last state. Also if one Node is down, it does not break the entire network, because as it's said it's decentralized, so there is no central entity governing the network, what complete opposite of current bank system that collapses after one bank's systems shut off.

How big is the reward ?

The reward depends on each blockchain, however in Bitcoin Network, for solving the puzzle correctly, currently the prize is 3.125 BTC + fees from the transactions per block. The prize is algorithmicaly determined to be slashed every 4 years on a halve (that pertains only Bitcoin Network, the more blockchains, the more approaches) which is also named halving. It's designed so because the amount of Bitcoins possible to exist is only 21 million of coins, currently the supply is near to 20 million, thus Bitcoin has the got the name of digital gold, at least so called in mainstream.

What is cryptocurrency ?

It's more trickier with cryptocurrency to explain, because they split on coins and tokens.

Coins, which are the native currency of the network for miners to get their reward in and for network participants to transfer the coins between each other.

And there are tokens, that just programs/code (in the industry called smart-contracts) deployed on the blockchain that should imitate a coin and should have feature just like a coin has. There are of course various types of tokens, but this goes beyond the frames of the article. For more knowledge, I advice doing personal searches.

Where to learn on Web3 ?

I could write about cryptocurrencies more, but for more knowledge about cryptocurrencies I highly encourage to read a book like:

or visit this website and watch the materials, I really enjoyed videos made by that guy (shout out again !)

For those who desire to start with web3 programming, here I can recommend checking out Cyfrin Updraft. They have a ton of courses on web3 programming from smart-contracts for beginners to more advanced topics like work of Uniswap etc.

I also highly advice to contact people or join a crypto community, who already have experience in the market and will help you go into the world step by step, if you're a freshman.

Other useful source of knowledge for new and intermediately advanced people who want to broaden their knowledge, would be to join events and conferences and get in touch with people you are interested in, whether a developer, investor, VC, don't hesitate, just talk to them. So have I got my first work as an ambassador in an RWA start-up I worked for 4 months long.

And of course, there will be as always conceited morons 🤵, who think that if they have a sport-car 🏎 or SUV car 🚙 in leasing and are earning 100k$+ annually, that they are rulers of the world 🫅, but to be honest although those people are indeed a significant fraction of web3, but you should not be discouraged to learn about Web3 only because of them.

So now, as I explained the basics of blockchain and cryptocurrencies, I can explain couple of good practices for the security and privacy of the funds you have. The advice will not contain the financial advice, rather how one should operate in this market in order not to loose their funds.

Rules in Web3 to follow

1 Rule

NEVER SHARE YOUR PRIVATE KEY / SEEDS / MNEMONIC

What it means is that you should not give the access to your crypto-wallet to anyone/anything (website, person), unless it's a verified software for a wallet like Metamask, Phantom. It's more of marketing slogan, because what they mean with keys is your seed phrase more known as mnemonic (12-24 words, that are giving you access to your wallet).

And now Mr. Anonymous 🥷 will come with his educational and technical explanation 🤓 of what is the difference between mnemonic and private-key, public key and address (I read Mastering Ethereum 5 times, somewhere I have to utilize this knolwedge). It's fully optional so if you want to go to next rule, skip it.

Detailed explanation of wallet related terms

All blockchains base on one type of cryptography Public-Key Cryptography (also known as asymmetric cryptography).

Essentially, it's feature is based on the fact that users do not have to share the same key for secure interactions with each other (like sending transaction) as in case of symmetric cryptographic algorithms like 3DES, ChaCha, Salsa20, Trivium, AES-256 and more gibberish names you won't probably understand (and you don't have to now). You actually might recall AES and ChaCha from last article mentioned.

I will explain to you how users can interact with each other on chain, because a lot of tutorials actually screw up explaining this and it's because of misunderstanding of how public key cryptography works.

In order to understand how public key cryptography works in blockchain properly, I need to explain 2 concepts. In blockchain mostly often 2 schemes of PKC are used:

Elliptic Curve Cryptography - for key generation
Diffie Hellman Key Exchange - for key-exchange as the name implies, but primarily it also manages the key generation

Now some of you might scratch your head and recall the previous lines that THE PKC WAS ABOUT NOT USING THE SAME KEY !

And you're quite right, nerdy boy/lady. For being alert, you won ticket to become a cricket 🦗🤣 (just kidding)

What is then the Diffie Hellman Key-Exchange ?

It's a mathematically defined scheme designed for key generation and exchange of them, without creation one asymmetric key for interactions. For public key cryptography protocols to allow participants to communicate, which security relies on Discrete Logarithm Problem.

Luftie, WTF IS DISCRETE LOGARITHM PROBLEM ?

Discrete Logarithm Problem - is a mathematical problem based on difficulty of inversion of exponentiation in finite cyclic groups, the main matter to understand that, for DHKE protocols it is easy to generate the keys, but if you want to invert them it is not feasible given current computer powers (I do not take quantum risk into account, there are of course risks of Shor Alogirthm, that poses the threat to Public Key Cryptography. I will not focus on it in this article).

DHKE Framework

Now in order DHKE to work, it needs 2 elements for set-up also
called domain parameters:

The large prime p - it will be a base for generation of every new key
The primitive element also called generator (I will define it as g) - to define the size of the finite cyclic group

The Key Generation and Key Exchange Framework

Setup:

2 parties willing to communicate with each other without third parties
The large prime number p as a base
The primitive element / finite cyclic group generator g for defining the size of the group

Now both party, I'll name them A and B have compute their private and then public keys.

Now what do both parties A and B do ?

For Party A:

The private key a is chosen, such that a belongs to {2, p-2} set of elements.
Then they calculate the public-key by performing action below

A = p^a mod g

You could ask why isn't the group {0, p} ? It's to avoid results zero values and to ensure there are non-trivial values. A private key of 0 would mean that an individual has no influence on the key exchange process, effectively providing no security. This approach helps prevent predictable outputs and potential attacks, ensuring the robustness of the key exchange.

The same action is performed for B party with only change of the variable names

The private key b is chosen, such that b belongs to {2, p-2} set of elements.
Then they calculate the public-key by performing action below

B = p^b mod g

Now, to allow both parties to interact with each other one party needs to send their public key to the other party and then the receiver party signs the received key with their private key and so has the common key been established without a need of chosen symmetric key, so improving the security of our .

If you're still confused, here a Screenshot from book "Understanding Cryptography From Established Symmetric and Asymmetric Ciphers to Post-Quantum Algorithms, Second Edition", written by Christof Paar, Jan Pelzl and Tim Güneysu.

It's a great introduction to cryptography and definitely worth buying. If you want to learn about cryptography however, but not want to spend money, Professor Christof Paar (that I personally wish that one day I met with him irl) and ignited my passion to cryptography even stronger, has a playlist with lectures on cryptography essentials, so click the link to check it out.

Elliptic Curve Explanation

Elliptic Curve Cryptography (for short ECC) - is a scheme of PKC and just like DHKE, it relies on DLP (Discrete Logarithm Problem).

An elliptic curve itself is a special type of polynomial equation that can be presented on Cartesian Plane just like circle can be, by equaltion of x^2 + y^2 = r^2 and it generates a certain group of solutions, elements that the solution has to be in.

The difference is for ECs that they are defined over a finite field and not real numbers, mostly it's prime field where all arithmetic is done modulo a prime p. The formula for elliptic curve looks as following

y^2 is equivalent to x^3 + a * x + b mod p

There are conditions yet to be fulfilled for a valid elliptic curve:

p > 3
4 * a^3 + 27 * b^2 != 0 mod p And it comes together with an imaginary point of infinity, which goes beyond the scope of the article.

How is the public key generated in ECC ?

The formula for generation of the key is much easier on the first glimpse than what was presented in DHKE. The formula is

pubK = G * privKey

Where G is a base point and the final public key is indeed also a point with coordinates of x and y.

However it's not as easy as it might seem to be calculated and it involves elliptic curve arithmetic and usage of add-double algorithm, which goes beyond the scope of this article.

** For those sneaky guys, who are alert, might say it's easily breakable, just divide The e.g. PubK x coordinate with base point's x and you got private key. And all might be cool, except the fact that ** there is no such operation as division in modular arithmetic** on which modular cryptography bases. There are only addition, substraction, multiplication, inversion.

ECC Arithmetics

Just for those who are curious and those who want to understand the workflow in a deeper level of how Elliptic Curve Cryptography Arithmetic works to generate a public key. There are actually 2 main actions that are performed on elliptic curves and it is adding (for 2 different points) and doubling (for the same points). Now how does is it performed on the curve ?

I allow my self to quote the explanations from the Professor Paar's Book:

Point Addition P+Q This is the case where we compute R = P + Q and P != Q. The construction works as follows: Draw a line through P and Q and obtain a
third point of intersection between the elliptic curve and the line. Mirror this third
intersection point in the x-axis. This mirrored point is, by definition, the point R.
Below you can see how the addition is performed on a curve:

Point Doubling P+P This is the case where we compute P+Q but P = Q. Hence, we can write R = P + P = 2P. We need a slightly different construction here. We draw the tangent line through P and obtain a second point of intersection between
this line and the elliptic curve. We mirror the point of the second intersection in
the x-axis. This mirrored point is the result R of the doubling.

Below I provide the depiction of how doubling is performed on a curve together with formulas to calculate the points.

Additionally, it's worth mentioning that ECC provides the same level of security as discrete logarithm systems with considerably shorter operands (approximately 256–512 bits vs. 2048–4096 bits).

It's on average twice as slow compared to symmetric cryptographic algorithms, but it provides convenience, independence and facilitated way to set-up a common secret key without relying on the protocol, because de facto we are responsible for this key generation, having our private key.

So to summarize: Blockchains use DHKE for key exchange only and ECC for key generation which they next exchange in order to set up and mutual key for communication. Below you can see mathematical notation from Professor Paar's Book:

Seed ? Private Key ? Public Key ? Mnemonic ? What is different about them ?

Now I hope you survived my technical, mathematical, gibberishy explanations and now I can tell you what are the differences according to the terms.

Seed phrase/Mnemonic - A seed phrase or mnemonic is a list of 12 to 24 words that is generated to grant access to a cryptocurrency wallet. The generation process involves taking a private key and adding a checksum to it, which effectively increases the bit length from 132 bits to 264 bits. The resulting data is hashed, and the output is split into segments, each with 11 bits. Since there are 2048 words in the mnemonic dictionary (typically derived from the English language), the segments can be mapped effectively to create meaningful words. Some cryptocurrencies, like Monero, use a longer mnemonic of 25 words for additional security.
Private Key - a cryptographic key used to sign transactions on a blockchain. It grants full control over the associated cryptocurrency funds and must be kept secret at all costs. If someone gains access to your private key, they can manipulate your wallet and transfer your assets without your permission. The private key is a long, random string of numbers and letters, and losing it means losing access to the funds tied to that key.
Seed - it's essentially a hash of the private key combined with a checksum. It serves as a master key that can be expanded into multiple private keys, facilitating the management of a wallet containing various cryptocurrencies. The seed is usually derived from or represented by the mnemonic phrase, allowing users to retrieve their wallet through the mnemonic if needed.
Public Key - derived from the private key through a cryptographic algorithm. While the private key must remain confidential, the public key can be shared openly with others. It acts as an identifier associated with a wallet on the blockchain. The public key is necessary for receiving funds, as it allows others to send cryptocurrency to your wallet.
Address - a short string derived from the public key, specifically taking the least significant 20 bits (at least for EVM chains) of it and hashing the result. This address serves as your wallet's public identifier on the blockchain, where others can send cryptocurrency. Because addresses are shorter and formatted for easier sharing, they provide a convenient way for users to send and receive funds without exposing the entire public key.

After this explanation you should no longer confuse address with public key. Once you make a transaction you pass an address to your wallet not public key.

Personal Story on the rule violation 🥲

It's the most important in my opinion and often forgotten about rule, and I actually also fell victim phishing attack, where I violated this rule.

It was back 2024 as I've been developing my start-up 🛠️

I regularly invested my money in stocks from 2022/23 in stocks and Bitcoin (only bitcoin back then), back then crypto were yet before hitting 100k and one evening as I've been seeking people who are working or are from Switzerland to connect with them, I joined a discord channel of an Swiss Cheese Exchange, where I fell a phishing scam attack because of an fake bot announcement about the exchange collaboration with Opensea 🌏. The website looked neatly at that time (I had no clue what Opensea is back then).

I wanted to see/test out how to mint an NFT, I clicked the button to connect my wallet with the website. However it turned out that the popup was coming from the website (it prolly was some shit of absolute position in css or so) and I passed there my seed because it has shown I had no connection of my ledger wallet with metamask.

I was then shown on their website that something went wrong with the wallet connection and I gave up (it was late night and I was exhausted checking out the internet after work on my project), at the next morning I noticed this:

I invested back then about 4k $, so if I were to sell it at the peak or a bit below like 120k $ / 1 BTC. I do not blame anyone, because it is my fault only I didn't fact-check.

I would have earnt about 210% + on the investment. Of course, now one can only contemplate, but apparently I don't regret I lost those funds. Of course it is a loss, but that also made me realise to set certain rules when it comes to my day to day behaviour.

Rule Number 2 + SURPRISE 🤩

This rule is namely to grab oneself a hardware wallet also known as cold wallet, why is cold wallet such a big deal ?

Let's REALLY shortly explain it. There are 2 types of wallets in web3, Software wallets like Metamask or Phantom that are so called hot wallets and are connected to the internet always. And there are cold wallets which are hardware devices that are needed to approve certain transaction ones you want to perform it in cold wallet's software and so noone can move funds from your wallet if they both don't know your mnemonic and do not have access to your hardware device to validate the transaction.

Cold wallet would be a perfect solution if you have funds that you would not like to loose, like personal investments, savings etc. Hot wallet's I'd rather use it for some daily transactions like below 500$ valued wallets to prevent from bigger losses.

Why to bother really about Cold Wallets ?

In case of software wallets like Metamask or Phantom, the vulnerability lies in the fact that it's always connected to the internet and there might be many cases where you could fell a victim of scam or your keys could be captured by a hacker. Also one never knows if metamask will not be hacked and so one.

The most known companies offering the wallets are
Ledger, Trezor, Keystone Wallet and for sure many more companies.

My personally first crypto wallet was Ledger. However due to many controversies with this wallet provider and uncertainties about security of my funds, and the kidnapping of CEO. I thought on buying a new wallet, but always lacked time to do it finally and there was always something more important to be done.

Here you can see what such wallet looks like (It is jus disasambled by me, no worries you will get a full one :D)

SURPRISE TIME !

Surprisingly, my posts got enough visibility, to get an email with an enquiry about partnership from OneKey company.

And after my research, answering of my questions and check of the company, I decided to take up the collaboration and I have a big pleasure to announce, that I have a partnership with OneKey and with my promo-code: Luftie, you got 10% discount.

They are open-source, so I appreaciate the transparency. They are based in Chin, backed by big names but independent and were not involved in any actions with governments like passing data or data breaches, in 2023 there was an vulnerability found that was actually a hardware bug than the firmware, here you can read on it.

The Model of the wallet, I received is OneKey Classic 1S and it looks as above. I have to confess that not the wallet triggered an impression on myself but rather the quality of the box and how well the wallet was packed with add-ons. Shammy leather inside, elegant box, security tapes to strip off to open up the box + cool stickers and equipment like sheets for your mnemonic 😁 and that's for 79$, they have shown care of every detail and took care of customer experience, whereas my Ledger Nano S Plus was bought for about 80$+ and was just a box with set-up but low quality e.g. stickers box.

The wallet has bluetooth support, so when I was about to confirm the transaction, the connection with e.g. PC is not necessary. This has it's convenience pros, but the one con is that there are cases already that via BLE there were malware spread over AI robots performed, so this is a thing to consider if you want to use it.

The things that only caused for me a bit of issues was that I could not connect my wallet with my Desktop PC directly, because it doesn't have USB-C gateway and when I used the adapter even with bluetooth on, it could not find the wallet and I had to import the wallet via transfering via QR-code.

The other things is the Flatpak-version, because it caused crashes on my Linux devices (at least Desktop) so it would be cool if they would have fixed it and also make dedicated versions for distributions specifically like .deb files, so that I could attach the wallet's software to my panel and access it easily.

They have support for all Operating Systems and what I appreciate an APK file, so that you can download the software from the website and it matters to me, due to google's psychopathic conquerence wet dreams to make u use only apps from official store. Again I recommend everyone to go to Keep Android Open Website !

And they have even extensions for chroemium based browsers, so you can use it in Brave, I would be more than happy however to see Firefox support as well.

The Wallet has also a far more advanced Defi activity-participation detection outside of the wallet's software. So it displays more balances and helps you track state of your defi activity and investments like staking, lending or liquidity. Which Ledger does not.

Overall

After using the wallet for a week, I can highly recommend this, it's far better than what I experienced with Ledger. As a side-note OneKey wallets support also Trezor-modes, if one would be curious about this. So if you search for a new wallet or you start with crypto and are about to purchase your first hardware wallet, OneKey is a very good option in my opinion, especially with my code 🥰

3 Rule, Be Wary of Phishing Scams

Scammers often create fake websites or emails that mimic legitimate platforms. Always double-check URLs and avoid clicking on links from unsolicited messages. Educating yourself about common phishing signs can significantly reduce risk.

The best solution would be to use Browser like Brave and Metamask extension that support scam detection on bigger scale.

4 Rule, Understand the Basics of Blockchain

Familiarize yourself with how blockchain works, including concepts like decentralization and consensus protocols. This foundational knowledge helps you make informed decisions about which projects to invest in and understand potential risks.

5 Rule, Research Projects Thoroughly

Before investing in any cryptocurrency, conduct thorough research regarding its technology, team, community support, and use case. Understanding fundamentals helps to identify potentially fraudulent projects. Be doubtful by default about the projects.

6 Rule, Be Aware of Market Volatility

The crypto market is highly volatile, with prices fluctuating significantly in short periods. Prepare for emotional reactions to market swings; consider setting stop-loss limits or using dollar-cost averaging when investing.

7 Rule, Beware of Fake or Scam Airdrops

Airdrops can seem appealing but may mask scams. Always validate the legitimacy of the project offering airdrops by checking their official channels. Never provide your private keys to claim an airdrop.

I myself have plenty of scams ERC-20 tokens and NFT-721, here an example of one pointed out in the red circle.

8 Rule, Understand Transaction Fees

Different blockchains have varying transaction fees based on network demand. Familiarizing yourself with these costs can help in choosing the right time to make transactions without losing excessive funds to fees.

9 Rule, Backup Your Wallets

Regularly backup your wallet data and store it in a safe place. This ensures that you can recover your funds if your device fails. Create multiple copies and consider encrypting sensitive information for added security.

NOW, enough of the stuff and into details of private payment options we go !

Privacy Coins

First option of private payments with cryptocurrencies are indeed those coins, whose base on blockchains with enhanced privacy algorithms. And this section will be about privacy coins indeed.

** Important ⚠️ : In 2027 European Union is about to implement a "ban" 🤣 for privacy coins. Meaning from all the exchanges operating in EU, the privacy coins like Monero (XMR), DASH or ZTrash 🗑... eh sorry, ZCash will be delisted from the exchanges.

That's why one would need a VPN, noone should decide about what one would should what should not purchase when it comes to assets in which one allocates their money. And next article from this series will be indeed on VPNs. But as you will discover later on you might not need VPN 😉

1. Monero

The golden standard for privacy coins, the most well known, the best privacy coin, the most adopted privacy coin. So could Monero be described and here is what is it's features and why it's so good.

In the service kycnot.me you can find the services that accept monero and you can pay monero with.

What is making Monero so private ?

Ring signatures - are the foundation. When you send Monero, your transaction is mixed with multiple other transactions from the blockchain—typically 16 decoys by default. To an observer, it's impossible to tell which transaction in the ring is actually yours. The ring signature proves you authorized the payment without revealing which of your past outputs funded it.

Stealth addresses - handle the receiving side. Instead of having one public address where everyone can see your incoming transactions, Monero generates a unique one-time address for each transaction.

*RingCT (Ring Confidential Transactions) * - hides the amounts. Without RingCT, ring signatures would still leak transaction values, allowing someone to statistically determine which transaction in the ring was real by process of elimination.

Privacy guarantee: All three layers are mandatory and automatic on every Monero transaction. No user choice required. The sender, receiver, and amount are all hidden from the blockchain.

HOWEVER ! Despite the strong cryptography, Monero is not perfectly anonymous in practice. The vulnerability is not the on-chain protocol, but metadata leaks: IP addresses, exchange deposit/withdrawal timing, wallet fingerprints, and behavioral patterns. Thus next article on VPNs will be adviced to read.

2. ZCash

This cryptocurrency seems to play as "the second best", but as already Micheal Sailor said: "THERE IS NO SECOND BEST !", this pertains privacy coins.

Personally I never owned ZTrash and never will do, because it's not genuine Privacy Coin as it does not enable privacy by default, last year it's been pushed with marketing everywhere and was backed by Grayscale VC in my opinion only to suck the wallets of investors dry and generate a narrative.

ZTrash..ekhm, sorry ZCash privacy layer relies on Zero Knowledge Proofs Cryptography, namely a scheme of SNARKs (zero-knowledge Succinct Non-Interactive Arguments of Knowledge, don't fucking worry idk myself yet what it exactly means 😁, but therefore I'm here to learn and educate)

A zk-SNARK is a mathematical proof that lets you prove a statement is true without revealing any information about the statement itself. The proof is "non-interactive"—you don't need back-and-forth communication to prove something is valid.

This is theoretically more sophisticated than Monero's ring signatures. The cryptography is stronger. However, ZCash has a fatal flaw: privacy is not mandatory.

Privacy guarantee: Only if you manually select shielded z-addresses. If you forget, your transaction is as traceable as Bitcoin. The cryptography is potentially stronger than Monero, but adoption is so weak that practical privacy is minimal.

Law enforcement reality: The privacy feature exists, but most people don't use it.

Thus for me it's ZTrash :D Imo, avoid if possible to use this spy-coin 😘

3. Canton - Privacy for Institutions

Canton is fundamentally different from traditional privacy coins because it's an institutional blockchain designed for enterprise use, not pseudonymous privacy. It employs a "need-to-know" privacy model built on the Daml smart contract language.

The key innovation is stakeholder-based privacy: only parties explicitly defined in a smart contract (signatories and observers) ever see the transaction data. The system separates "content" from "ordering"—your participant node stores and validates full, unencrypted contract data, but the sequencer (which orders transactions) only sees encrypted metadata and hashes.

How Private Are Payments ?

Payments on Canton are private from public observers and competitors, but not from regulators or law enforcement. Canton achieves sub-transaction privacy, meaning complex multi-party deals can be broken into smaller private pieces where only relevant parties see their portion.

For example, if Bank A and Bank B are swapping assets via a central bank, Bank A and Bank B can exchange private details that the Central Bank doesn't need to see. However, Canton is explicitly not anonymous-by-design.

Who Sees Your Payments ?

Only the parties you define in your smart contract see your transaction details. A regulator can be added as an "observer" at the contract level for real-time, read-only visibility without exposing data to the market.

The network uses techniques to mask metadata patterns to prevent traffic analysis. Since Canton requires institutional participation with identified entities (financial institutions, market infrastructure providers, etc.), there is no pseudonymity—your identity is known to the system.

Is Your Balance Publicly Visible ?

No. Your balance is private within your participant node. Canton uses Amulets (UTXO-style contracts) rather than account-based balances, and these follow the same privacy rules as any other asset on the network—only relevant parties can see them. Unlike public blockchains, there is no single global state visible to all.

Law Enforcement and Blockchain Analysis risks

Canton is highly traceable by design because it prioritizes regulatory compliance. The system includes built-in auditability and selective disclosure mechanisms. A law enforcement agency can be granted observer access to relevant contracts, providing complete visibility into those transactions.

Because Canton serves major financial institutions (Goldman Sachs, HSBC, BNP Paribas, DTCC, Deutsche Börse) that already maintain extensive AML/KYC compliance, the infrastructure for law enforcement investigation is inherent to the protocol. There have been no known cases of law enforcement struggling to identify Canton participants because the entire design assumes institutional identity and regulatory oversight.

4. MobileCoin - THE ACTUAL SECOND BEST !

If we were to estabilish some SECOND BEST PRIVACY COIN, Mobile Coin deserves it fully in my opinion, here is why.

MobileCoin combines technology from Monero and Stellar, using CryptoNote technology alongside zero-knowledge proofs to hide transaction details. The core cryptographic layers are:

Ring signatures (using MLSAG/CLSAG schemes) - hide which output is actually being spent, creating sender ambiguity

One-time addresses (similar to stealth addresses) - prevent linking outputs to a known recipient address

Ring Confidential Transactions (RingCT) - conceal amounts while preserving verifiability

Intel SGX - secure enclaves running on validator nodes to protect transaction processing.

Transactions are validated in SGX secure enclaves using a consensus protocol adapted from Stellar's Federated Byzantine Agreement. Everything is written in Rust, separating it technically from Monero while maintaining similar privacy principles.

How Private Are Payments?

Payments are cryptographically unlinkable on the blockchain—blockchain analysts cannot connect sender to receiver from transaction data alone. The transaction recipients are hidden through one-time addresses that cannot be linked back to the recipient's actual wallet address. Amounts are hidden using RingCT. However, Signal (the messaging app integrating MobileCoin) itself can see behavioral metadata: who you're sending to, when, and how frequently, though not the transaction content itself. This is a critical distinction between on-chain privacy (strong) and metadata privacy (limited).

Who Sees Your Payments?

On the blockchain level: nobody can identify the sender or receiver from transaction data alone. The recipient's identity is protected by one-time addresses, and the sender is obscured within a ring of possible signers. However, Signal knows the timing, frequency, and recipient patterns of your financial behavior, even though it cannot see the actual amounts or transaction content. This means Signal could provide this behavioral metadata to authorities if compelled.

Is Your Balance Publicly Visible?

No. Your balance is completely private. Only the blockchain contains UTXOs and key images; no addresses or balances are published. However, anyone with your private view key (which you can share for auditing purposes) can see your incoming transactions.

Law Enforcement and Blockchain Analysis

MobileCoin transactions themselves cannot be traced via blockchain analysis because of the cryptographic protections. However, law enforcement can compel Signal for transaction metadata (timing, patterns, recipient information).

The weakness is not the coin itself but the application layer: Signal's servers maintain records of who sends to whom and when. Unlike true decentralized systems, MobileCoin transactions on Signal go through Signal's infrastructure, creating a record even if the blockchain itself is private.

There have been no major publicized cases of law enforcement successfully de-anonymizing MobileCoin transactions on the blockchain itself, but this is largely because MobileCoin has limited adoption and is primarily used within Signal.

However when it comes to an risk of Signal revealing some information about your balance or wallet whatsoever, I guess (check it on your own) they will have everything encrypted and agencies will have troubles detecting detecting the person anyways and likely will not succeed.

My take on privacy and psuedo-privacy coins

For the privacy and security of yourself, stick to Monero and MobileCoin and avoid usage of pseudo-private protocols. In time of October 2025 - January 2026, there was a huge boom on privacy coins market, there were new protcols like GHOST or MIDNIGHT announced and the narrative was pushed strongly to drain people's wallets and it ended up as always with a huge dump.

One important thing we should understand is that, those assets will be volatile and we have to embrace it and have no remorse when e.g. we paid for something with XMR and the price of XMR raised, then such feeling of "Oh fuck, I could have waited to pay less" happens to everyone, but think of it as you would e.g. purchase the headphones for 100$ and after 2 months after purchase, then the price dropped to 85$, would you have remorse of having spent to much ? Well likely not, because you enjoy the headphones technology work and it was worth the price and you live further, no big deal.

Where to but crypto-anonymously ?

Of course if you would like to have cryptocurrencies and you have only fiat, you first need to purchase crypto obviously. But how can you purchase anonymously ? Here I have found approaches you could do.

P2P Exchanges

These types of exchanges are connect you directly with a person who wants to sell their assets or want to buy some assets, instead of automating it like Centralized Exchanges usually do, disabling you from direct contact. In order to make a trade however often a deposit is needed in some currency, in order to allow you to betray the seller.

And other one, that I found out about at the NBX event I was and it's prolly more focused sadly only on polish customers but Spot.Club seems to be interesting. It's not working yet, but it is about to be launched.

Also there was an CEX that offers privacy preserving solution namely Kanga, a polish exchange offers Kanga-Local, where you can meet in person with the local person and purchase/sell your crypto.

It has it's pros such as possibility to connect with the person and make a relationship, become friends and do something together, but the trade-off here would be the fees to be paid.

As it will turn out, PRIVACY COMES AT A PRICE ! Price in terms of finances, convenience, social-acceptance (normies might treat you as weirdo) and other layers of where you would need to pay the price of being different.

The other risk is that the person might be undercover agent or officer that could gather data on you and accuse you and all of the sudden ruin part of your life, it happens, it's not often but it's good to keep it mind.

I mention it because there are far more cases of innocent people, who try to keep themselves away from government or they are preaching their opinions that are not complimentary towards surrveilance-apparatus of governments.

To emphasize it: I'm not supporting criminal activities, I condemn and despise people performing any illegal action, but I condemn even more "legal" actions that violate freedom and privacy of regular people.

ATMs

On the time of writing there are yet places where there is a limit upto 1000 Euro value transaction to deposit/withdraw from the ATM, so checkout if it's available in your country and if there are any distributors of Crypto ATMs.

Exchange Points

In Exchange Points (ger. Wechselstube) you have the same opportunity in some countries in EU yet to make a deposit/withdrawal upto 1000$ value. But from June on it is about to be

Alternative Crypto

By design, cryptocurrencies were about to liberate people from banks and centralized institutions. By having an (pseudo)anonymous network, people were supposed to make transactions without a trust to the 3rd party and even the person we make the tx with.

And although the first one is partially achieved, the second one has been screwed up and currently if you go through KYC on an exchange in any form you can at most remain pseudo-anonymous, and if you do full KYC then it's just as though a woman (or man, coz people might squeek in the comments that I'm misogynist) would say they care about their privacy, but walks out in transparent clothes outside, hope you get the point.

However, as mentioned earlier. There STILL (26.04.2026) are in some places options available to remain private without identification requirement.

Most blockchains are transparent, therefore by chain-analysis law-enforcement can easily determine which wallets are yours together with CEXes support.

And here are suggestions how to preserve anonymity in public blockchains (use EVM-chains, Bitcoin or Solana for convenience):

Coin mixing services

Mixing or tumbling services pool transactions from multiple users, breaking the link between input and output addresses. Services like Tornado Cash (though now sanctioned in some jurisdictions) or CoinJoin for Bitcoin shuffle transactions together, making it harder to trace funds to their original source.

Address separation

Create new addresses for each transaction rather than reusing the same wallet address. This prevents someone from linking multiple transactions to a single entity, though sophisticated chain analysis can still correlate addresses with patterns.

Use multiple wallets

Maintain separate wallets for different purposes (trading, savings, donations) and avoid sending funds between them in traceable ways.

Non-custodial solutions

Self-custody with hardware wallets means no exchange holds your identity data, though KYC (Know Your Customer) requirements at on/off-ramps still create on-chain entry points traceable to you.

VPN and Tor

Route your blockchain activity through privacy tools like Tor or a VPN to hide your IP address from node operators and observers monitoring network traffic.

Non-KYC CEXes

If you have already some crypto and you want to trade it or purchase e.g. coins that are not available in P2P and you want to use CEX, there are CEXes that allow you to use it without going through KYC, email is enough (use aliases ;D for that)

Such exchanges are e.g. HTX or CoinEx

Virtual & Physical Cards

The most desired option to pay and acquire goods is to have a card with some fiat. And here is where Visa/Mastercard Prepaid Virtual or even Physical cards come into play. This comes with certain risks which I will describe, but for now I want to focus on the products specifically.

I just want to emphasize the fact that it took 4 days, with 4 days in a row sleeping on average 3/4 hours a day to make this ranking/list. A lot of other articles on the internet are outdated and most of the products turnt into KYC-required cards or were just non-KYC the same as ZEBEC is.

There are a lot of scammy non-kyc cards providers, that after linking you to the provider to activate the card, they require KYC there. One of such companies is ZEBEC (I still wait for my refund 10$ 😘), that does not require KYC from you on their side, but when you get your activation token with link to third-party, either pass the ID or you got rekt.

That of course is nicely inserted in terms/privacy policy in one of their points:

Third-Party Services & Wallet Control Independent Partners Some features rely on independent third parties such as: Wallet providers Card issuers Payment processors Blockchain networks Staking providers Banking partners These companies operate separately from Zebec and may have their own rules. We do not control their operations and cannot guarantee their performance or availability.

And it occured in 10+ cases with other providers/softwares. The inferrance is simple, READ FUCKING TERMS AND POLICIES ! If not all, then filter it out to check parts you are interested in by searching for keywords (CRTL + F) and discover what the app legally is.

Laso.Finance

First there will be Laso Finance, probably mostly known No-KYC card issuer.

And they offer only one time load cards, so the cards are not reloadable, basically the amount you will be willing to spend, so much only you will be able to spend. And you cannot top-up again.

Laso Finance supports a lot of tokens from 3 chains EVM, Solana and Stellar (Beta).

They offer 3 types of cards:

US Only card - Basically a one-time load card, that you can attach to your digital wallet and pay for products. Payments are possible only in US.
Push to Card - This solution is not a card, rather a tool to replenish your debit card e.g. of your bank or any other card provider with cryptocurrencies without KYC. And usefull for crypto-offramp without KYC, recurring payments, ATMs withdrawals, etc.
- International - This card has the same terms as the US one, with the difference that it has a 3.8% from the initial card load (min 100$ - max 1000$)
Canada Card - The same card type as US and international one, enables you to spend canadian dollars without a fee.

Feature Comparison

Feature	Wise (Multi-Currency Card)	Push to Card	Internationalp (USD)	Canada
Deposit Fee	None	4.8%	3.8%	None
Transaction Fee	None	N/A	None	None
Withdrawal Fee	14%, $10 min (if possible)	N/A	14%, $10 min (if possible)	14%, $10 min (if possible)
Minimum Order	$20	$10	$100	$20
Maximum Limit	$1,000	$9,541.98	$1,000	$1,000
Apple Pay	✓	✗	✓	✓
Google Pay	✓	✗	✓	✓
Reloadable	✗	✗	✗	✗
Automatic Balance/Transaction on Updates	✗	✗	✗	✗
FX Rate	N/A	N/A	-2%	N/A
3D Secure (3DS)	✗	✗	✗	✗
Daily Limit	N/A	N/A	N/A	N/A
Monthly Limit	N/A	N/A	N/A	N/A

As in other cases, there is a list of countries where the product is not available, thus I advice to familiarize yourself with the list before purchasing. The list on the picture is trimmed.

Privacy Gateway

This is non-kyc virtual card provider but besides that they also have their bridge for any coins/tokens to purchase or sell XMR for other crypto, they have plenty of available tokens/coins you can exchange on. I will focus however only on the card this time here are the features that the card offers:

The card it's self that they offer is re-loadable and they have chosen a different approach when it comes to business model compared to the previous options. So you can actually reload this card as much as you would like to and enjoy private payments.

Card Features

✓VISA virtual card

✓Instant card issuance

✓No KYC, just name and email

✓$10,000 monthly limit

✓Tap to pay worldwide

✓Add to Google Pay

✓Apple Pay (coming soon)

✓3DS support

✓0% fee on USD purchases

✓3.5% loading fee

✓24/7 support

No Samsung Wallet Support (checked personally :D)

And instead of some one-time payments they decided to run a subscription model, they charge 5$/mo (currently there is a discount from 10 $ dollars a month)

No other fees included.

How the Card Purchase Works — Step by Step

This explanation comes from official PrivacyGateway.io Support, after contacting them.

Choose your amount
Pick one of the fixed denominations: $250, $500, or $1,000.
Enter your details
• A name (this is what gets printed on the card — it doesn’t have to be your legal name)
• An email address
• Choose your payment method: XMR, BTC, LTC, SOL, USDT/USDC (POL) — and we keep adding more!
Send crypto to your payment address
You get a unique deposit address and an exact crypto amount to send. The amount already includes the 3.5% service fee.
Card is created after a few confirmations
Once your transaction gets enough blockchain confirmations, the system automatically creates your virtual Visa card. You receive a 32-character access hash — this is your only credential. There is no account, no password, no email login. Copy it and save it.
The swap happens automatically
The system automatically converts your crypto to load the card in USD. You do nothing.
Card goes active
Once the funds arrive, your card balance updates. You log into your dashboard with your access hash to see the balance.
Reveal card details
Click “Reveal Card Details” to see your full card number, expiry, and CVV — and you’re ready to use it!

I have to express my gratefulness to the Privacy Gateway Support, who has given me possibility to test out the card on my own and check, if the card will be supported by Samsung Wallet (as I decided to test my setup for private payments): Samsung + No SIM-CARD + dumb email + digital wallet (optionally VPN with thetered internet from my other one) as shown below (yes I glued over the cameras, lol):

And for that money as a genuine tech-jounalist I grabbed my free meal, so thanks Leo 🫡 for giving me the opportunity. So did my meal look like, absolute aristocracy 🙌

Btw do not allege me with being bribed, because if the product would not work or the support would not be so transparent about helpful, I would not put it on the list.

My Take : This is a very low-budget, reasonable option to get started private payments with and to use on a daily basis for expenditures. I personally will soon think about using their product.

Goblin Card

I have to confess at first, I was skeptical about this product because of the fact that it's the only PHYSICAL card that is non-kyc. And you might also have such an impression ? But therefore I gone and asked questions about the details of how the products work, I watch materials available and research the internet and not blindly copy paste from Gepetto-AI or any other Clueless Models (just kidding, lol).

I also faced a bit of behavior, words from people in the group, that I was not about to expect and they weren't nice experiences. However, with the support of Goblin Cards, we jointly clarified everything and all my doubts got resolved. Shortly describing the company, it is a company based in Mexico, with small team, originally being and OTC exchange transforming into an card provider, which as the founder said was natural move.

People might yet be skeptical about the location, but a lot of that has been explained in the podcast by the founder (check it out).

Really interesting stuff to learn about the financial system. The names of the systems like SPEI or Archus caught my interest and I will definitely read about it in my free time). The company attended Monerotopia event in Mexico and intend to be active in that space as well.

I must say that my suspicion was wrong, already after I watched the interview, I had an impression of being wrong. I mean the founder was too transparent and shared so many details about how their product works, that some stupid big-tech CEOs would not share. So I decided to ask directly and clarify it.

How is this legally compliant ?

It bases on physical reloadable PREPAID mastercard cards. The PREPAID adjective to this card makes the situation turn 180 degrees. Because if it was a regular card just like offered by Revolut or any other FinTech, then it would demand KYC/AML.

However, due to the fact that it bases on prepaid cards, just like those one can purchase in a mall, gas-station next to gift cards. It makes it fit completely different category of cards. That's how I understood the compliance.

And the fact that it's both reloadable and prepaid, makes it work and there are people who are actually satisfied with their products on SimpleX or Telegram chat and they offer a great support. Shout out to the Goblin Cards support for collaborating to make this article exist 😎

And to me, it makes sense and I really support such initiatives. If there is a grain yet of the free market and this approach is not forbidden, then it's allowed and noone should be treating them as criminals or shady guys.

In Europe the VISA or Mastercard prepaid cards are barely if at all visible or accessible and it sounds strange to a lot of people. Whereas in US or in countries in the south-america and mexico, those seem to be very popular and often used.

If you want to watch a video on the steps and see that the card works, there is an hindi guy with guideance and PoW of this card at ATM, you can turn on the automatic transalation (don't forget to like if you enjoy and write some shout-out from me 😁) !

How does the workflow from order to activation work ?

*Explanation provided by official Goblin Cards Support.

Purchase the card,
Send shipping address
Receive the card
Message support to activate
Receive login instructions
Proceed to deposit via bot and spend

That are six simple steps, that are allowing you to reclaim the control over your finances and keep it private, independent of banks.

Product Details

Card type: Mastercard Prepaid Reloadable (Physical)

∙ $5,000 USD daily spending limit
∙ $25,000 USD monthly spending limit
∙$500 daily ATM withdrawal limit
∙ Balance maintained in Mexican Pesos
∙ Chip + contactless (tap to pay)
∙ Shipped via UPS (3–5 days worldwide)
∙ Dedicated app for balances and transaction history

Pricing

∙ Card: $350 USD one-time
∙ Deposit fee: 3.5% (XMR: 4%)
∙ Renewal: $100 (after 3 years)

The coins they support for deposit and pay for the card is basic, but solid: BTC, SOL, ETH, USDT, XMR

My Take: I would be keen to buy this card after like 1/2 years of usage of the virtual card provided by PrivacyGateway.io

This solution looks very promising, but we never know what the future regulation might look like and if such solution would not be basically be banned either in EU or somewhere else. But definitely good for diversifying source of payments, if one gets blocked I can use the other.

Shout out to the Goblin Cards support, who answered all my questions and resolved doubts.

TroCador

A service that offers variety of private solutions for payments like cross-chain swaps, bridges, anon donations (to implement for devs), gift-cards to be purchased. However we will focus this time only on the visa cards and how can we pay anonymously.

Trocador offers up to $1000 prepaid visa cards. There is no limit on the number of cards you can buy. You can top-up this card with any cryptocurrency available in Trocador, they support Bitcoin, XMR, ZCash, MobileCoin, Ether, Solana, their tokens and many more (checkout their site)

Issuance fee: 3%, depending on the provider.

2-Monthly payment: 2.5 $

Tx fee: Instead of the usual 2% Currency Conversion Fee, they charge $0.75 for each non-USD transaction

Prepaid Card Providers

MyPrepaidCenter (US Only) (US Dollars) - as the owners of the service say, it might be also used anywhere else but they do not guarantee it will work (likely will not).
Prepaid Cards Provided by Reward (US Only) (US Dollars) - the same as previous option.
Prepaid Cards Provided by Swype (US Dollars) - Available internationally.

Trocador issues a card from 3 different card providers:

Transactions in different currencies than that of the card may incur a currency conversion fee by the card provider (usually 2% or $0.75).

The discomfort might come for VPN users as they will be blocked from redeeming their cards and you would have lost your funds (not worth it, buddy :( )).

Stealths

Stealths as their competitors besides offering visa/mastercard prepaid cards, it also has e-sim card plans and gift cards in their offer. But as said before, here I focus on payment cards only.

There are 4 types of Cards that they offer:

Visa Gift Card (Only US) with upload topup from 5 to 1000$ only one time
American Express Gift Card (Only US) topup from 5 to 3000$ only one time

Here are the details of those products:

This product is delivered automatically.
Card activation code and instructions will be added to order page.
American Express gift cards are issued by amexrewardcard.com
It's possible to view transaction history and balance details on card issuer's website.
Location to use: Only US
Cards are issued by U.S. bank and card currency is USD (Amex).
Support of Digital wallets (Google Pay, Apple Pay, etc.): Yes, But digital wallets checks your IP and trust scores, so we don't guarantee you can link it.
support 3D secure: No. Some merchants may decline the transaction for this reason.
ATMs or recurring billing: Not allowed
Online Acceptance: limited, you are advised to test the product with low amount at first.
Expiry time: 6 months (extension and reload not available) .
You should not redeem more than 2 gift cards from same device in 24 hours.

Fees

5% of the card top-up amount or minimal 5$ ## Reloadable Cards

Stealths also offers reloadable prepaid cards. One of the product is Rewarble Voucher

Rewarble Voucher

Fees: min 5$ or 7.5% of the amount topped up.

Details for the product:
Delivery: automatic, comes together with

Support for Problem: Rewarable (MasterCard) / Visa Support

You need to activate card after purchase. Card issuer will ask for email and address. It's not allowed to use VPN on redemption, you should provide a valid email address.

Issuance of first prepaid card on Rewarble is free, additional cards and reloads cost 4.5% + $1.99. For more details on pricing, check their website.

It's possible to view card balances and transactions on the issuer's website.

Rewarble offers multiple prepaid card options, we recommend "Suna Mastercard" product. Card availability and mobile wallet acceptance might be limited in your region. It's recommended to test with small amount first.

You can use Rewarble voucher code to reload existing card.

Cards are issued by U.S. bank and card currency is USD. Card supports foreign transactions, FX fee may be charged by card issuer.

Rewarble cards are valid for 7 days (+ another 7 days with free extension) initially, after validity period it costs $1.49/mo to keep card active.

Single-Use VCC (High Limit)

Intial topup: min 500$ - max 30k $
Fee: 8% or minimum 40$

Product Details

Delivery of this product is manual. Please do not create order without contacting us, delivery is possible in work hours.
This is a virtual card, not a prepaid card. Virtual cards have higher approval rates.
The card is not for long term use, you need to spend the balance in the same day you receive card details (up to 3 transactions allowed).
Card currency is USD. It can be used internationally with different currencies. The bank charges 2.5% fee for non-USD transactions, please keep that in mind.
The card supports 3D secure. It works on most online merchants; including PayPal, Amazon EU, Stripe checkouts. It does not support mobile wallets.

Terms of the card are available in this link for more info.

BitRefill

It's a marketplace with a variety of gift-cards and products (e.g. E-SIM cards, Phone-refills) you could purchase with crypto. They do not support Monero or from privacy coins, they support only DASH. They support as the name might suggest, Bitcoin, Ether, Solana, LTC, DOGE, TON, SUI and USDC and USDT

How their business model works, is that they apply a fee to your final checkout, when you are about to pay.

How do they earn money ?

From the example you can see they apply some fees to the final checkout. They have lower rate of ETH/EUR pair (at the time of writing it was 2049.65) and there it's 2031.30. So allegedly they charge ETH rate + about 1% fee (222.08 Euro in total), but they can sell it on the market for 224.10 Euro (just as an example, if they would have sold it after the payment would have arrived how the money would be made). So in total they earnt about 2%

The fee might vary depending on the selected coin/token to be paid with.

My take: This product would be used by me in case I would like to gift someone a b-day a gift card, or if I would like to pay for booking or AirBnb wihout attaching my card to their service.

LinkPay

It's a virtual visa/mastercard card provider, that issues cards for specfic usage like to spend for ChatGPT subscription, Netflix.

I messaged the support with request for clarification, what card can be purchased without KYC and here is the answer I got.

Without KYC verification, you can still use basic operations with Linkpay, but there are limitations. The monthly spending limit is $500, and only advertisement cards are available for issuance. Verification is required to increase limits and enable full card functionality.

Verification in Linkpay increases your limits and enables full card functionality. While basic operations are available without it, verification is required for higher limits and extra security. Here are the verification levels:

No Verification:
Monthly spend limit: $500
Only advertisement cards are available.

Basic Verification (Email and other details + ID Upload):

Monthly spend limit: $2000
All cards are available except Apple/Google Pay.
Requirements: Full name, address, and valid ID details.

Unlimited Verification:

No limits on spend or card types.
Requirements: Valid ID photo and passing a live check.

Other Cards (to personal verification)

Above were all card solution presented, that I accessed as legal, not shady, plausible. As I said before there were a lot of cards, who seemed to by non-kyc only, but there are solutions where I had issues to access them if they are scammy or not. Thus I list it here, so you can check it on your own.

BingCard
KardPay
Veil (this one really looks sketchy, similiarly to Privacy.com design, almost all scam opinions on trust pilot)
XHype
Solcard - Although it looks fully legit, their privacy policy and terms of usage didn't allow me to determine whether they their 3rd party does require KYC or not. About the product they offer, they offer a reloadable virtual card.

The offer of this card however is very limited, and if you have the virtual card without KYC, you are not able to attach it to your digital wallet. Here you have the details on the product they offer.

Below you got a screenshot, where they advertise themselves, having non-KYC card:

Again any action you take, you take it on your own, do not allege me afterwards if you loose money and don't come to me whining you lost money, I warned you.

Other Option to pay anonymously/pseudoanonymously

Other methods I thought about to preserve privacy are:

Pay someone cash to pay for the money transfer from their account

Solution that perhaps is the most ridiculous, but having a bank account would be a.....

LET ME FINISH, OK ? DON'T KILL ME YET 🫣.

Having a bank account in a countries without CRS, so that your financial activity stays in that country and is not reported to countries that request the data about you. Cambodia is one of such countries, that offers friendliness towards cryptocurrencies and are allowing people to pay and purchase goods with cryptocurrencies. It of course will demand you to provide your government-ID to open an account, however due to the fact that only you and your bank know about the transaction, some minimal privacy remained, but still not fully private.

Also an interesting fact, Cambodia's National Bank launched Bakong, a blockchain-based digital payment system, which represents one of the most prominent real-world implementations of blockchain technology in a national banking system.

The system was designed to achieve three key objectives: improve financial inclusion (Cambodia had ~78% unbanked population at launch), modernize digital payments infrastructure, and reduce reliance on the US dollar in everyday transactions.

I find it's bold and I find it banger-news ⚡

Again I mention Cambodia, because I reminded myself about the talk I had pleasure to have with people from Relocatify at NBX-event, shout out to them 🫡 !

Summary

Phew..., it's been quite a long ride, didn't it ? I hope you did enjoy the article and it was insightful to you, if so please leave a comment and a like. If you have suggestions what to change, please share it in the comments.

If you're about to purchase your first wallet or a new wallet, you remember to checkout OneKey product and with my promocode: Luftie, you get 10% discount on all products available in their shop, but also 10% off on fees on perpetuals and defi fees like staking etc.

Once again, I want to express my gratefulness to OneKey team, that they noticed me and believed in me. That means a lot to me, because such things do not happen to all of small creators and I got noticed and I'm happy about it, which only propels me to create better content for you.

Donations

As I promised above, here you have the addresses to my wallets for certain chains, if you want to send some coins/tokens to support me, feel free to do so. I'll be more than glad and you can send me the message on Signal (you can also use Telegram, but please avoid it, I prepare to remove my account from there. I'm fed up with it's flashiness, people that are running scams there and hoes with their channels)

Crypto Addresses:

Monero (XMR): 44mBpaeJSuxTSFTXRxAb289mNiPgHTk6tMaKXPjg2DNQMbmxP1dFA86Q9QnHoU8T62XhQputbGkESiQBD31QrtfN377wGD3

Bitcoin: bc1q5dxqaf2xva57rlac8gj5g3apmm0edvanvscyhw

Ether (ETH): 0x524C676f9e31b6a4CaE067c41d01E9878b7FF14B

Solana (SOL): DgsvUBEvQdQVk7bxQSA2cEjFuJRwMFokeGbMXtq6MY4X

Mobile Coin (MOB): 7xB623noRRqqMxbTwqvbJWfcpycYyWEvWQAALigKn4VrwhuHZxsFP4Xkexp5MyK53pE8mfomXzDPaLXuwuQPw8RNveTQDSEuDQcPopv6Foyfei6DCkzJJx1j68j4xuXRQ94Q4SoC22vRMWKA58eNmvG2Nx2sy6wY1pu7ZzZTozYqL1vEDzGK1ajGNB9VLxppXarkpw3kBjUVbtjYzWo2iENpBpfVQ4tXaetUiGrv7EvPDa

Once again. If you donated on one of those addresses, thank you very much for your support 💜

Privacy and Security Setup to use in 2026 (Messengers + Mail) PART 2

Luftie The Anonymous — Tue, 21 Apr 2026 22:00:00 +0000

Gm Hackers !

In recent post, I presented to you what Operating Systems to use, Browsers and search engine. This time we're going into something that also pertains every internet user and namely the communication 📞

Luftie The Anonymous

Apr 17

Privacy and Security Setup to use in 2026 PART 1 (OS, Browser, Search Engines)

#discuss #privacy #tooling #security

Comments 4

31 min read

If you did not read my last post, do it before reading that one, by clicking above 😁

Over what channels/apps should you actually communicate anonymously ? This post will cover the essentials to start using more private tech. But before..., I have something relevant to announce

IMPORTANT ANNOUNCEMENT ⚠️

In September 2026, Google plans to officially block any app that does not belong to a developer, who do not have an account in Google Play Developer Console, haven't uploaded their ID there and paid a fee.

From someone who is kind of a normie guy, does not care about the tech, surrounding world and their only worry is about to be right on time to watch their movie in TV, it might sound as a rational argument, they want to prevent android from having malware/spyware/scam-apps on their systems, thus they require their ID and pay the fee for app deployment and demand the apps to be deployed only via Play Store.

Whereas on the other hand, Android natively with google is the biggest malware and spyware together with Microslop OS (known by Normies as Windows).

By default your Google Play Services have access to all your accessories in the phone like camera, microphone and location. So if you do not turn them off, there is more chance your data is gathered, misused and sold. In such way, you are controlled by the technology and not conversely.

Why it matters ?

The opportunity to build, launch your apps on android without needing to pay fees, load your ID to the Third-party company that is prone to frequent breaches and is has the worst products that could be ever given is exactly the normality the user and developer wants to have.

Developers can independently deploy their apps without needing to have any financial commitments or needing to identify themselves to a third-party company.

Think about programmers, youngster coders from African Countries (I have many friends from Nigeria (shout out to all my Nigerian brothers 💚, you're phenomenal hard-workers. I love you all)). Do you think they will have enough money to purchase a subscription and simultaneously keep their life at the standard they have without any external support ?

I truly doubt it, of course for some it would be feasible, but I hear personally how those people are misused and paid slavery-salaries and try to handle somehow the money for another data packages (they do not have wi-fi, you white-trash morron 😘).

Another thing is that the app might not comply with often imaginary Google Play Requirements to push the app to be visible to the Store.
For now, indie mobile app devs simply can attach an .apk to their website/webapp and let users download from there, which is actually a common solution on the internet e.g. for games.

From the other perspective, it also is a violation of freedom of users of phones with custom ROMs like GrapheneOS or LineageOS, but also the average pure android user, that should decide themselves and take the risk on their own where they want to download their apps from, and it should not be estabilished by only-profit driven company, that is seeing the competition in solutions like FDroid and wants to have a monopoly.

When it comes to custom ROM users without default Google Play Services Support, this hits hard, because it basically disables them from using any apps at all, if the update from google comes irl.

Having done this, Google not only dictates you what is the source of your apps but also what OS you should have your mobile device. This is rudiculous and I will not be silent.

Internet should remain free and this is an attack on digital freedom. And this freedom is about to be violated by an enterprise for profit.

There for I gently request you

-- Go to the KeepAndroidOpen website and perform as many action from the site there as you can do.

E.g. Install F-Droid, message your local regulators and inform about the monopoly attempt, Provide feedback directly to Google using their Android developer verification requirements survey, sign the petition.

All action matters, and even if in the end it will be implemented, you should not have any remorse to yourself, because you did something towards stopping it and were not passive.

Therefore I'm requesting you, If you have the account on Google Developer Console, the best decision would be to remove it. Do not upload any IDs if you haven't yet.

Self-confession time

Me myself unfortunately committed back October/November 2024 a failure by uploading the sensitive data to Google, only because I was in a process of building my start-up and wanted to have a greater outreach with my app. That project has been terminated and failed, but the data remained. Thus I recently decided to remove my account from Google Play Developer Console:

Candidly speaking, when I look at how much spam I got to my gmail and how much I get to my private email addresses, 1 gmail outperforms 5 private mail addresses I have.

Spam/Scam mails quantities on my email addresses in one month:
1 Gmail: 257 mails
5 Private Mail: 0 mails

Announcement Summary

That's it from the announcement. Leave a comment down below what actions have you taken and what do you think about it, and now we can head over to the main part of the article !

Messengers

Ok, until now we only discussed the Operating Systems to be used, but this is not all. You would not like your messages to be spied, misused on or be breached, right ?

Thus we need a private communicators. Me myself on a daily basis use variety of communicators, which I really do not like being completely honest. I use:

Signal (my favorite one)
Telegram
SimpleX
Matrix/Element
Whatsapp

From those 5, only 3 are fully reliable when it comes to privacy respecting and that are:
Signal, SimpleX, Matrix

Before I discuss those 3 chat-apps, here is why I did not include Telegram and Whatsapp

Why not Telegram ?

E2EE is NOT default—standard chats are server-side encrypted, meaning Telegram can decrypt them
Custom encryption protocol (MTProto) instead of widely-audited standards like Signal Protocol
IP address leak vulnerability (MTProxy doesn't actually hide IPs as users think)
2024-2026: 200+ million records leaked via various breaches; 122GB credential archive (361M unique emails) distributed across Telegram channels in late 2023/early 2024
2024: Hackers leaked 31M+ Star Health insurance customers' medical data via Telegram bots
2025: 43.5M Telegram channels blocked for illegal activity, but actors just recreate channels within days (low cost to operate)

Why not Whatsapp ?

Meta collects metadata ruthlessly—who you message, when, how often, your contact lists
Meta monetizes this data for ad targeting
November 2025: Researchers at University of Vienna + SBA Research found 3.5 billion WhatsApp accounts via API scraping due to weak rate-limiting. They extracted profile pictures, "about" text, linked devices, OS info. One researcher: "This is a cybercriminal's dream working list."
June 2025: 16 billion credentials breach affecting Facebook/Instagram/WhatsApp (infostealer malware)
Early 2025: Graphite zero-click spyware (Paragon Solutions) targeted ~90 journalists/activists—gave attackers access to encrypted messages, microphone, location
2021: 533M Facebook accounts scraped; 58% still active on WhatsApp in 2025—leaked phone numbers have permanent value

Thus I really wish to move away from using Telegram. Unfortunately a lot of people from the crypto-industry prefer convenience and flashy effects over security and privacy.

Why the others ?

Signal 💙

Encryption: Signal Protocol (Double Ratchet)

ECDH: Curve25519

Message encryption: AES-256-GCM

HMAC: SHA-256

Perfect Forward Secrecy: Yes (every message has unique keys)

Post-Compromise Security: Yes (ratcheting)

Architecture: Centralized servers (Signal Messenger Inc.)

Minimal data collection: No message history, no contact lists stored server-side

Registration: Phone-number based

Multi-device: Supported but uses Sesame protocol

Metadata Protection: Reasonable—server doesn't see message content, but does see phone number, online status, contact discovery

End-to-end encryption is mandatory across all chats

Open-source, regularly audited, nonprofit model

Zero metadata collection unlike WhatsApp—doesn't store who you message or call logs

Post-quantum cryptography roadmap in progress.

Before I move to the next recommendation, I have to explain couple of terms that will actually repeat themselves throughout the article.

Ratcheting - A cryptographic algorithm for dynamical updates of encryption keys to ensure forward secrecy and post-compromise security. This means that even if a key is compromised, past messages remain secure, as new keys are generated for each message exchange.

Double Ratchet - It's an key-management algorithm designed by first Signal's CEO. The feature of this algorithm is that after the initial key-exchange, it handles the ongoing renewal and maintenance of short-lived session keys.

It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange and a ratchet based on a key derivation function, such as a hash-function, and is therefore called a double ratchet.

Sesame Algorithm - It's an algorithm designed for message encryption sessions management in an asynchronous across multiple devices. It is however vulnerable due to the lack of cryptographic proof of ownership. Which means that if an attacker gains access or intercepts some messages of a victim, it allows the attacker to register their device and gain access to the victim's account.

Forward Secrecy - An encryption system has the property of forward secrecy if plain-text (decrypted) inspection of the data exchange that occurs during key agreement phase of session initiation does not reveal the key that was used to encrypt the remainder of the session.

All is more nicely described by researchers from University of Luebeck.

Now although there is no flaw in a protocol, meaning that it would leak some information, by falling a victim of social engineering, phishing attack or your device being compromised there are no prevention measurements to cease attacker from accessing the account.

SimpleX

Encryption: SimpleX protocol (custom, but well-designed)

Message encryption: ChaCha20-Poly1305 (AEAD)

Key encryption: XChaCha20-Poly1305 (extended nonce for random salt)

Key exchange: Curve448 ECDH

Forward Secrecy: Yes (ratcheting model similar to Signal)

Architecture: Fully decentralized—no central server required

Users run their own SMP (SimpleX Messaging Protocol) relays or use community-hosted ones

Zero-knowledge: SMP relays don't store messages; they're purely transient delivery points

No user accounts: Connections are queue-based, not identity-based—no UIDs linking users to the network

Metadata Protection: Exceptional—even relay operators can't see who's talking to whom

Tor Support: Built-in Tor integration (transport isolation per contact)

Audit: Trail of Bits security assessment (2022, 2024)

The Trade-off: SimpleX prioritizes privacy over convenience. No multi-device sync yet, no cloud backups, slower message delivery.
But this is intentional—they refuse the push-notification trap that other apps use.

Matrix/Element

Encryption: Olm + Megolm

1-to-1: Olm (Double Ratchet variant, similar to Signal Protocol)

ECDH: Curve25519

Message encryption: AES-256-CBC (non-standard; should be GCM or
ChaCha20-Poly1305)

HMAC: SHA-256

Group chats: Megolm (sender-key model)

Session key: AES-256

Ratcheting: Weaker than 1-to-1; Forward secrecy limited by key reuse

Architecture: Federated—users can run their own home-server

Protocol is open, but implementations vary in security

Default E2EE: Yes

Key Backup Vulnerability: Server-side encrypted key backups can be exploited if home-server is malicious

Metadata: Partially exposed (room names, user IDs, member lists visible to homeserver)

Other worth-mentioning messengers

There also other emerging private messengers that are worth to be paid attention to, namely NCrypt and also Sealed. Both are blockchain focused, and the messages are stored on blockchain at least in Sealed.

Here are some information about Sealed and NCrypt I could find in their privacy policy and on the internet.

Sealed

What Sealed Actually Is (The Honest Technical Take) ?

Sealed is a blockchain-based, end-to-end encrypted messaging app built on a three-tier data architecture. Unlike most messengers that centralize everything on company servers, Sealed explicitly separates data into three distinct realms, each with different controllers. This is the critical design choice that sets it apart.

The app is currently live on iOS and Android, operating on Algorand. The foundational principle is brutal: no single party—not even Sealed's operators—has full control over all your data. That's architecturally honest in a way Signal and Telegram aren't.

The Three Data Realms: How the Architecture Actually Works

Realm A: Your Device (You Alone Control This)

Everything that matters cryptographically stays on your device. Your BIP39 seed phrase, your Ed25519 wallet signing key, your X25519 encryption keypair, and all decrypted message content lives exclusively in your device's secure enclave—iOS Keychain or Android Keystore. There is no recovery mechanism. If you lose your device without a seed phrase backup, your account is gone permanently. Sealed cannot recover it, nor can any authority compel them to.

Your contact list (wallet addresses plus usernames) also stays local. The implication here is clear: Sealed has zero visibility into your social graph. They can't tell who you're talking to, how often, or in what pattern.

Realm B: The Public Blockchain (No One Controls This)

Every message you send goes onto a public blockchain as an immutable transaction. This is where the privacy model gets interesting.

Messages are stored as AES-256-GCM encrypted ciphertext—unreadable without your private key. But the blockchain stores more than just content. Each message includes an ephemeral sender public key (a one-time X25519 key per message, not your permanent identity), a 32-byte HMAC recipient tag used for "stealth addressing," the block-level timestamp, and your sender wallet public key (your pseudonymous identity).

Here's the friction: if you register a human-readable username, that gets written to the blockchain permanently. This is where anonymity breaks if you're not careful. Register as "john_crypto_banker" and link your Twitter, and the pseudonymity collapses. But if you stay wallet-address-only, the blockchain sees only a pubkey, not a name.

The critical point: blockchain data is permanent and immutable. No deletion rights apply. You cannot request removal. An observer can see that a message was sent to a particular wallet address at a particular time, and if encrypted properly, they cannot read it. But the metadata—that a message exists, when it was sent, and who the recipient pseudonymous identity is—that's forever.

Realm C: The Indexer Server (Sealed Controls This, With Guardrails)

This is where Sealed takes a calculated privacy trade-off. To deliver push notifications and enable efficient message sync, they operate an indexer server that stores limited data:

Your wallet public address (for identity and auth)
Your X25519 view key (this is the big one—see below)
SHA-256 hash of your view key
Firebase Cloud Messaging token (for push delivery)
Device platform identifier (iOS or Android)
Optional username
Message metadata pointers (blockchain transaction references for sync, not content)
Last seen timestamp
IP address (standard server logging)

The view key is the most significant privacy tradeoff and Sealed is honest about it. Your X25519 scan/view private key is shared with their indexer server. This allows the server to detect incoming messages addressed to you on-chain and trigger push notifications. The view key does not decrypt content—that's a separate key path. The view key only reveals that a message was sent to you, not what it says.

This is crucial: if Sealed's indexer is compromised, attackers learn who's messaging you. But they don't learn what was said. Content requires your full private key, which never leaves your device.

Retention is clear: indexer data expires after 90 days of inactivity. Message metadata expires after 30 days. IP logs rotate per standard practice (7–30 days). You can manually delete your account at any time with a signed deletion request, and they'll purge the view key and FCM token within 30 days.

Authentication: No Phone Number, No Email, No Password

Sealed uses pure wallet-based authentication. When you log in, your app signs a time-limited challenge string with your Ed25519 wallet private key. The signing key never leaves your device. This means there's no email-based password reset, no SIM-swap attack surface, no centralized identity store. You are your keys.

The tradeoff: if you lose both your device and your seed phrase, you're locked out forever. There's no "I forgot my password" recovery. This is hardcore, but it's the price of true key custody.

Encryption Details: Where Sealed Gets Technical

Message content uses AES-256-GCM with per-message ephemeral keys. The key derivation path is X25519 (ECDH) + HKDF, which is industry standard. Messages are padded to a uniform 1,024 bytes before encryption to prevent length-inference attacks—a sophisticated move that prevents attackers from guessing message type based on ciphertext size.

The ephemeral key per message is the Double Ratchet-adjacent concept: each message has a unique encryption key. This gives forward secrecy—if one key is compromised, only that one message is exposed, not past or future ones.

The roadmap includes ML-KEM-512 (Kyber-512) as a hybrid post-quantum layer on top of X25519. This is planned but not yet deployed. Currently Sealed is quantum-vulnerable, like all classical asymmetric crypto.

API communication to the indexer uses Ed25519 signature-based authentication with signed time-limited nonces, enforced over HTTPS/TLS. The server implements helmet security headers and rate limiting (100 requests/minute per IP).

What Sealed Does NOT Collect (The Important Negatives)

This is where Sealed differs sharply from WhatsApp, Telegram, and especially Messenger:

No real name
No email address
No phone number
No device contacts imported
No location data
No advertising identifiers (IDFA/GAID)
No biometric data
No analytics or behavioral tracking
No crash reports or telemetry beyond server-side operational logs

This is a stark contrast to Signal, which collects your phone number and uses it as your identity. Sealed's wallet-first model means they have no way to know who you are unless you tell them.

Third-Party Dependencies: Where Trust Matters

Sealed uses only two external services:

Google Firebase Cloud Messaging (FCM): For push notifications. Sealed sends Firebase only your FCM device token and a notification payload containing the sender's wallet address and a message reference—not the message content. This means Google sees that you received a message from a particular wallet, but not what was said. Google's privacy policy applies to this data.

AlgoNode (Algorand RPC): A third-party public Algorand node. Transactions you broadcast are globally visible by nature. No personal identifying data beyond your wallet address and encrypted message ciphertext is transmitted.

Sealed explicitly does not use advertising networks, analytics platforms, or data brokers. This is a hard line.

The Privacy Model: Honest About Tradeoffs

Sealed is architected for a specific threat model: you want encryption that no single entity can break, pseudonymity rather than anonymity, and no central server controlling your social graph.

If your threat is a government subpoena, Sealed has a clean answer: indexer data expires, blockchain data is public, and Sealed cannot hand over decrypted messages because they don't have your private key. The police would need your device or seed phrase.

If your threat is Sealed itself, you get a partial win: Sealed cannot read your messages, but they can see who's messaging you (via the view key). If you're concerned about this, you should assume the view key is compromised.

If your threat is length-based message inference, Sealed padded messages to 1,024 bytes, so attackers can't guess what you're saying based on ciphertext size.

If your threat is quantum computers, you're vulnerable until they deploy Kyber-512.

The Uncomfortable Realities

Realm B is permanent: Anything you write to the blockchain stays forever. If you message someone's wallet address, that metadata (sender, recipient, timestamp, message reference) is immutable. In a world of blockchain analysis and wallet clustering, this is a permanent link. Sealed can't delete it, and neither can you.

The view key is a vulnerability: It's the single point where Sealed can learn your incoming message graph. If the indexer is breached, attackers get a list of everyone messaging you. Sealed is transparent about this, but it's still the biggest attack surface in the architecture.

Usernames break pseudonymity: If you register a human-readable name, it's on-chain forever. Anyone can link your wallet to your identity. Sealed can't prevent this; it's a user error problem.

Firebase adds a Google dependency: FCM tokens reveal to Google that you're using Sealed, and when you receive messages. Google's privacy standards are better than most, but it's still a third party with visibility.

No audit: The privacy policy doesn't mention any independent security audit. The encryption primitives (AES-256-GCM, X25519, HKDF) are solid, but there's no third-party verification that the implementation is correct.

How This Compares to the earlier mentioned ones ?

Sealed is architecturally more honest than Signal or SimpleX about what data they hold and why. Signal doesn't explain its data architecture; they just say "we don't store messages." Sealed breaks it down into three realms and explains the controller for each.

Sealed is less mature than Signal (which has been battle-tested for a decade) and less audited than SimpleX (which had Trail of Bits assessment).

Sealed is more decentralized than Telegram (which holds all data server-side) but less decentralized than Element (which is federated) or SimpleX (which has no central relays—queues are ephemeral).

Sealed is more private than WhatsApp or Messenger because it doesn't collect phone numbers, emails, or contact graphs.

NCrypt (Gen6 Dapp)

NCrypt is a decentralized messaging app built as part of the Gen6 ecosystem. It's E2EE messaging integrated with Gen6's decentralized identity system (Gen6.Me). Messages are encrypted, transmitted through Gen6 validator nodes, and stored on the Gen6 blockchain.

The Technical Stack:

Blockchain: Gen6's own chain (Enhanced Proof-of-Authority consensus)

Validator Network: 100+ distributed validators securing the chain

Identity Layer: Gen6.Me (verified, pseudonymous, or fully private)

Encryption: Not explicitly stated, but likely AES-256 or ChaCha20-Poly1305 (industry standard)

Storage: Encrypted messages on Gen6 blockchain

Roadmap: Q4 2026 includes post-quantum security upgrade
Integration with Gen6 Ecosystem:

NCrypt isn't standalone—it's one dApp in a larger system:

RealSeal: On-chain cryptographic signing and timestamping
Gen6.Me: Verifiable identity (proof-of-attendance, credentials)
FONO: Event verification and community management
GSX Token: Utility token for transaction fees and ecosystem incentives

The Reality Check:

NCrypt is more honest but less audited than it claims:

No independent security audit — Gen6 was founded by security experts (David Pethes, Sergey Gerodes) but that's not a substitute for third-party audit.
Validator-dependent privacy — Your messages go through Gen6 validators. If a validator node is compromised, they see metadata (though not content if encryption is solid)
Identity is optional but integrated — You can be pseudonymous, but the whole ecosystem incentivizes verified identity (which is good for trust, bad for pure privacy)
Post-quantum still in roadmap — They're targeting Q4 2026; currently quantum-vulnerable like most messengers.
Smaller community — ~30,000 users vs millions for Signal. Smaller attack surface, but also less battle-testing.

Emails

Alright forwards we go ! We have now private OS, Private Browser, so we reduced successfully amount of spyware on our day-to-day activity on the internet. We keep our messages secure, by using Signal or SimpleX, but what if we want to receive mails and send mails in a more private way ? For that there is also a couple of solutions and for that I highly recommend checking out the Privacy Savvy article. I think this blog is a huge source of knowledge when it comes to privacy (So shout out to them :D):

ProtonMail
TutaMail
StartMail
MailFence
AtomicMail

Tuta (formerly Tutanota) – Most Privacy-Focused

Server Location: Germany 🇩🇪
Founded: 2011
Business Model: Private company, no outside investors, subscription-based
Free Tier: Yes (very limited)

Privacy Tech Stack
Tuta's doing it right here. They encrypt everything – emails, subject lines, calendar events, contacts. Most providers skip subject lines (that's a metadata vector), but Tuta's like "nah." They've implemented TutaCrypt, a proprietary hybrid system using:

CRYSTALS-Kyber (post-quantum key exchange) + X25519

AES encryption for content Zero-access architecture – they literally can't read your stuff, even if they wanted to.
They don't use PGP (which has known weaknesses), so no pulling of Google Play services like ProtonMail does.

Government Interventions & Data Compliance
No major data breaches on record.

Transparency Report (Jan-Dec 2025):

Received: 389 total requests from German courts

Complied: Only ~75 cases out of ~389 (they rejected 75% of requests)

Key insight: Tuta can only be compelled by German courts under German law. No backdoors, no FISA orders ever received. They publish a warrant canary confirming this.

What they CAN release: Metadata (sender/receiver emails, timestamps, IPs), NOT encrypted content

Notable incident (2019-2021): A German court tried to force Tuta to capture unencrypted incoming emails before they encrypted them – essentially creating a backdoor.

Tuta appealed, saying this violates German law. Court still ordered it, but Tuta refused to implement system-wide monitoring, only complying for specific cases. They appealed to German Federal Court and stood firm. No data was handed over that compromised encryption.

False Accusations (2023): A former Canadian RCMP officer claimed Tuta was a "storefront" for Five Eyes intel agencies. Completely false. Tuta denied it, published their entire codebase on GitHub for peer review, and pointed out they've zero FISA orders.

Availability 📲
They support mobile apps for android and IOS, they have also proton mail desktop app but this one is paid and is available for Linux, windows and IOS.

Free Tier Details
Storage: ~1 GB
Aliases: 15-30 depending on plan
Accounts deleted after 6 months inactivity (this is intentional for privacy – they don't want ghost data)
Support: Forum-only for free users
Custom domain: No
IMAP: Not supported (design choice, not a limitation)

ProtonMail

Server Location: Switzerland 🇨🇭
Founded: 2013
Business Model: NOT a non-profit – it's a for-profit company funded by investors. This matters because pressure to monetize is real.
Free Tier: Yes (extremely limited)

Privacy Tech Stack

End-to-end encryption for user-to-user emails (between ProtonMail accounts)

Zero-access encryption – they encrypt with your public key, can't decrypt

AES encryption for storage - Supports PGP for external recipients (standard, but not as comprehensive as Tuta's approach)

Does NOT encrypt subject lines – metadata leakage

Uses Google Play Services on Android (Tuta doesn't)
Government Interventions & Data Sharing – THIS IS CRITICAL
Confirmed data breaches to law enforcement:

2021 French Climate Activist Case:

French police obtained ProtonMail user's IP address via Swiss legal channels. Activist was identified and arrested.

ProtonMail did comply – they had no "legal possibility to appeal"
2022-2023 FBI Case:

FBI obtained recovery email address and phone number from ProtonMail
User in US harassment investigation was de-anonymized
Again, ProtonMail complied

Transparency Report (2022):

5,957 data requests received
Complied with significant portion – they don't break down exact numbers clearly.

They contest requests they can legally contest (~750 in 2022), but they will hand over metadata if Swiss courts order it

The Real Talk: ProtonMail markets itself with "Swiss privacy laws" but:

They can be legally compelled to enable real-time IP logging for specific users
They will share recovery emails, phone numbers, payment info, IP addresses
Swiss courts work with other governments – their "strict Swiss law" claim is marketing BS
They have secondary offices in the US, which complicates jurisdiction
No warrant canary. They don't publish a statement saying they've never received FISA orders (unlike Tuta).

Availability 📲
They support PWAs, mobile apps for android and IOS, they have also proton mail desktop app but this one is paid and is available for Linux, windows and IOS.

Free Tier Details
Storage: 500 MB (brutally limited)
1 email address only
No folders (can't organize)
Limited sending (cap per day)
Paid plans start at $4.99/month – one of the most expensive

To me proton is like "private google", as they are the most well known company and the most visible (advertised) one, that provides private mail services and generally cloud-services as well.

MailFence

Server Location: Belgium 🇧🇪
Founded: 2013
Business Model: Subscription-based
Free Tier: Yes (limited)

Privacy Tech Stack
OpenPGP encryption (industry standard, not proprietary)
Encrypts emails, calendar, contacts
Zero-knowledge architecture
IMAP/SMTP support (unlike Tuta, easier migration)
Belgian servers under GDPR
Government Interventions
No major breaches reported.

Mailfence doesn't publish as detailed a transparency report as Tuta or ProtonMail, but they're transparent about responding to valid Belgian court orders and cannot decrypt encrypted content.

Availability 📲
They support only PWAs and mobile apps for android and IOS.

Free Tier Details
Storage: 500 MB
1 email address
Limited folders
Paid plans start at €2.75/month (cheaper than Proton)

StartMail

Server Location: Netherlands 🇳🇱
Founded: 2013
Business Model: Subscription (no free plan)
Free Tier: No (7-day trial only)

Privacy Tech Stack
OpenPGP encryption (standard)
IMAP/SMTP support (great for external clients)
Dutch servers under GDPR
Unlimited aliases even on base plans
Government Interventions
Netherlands has reasonable privacy laws, but they can be compelled by Dutch courts. No major incidents reported.

Pricing
Starts at $5-7/month (no free option, disqualifying for your "free only" requirement)
Honorable Mentions (Active but Limited Free Tiers)
Atomic Mail – The New Kid on the Block
Founded: 2024
Server Location: Germany
Free Tier: Yes (generous – unlimited storage, rare for new providers)

Availability 📲
They have only a PWA support, so you can see the icon of them and it will bring you to your mail in browser, which I find cool and I really appreciate them to implement PWA.

Very new, so limited track record
Claims to have passed 1M users in <1 year
Offers unlimited storage free (vs. competitors' 500 MB-1 GB)
No security incidents yet (new service)
Cons: In beta, unproven long-term

Atomic Mail (The Underdog 🐶)

Location: Headquarters in Estonia 🇪🇪, Servers in Germany 🇩🇪

Founded: 2024 (launched by a team of privacy advocates and cybersecurity engineers)

Company Structure: AtomicMail Systems OÜ (private company, not a non-profit)

Current Status: Beta release (actively in development, iterating fast)

Growth Rate: Hit 1 million users in <1 year (straight up aggressive expansion)

Privacy & Encryption Tech Stack

Core Encryption Primitives:

ECIES (Elliptic Curve Integrated Encryption Scheme) – Asymmetric key exchange between Atomic users. Fast, modern, not some legacy PGP garbage.

AES-256 – Symmetric content encryption (industry standard, trusted by security researchers globally)

SHA-256 – Cryptographic hashing for data integrity verification

TLS 1.3 – In-transit encryption (TLS 1.2 is dated, they went for the newest standard)

BIP39 seed phrases – THIS IS THE CRYPTO TOUCH. Users recover accounts with a 12-word seed phrase (like a blockchain wallet), NOT a phone number or backup email. That's genuinely novel for email. No five-eyes backdoor through phone carriers.

Zero-Access Architecture (The Real Deal):

Here's the trick – Atomic Mail uses a client-side encryption model:

Client encrypts before upload – Your plaintext message is encrypted on YOUR device

Server only sees ciphertext – It gets transmitted and stored as meaningless scrambled data

Only recipient decrypts – Private keys never leave your device
Atomic Mail literally can't read encrypted messages – Even if hackers breach them, or a government issues a court order, the data is mathematically useless without your private key

This is fundamentally different from ProtonMail (which CAN decrypt if forced) because the architecture prevents them from having the keys in the first place.

Data-at-Rest + Data-in-Transit Protection:

All emails encrypted at rest (AES-256)

All communication encrypted in transit (TLS 1.3)

7-day log retention for IP addresses and SMTP metadata (troubleshooting + spam/phishing detection). Logs auto-delete after 7 days.

User vault storage – All messages sit in encrypted user vaults on secure servers.

Government Compliance & Legal Requests
Atomic Mail's Policy (From Official Privacy Policy, Last Updated: March 3, 2026):

"We will only comply with requests from Estonian judicial authorities and will not honor requests from other authorities. Atomic Mail does not cooperate with voluntary surveillance programs."

So only Estonian courts can force Atomic Mail to comply
No FBI, no GCHQ, no Five Eyes – They explicitly refuse non-Estonian requests. No secret surveillance programs – No FISA, no Tempora, no bulk metadata tapping.

Real-World Application:

If a US court demands data on an Atomic Mail user, Atomic Mail's legal stance is: "Get an Estonian court order or nothing happens." Since the US and Estonia don't have an automatic data-sharing treaty that works like that, this is effectively a firewall.

Third-Party Requests:

"We will not comply with requests for user information from private third parties unless we receive a valid court order from an Estonian court."

So even if Facebook or your ex's lawyer demands user data – no way. Only Estonian courts.

Data Breach History
As of April 2026: ZERO confirmed security incidents or data breaches on record.

Why does this matter?

They're new enough (founded 2024) that they haven't had time to accumulate the baggage of older providers.
Their encryption design means even if they were breached, attackers get useless ciphertext.
They practice extreme data minimization – less data = less to leak

Comparison: Tuta (been around since 2011) has no breaches. ProtonMail has complied with government data requests multiple times and handed over metadata. Atomic Mail's track record is clean, and the architecture prevents worst-case scenarios.

Unique Features (The Tech Deep Dive)

1. Seed Phrase Recovery (Borrowed from Crypto)
Instead of:

SMS OTP (SIM swap vulnerable)
Recovery email (metadata leakage)
Secret questions (brutalizable)
Atomic Mail uses BIP39-compliant seed phrases – a 12-word mnemonic that only you hold. Even Atomic Mail's admins can't reset your password. This is inspired by blockchain wallet design (think MetaMask, hardware wallets).

Why it matters: No phone carrier backdoor, no recovery email dependency, mathematically sound.

2. Multiple Encryption Options for External Recipients
Can't encrypt to Gmail users with ECIES (they're not on Atomic).

Solutions:
Password-Protected Email – Send encrypted message, recipient enters password
Encrypted as File – Send encrypted .zip file via any channel
TLS – Standard in-transit encryption (basic, but better than plaintext)

3. AI Suite (Privacy-First)
The Plus plan includes AI tools:

Writing assistant
Grammar checker
Summarizer
Translator
Security Helper (flags sensitive content in drafts, suggests encryption)
Text-to-voice
Critical: These AI tools can only process unencrypted drafts. They can't touch your encrypted emails. Zero training data on user messages.

4. Anonymous Email Aliases
Create up to 10 free unique email addresses from one account. Use them for:

Newsletter signups (throwaway)
Financial accounts (separate identity)
Work vs. personal (compartmentalization)
If one alias gets compromised in a data breach, you know exactly which service leaked it, and you can nuke that alias without affecting your main inbox.

5. Availability 📲
They have for now available apps for IOS, Android, MacOS and Windows. What actually surprised me that they do not have a linux version yet and I really would love to have one. What is yet disappointing to me is that they do not support PWA, so I can have an icon on my screen for quicker access.

To be honest I have the account on 3 of the mails provided Tuta, Atomic Mail and Proton and atomic mail appears to become my favorite mail from them all. Their UI is slick, they have nice privacy policy. Surely it's yet quite young but I root for them to have even a billion users.

Summary

This is 2/8 of our privacy journey, I hope you enjoyed it this time and I convinced you to switch over to any of either Messengers or Mail Providers.

Let me know down in the comments. In the next post there will be more info on AI and payments. I rearranged the order with Firewalls and VPNs, because I'm almost done with full research on this part.

So stay tuned because things might get much more interesting in the future than before and I will have surprise for you.

Don't forget to leave like 💜 and follow my account for more privacy-focused content. Also please share the article with your fellows (devs) or family to spread more awareness on privacy in the internet.

That's it for today, hope you'll have a great time and until next time.

Cheerio !

Privacy and Security Setup to use in 2026 PART 1 (OS, Browser, Search Engines)

Luftie The Anonymous — Fri, 17 Apr 2026 12:20:19 +0000

Hello Dev.to Community !

This time, I decided to write on tools/services/software etc. that have been designed and created to care about your privacy on the internet. I will present some tools that I use and/or can recommend and much more tools on which I made research on.

I've dedicated a huge amount of time, therefore at the very beginning, I request you to share ⤵️ this article with your fellows or someone that you think, that it would be useful to share this article with :D

Thank you in advance 💜 !

Introduction

I didn't want to make this just another brief article, that will list you down the tools to use, brief info on them and that's all, download, put your trust into a thing and fingers crossed. This article delved a bit deeper into internals of each tool presented.

While writing the article I quickly realized that, writing a one long article with all of those tools/services is pointless, because I lost often my minds while checking the cohesion. Secondly, noone would like to direct through one hour+ long article, that could actually be a book (lol).

I decided, I will split this into an article series posted one per week. The split will be looking as following:

First Post (This one)

Introduction

Online Privacy:

Operating Systems (OS)

-- Dekstop OS

-- Mobile OS

Browsers
Search-engine

Second Post:

Messengers
Email

Third Post:

VPN
Firewalls

Fourth Post (In this one there will be a special announcement with surprise for you all):

Payments
AI

Fifth Post:

Location Privacy
Productivity Apps

Sixth Post:

DNS Privacy

Seventh Post:

Device-Level Security & Authentication

Eight Post:

Offline Privacy:

Outfit
Everyday Items
Payment Methods
Events
Transport
Youtube Creators
Educational Resources

BUT before I go into the main details, I want to start with an introduction on privacy and why it matters to everyone, regardless of who you are.

Why actually bother with privacy ?

A lot of people, when they hear term privacy, in front of their eyes emerges a chap in anonymous-mask, who likely commits cybercrimes and lives in a basement or some other shady place.... Probably something like this 🙍 is the match for what they see:

Candidly speaking, I do not wonder why people have such imagination about people who "obsessively" care about their privacy. On the other hand, for me as an crypto-anarchist, it's really harmful, because it generalizes every privacy-focused dude is like the guy on the image above.

I guess it will never disappear as human-species likes very much to over-facilitate things instead of understanding the more complex puzzles behind one's decision.

Moreover, the image of privacy preserving people in press or (social) media is rather prone to shift towards calling them some party's extremists or try to assign them to political fraction of the politics' scene, whereas it's not always the case when it comes to individuals.

Important thing to understand on the very beginning is:
Not everyone will need the same level of privacy !

And that should be the nr. 1 thing, you should take out from this article.

There will be a different need of software-developer, who is politically repressed and hounded, and completely different need will be of an regular woman out there who just doesn't want the companies to know about her to many details.

Having said that, I can move straightly into examples of why privacy matters.

Number 1. Advertisement and personal-data trade

Have you ever wondered, where tha heck is your money gone ?
Well...... Ads of some flashy product you talked about and decided to buy it without a real need could be the answer 😅

I will tell you a story, recently I was by a family-gathering and one person had a talk about bike-roads, and what did they saw first ? You guessed it ! The add of bike-road. I checked their permissions for facebook and everything was set to allowed. And this is a case where big techs ambush a lot of people, who are not aware enough.

I like to recall words said in some video by ThePrimeagen (shout out to you, Micheal :D). Those words were something like:
If you want to be a head of leading silicon-valley company, you have to sell either ads or hardware.

And it's actually true, at least at some point, look at some of the big-techs and their revenue model:
Facebook - Ads
Nvidia - Hardware
Tiktok - Ads

Google - Well they do everything, lol (Ads, hardware, software services etc.)
Microsoft - software services + ads

And in order to specifically profile you, the data is needed, Huge amount of data. Which often is used by unethical methods e.g. wiretapping (as in my story).

Thus, given you have issues that you lack money on some essentials, it might be that you purchase things that you actually don't need and only talked about with friend and under impulse, you bought those things. If you see you have issue with it, guess what privacy is for you !

There is not always about rigid self-control, but also a tooling to it. Sure you can pound a metal-bolt in a wall with your hand, but using hammer makes more sense though, especially as it would be less painful (Lol).

Having said that, I hope I managed to keep you engaged.

Number 2. Banking and Financial Operations

This case pertains a lot of people, not only those who are repressed or alleged of some crime.

I had almost every f*cking time I made a transaction online not even for big amount of money, it were transactions like 5$ or 100$, my account got temporarily frozen, because bank accessed it as suspicious activity, meanwhile it were just regular purchases like Copilot or Brilliant Subscription or even purchase of something from services like Temu or Ebay.

And you really would not like to listen to words I spit out to the consultant and to the bank in emails 😅

And in the times of growing surveillance (especially in sucky europe), I think it's real threat to most of us, than you think.

Therefore, you might want to have more privacy when it comes to your financial affairs, but also not like to relinquish digital payments.

Number 3. Location Tracking and Stalking

People who experience stalking or being bewilderingly frequently followed by some track while they go outside from somewhere, they also might want to have more privacy, when it comes to their actual location. Regardless if stalking pertains their kids or themselves.

Number 4. Password/Data-leaks

It's very common that in big/middle-sized companies occur breaches, and all of the sudden details about your life, might actually not be the same as the breach might have released a lot of sensitive private messages or data.

Number 5. Remote work setups

Companies very often while video calls, require candidates to perform some task live or to perform some task at all e.g. Make some coding recruitment-task. I have again a perfect example of why you might want to prevent your PC's content private.

To give you more context from December 2025 until Mid January 2026, I was actively looking for a job in IT, especially blockchain industry given my background. And all of the sudden I got a message. Here I will reveal some screen shots from the conversation and there is some pattern I noticed (likely they used AI for it) the account seemed to be legit (thus I hate linkedin 🤬, imo they should pivot their name to TornApart, describes perfectly the faith in not being scammed there)

Here step 1, the message arrives to potential prey/victim:

Here, I honestly answered that this position is beyond my skills and expertise, but they kept insisting

I got offered that I can actually for practice purposes, I can try solving the task so I agreed.

Note, that the messages were poem-long to convince me to run their code on my machine, but when I agreed and wanted to chat a bit more and expected a bit longer answer, I just was ghosted with one word response. Meaning they achieved their goal, so I can piss off now.

Then I was required to solve the task, which I did but I haven't run it purely on my machine, I used DOCKER !, about which fact I informed the employer. Surprisingly the recruitment task was super easy, it was about to build a WETH-like token with accruing value for depositors and test it in hardhat (whereas my setup is foundry and never used it). It turned out that although my code was correct, the test was specially written wrongly in some places especially when it come to rounding-math for the values given as output.

In the end I got no response back from the company, but from the service where the job offer was hoisted.

I cannot say what was their irregular behaviour, but I can assume that there was indeed some malicious code to be run and potentially I could loose my all crypto-assets I have purchased for my money and I could get robbed from my PRIVATE information on my PC.

Thus people like this, could are also highly welcome to read this article.

Number 6. State Oppression

There are a lot of people, who are targeted by the state. You would not even have to commit a crime, being regular chap is enough for the state to have interest in you. But the most frequent targets are people with anti-government attitude (e.g. like me). There were a lot of journalists or other activists that were victims of state oppression and not even activists. But if being an journalist or activist is not enough for you, Nigel Farage could not open a bank account in England and was separated from his money !. All because the government decided to seperate him from the financial system.

Summary of the section

Privacy is not just for weirdos from basements, but considers every single person, because we never know, how the our data is used or how we ourselves are viewed by the company, government or other institution. If you're interested on what's more, let's finally go into the details !

Online Privacy

As I emphasized in the introduction, in this section, I will do my best to present you the privacy tools I use on a daily basis, explain nuances related to each element from the list I mention. And why I recommend them specifically.

I will start with the with the very core of our internet usage, namely Operating Systems !

Operating Systems

Here I have split it into 2 types

Desktop OS
Mobile OS

I'll present you first the Desktop Operating Systems.

Desktop Operating Systems 🖥️

There is no wonder that I will say I use LINUX !

Yes, Linux is the operating system I use on daily basis. Why this operating system specifically is chosen by people with privacy concerns ?

There are many reasons, but I will name most important of them:

Linux is open-source: This provides transparency and more certainty that the OS is not malware or spyware, due to contributors and people who are interested in technical details and further Linux development.
No telemetry: Linux does not have a built-in telemetry, thus the operating system does not send the information about your activity to third party. The core of Linux is that you are the lord of your OS. If you want more analytics or tracking, you install tools specifically for it :D
No Forced Updates: In Linux you decide if you want to update your operating system or not and you are not forced to do it under circumstance of not being able to use some features or something like that as it happened often to Windows or MacOS users.
Selective Permission Management: In Windows everyone is an admin, which makes it one of reasons why Windows is often a target for hackers. In Linux there is a split between what you can run as a regular user and what you can run as an administrator. Which averts from some successful hacks on your machine.
Customizability: In Linux unlike Windows, you can customize your operating system however you want. You want to compile custom Kernel ? You can do it. You can rebuild the whole OS. Whereas in Windows, Microsoft decides what goes in, what stays out.

Distributions I use

Personally, I'm yet a freshman into Linux (8 months passed since I started using Linux). I use(d) until now Debian as a distribution, so I have no clue about other distributions. And I can recommend Debian for start with Linux as Operating System, it has slick design, and is very intuitive Operating System. Also I noticed a significant increase of free space on how my PC works in comparison to what I experienced with Windows.

However as I mentioned in my latest From Zero to Crypto-Hero post, I said I started playing around with QuebesOS on Virtual Machine, however I did not have enough time to test it out properly. I would say the learning curve is quite steep and basic browser usage like firefox was quite of not understandable for me.

For now on my laptop, I wanted to try out something different than debian, so currently I'm playing around with CachyOS on my laptop. If you ever would like to hear a review on the operating system, feel free to mention it in a comment.

I will only list down here some alternatives, if you don't want to use debian specifically.

Recommnded by experts for beginners: Ubuntu, Mint OS, Zorin
Specified distros for privacy: QuebesOS, Whonix OS, Tails OS

BEAR IN MIND !
That distros like Quebes come up with tradeoffs when it comes to UX, so people that are comming directly from microslop OS aka. Windows or Apple, might not want to choose those particular distros as they require more knowledge on Linux

Mobile Operating System 📱

We all know how pure-android and AppleOS phones are filled with spyware. Eavesdropping is one of the most privacy violating action those phones do. However there is a solution for it, name use AOSP (Android Open Source Project) Operating systems that are privacy focused. My phone for daily usage is Pixel 6a with GrapheneOS on board.

Why GrapheneOS ?

There are multiple reasons, why I decided to use GrapheneOS instead of Samsung. But instead of more technical explanations let's start from the user POV.

No Google by default - This is the first principle of GrapheneOS. Liberation of an operating system from google by default. Currently every android phone is merged/synchronized together with google by default, using google services.
Your images are handled by google images, every service you use is basically bloated with google spyware (aka. personalization daemon-softwares).
For me also one of the most important features, that GrapheneOS offers is blocking phone-calls from unknown unsaved numbers avoiding phishing or scam calls to your phone. You have first save the number of someone, to be able to receive calls from them.

However you can use your google play in GrapheneOS and are not exposed on mass surveillance over your entire phone. That's because GrapheneOS sandboxes the app usage and does not grant permission to access anything on your device.

Though if you really want to liberate your self from big tech, you probably would like to use open-source app-stores like F-droid, Aurora Store or APK Pure.

Heavy protection against unknown (0 day) vulnerabilities - GrapheneOS uses measurements to prevent from security flaws in software or hardware that are unknown to the vendor and the public.

The measurements that used are following:

Attack surface reduction - Removing unnecessary code or exposed attack surface eliminates many vulnerabilities completely. GrapheneOS avoids removing any useful functionality for end users, but we can still disable lots of functionality by default and require that users opt-in to using it to eliminate it for most of them.
Containment through sandboxing at various levels - Fine-grained sandboxes around a specific context like per site browser renderers, sandboxes around a specific component like Android's media codec sandbox and app/workspace sandboxes like the Android app sandbox used to sandbox each app which is also the basis for user/work profiles.

GrapheneOS improves all of these sandboxes through fortifying the kernel and other base OS components along with improving the sandboxing policies.

What sandboxing really means is that e.g. if there is an app compromised, then because it's in sandbox, meaning isolated, no other app is compromised.

Preventing an attacker from persisting their control of a component or the OS/firmware through verified boot and avoiding trust in persistent state also helps to mitigate the damage after a compromise has occurred.

Attack surface reduction

Greatly reduced remote, local and proximity-based attack surface by stripping out unnecessary code.
Making more features optional and disabling optional features by default (NFC, Bluetooth, UWB, etc.), when the screen is locked (USB, USB-C, pogo pins, camera access)
Optionally after a timeout (Bluetooth, Wi-Fi)

USB-C port and pogo pins control

USB-C port and pogo pins setting protects against attacks through USB-C or pogo pins while the OS is booted. For the majority of devices without pogo pins, the setting is labelled USB-C port.

The default is Charging-only when locked, which significantly reduces attack surface when the device is locked.

After locking, it blocks any new USB connections immediately through either USB-C and pogo pins at both the hardware level via configuring the USB controller and also at the OS level in the kernel to provide a second layer of defense.

The highest security however is when our charging is set to Off mode.

Other privacy protections are following, about GrapheneOS there could be really created separate posts series:

Hardened kernel
Hardened app runtime
Sensors permission toggle: disallow access to all other sensors not covered by existing Android permissions. Or even there is a feature, that can send you alerts whenever an app will request for sensors.
LTE-only mode to reduce cellular radio attack surface by disabling enormous amounts of both legacy code (2G, 3G) and bleeding edge code (5G).

Wi-Fi privacy

MAC randomization per each connection unlike in standard android it's done per network. So regardless whether I've been connected to the network or not, if I reconnect, my device is treated as completely different one.

There is a whole much more when it comes to GrapheneOS and what they do, when it comes to privacy protection. If you're more tech savvy than me and you know the infrastructure of the internet from the ground up, you can check out the GrapheneOS website

Unfortunately, GrapheneOS is limited only to Pixel 6 and newer phones, however there was announced that arguably Motorola will have partnership with GrapheneOS

Now you might wonder, why tha heck is a private OS available only on Google's phones ? Let me explain.

The Technical Constraint

GrapheneOS needs direct control over the Titan M2 security chip, which only Pixels expose at the required level. This isn't arbitrary gatekeeping; it's a hardware reality. Other devices either don't provide the necessary low-level access or have weaker security foundations. You're not choosing Google—you're choosing the only viable hardware that can run proper security hardening.

Stripping Google Down

Here's what actually happens: GrapheneOS removes Google Play Services, GMS, and proprietary Google binaries by default. Your bootloader locks with your key, not Google's. No persistent telemetry pipeline. The OS doesn't phone home unless you explicitly enable Sandboxed Google Play for specific apps.

So yeah, you bought from Google. But the software surface they can exploit is drastically smaller than stock Android.

The Trust Question

Can Google backdoor you through the Titan chip? Technically yes. But realistically? It'd destroy their business model (which runs on advertising data, not targeted espionage) and burn every ounce of credibility they have.

What you can actually verify:

Audit the open-source code yourself
Run tcpdump to inspect network traffic
Enable reproducible builds to verify the binary matches the source
Confirm zero Google domains in your traffic

The Real Answer

You're not achieving perfect de-googling. You're reducing Google's attack surface from massive to moderate. It's not self-denial—it's accepting that perfect security doesn't exist and choosing the best available option given the constraints.

The alternative isn't "truly de-googled." It's either stock Android (guaranteed surveillance) or building your own phone from discrete components (impractical). GrapheneOS + Pixel is the pragmatic best-in-class solution for commodity mobile privacy.

Alternative Privacy Operating Systems: CalyxOS, IodeOS, LineageOS

Browsers

We've got private OS, private messengers, now it's time to talk about private browsers so that you're not screwed and spied by simply browsing through the internet.

There are couple of privacy options that are worth switching to. The Browsers are following:

Tor Browser
Brave
Firefox
LibreWolf
Mullvad Browser
DuckDuckGo

Tor Browser — The Gold Standard

Tor's the closest you get to truly untraceable. Here's what makes it beast-level:

Onion routing: Your traffic bounces through minimum 3 encrypted nodes. Even if someone sniffs the exit node, they can't connect it back to you because the previous relay is encrypted.

Letterboxing: Rounds your screen resolution to standard buckets (1000x1000, 1400x900, etc.) so sites can't fingerprint you via screen dimensions.

First-Party Isolation (FPI): Cookies are isolated per-domain. A tracker pixel from Facebook can't see what you did on Amazon because they're treated as completely separate contexts.

Standardized everything: User agent, fonts, extensions—everyone looks identical on the network, so statistically you're hidden in a crowd of thousands.

Tradeoff: Slower (routing overhead), some site breakage from hardened CSP/XSS protections.

Brave

Brave is the pragmatic choice for daily use. You get strong protections without sacrificing UX:

Shields: Built-in tracker blocking (uses multiple blocklists) + ad blocking at the rendering level. No extensions needed.

Script sandboxing: Third-party scripts execute in isolated contexts, limiting their ability to communicate across sites.

Cookie isolation: Tracks HTTPS/HTTP + domain separation so cross-site tracking is harder.

Fingerprint randomization: Changes some fingerprinting vectors (Canvas, WebGL) on reload.

Additionally when it comes to features that some people might search for, is actually ads-blocking so you can enjoy watching youtube without any ads and I think it's awesome, I remember how much I suffered because of stupid ads that were kind of targeted at me by youtube.

Brave supports extensions as it's based on chromium engine.

It supports also in-background running by default so you don't have to spend monthly on spotify subscription or something else. You can run youtube music on brave and you have the same effect.

Firefox

I was honestly shocked it is privacy browser, because as I was younger I always associated it with spyware. However Firefox turns out to be privacy respecting.

Firefox lets you actually own your privacy config:

Total Cookie Protection (ETP): Isolates cookies in a "cookie jar" per website. Cross-site tracking via cookies is blocked by default.

Container tabs: Firefox Multi-Account Containers segregate cookies/data per container, so different "identities" don't bleed together.

Advanced hardening via about:config: You can disable WebGL, limit canvas fingerprinting, disable plugins, tweak timing attacks, etc.

Catch: Requires manual tuning for maximum security. Stock Firefox is good, but paranoid Firefox requires config knowledge.

Furthermore, they added 50GB Free VPN recently for every user. And firefox is one of the only browsers that support extensions/add-ons in mobile browsers, so if you have something like blocking keywords or you basically want to add nsfw extensions to your phone it's a good solution to use firefox, while keeping you private.

Mullvad Browser

This is the Tor Project + Mullvad VPN collab. Basically:

Takes Tor's hardening tech (letterboxing, FPI, standardized fingerprints).

Removes the onion routing overhead.

Assumes you'll pair it with a external VPN for network-level privacy.

Key quirk: Zero persistent state. You log out when you close the browser. No bookmarks saved, no history. That's intentional—harder to track habits.

LibreWolf

LibreWolf's Firefox with Mozilla's telemetry ripped out + pre-baked security config:

No telemetry, no studies, no data sharing with Mozilla.

Ships with hardened about:config by default.

uBlock Origin pre-installed.

Minimal network calls back to Mozilla servers.

Perfect if: You like Firefox's ecosystem but want Mozilla's data collection gone.

DuckDuckGo Browser

I actually used to use Duckduckgo as a browser, but because it was annoying that they had no extensions support for mobile apps. I would rather treat it as quick-search browser and nothing else. However I do use DuckDuckgo products and I really appreciate them. Also they do not support the in-background running by default just as firefox, so you're prolly need an extension for it.

Core Privacy Tech Stack

Search Layer (No Tracking)
Zero search history storage: DuckDuckGo doesn't save or tie your searches to you. Compare that to Google storing everything linked to your account.

No user profiles: Unlike Google's ad-targeting, they literally can't build a profile because they don't collect the data in the first place.

Business model is honest: Makes money from context-based ads (ads based on what you're currently searching, not your history), not behavioral targeting. This is key—it removes the incentive to spy on you.

Third-Party Tracker Blocking (The Heavy Hitter)
This is where DDG flexes. They've built multiple overlapping protections:

3rd-Party Tracker Loading Protection — Blocks trackers before they even load

Uses Tracker Radar (their own open-source web crawler) to identify tracking domains

Prevents requests to known trackers (Google Analytics, Facebook pixels, etc.) from being sent at all
This is crucial: Stops your IP + other identifiers from being sent
to tracker endpoints

3rd-Party Cookie Protection — Isolates cookies per domain
A Facebook tracker pixel on Amazon can't see what you did there
1st-Party Cookie Protection — Protects against persistent cookies on individual sites

CNAME Cloaking Protection — Blocks sneaky tracker domains hidden under first-party CNAME records
Tech companies sometimes mask tracker domains to look like the site's own domain to bypass cookie protections

Fingerprinting Protection
Randomizes canvas/WebGL fingerprinting vectors
Limits what scripts can detect about your device

Google-Specific Protections (Because Google is Everywhere)

They literally have dedicated protections for Google's tracking schemes:

Google AMP Protection — Strips Google AMP wrappers that let Google track your clicks

Google Topics Protection — Blocks Google's Topics API (their creepy replacement for third-party cookies)

Google Protected Audience API Protection — Blocks FLEDGE (their new ad auction system that still tracks you)

Google Sign-In Pop-Up Protection — Removes those annoying "Sign in with Google" nags

Link Tracking Protection
Strips tracking parameters from URLs before you click
Example: amazon.com?utm_source=facebook&utm_medium=ad gets cleaned to just amazon.com

Referrer Tracking Protection
Blocks the HTTP Referer header from leaking where you came from
Encrypted Connections (Smarter HTTPS). Automatically upgrades to HTTPS when available. Prevents ISP/network-level snooping.

Email Protection
Generates unique @duck.com email aliases when signing up for services. Aliases forward to your real email but mask your identity
Strips email tracker pixels before forwarding
Example: You get unique-alias@duck.com, give it to a sketchy site, it forwards to your real inbox but without the tracking pixel

Duck Player (YouTube)
Strips YouTube's tracking and disables personalized recommendations
Reduces invasive ads. Your video views don't pollute your YouTube history.

Cookie Pop-Up Protection
Automatically clicks the most privacy-friendly option on GDPR/CCPA pop-ups. Then hides the pop-up so you don't see it again.

The Fire Button
One-click nuke of recent browsing data. Clears locally stored data instantly.

Global Privacy Control (GPC)
Sends a standard signal to websites telling them not to sell/share your data.Works via HTTP header + JavaScript signal (platform-dependent). On Windows, it sends both header + JS. On Mac, JS only for compatibility reasons.

Search Engines

Ok, now as we took care of the Operating System, Browser it's time for Search Engines. And in advance I say, no there will be no google in this list (lol).

That's because we would not like to be targeted for ads and having collected our data by company or companies that appear to be friendly to your privacy and data and apparently they see and store all our movements, conversations and more. We would do it for many reasons, either to prevent ourselves from unnecessary expenditures, prevent from trackers e.g. location trackers, profiling us etc.

Before we start yet, I have to mention that there are a ton more search engines, than I thought there are. Therefore I will not discuss each one but will discuss only 6 and for more knowledge I highly encourage to read this article.

Let's first understand the fundamentals of how these systems operate before we list the details on each search-engine. This knowledge is crucial for appreciating the technical differences between privacy-focused and traditional engines.

The Web Crawler: Your Digital Librarian

A web crawler (also called a bot or spider) is an autonomous software agent that systematically browses the web to discover and index content. Think of it like a tireless librarian that never sleeps. Here's how it works:

Discovery: The crawler starts with a list of known URLs, then follows hyperlinks to discover new pages
Fetching: It downloads the HTML, CSS, and other content from each page
Indexing: The content is analyzed and stored in a massive database (the search index)
Processing: Text is extracted, links are catalogued, and metadata is recorded
Updates: Crawlers continuously revisit pages to detect changes

The crawled data is stored in an inverted index — a data structure that maps every word on the web to the pages containing that word. This allows lightning-fast lookups when you search for a query.

The Search Algorithm & Ranking System

When you submit a query, the search engine doesn't re-crawl the web — it queries its pre-built index. The ranking algorithm determines which results appear first. Traditional engines like Google use factors like:

Relevance: How well the page matches your query keywords
Authority: Link count and quality (PageRank)
Personalization: Your search history, location, device, and browsing behavior (the privacy killer)
Click-through rates: Which results users click on
Freshness: How recently the page was updated

The Privacy Problem in Search

Here's where traditional search becomes invasive. When you search Google:

Your IP address is logged
Your search query is stored and linked to your account/device
Cookies track you across the web
Your behavior is profiled to personalize ads
This data is cross-referenced with your other Google services (Gmail, YouTube, Android)

This creates a detailed profile of your interests, location, health concerns, financial status, political beliefs, and more. That's the data economy that funds free search.

And in order to prevent companies or even governments from taking advantage of your searches, you should use private search engines.

1. DuckDuckGo

Location: Paoli, Pennsylvania, United States

Founded: September 25, 2008

CEO/Founder: Gabriel Weinberg

Market Share: ~2% (highest among privacy engines)

DuckDuckGo is the heavyweight of private search — and for good reason. It's been my personal choice because the entire ecosystem they've built goes beyond just search.

I personally use DDG as my search-engine together with other products offered by DDG, but more on that in next posts.

How DuckDuckGo Works

Unlike many competitors, DuckDuckGo doesn't rely on a single source. Its search results come from a hybrid of over 400+ sources:

Bing API: Primary source for general web results
DuckDuckBot: DDG's own web crawler that supplements Bing results
Wolfram Alpha: For computational queries
Yahoo! Search BOSS: Historical data
Yandex: International coverage
Wikipedia: Knowledge panels

This is crucial because it means DDG isn't fully dependent on Microsoft's infrastructure. They've invested in building their own crawler (DuckDuckBot) to create partial independence.

Privacy Architecture

DDG's privacy model is straightforward:

Zero Tracking: No IP address logging, no search history storage, no user profiling
No Search Leakage: Your search query isn't passed to the websites you click on (this alone is huge)
Encryption: All connections use HTTPS, preventing ISP snooping
No Cookies for Tracking: Only essential cookies for functionality
Global Privacy Control (GPC): Auto-signals opt-out preferences to websites

Pros

✅ Largest privacy search community — best network effects

✅ Actual independence — uses own crawler + multiple sources

✅ Clean interface — no bloated UI

✅ Respectable search quality — Bing's index is solid

✅ Full ecosystem — everything integrates

✅ Open source contributions — DuckDuckHack community

✅ Transparency — clear about what they don't collect

Cons

❌ Depends on Microsoft Bing — During 2024 Bing outages, DDG stopped working

❌ Less personalized results — No history means generic suggestions

❌ Limited independent index — DuckDuckBot is supplementary, not primary

❌ Ad-supported model — Non-personalized ads still shown

❌ Search quality inconsistency — Sometimes results lag behind Google

❌ Premium required for full privacy — Basic version still has limitations

The Real Talk

DDG is solid if you want the path of least resistance. The ecosystem approach means you get privacy across multiple touchpoints. But here's the thing — it's still fundamentally dependent on Bing's infrastructure. That 2024 outage proved it.

2. StartPage

Location: The Hague (Den Haag), Netherlands

Founded: 2006

Ownership: Dutch company, part of System1 (US-listed)

Market Share: ~0.06%

StartPage is the proxy-based privacy champion. If you want to understand sophisticated privacy architecture, this one's worth studying.

The Architecture: Proxy-Based Anonymization

Here's what makes StartPage different from DDG — it uses a middleman approach:

Your Query: You search on startpage.com
Premise Servers: Locked cabinets with non-US administrators
Your IP Removed: All identifying info stripped (full IP, not just last octet)
Query to Google: Startpage's servers ask Google for results (no user info attached)
Results Returned: Google sees Startpage, not you
You Get Results: Back to your browser without tracking

This is clean. Google literally doesn't know who's searching. The encryption uses:

SSL/TLS: Secure socket layer between you and Startpage
Perfect Forward Secrecy (PFS): Each session gets unique encryption keys
HTTPS Everywhere: All connections encrypted

Why Google Results Matter

StartPage literally serves Google's search results but anonymizes your query. This is a trade-off:

Pro: You get Google-quality results (often considered the best)

Con: You're still dependent on Google's index, just with privacy wrapping

Pros

✅ Google-quality results — Best-in-class search

✅ True anonymity — Full IP removal, not partial

✅ EU jurisdiction — GDPR protections, privacy-first legislation

✅ Transparent operations — Explains technical flow clearly

✅ Anonymous View feature — Proxy browsing for extra privacy

✅ No account required — Works anonymously out of the box

✅ Endorsed by privacy experts — Edward Snowden recommends it

Cons

❌ Completely dependent on Google — No independence if Google changes

❌ Tiny market share — Niche product, limited resources

❌ Slower than direct Google — Added proxy layer = latency

❌ Limited feature set — Minimal instant answers compared to DDG

❌ Less aggressive crawler — Supplementary indexing only

❌ Owned by System1 — US company owns the parent (though Dutch HQ adds protection)

Technical Depth

The premise server setup is where the magic happens. Unlike traditional architectures, the servers are:

Physically locked in cabinets
Managed only by non-US staff (avoiding US legal jurisdiction)
Isolated from cloud providers (avoids Patriot Act issues)
Running their own anonymization pipeline

This is more robust than DDG's approach because there's no direct connection between your query and Google's servers.

3. Brave Search

Location: San Francisco, California, USA

Founded: June 2022 (beta), fully released

Parent Company: Brave Software, Inc.

Current Status: Growing, recently hit 100% independence

Brave Search is the young gun with serious ambitions. This is what a true independent index looks like.

The Independence Factor

Here's what makes Brave radical: it's building its own web index from scratch.

Aspect	Brave	DuckDuckGo	StartPage
Search Index	Own independent index	Bing (80%+) + own crawler	Google
Dependence	Minimal Big Tech	High (Microsoft)	High (Google)
Index Size	93% of results from own index	Supplementary	0%
Crawling	Brave owns the crawler	DuckDuckBot supplement	No crawling

This is huge. Brave doesn't have to negotiate with Microsoft or Google. They built their own.

How It Works

Web Crawling: Brave's crawler indexes the entire web
Independent Storage: Results stored in Brave's servers
Community Feedback: Users can upvote/downvote to improve results
Goggles: Custom ranking filters users create
No Bing/Google: Zero reliance on Big Tech indexes

Privacy By Design

Brave Search doesn't track because it wasn't built to track:

No User Profiles: Engine designed from ground-up for privacy
No Cookies: Zero tracking cookies by default
No Browsing Data: Device info not collected
No IP Logging: IP addresses not stored
Optional Web Discovery Project: Users can opt-in to help improve results (anonymously)

Innovative Features

Goggles: This is brilliant. You create custom ranking rules:
Example Goggle:

Boost scientific papers
Hide social media
Prioritize academic sources
Downrank clickbait

Others share their Goggles, creating community-curated search experiences.

Discussions: See real discussions about topics (Reddit threads, forums) integrated into results.

AI Summarizer: Generates concise answers with cited sources (not hallucination-prone like competitors).

Pros

✅ True independence — Own index, no Big Tech dependencies

✅ Private by architecture — Not bolted on as afterthought

✅ Goggles feature — Community-driven ranking customization

✅ Growing rapidly — 100M+ monthly active users (Brave browser)

✅ Excellent privacy defaults — Zero tracking, zero profiling

✅ Web Discovery Project optional — Can contribute anonymously

✅ US-based but transparent — Open about design principles

✅ Premium option — Ad-free for supporters

Cons

❌ Young search engine — Still refining result quality

❌ Different results than Google — Learning curve for power users

❌ Smaller index — 93% own index still maturing

❌ Brave browser required for best integration — Works standalone but better with ecosystem

❌ US jurisdiction — No GDPR-level protection (though privacy-first design)

The Blockchain Angle

Brave is built by people who understand decentralization. Their philosophy of "no Big Tech dependency" aligns with blockchain thinking. They're even working on integrating Web3 concepts into search (cryptocurrency tipping, decentralized indexing discussions).

4. Swisscows

Location: Egnach, Switzerland

Founded: Originally as web directory in 2002, evolved to search engine

Data Center: Swiss Alps

Unique Selling Point: Family-friendly + Swiss data protection

Swisscows is the extreme privacy option. They don't mess around.

The Switzerland Advantage

Switzerland has:

Federal Data Protection Act — Stricter than GDPR in some ways
"Bunker" Data Center — Swiss Alps location, highest security
No US Jurisdiction — Patriot Act doesn't apply
Strong banking privacy traditions — Culture of secrecy

Swisscows headquarters is in Egnach, serving this exact jurisdiction.

Technical Stack

Own Servers: Swisscows has its own infrastructure (unlike most competitors):

Located in Switzerland only
Not using cloud providers (avoids Patriot Act)
Only Swiss staff can access servers
Queries anonymized after 7 days

Search Index: Originally powered by Bing, but recently partnered with Brave to develop independent European index. This is strategic.

Privacy Features (Standard)

No data collection on free version
IP address removal
No user profiling
No cookies for tracking
Semantic search (intelligent understanding)

Swisscows Pro (Premium)

For absolute paranoia (in the good way):

Feature	What It Does
Zero Data Storage	Literally no data saved about you, ever
100% Anonymous	Complete anonymity, even from Swisscows
Ad-Free	No advertising revenue model needed
Custom Results	You curate which sources appear
Swiss Servers Only	No data leaves Switzerland

Family-Friendly Feature

Swisscows filters pornographic and violent content by default:
This is useful for:

Schools wanting safe search
Parents protecting kids
Organizations with content policies

Some see this as censorship, others appreciate it.

Pros

✅ Strictest privacy jurisdiction — Swiss law is gold standard

✅ Own servers — No cloud, no Patriot Act risk

✅ Bunker data center — Physically secure infrastructure

✅ No US parent company — Completely independent

✅ Partner with Brave — Contributing to European index independence

✅ Family-friendly filtering — Good for institutions

✅ Very transparent — Clear about what they do/don't collect

✅ Semantic search — Intelligent query understanding

Cons

❌ Tiny market share — ~0.001% usage

❌ Limited result quality — Smaller index means gaps

❌ Expensive premium — Around €89/month or €899/year

❌ Content filtering controversial — Some see it as censorship

❌ Newer to independence — Recently partnered with Brave for index

❌ Language limitations — Better for European languages

❌ Poor search features — Minimal instant answers or tools

5. Qwant

Location: Paris, France

Founded: February 2013

Founders: Jean-Manuel Rozan, Éric Léandri, Patrick Constant

Government Support: Backed by French state investment

Market Share: ~0.5% (mostly in Europe)

Qwant is France's answer to Google dominance — and it's complicated.

The French National Project

Qwant received backing from French government and Caisse des dépôts (French investment bank) because of geopolitical concerns about US tech dominance. This is interesting from a sovereignty perspective.

How It Works

Qwant uses Microsoft Bing as primary index with its own improvements:

Fetches Google results for some queries
Has own index but it's supplementary
Uses Wikipedia for knowledge panels
Integrates APIs from TripAdvisor, DeepL, YouTube, Twitter, Facebook

The results are similar to Bing because that's the underlying technology.

Privacy Model (Mostly)

Here's where it gets murky:

What Qwant Claims:

No tracking cookies
No personalized ads
No user profiling
Queries anonymized

What Actually Happens:

Sends data to Microsoft Bing Ads for ad targeting
IP address is masked (last octet removed) but not fully anonymized
User-Agent and search keywords sent to Microsoft
Data retained up to 18 months (not "never stored")
This wasn't disclosed until mid-2021, causing privacy backlash

This is the fundamental weakness. They claim privacy but still feed Microsoft your behavioral data for ad targeting. It's better than Google, but not actually private.

Unique Features

Junior Mode: Filtered version for kids (similar to Swisscows)

Collections: Save and organize search results like Pinterest

Qwant News: Aggregated news with diverse sources (actually good feature)

Translation Integration: Built-in DeepL translator for results

Pros

✅ EU/France jurisdiction — GDPR protected

✅ Government investment — Funding stability

✅ No personalized ads — Ad model isn't behavior-targeted

✅ Decent search quality — Bing is solid index

✅ News aggregation — Good for current events

✅ Junior mode — Family-friendly filtering

✅ Fast interface — Minimalist design

Cons

❌ Misleading privacy claims — Says "private" but feeds Microsoft data

❌ Bing dependent — No independence from Microsoft

❌ Data retention — 18 months storage contradicts privacy narrative

❌ Limited features — Fewer tools than Google/DDG

❌ Tiny market share — Limited resources for improvement

❌ French government ties — Some see as political tool

❌ IP masking not anonymization — Last octet removed ≠ private

❌ Unreliable history — Financial struggles, multiple pivots

The Real Problem

Qwant markets itself as private but fundamentally isn't. The Bing Ads data sharing was buried in their privacy policy. For crypto people doing sensitive research, this is a no-go. You're still being profiled, just not visibly personalized.

6. Ecosia

Location: Berlin, Germany

Founded: December 2009

Founders: Christian Kroll, Achim Steiner (UN figure)

Business Model: Non-profit, B Corp certified

Market Share: ~0.04%

Ecosia is unique because it's not primarily about privacy — it's about environmental impact. But it's worth understanding because the trade-offs are interesting.

The Mission

Ecosia uses search revenue to plant trees. 50% of profit goes to reforestation projects:

45+ million trees planted (as of 2024)
Partnerships with The Nature Conservancy, IUCN
Multiple continents: Brazil, Indonesia, Ethiopia, Peru, India
Verified impact tracking

This is legitimate environmental work, not greenwashing.

How It Works (Technically)

Ecosia uses Bing index (like DuckDuckGo and Qwant):

Powered by Microsoft Bing results
Own supplementary crawler (Ecosiabot)
Generates revenue through Bing partner ads
Takes ~€0.50 per search to tree planting

The economics: You search → Bing shows ads → Ecosia gets commission → ~50% goes to trees

Privacy Features

Here's the reality check:

What Ecosia Does Right:

No persistent user tracking
No search history storage
HTTPS encryption
No third-party profiling cookies
GDPR compliant (EU based)

Where Privacy Falls Short:

IP address logging — Stored for debugging, cleared after 7 days
Bing data sharing — Microsoft sees your searches (anonymized but still shared)
Analytics cookies — Matomo analytics (privacy-focused but still collects)
Limited anonymization — Not like StartPage's full proxy approach

Ecosia is more private than Google but less private than DuckDuckGo/StartPage.

Environmental Breakdown

Initiative	Details
Tree Planting	45M+ trees in 70+ countries
Carbon Negative	Offsets more CO2 than servers emit
B Corp Certified	Independent third-party verified
Transparent Reporting	Monthly impact dashboard public
Partnership Model	Works with local organizations

The tree count is audited. They show exact locations, coordinates, photos. This is serious environmental work.

Pros

✅ Environmental impact verified — Real trees, real numbers

✅ Decent privacy — Better than Google, not as strict as DDG

✅ B Corp certified — Independent auditing of social mission

✅ Reasonable search quality — Bing index is solid

✅ Transparent financials — Public impact reports

✅ EU jurisdiction — GDPR protection

✅ Growing adoption — ~15M monthly active users

✅ Mission-driven team — Passionate about environment

Cons

❌ Privacy not primary focus — IP logging, Bing data sharing

❌ Bing dependent — No search independence

❌ Effectiveness questioned — Tree planting ROI debated

❌ Limited instant answers — Fewer tools than Google/DDG

❌ Smaller index — Result quality gaps on niche queries

❌ Free version slower — Premium for faster results (weird model)

❌ Can't verify tree quality — Planting numbers public, survival rates less so

❌ Ad-supported — Still needs advertising revenue

The Trade-Off Philosophy

Ecosia explicitly says: "Choose environmental impact over maximum privacy"

This is honest. If your primary concern is privacy, use DuckDuckGo or StartPage. If you want to offset carbon while searching reasonably privately, Ecosia makes sense.

Comparison Matrix

Engine	Privacy Tier	Independence	Speed	Search Quality	Jurisdiction	Best For
DuckDuckGo	Excellent	Medium (Bing+own)	Fast	Very Good	USA	General use, ecosystem
StartPage	Extreme	Low (Google proxy)	Medium	Excellent	Netherlands	Google quality + privacy
Brave	Excellent	High (own index)	Fast	Good/Improving	USA	Independence-focused
Swisscows	Extreme	High (own infra)	Fast	Fair	Switzerland	Absolute privacy, bunker
Qwant	Fair (misleading)	Low (Bing)	Fast	Good	France	EU users, news
Ecosia	Good	Low (Bing)	Medium	Good	Germany	Environmental impact

Summary

Online Privacy is not like a road from Point A to B. It's a rather a multi-layer process, that if taken seriously and applied correctly, can benefit you and your environment by liberating you from big-tech, government surveillance.

This is a way I would envision privacy. Btw, the Penguin is probably the Linux one :D

I hope you enjoyed this article and you learnt something from it. I honestly have spent hours on reading, fact checking, researching, comprehending and editing the text so that not only me but also you could understand it.

Be ready for Part 2 ! Where I will present couple of alternatives for Mail Providers and Messengers for you, so that you can switch from the big-tech ones to more private ones.

My Take On AI and Technology (Besides the Pure Developer PoV)

Luftie The Anonymous — Fri, 27 Feb 2026 09:55:50 +0000

Hello Dev.to community !

I hope you're all doing well, today I decided for a little bit more controversial topic this time and namely to present my point of view on AI besides just a tool for code-analysis, vibe-coding, generating images or other cuty activity people use AI for. Are you're interested ?

Buckle up and let's go !

WARNING ⚠️: This article contains personal views on the modern technology of Artificial Intelligence and current world's geopolitical situation and actions of certain governments. This article has in no condition been written with intent to trigger fear or be taken as an oracle.

But before I start, some entry information for a reader, so that they would know who is writing that to make the things clear.

Introduction Information

I define my views in case of world-views as an crypto-anarchist. I do not support any political side, I think out of the box.
I do not belong to any associatations (like idk what you guys would think of me, that I'm foil-cap gang member or whatever, lol), every statement I make is my personal view.
I'm an Web3 Developer with 3 years of experience in full-stack web-dev, with many interests on IT, so I also grasped some take on how AI neuro-networks are actually working. My knowledge on AI bases on youtube videos from experts on it, Brilliant lessons (on AI)
My opinions are based on previous historic events and history of human species evolution.

General take on AI

First of all, to make clear I treat AI as an statistical/probabilistic model that predicts the next word sequence, based on the appearance-ratios to certain word given. Which means every time it generates an output, I know that it's just pure statistics and probability based on the data that it posesses. And I state that we should not let AI just automate everything, without human-intervention on the entire workflow.

Whenever it generates an output for generating a list of elements in React:


import React, {useEffect, useState} from "react";
import {getData} from "../some/directory/utils.ts"

function DataList<T>(databaseTable:string){

const [data, setData] = useState<T[]>();

async function fetchData() {
      setBio(null);
      const result = await getData(databaseTable);
if(results.length > 0){
setData(result);
}
    }

useEffect(()=>{
fetchData();
},[]);


return (<div className="some-style">
{data.map((element)=>(<Element data={element}/>))}
</div>)
}

export default DataList;

I can infer 2 things:

The model I'm working on has been trained only on junior code
My prompt was not specific enough

For those who do not know what the heck am I talking about is that, this component presents very poor understanding of useEffect hook in React, because it will get executed only once and the array content will not be trigged on any changes to parameter databaseTable.

But AI-code generation known also as vibe-coding and generally these all accessible AI-models, is just a top of the iceberg. As you could see on the thumbnail, I linked a video which informs that Antrophic has announced due to the US Department of War,...sorry ("Defense") the change of the guardrails, having as the author of the video said:

Abandoned the company's ethics rules for their AI-models

Well, for someone that is not really into history or just operates in a deep in a bubble and is absorbed by their environment (which is understandable), it might sound just as another boring company statement, updating some policies etc.

In fact however, it is for me a sign like:
Ok in 1940s there's been the necluar bomb created...BY SCIENTISTS for government. This time perhaps AI-companies will be used as those who will create an Skynet-like weapon.

AI-companies are already involved in various dubious actions like transactions with NVIDIA --> OpenAI cycles etc. (sorry for that generalization) and OpenAI turning from non-profit to for-profit. Besides Scam Altman to state differently. Well as someone said:

Everything is temporary

AI Madness Time

Social media and also media per se are flooded with articles on the AI spreading fear and announcing another AGIs, paralyzing newbies and repeatedly speaking of replacement by AI.

I will mention only that for me it's absolutely not apprehensive, how and why someone would allow tools made by some company or by some dude, that came back with a milk after years like OpenClaw/Moltbot whatever to manage THEIR private data and information.

Here the podcast episode with the main-character from OpenClaw

I'm wondered because OpenClaw and AI automation is not flawless and it performs bugs as well, here an example.
Openclaw deletes entire inbox

My AI-usage

My personal AI-stack is actually quite peculiar, because I use actually only duck.ai wrapper for my daily usage (Privacy first).
I contemplated about purchasing an subscription for github co-pilot, but for now I don't think it's necessary.

I use AI quite often to handle errors if I can't find the bug on my own for a bit longer, but not like:
"Hey Bobert, fix the code for me, no mistakes !"-guy, but rather in a way.
"I'm running into an issue: [The error message]. I tried [list down the steps] and I still could not resolve that error. Find the issue inside my code and provide the potential solution approach."

Basically I let it check whether it spots some logic failure of mine whenever I get an error faster than I fix and then learn from it.

Why I write about it ?

I write this article in order to showcase the deceitful narrative served by social-media about AI, that should "make people more creative" etc. I want to showcase that conversely it turned out that creativity is almost gone and noone cares:

Almost every website is currently looking the same (they use shadcnx + next.js + tailwind) with basic template and design not so much customized, if that's called creativity, thus I'm done also with web-dev as it's so red ocean area, that it's not engaging to enter anymore.
The amount of shitty code increased.
The IQ level of an average person decreases instead of increasing
Scammers got a perfect tool to make their scams even more benefitial. I recently helped some person of my narrow-circle of contacts to investigate why there's been some amount of money taken from their bank-account. It turned out that they have used for some period of time a tool in free trial, but there was no mention about it's expiration or when they will get charged. Additionally the tool they used was so shit that OSINT tools like https://haveibeenpwned.com/ or such websites would give more comprehensive data than that tool.
People are getting paralyzed
Social connections for people are tough to be bound

And there are other much bigger social, financial and technological issues coming from AI.

I do not state that we should stop using AI etc. I just assert the facts of different point of view on AI and it's impact.

And if you're fed up and want to stop reading, please read next few lines about primary purpose of Internet and you can go.

Primary Purpose of the Internet

For a context of my conjecture on possible miss-use of AI companies by government. Let's head back to the ground-level of digital world, the Internet. If you have ever wondered why the internet has been created, who created it and why isn't the creator of internet a rich well known guy. The answer is quite simple. One of the leading scientists in building the internet were Vint Cerf and Paul Baran, who was building the internet for the Government's Commission to build a communication system that surrvives nucluar attack.

No social-connection and building better world focused, not enhancement for good. It's been built for again:

Government to build a communication system that survives neclear attack

Here is the link to the confirmation of what I say

And this has been with any other invention or any other science-field. Cryptography (my main focus in my career) has not been invented to enable regular people securely communicate, it's been for the military purposes. Is that a reason why I should throw away cryptography otherwise should be named a spy ?

Well for some people perhaps yes, but I comprehend their statement. I was and still am oppose to the governments and any globalists ideas, I think not using the ready to use tools and building something from scratch is pointless and irrational.

Additionally one simple but broad fact, inferred by me from the human species history study

Environment changes, possibilities changes, patterns stay the same: Throughout many years the technology has evolved, live conditions enhanced, but patterns remained. What do I mean ?

Surveilance and Control was always the purpose on the first place. Because I studied for some time history of Britain, creation in 1086 of the Domesday Book is one of the example of rising surrveilance.
Media are basically the subordinaries of the government or the opposition, depending on who will be paid.

Human have actual not evolved much from monkey: controversial, but unfortunately the truth is that any action in our life can be narrowed down to the monkey world. Which for me personally is sad, because the development of the new technologies is interesting and flabbergasting, but often flawed by monkey incentive, carved inside human brain.
Entities who pursued good for humanity were always mocked, taunted or were introverted: People like Nikola Tesla, whose biography I also studied was an phenomenal inventor, but he was not an entrepreneur like Edison, whom I actually condemn for the Propaganda against AC (Alternative Current) using it on animals. But as I said:

Greedy Monkey will do everything for more bananas.

And thus Tesla died feeding pigeons in a hotel room paid by the company as honorary for his work.

Conclusion

My take away from all of this would be quite simple. As a species we're likely on the verge on existence, meaning it will be a miracle if human species survives until 2100. So:

Switch off the media, focus only on what you are passionate about.
Don't let yourself absorb with stress and find your tribe (again monkey analogy XD) and contact with them.
Don't trust politicians and big companies in their incentives.
Don't stress about being replaced by AI, today world is so screwed that entrepreneurs are people like Amodei from Antrophic who can't fit a single deadline of replacing human by AI.

Happy Weekend and and stay tuned for first report of progression on sunday ! I decided I will post the reports of my efforts in cryptography and blockchain architecture weekly on sunday.

Stay safe, stay alert, stay curious ;D