Appendix D: Privacy Tools and Resource Directory

Practical Protections for the Surveilled

How to Use This Directory

This directory is a starting point, not a comprehensive guide. The privacy tools landscape changes continuously: software is updated, companies are acquired, security vulnerabilities are discovered and patched, and the legal status of certain tools shifts. Before relying on any tool described here for high-stakes privacy protection, you should:

  1. Verify currency. Check that the tool is still actively maintained and has not experienced recent security incidents. Software that is no longer maintained is no longer trustworthy.
  2. Match the tool to your threat model. A threat model is a realistic assessment of who might want access to your information, what capabilities they have, and what you are trying to protect. The appropriate tools for a journalist protecting a sensitive source differ from the tools appropriate for an ordinary person wanting to limit advertising tracking. Using maximum-security tools unnecessarily creates friction without proportionate benefit; failing to use adequate tools when facing serious adversaries creates real risk.
  3. Seek current expert guidance. Organizations including the Electronic Frontier Foundation (EFF), Access Now, and the Surveillance Self-Defense project maintain up-to-date guides. These should be your primary reference for specific, current tool recommendations.
  4. Understand what tools cannot do. No tool eliminates surveillance risk entirely. Privacy tools reduce risk; they do not eliminate it. Understanding what a tool does and does not protect against is essential to using it appropriately.

A note on organization names: This directory identifies organizations and tools by name and describes their purpose and approach. It does not include website URLs, as these change; search for current contact information using the organization or tool name.

Section 1: Communication Security

Why Communication Security Matters

Every message you send transits multiple systems — your device, your wireless or cellular carrier, internet routing infrastructure, and the recipient's device — any of which may be a point of interception or disclosure. Standard SMS text messages, ordinary telephone calls, and default email are transmitted in ways that make them accessible to cellular carriers, ISPs, and law enforcement with appropriate legal process. End-to-end encrypted communication is different: encryption is applied on your device before transmission, and can only be decrypted by the recipient's device. The carrier, the platform, and law enforcement cannot read content, because they never possess decryption keys.

Signal

Signal is a free, open-source messaging and calling application that provides end-to-end encryption for text messages, voice calls, video calls, and file transfers. Signal is maintained by the Signal Foundation, a nonprofit organization. Because Signal is open-source, its encryption code has been reviewed by independent cryptographers and is considered technically sound by security experts.

Signal's encryption model means that Signal, as a company, cannot read your messages even in response to court orders. It collects minimal metadata: only your phone number and the date of account registration. Signal also offers disappearing messages (messages that automatically delete after a set time) and a "Note to Self" feature for private notes.

Limitations: Signal requires a phone number for registration, which means it is associated with your identity at the carrier level. Signal's security depends on both parties using Signal; if you send a Signal message to someone using SMS, it sends as an unencrypted SMS. Signal's metadata protections, while strong, are not absolute: your carrier may have records of when your phone communicated with Signal's servers.

Encrypted Email

Standard email is not encrypted in transit or at rest in ways that protect content from email providers or law enforcement. Several alternatives exist.

ProtonMail is an email service based in Switzerland that provides end-to-end encryption between ProtonMail users and offers encrypted email to non-ProtonMail users with password protection. ProtonMail's servers store only encrypted messages; the company cannot read your email content. ProtonMail has been subject to Swiss law enforcement requests, which it must comply with when legally compelled — it has been required to provide IP address information in some cases.

Tutanota is a German-based encrypted email service with similar properties. Like ProtonMail, it stores only encrypted messages and cannot read content.

PGP (Pretty Good Privacy) is a standard for encrypting email using public-key cryptography that can be used with standard email clients. PGP provides strong technical protection but requires both sender and recipient to use it, and its key management is technically complex for most users.

Limitations: Encrypted email protects content but not metadata — who emailed whom, when, and how often. Metadata can be legally obtained from email providers even when content is encrypted. End-to-end encryption also does not protect against compromise of the devices on which email is read.

Wire and Other Alternatives

Wire is another end-to-end encrypted messaging application with additional features for team communication. Unlike Signal, Wire allows account creation without a phone number, which provides an additional layer of identity separation.

Practical guidance: For most people seeking to limit commercial tracking and routine surveillance, Signal is the most practical encrypted messaging choice. For people facing serious adversaries (journalists, activists, domestic violence survivors) or requiring institutional-grade security, consult the Electronic Frontier Foundation's Surveillance Self-Defense guide for current assessment of available tools.

Section 2: Browsing Privacy

Why Browsing Privacy Matters

Chapter 12 documents how the web tracking infrastructure monitors browsing behavior across millions of websites, builds behavioral profiles, and sells them in real-time bidding markets. Browser privacy tools reduce — but cannot eliminate — this tracking.

Firefox with Privacy Extensions

Mozilla Firefox is a free, open-source web browser maintained by the Mozilla Foundation, a nonprofit organization. Firefox's default privacy settings are stronger than most commercial browsers; with the addition of privacy extensions, it provides substantial protection against common tracking methods.

Essential Firefox extensions for privacy: - uBlock Origin blocks advertisements and tracking scripts across websites. It is widely considered the most effective and least performance-impacting ad-blocker available. Blocking trackers prevents the transmission of browsing data to third parties. - Privacy Badger (from EFF) learns to block tracking cookies and scripts through behavioral detection rather than static lists. - Cookie AutoDelete automatically deletes cookies from sites you are no longer actively using, reducing persistent tracking.

Firefox's "Enhanced Tracking Protection" (set to Strict mode) provides meaningful baseline protection without extensions.

Brave Browser

Brave is a browser built on the Chromium codebase that includes ad and tracker blocking by default, without requiring extension installation. Brave's Shields feature blocks third-party cookies, fingerprinting, and tracking scripts automatically. Brave's business model involves an optional opt-in advertising system that differs from the surveillance advertising model — an example of a technical architecture designed around different privacy defaults.

Limitations: Brave is a for-profit company. Its choices about what to block and what to allow involve commercial considerations as well as privacy considerations.

Tor Browser

The Tor Browser provides the strongest available browser privacy through routing your internet traffic through the Tor anonymity network. Tor routes traffic through three encrypted relays, obscuring your IP address from websites and your browsing content from your ISP and local network.

Tor is appropriate for: accessing websites without revealing your location; researching sensitive topics without creating a browsing record; communicating with sources in contexts requiring strong anonymity.

Tor is not appropriate for: logging into accounts associated with your real identity (this defeats anonymity); high-bandwidth applications like video streaming; situations where consistent fast browsing is required. Tor is significantly slower than conventional browsing.

Limitations: Tor protects anonymity at the network level but does not protect against browser-level tracking (JavaScript fingerprinting, account login). Maximum Tor protection requires specific use patterns described in the Tor Project's documentation.

Section 3: VPNs — What They Do and Don't Do

Understanding VPNs

A Virtual Private Network (VPN) creates an encrypted tunnel between your device and a VPN server, through which your internet traffic is routed. From the perspective of your ISP and local network, your traffic appears as encrypted communication with the VPN server. From the perspective of websites you visit, your traffic appears to originate from the VPN server's location, not your actual location.

What VPNs Protect Against

  • Your ISP seeing which websites you visit
  • Local network operators (coffee shop WiFi, workplace network) seeing your traffic
  • Websites learning your actual IP address
  • Geolocation-based content restrictions

What VPNs Do NOT Protect Against

  • The VPN provider: Your traffic is visible to the VPN provider. If the VPN provider logs traffic, keeps connection records, or is compelled by law enforcement, your privacy may be compromised. This is why VPN provider selection and its jurisdiction matter.
  • Browser-level tracking: Cookies, browser fingerprinting, and login-based tracking identify you regardless of your IP address.
  • Malware: A VPN does not protect a device that has been compromised.
  • Account-based identification: If you log into Google while using a VPN, Google can associate your activity with your account regardless of IP masking.

Criteria for Choosing a VPN

  1. No-logs policy with audit: Reputable VPN providers claim not to store logs of user activity. Look for providers whose no-logs claims have been independently audited.
  2. Jurisdiction: VPN providers are subject to the laws of the country where they operate. Providers based in countries with strong privacy laws and outside intelligence-sharing alliances (like the "Five Eyes") offer stronger protection.
  3. Open-source code: Providers with open-source VPN clients allow independent security review.
  4. Payment privacy: Using cash or privacy-preserving cryptocurrency to pay for VPN service reduces the identity trail.
  5. Business model: Free VPNs are often supported by data monetization, which defeats the purpose. Pay for a VPN from a provider whose business model aligns with privacy.

Reputable Options

Mullvad is widely cited by privacy researchers as a strong option: it accepts cash and cryptocurrency, does not require an email address to register (uses only account numbers), has been independently audited, and is based in Sweden.

ProtonVPN is operated by the same organization as ProtonMail, is based in Switzerland, has open-source code, and has been independently audited. Free and paid tiers are available.

These are offered as examples of the features to look for; conduct current research on their status before relying on them.

Section 4: Operating Systems for Privacy

Tails

Tails is a live operating system — run from a USB drive — that routes all internet traffic through Tor and leaves no trace on the computer being used. Tails is designed for temporary, anonymized computing: when you shut down, nothing about the session is stored. Tails is used by journalists, activists, and anyone requiring a clean computing environment.

Limitations: Tails is not appropriate for everyday use (no persistent storage by default, slow). It provides strong protection against surveillance of the current session but does not protect against physical surveillance, adversaries who have compromised hardware, or user errors.

Whonix

Whonix is a virtual machine-based operating system that routes all communications through Tor. Unlike Tails, Whonix is designed for ongoing use — it can run simultaneously with your regular operating system inside a virtual machine (typically VirtualBox). Whonix is more suitable for regular privacy-protective computing than Tails, though it requires more technical setup.

Regular OS Hardening

For most students, full OS replacement is not appropriate; instead, hardening regular operating systems is more practical: - Enable full-disk encryption (FileVault on macOS, BitLocker on Windows, built into most Linux distributions). - Enable automatic screen lock and strong passwords. - Review and restrict application permissions regularly. - Keep the operating system and applications updated (most successful attacks exploit known, unpatched vulnerabilities).

Section 5: Mobile Privacy

iOS vs. Android

Both major mobile platforms collect significant data about users; neither is "private" in an absolute sense. Relevant differences:

iOS (Apple): Apple's business model is primarily hardware sales, not advertising, which creates different incentives around user data than Google's advertising-based model. Apple has implemented App Tracking Transparency (requiring apps to request permission before tracking across apps), which has reduced (though not eliminated) third-party tracking. Apple operates a relatively closed ecosystem that complicates external data access but also limits user control.

Android (Google): Google's core business is advertising; Android devices with Google services enabled share significant data with Google by default. Android's open ecosystem allows more third-party privacy tools and greater user control but also creates more potential attack surfaces. De-Googled Android variants (GrapheneOS, CalyxOS) exist for users requiring stronger privacy protections.

Permissions Audit

Regularly audit which applications have permission to access your location, microphone, camera, contacts, and other sensitive resources: - Remove permissions that are not needed for an app's core function. - Be particularly attentive to location permissions: "While Using" is significantly less invasive than "Always." - Review whether apps are authorized to access contacts, health data, or photo libraries. - Revoke permissions for apps you rarely use.

App Choices

  • Use Signal instead of SMS for sensitive communications.
  • Use a privacy-focused browser (see Section 2) on mobile.
  • Consider whether apps collecting sensitive data (period tracking, mental health apps, location-sharing apps) are storing data securely and sharing it appropriately.
  • Be aware that VPN apps on mobile have access to all device traffic; use only trustworthy VPN providers.

Section 6: Data Broker Opt-Out

What Data Brokers Are

Data brokers (discussed in Chapter 11) collect personal information from numerous sources and sell profiles to marketers, employers, and others. They include companies like Acxiom, Spokeo, BeenVerified, LexisNexis, Intelius, WhitePages, PeopleFinder, and dozens of others. Most maintain their own opt-out processes; some are required to honor opt-outs under CCPA or similar state laws.

Opt-Out Approach

Data broker opt-out is time-consuming but achievable. Major approaches:

Individual opt-out: Each major data broker has its own opt-out process, typically involving submitting a form and verifying identity. The process must be repeated for each broker. Privacy rights nonprofit organizations maintain current guides to opt-out procedures for major brokers.

Paid removal services: Services like DeleteMe or Privacy Bee conduct ongoing removal requests on your behalf for a subscription fee. They do not achieve perfect removal but reduce the effort burden. Evaluate such services for their own privacy practices before providing them with personal information.

CCPA/CPRA requests (California): California residents can request that companies that sell personal information stop doing so. CCPA also provides rights of access and deletion. Several other states have enacted similar rights.

Realistic Expectations

Complete removal from data broker systems is not achievable for most people — new records are continuously added from public sources (voter registration, property records, court documents). Opt-out reduces exposure but does not eliminate it. Focus opt-out efforts on the brokers that serve markets (employment background checks, people-search sites) most relevant to your privacy concerns.

These organizations provide legal resources, policy advocacy, and (in some cases) direct legal assistance for privacy and surveillance issues.

Electronic Frontier Foundation (EFF)

The Electronic Frontier Foundation is the leading nonprofit organization defending digital civil liberties. EFF's work spans: litigation challenging unconstitutional surveillance programs; publication of the Surveillance Self-Defense guide (current, free, comprehensive privacy tool guidance); policy advocacy on encryption, surveillance law, and digital rights; and the Coders' Rights Project supporting security researchers. EFF's Deeplinks blog provides current commentary on surveillance and privacy news.

ACLU Privacy and Technology Project

The American Civil Liberties Union's Privacy and Technology Project litigates and advocates on surveillance-related civil liberties. ACLU has been involved in major facial recognition, cell phone tracking, and government surveillance cases. The ACLU maintains state affiliate organizations that address local law enforcement surveillance practices.

Center for Democracy and Technology (CDT)

CDT is a nonprofit working on policy and technology issues at the intersection of democratic governance and civil liberties. CDT's work includes policy analysis of surveillance legislation, advocacy in regulatory proceedings, and research on specific surveillance technologies.

Access Now

Access Now is an international organization providing digital security assistance, legal support, and policy advocacy with a global scope. Access Now operates a Digital Security Helpline providing direct security support for civil society organizations, journalists, and activists facing digital threats. Particularly valuable for understanding surveillance practices in non-US contexts.

Privacy International

Privacy International is a UK-based organization conducting research and advocacy on surveillance and data practices globally, with particular expertise in government surveillance and corporate data practices in non-Western contexts. Privacy International has published extensive research on data broker practices, government spyware, and surveillance industry exports.

Electronic Privacy Information Center (EPIC)

EPIC is a Washington-based research center that engages in litigation, policy advocacy, and public education on privacy and surveillance issues. EPIC maintains a comprehensive database of privacy cases, regulatory filings, and policy documents.

Section 8: Know-Your-Rights Resources

Police Encounters

The Fourth Amendment governs police searches and seizures; the scope of protection has evolved substantially in the digital age. Key rights in police encounters involving devices:

  • Police generally need a warrant to search your smartphone (Riley v. California, 2014).
  • Police may ask you to unlock your phone; you have the right to refuse.
  • You do not have to consent to a search; stating "I do not consent to a search" preserves legal rights.
  • In general, you are not required to provide passwords or biometric keys (though this area of law is evolving).
  • If you are stopped in public, you may (in most jurisdictions) record police activity as long as you do not interfere with police activity.

The ACLU, Know Your Rights coalition, and similar organizations maintain current know-your-rights guides for specific jurisdictions.

Border Crossing

US Customs and Border Protection (CBP) has claimed broad authority to search electronic devices at the border without a warrant. Courts have recognized that border searches have different Fourth Amendment rules than ordinary domestic searches. Practically:

  • US citizens cannot be denied entry to the country for refusing device searches, but devices can be seized.
  • Non-citizens may face adverse immigration consequences for refusal.
  • Traveling with a "clean" device (and restoring from backup after crossing) is a strategy used by journalists and others with sensitive data.
  • Legal challenges to warrantless border device searches are ongoing.

Workplace Privacy

Federal law provides limited privacy protection in workplaces. Employers generally have broad authority to monitor employee use of employer-owned devices and employer networks. Limited protection exists for:

  • Personal devices not connected to employer networks
  • Communications on personal accounts on personal devices
  • Union organizing activity (NLRA protections)
  • Medical information (HIPAA limitations on employer access to health data)
  • Communications that reveal legally protected characteristics

State laws vary significantly; some states provide stronger workplace privacy protections.

Section 9: Academic and Research Resources

Surveillance Studies Network

The Surveillance Studies Network is an international association of surveillance scholars that maintains an online bibliography, event listings, and publications. Its journal, Surveillance and Society, is open access and maintains a comprehensive archive of peer-reviewed surveillance studies research.

Privacy International Research Reports

Privacy International publishes systematic research on surveillance practices, data broker industries, and government spyware programs worldwide. Their reports are freely accessible and frequently serve as reference documents for both academics and journalists.

Electronic Frontier Foundation's Atlas of Surveillance

The EFF's Atlas of Surveillance is a database documenting surveillance technology adoption by US law enforcement agencies, including face recognition, automated license plate readers, cell-site simulators (stingrays), body cameras, and drones. The database is searchable by technology and by jurisdiction.

Upturn's "We Buy Surveillance" Project

Upturn (a technology policy research organization) has published research on law enforcement procurement of surveillance technologies, documenting how and when police agencies purchase specific surveillance tools.

AI Now Institute

The AI Now Institute at New York University conducts research on the social and political implications of artificial intelligence, including algorithmic management, predictive policing, and AI surveillance systems. Research reports and policy documents are freely available.

This directory was prepared in early 2026. Privacy technology and organizational resources evolve continuously. Students should treat this as a map of the landscape, not a current software review. The most current tool recommendations are available from EFF's Surveillance Self-Defense project, which is updated regularly by security experts.