Fiat Lux
UC Berkeley - where it all started
Let There Be Light

Most people assume the privacy battle
is already lost.

It's not.

Your email provider holds the keys to your inbox.

Your carrier tracks your location to the yard and stores it for years.

Your data is sold by companies you have never heard of.

The encryption that could stop it is under attack from Washington and Silicon Valley itself.

Privacy is not a product you buy.
It is an architecture you build.

Research & Analysis

Privacy Research

Privacy research and investigative reporting on encryption, jurisdiction, and the surveillance economy that operates between them. Written by David for Orion Private LLC.

10 reports published · Actively maintained · New research in progress
Featured
Analysis

What happens when everything is evidence?

The Fourth Amendment names four things. Persons, houses, papers, effects. The devices in your home now produce six kinds of evidence, and two of them appear nowhere in that list. That gap is where collective surveillance and the record of your mind fall through, and where a warrant still reaches nearly everything.

Fourth AmendmentDigital PolicingThird-Party DoctrineFerguson
June 2026 · 19 minRead
Analysis

Why privacy matters, even when you have nothing to hide

Your address is for sale. Your location is recorded and traded. Your email is stored and discoverable. The law that governs all of it was built for rotary telephones. This is the article that explains why everything else on this site matters, grounded in Supreme Court opinions, peer-reviewed research, and the legal architecture most people have never heard of.

Data BrokersFourth AmendmentThird-Party Doctrine
May 2026 · 22 minRead
Investigative Report

The FBI Director was told his Gmail was hacked, yet he kept using it

On March 27, 2026, an Iranian state-linked group published over 300 emails from FBI Director Kash Patel's personal Gmail. The FBI confirmed the breach. The emails were not obtained by breaking encryption. They were obtained because a consumer email account had credentials in prior data breaches.

GmailCredential StuffingIranOPSEC
April 2026 · 10 min Read
Analysis

The FTC was never enough: How America's de facto privacy regulator was structurally outmatched long before it was dismantled

The FTC's consent decrees were the closest thing Americans had to enforceable privacy law. In 2025, commissioners were fired, guidance was deleted, and consent orders were reopened. Chris Hoofnagle's academic work predicted every failure point.

FTCSection 5EnforcementHoofnagle
February 2026 · 28 minRead
Email Privacy

Proton Mail vs Tuta Mail - What a privacy advocate looks at

Both encrypt your inbox. But jurisdiction, metadata exposure, encryption scope, and real world court orders tell a more complicated story.

EmailEncryptionJurisdiction
December 2025 · 15 minRead
Privacy Research

What your notes app knows about you, even when your notes are encrypted

End-to-end encryption protects your note content. It does not protect the metadata your notes generate.

NotesMetadataE2EE
January 2026 · 15 minRead
All Research
Analysis

The government is buying your data because it cannot legally collect it

The FBI confirmed to Congress this month that it purchases location data from commercial brokers. No warrant. No judge. No notification. This has been happening for years, across multiple agencies and administrations. Here is the full story.

Data BrokersFourth AmendmentSurveillanceFISA
March 2026 · 15 minRead
Privacy Research

SMS vs iMessage vs WhatsApp vs Telegram vs Signal: What the FBI's own document tells us

In 2021 the FBI produced an internal guide detailing exactly what data it can legally obtain from nine messaging apps. The document was obtained via FOIA. Here is a field-by-field analysis of five of the most common services.

MessagingE2EEFBIMetadata
November 2025 · 25 minRead
Privacy Research

Your photo library knows more about you than you think: Ente vs iCloud vs Google Photos vs OneDrive

Every photo records your GPS coordinates, device serial number, and exact timestamp. When you upload to the cloud, the question is who can see it, who can be compelled to hand it over, and whether AI is training on it.

PhotosEncryptionAIEXIF
October 2025 · 25 minRead
Privacy Research

How encryption actually works, why it matters, and where it stops protecting you

Symmetric vs asymmetric, AES-256 vs quantum computers, what HTTPS actually protects, and why none of it matters if your phone is compromised. The foundational reference for everything else on this site.

EncryptionAES-256QuantumOPSEC
September 2025 · 25 minRead
Coming Soon
COMING SOONJuly 2026

Your carrier sees you before any app does - What the cellular network was built to know

Even after encrypting every app the network underneath still knows who and where you are.

COMING SOONAugust 2026

The VPN trust problem - What "No logs" actually means under subpoena

Every VPN claims no logs. Court records tell a different story.

Analysis

What happens when everything is evidence?

Everything our devices record can become evidence, and a book on digital policing sorts that record into six arenas of modern life. Only four of them have any home in the Fourth Amendment's text. The two that do not, the surveilled city and the recorded mind, are where the worst exposure falls and where the doctrine simply runs out. This is an argument about the questions that gap should be forcing us to ask, and about why the answers will not come from a courtroom alone.

D David
June 2026
Privacy Research
~19 min read
The Fourth Amendment protects "persons, houses, papers, and effects." It is a list of four things, written in 1791, and for most of American history it described the whole of what the government might want to search. Ferguson's Your Data Will Be Used Against You organizes the first half of the book around the places self-surveillance now reaches. Our homes, our things, our bodies, our cities, our papers, and our likes.[1] Each is a chapter, and each makes the same point from a different angle, that the conveniences we install in our own lives generate a continuous and intimate record, and that the record is available to police and prosecutors with very little friction. As he puts it about the smart home, if the data exists, there is a legal process for obtaining it.[2] I want to take that catalog and ask a question the book does not, which of those six arenas the Constitution was actually written to cover, and what happens to the two it was not.

The Text Names Four. The Doctrine Exposes All of Them.

Ferguson does not line his six arenas up against the Constitution's four and count them, and the number is not the point for him. When he summarizes, he sometimes lists five and quietly drops cities.[3] But set his arenas beside the enumerated text and a pattern appears. Four have a clear analog. Bodies are persons, homes are houses, papers are papers, things are effects. Two have none. There is no "city" in persons, houses, papers, and effects, and there is no "like." The four-versus-two reading that follows is my framing, not his, and I think it is the key to the book's two hardest questions.

Four arenas sit on top of the words
The body is the person, and it now emits data it never did, heart rhythms and sleep and fertility cycles from sensors we strap on willingly. The home is the house, and it narrates itself. The question you ask a smart speaker does not stay in the bedroom, it goes to Amazon and is stored with millions of others.[5] The car is an effect that logs where it went, sometimes against you, as in the Georgia case where airbag data showed a driver at 97 miles per hour before a fatal crash.[6] The paper is a paper, except it now lives on a server, duplicated to a cloud the moment it is created.

For these four, the constitutional task is at least recognizable, because the text already names the category. A litigant can stand up and say a smart home is a house.
The protected thing was always the information
Ferguson's proposal for this half of the problem is what he calls informational security. The Fourth Amendment has never really protected the suitcase, it has protected what the suitcase holds, which is why a closed container needs a warrant regardless of the lock.[7] If that is right, the fact that a smart device routes its data through a company does not change what the data is. It is still the content of your house or your person. Carpenter v. United States gestures this way for one slice of the problem, requiring a warrant for historical cell-site location data even though it sits in a carrier's hands.[8] Even the most basic question, whether the data from your smartwatch is part of the watch, which is an effect, or part of the person wearing it, the Court has never answered.[9]
But the third-party doctrine exposes all six ⚠ Naming the arena buys an argument, not protection
The easy version of the four-versus-two split is wrong, and Ferguson's own account is what makes it wrong. It is not that the four named arenas are safe. The default rule runs against all six, because the data is shared with the company that runs the device, and the Supreme Court has long held that what you share with a third party loses its expectation of privacy. Whether you tell a secret to a friend at a bar or to a smart speaker in your bedroom, the old rule treats the protection as forfeit.[4]

That rule is no longer absolute. The same Carpenter decision that gestured at informational security also pulled historical location data out of the third-party rule, proof that a record sitting in a company's hands can still be protected.[8] But it is one narrow carve-out, and it expressly left the older cases standing. So the honest description is not that four arenas are protected and two exposed. It is that the doctrine reaches all six by default, and a litigant who can say this is my house or this is my paper at least holds a textual handle, the lever from which the next Carpenter gets argued. The two orphans have no such handle. That is their disadvantage, and it is why naming an arena buys an argument, not protection.
THE FRAME Before going further, one point belongs at the front. The Fourth Amendment governs only the government. It does not reach the private collection that produces all of this data in the first place. The market that gathers, aggregates, and sells the record of your life sits outside this entire frame, which is the single biggest reason the durable fixes are statutory, not constitutional.

The Two Orphans, Cities and Likes

The two questions Ferguson raises and cannot answer, whether a collective surveillance harm can ever be remedied and whether some information is too intimate to reach even with a warrant, are the constitutional text meeting the two arenas it never named.

Cities, the collective domain ⚠ The government owns the cameras, so there is not even a third party to point at
A city is not a house, and Ferguson is explicit that it is also not a third-party problem. Smart-city surveillance avoids that problem entirely, because the government controls the cameras, the sensors, and the databases.[10] That is what makes it the hardest case. It is direct government mass surveillance of public space, and the long-standing rule is that the police may see what anyone in public could see. When Baltimore flew two camera-laden planes over the entire city for twelve hours at a stretch, recording everyone in order to solve the occasional robbery, the harm fell on the whole city at once. The Fourth Circuit, sitting en banc, held that accessing that data was a search, because the program let police deduce the whole of a person's movements.[11] But that recognition has nowhere to live in a doctrine built around the individual search of the individual place.
The harm has no doctrine to live in
Ferguson names the harm directly. Police see facial recognition as a tool for catching the lone bad actor, but everyone else is captured in the net, so even though only the suspect bears the tangible cost of getting caught, everyone else loses that much more privacy, a collateral, collective harm that is a community harm, and not one that is easily addressed under existing law.[12] That sentence is the whole problem. To bring a Fourth Amendment claim you must first clear a standing requirement, showing that your own expectation of privacy was violated, which is sensible for one search and a wall in front of a system.[13] When journalists and human rights groups challenged bulk NSA collection, their communications were almost certainly swept in, but because the targets were secret none could prove their own data had been touched, and the suit was dismissed for want of standing, not on the merits.[14] That distinction is the point. The collection may well have been unconstitutional; no one could get through the courthouse door to argue it, because the door opens only for a personal, provable harm. The injury was obvious in the aggregate and invisible at retail.

The clearest way to name what has gone wrong, and here I am extending Ferguson rather than restating him, is that collective surveillance is a negative externality. The benefit goes to the person who installs the camera, or to the homeowners' association that wires the neighborhood with a license-plate reader to flag cars that do not belong.[15] A share of the cost, the lost anonymity and the conversion of public space into privately monitored space, lands on everyone who passes through and consented to nothing. Externalities are the classic case where individual lawsuits fail, because the harm is diffuse and no single party is injured enough to sue. We regulate the source instead. The scholar David Gray locates the answer in the part of the text the rest of the doctrine skips, reading "the right of the people," the clause that opens the Amendment before it reaches persons or houses, as a collective security against arbitrary search power. That reading gives the city a textual home. It has simply been left empty, the collective reading largely lost to history.[16]
The externality falls unevenly
The book is candid that this cost is not shared equally. The Baltimore planes were first tested over Black and Brown neighborhoods, gunshot sensors are concentrated in poor communities already subject to heavier policing, and the contrast between the surveillance sold to public housing and the same technology sold as a convenience to luxury buildings has been named "luxury surveillance."[17] The collective harm of the city is not distributed evenly, which matters for any remedy and for the limits of self-help I get to at the end. A privacy story that ends with "buy your way out" is a story that protects whoever can afford to.
Likes, the domain of the mind ⚠ The least protected arena is the closest thing we have to a transcript of the inner life
The second orphan is subtler and more dangerous. By "likes" Ferguson means the record of preference and attention, what we search, read, watch, buy, and join. As he puts it, the texts and photos can be revealing, but to really get inside our heads, all anyone has to do is look at our search history, the place people reveal fears they would never tell a spouse or a therapist.[18] And it is the least protected arena, the exact inversion of what the Founders thought they secured when they wrote "papers" into the text, where for the first hundred years protection was nearly absolute.[19]
The consent fiction underneath it
Two doctrines sever likes from protection. The first is the third-party doctrine again, treating the query you would never say aloud as voluntarily shared with the engine that ran it. The second is the conflation of privacy with secrecy, the reasoning that because a record is not secret it cannot be private, which Ferguson rejects in a line worth keeping, that just because something is not secret does not mean it cannot still be private.[20] Both rest on the premise that the disclosure was voluntary, and that premise is empirically false. Hoofnagle and Turow found most people believe a "privacy policy" means a company will protect their data, when it usually describes the opposite, and reading the policies a person actually encounters would take roughly 244 hours a year.[21] There is nothing voluntary about a disclosure no one can read and most people misunderstand. Voluntariness is not the doctrine's only pillar, it leans too on the assumption of risk and on the idea that a company's records are the company's to hand over, but it is the pillar the courts reach for first and the one doing the moral work. Pull it out and what holds the doctrine up are rationales far harder to defend in the open.
How exposed the mind is in practice
Consider Ferguson's own gradient. A person newly diagnosed with cancer might share it three ways, in an email to close friends, in a closed social media group, or in a public post, and under current law only the first is clearly protected, the closed group contested and unsettled, the public post treated as exposed.[22] Even that is fragile, because privacy depends on the judgment of your least responsible friend, and a single false friend, including an officer who sends a friend request under a fake name, can expose a private profile entirely.[23] And much of this never requires a warrant at all. A commercial tool like Fog Reveal lets police search location data drawn from app advertising identifiers without one, which one detective admitted cut investigations from six weeks to two days.[24] The interest at stake here, what Neil Richards calls intellectual privacy, the freedom to read and think without the government cataloging the process, is protected only through a "papers" clause the doctrine has hollowed out, and through a First Amendment that guards the right to speak but stays nearly silent about being watched while you do.[25]
THE TWO ORPHANS A skeptic will say that "papers" and "effects" read broadly, and "the right of the people" read collectively, could absorb all of this, so there are no orphans, only categories awaiting a generous reading. The skeptic is right about the ancestry and wrong about the home. These two are not foundlings with no parents in the text. They are disinherited heirs. Likes descend from "papers," the city from "the right of the people," but the operative doctrine severs the first the moment data is shared and has left the second empty for a century. Orphaned is the right word in the only sense that matters here, not without ancestry, but without a guardian the law will currently recognize. The generous reading is the destination. It is not the doctrine we have.

Why Prosecution Makes the Orphans Dangerous

A catalog of exposure is not yet a crisis. What turns it into one is the second half of the book, and three of its points explain why the orphans are unprotected in the way that does the most damage.

Power, and the missing proportionality
Ferguson argues digital policing is categorically different from old investigative work, a genuine shift in the balance of power between citizen and state, driven by a set of new capacities, automation, acceleration, accumulation, aggregation, accuracy, and actualization.[26] The Fourth Amendment has almost no proportionality principle to meet that shift. Once the government shows probable cause and particularity, the intimacy of the data does not enter the analysis, and with a warrant police can reach the most intimate records of all, from smart beds to medical devices.[27] The rare case like Winston v. Lee, where a search was unreasonable despite probable cause, shows the system can do categorical proportionality when it chooses.[28] It just rarely chooses. And the power does not stop with the state. Reliance on the technology shifts power again, from police to the corporations that own the data and the platforms.[29]
"Criminal" is a shifting category
This is the point I would press on anyone who thinks surveillance is a partisan issue. One day it is fine to protest, and the next, Ferguson writes, prosecutors are charging conspiracy for the same protest.[30] The same infrastructure that can expose a person seeking reproductive care in a state that has criminalized it can expose a gun owner who fears a registry. The trans kid's social media, the geolocation from the car that drove them to an out-of-state clinic, and the app that tracks their medication are all already there, because the infrastructure was always there.[31] My own view is that this is the heart of it. The architecture outlives the politics, which is exactly why the orphans, the citywide net and the record of the mind, are what a future government repurposes. The harm runs across time as much as across people.
The six Ps, and the two that bite hardest ⚠ The system that collects the evidence is built for the prosecution, not for doubt
Ferguson groups the practical failures of digital evidence into what he calls the six Ps, the pilot, profit, probability, people, pressure, and process problems.[32] Two of the six bite hardest in the orphans. The pressure problem is the pull to make the data fit a story. His example is a Chicago grandfather who spent eleven months in jail on a murder charge resting largely on a gunshot-detection alert, where the technology was essentially right that a shot occurred but could not say who fired it, and prosecutors used an impressive but inconclusive report to jail an innocent man.[33] The process problem is structural and, to my mind, the most damning, because it inverts the protection the system advertises. Rebecca Wexler has shown the statutes governing data access give law enforcement a route and stay silent as to the defense, so a defense lawyer who believes a third party holds exculpatory data often has no way to compel it.[34] Surveillance often functions only as an investigative lead that never reaches trial, what Elizabeth Joh calls the surveillance discretion gap, so the accused may never learn it was used.[35] And when Ferguson asked the engineers who built a prosecutor's intelligence database whether anyone had mentioned Brady, the duty to disclose favorable evidence, the answer was no.[36]
The same flood sometimes helps the accused ✓ More clues in general means more clues for the defense, if the defense can reach them
It would be one-sided to leave it there. In one home-invasion case the Echo recordings and a smart water meter that showed a spike in the middle of the night went nowhere, the stories did not line up, and prosecutors dropped the case, a reminder that in a world where everything creates data, too much data can create doubt.[37] A Fitbit that recorded only twelve steps during the hours of a murder became an alibi.[38] The lesson is not that the data is benign. It is that the more clues exist, the more will help the defense, which is exactly why the process problem, the defense's inability to reach them, is the quiet scandal.
THE STAKES Put the three together. Power without proportionality, a definition of "criminal" that moves, and an evidence pipeline built to convict. That is why an arena with no constitutional handle is not a curiosity. It is the part of your life a motivated prosecutor reaches first and explains last.

The Responses, and the Spectrum They Run On

Ferguson proposes reforms in three venues, courts, legislatures, and individuals.[40] It helps to read them as a spectrum, ordered by the unit of analysis each one can take. The court works at the scale of a single case. The legislature works at the scale of a whole population. The individual works at the scale of one person and one set of devices. Each venue is strong exactly where its unit fits the harm, and useless where it does not, which is why no single venue repairs both orphans.

Judicial, at the scale of one case
The courts are where the "digital is different" idea lives, the recognition in Riley and Carpenter that a phone or a location trail is not a wallet.[7][8] Ferguson's judicial program is informational security, treating data as the content of the effect or paper that produced it, plus a tighter test for long-term and aggregated surveillance, plus limits on digital rummaging through a device once it is lawfully seized. The boldest idea is a substantive Fourth Amendment, a rule that lets a court refuse a warrant even on probable cause when the data is too intimate, drawing on the near-absolute protection papers once enjoyed under Boyd and on Winston v. Lee.[19][28] This is not purely hypothetical. In a Pennsylvania burglary case the court allowed a warrant for a suspect's flashlight-app location data but denied access to his photographs, health data, and texts, finding the broader request neither particularized nor connected to the crime, a fishing expedition.[39] That is a court doing, on overbreadth grounds, something close to the substantive limit Ferguson wants.

Of the three responses, the substantive limit is the one I find most compelling and least likely, and it is the question I would most want answered, because it is the only one that says some part of a person is simply off the table. But the court's weakness is built into its unit. It needs a litigant with standing, it acts case by case and after the fact, and it cannot touch the commercial collection layer at all. It is the right venue for the intimate-data question and the wrong venue for the city.
Legislative, at the scale of a population ✓ The only venue that can stop a system before it is built
Because the Constitution never reaches private collection, the durable protection has always come from statute, and statute can do what a court cannot. It can bind the state regardless of where the data sits. Ferguson's legislative menu runs from a wiretap-style law that would force police to meet stricter conditions before reaching digital records, modeled on the necessity, time-limit, minimization, and reporting rules of the Wiretap Act, to community-control ordinances that require a local legislative vote before police acquire a new surveillance system, to outright bans on the most dangerous tools, and to the principle that there is no countervailing right of the police to surveil you. And legislatures have already protected slices of the mind that the orphan framing makes look defenseless. After a reporter pulled a Supreme Court nominee's video-rental records, Congress passed the Video Privacy Protection Act and categorically protected viewing records, and the health, education, and financial-privacy laws do the same for other categories.[41] Category-based protection of intimate data by statute is forty years old.

If the city is a negative externality, this is the venue that fits it, because only a legislature can regulate a source before it is built rather than wait for an injured plaintiff who may never have standing. My own view is that the honest fix for a tool like facial recognition is a ban on its use, decided in public, rather than a suppression motion litigated case by case after the harm is already done. The gap, and the one that should worry a defense lawyer most, is that these laws bind the state's access without equalizing the defense's, and they routinely carve law enforcement out of the rules entirely.[42]
Individual, at the scale of one person
Ferguson's individual chapter is the most modest of the three, and he is honest that it is. His steps amount to seeing the trap, supporting the people resisting it, minimizing and obfuscating the data you generate, buying with privacy in mind, and voting for it. He says plainly that self-help cannot answer the collective harm, and he is right. One person hardening one phone does nothing about the planes over the city. What individual work can do is operate at the one place the other two venues do not reach, the source, because the only sure way to keep the government from your home's data is to avoid producing it in the first place.[44] That is a smaller claim than it sounds, and it is also the only lever a person actually holds in their own hands today.
The spectrum, and which orphan each fits
Lay the three side by side and the division of labor is clear. The court, working one case at a time, is the right instrument for the intimate-data limit, the likes question, because that question is ultimately about what a single warrant may demand of a single person. The legislature, working at population scale, is the right instrument for the city, the collective question, because that harm is an externality and externalities are governed at the source. The individual, working at the scale of their own footprint, can change only their own exposure and touches neither orphan at the structural level. The mistake the reform debate keeps making is to ask one venue to do all three jobs. Courts are pushed to invent collective remedies they have no standing doctrine for, and individuals are sold tools as if configuration could answer a constitutional gap. The venues are not interchangeable. They are a division of labor, and right now two of the three jobs are simply not being done.
THE DIVISION OF LABOR Courts for the intimate-data limit. Legislatures for the collective externality. Individuals for residual exposure at the source. No one of them repairs both orphans, and the two hardest problems, the city and the mind, sit in the venues we lean on least.

Where the Individual Fits, and Where It Cannot

I run a privacy practice, so I have an obvious incentive to say the individual response is the answer. It is not, and I would rather you trust the rest of this site than overstate this part.

What the lever can actually do
Almost everything in this article is collective or doctrinal, and none of it is yours to fix by configuring a phone. What individual work changes is your exposure, the surface area of what exists about you in a form that can be subpoenaed, bought, or seized. You are not defeating the legal system, but limiting what exists for it to reach. That small lever matters precisely because it operates where the doctrine refuses to go, the source, since the law will not take a unit of analysis larger than the individual search.

It is also worth being clear-eyed about where so-called protections come from. Google's much-praised three-step geofence-warrant process was written by the company's own lawyers, not by any court, and even Ferguson observes it feels untethered from any constitutional principle.[43] I read it as a liability posture, not a privacy safeguard. Counting on it is counting on a company's incentives holding, which they need not.
Two honest limits
First, the lever is partial, not total. Ferguson is right that the most sophisticated technologist cannot fully escape, and that securing only one side of a conversation secures none of it.[45] But total anonymity is the wrong standard for most people. Reasonable protection calibrated to a real, medium-to-lower threat model is achievable, and it is usually the difference that matters, the way a burner phone protects a person right up until the police learn he bought one. Most of the failures in the book are failures of operational security, not of cryptography.

Second, the lever is not evenly available. The city's surveillance falls hardest on the people least able to pay anyone to shrink their footprint, and a plan that ends with "minimize what you generate" quietly makes privacy a function of money. I do not have a fix for that, and I will not pretend the individual market solves a problem that is, at bottom, about who gets surveilled and who can afford to step out of frame.
What this practice does, within those limits
Within those limits the work is concrete. It maps the specific ways a person's information is exposed, field by field. It weighs that exposure against the threats real for that particular life, because the right answer for a clinician, a journalist, a person leaving an abusive relationship, and a public figure are not the same. It produces a plan that says what to address, in what order, and why. It does not substitute for protections the law has not built. The larger repairs are statutory and judicial, not consulting engagements, and I would rather tell you that than sell you a feeling of safety the law does not back.
If the argument here is right, the reform debate is miscast when it treats the open questions as separate technical puzzles. They are two faces of one problem, a body of law organized around the individual search of the individual thing, confronting two arenas, the city and the mind, where the harm is neither individual nor a thing, and a commercial collection layer the Constitution never touches.

For the city, stop expecting litigation to do the work and treat surveillance infrastructure as the externality it is. The remedy belongs at the front end, in the public decision whether to build, because the doctrine cannot register a harm distributed across a population, and waiting for an injured plaintiff is waiting for the next standing dismissal. The question that remains is what we owe the people a system watches but never prosecutes, since suppression presupposes a defendant and damages presuppose a provable injury, and the collective harm has neither.

For the mind, the most promising route is the statutory one that already exists, extending the logic of the video-records law to the search, reading, and purchase histories that are its modern equivalent, paired with a requirement that any warrant reaching intimate data carry explicit written findings that the value of the evidence justifies the intrusion. Ferguson frames the deepest version of the question this way, that even with a warrant we might want to claim some place of privacy the government cannot reach, and that defining privacy in relation to police power could let us.[46] Whether there truly is a zone so private that a warrant should not reach it is, to me, the hardest question the book leaves open, and the one most worth pressing, because the honest answer is that no one has drawn that line yet. The warrant question and the data-market question have to be solved together or not at all, because a limit a warrant respects means nothing while the same data is for sale.

Ferguson frames the underlying choice in a way worth borrowing. Is it worth tracking every car in a city to recover a stolen one. Is it worth losing all anonymity in public to catch one bad actor. The answer might, in a given case, be yes. But right now we are not answering it, because the default is no limit, and the architecture keeps getting built while the doctrine sits where the analog era left it. "Criminal" is a shifting category. The data does not shift with it. That is the danger, and it is why the question in the title is not rhetorical.

References

  1. [1] Andrew Guthrie Ferguson, Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance (2026). The book's first part is organized around six arenas of self-surveillance (homes, things, bodies, cities, papers, likes); later parts treat the shift in police and corporate power, the three privacy "conflations," the "six Ps" of unreliable digital evidence, and reforms across courts, legislatures, and individuals. The four-versus-two reading offered in this essay is the author's framing, not Ferguson's.
  2. [2] Ferguson, supra note 1, at 19 (any data that exists can be reached through a warrant or other legal process).
  3. [3] Ferguson, supra note 1, at 127 (summarizing the arenas of self-surveillance as homes, things, bodies, likes, and papers, omitting cities).
  4. [4] Smith v. Maryland, 442 U.S. 735, 743–44 (1979); see also United States v. Miller, 425 U.S. 435 (1976). Ferguson restates the doctrine as the point that sharing a secret with a friend or a smart speaker forfeits the protection alike. Ferguson, supra note 1, at 18.
  5. [5] Ferguson, supra note 1, at 18 (a query put to a smart speaker is stored on the company's servers with millions of others).
  6. [6] Ferguson, supra note 1, at 36 (airbag-control-module data showed the driver traveling 97 mph before a fatal Georgia collision; the state high court required a warrant for the download).
  7. [7] United States v. Chadwick, 433 U.S. 1 (1977) (a locked container may not be searched without a warrant); see Riley v. California, 573 U.S. 373 (2014) (recognizing that "digital is different" and requiring a warrant to search a phone seized incident to arrest).
  8. [8] Carpenter v. United States, 585 U.S. 296 (2018) (acquisition of historical cell-site location information is a Fourth Amendment search requiring a warrant, while expressly declining to disturb the third-party doctrine).
  9. [9] Ferguson, supra note 1, at 39 (the Court has never resolved whether a smartwatch's data is part of the "effect," the "person," or neither).
  10. [10] Ferguson, supra note 1, at 80 (smart-city surveillance avoids the third-party problem because the government controls the cameras, sensors, and databases).
  11. [11] Leaders of a Beautiful Struggle v. Baltimore Police Dep't, 2 F.4th 330 (4th Cir. 2021) (en banc) (warrantless access to the aerial-surveillance program's data was a search because it enabled police to deduce the whole of individuals' movements); Ferguson, supra note 1, at 76–77 (describing the program).
  12. [12] Ferguson, supra note 1, at 63 (facial recognition imposes a "collateral, collective harm" that is "a community harm, and not one that is easily addressed under existing law").
  13. [13] Rakas v. Illinois, 439 U.S. 128 (1978) (Fourth Amendment rights are personal and may not be asserted vicariously).
  14. [14] Clapper v. Amnesty Int'l USA, 568 U.S. 398 (2013) (plaintiffs lacked standing to challenge bulk surveillance because they could not show their own communications had been or imminently would be intercepted); Ferguson, supra note 1, at 147.
  15. [15] Ferguson, supra note 1, at 29 (a homeowners' association installed an automated license-plate reader to flag cars that do not belong).
  16. [16] David Gray, The Fourth Amendment in an Age of Surveillance (2017) (reading "the right of the people" as a collective security against arbitrary surveillance power); Ferguson, supra note 1, at 148–49 (noting the collective-rights reading is largely lost to history).
  17. [17] Ferguson, supra note 1, at 24, 77, 131 (the aerial program was first tested over Black and Brown neighborhoods; gunshot sensors are concentrated in poor communities; the contrast with surveillance sold as convenience is termed "luxury surveillance," a phrase coined by Chris Gilliard).
  18. [18] Ferguson, supra note 1, at 94 (search history is the most revealing record of the inner life).
  19. [19] Boyd v. United States, 116 U.S. 616 (1886) (papers protected near-absolutely from compelled production); Ferguson, supra note 1, at 97 (papers were nearly absolutely protected for the Amendment's first century).
  20. [20] Ferguson, supra note 1, at 145 ("just because something is not secret does not mean it cannot still be private").
  21. [21] Joseph Turow & Chris Hoofnagle, consumer-privacy survey finding that most Americans misread "privacy policy" as a promise of protection; Aleecia M. McDonald & Lorrie Faith Cranor, The Cost of Reading Privacy Policies, 4 I/S: J.L. & Pol'y for Info. Soc'y 543 (2008) (estimating roughly 244 hours per year). See generally Chris Hoofnagle, Federal Trade Commission Privacy Law and Policy (2016).
  22. [22] Ferguson, supra note 1, at 111 (of three ways to share a cancer diagnosis, only the private email is clearly protected).
  23. [23] Ferguson, supra note 1, at 112 (privacy depends on "the judgment of your least responsible friend"; the false-friend doctrine forecloses a claim where an officer is admitted under a fake name).
  24. [24] Ferguson, supra note 1, at 119 (Fog Reveal lets police search advertising-derived location data without a warrant, cutting an investigation from six weeks to two days).
  25. [25] Neil Richards, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age (2015); see Helen Nissenbaum, Privacy in Context (2009). On the First Amendment's silence about being monitored, Ferguson, supra note 1, at 111.
  26. [26] Ferguson, supra note 1, at 126–28 (the capacities of digital policing: automation, acceleration, accumulation, aggregation, accuracy, and actualization).
  27. [27] Ferguson, supra note 1, at 19 (with a warrant, police may reach the most intimate records, including data from smart beds and medical devices).
  28. [28] Winston v. Lee, 470 U.S. 753 (1985) (compelled surgery to recover a bullet was unreasonable even with probable cause, an example of a substantive limit on a warranted search).
  29. [29] Ferguson, supra note 1, at 126 (reliance on the technology shifts power from police to the corporations that control the data and the platforms).
  30. [30] Ferguson, supra note 1, at 30 (lawful protest one day becomes a conspiracy charge the next).
  31. [31] Ferguson, supra note 1, at 130 (the surveillance infrastructure aimed at trans youth and their families "was always there").
  32. [32] Ferguson, supra note 1, at 151 (the "six Ps": the pilot, profit, probability, people, pressure, and process problems).
  33. [33] Ferguson, supra note 1, at 161–62 (gunshot-detection alert used to support a weak murder case; the accused was held roughly eleven months).
  34. [34] Rebecca Wexler, Privacy Asymmetries: Access to Data in Criminal Defense Investigations, 68 UCLA L. Rev. 212 (2021) (the statutes governing data access provide a route for law enforcement but none for the defense); Ferguson, supra note 1, at 163–64.
  35. [35] Ferguson, supra note 1, at 165 (describing Elizabeth Joh's "surveillance discretion" gap, in which a tool used only as an investigative lead is never adjudicated).
  36. [36] Brady v. Maryland, 373 U.S. 83 (1963) (due process requires disclosure of evidence favorable to the accused); Ferguson, supra note 1, at 169 (the engineers who built a prosecutor's intelligence database had never been asked about Brady).
  37. [37] Ferguson, supra note 1, at 20 (Echo and smart-water-meter data proved inconclusive, the case was dropped, and "too much data can create doubt").
  38. [38] Ferguson, supra note 1, at 50 (a Fitbit recorded twelve steps during the relevant hours, providing an alibi).
  39. [39] Ferguson, supra note 1, at 101–02 (in a Pennsylvania burglary case the warrant was allowed for flashlight-app geolocation but denied as to photographs, health data, and texts on particularity and overbreadth grounds).
  40. [40] Ferguson, supra note 1, at Part III (proposing reforms across three venues: judicial doctrine, legislation, and individual practice).
  41. [41] Video Privacy Protection Act, 18 U.S.C. § 2710 (enacted 1988 after a newspaper obtained Judge Robert Bork's video-rental records during his confirmation). Sectoral analogs protecting categories of intimate data include the federal health-information, education-records, and financial-privacy statutes.
  42. [42] Ferguson, supra note 1, at 47 (state consumer-data laws have excluded law enforcement from their rules, either sidestepping the question or admitting police with a subpoena or warrant).
  43. [43] Ferguson, supra note 1, at 44–45 (Google's three-step geofence-warrant process was devised by the company's own lawyers and "feels untethered from any constitutional principle").
  44. [44] Ferguson, supra note 1, at 20 (the only sure way to deny the government access to a home's data is to avoid producing it in the first place).
  45. [45] Ferguson, supra note 1, at 102 (the most sophisticated technologist cannot fully escape, and securing only one side of a communication secures none of it).
  46. [46] Ferguson, supra note 1, at 144 (even with a warrant, we might want to claim some place of privacy the government cannot reach, and defining privacy in relation to police power could allow it).
Analysis

Why privacy matters. The real answer.

People usually have a feeling that their digital privacy is compromised. They have heard a lot of stories about this. This article is for when you want to know what digital privacy really means for you. You want to know the facts and theories. You want to know how it affects you in life with real examples and problems that have happened to real people.

D David
April 2026
Privacy Research
~15 min read
Everything else on this site evaluates specific tools, services, and systems. This article steps back and asks the question that comes before any of those evaluations matter. Why should you care? I will break it down into three parts. First is what is actually out there, the specific ways your information is collected, aggregated, and sold. Second is why the law allows it, the legal architecture that makes all of this not only possible but ordinary. And third is what happens when someone puts the pieces together, the compound risk that no single data point reveals on its own.

What Is Actually Out There

In 2000, Latanya Sweeney, then a researcher at Carnegie Mellon and later a professor at Harvard, published a study that should have changed the way Americans think about personal data.

Three data points identify 87% of Americans
By using 1990 Census summary data, Sweeney showed that 87% of the U.S. population could be uniquely identified by just three data points. A five-digit zip code, a date of birth, and a gender. That's all. To prove it was not theoretical, she cross-referenced anonymized hospital discharge records against public voter registration rolls and re-identified the medical records of William Weld, then the governor of Massachusetts, and mailed them to his office. That work directly influenced HIPAA's de-identification standards. [1]

That was twenty-five years ago, with 1990 Census data and a voter roll. Today the information available about you is far richer, far more granular, and far easier to get.
The data broker landscape
There are thousands of data broker companies operating in the United States. Thanks to California's Delete Act (SB 362, signed in 2023), brokers are now required to register with the California Privacy Protection Agency, and the Consumer Financial Protection Bureau proposed a federal rule in late 2024 to bring data brokers under the Fair Credit Reporting Act. [2] [3] But until very recently, and still at the federal level, this industry operated with essentially no registration, no licensing, and no meaningful oversight.

A typical people search site will return your full legal name, your current and former home addresses, your phone number, your email address, your estimated age and date of birth, the names of your relatives and known associates, your estimated income range, and in many cases your political party registration and property ownership records. There is no background check required to access any of it! There is no verification of identity or intent.

The companies that maintain these profiles argue that the underlying data is public with no resonable expectations of privacy. This is technically true and practically misleading as information flows should be governed by context appropriate norms. So a property deed filed with your county recorder is a public record; however, collecting that deed, combining it with your phone number from a breached database, your email from a loyalty program, and your age from voter registration, then publishing the finished profile on a page Google will index, is something different in kind from a record sitting in a filing cabinet. The aggregation is the product. And the aggregation is what makes the data dangerous.

Professor Chris Hoofnagle at UC Berkeley Law has argued for over a decade that commercial data brokers do the work of law enforcement. They let anyone compile and search personal information at a scale the government itself would need a legal process to reach, and Hoofnagle argues they should be regulated accordingly. [4]
Your phone is a witness ⚠ Location data is being sold commercially at a scale that makes anonymization meaningless
Your smartphone records your location continuously, and with a precision measured in feet. This data is collected by the operating system, by individual apps, by advertising networks embedded in those apps, and by your cellular carrier and their patchwork network. The result is a shockingly complete record of your physical life. Where you sleep, where you work, where you eat, which doctor you visit, which friend's house you stopped at, who comes and stays over, and for how long . This would be concerning enough if the data stayed on your phone, but it does not.

In 2024, the Federal Trade Commission took enforcement action against four data brokers (X-Mode Social, InMarket, Gravy Analytics, and Mobilewalla) for selling precise consumer location data that could be used to track visits to reproductive health clinics, places of worship, and domestic abuse shelters. The FTC banned these companies from selling or disclosing sensitive location data which was the first time this sort of prohibition was enacted. [5]

In a separate investigation, Senator Ron Wyden documented that the data broker Near Intelligence had provided location data to an anti-abortion organization called the Veritas Society, which used it to target people who visited 600 Planned Parenthood clinics across 48 states. Near's advertising partner would draw digital boundaries around clinic buildings and parking lots and delivered over 14 million targeted ads to the phones detected inside those boundaries. Near's chief privacy officer confirmed to Senator Wyden's staff that the company had no technical controls to prevent this kind of targeting until after the Supreme Court's Dobbs decision in 2022. [6]

"Anonymous" data is not anonymous ⚠ This has been empirically falsified in peer-reviewed literature, repeatedly, for over a decade
The industry's defense is that location data is "anonymized." The peer-reviewed research is unambiguous, it is not.

In 2013, a team led by Yves-Alexandre de Montjoye published a study in Nature examining fifteen months of mobility data for 1.5 million individuals. They found that four spatio-temporal data points, only four places and times where a person was observed, are enough to uniquely identify 95% of individuals in the dataset. [7]

In 2021, de Montjoye and colleagues published a follow-up in Patterns confirming the finding at country scale. In a dataset of 60 million people, 93% could be uniquely re-identified with four data points. And there is a floor here. No matter what anonymization method is applied, at least 22% of people can still be identified. With five data points, that floor rises to 87%. [8]

Four data points. That's all it takes. Your home at night, your office in the morning, your gym after work, and a restaurant on Saturday. That is enough to identify you, personally, out of sixty million people.
Your email is evidence. Your accounts are a chain.
Every email sent through a consumer provider is stored, often indefinitely, in a jurisdiction you may not have considered, under a privacy policy you almost certainly have not read. If you are involved in a lawsuit, a custody dispute, a tax audit, a workplace investigation, or a criminal inquiry, that archive is discoverable. Not the emails you chose to share with the other party. All of them. Every draft, every thread, every attachment, going back years.

Meanwhile, most people use the same email address for their bank, their health portal, their social media, their child's school, and the loyalty program at their grocery store. Often the same password, or a small rotation. A breach at any one of those services yields credentials that unlock the others. The technique is called credential stuffing, and it is automated, continuous, and effective. The most comprehensive breach database publicly available, Troy Hunt's Have I Been Pwned project, holds over 14 billion compromised accounts. If you have used the internet for any real length of time, at least one of your email and password combinations has already been exposed.
THE LANDSCAPE Your address is for sale. Your location is being recorded and traded daily. Your email is stored and discoverable. Your accounts are chained together by shared credentials, many of which have already been breached. Every piece of this is documented, quantified, and in most cases perfectly legal. So the real question is why.

Why the Law Allows It

The legal architecture that permits mass commercial surveillance in the United States is not the product of a deliberate policy choice. It is the product of a series of judicial doctrines and legislative frameworks built for a world that no longer exists, applied to a technological landscape their authors could not have imagined.

The third-party doctrine
When you tell a secret to a friend and you take a risk they might repeat it. That simple intuition, that sharing something gives up your claim to keep it private, is more or less the law. It is called the third-party doctrine, and it is a big part of why your digital life is as exposed as it is.

It comes from a 1979 case, Smith v. Maryland. Police wanted the phone numbers a suspect had dialed, so they had the phone company log them with a device called a pen register with no warrant. The Supreme Court said none was needed, and the logic was you knew the phone company saw the numbers you dialed, since you had to dial through them, thus you had already handed that information over. You assumed the risk. What you give to a third party, the government can ask the third party for. [9]

In 1979, that notion more or less held together. A pen register saw a list of numbers. It did not hear your conversations. It did not follow you through your day. It did not know where you slept, who you saw, or how long you stayed.

But the world changed and the doctrine did not. Courts have then extended it, by analogy, to nearly every record a company keeps about you. Your bank statements. Your browsing history. Your email, sitting on a provider's server. None of it was protected by the Fourth Amendment, because, the reasoning went, you had voluntarily shared it. You lose any reasonable expectations of privacy. But there is nothing voluntary about it. You cannot hold a job, see a doctor, or stay reachable without leaving records in someone else's hands. A rule built for one suspect's phone log now governs the entire paper trail of a modern life. Where does that leave us?
Carpenter v. United States (2018) ✓ The Supreme Court acknowledged the doctrine was failing
For four decades, that was the law. And then the Supreme Court admitted what had become undeniable.

In 2018, in Carpenter v. United States, the Court held that the government's acquisition of historical cell-site location information from a wireless carrier was a search under the Fourth Amendment and required a warrant. Chief Justice Roberts, writing for the majority, described cell-site records as giving the government "near perfect surveillance" and the ability to "travel back in time to retrace a person's whereabouts." The Court recognized that location data reveals a person's "familial, political, professional, religious, and sexual associations." And it rejected the government's argument that the third-party doctrine applied, finding that there is "a world of difference between the limited types of personal information" at issue in Smith v. Maryland and "the exhaustive chronicle of location information casually collected by wireless carriers." [10]

Carpenter was a much welcome decision, but it was also deliberately narrowly tailored. The Court said it was not overruling the third-party doctrine. It was not extending its holding to real-time location data, or to "tower dumps," or other categories of records held by third parties. The opinion addressed one specific type of data (historical cell-site location information) obtained by one specific means (from a wireless carrier). Everything else, your email, your search history, your cloud-stored documents, your app usage data, was left exactly where Smith v. Maryland put it in 1979.
ECPA: the 1986 statute that governs your email
The primary federal statute protecting your email is the Electronic Communications Privacy Act of 1986, known as ECPA. It was enacted before the World Wide Web even really existed. It was written for a world where email was stored briefly on a server and then downloaded to a local machine. Under its original framework any email left on a server for more than 180 days was treated as abandoned, and the government could get it with a subpoena rather than a warrant. Congress has since amended parts of the statute, and the Sixth Circuit held in United States v. Warshak (2010) that email content is indeed protected by the Fourth Amendment regardless of age. [11] But the broader structure, including its provisions for non-content records like email headers, timestamps, and IP addresses, remains largely intact. (this is still a huge problem).
The FTC is using a 1914 law because Congress never passed a privacy statute ⚠ The United States does not have a comprehensive federal privacy law
The data broker industry operates in an even wider legal gap. The actions the FTC has taken against location data brokers have all been brought under Section 5 of the Federal Trade Commission Act, which prohibits "unfair or deceptive acts or practices in or affecting commerce." That statute was enacted in 1914. It was designed to regulate the false advertising and anticompetitive behavior happening at the time. Importantly, it says nothing about privacy. The FTC uses it for privacy enforcement because it is the most powerful general purpose consumer protection tool available, and because Congress has not given the agency anything better. [12]

But here is what most commentary about the FTC misses, and what Hoofnagle's scholarship makes clear. Section 5's deception prong, which is where nearly all FTC privacy cases live, requires a misrepresentation. The company has to say one thing and do another. If a data broker publishes a privacy policy that honestly states "we collect and sell your location data to anyone who pays," the FTC's deception authority does not reach it. The framework does not prohibit harmful data practices. It prohibits dishonest ones. A company that is open about surveilling you is, under current law, largely untouchable. The tool only works against companies that lie. It cannot reach a company that is honest about doing harmful things. [12]
The consent framework was never going to work
Underlying all of this, from the third-party doctrine to the FTC's enforcement model, is one assumption. That you consent to the collection of your data. You clicked "I agree." You used the service. You voluntarily shared.

The research on this assumption is devastating. Hoofnagle and Joseph Turow found that a majority of Americans believe the phrase "privacy policy" means a company will protect their privacy, when in fact it is a disclosure document that describes how the company uses and often shares their data [15]. A study from Carnegie Mellon estimated it would take the average person about a month of full-time work each year, roughly 244 hours, to read every privacy policy they encounter [14]. The system is not failing because consumers are careless but because it's designed so that informed consent is practically impossible. [4]

The notice-and-consent model has survived for decades because the industries that profit from your data have every interest in keeping a framework that puts the burden of protection on you instead of on them. That's why its important to consider all incentives not just technical expertise.
THE LEGAL ENVIRONMENT s discussed, the statute that governs your email was written before the internet. The doctrine that governs whether your data is constitutionally protected was written when rotary phones were hot. The agency enforcing privacy rules against data brokers is using a law written before even the First World War, and that law only reaches companies that lie about what they do with your data. The consent framework that underlies all of it assumes you not only read but understood a document that would take 244 hours a year to read. The law is not keeping you unsafe because it has not caught up. And in some cases, it simply was not designed to.

The Sum of the Parts

For most of its history, Fourth Amendment law asked its question one piece at a time. Anything you exposed to the public, or handed to a third party, carried no reasonable expectation of privacy, so each observation was judged on its own, and if no single one was a search, neither was the sum. Smith v. Maryland (1979) applied that logic to the numbers you dial, conveyed to the phone company; United States v. Knotts (1983) applied it to a car's movements along public roads. What the doctrine never had to confront was what those isolated pieces become once they are collected and combined. A single location ping is trivial. A month of them reveals where you sleep, where you work, who you visit, and which doctor you see. The question is no longer whether any one point is private, but whether the whole they form is.

Justice Sotomayor's warning in Jones
The Court began to register the problem in United States v. Jones (2012), the GPS-tracking case. The majority decided it narrowly, on trespass, but Justice Sotomayor's concurrence went to the doctrine underneath. Long-term monitoring, she wrote, builds a record of a person's movements that the government can store and mine for years, and the aggregate may "alter the relationship between citizen and government in a way that is inimical to democratic society." She went further, questioning the premise itself: that information voluntarily disclosed to third parties carries no expectation of privacy. That approach, she wrote, is "ill suited to the digital age," one in which "people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks." [13]

Six years later the Court caught up. Carpenter v. United States (2018) held that gathering cell-site location records is a search requiring a warrant, even though each record sits in the carrier's hands. The premise Sotomayor doubted in Jones was, at least for location, no longer the law. [10]
What is knowable about a single person
Lets consider what is knowable about a single person from the data sources described in this article. Data broker profiles provide the name, address, phone number, relatives, and estimated income, political party. Location data lays out the daily pattern of a life. Home, work, school, doctor, gym, worship, friends. Email archives can provide mass amounts of personal and professional communications, going back to the start. Breached credential databases provide the keys to accounts that hold financial, medical, and personal information. Public records provide property ownership, court filings, voter registration, concealed carry permits.

No single one of these sources is particularly alarming in isolation. But they do not exist in isolation. They exist at the same time, for the same person, and they are available to anyone with pretty modest resources and motivation.

So a data broker listing that reveals your home address combined with a person who has a reason to find you, a stalker, a custody opponent, a fired employee, becomes a safety risk. A location history is a set of coordinates. Combined with an employer who suspects you are interviewing elsewhere, an insurer who wants to know if you visit a particular clinic, or a prosecutor who wants to place you somewhere, it becomes evidence [16]. An email archive is a collection of messages. Combined with a divorce proceeding, a wrongful termination claim, or a regulatory investigation, it becomes material you cannot retract, redact, or explain away.

Thus, the danger is the combination and the person doing the combining.
When something goes wrong, the law offers almost nothing ⚠ There is no comprehensive private right of action for privacy violations in the United States
This is the part most privacy writing leaves out, and it may be the most important part of all.

Even where the law offers some nominal protection, the remedy actually available to you is close to zero. You cannot sue a data broker for listing your home address. Carpenter requires a warrant for government access to cell-site data, but it says nothing about the commercial collection and sale of the same data. The FTC actions against location data brokers ended in consent decrees and bans, not compensation for the millions of people whose data was sold to anti-abortion groups, political operatives, and defense contractors. ECPA provides some statutory damages, but bringing a case is expensive and the burden of proof is on you. There is no comprehensive private right of action for privacy violations in the United States.

The system does not offer a meaningful remedy after the fact. This is not an oversight. It is the architecture. A legal framework built on notice and consent, enforced by an agency that can only reach deceptive practices, in a country without a federal privacy law, produces exactly this. Widespread exposure with no recourse.

Which means prevention is not just the better option. It is the only realistic protection available. The question is not what you do after your data is misused. It is whether you can keep the exposure from existing in the first place.
The law is decades behind the technology. The gap between what is legal and what is safe is enormous. Most people are not being protected by the legal framework and do not know it. The patchwork of doctrines, statutes, and enforcement actions described in this article is not a system designed to protect you. It is a system built for a different world, stretched and patched by regulators and courts doing the best they can with tools that were never meant for this.

That gap is where Orion Private works. We do not sell fear and we do not deal in abstraction. We map the specific, concrete ways your information is exposed. We weigh that exposure against the specific threats relevant to your life. And we produce an evidence-based report that tells you what to address, in what order, and why. Every recommendation traces back to a documented finding. Nothing is generic. Nothing is based on speculation.

If you have read this far, you already understand the problem better than most people ever will. The question is whether understanding is enough, or whether you want to do something about it.

References

  1. [1] Latanya Sweeney, Simple Demographics Often Identify People Uniquely 2 (Carnegie Mellon Univ., Data Privacy Working Paper No. 3, 2000), dataprivacylab.org (finding that 87% of the U.S. population could be uniquely identified by ZIP code, date of birth, and sex).
  2. [2] Cal. Civ. Code § 1798.99.80 (West 2024) (the Delete Act, enacted by S.B. 362, 2023) (requiring data brokers to register with the California Privacy Protection Agency and directing the agency to build a single deletion mechanism).
  3. [3] Protecting Americans from Harmful Data Broker Practices (Regulation V), 89 Fed. Reg. 101,402 (proposed Dec. 13, 2024) (Docket No. CFPB-2024-0044), withdrawn May 15, 2025.
  4. [4] Chris Hoofnagle, Federal Trade Commission Privacy Law and Policy (2016) (arguing that commercial data brokers perform functions akin to law enforcement and should be regulated accordingly).
  5. [5] Federal Regulators Limit Location Brokers from Selling Your Whereabouts: 2024 in Review, Elec. Frontier Found. (Dec. 2024), eff.org (summarizing 2024 FTC actions against X-Mode Social/Outlogic, InMarket, Gravy Analytics/Venntel, and Mobilewalla).
  6. [6] Letter from Ron Wyden, U.S. Senator, to the Fed. Trade Comm'n & Sec. & Exch. Comm'n (Feb. 13, 2024), epic.org (reporting that the data broker Near Intelligence supplied location data used to target visitors to roughly 600 reproductive health clinics).
  7. [7] Yves-Alexandre de Montjoye et al., Unique in the Crowd: The Privacy Bounds of Human Mobility, 3 Sci. Rep. 1376 (2013), nature.com (four spatio-temporal points uniquely identify 95% of individuals in a 1.5-million-person dataset).
  8. [8] Ali Farzanehfar, Florimond Houssiau & Yves-Alexandre de Montjoye, The Risk of Re-identification Remains High Even in Country-Scale Location Datasets, 2 Patterns 100204 (2021), sciencedirect.com (four points identify 93% of a 60-million-person dataset; a 22% floor rises to 87% with five points).
  9. [9] Smith v. Maryland, 442 U.S. 735, 743–44 (1979) (no reasonable expectation of privacy in the numbers dialed, because they are voluntarily conveyed to the phone company).
  10. [10] Carpenter v. United States, 585 U.S. 296, 311–12, 318–20 (2018), supremecourt.gov (acquisition of historical cell-site location information is a Fourth Amendment search requiring a warrant).
  11. [11] United States v. Warshak, 631 F.3d 266, 288 (6th Cir. 2010) (email content is protected by the Fourth Amendment regardless of how long it has been stored).
  12. [12] Hoofnagle, supra note 4 (explaining that the FTC's deception authority under Section 5 of the FTC Act reaches only misrepresentations, so a company that openly discloses harmful data practices falls outside it).
  13. [13] United States v. Jones, 565 U.S. 400, 415–18 (2012) (Sotomayor, J., concurring) (questioning whether the third-party doctrine can survive in the digital age).
  14. [14] Aleecia M. McDonald & Lorrie Faith Cranor, The Cost of Reading Privacy Policies, 4 I/S: J.L. & Pol'y for Info. Soc'y 543 (2008) (estimating that reading the privacy policy of every site a person visits would take roughly 76 working days per year).
Field Assessment

Proton Mail vs Tuta Mail - What a privacy advocate looks at

Both encrypt your inbox and market themselves as the antidote to Gmail. But jurisdiction, metadata exposure, encryption scope, and real world court orders tell a more complicated story. This is a field by field comparison.

D David
January 2026
Last updated: March 24, 2026
Privacy Research
~22 min read
Both providers promise the same thing: end-to-end encryption, open source code with independent audits, European jurisdiction, and a guarantee that not even the company itself can read your email. Proton Mail (established in Switzerland, 2014) and Tuta Mail (established in Germany, 2011) are the two most recommended encrypted email providers on virtually every privacy list. But recommendation lists rarely examine the differences that matter under legal pressure, specifically what metadata, or transactional data, each provider can see, what a court can compel them to hand over, how their encryption protocols actually differ at a technical level, and what has happened in the real cases where governments came knocking. This analysis attempts to cover all of that. Sources include official privacy policies, published transparency reports, court records, open source code repositories, and the companies' own security documentation.
PROTON MAIL (Switzerland)
TUTA MAIL (Germany)
ADVANTAGE / ENCRYPTED
PARTIAL / CONDITIONAL
EXPOSED / RISK

Company & Jurisdiction

Jurisdiction determines what a government can legally force a provider to do. It is arguably more important than the encryption itself, because encryption protects content, but jurisdiction determines what happens to everything around it.

Legal Entity
Proton MailProton AG, Geneva, Switzerland
Tuta MailTutao GmbH, Hanover, Germany
Governing Privacy Law The primary legislation that determines what data can be compelled
Proton MailSwiss Federal Act on Data Protection (FADP) + BÜPF (telecom surveillance law) [1]
Tuta MailGerman BDSG + EU GDPR + StPO (criminal procedure code) [2]
Intelligence Alliance Membership Whether the country participates in multinational intelligence sharing ⚠ MED - shared intelligence increases the pool of agencies that may request your data
Proton MailNOT A MEMBER of Five, Nine, or Fourteen Eyes
Tuta MailFOURTEEN EYES member
Foreign Data Request Process How a foreign government (e.g. FBI, Europol) obtains your data
Proton MailMust go through Mutual Legal Assistance Treaty (MLAT), then Swiss court approval required [3]
Tuta MailMust obtain a German court order. German companies cannot hand data directly to foreign agencies [2]
Data Retention Law for Email ⚠ HIGH - mandatory retention creates data that exists solely for law enforcement access
Proton MailNO Swiss court ruled (Oct 2021) email providers are not telecoms and not subject to retention [4]
Tuta MailNO No data retention law applies to email in Germany. Two courts affirmed Tuta is not subject to ISP retention rules [5]
Gag Order Risk Whether authorities can prevent the provider from telling you about a data request
Proton MailPOSSIBLE Temporary delay, but Swiss law requires eventual notification [3]
Tuta MailNO German law does not permit forcing companies to submit to a gag order (per Tuta's transparency report) [6]
Encryption Backdoor Risk Whether a law exists or is proposed that could compel weakening of encryption
Proton MailUNCLEAR No current law, but Switzerland is not bound by ECHR encryption ruling
Tuta MailPROTECTED ECHR (2024) ruled EU nations cannot mandate weakening of E2EE. Germany is bound by this. [2]
Legal Orders Received (latest available) ⚠ MED - volume indicates how often the provider's data is targeted
Proton Mail~11,000+ in 2024, compliance rate ~94% [7]
Tuta MailSignificantly lower volume (exact figures in semi-annual transparency report) [6]
User Base
Proton Mail100+ million accounts
Tuta Mail~10 million accounts
NOTE Everyone points to Switzerland and the Five Eyes when comparing Proton to US-based providers. And yes, Switzerland is not in the alliance. But that does not mean Swiss data is untouchable. Foreign agencies request Swiss data through mutual legal assistance treaties all the time. We saw Proton received over 11,000 legal orders in 2024 and complied with roughly 94% of them. Think about that for a second. What Switzerland gives you is due process and not immunity. A warrant has to clear more hurdles to reach your inbox. But the hurdles are not walls. And lately, they seem to be getting shorter. In early 2025, the Swiss Federal Council proposed changes to surveillance law that would require services with over 5,000 users to identify their customers, retain data for six months, and decrypt communications on request when the provider holds the keys. Proton's CEO called the proposal "extreme" and said it would make Swiss services less private than Google. As a a company who built much of their reputation on Swiss privacy, Proton responded by starting to move physical infrastructure out of Switzerland, starting with its AI assistant Lumo, which launched on German servers in July 2025. So when the company that built its brand on Swiss jurisdiction starts relocating away from Swiss jurisdiction, that tells you everything about how much weight to put on location alone.

Encryption Protocols - The Technical Layer

Both providers use end-to-end encryption. The difference is in what standard they chose, what that standard can and cannot encrypt, and how far ahead each has moved on post-quantum readiness. These are not cosmetic differences, they determine the scope of what the server can never see.

Encryption Standard The foundational protocol governing how messages are encrypted
Proton MailOpenPGP (public standard) [8]
Tuta MailTutaCrypt (proprietary hybrid protocol) [9]
Symmetric Encryption
Proton MailAES-256
Tuta MailAES-256 (CBC mode + HMAC-SHA-256) [9]
Asymmetric Encryption (classical)
Proton MailRSA-2048 / RSA-4096 (user selectable)
Tuta MailX25519 (ECDH), replaced RSA-2048 in 2024 [9]
Post-Quantum Encryption Protection against "harvest now, decrypt later" attacks by future quantum computers ⚠ CRITICAL - data encrypted today with only classical algorithms may be decryptable within 10 to 15 years
Proton MailIN DEVELOPMENT No production deployment for email yet
Tuta MailLIVE since March 2024, CRYSTALS-Kyber (Kyber-1024) + X25519 hybrid [10]
Key Derivation Function How your password is converted into encryption keys
Proton Mailbcrypt
Tuta MailArgon2 (more resistant to GPU/ASIC attacks) [9]
PGP Interoperability Whether you can exchange encrypted mail with any PGP user worldwide
Proton MailYES Full PGP/MIME and PGP/Inline support [8]
Tuta MailNO Proprietary protocol, no PGP support [11]
Open Source
Proton MailYES All client apps + encryption libraries
Tuta MailYES All client apps + encryption libraries
NOTE Proton chose OpenPGP for interoperability which means any PGP user worldwide can exchange encrypted mail with a Proton user. Tuta chose a proprietary protocol for encryption scope meaning they can encrypt subject lines, sender names, and more metadata that PGP structurally cannot. This is a genuine trade-off with no objectively correct answer. It depends on your threat model.

What Gets Encrypted - Field by Field

This is where the choice of encryption protocol creates real, measurable differences. Proton's adherence to OpenPGP means that certain email headers are structurally excluded from end-to-end encryption which can be revealing. Tuta's proprietary protocol lets it encrypt fields that PGP cannot. Thus every field listed here as "not E2EE" is a field the provider can theoretically read or hand over under court order.

Email Body + Attachments ✓ Core content, encrypted by both
Proton MailE2EE
Tuta MailE2EE
Subject Line ⚠ HIGH - subject lines reveal what you're writing about without reading the body. "Meeting with attorney re: whistleblower complaint" is devastating metadata.
Proton MailZERO-ACCESS encrypted at rest, NOT end-to-end encrypted. Proton can technically access it under court order. [12]
Tuta MailE2EE Encrypted on device before transmission. Tuta cannot read it. [11]
Sender & Recipient Names The display name associated with the sender/recipient, not the email address itself
Proton MailZERO-ACCESS only, not E2EE
Tuta MailE2EE [11]
Sender & Recipient Email Addresses Structurally required by SMTP, no provider can E2EE this ⚠ HIGH - reveals who is communicating with whom
Proton MailPLAINTEXT required by email protocol
Tuta MailPLAINTEXT required by email protocol
Timestamps (sent/received) ⚠ MED - reveals when you communicate and how often
Proton MailPLAINTEXT
Tuta MailPLAINTEXT
Contacts / Address Book
Proton MailPARTIAL Some fields E2EE, email addresses and names NOT encrypted [13]
Tuta MailFULLY E2EE All fields including name, phone, address, birthday [11]
Attachment Names ⚠ MED - "whistleblower_evidence_final.pdf" is informative even without reading it
Proton MailACCESSIBLE to Proton per privacy policy [14]
Tuta MailE2EE
KEY DIFFERENCE Proton Mail's privacy policy explicitly states it has access to: sender and recipient email addresses, the IP address incoming messages originated from, attachment names, message subjects, and message sent/received times. [14] Tuta encrypts subject lines, sender/recipient names, and attachment data end-to-end. The only metadata Tuta cannot encrypt is email addresses and timestamps, because the email protocol itself requires them to route messages. [11]
UNDER A COURT ORDER
What Can Actually Be Handed Over
This is the section that addresses courts and warrants. Again, encryption protects content. But when a court order arrives, the question becomes: what does the provider actually have? What exists on their servers in a form they can read?
Email Content (body + attachments)
ProtonCANNOT HAND OVER E2EE, no keys
TutaCANNOT HAND OVER E2EE, no keys
Email Subject Lines ⚠ HIGH - the single biggest practical difference between these two providers
ProtonCAN HAND OVER Not E2EE. Proton confirms this explicitly. [12]
TutaCANNOT HAND OVER E2EE
Sender/Recipient Email Addresses + Timestamps
ProtonCAN HAND OVER
TutaCAN HAND OVER
IP Address ⚠ HIGH - IP address reveals physical location and ISP
ProtonNOT logged by default. CAN be compelled to start logging for a specific account going forward. [4]
TutaNOT logged by default. CAN be compelled via TKÜ order. Session IPs encrypted and auto-deleted after 1 week. [6]
Recovery Email Address ⚠ HIGH - if you used a personal email as recovery, this single field can deanonymize you entirely
ProtonCAN HAND OVER (if user provided one, it is optional) [15]
TutaNOT APPLICABLE Tuta does not use recovery emails. Uses recovery code instead.
Payment Data ⚠ HIGH - credit card info links directly to real identity
ProtonCAN HAND OVER if paid by credit card. Accepts crypto and cash as alternatives. [16]
TutaCAN HAND OVER if paid by credit card. Crypto via gift card partner (Proxystore). No direct crypto.
Unencrypted Incoming Emails (future, real-time surveillance) ⚠ CRITICAL - this is a live surveillance capability, not historical data
ProtonUNCLEAR Swiss law allows interception orders. Proton's architecture encrypts incoming mail immediately with zero-access.
TutaYES German BGH ruled (2021) Tuta must provide unencrypted copies of future non-E2EE mail for specific accounts under TKÜ orders. E2EE mail remains protected. [17]
Attachment Names
ProtonCAN HAND OVER [14]
TutaCANNOT E2EE
CRITICAL Tuta's 2021 German Federal Court ruling is the most significant jurisdiction test either provider has faced. Tuta was ordered to build a function that copies unencrypted incoming and outgoing emails from a specific account before they are encrypted. This only affects non-E2EE mail (mail to/from external providers). Emails between Tuta users remain fully E2EE and were explicitly excluded from the court's reach. Tuta carried the fight to the Federal Court of Justice and lost. The court held that providers like Tuta count as telecommunications operators and must build the monitoring function. The end-to-end encrypted mail stayed out of reach, but not because the court protected it. It stayed out of reach because Tuta cannot decrypt what only the user holds the key to, so there was nothing for the order to take. The law reached exactly as far as the architecture allowed, and no further. That is the lesson worth keeping. A constraint the provider cannot lift is the only promise a court cannot override. [17]

Jurisdiction Under Pressure - Real Cases

These are the documented cases where each provider's jurisdiction was tested by law enforcement, listed chronologically. Every case here is drawn from court records, official company statements, or investigative journalism.

2021 PROTON French Climate Activist (Youth for Climate)

French authorities, working through Europol and Swiss MLAT channels, obtained a Swiss court order that compelled Proton to begin logging the IP address of a specific Proton Mail account associated with the Youth for Climate movement in Paris. The activist was involved in occupying buildings in the Place Sainte Marthe area. Proton complied, as it had no legal mechanism to refuse. [4]

DATA HANDED OVER: IP address (prospective logging) + recovery email address + device type information.
RESULT: Activist was identified and arrested by French police.
AFTERMATH: Proton was forced to removed "we do not keep any IP logs" from its website. They updated their privacy policy to state that IP logging can be compelled by Swiss court order. In the process a Swiss court ruled(Oct 2021) that email providers are not telecoms and limited any future data retention obligations.
2020–2021 TUTA Cologne Blackmail Case (Bundesgerichtshof ruling)

A blackmail email was sent from a Tuta account to an auto supplier. The Cologne Regional Court ordered Tuta to develop a monitoring function for the specific account, copying unencrypted incoming and outgoing emails before they were encrypted. Tuta argued it was not a telecommunications provider and should not be subject to telecom interception laws. The Hanover Regional Court had previously agreed with this position. But the German Federal Court of Justice (BGH) ruled against Tuta, finding that "over the top" email services qualify as telecoms under German criminal procedure law. [17]

DATA HANDED OVER: Tuta was compelled to build a forward looking monitoring capability for non-E2EE mail on specific accounts.
PROTECTED: All previously stored encrypted email remained inaccessible. E2EE emails between Tuta users were explicitly excluded from the court order. The court could not compel decryption.
AFTERMATH: Tuta publicly stated this proves why E2EE matters, as only non-encrypted mail was exposed. Tuta continues to fight the classification of email providers as telecoms.
2024 PROTON Catalan Independence Activist (Democratic Tsunami)

Spanish police (Guardia Civil) sought to identify a pseudonymous member of the Catalan pro-independence movement known as "Xuxo Rondinaire," who was suspected of planning protest actions related to King Felipe VI's visit. The request went through the appropriate Europol to Swiss authorities, who issued a binding order to Proton. Proton was forced to hand over the only user-identifiable information it had: the recovery email address on the account, which was an Apple iCloud address. Apple then provided Spanish authorities with the individual's full name, two home addresses, and a linked Gmail account. [15]

DATA HANDED OVER: Recovery email address (iCloud).
RESULT: Full identification and arrest via Apple's data linked to the recovery email.
KEY LESSON: Proton's encryption held, no email content was exposed. The deanonymization came entirely from a user-provided recovery email. Proton's CEO noted: "Proton provides privacy by default, not anonymity by default."
2025–2026 PROTON Stop Cop City / Defend the Atlanta Forest (FBI)

The FBI was investigating arson, vandalism, and doxxing linked to the Stop Cop City movement in Atlanta, used the MLAT process to compel Proton through Swiss authorities to hand over payment data associated with a specific Proton Mail account affiliated with Defend the Atlanta Forest. The payment data, a credit card transaction, was sufficient to identify the account holder. The individual does not appear to have been charged with a crime at the time of the disclosure. [16]

DATA HANDED OVER: Payment/credit card transaction data linked to the account.
RESULT: FBI identified the account holder. Search warrant was prepared for execution at Atlanta's airport.
KEY LESSON: Payment metadata is not protected by E2EE. Proton accepts cryptocurrency and cash payments as alternatives. If this user had paid with Monero or cash, the FBI would have had nothing.

The pattern across all four cases is consistent: end-to-end encryption held every time. No government obtained the contents of a single encrypted email from either provider. What was obtained in every case was metadata, including IP addresses, recovery emails, payment data, and non-E2EE message copies. The lesson is not that these providers failed but that encryption protects content, and only content. Everything around it, every data point you provide at signup, every payment method you choose, every field that falls outside the encryption envelope, is fair game under a court order.

Features, Ecosystem & Pricing

Security architecture is the priority. But people also need to use these products daily to garner maximum value and utlity. This section covers the practical differences that affect everyday use.

Free Plan Storage
Proton Mail1 GB (shared with Drive)
Tuta Mail1 GB
Paid Plan Starting Price
Proton Mail€3.99/month (Mail Plus), 15 GB
Tuta Mail€3/month (Revolutionary), 20 GB
Bundled Ecosystem
Proton Mail MORE EXTENSIVE VPN + Drive + Calendar + Pass (password manager) + Wallet, all under one account
Tuta MailLIMITED Calendar only. Tuta Drive planned (€1.5M German gov grant), no release date.
Desktop Clients
Proton MailDesktop app (paid only) + Bridge for IMAP/SMTP (paid only)
Tuta MailNative desktop clients for Linux, Windows, macOS (free)
IMAP / SMTP Support Needed for third party email client integration (Thunderbird, Outlook, Apple Mail)
Proton MailYES via Proton Bridge (paid plans only)
Tuta MailNO Proprietary protocol only
Anonymous Signup
Proton MailPARTIAL May require phone/email verification in some cases
Tuta MailYES No personal info required. No recovery email concept. [6]
F-Droid Availability (no Google dependencies)
Proton MailAvailable on F-Droid
Tuta MailAvailable since 2018 First email provider on F-Droid. Zero Google dependencies, no Google Push. [18]
Encrypted Full-Text Search
Proton MailSubject/metadata only on web. Content search on desktop/mobile.
Tuta MailYES Encrypted full-text search on all platforms
NOTE Proton's ecosystem is substantially broader, with VPN, Drive, Calendar, Pass, and Wallet all under one account. If you want a single provider replacing Google's entire suite, Proton is the only realistic option. Tuta's focus is narrower but deeper on the email specific encryption front.

Per-Provider Summary

🟣 Proton Mail

BESTEcosystem breadth. VPN, Drive, Calendar, Pass, and Wallet under one account, the closest thing to a privacy respecting Google replacement that exists.

BESTPGP interoperability. You can exchange encrypted email with any PGP user on Earth, not just other Proton users. This matters for journalists and researchers who correspond with varied sources.

PROSwiss jurisdiction requires MLAT for foreign requests, creating meaningful procedural friction. Switzerland is not in any intelligence sharing alliance.

PROTor onion site for IP anonymous access. Combined with Proton VPN, the IP logging risk is fully mitigable by the user.

CONSubject lines are NOT end-to-end encrypted. Under a valid Swiss court order, Proton can hand over the subject lines of every email in your inbox. This is a PGP limitation, not a Proton decision, but it is a real exposure.

CONRecovery email is a deanonymization vector. The 2024 Catalan case proved this. Recovery email is optional, but Proton prompts users to add one.

CONPayment data exposure. The 2026 Stop Cop City case showed that credit card payment metadata alone was sufficient for the FBI to identify a user.

WARN~11,000 legal orders in 2024 with a ~94% compliance rate. Partly a function of scale, but volume matters.

🔴 Tuta Mail

BESTEncryption scope. Subject lines, sender names, recipient names, attachment data, and the entire address book are E2EE. Tuta encrypts more fields than any other email provider on the market.

BESTPost-quantum encryption, live since March 2024. TutaCrypt's hybrid protocol (CRYSTALS-Kyber + X25519) is the first production deployment of quantum resistant email encryption.

BESTNo recovery email concept. Uses a recovery code instead. The Catalan case deanonymization vector does not exist in Tuta's architecture.

PROArgon2 key derivation, more resistant to GPU/ASIC brute force attacks than Proton's bcrypt.

PROECHR encryption protection. As an EU based provider, Tuta is protected by the 2024 European Court of Human Rights ruling banning laws that weaken E2EE.

CONGermany is a Fourteen Eyes member. Intelligence sharing between allied nations means German agencies could theoretically receive and act on foreign intelligence.

CONBGH ruling created a real-time monitoring precedent. Tuta can be ordered to copy future non-E2EE mail before encryption for specific accounts.

CONNo PGP support. You cannot exchange encrypted email with PGP users outside the Tuta ecosystem.

WARNNarrower ecosystem. Email + Calendar only. No VPN, no file storage (yet), no password manager.

Recommendations by Threat Model

Choose Tuta Mail if:
Your primary threat is the content of your communications being subpoenaed or surveilled. So if you're a journalist protecting sources, a lawyer handling sensitive cases, a whistleblower, an activist operating under government scrutiny, etc. Tuta's encryption scope is objectively wider. Subject line encryption alone could be the difference between a subpoena that reveals plans and intentions, and one that reveals nothing. The absence of a recovery email field eliminates the single most damaging deanonymization vector demonstrated in real cases. Post-quantum encryption means data intercepted today cannot be decrypted by future quantum computers. So if maximum encryption scope is your priority, Tuta is the stronger choice.
Choose Proton Mail if:
You need a comprehensive privacy ecosystem that replaces Google Workspace, you want a more streamline , or your threat model prioritizes jurisdictional friction over encryption scope. Proton's VPN, Drive, Calendar, Pass, and Wallet under a single account is unmatched. PGP interoperability means you can receive encrypted mail from any security conscious sender, not just Proton users. Switzerland's non-membership in intelligence alliances and its MLAT process create real procedural barriers, not immunity, but friction that matters. If you need a fully private daily driver ecosystem and communicate with diverse contacts, Proton is the more practical choice.
Regardless of which you choose:
Never add a personal recovery email. The Catalan case proved this is the single most dangerous field on any account. Use a recovery code or if you must add a recovery email, create a separate anonymous email for that sole purpose.

Never pay with a credit card if anonymity matters. The Stop Cop City case proved payment metadata alone can identify you. Use cryptocurrency (Proton accepts it directly; Tuta accepts it via gift cards) or cash.

Access via Tor or a trustworthy VPN. Both providers can be compelled to log IP addresses for specific accounts under court order. The only way to neutralize this is to never connect from your real IP in the first place.

Understand that E2EE only protects E2EE traffic. Emails to and from Gmail, Outlook, or Yahoo are not end-to-end encrypted. Tuta's BGH ruling demonstrated that non-E2EE mail can be intercepted before encryption. If your correspondent is on Gmail, the email content is visible to Google regardless of what you use.

Both providers are excellent and light years ahead of Gmail, Outlook, or Yahoo. The differences between them matter for high threat users. For the vast majority of people, switching from Gmail to either Proton or Tuta is the single biggest privacy improvement available in email today.

References

  1. [1] Proton, Information for Law Enforcement, proton.me/legal/law-enforcement.
  2. [2] Tuta, EU Data Privacy Protections: Why Tuta Is Based in Germany, tuta.com/blog/data-privacy-germany.
  3. [3] Proton, Transparency Report, proton.me/legal/transparency.
  4. [4] Proton, Important Clarifications Regarding Arrest of Climate Activist (2021), proton.me/blog/climate-activist-arrest (Proton logged an account's IP address after a binding Swiss legal order).
  5. [5] Court Rules Encrypted Email Provider Tutanota Must Monitor Messages, CyberScoop (2021), cyberscoop.com.
  6. [6] Tuta, Transparency Report & Warrant Canary, tuta.com/blog/transparency-report.
  7. [7] Proton, Transparency Report, supra note 3 (aggregate legal-order statistics, 2017–2024).
  8. [8] Proton, How Proton Mail Messages Are Encrypted, proton.me/support/proton-mail-encryption-explained.
  9. [9] Tuta, Everything You Need to Know About Tuta's Encryption, tuta.com/encryption.
  10. [10] Tuta, Tuta Launches Post-Quantum Cryptography for Email (Mar. 2024), tuta.com/blog/post-quantum-cryptography.
  11. [11] Tuta, Security at Tuta, tuta.com/security.
  12. [12] Proton, Does Proton Mail Encrypt Email Subjects?, proton.me/support/does-protonmail-encrypt-email-subjects.
  13. [13] Proton, Proton's End-to-End Encryption, proton.me/security/end-to-end-encryption.
  14. [14] Proton, Proton Mail Privacy Policy, proton.me/mail/privacy-policy.
  15. [15] Lorenzo Franceschi-Bicchierai, Encrypted Services Apple, Proton, and Wire Helped Spanish Police Identify Activist, TechCrunch (May 8, 2024), techcrunch.com (Swiss legal process compelled Wire and Proton to disclose the account's recovery email, which led Apple to provide the user's name and address; message content stayed encrypted).
  16. [16] Joseph Cox, Proton Mail Helped FBI Unmask Anonymous "Stop Cop City" Protester, 404 Media (Mar. 5, 2026), 404media.co (Proton provided account payment data to Swiss authorities, who passed it to the FBI; encryption protected message content, not the account metadata).
  17. [17] Zack Whittaker, German Secure Email Provider Tutanota Forced to Monitor an Account After Regional Court Ruling, TechCrunch (Dec. 8, 2020), techcrunch.com (order required monitoring of one account's future, unencrypted mail; it did not break existing end-to-end encryption). The 2021 appellate ruling is covered at note 5.
  18. [18] Tuta (email), Wikipedia, en.wikipedia.org.
Field Assessment

What your notes app knows about you, even when your notes are encrypted

End-to-end encryption protects your note content. It does not protect the metadata your notes generate. Here is a field-by-field breakdown of the metadata collected by Standard Notes, Notesnook, Cryptee, and Joplin, and what it reveals.

January 2026
Privacy Research
~15 min read
The common assumption when using end-to-end encrypted note's app is that the service cannot see what you write. That is true. But every note you create, modify, or delete still leaves a trail of metadata your notes app can see clearly. Timestamps, file sizes, sync patterns, structural relationships, and in Joplin's case, GPS coordinates.[11] This analysis covers that data trail field by field, across four of the most privacy-focused notes apps available, and one's I personally use. Sources include official documentation, published privacy policies, sync API specifications, and open-source code repositories.
STORED PLAINTEXT on server
PARTIALLY EXPOSED or conditional
ENCRYPTED - server sees ciphertext only
NOT STORED / NOT APPLICABLE
CLIENT-SIDE ONLY - never synced

Timestamps

Timestamps are the metadata that matters most operationally. Again, while they do not reveal what you wrote, they do reveal when, how often, and for how long. We have seen in investigative context that is enough to piecemeal networks.

Field Standard Notes Notesnook Cryptee
created_at Exact timestamp when a note was first created [3][11] ⚠ HIGH, reveals when you began writing about a topic STORED STORED NOT STORED STORED
updated_at / user_updated_time Every modification timestamp, used for sync conflict resolution [3][11] ⚠ HIGH, reveals editing cadence and co-editing patterns STORED STORED VERSION IDs only STORED
user_created_time vs. server_created_time SN and Joplin store both client-reported AND server-recorded timestamps as two separate records [1][11] ⚠ MED, the discrepancy between the two can reveal offline editing periods BOTH STORED BOTH STORED N/A BOTH STORED
deleted_at When a note was trashed. The item is marked deleted, not immediately purged. [3][12] ⚠ MED, reveals when you removed sensitive material STORED STORED NOT CONFIRMED STORED
sync_token / cursor_token SN's internal sync clock that increments on every create or update event, acting as a proxy for edit frequency even without readable timestamps [4] ⚠ MED, editing frequency is inferable from token progression STORED (SN only) N/A N/A N/A
NOTE Cryptee uses sequential version IDs for conflict resolution rather than human-readable ISO timestamps. That good as it's less revealing. The server cannot tell when a note was written, only that one version followed another. [8]

Item Identifiers & Structure

Identifiers are low-risk in isolation. Their value to an adversary comes from correlation, mapping UUIDs across requests, sessions, and time to build a behavioral profile without reading a single word.

Field Standard Notes Notesnook Cryptee
UUID / Item ID Unique identifier per note, tag, and notebook. Stored in plaintext as a database key. [1][11] ✓ LOW alone, meaningless without content but correlatable across requests STORED STORED STORED STORED
content_type Whether an item is a Note, Tag, Component, or Preference. Stored in plaintext for server-side routing. [3][5] ⚠ MED, the server knows you have X notes, Y tags, Z preferences without reading any of them STORED ENCRYPTED PARTIAL STORED
items_key_id (SN only) Associates each encrypted note payload with the Items Key UUID that encrypted it [1] ✓ LOW, only reveals which key encrypted which note. Useful for key rotation, not revealing. STORED N/A N/A N/A
parent_id / notebook relationship The structural link between a note UUID and its notebook UUID [5][11] ⚠ MED, reveals organizational grouping even when folder names are encrypted ENCRYPTED ENCRYPTED FOLDER COUNT VISIBLE STORED (E2EE off) / ENCRYPTED (E2EE on)
tag relationships UUID-to-UUID associations between notes and tags [5][11] ✓ LOW if tag names are encrypted, count is inferable but meaning is not ENCRYPTED ENCRYPTED ENCRYPTED STORED (E2EE off) / ENCRYPTED (E2EE on)
is_deleted flag Soft-delete marker. The item remains in the database as a tombstone until a hard purge runs. [3][12] ⚠ MED, deleted notes persist server-side. SN keeps them 14 days. Others unstated. 14-day tombstone Window unstated NOT CONFIRMED Window unstated

Note Content Fields

This is where all four products perform equally well, and allows them to market some sort of end-to-end encryption. The title, body, tags, and folder names are encrypted in every product when E2EE is properly active. The server holds ciphertext and cannot read any of it. [1][5][8][13]

Field Standard Notes Notesnook Cryptee
Note titleThe visible title of the note✓ Encrypted in all four when E2EE is active ENCRYPTED ENCRYPTED ENCRYPTED ENCRYPTED (E2EE on)
Note body / contentFull note text✓ Encrypted in all four when E2EE is active ENCRYPTED ENCRYPTED ENCRYPTED ENCRYPTED (E2EE on)
Tag namesHuman-readable labels applied to notes✓ Server sees UUIDs only, names are encrypted ENCRYPTED ENCRYPTED ENCRYPTED ENCRYPTED (E2EE on)
Notebook / folder namesNames of organizational containers✓ Server sees UUIDs only, names are encrypted ENCRYPTED ENCRYPTED ENCRYPTED ENCRYPTED (E2EE on)
NOTE Content protection is consistent across all four products. The privacy differences live in the metadata layers above and below this table, not in the content encryption itself.

Structural & Size Metadata

Remember that even encrypted blob sizes correlate with content length even after encryption. A 200KB blob versus a 2KB blob reveals the notes relative length. Attachment types also reveal what kind of material you work with. Again, noe of this requires decrypting anything.

Field Standard Notes Notesnook Cryptee
Encrypted payload byte size Size of the encrypted blob on the server, which correlates with note length even after encryption ⚠ MED, short vs. long writing is inferable from blob size VISIBLE VISIBLE EXPLICITLY STORED VISIBLE
Total note count Number of items stored under the account, inferable from item listings ✓ LOW, reveals productivity habits but not topics INFERABLE INFERABLE STORED PER FOLDER INFERABLE
Attachment MIME types File type of attachments (PDF, image, audio, etc.) known before encryption wrapping ⚠ MED, "this note has an audio attachment" or "a scanned document" is contextually revealing NOT CONFIRMED NOT CONFIRMED EXPLICITLY STORED STORED
Attachment count per note How many files are attached to a given note ✓ LOW alone, correlatable with other behavioral patterns INFERABLE INFERABLE VISIBLE STORED
Folder color / archive status (Cryptee) Whether a folder is archived and its color, structural decoration metadata ✓ LOW, cosmetic only N/A N/A STORED (stated in policy) N/A

Revision History Metadata

Revision history is one of the easiest metadata risks to overlook. But remember that every saved version carries its own timestamp which creates a detailed editing timeline that persists on the server independently of the note's content.

Field Standard Notes Notesnook Cryptee
Revision history stored server-side Whether previous versions of a note are held on the server ⚠ HIGH, each revision carries a timestamp, creating a full editing timeline server-side 1yr (Productivity) / Unlimited (Professional) Limited history NOT STATED LOCAL ONLY
Timestamp per revision Every stored version carries the modification time of that specific edit ⚠ HIGH, for a journalist, this shows exactly when a draft was touched relative to external events YES, per revision YES, per revision N/A LOCAL ONLY
Revision content encrypted Whether stored past versions are encrypted on the server YES, encrypted blobs YES, encrypted blobs N/A N/A, local only
Nightly email backup (SN paid, opt-in) SN paid plans can send an encrypted nightly backup to your email. This creates a second metadata trail at the email provider. ⚠ MED, timing, recipient address, and volume are visible to your email provider even if content is encrypted OPT-IN, paid only NO NO NO
NOTE Joplin stores revision history locally only, so no server-side edit history exists. Standard Notes Professional stores an unlimited, timestamped edit history of every note indefinitely on Proton's servers. The content is encrypted. The timeline is not.

Joplin-Specific Note Fields

Joplin's data model was inherited partly from Evernote's ENEX format and carries more metadata fields per note than any other product here. Several of these fields are unique to Joplin and have no equivalent in the other three apps.

Field Standard Notes Notesnook Cryptee
latitude / longitude / altitude GPS coordinates embedded directly into note properties. On by default in the mobile app. ⚠ CRITICAL, exact location at note creation. Embedded in the note body itself, not just a server log. Travels with exports. Must be disabled manually in Settings → Note → Geolocation. NOT COLLECTED NOT COLLECTED NOT COLLECTED DEFAULT ON (mobile)
source / source_application Which Joplin client created the note, for example "joplin-desktop" or "net.cozic.joplin-mobile". Stored in note properties. ⚠ MED, device-type fingerprinting at the note level. Syncs plaintext if E2EE is off. NOT COLLECTED NOT COLLECTED NOT COLLECTED EMBEDDED IN NOTE
source_url When a note is created from a web clip, the source URL is embedded in note properties ⚠ HIGH, if E2EE is off, syncing a web-clipped note exposes the exact URL in plaintext. Directly reveals research activity. NOT COLLECTED NOT COLLECTED NOT COLLECTED EMBEDDED IN NOTE
author field Optional field that can be populated from your OS account username automatically ⚠ HIGH, if auto-populated from system username, your OS account name may be embedded in every note you create NOT COLLECTED NOT COLLECTED NOT COLLECTED CHECK IF AUTO-POPULATED
is_todo / todo_due / todo_completed Todo status, due date, and completion flag ✓ LOW if encrypted. Reveals task patterns if not. N/A ENCRYPTED N/A STORED (E2EE off) / ENCRYPTED (E2EE on)
markup_language Whether a note uses Markdown or HTML. Stored in note JSON properties. ✓ LOW, cosmetic formatting preference only N/A N/A N/A STORED in note JSON
CRITICAL It's important to recognize that With E2EE properly enabled, Joplin's dangerous fields (GPS, source_url, source_application) are encrypted in sync and at rest on the server. But they remain present in the local SQLite database in plaintext regardless of E2EE state. So anyone with physical access to the device can read them.

Sync & Operational Metadata

Sync events are visible at the API level regardless of content encryption. Active editing bursts, multi-device conflicts, and session counts paint a behavioral picture even when nothing is readable.

Field Standard Notes Notesnook Cryptee
Sync frequency / timing How often notes are pushed to the server, inferable from API request logs even when content is encrypted ⚠ MED, active editing bursts are visible as sync events with no content required INFERABLE INFERABLE INFERABLE INFERABLE
Conflict records Created when two devices edit the same note simultaneously, linking two item versions server-side ✓ LOW, reveals multi-device use pattern, not content STORED STORED NOT STATED STORED
Active session count How many concurrent device sessions are authenticated to the account ✓ LOW, reveals device count, not content STORED STORED STORED STORED

Per-Product Summary

🔵 Standard Notes

BESTMost transparent documentation. The sync API spec is publicly available and explicit about every stored field.

BESTPrivate username mode orphans all timestamps from a real identity. The data still exists, but it is linked to a meaningless hash, not a person.

WARNRevision history timestamps are the biggest note-level risk. The Professional plan stores an unlimited timestamped edit history indefinitely on Proton's servers.

WARNSync token progression is unique to SN, a proxy clock that reveals editing frequency independently of timestamps.

WARNNightly email backup (opt-in, paid) creates a second metadata trail at your email provider. Timing, volume, and recipient are visible to them even if content is encrypted.

🟢 Notesnook

BESTcontent_type is fully encrypted. The server cannot distinguish a note from a tag from a preference. More thorough than SN and Joplin on this field.

PROPer-note sync toggle. Notes kept local-only generate zero server-side metadata at all.

WARNTimestamps are tied to your email address at registration. No private username equivalent means modification times are always attributable to an identifiable account.

CONDevice fingerprint metadata captured at the network level makes sync events more attributable than any other product here. Notesnook collects device IDs, OS type, and IP address in its own systems, the only app here that does all three.

Cryptee

BESTNo ISO timestamps on notes. Sequential version IDs are used for conflict resolution, readable as "this came after that," not as a datetime.

BESTNo server-side revision history. Previous versions of notes are not retained on the server at all.

WARNFolder count and file sizes explicitly stored. The number of documents per folder and attachment MIME types are visible to the server, per the published privacy policy.

WARNGhost Folders partly mitigates the folder count exposure, since hidden folders are excluded from visible metadata, but the overall structure is still known to the server.

Final Ranking, Most to Least Minimal Note Metadata

1
💗 Cryptee
No real timestamps. No server-side revision history. No GPS or source fields. Folder count and MIME types are visible, but the per-note metadata footprint is the lightest of the four. There is one caveat. The backend is closed source, so these claims cannot be independently verified through server-side code review.
2
🟠 Joplin (E2EE on + geolocation disabled)
No server-side revision history is a meaningful advantage, and with E2EE enabled and geolocation disabled, the most dangerous Joplin-specific fields are neutralized. What remains is basic timestamps and UUIDs. If either condition is not met, Joplin becomes the worst of the four. The gap between best and worst configuration is larger here than in any other product.
3
🔵 Standard Notes (private username mode)
Timestamps and revision history are more extensive than Joplin's, but private username mode orphans all of it from a real identity. Timestamps linked to a hash with no associated PII are far less actionable than timestamps linked to an email address. Best transparency of the four on what is actually stored. The sync token mechanism is a unique risk not present in the other products.
4
🟢 Notesnook
The content_type encryption is better than SN's and Joplin's, and the per-note sync toggle is a useful mitigation. But timestamps are tied to a required email address with no anonymization equivalent, IP addresses are stored in Notesnook's own systems, and device identifiers make sync events more attributable than any other product here. It has the richest note-level metadata profile of the four once account-level data is included.

References

  1. [1] Standard Notes, Encryption, standardnotes.com/help/security/encryption (the open Standard Notes protocol specification, version 004; defines items keys and the encrypted item-payload format, treating the server as a "dumb data-store").
  2. [2] Standard Notes, Security, standardnotes.com/help/security (each account carries an encryption version; current protocol is 004).
  3. [3] Standard Notes, What Information Does Standard Notes Collect About Me?, standardnotes.com/help/5 (the server cannot read note contents but "can…read the date the item was created and modified and the content type"; after account deletion, data persists in 14-day database backups).
  4. [4] Standard Notes, Server (source code), github.com/standardnotes/server (sync API; sync-token progression and item records).
  5. [5] Notesnook, Open Source & Zero-Knowledge Private Note Taking App, notesnook.com (end-to-end encryption is always on and covers note titles, notebook structure, and tag names before anything reaches the server).
  6. [6] Notesnook, notesnook (source code), github.com/streetwriters/notesnook (client-side encryption of all items using XChaCha20-Poly1305 and Argon2).
  7. [7] Notesnook, Privacy Policy, notesnook.com/privacy.
  8. [8] Cryptee, Security Details, crypt.ee/security (client-side AES-256; "we can't see the contents or names of your files"; based in Estonia, outside the 14-eyes jurisdictions, and able to disclose only limited, encrypted data under an Estonian court order).
  9. [9] Cryptee, Threat Model, crypt.ee/threat-model.
  10. [10] Cryptee, Frequently Asked Questions, crypt.ee/faq (the front end is open source and independently verifiable).
  11. [11] Joplin, Data API, joplinapp.org/help/api/references/rest_api (note objects expose latitude, longitude, altitude, source_url, created_time, updated_time, user_created_time, and user_updated_time fields); see also readme/api.md, github.com/laurent22/joplin.
  12. [12] Joplin, Joplin Terminal Application, joplinapp.org/help/apps/terminal (full note property list, including the geolocation fields and the encryption_applied and encryption_cipher_text fields).
  13. [13] Joplin, End-To-End Encryption, joplinapp.org/help/apps/sync/e2ee (E2EE is opt-in; the encryption_applied flag governs whether an item is encrypted before syncing, which is why fields read as plaintext with E2EE off and as ciphertext with it on).
Analysis

The government is buying your data because it cannot legally collect it

On March 18, 2026, FBI Director Kash Patel told the United States Senate that the FBI purchases commercially available location data from data brokers. He also declined to commit stopping. This is not new. It has been happening for decades, across multiple administrations, involving the FBI, the Department of Defense, ICE, the IRS, the Secret Service, and many we have yet to uncover. But for the first time, the current FBI director said it out loud, on the record, under oath. This article attempts to explain what is happening, how long it has been happening, who it affects, and what you can do about it.

D David
March 2026
Analysis
~15 min read
The Fourth Amendment is supposed to protect you from warrantless government surveillance. In 2018, the Supreme Court affirmed this in Carpenter v. United States, ruling that law enforcement needs a warrant to obtain cell phone location data from carriers. That was supposed to settle it. But the government found a workaround almost immediately. Instead of demanding the data from your carrier, it buys the same data, often more detailed, from commercial data brokers. No warrant. No judge. No notification. Just a purchase order. The apps on your phone collect your location every few seconds through advertising SDKs embedded in their code. That data flows to aggregators who package and sell it. And one of their biggest customers is the United States government. This is the story of how a $300 billion advertising data industry became a backdoor into the private lives of millions of Americans, and why privacy-respecting tools are not a luxury but a necessity.

This Has Been Happening for Years

The NPR report from, March 25, 2026, is the latest chapter in a pattern that stretches back at least six years. Here is a condensed timeline of what has been publicly documented.

2018: Carpenter v. United States
The Supreme Court rules 5-4 that the government must obtain a warrant to access historical cell site location information (CSLI) from carriers. Chief Justice Roberts writes that location data provides "an intimate window into a person's life, revealing not only his particular movements, but through them his familial, political, professional, religious, and sexual associations." Government agencies immediately begin arguing that the ruling applies only to data obtained from carriers, not data purchased on the open market from brokers. [1]
2020: The Muslim Prayer App Scandal ⚠ This is where it became impossible to ignore
Vice's Motherboard published an investigation revealing that the U.S. military purchased granular location data from a prayer and Quran app with over 98 million downloads, Muslim Pro. The data flowed from the app to a broker called X-Mode, which sold it to defense contractors, who then sold it to U.S. Special Operations Command. The app not only sent GPS coordinates, but also Wi-Fi network names and timestamps every time it was used. Muslim Mingle, a Muslim dating app, was also found sending precise geolocation to X-Mode. The Council on American-Islamic Relations rightly called for a congressional inquiry into "the government's use of personal data to target the Muslim community." Senator Wyden's office confirmed that X-Mode admitted to selling location data harvested from U.S. phones to military customers. Apple and Google subsequently banned X-Mode from their app stores. [2]
2020: BLM Protesters Tracked by Data Broker
BuzzFeed News reported that data broker Mobilewalla tracked approximately 17,000 Black Lives Matter protesters by harvesting location data from their phones during demonstrations. Mobilewalla then used the data to create demographic profiles of protesters, including breakdowns by race, age, and gender. The Brennan Center for Justice later noted that the FBI renegotiated its purchase contract with a data broker around the same time as the BLM protests, though the specific use of the data remains unclear. [3]
2021: DIA Admits Warrantless Searches of Americans
A memo obtained by Senator Wyden's office documented that the Defense Intelligence Agency purchased access to a commercial database of smartphone location data and that DIA analysts had searched for Americans' movements without a warrant at least five times in the preceding two and a half years. The memo was quite explicit. "D.I.A. does not construe the Carpenter decision to require a judicial warrant endorsing purchase or use of commercially available data for intelligence purposes." [4]
2023: FBI Director Wray Steps Back (Temporarily)
Then-FBI Director Christopher Wray indicates to Congress that the Bureau had backed away from using "commercial database information that includes location data derived from internet advertising." This appeared to be a concession to growing bipartisan concern. It lasted less than three years.
January 2025: FTC Takes Action Against Gravy Analytics
The Federal Trade Commission finally takes enforcement action against Gravy Analytics and its subsidiary Venntel. They alleged the company collected and sold location data tied to more than one billion mobile devices daily. The data included visits to health clinics, places of worship, domestic violence shelters, and military installations. A subsequent breach at Gravy Analytics (reported by Wired) compromised location records tied to apps including Candy Crush, Tinder, and MyFitnessPal. The FTC's order would ban the company from selling sensitive location data, but the broader market remains largely unregulated. [5]
March 18, 2026: FBI Director Patel Confirms Purchases ⚠ THIS HAPPENED THIS MONTH
At the Senate Intelligence Committee's annual threats hearing, Senator Ron Wyden asks FBI Director Kash Patel if he will commit to not buying Americans' location data without a warrant. Patel declines. "We do purchase commercially available information that's consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us," he says. This reverses the position Wray had taken in 2023 and confirms that the FBI is actively purchasing location data from commercial brokers. [6]

You might assume that if the Supreme Court said warrants are required for location data, the government cannot just buy it instead. The legal reality is more disturbing than that.

The Fourth Amendment Only Restricts Government Action
A 2024 analysis published in the Yale Law and Policy Review ("End-Running Warrants: Purchasing Data Under the Fourth Amendment and the State Action Problem") identified the core legal problem. The Fourth Amendment prohibits unreasonable searches by the government, but a purchase on the open market is not a "search" in the constitutional sense. When a data broker sells your location data to the FBI, the violation of your privacy was committed by the broker (a private company), not by the government. And the Fourth Amendment does not regulate private actors. As the Yale analysis concluded, even though you keep a reasonable expectation of privacy in this data, the amendment simply does not apply to a market transaction. The result is a pretty wide legal gap left open to exploit. [7]
The Columbia Law Review's "Laundering Data" Analysis
In 2022, the Columbia Law Review published "Laundering Data: How the Government's Purchase of Commercial Location Data Violates Carpenter and Evades the Fourth Amendment." The paper argues that purchasing location data is functionally identical to the warrantless surveillance that Carpenter was supposed to prevent. The data is often more detailed than what carriers hold (GPS coordinates vs. cell tower approximations), covers longer time periods, and can be queried retroactively. The government is obtaining the same "intimate window into a person's life" that Chief Justice Roberts described, through a mechanism that the court did not anticipate. No federal court has yet ruled on whether Carpenter's warrant requirement extends to data broker purchases. The legal gray area persists. [8]
The Landlord's Key Analogy
Jake Laperruque, deputy director of the Center for Democracy and Technology's Security and Surveillance Project, offered what may be the clearest analogy in a March 20, 2026 interview with FedScoop. "We certainly wouldn't imagine a scenario where the police said, 'We're going to search your house. We don't have a warrant, but we paid your landlord $100 to give us a spare key. So now we're searching your house without a warrant.'" That is exactly what is happening with data broker purchases. The FBI cannot compel your carrier to hand over your location data without a warrant. But it can pay a data broker for the same data, often more detailed, without any judicial oversight at all. [9]

AI Makes This Exponentially Worse

Data broker purchases are not new. What is new is the ability to process them. Artificial intelligence transforms bulk data sets from a filing cabinet into a searchable intelligence platform.

From Data to Dossiers
Representative Warren Davidson (R-Ohio) stated it plainly in the March 2026 hearing. Artificial intelligence, he said, "can harvest and collect the data in a way that humans never could and do it amazingly fast." The CDT's Laperruque expanded on the point. "What kind of new Pandora's box do we open when we not only have these huge quantities of data, but we have tools that can start to scan and analyze patterns in unprecedented ways and at an unprecedented scale that you can never do from human analysts." [6]

The 130 civil society organizations that signed a letter to Congress ahead of the FISA 702 reauthorization warned that the data broker loophole could be used to "supercharge AI-powered surveillance." The concern is not speculative. Laperruque noted that the recent tensions between Anthropic and the Department of Defense showed the power of combining AI with government-purchased consumer data. When you pair AI's pattern recognition with location histories covering billions of device-days, you get something no human analyst team could replicate. The ability to identify behavioral patterns, predict movements, map social networks, and flag anomalies across an entire population, automatically, continuously, and in real time. [6]

The Legislative Response (and Why It Might Actually Happen This Time)

The Government Surveillance Reform Act
On March 13, 2026, a bipartisan, bicameral group of lawmakers introduced the Government Surveillance Reform Act. Senator Ron Wyden (D-OR) and Senator Mike Lee (R-UT) co-authored it in the Senate. Representative Zoe Lofgren (D-CA) and Representative Warren Davidson (R-OH) lead it in the House. The bill would require federal agencies to obtain a warrant before purchasing Americans' personal data from brokers. It would also close the "backdoor search" loophole that allows agencies to search Americans' communications swept up during foreign intelligence collection without a warrant. [6]

The timing is not coincidental. Section 702 of the Foreign Intelligence Surveillance Act expires on April 20, 2026. Many advocates say the reauthorization debate is the best vehicle for attaching data broker reform. Executive director of Demand Progress, Sean Vitka called it "very likely the only chance that Congress has this year to vote for meaningful privacy protections." [6]

The bill of course faces opposition from the worst. The White House and House Speaker Mike Johnson are pushing for a clean FISA reauthorization with no changes. Some Democrats have also indicated support for a clean extension to avoid letting the law lapse. The window is narrow and closing.

Why This Matters for You (and What You Can Do Right Now)

You may be reading this and thinking, "I have nothing to hide." That is simply not the point. The point is that a system exists where the government has the ability to buy a detailed record of your movements, your associations, your habits, and your patterns of life, without ever asking a judge for permission, without ever notifying you, and without any meaningful oversight. Whether or not you have something to hide, you have a Fourth Amendment right not to be subjected to this. These are a few actionable things you can do today.

The Data Broker Pipeline Starts on Your Phone
Plese disable location permissions for every app that does not require them. Every, single, one. On iOS, go to Settings → Privacy and Security → Location Services. Review every app. Set anything that does not need constant location access to "Never" or "While Using the App." On Android, go to Settings → Location → App location permissions. Be ruthless. A weather app does not need your GPS coordinates. A game does not need to know where you are. Every app with location access is a potential data source for brokers.

Delete your advertising ID. This is the identifier that ties your location data to your device across apps and brokers. On iOS, go to Settings → Privacy and Security → Tracking, then turn off "Allow Apps to Request to Track." On Android, go to Settings → Privacy → Ads → Delete advertising ID. This is the single most effective technical step you can take to reduce your data broker exposure. Break the link.

Next uninstall free, ad-supported apps you do not actively use. Each one is a potential data source. The Gravy Analytics breach proved that even innocent games like Candy Crush fed data into the broker ecosystem.

Use privacy-respecting alternatives. This is the entire reason this site exists. Every technical comparison we publish, on messaging apps, email providers, notes apps, photo storage, and encryption, always comes back to the same thing. The tools you use determine who has access to your data. Signal does not generate the metadata that WhatsApp hands to the FBI every 15 minutes. Ente Photos does not give anyone access to your photo library, because the server cannot see it. Tuta Mail cannot read your email. These are not theoretical differences. They are architectural decisions that determine whether your data exists in a form that can be purchased, subpoenaed, or exploited.

Use a reputable, PAID, VPN. A reputable VPN masks your IP address and stops your ISP from logging the sites you visit. It does not stop app-level location tracking, which requires disabling location permissions, but it adds a meaningful layer against network-level surveillance.
THE REAL MESSAGE The government does not need to hack your phone. It does not need to break your encryption. It does not need a warrant, a subpoena, or a court order. It just needs a credit card and a data broker. The only way to prevent this is to stop the data from being generated in the first place. Audit your phone. Revoke location permissions. Delete your advertising ID. Switch to tools that do not collect the data to begin with. The math behind AES-256 is unbreakable. The law behind the Fourth Amendment is apparently not. Your tools are your last line of defense.

References

  1. [1] Carpenter v. United States, 585 U.S. 296, 311 (2018), supremecourt.gov (warrant required for historical cell-site location information; describing such data as "an intimate window into a person's life").
  2. [2] Joseph Cox, How the U.S. Military Buys Location Data from Ordinary Apps, Vice (Nov. 16, 2020), vice.com (U.S. Special Operations Command obtained location data sourced from the prayer app Muslim Pro through the broker X-Mode).
  3. [3] Caroline Haskins, Almost 17,000 Protesters Had No Idea a Tech Company Was Tracking Their Location, BuzzFeed News (June 25, 2020) (Mobilewalla harvested location data from Black Lives Matter demonstrators).
  4. [4] Charlie Savage, Intelligence Analysts Use U.S. Smartphone Location Data Without Warrants, Memo Says, N.Y. Times (Jan. 22, 2021) (Defense Intelligence Agency memo, obtained by Sen. Wyden, stating that the DIA does not read Carpenter to require a warrant for commercially available data).
  5. [5] Press Release, Fed. Trade Comm'n, FTC Takes Action Against Gravy Analytics, Venntel for Unlawfully Selling Sensitive Location Data (Dec. 2024), ftc.gov (location data tied to more than a billion devices; a separate January 2025 breach exposed records from apps including Candy Crush, Tinder, and MyFitnessPal).
  6. [6] Jude Joffe-Block, Your Data Is Everywhere. The Government Is Buying It Without a Warrant., NPR (Mar. 25, 2026), npr.org.
  7. [7] Aaron X. Sobel, Note, End-Running Warrants: Purchasing Data Under the Fourth Amendment and the State Action Problem, 41 Yale L. & Pol'y Rev. (2023), yalelawandpolicy.org (a government purchase of data is not "state action," so the Fourth Amendment does not reach it even though a reasonable expectation of privacy persists).
  8. [8] Dori Rahbar, Note, Laundering Data: How the Government's Purchase of Commercial Location Data Violates Carpenter and Evades the Fourth Amendment, 122 Colum. L. Rev. (2022), columbialawreview.org.
  9. [9] K. Sophie Will, Privacy Advocates Sound Alarm on "Data Broker Loophole" Used by FBI, Other Federal Agencies, FedScoop (Mar. 20, 2026), fedscoop.com (quoting CDT's Jake Laperruque's "spare key" analogy).
  10. [10] Closing the Data Broker Loophole, Brennan Ctr. for Just., brennancenter.org.
  11. [11] Federal Agencies Are Secretly Buying Consumer Data, Brennan Ctr. for Just., brennancenter.org.
  12. [12] Project on Gov't Oversight, Fact Sheet: Closing the Data Broker Loophole, POGO (Jan. 2026), pogo.org.
  13. [13] Aaron X. Sobel, Data Broker Sales and the Fourth Amendment, Lawfare (Mar. 2024), lawfaremedia.org.
  14. [14] Government Surveillance Reform Act of 2026 (introduced Mar. 12, 2026, by Sens. Ron Wyden & Mike Lee and Reps. Zoe Lofgren & Warren Davidson), wyden.senate.gov.
Investigative Report

What porn sites know about you, and who they tell

Private browsing does not make you private. A UC Berkeley study cataloged the tracking infrastructure on the most popular adult websites in the US and found Google on almost all of them, search terms leaked in plaintext, and sexual preferences encoded in cookies. Here is what the research actually found, what has changed since, and what has not.

D David
November 2026
Privacy Research
~10 min read
Most people think private browsing covers their tracks. Open an incognito window, visit what you visit, close it, done. That is not how it works.In 2016, researchers at UC Berkeley and the University of Münster, including Chris Hoofnagle, analyzed tracking on every adult website ranked in the Alexa US Top 500. What they found was about as bad as you would expect and worse in the details. Google's tracking scripts showed up on nearly every site. Search terms were sent in plaintext to third parties. Sexual preferences were encoded directly into cookies. And most of these sites were not even using HTTPS, which means every URL, including the specific content being viewed, was visible to your ISP and anyone else watching the connection.That was a decade ago. Some things have improved. The ones that haven't are worth understanding.

The Study

The researchers examined all eleven adult sites in the Alexa US Top 500, both manually in Firefox using mitmproxy to capture every connection, and through Mezzobit, a cloud-based tool that maps third-party communications. They supplemented the work with Netograph and Palantir Contour for link and statistical analysis. The paper was submitted to the FTC's PrivacyCon 2017.

SOURCE Altaweel, I., Hils, M., & Hoofnagle, C.J. (2016). "Privacy on Adult Websites." Submitted to FTC PrivacyCon 2017. SSRN ID 2851997.

Key Findings - What The Researchers Found

Google Trackers Present on Nearly Every Site ⚠ HIGH - Google can trivially cross-reference this data with your Gmail, YouTube, Search, and Android activity
Finding9 of 11 sites had Google Analytics and/or DoubleClick scripts. Google was the dominant third-party tracker across the entire sample. No other mainstream ad network had comparable presence.
Why it mattersIf you are logged into a Google account in your normal browser and visit an adult site in the same browser, Google can associate the visit with your identity. Even without a login, Google's fingerprinting and cookie infrastructure can link sessions across sites.
Search Terms Leaked in Plaintext to Third Parties ⚠ HIGH - your exact search query on an adult site was transmitted, readable, to companies including Google and Yandex
Finding7 of 11 sites leaked search terms "in the clear." When a user searched for content on the site, the query string was transmitted in plaintext to third parties including Google Analytics, DoubleClick, and Russia-based Yandex.
Why it mattersThese are not abstract identifiers. These are literal search strings describing sexual preferences, transmitted to advertising infrastructure operated by companies that also know your name, email, phone number, and home address from other services.
Sexual Preferences Encoded in Cookies in Plaintext ⚠ HIGH - category tags like specific sexual interests were stored as readable text, not anonymized codes
FindingCategory tags - the labels describing content types a user clicked on - were often encoded in cookies in plaintext rather than as opaque identifiers. The researchers noted specific examples of human-readable preference labels stored in cookies.
Why it mattersA cookie reading "category=blonde" or "category=trans" is not an anonymous data point. It is a plaintext record of sexual interest stored on your device and transmitted to third-party servers. Anyone with access to the cookie store - malware, a shared computer, forensic analysis - can read it.
Most Sites Did Not Use HTTPS ⚠ HIGH - every URL string, including specific video titles and search queries, was visible to ISPs and network operators
FindingOnly 2 of 11 sites used HTTPS by default. 8 sites either would not load over HTTPS or redirected to HTTP. Ironically, the researchers found that third-party tracking scripts on these sites were more likely to use HTTPS than the adult content itself.
Why it mattersWithout HTTPS, the full URL of every page visited is visible to your ISP, Wi-Fi operator, employer (on a work network), and any intelligence agency with access to the connection. The trackers protected their own data collection with encryption while leaving the user's browsing completely exposed.
Fewer Trackers Than Mainstream Sites - But Not For Privacy Reasons
FindingAdult sites averaged 4 third-party connections (median), compared to 20–33 on comparably popular mainstream and medical sites. Facebook was present on only 1 of 11 adult sites, compared to over half of the top 1,000 sites generally.
Why it mattersThe researchers concluded this was not because adult sites prioritize privacy. It is because mainstream advertisers do not want their brands next to pornographic content, and pornographic preferences have limited value for targeting non-pornographic ads. The privacy benefit is a side effect of marketability, not policy.
Flash Used to Read HTTP Cookie Values
FindingFlash was detected on 5 of 11 sites. In most cases it was being used to read HTTP cookie values from the same domain. The researchers did not find evidence of Flash cookies respawning deleted HTTP cookies.
2026 statusFlash was officially discontinued in December 2020 and is no longer supported by any major browser. This specific vector is dead.

The Nuance Most People Miss

Google Can Re-Identify You Trivially The researchers stated this explicitly ⚠ CRITICAL
The paper states: "Some of these parties, particular Google, could trivially and secretly re-identify these users by relying on data collection from other sites." This is not speculation. If Google Analytics is on an adult site and Google has your identity from Gmail, Search, or Android, the re-identification is a database join away. Private browsing does not prevent this if you are logged into any Google service in any tab.
The Trackers Encrypted Their Traffic - Users Did Not Get The Same Protection ⚠ MED - the companies collecting your data protected their collection pipeline better than the site protected your browsing
On sites that served content over HTTP, the researchers found that third-party tracking scripts and ad delivery were often transmitted over HTTPS. The advertising infrastructure encrypted its own data collection while the user's actual browsing - including specific video URLs and search queries - traveled unencrypted. The trackers considered their data worth protecting. The user's privacy was not extended the same courtesy.
Medical Sites Were Worse
The researchers compared adult sites to a top-500 medical website and found the medical site had 33 third-party vendors and over 30 cookies - dramatically more tracking than any adult site in the sample. The paper notes this undermines the hypothesis that "creepy" subject matter naturally limits tracking. If sensitivity alone drove privacy protections, medical sites would be the most private on the web. They are among the least.
The Real-World Consequences Are Documented ⚠ HIGH
The paper cites Professor Andrew Gilden's research documenting cases where online sexual activity data was used in custody battles, divorce proceedings, and as propensity evidence in criminal trials. It also references the Ashley Madison breach, where tens of millions of users were exposed and subsequently targeted for extortion. The researchers explicitly note that even private, non-public data leakage creates a logical chain to extortion and blackmail through the increased risk that a third party with access to the data could exploit it.

What Has Changed Since 2016

HTTPS Adoption
2016Only 2 of 11 adult sites used HTTPS by default. Full URL strings visible to ISPs and network operators.
2026HTTPS is now near-universal. Major browsers flag HTTP sites as insecure. Most adult sites now serve over HTTPS. ISPs can see the domain you visit but not the specific page or video URL.
Flash
2016Flash detected on 5 of 11 sites, used to read HTTP cookie values.
2026Flash is dead. Discontinued December 2020. No longer a tracking vector.
Third-Party Cookies
2016Third-party cookies were the primary cross-site tracking mechanism. Adult sites set a median of 8 third-party cookies per visit.
2026Chrome has not fully deprecated third-party cookies despite years of announcements. Firefox and Safari block them by default. The tracking has shifted toward fingerprinting, first-party data collection, and server-side tracking - harder to detect, harder to block.
Google's Tracking Presence
2016Google Analytics and/or DoubleClick on 9 of 11 sites.
2026Google's advertising and analytics infrastructure remains the most pervasive tracking system on the web. The specific scripts have evolved (GA4 replaced Universal Analytics in 2023), but Google's ability to correlate activity across sites has only increased.

What Has Not Changed

Private Browsing Still Does Not Protect You From Third-Party Tracking ⚠ HIGH - this is the single most common misconception
Private browsing (Incognito, Private Window) prevents local history from being saved. It does not prevent the site from sending your data to Google Analytics, ad networks, or any other third party. It does not prevent your ISP from seeing which domain you visited. It does not prevent browser fingerprinting. If you visit an adult site in a private window on the same browser where you are logged into Google in a normal tab, the sessions can be correlated.
Search Terms and Preferences Can Still Be Leaked ⚠ MED - the mechanism has shifted from URL parameters to first-party analytics pipelines, but the data still moves
HTTPS prevents ISPs from seeing search terms in URLs. But the site itself still sends those queries to its own analytics stack and to any third-party scripts it loads. Google Analytics, if present, receives page view data that can include search parameters. The data no longer travels in the clear across the network - but it still arrives at Google's servers.
DNS Queries Expose The Domain ⚠ MED - your ISP knows which adult site you visited even over HTTPS, unless you use encrypted DNS
HTTPS encrypts the content of your connection. It does not encrypt the DNS query that resolves the domain name. Unless you are using DNS over HTTPS (DoH) or DNS over TLS (DoT), your ISP sees every domain you resolve - including adult sites. Most users are still on their ISP's default DNS resolver.
The Consequences Have Only Gotten Worse ⚠ HIGH
Since 2016, data breaches have accelerated, sextortion scams have industrialized, and state-level legislation targeting pornography access has expanded (age verification laws, ISP-level filtering mandates). In jurisdictions where pornography is criminalized, the tracking infrastructure documented in this paper is not an advertising nuisance - it is an evidence trail.

What Actually Protects You

If you take away one thing from this analysis, it is that private browsing is a local-only protection. It hides your history from someone who picks up your device. It does not hide your activity from the network, the site, or the third parties the site sends your data to. Here is what does.

Use a VPN or Tor
A trustworthy VPN encrypts all traffic and hides the destination domain from your ISP. Tor goes further by routing traffic through multiple relays so no single entity sees both your IP and your destination. Either one prevents your ISP from knowing which sites you visit. Tor is stronger but slower.
Use a Hardened Browser With Tracking Protection
Firefox with Enhanced Tracking Protection (strict mode), or Brave, blocks third-party trackers including Google Analytics and DoubleClick by default. This directly addresses the primary finding from the Berkeley study - that Google was present on nearly every adult site.
Use Encrypted DNS (DoH or DoT)
DNS over HTTPS or DNS over TLS prevents your ISP from seeing which domains you resolve. Firefox supports DoH natively. Configure it to use a privacy-respecting resolver like Quad9 (9.9.9.9) or Mullvad DNS. Without this, HTTPS only protects the page content - the domain name is still visible.
Use a Separate Browser Profile or Container
Firefox Multi-Account Containers or a completely separate browser profile prevents session correlation between your logged-in Google/social media activity and any other browsing. This is the cheapest, most effective mitigation against the re-identification risk the researchers described.
Do Not Log Into Anything
Creating an account on an adult site ties your activity to an email address, and potentially to payment data. The Berkeley researchers found that even without accounts, tracking infrastructure could correlate sessions. Adding a login makes it trivial. If you must create an account, use a disposable email and pay with cryptocurrency or a prepaid card.

References

  1. [1] Altaweel, I., Hils, M., & Hoofnagle, C.J. (2016). "Privacy on Adult Websites." Submitted to FTC PrivacyCon 2017. SSRN ID 2851997.
  2. [2] Englehardt, S. & Narayanan, A. (2016). "Online Tracking: A 1-million-site Measurement and Analysis." 23rd ACM Conference on Computer and Communications Security.
  3. [3] Marotta-Wurgler, F. (2016). "Understanding Privacy Policies: Content, Self-Regulation, and Markets." NYU Law and Economics Research Paper No. 16-18.
  4. [4] Gilden, A. (2016). "Punishing Sexual Fantasy." 58 William and Mary Law Review.
  5. [5] Darling, K. (2014). "IP Without IP? A Study of the Online Adult Entertainment Industry." 17 Stanford Technology Law Review 655.
  6. [6] Krishnamurthy, B., Naryshkin, K. & Wills, C. (2011). "Privacy leakage vs. Protection measures: The growing disconnect." 11(3) IEEE Security & Privacy 14.
Field Assessment

SMS vs iMessage vs WhatsApp vs Telegram vs Signal: What the FBI's own document tells us

In January 2021, the FBI produced an internal guide titled "Lawful Access" detailing exactly what data it can legally obtain from nine messaging apps. The document was obtained via FOIA by the nonprofit Property of the People and published by Rolling Stone. It is the single most useful primary source available for evaluating messaging privacy, even if it might be outdated. Here is a field-by-field analysis of five of the most common services, based on that document, official privacy policies, court records, and published law enforcement capabilities.

D David
December 2026
Privacy Research
~25 min read
The FBI does not need to break your encryption. On January 7, 2021, someone leaked an internal FBI document. It was prepared by the Bureau's Science and Technology Branch and Operational Technology Division, marked "For Official Use Only" and "Law Enforcement Sensitive," and it answered a question most people never think to ask: what can the FBI actually get from each messaging app with a court order?The answer depends entirely on which app you use. Encryption protects message content on most platforms now. But metadata, who you talk to, when, how often, from where, and on what device, is a different story. WhatsApp hands it over in near real time. Signal gives up almost nothing. SMS exposes everything by design. And as of March 2026, the FBI has confirmed to Congress that it also buys location data from commercial data brokers, bypassing the warrant process altogether.This analysis goes through all five services field by field, then looks at the threats that exist outside the app itself. Every claim is sourced.
EXPOSED: plaintext or accessible to provider/carrier
CONDITIONAL: depends on configuration or legal process type
PROTECTED: E2EE or not collected
NOT APPLICABLE
PRIMARY SOURCE FBI "Lawful Access" document, dated Jan. 7, 2021, obtained via FOIA by Property of the People. Published by Rolling Stone, Nov. 29, 2021. Analysis supplemented by Just Security (Riana Pfefferkorn, Stanford Internet Observatory), the ACLU, the Center for Democracy and Technology, and official privacy policies from each service.

Encryption Architecture

Whether your messages can be read by anyone other than you and your recipient depends entirely on the encryption model. These five services use fundamentally different approaches, and the differences determine everything that follows.

End-to-End Encryption (E2EE) by Default Whether message content is encrypted on your device and only decryptable by the recipient, with no access by the provider ⚠ CRITICAL: this is the single most important privacy property of any messaging service
SMSNO ENCRYPTION Plaintext. Your carrier can read every message. Content is visible to anyone who intercepts the transmission, including stingray devices, ISPs, and intelligence agencies.
iMessageYES E2EE between Apple devices (blue bubbles). Falls back to unencrypted SMS (green bubbles) when communicating with non-Apple devices.
End-to-End Encryption (continued)
WhatsAppYES Signal Protocol. All messages, calls, photos, and videos are E2EE by default. However, metadata is extensively collected and available to law enforcement.
TelegramNO, NOT BY DEFAULT Only "Secret Chats" are E2EE (one-on-one only, no groups, no desktop). All other chats use client-server encryption. Telegram holds the keys and can read them.
End-to-End Encryption (continued)
SignalYES Signal Protocol (the gold standard). All messages, calls, group chats, voice notes, and file transfers are E2EE by default. No exceptions. No fallback to unencrypted modes.
Encryption Protocol
SMSNone. Transmitted via SS7, a protocol designed in the 1970s with no encryption layer.
iMessageApple's proprietary protocol. RSA-1280 + AES-128 (older), transitioning to Elliptic Curve + AES-256. Closed source.
Encryption Protocol (continued)
WhatsAppSignal Protocol (licensed from Signal/Open Whisper Systems). Open source protocol, closed source app.
TelegramMTProto 2.0 (proprietary, home-grown). Criticized by cryptographers including Matthew Green (Johns Hopkins) for non-standard design choices and lack of independent audit.
Encryption Protocol (continued)
SignalSignal Protocol. Open source. The most widely peer-reviewed E2EE protocol in existence. Also used by WhatsApp, Facebook Messenger (opt-in), and Google Messages (RCS).
Open Source
SMSN/A Carrier infrastructure, not an app.
iMessageNO Fully closed source. Apple publishes a security whitepaper but the code is not auditable.
Open Source (continued)
WhatsAppPROTOCOL ONLY Uses open-source Signal Protocol but the WhatsApp app itself is closed source.
TelegramCLIENT ONLY Client apps are open source. Server code is closed source, meaning the server-side behavior cannot be independently verified.
Open Source (continued)
SignalFULL Client apps AND server code are open source. The only service on this list where both sides are independently auditable.
KEY POINT Telegram's marketing as a "secure messenger" has been directly challenged by cryptographer Matthew Green (Johns Hopkins University), who wrote in August 2024: "Telegram really has no legs to stand on in this particular discussion" regarding encryption. He noted that the vast majority of Telegram conversations, and every single group chat, are visible on Telegram's servers. Telegram CEO Pavel Durov was arrested in France in August 2024 on charges related to the platform's role in facilitating criminal activity.
FBI LAWFUL ACCESS: WHAT EACH SERVICE HANDS OVER
Under a Court Order or Search Warrant
This section is derived directly from the FBI's January 2021 "Lawful Access" document. The legal instruments referenced are subpoenas, court orders (18 U.S.C. §2703(d)), search warrants, and pen register/trap-and-trace orders. What follows is what the FBI says it can obtain from each service with the appropriate legal process.
Message Content ⚠ CRITICAL: this is what you actually wrote
SMSFULLY ACCESSIBLE Carriers can read and store message content. Most US carriers delete content after delivery (days), but metadata is retained for months to years. Forensic extraction from the device recovers "deleted" messages.
iMessageLIMITED E2EE protects content in transit. But if iCloud backup is enabled, Apple stores iMessage content with the encryption key and will hand both over under a search warrant.
Message Content (continued)
WhatsAppLIMITED E2EE protects content. But if the target uses an iPhone with iCloud backup enabled, iCloud returns may contain WhatsApp data including message content. WhatsApp introduced optional encrypted backups after the FBI document was prepared.
TelegramCLOUD CHATS: ACCESSIBLE Telegram holds decryption keys for all cloud chats. Secret Chats are E2EE and inaccessible. But most users never enable Secret Chats.
Message Content (continued)
SignalNONE Signal does not store message content. E2EE with no server-side copies. No cloud backup integration. The FBI document confirms: no message content available.
Who You Talk To (Contact/Address Book Data) ⚠ HIGH: reveals your social graph, which is often more valuable than content
SMSFULLY EXPOSED Every sender/recipient pair is logged by the carrier with timestamps. Retained for months to years.
iMessageEXPOSED Subpoena: basic subscriber info. Court order: 25 days of iMessage lookup data showing who searched for your number or email in iMessage.
Who You Talk To (continued)
WhatsAppEXPOSED Search warrant returns: address book contacts, WhatsApp users who have the target in their contacts, blocked users. Pen register: source and destination of every message.
TelegramMINIMAL FBI document: "No contact information provided." Telegram states it may disclose IP and phone number only for confirmed terrorist investigations.
Who You Talk To (continued)
SignalNONE Signal does not store contact lists on its servers. The FBI document confirms: no contact information available. Signal responded to a 2021 grand jury subpoena by providing only registration date and last connection date. Nothing else, because nothing else exists.
Real-Time Surveillance (Pen Register / Trap-and-Trace) ⚠ CRITICAL: this is live, forward-looking surveillance, not historical records
SMSFULLY CAPABLE Carriers provide real-time metadata. Stingray devices can intercept SMS content without carrier involvement. NSA collected 200+ million texts per day globally (Snowden documents, 2014).
iMessageNO PEN REGISTER CAPABILITY per the FBI document. Apple does not provide real-time metadata feeds.
Real-Time Surveillance (continued)
WhatsAppNEAR REAL-TIME WhatsApp is the only service in the FBI document that provides pen register data: source and destination of every message, delivered every 15 minutes. No content, but a full communication graph in near real-time. The ACLU called this "devastating to a reporter communicating with a confidential source."
TelegramNO CAPABILITY per the FBI document.
Real-Time Surveillance (continued)
SignalNO CAPABILITY Signal does not have the data to provide. No pen register capability. No real-time metadata feed. The FBI document confirms this.
IP Address
SMSN/A Cell tower location data serves the same purpose. Your carrier knows your physical location.
iMessageLIKELY Apple collects IP addresses for iCloud services. Available under warrant.
IP Address (continued)
WhatsAppCOLLECTED WhatsApp/Meta collects and retains IP addresses.
TelegramCONDITIONAL Telegram states it may disclose IP address and phone number for confirmed terrorist investigations only.
IP Address (continued)
SignalNOT RETAINED Signal does not log IP addresses. Confirmed by their response to the 2021 grand jury subpoena: no IP data provided because none exists.
Registration / Account Data
SMSFULL IDENTITY Your phone number is tied to your legal identity, billing address, SSN (in most cases), and payment method at the carrier.
iMessageFULL IDENTITY Tied to your Apple ID: name, email, phone, payment info, device serial numbers.
Registration / Account Data (continued)
WhatsAppPHONE NUMBER Required at registration. Subpoena returns basic subscriber records.
TelegramPHONE NUMBER Required at registration. Telegram retains this.
Registration / Account Data (continued)
SignalPHONE NUMBER Required at registration. This is Signal's one identifiable data point. But Signal retains nothing else: no name, no email, no profile data on servers.
THE NATALIE EDWARDS CASE In 2020, former senior FinCEN adviser Natalie Edwards pled guilty to leaking Suspicious Activity Reports to a BuzzFeed reporter. Edwards and the reporter communicated via WhatsApp, believing it to be secure. The FBI used WhatsApp metadata (who messaged whom, when, and how often) to build the case against Edwards. She was sentenced to six months in prison. As Daniel Kahn Gillmor of the ACLU stated: "WhatsApp offering all of this information is devastating to a reporter communicating with a confidential source." The message content was encrypted. The metadata convicted her.

Metadata Collection: What Each Service Knows About You

Even when message content is encrypted, every service collects operational metadata to function. The critical question is: how much, and is it retained?

Metadata Retained by Provider What the service knows about your usage patterns, independent of message content
SMSEVERYTHING Sender, recipient, timestamp, cell tower location, message length. Retained by carriers for 1 to 7 years depending on carrier and field. Content retained for days (varies).
iMessageMODERATE Apple retains 30 days of iMessage metadata including who you attempted to message and your IP address at the time. 25 days of iMessage lookup queries are available to law enforcement.
Metadata Retained (continued)
WhatsAppEXTENSIVE Meta/WhatsApp collects: profile info, contacts, who you message, when, how often, for how long, device type, OS version, battery level, signal strength, IP address, phone number, and location. ProPublica (2021): "Facebook Inc. has downplayed how much data it collects from WhatsApp users."
TelegramMODERATE (cloud chats) IP address, phone number, device info, username, last seen. For cloud chats: full message content on their servers. Telegram claims a distributed key infrastructure requiring multiple jurisdictions, but server code is closed source and this cannot be independently verified.
Metadata Retained (continued)
SignalNEAR ZERO Phone number (registration). Date of account creation. Date of last connection. That is the complete list. Confirmed by Signal's response to a 2021 grand jury subpoena from the US Attorney's Office, Central District of California: "It's impossible to turn over data that we never had access to in the first place."
Cloud Backups: The Encryption Bypass Cloud backups are the most common way E2EE is defeated in practice ⚠ CRITICAL: if your encrypted messages are backed up unencrypted to iCloud or Google Drive, a warrant gets the content
iMessageDEFAULT: UNENCRYPTED iCloud backup stores iMessage content with the encryption key. Apple can and does hand this over under warrant. Apple introduced Advanced Data Protection (opt-in E2EE for iCloud) in late 2022, but it is not on by default.
WhatsAppDEFAULT: UNENCRYPTED WhatsApp backups to iCloud/Google Drive were unencrypted until late 2021 when WhatsApp introduced optional encrypted backups. If the target has unencrypted backups enabled, the FBI can obtain message content via Apple or Google, bypassing WhatsApp's E2EE entirely.
Cloud Backups (continued)
SignalNO CLOUD BACKUP Signal does not integrate with iCloud or Google Drive backup systems. Messages exist only on the device. If the device is lost or wiped, the messages are gone. This is a deliberate architectural decision: there is no cloud-side copy to subpoena.

The Uncomfortable Truth: Encryption Is Not the Ceiling

Everything above analyzes what happens when law enforcement works within the system: subpoenas, warrants, pen registers, data requests to providers. That is the normal case. But if you are individually targeted by a government, the analysis changes fundamentally. Encryption protects data in transit and at rest. It does not protect data on a compromised device. And governments do not need to break your encryption when they can simply hack your phone.

Pegasus: The Encryption Bypass That Costs $0 in Warrants ⚠ CRITICAL: once Pegasus is on your device, every messaging app is compromised, including Signal
NSO Group's Pegasus spyware can be installed on iOS and Android devices using zero-click exploits, meaning the target does not need to click anything, open a link, or interact with the phone at all. In 2019, Pegasus was deployed via a WhatsApp voice call vulnerability; the phone was compromised even if the call was never answered. By 2020, Pegasus shifted to iMessage zero-click exploits that bypassed Apple's BlastDoor security sandbox. Google's Project Zero called one of these exploits "the most technically sophisticated exploit we've ever seen." Once installed, Pegasus reads every message in every app (Signal, WhatsApp, iMessage, Telegram) because it reads the screen and memory after decryption. It can also activate the microphone and camera, extract contacts, passwords, photos, location data, and browsing history. E2EE is irrelevant once the device is compromised. The encryption protects the transmission. Pegasus reads the message after it arrives.
Who Has Access to Pegasus
NSO Group licenses Pegasus exclusively to government agencies. As of 2023, operators in at least 45 countries have been identified by Citizen Lab (University of Toronto). Documented targets include journalists (Jamal Khashoggi's associates, Ben Hubbard of the NYT), human rights activists (Bahrain, UAE, Mexico), political dissidents, lawyers, and heads of state. In the 2021 Pegasus Project investigation by Forbidden Stories and Amnesty International, a leaked list contained over 50,000 phone numbers of potential surveillance targets. In May 2025, a US federal jury ordered NSO Group to pay $167 million in damages to Meta/WhatsApp for hacking approximately 1,400 devices. NSO Group claims to have refocused sales on NATO-aligned countries, but independent verification is not possible.
Cellebrite, GrayKey, and Physical Extraction ⚠ HIGH: if law enforcement has physical access to your device, encryption may not matter
Cellebrite and GrayKey are forensic extraction tools used by law enforcement agencies worldwide to unlock and extract data from seized phones. Cellebrite's UFED products are available to US federal agencies under streamlined procurement contracts (NASA SEWP, NIH CIO-CS). These tools can bypass screen locks, extract "deleted" messages, and recover data from encrypted applications, in many cases without the device's passcode. The EFF notes that even with E2EE messaging, "police have several tools to try to unlock your phone and read your encrypted messages, including Cellebrite and Greykey devices." The constraint is physical access. If law enforcement has your phone (at a border crossing, during an arrest, or via a search warrant for your residence) device-level encryption is the last barrier, not app-level E2EE.
What This Means for Your Threat Model
The messaging app comparison in this article matters for the normal case: protecting against network-level surveillance, provider-side data requests, and routine legal process. This is the threat model for 99% of users. But if you are a journalist working on a story that threatens a government, an activist under state surveillance, a lawyer handling politically sensitive cases, or a dissident in an authoritarian country, your threat model includes device compromise. In that scenario, the messaging app is not the weak link. Your phone is. Mitigations include: keeping your OS updated at all times (most Pegasus exploits target unpatched vulnerabilities), enabling Apple's Lockdown Mode (iOS 16+) which significantly reduces the attack surface for zero-click exploits, using a dedicated device for sensitive communications that is not used for anything else, rebooting your phone regularly (some Pegasus implants are non-persistent and do not survive a reboot), and using disappearing messages aggressively so that even a compromised device holds less readable history.
THE JAMAL KHASHOGGI CONNECTION Pegasus was used to surveill associates of Saudi journalist Jamal Khashoggi before his assassination in the Saudi consulate in Istanbul in October 2018. His wife Hanan Elatr's device was infiltrated with Pegasus in just 72 seconds during her detention at Dubai International Airport in April 2018. The surveillance continued until the assassination. The encryption on their messaging apps was irrelevant because the device itself was the access point. Ben Hubbard, a New York Times Middle East correspondent who was writing about Saudi Crown Prince Mohammed bin Salman, was targeted with Pegasus repeatedly over three years (2018 to 2021). The lesson is not that encrypted messaging failed. The lesson is that device compromise bypasses encryption entirely.

The Data Broker Loophole: Buying What a Warrant Would Require

In 2018, the Supreme Court ruled in Carpenter v. United States that law enforcement must obtain a warrant to access cell phone location data from carriers. That ruling was supposed to be a privacy landmark. Eight years later, the FBI is buying the same data, and more, from commercial data brokers. No warrant required.

FBI Director Confirms Data Broker Purchases (March 2026) ⚠ CRITICAL: this happened this month
On March 18, 2026, FBI Director Kash Patel testified before the Senate Intelligence Committee that the FBI purchases commercially available data, including location data derived from cell phones. When Senator Ron Wyden asked Patel to commit to not buying Americans' location data without a warrant, Patel declined, stating: "We do purchase commercially available information that's consistent with the Constitution and the laws under the Electronic Communications Privacy Act, and it has led to some valuable intelligence for us." This reverses the position taken by former FBI Director Christopher Wray, who indicated in 2023 that the Bureau had stepped back from purchasing location data from commercial brokers.
How the Loophole Works
The apps on your phone (weather apps, games, fitness trackers, social media, ad-supported free apps) collect location data through advertising SDKs embedded in the app code. This data flows to advertising exchanges and data aggregators. Companies like Gravy Analytics and its subsidiary Venntel collect and sell this data, tied to mobile advertising IDs that can be mapped back to individual devices. The FBI and other federal agencies, including ICE and the Department of Defense, purchase this data from commercial brokers. Because the data is "commercially available," agencies argue it falls outside the Fourth Amendment's warrant requirement. The CDT's Jake Laperruque offered a more accurate analogy: this is like the FBI giving a landlord a hefty sum to get the key to someone's apartment rather than obtaining a search warrant. "We wouldn't say, 'Oh, well, they bought the access.'"
The Scale of the Data
In January 2025, the FTC took enforcement action against Gravy Analytics/Venntel, alleging the company collected and sold location data tied to more than one billion mobile devices daily, including visits to health clinics, places of worship, domestic violence shelters, and military installations. A subsequent data breach at Gravy Analytics (reported by Wired) compromised location records tied to popular apps including Candy Crush, Tinder, and MyFitnessPal. That data could identify and track specific individuals. The data broker market is vast, fragmented, and largely unregulated at the federal level. There is no comprehensive federal data privacy statute in the United States.
Why This Matters for Messaging Privacy ⚠ HIGH: your messaging app's encryption is irrelevant if the FBI can buy your location from an ad broker
You can use Signal with disappearing messages and a VPN. But if a weather app on your phone is feeding your GPS coordinates to an advertising exchange every 30 seconds, and the FBI is purchasing that data from Gravy Analytics or Venntel, they know where you are, where you have been, and by extension, who you met with physically. They do not need to know what you said. Location data at the resolution these brokers sell (often within meters) can reveal your home address, your workplace, your doctor's office, your attorney's office, your place of worship, and every meeting you attend. Senator Wyden called the practice "an outrageous end run around the Fourth Amendment." The bipartisan Government Surveillance Reform Act, introduced March 13, 2026 by Senators Wyden and Mike Lee, would close this loophole by requiring a warrant for data broker purchases. As of this writing, it has not passed.
What You Can Do About It
The data broker pipeline starts on your device. Audit every app's location permissions (Settings → Privacy → Location Services on iOS; Settings → Location on Android). Revoke location access for every app that does not absolutely require it. Disable advertising ID tracking (iOS: Settings → Privacy → Tracking → toggle off "Allow Apps to Request to Track"; Android: Settings → Privacy → Ads → Delete advertising ID). Uninstall free, ad-supported apps that you do not actively use, because each one is a potential data source for brokers. Use a VPN to mask your IP address. And understand that the messaging app is one layer of a much larger surveillance surface. Choosing Signal over WhatsApp is meaningful. But if you are carrying a phone full of ad-supported apps with location permissions enabled, the messaging app is not your biggest exposure.

Per-Service Summary

📵 SMS / MMS

CONNo encryption whatsoever. Carriers can read every message. Content is transmitted in plaintext over SS7.

CONFull identity tied to every message. Your phone number, legal name, billing address, and location are attached to every text.

CONStingray interception. Law enforcement can intercept SMS content in real time without carrier involvement using cell-site simulators.

CONMetadata retained for years. Sender, recipient, timestamp, cell tower location are all retained by the carrier and available under routine subpoena.

CONForensic recovery. "Deleted" SMS messages are recoverable from the device using tools like Cellebrite until overwritten by new data.

WARNRCS is replacing SMS and offers encryption in transit, but the ecosystem is still fragmented and cross-platform E2EE is not guaranteed.

🍎 iMessage

PROE2EE by default between Apple devices. Strong encryption in transit.

CONiCloud backup defeats E2EE. If iCloud backup is enabled (it is by default), Apple stores message content with the encryption key and hands it over under warrant.

CONFalls back to SMS when messaging non-Apple devices. Green bubble means no encryption.

CON25 days of iMessage lookup data available to law enforcement, showing who searched for your contact info in iMessage.

CONClosed source. Apple's encryption implementation cannot be independently audited.

WARNAdvanced Data Protection (launched Dec 2022) enables E2EE for iCloud backups, but it is opt-in, not on by default, and most users have never enabled it.

💬 WhatsApp

PROE2EE by default using the Signal Protocol. Message content is protected in transit and at rest on WhatsApp's servers.

CONNear real-time metadata to the FBI. WhatsApp is the only service that provides pen register data: source and destination of every message, every 15 minutes. This is live surveillance.

CONExtensive metadata collection. Meta collects your contacts, usage patterns, device info, IP address, location, and behavioral data.

CONCloud backup bypass. Unencrypted iCloud/Google Drive backups can expose message content. Encrypted backup is opt-in.

CONOwned by Meta. WhatsApp shares data with Facebook's advertising infrastructure. The privacy policy explicitly permits this.

WARNThe Natalie Edwards case proved that WhatsApp metadata alone, without any message content, was sufficient to convict a federal employee of leaking classified documents.

✈️ Telegram

PROSecret Chats are E2EE with self-destructing messages and no server-side storage.

PROMinimal FBI access. The FBI document shows no message content and no contact info available under standard legal process.

CONDefault chats are NOT end-to-end encrypted. Telegram holds decryption keys for all cloud chats. Every group chat, every channel, and every default one-on-one conversation is readable by Telegram.

CONProprietary, unaudited server. Server code is closed source. Telegram's claims about distributed key storage cannot be verified.

CONMTProto protocol criticized by Johns Hopkins cryptographer Matthew Green and others for non-standard design, lack of independent audit, and implementation concerns.

WARNPost-Durov arrest policy change. After Pavel Durov's arrest in France (Aug 2024), Telegram announced it would begin cooperating with law enforcement under court order, reversing its prior stance.

🟣 Signal: The Standard

BESTThe FBI's own document confirms it. Signal provides: date/time of registration, date of last use. That is the entire list. No message content. No contacts. No metadata. No IP addresses. No pen register capability.

BESTE2EE on everything, no exceptions. All messages, group chats, calls, voice notes, file transfers. No cloud backup integration. No fallback to unencrypted modes.

BESTFull open source. Client AND server. The only service on this list where both are auditable.

BESTOperated by a nonprofit. Signal Foundation. No advertising business model. No incentive to collect data.

PRODisappearing messages, sealed sender, screen security. Advanced privacy features enabled at the user's discretion.

CONRequires a phone number to register. This is Signal's one identifiable data point. It is a real limitation for users who need full anonymity.

CONSmaller user base. Most of your contacts are probably on WhatsApp or iMessage. Network effects work against Signal's adoption.

WARNSignal does not protect against device compromise. If Pegasus or Cellebrite gains access to your phone, Signal's encryption is irrelevant. Signal protects the pipe. It cannot protect the endpoints.

Recommendations by Threat Model

If your communications could be subpoenaed, surveilled, or used against you:
Use Signal. No equivocation. The FBI's own internal document confirms that Signal provides the least data of any messaging service they analyzed. If you are a journalist protecting sources, a lawyer communicating with clients about sensitive matters, a whistleblower, an activist, or anyone whose communications could be compelled by legal process, Signal is the only service on this list where the provider genuinely cannot comply with a data request, because the data does not exist. Enable disappearing messages. Verify safety numbers with your contacts. Use a PIN for registration lock.
If you need broad compatibility and your contacts will not switch:
WhatsApp with encrypted backups enabled is a reasonable compromise, but understand the metadata exposure. WhatsApp's E2EE is real and uses the Signal Protocol. Your message content is protected. But Meta collects extensive metadata, provides pen register data to the FBI every 15 minutes, and the Natalie Edwards case proved that metadata alone can be used to identify and convict. If you use WhatsApp: enable encrypted backups, disable iCloud/Google Drive unencrypted backups, and understand that who you talk to and when is visible to Meta and obtainable by law enforcement.
If you face state-level targeting or device compromise threats:
The messaging app is not your primary concern. Your phone is. Use Signal, yes. But also: keep iOS and Android fully updated at all times, because most zero-click exploits target unpatched vulnerabilities. Enable Apple Lockdown Mode (iOS 16+), which dramatically reduces the attack surface. Use a dedicated device for sensitive communications that has no other apps installed. Reboot your phone daily, because some spyware implants (including certain Pegasus variants) do not survive a reboot. Set disappearing messages to the shortest practical interval. Do not carry a phone full of ad-supported apps with location permissions enabled. Audit every app on your device and remove anything you do not actively need. The strongest encryption in the world protects nothing if the device reading the decrypted messages is already compromised.
Regardless of which service you use:
Stop using SMS for anything sensitive. SMS has no encryption, no privacy protections, and full carrier visibility into content and metadata. Every text you send is attached to your legal identity, your physical location, and a timestamp, all retained for months to years and available under routine subpoena.

Turn off iCloud backup if you use iMessage. Or enable Advanced Data Protection (Settings → Apple ID → iCloud → Advanced Data Protection). Without this, your "encrypted" iMessages are sitting on Apple's servers with the decryption key, waiting for a warrant.

Do not trust Telegram's default encryption. Telegram's default chats are client-server encrypted, meaning Telegram holds the keys. Only Secret Chats are E2EE, and they do not work on desktop, do not work for groups, and require manual activation. Cryptographer Matthew Green: "The vast majority of one-on-one Telegram conversations, and literally every single group chat, are probably visible on Telegram's servers."

Understand that encryption protects content, not metadata. The FBI does not need to break encryption. Metadata (who you talk to, when, how often, from where, on what device) is available from most services under routine legal process. The only services that protect both content and metadata are Signal (by architecture) and Telegram Secret Chats (by opt-in). Everything else leaks metadata to varying degrees.

Audit your phone's data broker exposure. Disable location permissions for every app that does not require them. Delete your advertising ID. Uninstall free apps you do not use. The FBI confirmed to Congress this month that it purchases commercially available location data from brokers. Your encrypted Signal messages are meaningless if a weather app on the same phone is reporting your GPS coordinates to an advertising exchange every 30 seconds.

The best service is the one your contacts will actually use. Signal is objectively the most private messaging service available. But privacy is a two-way street. If your contact is backing up WhatsApp to unencrypted iCloud, your messages are exposed on their end regardless of what you use. Have the conversation. Move your sensitive contacts to Signal. Accept that not everyone will switch, and compartmentalize accordingly.

References

  1. [1] Fed. Bureau of Investigation, Lawful Access (Jan. 7, 2021) (obtained via public-records request by Property of the People), propertyofthepeople.org.
  2. [2] Andy Kroll, FBI Document Says the Feds Can Get Your WhatsApp Data, in Real Time, Rolling Stone (Nov. 29, 2021), rollingstone.com.
  3. [3] Riana Pfefferkorn, We Now Know What Information the FBI Can Obtain from Encrypted Messaging Apps, Just Security (Dec. 14, 2021), justsecurity.org.
  4. [4] Matthew Green, Is Telegram Really an Encrypted Messaging App?, A Few Thoughts on Cryptographic Engineering (Aug. 25, 2024), blog.cryptographyengineering.com.
  5. [5] Signal, Response to Grand Jury Subpoena (C.D. Cal. 2021), signal.org/bigbrother (the only data Signal could produce was the account's creation date and last-connection date).
  6. [6] Signal, Terms of Service & Privacy Policy, signal.org/legal.
  7. [7] Daniel Kahn Gillmor (ACLU), quoted in Kroll, supra note 2 ("WhatsApp offering all of this information is devastating to a reporter communicating with a confidential source.").
  8. [8] Mallory Knodel (Ctr. for Democracy & Tech.), quoted in Kroll, supra note 2 ("The most popular encrypted messaging apps iMessage and WhatsApp are also the most permissive.").
  9. [9] Peter Elkind, Jack Gillum & Craig Silverman, How Facebook Undermines Privacy Protections for Its 2 Billion WhatsApp Users, ProPublica (Sept. 7, 2021), propublica.org.
  10. [10] Metadata 102: What Is Communications Metadata and Why Do We Care About It?, Freedom of the Press Found., freedom.press.
  11. [11] Can the Government Read My Text Messages?, Digital Rights Bytes (Elec. Frontier Found.), digitalrightsbytes.org.
  12. [12] Telegram, FAQ (Secret Chats and encryption), telegram.org/faq.
  13. [13] ESET, Telegram Privacy Explained: What's Protected and What's Not (2024), eset.com.
  14. [14] Apple, iMessage Security Overview, in Apple Platform Security Guide, support.apple.com.
  15. [15] James Ball, NSA Collects Millions of Text Messages Daily in "Untargeted" Global Sweep, The Guardian (Jan. 16, 2014), theguardian.com (the DISHFIRE program; documents disclosed by Edward Snowden).
  16. [16] Jude Joffe-Block, Your Data Is Everywhere. The Government Is Buying It Without a Warrant., NPR (Mar. 25, 2026), npr.org.
  17. [17] K. Sophie Will, Privacy Advocates Sound Alarm on "Data Broker Loophole" Used by FBI, Other Federal Agencies, FedScoop (Mar. 20, 2026), fedscoop.com.
  18. [18] The Head of the FBI Just Admitted Something Moderately Horrifying, Futurism (Mar. 22, 2026), futurism.com.
  19. [19] Press Release, Fed. Trade Comm'n, FTC Takes Action Against Gravy Analytics, Venntel for Unlawfully Selling Sensitive Location Data (Dec. 2024), ftc.gov.
  20. [20] Ian Beer & Samuel Groß, A Deep Dive into an NSO Zero-Click iMessage Exploit: Remote Code Execution, Google Project Zero (Dec. 15, 2021); see also securityweek.com.
  21. [21] Pegasus (Spyware), Wikipedia, en.wikipedia.org.
  22. [22] Citizen Lab, Pegasus investigations (2016–2024), citizenlab.ca.
  23. [23] NSO Group Hit with $168m Fine for WhatsApp Pegasus Spyware Abuse, Infosecurity Mag. (May 2025), infosecurity-magazine.com (a jury awarded $167,254,000 in punitive damages plus $444,719 compensatory; in October 2025 the court reduced the punitive award to roughly $4 million and entered a permanent injunction against NSO).
  24. [24] Government Surveillance Reform Act of 2026 (introduced Mar. 12, 2026, by Sens. Ron Wyden & Mike Lee and Reps. Zoe Lofgren & Warren Davidson), wyden.senate.gov.
  25. [25] Jake Laperruque (Ctr. for Democracy & Tech.), quoted in Will, supra note 17 (on the data-broker warrant loophole).
Field Assessment

Your photo library knows more about you than you think: Ente vs iCloud vs Google Photos vs OneDrive

Every photo you take records your exact GPS coordinates, the device you used, its operating system, the time down to the second, and in many cases the direction you were facing. When you upload those photos to a cloud service, the questions become who can see it, who can be compelled to hand it over, and whether AI is being trained on it without your meaningful consent. This is a field-by-field comparison of five configurations across four providers: Ente Photos, iCloud Photos with Advanced Data Protection, iCloud Photos without it, Google Photos, and Microsoft OneDrive.

D David
November 2026
Privacy Research
~25 min read
A single photo taken with a modern smartphone can contain over 460 metadata fields. These include GPS coordinates, a timestamp precise to the second, the make, model, and serial number of the device, camera settings like aperture, shutter speed, and focal length, the direction the camera was facing (compass bearing), altitude, and in some cases the name of the Wi-Fi network the phone was connected to at the time. This is called EXIF data (Exchangeable Image File Format), and it is embedded automatically every time you press the shutter button. You cannot see it by looking at the photo. But anyone with access to the file can read it in seconds. When you upload that photo to a cloud service, all of that metadata goes with it. This brings up privacy concerns most people do not even consider like, does the service encrypt it? Can the service read it? Can law enforcement compel the service to hand it over? And is the service using your photos to train AI models? The answers vary dramatically depending on which service you use and how you have configured it.

Part I: What a Single Photo Reveals About You

Before comparing providers, it is worth understanding exactly what is at stake. Photo metadata is not abstract. It has been used in criminal investigations, stalking cases, corporate leak investigations, intelligence operations, and. The Electronic Frontier Foundation documented a case where the FBI identified an Anonymous hacker ("w0rmer") solely through GPS coordinates embedded in a photo posted to Twitter. The photo was taken with an iPhone 4, and the EXIF data contained the exact latitude and longitude of the house where it was taken, which led directly to the suspect's arrest. [1]

EXIF Fields That Identify You ⚠ HIGH: these fields are embedded in every photo by default unless you disable them
LocationGPS latitude, longitude, altitude, compass bearing, and speed. Accurate to within meters. Reveals your home address (from photos taken at home), workplace, doctor's office, attorney's office, place of worship, and every location you visit. Can be used to build a complete movement profile over time.
DeviceCamera make, model, serial number, firmware version, lens type. The serial number is a unique hardware identifier that links every photo taken with that device to a single physical object. Investigators have used serial numbers to connect photos across different platforms and timeframes to the same person.
EXIF Fields That Reveal Your Activity
TimeExact date and time the photo was taken, often to the second. Separate fields for the time the file was created, modified, and digitized. Establishes precise timelines of activity. Has been used in court to corroborate or destroy alibis.
Software and EditingSoftware used to process or edit the image, editing timestamps, embedded thumbnails of the original uncropped image. The thumbnail field is particularly dangerous: even if you crop sensitive content out of a photo, the original uncropped version may persist as an embedded thumbnail in the EXIF data.
REAL CASE In a documented stalking case, law enforcement found that a stalker extracted GPS coordinates from photos a victim had shared on a dating app. The platform did not strip EXIF metadata on upload, effectively turning every shared photo into a location beacon. Recognizing this risk, companies like Facebook and Instagram now strip EXIF data on upload, but many platforms still do not. And regardless of what the platform does, the cloud service where the original photo is stored retains all of it. [2]

Part II: Encryption Architecture, Provider by Provider

Who can see your photos and their metadata? The answer depends entirely on the encryption model. Some providers encrypt your photos but hold the keys (meaning they can decrypt them under legal process). Some encrypt photos end-to-end (meaning only you can decrypt them). And some do not encrypt stored photos at all in any meaningful sense.

End-to-End Encryption of Photos ⚠ CRITICAL: this determines whether the provider can see your photos
Ente PhotosFULL E2EE All photos, videos, and all metadata (including EXIF data, descriptions, tags, album names) are encrypted on your device before upload. Ente cannot see any of it. Uses XSalsa20-Poly1305 (via libsodium) for symmetric encryption, X25519 for key exchange, and Argon2 for key derivation from your password. Audited twice by Cure53 (2023 crypto audit, 2025 CERN-sponsored infrastructure audit). [3]
iCloud (with ADP)E2EE When Advanced Data Protection is enabled, Photos is one of the 23 data categories protected with end-to-end encryption. Apple does not hold the decryption keys. However, ADP is opt-in, not on by default, and most users have not enabled it.(argument that this is not true e2ee because its not on by default). Some metadata (file checksums, timestamps) remains under standard encryption even with ADP on. [4]
End-to-End Encryption of Photos (continued)
iCloud (without ADP)STANDARD ENCRYPTION ONLY Photos are encrypted in transit and at rest, but Apple holds the decryption keys. Apple can and does decrypt photos in response to valid search warrants. This is the default configuration for every iCloud account. [5]
Google PhotosNO E2EE Photos are encrypted in transit (TLS) and at rest on Google's servers, but Google holds the keys. Google can access, scan, analyze, and provide your photos to law enforcement under a search warrant. Google actively scans photos for CSAM using automated detection. [6]
End-to-End Encryption of Photos (continued)
Microsoft OneDriveNO E2EE FOR PHOTOS OneDrive encrypts files in transit and at rest with BitLocker and per-file encryption, but Microsoft holds the keys. OneDrive Personal Vault adds an extra authentication layer but does not add end-to-end encryption. Microsoft can access stored photos under legal process. [7]
EXIF Metadata Encryption Whether the GPS coordinates, timestamps, and device identifiers embedded in your photos are encrypted ⚠ CRITICAL: if metadata is not encrypted, the provider knows where every photo was taken, when, and with what device
EnteFULLY E2EE All metadata, including EXIF, is encrypted on device before upload. Ente explicitly states: "all metadata (including exif creation time, location, description etc) is also end-to-end encrypted." [3]
iCloud (ADP)MOSTLY E2EE Photo content is E2EE. Apple states that "some metadata and usage information" including file modification dates and checksums remains under standard data protection even with ADP enabled. [4]
EXIF Metadata Encryption (continued)
iCloud (no ADP)NOT E2EE Apple holds the keys. All photo metadata is accessible to Apple and producible under warrant.
Google PhotosNOT E2EE Google reads EXIF metadata to power features like location-based photo search, timeline view, and face grouping. This data is actively indexed and searchable by Google's systems.
EXIF Metadata Encryption (continued)
OneDriveNOT E2EE Microsoft can access photo metadata. OneDrive uses EXIF data for its "On This Day" and location features, confirming server-side access to the metadata.
Open Source
EnteFULL Client apps (iOS, Android, desktop, web) AND server code are open source. Audited by Cure53 and Symbolic Software. CERN-sponsored audit in October 2025. [8]
iCloudNO Closed source. Apple publishes a security whitepaper but the code is not independently auditable.
Open Source (continued)
Google PhotosNO Closed source. Proprietary infrastructure.
OneDriveNO Closed source. Proprietary infrastructure.

Part III: AI, Your Photos, and Who Benefits

Every major cloud photo provider now offers some sort of fancy AI-powered features like face recognition, object search, memory curation, image enhancement, and more. The privacy question is where that AI processing happens (on your device or on the provider's servers) and whether your photos are used to train the company's broader AI models.

Where AI Processing Happens ⚠ HIGH: server-side processing means the provider can see your photos in order to analyze them
EnteON-DEVICE ONLY All machine learning (like face detection, recognition, magic search) runs entirely on your device. Photos are downloaded locally, indexed locally, and the ML indexes are encrypted before syncing to your other devices. That means Ente's servers never see unencrypted photos or ML data. "Your photos and ML data are never used to train any AI models, neither by Ente nor by any third parties." [3]
iCloudMOSTLY ON-DEVICE Face recognition and object classification in Apple Photos runs on-device. Apple states it does not use iCloud Photos data to train generative AI models. However, Apple's CSAM scanning proposals (announced then withdrawn in 2021) raised concerns about server-side photo analysis capabilities.
Where AI Processing Happens (continued)
Google PhotosSERVER-SIDE Google processes photos on its servers to power features like face grouping, object search, location tagging, memory curation, and the AI-powered "Magic Editor." Google's help page states: "We don't train any generative AI models outside of Photos with your personal data." But this carefully worded statement leaves open the question of what happens within the Photos product itself. Google actively scans every photo for CSAM using automated detection systems. Ente founder Vishnu Mohandas created the site TheySeeyourPhotos.com specifically to demonstrate what Google's AI can infer from a single photo. [9]
OneDriveSERVER-SIDE Microsoft uses server-side processing for photo features. Microsoft's privacy statement permits the use of data to "improve and develop" its products. Microsoft Copilot integration with OneDrive raises additional questions about how photo data is processed.
What AI Can Infer From Your Photo Library This applies to any provider that can see your photos in unencrypted form
A photo library is not just a collection of images. To a modern AI system with server-side access, it is a comprehensive behavioral and biographical dataset. From a typical photo library, AI can infer: your home address and workplace (from recurring GPS coordinates), your daily routine and travel patterns, every person you spend time with and how frequently (from face clustering), your physical appearance over time, the interior of your home, your financial status (from visible possessions, car, neighborhood), your children's faces and schools, your medical conditions (from hospital visits visible in location data), your political and religious affiliations (from events and locations), and your romantic relationships. The Ente team built TheySeeyourPhotos.com to make this visible: upload any photo and see what Google's publicly available AI models can extract from it. [9]
THE BROADER AI TRAINING QUESTION In July 2023, Google updated its general privacy policy to explicitly state it may use publicly available information to train AI models. While Google's Photos-specific page says it does not train "generative AI models outside of Photos" with your personal data, the broader Google Terms of Service (updated May 2024) grant Google broad rights to use data across services. Proton publicly accused Google in December 2025 of training image generation AI on Google Photos libraries, though Google denied this and no direct evidence was provided. The fundamental issue remains: if the provider can see your photos (because they hold the encryption keys), the technical capability to use them for AI training exists regardless of stated policy. Policy can change. Encryption cannot. [10]
UNDER A COURT ORDER: WHAT GETS HANDED OVER
Your Photo Library Under Legal Process
A search warrant compels the provider to hand over everything they have. The question is: what do they have? For providers that hold the encryption keys, the answer is everything. For providers with end-to-end encryption, the answer is essentially nothing.
Photo and Video Content ⚠ CRITICAL: your actual photos and videos
EnteCANNOT HAND OVER E2EE. Ente does not hold decryption keys. All content is encrypted blobs on their servers.
iCloud (ADP on)CANNOT HAND OVER E2EE. Apple does not hold decryption keys for ADP-protected data. Apple's Law Enforcement Response Team has stated they will not confirm ADP status without a warrant. [11]
Photo and Video Content (continued)
iCloud (no ADP)CAN HAND OVER Apple holds the keys. This was the loophole law enforcement used for years: even when an iPhone itself was locked, the iCloud backup (including Photos) was accessible via warrant. [5]
Google PhotosCAN HAND OVER Google holds the keys. A search warrant compels disclosure of "content stored in a Google Account, such as Gmail messages, documents, photos and YouTube videos." [6]
Photo and Video Content (continued)
OneDriveCAN HAND OVER Microsoft holds the keys. Producible under valid legal process.
EXIF Metadata (GPS, timestamps, device info) ⚠ HIGH: reveals where every photo was taken, when, and with what device
EnteCANNOT HAND OVER E2EE. Metadata is encrypted with the file.
iCloud (ADP on)PARTIALLY PROTECTED Photo content is E2EE, but Apple states that "some metadata and usage information" remains under standard protection, including modification dates and checksums.
EXIF Metadata (continued)
iCloud (no ADP)CAN HAND OVER All metadata accessible.
Google / OneDriveCAN HAND OVER All metadata accessible. Google actively indexes this metadata for search and timeline features.
Face Recognition Data / AI-Generated Indexes
EnteCANNOT HAND OVER ML indexes are generated on-device and encrypted before sync. Thus, Ente's servers never see them.
Google PhotosCAN HAND OVER Face groupings, object tags, location clusters, and AI-generated labels are all server-side data that Google holds and can produce under warrant.
THE UK PRECEDENT In February 2025, the UK Home Office secretly ordered Apple under the Investigatory Powers Act to provide blanket access to Advanced Data Protection-encrypted iCloud data worldwide. Rather than comply, Apple disabled ADP for UK users entirely. This means iCloud users in the UK cannot enable E2EE for their photos. Apple stated: "We have never built a backdoor or master key to any of our products or services and we never will." But the UK order demonstrates that government pressure on E2EE photo storage is not theoretical. It is happening now. [12]

Part V: Ente's Encryption Architecture (and Its One Noted Limitation)

Since Ente is the only provider on this list with full end-to-end encryption of photos by default, its architecture deserves a closer look. It also has one documented limitation worth discussing.

How Ente's Key Hierarchy Works
When you create an Ente account, the app generates a masterKey on your device. This key never leaves your device unencrypted. Your password is used to derive a keyEncryptionKey via Argon2, which encrypts the masterKey. The encrypted masterKey is stored on Ente's servers so you can access your account from other devices, but only your password can unlock it.

Each album (collection) gets its own collectionKey. Each file gets its own fileKey. Files are encrypted with their fileKey, fileKeys are encrypted with the collectionKey, and collectionKeys are encrypted with your masterKey. This hierarchical key structure means that sharing an album with another Ente user requires only sending them the collectionKey (encrypted with their public key), not re-encrypting every file.

All cryptographic operations use libsodium: XSalsa20-Poly1305 for authenticated encryption, X25519 for key exchange, and Argon2id for password-based key derivation. The entire architecture has been audited by Cure53 (March 2023) and the infrastructure was audited again in a CERN-sponsored engagement (October 2025). [3] [8]
Shared Links and Forward Secrecy ⚠ NOTE: this is a known architectural property, not a vulnerability
Ente allows you to share albums via links that do not require the recipient to have an Ente account. These links are end-to-end encrypted (the decryption key is embedded in the URL fragment, which is never sent to the server). However, these shared links do not provide forward secrecy. Forward secrecy means that if a key is compromised in the future, past communications remain secure. In Ente's shared link model, the key embedded in the link is static for the lifetime of that link. If someone obtains the link (through interception, a compromised device, or a shared chat log), they can access the album for as long as the link is active.

This is a known property of Ente's sharing model, not a bug. The Cure53 audit did not flag it as a vulnerability because it is an inherent limitation of link-based sharing without requiring accounts. The mitigation is straightforward: set an expiration on shared links, protect them with a password, and revoke links when they are no longer needed. For truly sensitive sharing, use Ente's account-to-account sharing (which uses asymmetric key exchange and does not have this limitation) rather than link-based sharing.

Per-Provider Summary

💚 Ente Photos

BESTFull E2EE for everything. Photos, videos, all EXIF metadata, album names, descriptions, tags, and ML indexes. Ente cannot see any of your data.

BESTOn-device AI only. Face recognition and search run locally. ML indexes are encrypted before syncing. No server-side photo processing. No AI training on your data.

BESTFull open source. Client and server. Audited twice by Cure53. CERN-sponsored infrastructure audit.

PROSelf-hostable. You can run the entire Ente server on your own hardware.

PRO3x replication across providers in the EU, including an underground facility in Paris.

WARNShared links lack forward secrecy. Use password protection, expiration, and account-to-account sharing for sensitive content.

CONPaid service. 10 GB free, then paid plans starting at $1.49/month (50 GB). No free unlimited tier.

🍎 iCloud Photos (with ADP)

PROE2EE when ADP is enabled. Apple does not hold the keys. Photos and most metadata are protected.

PRODeep Apple ecosystem integration. Seamless with iPhone, iPad, Mac.

CONADP is opt-in. Not enabled by default. Most users have never turned it on.

CONSome metadata remains under standard protection even with ADP enabled (modification dates, checksums).

CONClosed source. Encryption implementation cannot be independently audited.

CONShared Albums and collaborative features do not support ADP. Photos in Shared Albums use standard encryption only.

CONDisabled in the UK after the Home Office ordered Apple to provide backdoor access (Feb 2025).

🍎 iCloud Photos (without ADP)

CONApple holds the encryption keys. All photos and metadata are accessible to Apple and producible under warrant.

CONThis is the default. Every iCloud account that has not explicitly enabled ADP operates in this mode.

CONThe iCloud backup loophole. For years, law enforcement obtained iPhone data not from the device itself, but from the unencrypted iCloud backup. Photos were a primary target.

WARNEnabling ADP is the single most important step an iPhone user can take for photo privacy. Settings → [Your Name] → iCloud → Advanced Data Protection → Turn On.

📸 Google Photos

CONNo end-to-end encryption. Google holds the keys to every photo.

CONServer-side AI processing. Google's systems analyze your photos, faces, locations, objects, and scenes. All of this data is indexed and searchable on Google's servers.

CONActively scans for CSAM. Automated scanning means Google's systems are looking at your photos.

CONFull producible under warrant. Photos, metadata, face groupings, AI-generated labels, location history derived from photos.

CONPart of the Google advertising ecosystem. Google's broad privacy policy grants extensive data usage rights.

WARNGoogle received nearly 40,000 law enforcement data requests in the first half of 2020 alone, complying with 83% of subpoenas.

☁️ Microsoft OneDrive

CONNo end-to-end encryption for photos. Microsoft holds the keys. Personal Vault adds an authentication layer but not E2EE.

CONServer-side processing. Microsoft processes photos for organizational features and Copilot integration.

CONProducible under warrant. All photos and metadata accessible to Microsoft and law enforcement.

WARNOneDrive is not primarily a photo service. It is a general file storage platform. For users who store photos in OneDrive because it came bundled with Microsoft 365, the privacy implications are the same as Google Photos: the provider can see everything.

Recommendations

If privacy is a priority:
Use Ente Photos. It is the only service on this list that encrypts everything (photos, videos, all metadata, ML indexes) end-to-end by default, runs all AI processing on-device, is fully open source, and has been independently audited by Cure53 (twice, including a CERN-sponsored audit). The provider cannot see your photos under any circumstances. There is nothing to hand over under a court order because the data is encrypted and Ente does not hold the keys. For shared links, always set a password and an expiration. For sensitive sharing, use account-to-account sharing instead of links.
If you are staying in the Apple ecosystem:
Enable Advanced Data Protection immediately. This is the single most impactful privacy setting on your iPhone. Without it, every photo you take is stored on Apple's servers with keys Apple holds, producible under warrant. With it, your photos are end-to-end encrypted and Apple cannot decrypt them. Go to Settings → [Your Name] → iCloud → Advanced Data Protection → Turn On. You will need to set up a recovery key or recovery contact. Do it now. Be aware that Shared Albums do not support ADP, and that some metadata remains under standard protection even with ADP enabled.
Regardless of which service you use:
Disable location tagging on your camera. iOS: Settings → Privacy and Security → Location Services → Camera → set to "Never." Android: Open Camera app → Settings → disable "Save location." This prevents GPS coordinates from being embedded in your photos in the first place. It is the most effective single step you can take to reduce photo metadata exposure.

Strip EXIF data before sharing photos externally. If you share a photo via email, messaging, or any platform that does not automatically strip metadata, the full EXIF data travels with it. Use a metadata removal tool or configure your sharing workflow to strip it.

Understand that Google Photos and OneDrive are not encrypted in any meaningful privacy sense. The provider holds the keys. They can see your photos, analyze them with AI, and hand them over under legal process. If you use these services, you are trusting the provider and every government with jurisdiction over them with your complete photo history, including every location, face, and moment captured in it.

Review your photo library as a threat surface. Your photo library is a biography. It contains your home, your family's faces, your travel patterns, your friends, your possessions, your health-related visits, and years of location history. Treat it with the same seriousness you would treat your medical records or financial statements. The encryption (or lack thereof) on your photo storage is not a technical detail. It is a decision about who gets access to the most intimate record of your life.

References

  1. [1] EFF, "A Picture is Worth a Thousand Words, Including Your Location." 2012. | eff.org
  2. [2] ConvertKit Images, "4 Hidden Dangers of Image Metadata." Feb. 2026. | convertkitimages.com
  3. [3] Ente, Architecture and Security FAQ. | ente.io/architecture
  4. [4] Apple, "iCloud data security overview" and "Advanced Data Protection." | support.apple.com
  5. [5] Journal of High Technology Law, "Closing the Loophole: Effects of Apple's New Advanced Data Protection for iCloud." March 2023. | suffolk.edu
  6. [6] Google, "How Google handles government requests for user information." | policies.google.com
  7. [7] Microsoft, OneDrive Personal Vault and data protection documentation.
  8. [8] Ente, "Ente completes CERN sponsored audit." Nov. 2025. Cure53 audit report. | ente.io/blog/cern-audit
  9. [9] PetaPixel, "This Website Reveals What Google's AI Can Learn From Your Photos." Dec. 2024. TheySeeyourPhotos.com by Ente. | petapixel.com
  10. [10] CyberNews, "Proton claims Google trains AI on Google Photos albums: does it?" Dec. 2025. | cybernews.com
  11. [11] WarrantBuilder, "iCloud Advanced Data Protection: A challenge for law enforcement." Feb. 2024. | warrantbuilder.com
  12. [12] Malwarebytes, "Apple ordered to grant access to users' encrypted data." Feb. 2025. | malwarebytes.com
  13. [13] Cure53, "Audit-Report ente Crypto Design and Code." March 2023. | ente.io
  14. [14] Apple, Legal Process Guidelines (Oct 2025). | apple.com (PDF)
  15. [15] Perspectives in Legal and Forensic Sciences, "Forensic Value of Exif Data." 2025. | sciepublish.com
Technical Brief

How encryption actually works, why it matters, and where it stops protecting you

This is the post I will keep pointing you to. If you have read anything else on this site and found yourself wondering what AES-256 actually means, what end-to-end encryption is doing under the hood, whether quantum computers can break all of it, or why encryption alone is not enough, this is where those questions get answered. It assumes no background, and it does not water anything down to get there.

D David
October 2025
Privacy Research
~25 min read
Encryption is mathematics applied to secrecy. That is all it is. It takes readable information, runs it through a mathematical function with a key, and produces output that is unreadable without the key. The math is public. The algorithms are published. The only secret is the key. Everything you read on this site about email privacy, messaging apps, notes metadata, and court orders comes back to this one question. What is encrypted, with what algorithm, and who holds the key? This post explains the core concepts that make all of that analysis possible. It is written for someone who has never studied cryptography, but it does not skip the parts that matter to someone who has.

Part I: The Two Fundamental Types of Encryption

Every encryption system in use today falls into one of two categories, or combines both. Understanding the difference between them is the most useful thing you can learn about cryptography.

Symmetric Encryption: One Key, Two People
Symmetric encryption uses the same key to encrypt and decrypt. Think of it like a combination lock on a shared locker. Both people need the same combination. If you have the key, you can lock the box and unlock it again. The same key does both jobs.

This is the oldest form of encryption and still the fastest. When your phone encrypts its storage, it uses symmetric encryption. When Signal encrypts a message after the handshake is complete, the actual message encryption is symmetric. When a VPN encrypts your traffic, symmetric encryption does the heavy lifting.

The problem with symmetric encryption is the key exchange. How do you get the same key to two people without anyone else seeing it? If you are standing in the same room, you can whisper it. If you are on opposite sides of the internet, you need a way to agree on a shared secret without ever transmitting it in the clear. That problem is what asymmetric encryption was invented to solve.
The Major Symmetric Algorithms
AES (Advanced Encryption Standard)The most widely used symmetric cipher in the world. Standardized by NIST in 2001. Comes in three key sizes: AES-128, AES-192, and AES-256. Used by governments, banks, messaging apps, VPNs, disk encryption, and virtually everything else that needs to keep data secret. AES-256 is the variant recommended for long-term security and is considered quantum-resistant (more on this below).
ChaCha20A modern stream cipher designed by Daniel Bernstein. Used by Signal, WireGuard VPN, and Google's TLS implementation. Faster than AES on devices without hardware AES acceleration (like older phones). Considered equally secure to AES-256 at its full key length.
Asymmetric Encryption: Two Keys, One Direction Each
Asymmetric encryption (sometimes referred to as public-key cryptography) uses two mathematically linked keys: a public key and a private key. Anyone can encrypt a message using your public key. Only your private key can decrypt it. In other words, the public key locks; the private key unlocks. They are not the same key and you cannot derive one from the other in any practical amount of time.

This solves the key exchange problem. You publish your public key to the world. Someone encrypts a message with it and sends it to you. Only you can read it, because only you have the private key. No shared secret needs to be transmitted.

The trade-off is speed. Asymmetric encryption is far slower than symmetric encryption, often by a factor of 1,000x or more. You would never encrypt an entire video call with RSA. It would be unusably slow. This is why real-world systems use both types together.
The Major Asymmetric Algorithms
RSAThe original. Published in 1977. Security is based on the mathematical difficulty of factoring very large numbers into their prime components. RSA-2048 and RSA-4096 are common key sizes. Proton Mail uses RSA. RSA is vulnerable to quantum computers running Shor's algorithm, which can factor large numbers efficiently. RSA will need to be replaced in the post-quantum era.
Elliptic Curve (ECC)A newer approach using the mathematics of elliptic curves. Provides equivalent security to RSA with much smaller keys (a 256-bit ECC key is roughly equivalent to a 3,072-bit RSA key). X25519 (Curve25519) is the most widely used variant. Signal uses it. Tuta Mail uses it. Faster and more efficient than RSA. Also vulnerable to Shor's algorithm on a quantum computer.
Hybrid Encryption: How the Real World Actually Works ✓ This is what every modern secure system uses
In practice, no system uses purely symmetric or purely asymmetric encryption. Every secure messaging app, every HTTPS connection, every VPN tunnel uses both together in what is called hybrid encryption. Here is how it works.

Step 1: Your device and the other device use asymmetric encryption (like X25519) to agree on a shared secret key. This is called the key exchange or handshake. It happens once at the start of the session.

Step 2: Once both devices have the shared secret, they switch to symmetric encryption (like AES-256 or ChaCha20) for the actual data. Every message, every file, every voice packet is encrypted with the fast symmetric cipher using the key that was established in step 1.

The asymmetric part solves the "how do two strangers agree on a secret?" problem. The symmetric part handles the "now encrypt everything quickly" problem. Together, they give you both security and speed. When someone says "Signal uses the Signal Protocol with X25519 and AES-256," they are describing a hybrid system.

Part II: Can AES-256 Be Cracked? The Quantum Question, Answered With Physics

This is the section I wrote because I keep seeing the same fear repeated online. "Quantum computers will break all encryption." That statement is half true and half dangerously misleading. Quantum computers pose a real, existential threat to asymmetric encryption (RSA, ECC). They pose essentially zero practical threat to AES-256. Here is why, quantified in terms that are hard to forget.

What Grover's Algorithm Actually Does
Grover's algorithm, published in 1996, is the best known quantum algorithm for attacking symmetric encryption. It provides a quadratic speedup for brute-force search, meaning it can search a keyspace in the square root of the time a classical computer would need.

For AES-256, the keyspace is 2^256 possible keys. Grover's algorithm reduces this to 2^128 operations. In plain language, a quantum computer running Grover's algorithm against AES-256 would face the equivalent difficulty of a classical computer brute-forcing AES-128.

AES-128 is still considered secure against classical computers today. 2^128 is approximately 3.4 × 10^38 operations. To put that in human terms, there are roughly 10^22 stars in the observable universe. 2^128 is about 10 quadrillion times the number of stars in the observable universe. Grover's algorithm makes AES-256 "only" as hard as that. [1] [2]
What Shor's Algorithm Does (and Why It Matters for RSA, Not AES)
Shor's algorithm is the quantum threat that actually keeps cryptographers awake. Unlike Grover's quadratic speedup, Shor's algorithm provides an exponential speedup for factoring large numbers and computing discrete logarithms. These are the specific mathematical problems that RSA and Elliptic Curve cryptography depend on.

A sufficiently powerful quantum computer running Shor's algorithm could factor the large primes behind RSA-2048 in hours instead of billions of years. It could solve the elliptic curve discrete logarithm problem that protects X25519. When this happens (and most researchers believe it will within 10 to 20 years), every asymmetric algorithm currently in widespread use will be broken.

AES is not vulnerable to Shor's algorithm. AES does not depend on factoring or discrete logarithms. It is a substitution-permutation network. Shor's algorithm simply does not apply to it. The only quantum attack on AES is Grover's brute-force speedup, and as shown above, AES-256 survives that comfortably. [3]
The Thermodynamic Argument: Why Physics Itself Protects AES-256 ✓ This is the part where encryption stops being a math problem and becomes a physics problem
In 2000, MIT professor Seth Lloyd published a paper in Nature titled "Ultimate Physical Limits to Computation." Lloyd calculated the maximum computational capacity of a physical system based on fundamental physics: the speed of light, the quantum scale (Planck's constant), and the gravitational constant. His theoretical "ultimate laptop" was a 1-kilogram computer confined to 1 liter of volume, operating at the absolute thermodynamic limit, converting all of its mass into computational energy via E=mc². [4]

This ultimate laptop could perform 10^51 operations per second and store 10^31 bits. It would, in Lloyd's words, be operating as a "black hole" since confining that much energy in that volume would collapse it past the Schwarzschild radius.

Now apply that to AES-256. Even after Grover's algorithm reduces the problem to 2^128 operations (about 3.4 × 10^38), Lloyd's ultimate laptop running at the thermodynamic limit of physics would need approximately 10^13 seconds to complete the search. That is roughly 300,000 years.

To be clear about what this means, a computer that converts its entire mass into energy, operates at the absolute physical limit permitted by quantum mechanics, and exists as a literal black hole would still need three hundred thousand years to brute-force AES-256 after Grover's speedup.

And that is the cost of attacking a single key, for a single message, against a single user, on a computer that cannot actually be built.

A more recent estimate (2019, Kryptera) calculated that a quantum computer with more than 6,600 logical, error-corrected qubits would be needed to meaningfully attack AES-256. As of 2026, the largest quantum computers have roughly 1,000 physical qubits, and each logical qubit requires thousands of physical qubits for error correction. The gap between where we are and where we would need to be is not a matter of a few years but of architectural generations. [5]

The NSA's own CNSA (Commercial National Security Algorithm) suite explicitly recommends AES-256 as quantum-resistant for protecting classified information. [6]
BOTTOM LINE Quantum computers are a real and urgent threat to RSA and Elliptic Curve cryptography. They are not a meaningful threat to AES-256. If your data is encrypted with AES-256 (or ChaCha20 at equivalent key length), the quantum apocalypse does not apply to you. The post-quantum transition is about replacing the key exchange algorithms (the asymmetric part), not the data encryption algorithms (the symmetric part). This is exactly what Tuta Mail did in March 2024 when it deployed TutaCrypt, a hybrid protocol that replaces the vulnerable asymmetric layer with CRYSTALS-Kyber (quantum-resistant) while keeping AES-256 for the symmetric layer.

Part III: How HTTPS Encryption Works (and What It Does Not Do)

Every time you see the padlock icon in your browser or a URL starting with https://, you are using encryption. Since this site is a progressive web app served over HTTPS, and since HTTPS is the most common encryption most people encounter daily, it is worth understanding what it actually protects.

What HTTPS Does
HTTPS stands for HTTP Secure. It wraps the normal web protocol (HTTP) in a layer of encryption called TLS (Transport Layer Security, the successor to SSL). When your browser connects to a website over HTTPS, a hybrid encryption handshake occurs.

1. Your browser and the server agree on a shared secret using asymmetric encryption (typically X25519 or ECDHE).
2. All subsequent data is encrypted with that shared secret using symmetric encryption (typically AES-256-GCM or ChaCha20-Poly1305).
3. The server proves its identity using a digital certificate signed by a Certificate Authority (CA) that your browser trusts.

The result is that everything between your browser and the server is encrypted. The content of the pages you view, the data you submit in forms, the cookies your browser sends, all of it travels through an encrypted tunnel that your ISP, your Wi-Fi operator, and anyone else on the network path cannot read.
What HTTPS Does Not Do ⚠ These are common misconceptions
HTTPS does not hide which website you are visiting. Your ISP can see the domain name (for example, orionprivate.com) because the DNS query that resolves the domain is typically unencrypted, and the TLS handshake itself includes the server name in plaintext. HTTPS hides the page you are on and the content you are viewing, but not the fact that you visited the site at all. To hide the domain, you need encrypted DNS (DoH or DoT) and Encrypted Client Hello (ECH).

HTTPS does not protect data after it reaches the server. TLS encryption covers data in transit. Once the data arrives at the server, it is decrypted and the server can read it. If you submit a form over HTTPS, the website operator can see exactly what you typed. This is client-to-server encryption, not end-to-end encryption. End-to-end encryption (like Signal or the PGP form on this site) means only the intended recipient can decrypt the data, not even the server that carries it.

HTTPS does not mean the website is trustworthy. A padlock means the connection is encrypted. It says nothing about who is on the other end. Phishing sites use HTTPS too.

Part IV: Where Encryption Stops Protecting You

This is the most important section in this post. Encryption is extraordinary technology. The math is sound. AES-256 will not be broken in your lifetime, your children's lifetime, or the lifetime of the sun. But encryption only protects what it covers. And the places where it does not cover you are exactly the places where real-world surveillance happens.

Metadata Is Not Encrypted ⚠ This is the most important concept in practical privacy
End-to-end encryption protects the content of your message. It does not protect the fact that you sent it, who you sent it to, when you sent it, how often you communicate, from what device, or from what location. This information, called metadata, is available to the service provider and, under legal process, to law enforcement.

As we documented in our messaging comparison, the FBI's own "Lawful Access" document shows that WhatsApp provides pen register metadata (source and destination of every message) every 15 minutes to law enforcement. The message content is encrypted. The metadata is not. And as the Natalie Edwards case proved, metadata alone was sufficient to identify and convict a federal employee. [7]

Former NSA Director Michael Hayden put it more bluntly. "We kill people based on metadata."
A Compromised Device Makes Encryption Irrelevant ⚠ CRITICAL
Encryption protects data in transit (between devices) and at rest (on disk). It does not protect data in use (on your screen, in your app's memory, after decryption). If your device is compromised by spyware like NSO Group's Pegasus, the attacker reads your messages after they are decrypted, directly from the screen and memory of your phone. It does not matter if you are using Signal with AES-256 and X25519 and disappearing messages. Pegasus reads the decrypted text, records your screen, activates your microphone, and exfiltrates everything. Google's Project Zero called one Pegasus exploit "the most technically sophisticated exploit we've ever seen." [8]

Similarly, forensic extraction tools like Cellebrite and GrayKey, used by law enforcement worldwide, can bypass device locks and extract data from phones, including messages from encrypted apps, if they gain physical access to the device. [9]

The encryption did not fail. The device did.
Your Phone Takes Screenshots of Everything ⚠ MED, most people do not know this happens
Both iOS and Android take automatic screenshots of your apps for the app switcher (the screen you see when you swipe up to switch between apps). These preview images are stored locally on the device. On iOS, these snapshots are taken every time you leave an app or switch to another one. They capture whatever was on screen at that moment, including the contents of encrypted messaging apps, passwords visible in a password manager, sensitive documents, and anything else displayed.

These snapshots are stored in the device's filesystem and can be extracted by forensic tools during a physical examination of the phone. Your encrypted Signal message that disappears after 30 seconds may live on indefinitely as a screenshot in the app switcher cache.

Signal addresses this with its "Screen Security" setting (Settings → Privacy → Screen Security on Android; Screen Lock on iOS), which blocks the operating system from capturing these previews. When enabled, Signal appears as a blank screen in the app switcher. Other messaging apps do not offer this protection. If you are using WhatsApp, iMessage, or Telegram and care about forensic extraction, there is no built-in mitigation for this.

For iPhone users facing elevated threat levels, Apple's Lockdown Mode (iOS 16+) reduces the attack surface significantly by disabling features commonly exploited by spyware, including certain iMessage attachment types, FaceTime from unknown callers, and shared albums. It is the most effective step an iPhone user can take against targeted surveillance short of switching to a dedicated security-focused operating system.
Cloud Backups Undo Encryption
As covered in our messaging comparison, if your encrypted iMessages are backed up to iCloud without Advanced Data Protection enabled, Apple stores the messages with the encryption key and hands both over under a search warrant. If your WhatsApp messages are backed up to Google Drive or iCloud without encrypted backup enabled, the content is stored unencrypted in the cloud.

The encryption worked perfectly. The backup defeated it. That is not a failure of the encryption but of the system design around it, and of the defaults that most users never change.
Operational Security (OPSEC) Is the Real Perimeter
Encryption is a tool. Operational security is the discipline of using that tool correctly within the full context of your threat model. The best encryption in the world does not help if any of the following is true.

You use a personal recovery email on your encrypted mail account (the Catalan activist case, where Proton Mail's encryption held but the recovery email led to identification via Apple). [10]

You pay for a privacy service with a credit card (the Stop Cop City case, where the FBI identified a Proton Mail user solely through payment metadata). [11]

You carry a phone full of ad-supported apps with location permissions enabled while the FBI is purchasing location data from commercial brokers (confirmed by FBI Director Kash Patel in Senate testimony, March 18, 2026). [12]

You discuss sensitive topics in a group chat where one participant has iCloud backup enabled. Your encryption is only as strong as the weakest device in the conversation.

Encryption protects the pipe. OPSEC protects everything around it. Serious adversaries rarely bother attacking the mathematics; they go after the person using it.

Quick Reference: What to Remember

Symmetric encryption (AES-256, ChaCha20):
Same key encrypts and decrypts. Fast. Used for the actual data. AES-256 is quantum-resistant. The NSA recommends it for classified data. A computer operating at the thermodynamic limits of physics would need 300,000 years to brute-force it even after Grover's quantum speedup.
Asymmetric encryption (RSA, ECC/X25519):
Two keys. Public encrypts, private decrypts. Slow. Used for key exchange and digital signatures. Vulnerable to quantum computers running Shor's algorithm. Will need to be replaced with post-quantum algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium) within the next 10 to 20 years. The "harvest now, decrypt later" threat is real. Data encrypted with RSA today could be stored and decrypted once quantum computers are available.
Hybrid encryption:
Every real-world system uses both together. Asymmetric for the handshake, symmetric for the data. HTTPS, Signal, WhatsApp, VPN tunnels, and Tuta Mail all work this way. Post-quantum migration means replacing the asymmetric handshake layer while keeping the symmetric data layer.
HTTPS:
Encrypts traffic between your browser and the server. Protects content in transit. Does not hide which domain you visit (use encrypted DNS for that). Does not protect data after it reaches the server (that requires end-to-end encryption). Does not mean the website is trustworthy.
Where encryption stops:
Metadata (who, when, how often) is not encrypted by most services. Compromised devices read messages after decryption. App switcher screenshots capture encrypted content. Cloud backups store encrypted messages unencrypted. Operational security failures (recovery emails, payment data, location tracking) expose you through channels encryption was never designed to protect. The mathematics holds; the weak points are the people and systems around it, and that is where your attention belongs.

References

  1. [1] Lov K. Grover, A Fast Quantum Mechanical Algorithm for Database Search, in Proceedings of the 28th Annual ACM Symposium on Theory of Computing 212 (1996).
  2. [2] Understanding Shor's and Grover's Algorithms, Fortinet, fortinet.com.
  3. [3] Markus Grassl et al., Applying Grover's Algorithm to AES: Quantum Resource Estimates, arXiv:1512.04965 (2015), arxiv.org.
  4. [4] Seth Lloyd, Ultimate Physical Limits to Computation, 406 Nature 1047 (2000), nature.com.
  5. [5] Kryptera, estimate of the quantum resources required to break AES-256 (2019). [Citation incomplete: see note.]
  6. [6] Nat'l Sec. Agency, Commercial National Security Algorithm (CNSA) Suite (recommending AES-256 for protecting classified information).
  7. [7] Fed. Bureau of Investigation, Lawful Access (Jan. 7, 2021) (obtained via public-records request by Property of the People), reported in Rolling Stone (Nov. 29, 2021).
  8. [8] Ian Beer & Samuel Groß, A Deep Dive into an NSO Zero-Click iMessage Exploit: Remote Code Execution, Google Project Zero (Dec. 15, 2021); see also securityweek.com.
  9. [9] Can the Government Read My Text Messages?, Digital Rights Bytes (Elec. Frontier Found.), digitalrightsbytes.org.
  10. [10] Lorenzo Franceschi-Bicchierai, Encrypted Services Apple, Proton, and Wire Helped Spanish Police Identify Activist, TechCrunch (May 8, 2024), techcrunch.com (Swiss legal process compelled Wire and Proton to disclose account metadata, including the recovery email, which led Apple to provide the user's name and address; message content remained encrypted).
  11. [11] Joseph Cox, Proton Mail Helped FBI Unmask Anonymous "Stop Cop City" Protester, 404 Media (Mar. 5, 2026), 404media.co (Proton Mail provided account payment data to Swiss authorities, who passed it to the FBI; end-to-end encryption protected message content, not the account metadata).
  12. [12] Jude Joffe-Block, Your Data Is Everywhere. The Government Is Buying It Without a Warrant., NPR (Mar. 25, 2026), npr.org.
  13. [13] Grover's Algorithm and Its Impact on Cybersecurity, PostQuantum.com, postquantum.com.
Policy Commentary

The FTC was never enough: how America's de facto privacy regulator was structurally outmatched long before it was dismantled

The Federal Trade Commission has been called America's de facto privacy regulator. For two decades its consent decrees against Google and Facebook were the closest thing Americans had to enforceable privacy law. In 2025 the President fired the agency's Democratic commissioners, deleted hundreds of enforcement-guidance posts, and the remaining commissioners began setting aside consent orders. The easy story is a working regulator destroyed by a hostile administration. The harder and truer one is that the strongest version of the FTC, as Congress built it, could not have protected American privacy, and that its most careful scholar, Chris Hoofnagle, documented the very limits that explain why, even as he defended it. This is the story of why the agency was never enough, on the commercial axis it was given and the government axis it never was, and what is left once even the weak version is gone.

D David
April 2026
Analysis
~28 min read
The United States has no federal privacy law. Where the European Union has the GDPR and independent regulators, the United States has a patchwork. HIPAA for health, FERPA for education, COPPA for children, and for everything else, the Federal Trade Commission. The FTC's privacy authority comes from Section 5 of the FTC Act, which bars "unfair or deceptive acts or practices." That is the whole of it. No privacy mandate, no general power to fine a privacy violation, no practical authority to write privacy rules. The role is not written into law. It is inferred from a commercial-fairness statute older than the data economy by a century. The FTC made this work through improvisation. Staff attorneys framed privacy cases as deception and settled them in consent decrees that bound Google, Facebook, and others for twenty years. It produced real results. It was also fragile and insufficient at the same time. Fragile because it depended on attorneys willing to push, economists willing to tolerate them, and commissioners willing to vote yes. Insufficient because the tools were never built for the job. This article makes that second, harder claim, and adds one more. Section 5 reaches commerce. It was never aimed at the government, which has quietly become one of the largest buyers of the data you generate. And running beneath both is a distinction the agency's whole history teaches. A promise protects you until someone decides otherwise. A constraint protects you until someone acts, in public, to remove it. The FTC could only ever police promises, and it was, in the end, only a promise itself.

Part I: Borrowed Authority

To understand why the FTC was never enough, begin with what it is. It is not a privacy agency that fell on hard times. It is an antitrust agency, created to fight monopoly, that improvised a privacy practice out of a fairness statute and a body of advertising law. The FTC's most careful scholar is also this article's principal source. The strongest defense of the agency and the strongest evidence against its adequacy sit on the same shelf, and reading them together is the method, not an accident. Everything that follows is a consequence of that origin, including, as it turns out, one route the agency might have taken and did not.

An antitrust agency, repurposed
Congress created the FTC in 1914 to fight the trusts and monopolies of the industrial economy. It had no consumer-protection mission at all until the Wheeler-Lea Amendments of 1938 broadened its mandate from "unfair methods of competition" to include "unfair or deceptive acts or practices." [1] Privacy is a small and recent entry on a long list. The agency polices some seventy laws, from false "dolphin-free" tuna labels to the sanctioning of boxing matches. Hoofnagle frames the FTC as a radical innovation of "creative syncretism," an agency built with many flexible tools so it could adapt to problems Congress could not foresee. [1] It was built to improvise. That is its genius. For privacy, it is also its defect since a regulator designed to be redirected can be redirected by anyone who holds it.

There is an irony worth carrying from the start. The harm at the center of the modern privacy problem is a problem of bigness, the very thing the FTC was born to fight. Louis Brandeis called concentrated economic power the "curse of bigness." Hoofnagle traces a straight line from that fight to the present, where advocates ask the FTC to police the power that comes from the aggregation of personal data. [1] The agency's original DNA contained a natural home for privacy. Whether it could reach the problem from that direction is a question Part IV returns to, with an answer from 2025.
A doctrine borrowed from advertising
Section 5 of the FTC Act, codified at 15 U.S.C. 45(a), supplies two tools. A practice is deceptive, under the 1983 Policy Statement on Deception, when a representation, omission, or practice is likely to mislead a consumer acting reasonably, and the matter is material. A practice is unfair, under the 1980 Unfairness Policy Statement that Congress codified in 1994 at Section 45(n), when it causes substantial injury that consumers cannot reasonably avoid and that is not outweighed by countervailing benefits. [5] Hold those two definitions in mind. The distance between them is the hinge of this story.

Hoofnagle's central doctrinal claim is that this authority is broader than most people realize, and that the FTC could go further on privacy than it has, drawing on its deep precedent in advertising. [1] Congress chose vague language in 1914 and again in 1938 so the statute could grow. But the same flexibility that let attorneys reach novel privacy practices also meant the agency's privacy law was built on the dynamics of false-advertising cases, which do not map cleanly onto the collection and sale of personal data. The authority was real. It was also secondhand. And it had a fixed boundary. Section 5 reaches commerce, which means it reaches companies and not the government. That boundary looks like a technicality here, but it becomes the whole point at the end.

Part II: Even at Full Strength

Set aside, for this section, the events of 2025 and the internal politics described later. Imagine the FTC as Congress built it, at its operational peak. Fully funded, bipartisan, staffed by committed attorneys, led by commissioners who wanted aggressive privacy enforcement. Two of the three limits below are congressional choices rather than agency failures, and the claim should be sized accordingly. It is not that no Congress could ever have built an adequate agency. It is that the agency Congress did build could not be made adequate by leadership, money, or will. Regardless of who led it, not regardless of what Congress might someday grant.

And be concrete about what adequate would mean, because a thesis that cannot fail is not worth defending. An agency equal to the data economy would need at least four things. The power to set rules in advance on practical timetables. A penalty that attaches to the first violation, not the second. A body of precedent that courts have ratified and would enforce against a future commission's change of heart. And reach to the largest non-commercial consumer of personal data, the government itself. That is the benchmark. Show that the FTC had these powers, or could have exercised them as built, and the argument of this article fails. None of this means the agency achieved nothing. It brought more than 150 privacy and security cases and shaped an industry's behavior, and Part V credits that record. The claim is that what it could achieve sat below the benchmark, at its peak as surely as at its trough.

It could not make rules
A regulator that cannot set rules in advance can only punish conduct after it happens, one company at a time. That is the FTC's position on privacy. To issue a binding trade-regulation rule it must use the Magnuson-Moss procedures under Section 18 of the FTC Act, which Congress made deliberately onerous in 1975 after the agency's attempt to ban children's advertising provoked a backlash. Those procedures add roughly twenty steps beyond ordinary notice-and-comment rulemaking, and they have historically taken the agency around six years to complete, against under a year for rules made under the Administrative Procedure Act. [5] Faced with that, the FTC stopped. As Hoofnagle records, the agency "has not sought to promulgate rules for privacy" and governs the field through case-by-case enforcement instead. [1]

The consequence is foundational because there is no FTC privacy rule that tells companies what they may and may not do before they do it. There is only the slow accretion of enforcement against firms that have already acted. An agency without rules set in advance is structurally reactive. It cannot prevent. It can only respond.
It could not punish a first violation
This is the single most damaging fact about the agency, and the least understood. For a first-time violation of Section 5, the FTC cannot impose a fine at all. Its remedy is a cease-and-desist order (a command to stop). Civil penalties become available only when a party later violates that order, or violates an existing trade-regulation rule, or breaches a specific statute that carries its own penalties, such as COPPA. [5]

This is why the famous privacy fines were never penalties for the underlying privacy abuse. Google's $22.5 million Safari fine in 2012 and Facebook's $5 billion fine in 2019 were both penalties for breaching consent orders that already existed, not for the original violations that produced those orders. The first privacy violation is, structurally, free. A company pays nothing for its first offense. It pays only if it is caught breaking the resulting decree. As Hoofnagle observed of the Google fine, a penalty that small relative to the company's revenue "created incentives for bad behavior by setting such a low penalty for intentional misbehavior." [2]

What little workaround existed was then taken away. For decades the FTC used Section 13(b)'s injunction power to obtain equitable monetary relief, restitution and disgorgement, directly in federal court. In AMG Capital Management v. FTC (2021), a unanimous Supreme Court held that Section 13(b) authorizes no such relief. [6] The Court was explicit that the question was not whether the power would be useful, only whether Congress had granted it. It had not, leaving the agency's monetary remedies narrowed to the routes Congress wrote. [10]

A fair reader will object that deterrence is not only money, and the objection deserves a full answer. Injunctions carry compliance costs. A decree brings twenty years of monitoring and assessments. An FTC investigation moves stock prices and makes headlines, and Solove and Hartzog argue that the settlement regime disciplined companies in exactly this way, functioning as law because firms treated it as law. [4] All of that is real, and it should be conceded. But notice what every one of those channels has in common. Each runs through the agency's continuing credibility, its willingness to investigate, to sue, to monitor, to be believed. Reputational deterrence is a prediction about what the agency will do next, and a prediction can be revised the moment the agency changes hands. The one form of deterrence that depends on no one's continuing will, a price fixed in advance for the first offense, is precisely the form the statute withholds. Monetary deterrence was not weak. It was structurally unavailable, and everything offered in its place was discretionary. That distinction is the seed of everything Part V harvests.
It could act only against a broken promise, and the promise model was already known to fail
Return to the two prongs of Section 5. Unfairness requires proof of substantial injury and an explicit weighing of costs against benefits. Deception requires neither. It requires only a misleading material representation. Because the agency's economists treated privacy injury as unmeasurable absent a market price, a framing the next section takes apart, the agency's privacy practice came to rest overwhelmingly on deception. That is, on catching companies breaking promises they had made. [2] The structural limit follows at once. A company that promised nothing had nothing to break. The most invasive practice, if it was never the subject of a representation, was often beyond reach. Platforms learned to exploit the gap. They paid app developers in user data while truthfully-enough denying that they "sold" it, conduct Hoofnagle showed was a sale by barter that the deception model could not easily touch. [9] The pattern is the point. The incentive worked, it simply rewarded the wrong thing, teaching firms to manage their representations rather than their collection, since a company that promised less had less it could be caught contradicting.

Worse, the promise-based model the FTC did build was shown not to work by the agency's own invited experts. In a 2006 submission to the FTC's Tech-ade hearings, Turow, Hoofnagle, Mulligan, and colleagues demonstrated that notice-and-choice rested on a fiction. The FTC had adopted only a truncated set of Fair Information Practices, notice, choice, access, and security, and dropped the load-bearing ones: collection limitation, purpose specification, use limitation, and accountability. The omission, they wrote, "led firms to collect extraneous information, and repurpose information without consumer consent." [3] And consumers could not police the gap themselves. Roughly 59% wrongly believed that the mere presence of a "privacy policy" meant a site would not share their data, and only 1.4% reported reading software license agreements thoroughly. [3] The entire apparatus was load-bearing on informed consumer choice that the research showed did not exist. This was on the record in 2006, a decade before the consent-decree era reached its peak.

The failure ran deeper than the survey data. Notice-and-choice did not merely protect privacy badly. It changed what privacy meant. In Katz v. United States the question was external to the individual: not what a person agreed to, but what forms of surveillance society was prepared to recognize as reasonable. Privacy was a limit imposed on power. [24] Notice-and-choice relocates the question inside the transaction. Did the policy disclose it, did the user accept, and if so the practice is legitimate. Privacy becomes a condition negotiated within power rather than a boundary drawn around it. The drift was not the FTC's invention, and it was not confined to commerce. The Fourth Amendment ran the same course in the third-party cases, holding that what a person knowingly exposes to a phone company or a bank loses protection, exposure converted into consent by other means. [24] The agency inherited a theory of privacy that was already migrating from constraint to permission, and built its enforcement model on the migrated version. That is worth holding onto, because the distinction returns at the end of this article under different names.
The fair objection: penalties were never the real instrument, and why it deepens the case
A reader who knows the agency will object that this measures it by the wrong tool. The FTC never governed mainly by fines, and Hoofnagle's own book insists on the point. Its power was normative and information-forcing. Through its Section 6(b) study authority it could compel industry to hand over what it would rather keep private, and the knowledge was itself a form of regulatory power, stripping away the opacity the data economy depends on. The same authority produced the 2024 staff report Part III returns to, in which the agency forced nine platforms to reveal the scale of a monetization its own economists had declined to count. [23] Through workshops, reports, and guidance it set the terms companies believed they had to meet. It established, case by case, that a firm needs substantiation before it may call a product "secure" or "private." This is the "creative syncretism" Hoofnagle admires, an agency that shaped the conversation far more than it ever punished anyone. [1] The objection is correct, and it should be conceded without reservation.

Concede it and the thesis grows stronger, not weaker, because a norm is the most fragile instrument the agency has. A consent decree at least binds for twenty years and takes a lawsuit to undo. Guidance binds nothing. It persists only so long as the agency keeps asserting it, and it evaporates the moment the agency stops. The FTC's best tool was also its least durable. That is not a hypothetical. As Part V shows, the 2025 Commission did not need to lose a case or repeal a rule to retract the agency's entire privacy posture. It deleted three hundred guidance documents in a single afternoon. An institution whose real power is the power to persuade is an institution whose power can be switched off without anyone going to court.

Part III: The Inner Struggle

Even the narrow, deception-based enforcement the FTC could perform had to survive an internal gauntlet. In "The Federal Trade Commission's Inner Privacy Struggle" (2017), Hoofnagle documented a dynamic most privacy advocates never saw, and in doing so identified the agency's single point of failure. He also, in separate work, supplied the economics that turns the dynamic from a curiosity into an indictment.

Economists who valued privacy at zero
Inside the FTC, every privacy and security case is assigned to a consumer-protection economist from the Bureau of Economics. The Bureau of Consumer Protection attorneys select and build cases. The economists evaluate them and recommend remedies. And the economists, Hoofnagle showed, systematically conclude that privacy violations cause no measurable harm, driving recommended penalties toward zero. [2]

The reasoning is internally coherent and, for privacy, corrosive. The Bureau does not believe a functioning market for privacy exists. Without a market price, it sees no basis to calculate consumer injury. When Google was fined for tracking Safari users it had promised not to track, an economist could regard even $22.5 million as too high, because no consumer had paid money for the privacy feature that was violated, and "any price on the tracking would be speculative." [2] Hoofnagle obtained the Bureau's training materials through a Freedom of Information Act request and found a reading list with, in his words, "a distinctly laissez faire bent," led by a paper from an industry-funded think tank. The substantial empirical literature on the welfare gains from privacy protection were of course absent. [2] Thus we can concluded the economists found what they were trained to find.

The demand that privacy injury be reduced to a dollar figure is not a command of the statute, but a frame. Section 5's unfairness prong asks about substantial injury, not about out-of-pocket loss, and Hoofnagle's recurring argument is that the cognizable-harm requirement the agency's critics press is a nineteenth-century common-law import that "does not exist anywhere in Title 15." [1] Privacy injury is real on its own terms. It is the loss of control over information, the transfer of power from the person to the firm, often zero-sum. To insist that it does not count until it can be priced is not neutral economics. It is the argument, dressed as arithmetic.
The economics the Bureau got backward
There is a stronger rebuttal still, and it comes from Hoofnagle himself, writing with the economist Jan Whittington. Their work applies transaction-cost economics to the "free" services at the center of the data economy. The finding is that a zero-price exchange is not the absence of a market. It is a particular kind of transaction, and an unusually costly one. [20]

Personal information, they argue, has asset specificity. As you pay a service with your data, you become bilaterally dependent on it, locked in, unable to leave without losing what you have built there. The exchange is not discrete, like buying a sandwich. It is continuous, and closer to a long-term service agreement with a counterparty that changes its terms and suffers its breaches over time. The costs are real, significant, and largely hidden from the consumer at the moment of the "free" exchange. [20] So the Bureau of Economics has it backward. It is not declining to price a market that does not exist but instead refusing to price a market that plainly does.

The Bureau's method treats the absence of a consumer-facing price as evidence that privacy harm is speculative. But the value had not gone missing. It was being recorded on the other side of the ledger. The agency's own study power proved as much. In 2024 the FTC's staff, compelling answers from nine of the largest platforms under Section 6(b), documented an industry built on collecting personal information and monetizing it at scale. [23] One arm of the agency measured what the other had declared unmeasurable. The careful version of the point stops there. Aggregation, network effects, and advertising infrastructure mean no one person's data carries a clean price tag, and this article claims no such valuation. The narrow claim is enough. Personal information was functioning as a productive input generating measurable revenue, and an economics that looked only for the consumer's out-of-pocket loss was not finding nothing. It was simply looking in the wrong place.

And the lock-in is not only a privacy harm. It is the moat. Zero price lets a platform grow quickly, capture network effects, and wall out competitors, which is why Hoofnagle and Whittington argue that "free" has to become part of how competition law understands platform power. Not even a well-built rival could pry users out of an arrangement they cannot exit. Hold that thought. It is the bridge to the FTC's other authority, and to the test 2025 ran on it.
The workaround, and the single point of failure
The attorneys adapted. Because unfairness invites the cost-benefit analysis the economists use to zero out harm, and deception does not, the lawyers learned to plead privacy cases as deception wherever a broken promise allowed it. "Deception cases receive much less economic attention," Hoofnagle noted. The Bureau of Economics cannot block a deception case the way it can challenge one brought in unfairness. [2] The agency's privacy enforcement was therefore built almost entirely on deception theory, routed deliberately around its own economists.

This worked because of a structural feature Hoofnagle catalogued with admiration. The FTC's organization gives staff attorneys broad autonomy in selecting matters, and its investigatory power is, in his phrase, "akin to an inquisitorial body" able to probe firms without a predicate offense. [1] He treated that insulation, staff discretion and the independence of the commissioners, as the agency's protection against political winds. But tt was also its single point of failure. The entire edifice depended on the lawyers controlling case selection. So long as they did, privacy enforcement happened. The moment that control could be taken from them, it would not. Hoofnagle identified the load-bearing wall and did not say, or perhaps did not expect, that someone could simply remove it.

Part IV: Settlements, Not Law

The instrument the FTC actually used, the consent decree, was understandable given its thin toolkit. But it had structural weaknesses that made it unsuitable as a durable framework, and the courts had begun exploiting them well before any administration did. The agency's older authority, antitrust, faced a doctrinal obstacle of its own, one which a court confirmed in 2025.

They produced law, but not the kind a court enforces
Here a distinction has to be drawn carefully, because it is easy to overstate. The consent decrees did not produce no law. As Daniel Solove and Woodrow Hartzog showed, and Hoofnagle, who commented on their work, agrees, they produced a great deal of it. A "new common law of privacy" that companies treated as binding and organized their practices around, the broadest regulating force on information privacy in the country. [4] On their account the regime was not merely symbolic. It worked, in the sense that firms hired the lawyers, built the compliance programs, and behaved as if the FTC's settlements were precedent. The defect is more specific, and it is the one their own evidence exposes. After more than fifteen years of enforcement there was, in their words, "no meaningful body of judicial decisions to show for it," because the cases nearly all settled. [4] The agency built a common law without precedent. Norms that governed behavior but that no court had ever ratified. Hoofnagle made the same point from inside. Few firms challenge the FTC, so the wrongness of a practice "is simply declared in a complaint and consent decree agreed to by the respondent." [2]

That is the vulnerability. A common law that no court has entered is binding only by convention, and convention can be abandoned. Van Eijk, Hoofnagle, and Kannekens note that "the contours of the FTC Act are unclear," because the agency rarely explains in detail why a practice is unfair or deceptive. [11] That ambiguity was an asset while the agency expanded. It let attorneys reach new conduct. It became a liability the moment leadership chose to contract, because there was no judicial precedent to overrule, and so nothing to stop. You can walk away from a common law of your own making far more easily than a court can walk away from its own decisions.
They depended on continuous will, and the courts narrowed them
The judiciary then made the underlying authority shakier still. In LabMD v. FTC (2018), the Eleventh Circuit vacated an FTC data-security order because its command to maintain a "reasonable" program was too vague to enforce. [7] The vagueness traces straight back to Part II. With no power to write a data-security rule in advance, the agency had only the open-ended language of unfairness to act on, and the order it produced was open-ended in turn, a command to be "reasonable" that no court could police. The inability to make rules does not just leave the agency reactive. It comes back to undercut the enforcement that was supposed to stand in for rules. Three years later AMG removed the agency's principal route to monetary relief. [6] The erosion of the consent-decree model was underway, in the courts, before the executive touched it. And as 2025 would show, the FTC can now do more than fail to enforce a decree. It can affirmatively undo one.
They arrived after the damage was done
Hoofnagle identified the timing problem as acute in the platform economy. "Remedies are unlikely to be effective by the time the FTC gets involved, investigates a case, and litigates it," he wrote. The delay "gives respondents time to establish their platform and shut out competitors." [2] Both Facebook and Google ran a form of bait and switch. They attracted users with privacy promises, then relaxed them once network effects made leaving impractical. By the time a decree issued, the platform was dominant, the competitors were gone, and the order governed yesterday's practice while the data economy moved on. An enforcer that can only act years after the fact is not a constraint on a fast-moving industry but a historian of it.
The competition route, and what 2025 illustrated ⚠ The agency's founding power, tested in court
If Section 5 consumer protection was the wrong tool, what about the agency's older one? The deepest privacy harm, as Part III showed, is a competition harm. Lock-in, the moat, the foreclosure of rivals. That is antitrust territory, the FTC's founding mission and the natural home its own DNA suggested. So the real question is whether the agency could reach platform power through its competition authority where its privacy authority fell short.

The doctrinal obstacle comes first, because it does not depend on any single case. American antitrust asks, at bottom, whether a firm can raise price above the competitive level. So a zero-price product confounds that question at the root, which is the Whittington point. [20] The harm the price-centric framework cannot see is the very harm the zero-price model is built to create. Scholars are working to widen the lens, measuring rivalry in quality or attention rather than price, but those efforts remain contested and, as Meta would show, have not yet reliably gripped the platform problem.

The FTC pressed the theory anyway, suing to unwind Meta's acquisitions of Instagram and WhatsApp, and in November 2025 the court ruled for Meta. The agency had proposed a narrow market it called personal social networking, Facebook, Instagram, Snapchat, and a minor player, and the court held it had to include TikTok and YouTube, whereupon Meta's share fell below monopoly levels. [21] Notice what the rivalry was measured in. Not price, because users pay none, but time and attention, possibly the only currency a zero-price market leaves a court to count. That is the doctrinal obstacle surfacing inside the ruling itself. With no price to discipline the boundary, the market could be drawn narrow or broad with equal plausibility, and a dominant firm needs only to point at anything competing for the same eyeballs to widen it past the point of monopoly. So without a price to anchor it, the market definition was always going to be soft enough to lose on.

The FTC has appealed, and care is owed about what one district-court loss can prove. The market may have been framed badly, the appeal may succeed, and the industry genuinely changed across the five years the case ran, so some of the loss is that and nothing deeper. But a single ruling is not a structural verdict, and this article does not offer it as one. It offers it as the doctrine operating in plain view, a court looking at the dominant platform of the zero-price economy and, with no price to measure, falling back on attention metrics soft enough to lose on. On the axis the agency was born for, its tools fit the platform problem no better than its borrowed ones did, and for the same reason. They were built to see prices.

Part V: 2025 as the Test

Hoofnagle's 2017 essay closed with a prediction, and it deserves to be read alongside what he wanted. He expected the Bureau of Economics to gain influence under a Trump administration, pushing cases toward the unfairness theory and blunting the lawyers' expansion of privacy norms. He was right about the direction. But his own prescription, in the same body of work, was to strengthen the agency. To bring the economists onto the pro-privacy side, and to defend the FTC against an "ideological movement intent on disassembling the administrative state" that he warned was "more radical than their sponsors understand." [1] What happened in 2025 was not the internal rebalancing he predicted. It was the movement he warned about, arriving in power.

What Hoofnagle predicted
The Bureau of Economics would gain influence over case selection, not merely evaluation. The unfairness framework, with its substantial-injury requirement and its cost-benefit balancing, would become the favored theory. And that shift would make privacy cases harder to bring, because the economists would demand demonstrated harm their own methods were built to find nonexistent. Privacy enforcement would contract, in this account, not because the law changed but because the internal balance of power did. The prediction assumed one thing above all. That the institution itself would remain intact, and that the contest would still be fought inside the agency, by its own staff, under its ordinary procedures.
What happened: the 2025 restructuring ⚠ This went beyond what Hoofnagle predicted
In January 2025 Andrew Ferguson, no relation to the legal scholar Andrew Guthrie Ferguson, became FTC Chairman. In a leaked memo to the incoming administration he had emphasized repealing "burdensome regulations," ending "novel and legally dubious consumer protection cases," and halting the agency's attempts to regulate AI, positioning himself as a Trump-aligned chairman willing to remove uncooperative staff. [12] In February he installed Christopher Mufarrige atop the Bureau of Consumer Protection, signaling a retreat from the expansive Section 5 unfairness of the prior era.

In March, President Trump fired the two Democratic commissioners, Alvaro Bedoya and Rebecca Kelly Slaughter, leaving only two Republicans. Bedoya, in his own characterization of the move, said the President had illegally removed him and wanted the FTC to serve his allies. Both former commissioners sued to challenge their removal. [13] The same day, the agency removed more than three hundred blog posts from the prior administration, including guidance on consumer protection, AI compliance, and privacy enforcement, without formal explanation. [14] Read against the agency's real mode of power, that deletion is not a footnote. Guidance was the instrument. The agency disarmed itself of its most-used weapon in an afternoon, and needed no court's permission to do it.

Then, in December 2025, the FTC reopened and set aside its own consent order against Rytr, a generative-AI company, an order issued under former Chair Lina Khan over Ferguson's dissent. This was initiated by the Commission itself, not the respondent. It cited the administration's AI Action Plan and declared that the original complaint "failed to satisfy the legal requirements of the FTC Act." [15] The significance is not about AI. If the FTC can vacate a finalized consent order at the direction of the White House, then the entire enforcement model, attorneys selecting cases, economists evaluating them, decrees binding for twenty years, becomes contingent on political alignment rather than legal process.
Beyond prediction: the insulation failed
Hoofnagle predicted a shift within the agency's structure. What occurred was the removal of the structure's protections. The feature he identified as the FTC's shield against political winds, staff autonomy in case selection and the independence of the commissioners, is precisely what 2025 overrode. This is not the Bureau of Economics winning an internal argument, they simply eliminated the argument.

The distinction is the whole point of this article. In Hoofnagle's model the attorneys could still select cases, still plead deception, still push privacy norms against internal resistance. The machinery, however flawed, let them act, and they brought more than 150 privacy and security cases and extracted decrees from Google, Facebook, Twitter, and Microsoft. [2] That those outcomes were possible was a testament to the people inside. That they could be stopped so quickly is a testament to the structure those people were working inside. With two aligned commissioners, no case proceeds without unanimity. With a consumer-protection bureau redirected toward "tangible" rather than "speculative" harm, the case-selection power that was the lawyers' primary lever is narrowed. And with consent decrees now subject to White House-directed review under the AI Action Plan's mandate to reexamine "all FTC final orders, consent decrees, and injunctions," the central instrument is no longer durable. [16]

Conclusion: Promises vs. Constraints

It is tempting to read the record as a single descending staircase. Solove and Hartzog in 2014, Hoofnagle in 2016, LabMD in 2018, AMG in 2021, Meta and the dismantling in 2025. That would be the wrong lesson, and Hoofnagle's own history of the agency is the corrective. The FTC's power has always moved in cycles. It was nearly abolished in the late 1970s. The press branded it a "National Nanny" after it tried to ban children's advertising. An angry Congress let its funding lapse and saddled it, in punishment, with the cumbersome rulemaking procedures it still labors under today. And it recovered, to become the most important privacy regulator in the world. The trough is not new, and this one too may pass. What does not move with the cycle is the ceiling. At the bottom of the cycle and at the very top of it, the agency still could not fine a first violation, still could not write a privacy rule, still built no precedent a court would enforce, still reached only commercial actors and not the state, and still rested on a discretion that could be redirected. Its competition authority faced its own doctrinal ceiling. "Never enough" is a claim about those ceilings, not about the current low. The politics will cycle back. The ceilings move only by statute, and no statute is moving.

What does not change with the cycle, and the institutional answer worth taking seriously
An agency that cannot fine a first violation, cannot practically make rules, builds no precedent a court will enforce, can act only against a promise a company chose to make, reaches commercial actors but not the government, and whose most-used instrument can be deleted in an afternoon was structurally short of the benchmark Part II set, regardless of who led it.

Hoofnagle saw the ceiling himself, and his answer deserves a fair hearing, because it is not the one this article ends on. His most striking concession is that modern information problems may not be policeable by an enforcement agency at all. The model he gestures toward instead is supervisory. Continuous oversight of the kind bank examiners and the Consumer Financial Protection Bureau perform, with standing access, regular audits, and the power to correct practices before they harm anyone, rather than lawsuits filed years after the fact. [1] That is a serious proposal, and it answers much of what is broken above. Supervision does not wait for a broken promise. It does not need a first-violation penalty to bite. It sets expectations in advance, which is the thing rulemaking cannot practically do. If the institutional path has a future, this is probably it, and it should be built.

But notice what supervision still rests on. An examiner corps reports to a chair. A supervisory mandate is granted by Congress and can be narrowed by it. Standing access lasts only as long as the political will to keep the door open. The supervisory model is better than the enforcement model. It does not escape the vulnerability that defines all of this. It still depends on who holds the institution. Here a qualification is owed, because the point is easy to overstate. Plenty of institutions outlast their occupants. Courts are bound by their own precedent. Central banks are anchored by statute and by what markets expect of them. The civil service has tenure protections that, at least until recently, held. The FTC's privacy regime had none of those anchors. It was discretion all the way down, cases the staff chose to bring, theories the commissioners chose to vote for, guidance the agency chose to keep asserting. An institution whose power is the exercise of discretion is only ever as durable as the will of whoever currently holds the discretion, and a privacy regime that rests entirely on that will rests on sand. Hoofnagle's prescription was repair, and he was right that the agency should be strengthened, its economics modernized, its critics answered, its burden shared. The decade since delivered the hollowing instead. So the lesson is not that institutions do not matter. They do, and the reform and the funding and the restoration of a bipartisan commission should all happen. The lesson is narrower, and it is about which kinds of institutional power survive a change of hands.
What remains: the partial fixes
States have moved into the vacuum. California's CCPA defines "sale" to include the barter arrangements Hoofnagle described, and Texas has brought actions against the sale of driving data without consent. [17] These efforts are real but fragmented, limited by jurisdiction and exposed to federal preemption if Congress ever passes a privacy statute with a preemption clause. At the federal level the legislative vehicles remain stalled. The Government Surveillance Reform Act and the Fourth Amendment Is Not For Sale Act would close pieces of the gap, but neither has passed, and no comprehensive federal privacy statute is on the horizon. [18] A patient observer can hope for any of these. None of them is operative today. And all of them share the FTC's defining vulnerability. They depend on who holds office.

Notice what every candidate so far has been measured against. Not whether it would work, but whether it would last. The failure of the FTC does not prove that any successor is sufficient, and this article will not claim one is. What the failure identifies is a criterion. A privacy protection worth building must survive a change of hands. Legislation can meet it, if it passes and stays passed. Supervision can meet it, if its mandate holds. The next sections turn to the candidate that meets it by default rather than by ongoing political effort, and test how far that property actually extends.
Promises, constraints, and who carries the burden
Let's start with the objection this article has to answer, because it is the first one a careful reader will raise. Part II argued that notice-and-choice failed because individuals cannot protect themselves. They do not read the policies, cannot price the risk, and only a thin and privileged slice ever becomes adept. It would be incoherent to establish that and then close by telling the reader to go install the right apps. That is the same fallacy in new dress. It puts the burden back on the individual, and it sorts protection by sophistication and income, handing real privacy to the people who least need help and leaving everyone else where notice-and-choice left them. Hoofnagle's own survey work is the rebuke. Public passivity about privacy is a knowledge problem, not apathy. [3] People do not fail to protect themselves because they do not care. They fail because the system is built so that caring is not enough.

So the architectural argument has to be made one level up from consumer choice. The distinction that matters is between a service that promises not to misuse your data and one that cannot reach it. A privacy policy is a promise the company may revoke. A zero-knowledge design is a constraint it cannot. But the conclusion is not "choose the constrained tools." It is that the constraint should be the property the product is built with, not the upgrade a sophisticated user hunts for. The default that ships in the box. The floor a procurement contract or a future privacy statute requires. The standard a regulator would set if it could still set rules.

And here an honesty is owed about the airbag, because the comparison cuts against the easy version of this argument. Airbags did not become standard because drivers demanded them or because manufacturers volunteered them. They became standard because a federal regulator ordered them, and only after years of crash data, advocacy, and industry resistance had run their course. Transport encryption spread across the web through standards bodies and, after 2013, because the large platforms found deploying it commercially useful. Google's QUIC protocol is the cleanest case: it shipped encryption on by default not as a favor to users but because doing so sped up the web it monetizes and kept control of the protocol in its own hands, the privacy benefit and the business benefit being the same feature. Constraint at scale has so far arrived through mandate or through corporate self-interest, which is to say through exactly the political and market forces this article has spent its length distrusting. Architecture does not escape politics at the moment of adoption, and pretending otherwise would repeat the overclaim this article was written to correct. The claim has to be narrower. What architecture changes is not how protection arrives. It is how protection persists once built, and what it costs to remove. The sections below state that claim precisely and then test it.
The half the agency never faced
There is a second sense in which the FTC was never enough, and it is the more important one. Set aside every commercial failure named above and imagine them all fixed. A perfectly funded agency, with rules, with penalties, with a supervisory corps. It would still reach only companies. Section 5 governs commerce. It says nothing about the government, and the government has become one of the largest consumers of the data your devices produce. The state does not need to break into your phone when it can buy your location history from a broker or serve a subpoena on the company that already holds your messages. The Supreme Court's Carpenter decision requires a warrant for location records compelled from a carrier. It says nothing about records bought on the open market, and agencies noticed, purchasing from brokers what they could not demand without process. [18] Every privacy statute in the American patchwork carves out law enforcement. So the data you generate sits with companies the FTC could in theory discipline, and flows onward to a government the FTC was never built to touch. This is the subject of a companion essay, on the data the government simply buys. It is named here because no honest account of the agency's limits can leave it out. The FTC was never enough on the commercial axis. On the government axis it was never even present.

This is where architecture earns its place, because it answers both halves with one move. A provider that holds no keys cannot be compelled to surrender what it cannot read, cannot be breached into data it never possessed, cannot sell to a broker what it never collected, and cannot quietly relax a setting to expose you, the way Facebook altered its users' privacy in 2009 while a consent decree was in force. Against a sale and against a subpoena, the protection that persists regardless of who is in office is the one written into the design.
The honest limits of the answer
A confession about method comes first, because a careful reader will have noticed the pattern. This article has used Chris Hoofnagle as the scholar who defended an institution while documenting the limits that undid it. An essay that then champions architecture while listing its limits is running the same shape of argument, and it earns the right to do so only by sizing the claim to fit the limits rather than the other way around. So state the limits in full, and let the claim be whatever survives them.

The first limit is that architecture is itself regulated. It is not outside politics. Governments have tried to control it for thirty years and are trying now. The Clipper chip of the 1990s was a key-escrow mandate in hardware, and its logic survives its failure, resurfacing in recurring lawful-access proposals and in client-side scanning schemes that would inspect content on the device before encryption ever applies, escrow relocated to the endpoint. The cryptography export fights of the 1990s and the wiretap mandates of CALEA belong to the same lineage. And in January 2025 the United Kingdom, under the Investigatory Powers Act, served Apple a secret notice demanding access to end-to-end encrypted iCloud data. Apple withdrew its Advanced Data Protection feature from British users rather than comply. [19] The math did not save the feature. But notice how it failed, because that is the realistic claim for architecture. A zero-knowledge design cannot be compromised in secret. The provider holds no key to hand over quietly. To break it, the state had to issue a written order, and when the order surfaced it produced a public dispute across two governments and a fight in a surveillance tribunal. A promise can be broken in a settings update no one reads. A constraint can be overridden only out loud, where it can be seen, named, and contested.

The second limit is that architecture protects some things and not others, and the difference is exactly the kind of line that decides cases. End-to-end encryption protects the content of what you say. It does not protect the metadata around it unless the design also minimizes that, and most services keep a great deal of it. Who you messaged, and when, is often reachable even when the message body is not. Encryption at rest does nothing once the device itself is seized or hacked, because the endpoint is where the data sits in the clear. And the protection runs up against compulsion. Courts remain divided on whether the Fifth Amendment lets the state force you to unlock a device, the All Writs Act has been pressed to conscript manufacturers into helping, and the border-search exception lets agents inspect devices on little or no suspicion. [22]

So state the claim precisely, because the precise claim is the one that survives scrutiny. Architecture does not put protection beyond politics. Nothing does. Its adoption depends on mandates and markets, its scope stops at metadata and the endpoint, and a determined state can legislate against it. What it changes is the default state of the world and the cost of reversal. A guidance document dies by deletion, a consent decree by a commission vote, an enforcement posture by an election, each of them quiet, cheap, and fast. A deployed constraint dies only by an affirmative public act, a law passed, an order served, an update forced, each of them visible, contestable, and slow. Architecture moves specific data, your content, beyond casual reach, and forces everything else into the open. It does not place you beyond the state. It changes what the state must do, and how visibly it must do it, to reach you.

That is the whole argument in a line. The protection that survives a change of administration is not the one beyond the state's reach, because nothing is. It is the one the state must act in public to remove, provided we insist it be built in for everyone and stay honest about what it covers. The math does not change with the administration. But the math was never the whole of it, and saying so is what makes the case worth trusting.

References

  1. [1] Hoofnagle, C.J., Federal Trade Commission Privacy Law and Policy (Cambridge University Press, 2016). See esp. Introduction and ch. 1 (history, "creative syncretism," the Brandeis "curse of bigness" lineage and the call to police data aggregation), ch. 4 (organization, staff autonomy, investigatory power), ch. 5 (unfair and deceptive practices, authority "broader than many realize," no privacy rulemaking), and ch. 12, "Strengthening the FTC and protecting privacy" (Bureau of Economics reform, supervisory oversight, "the FTC has to share the responsibility to protect privacy").
  2. [2] Hoofnagle, C.J., "The Federal Trade Commission's Inner Privacy Struggle," in The Cambridge Handbook of Consumer Privacy (E. Selinger, J. Polonetsky & O. Tene, eds., Cambridge University Press, 2018). SSRN 2901526 (working paper posted 2017). | ssrn.com
  3. [3] Turow, J., Hoofnagle, C.J., Mulligan, D.K., Good, N. & Grossklags, J., "The FTC and Consumer Privacy in the Coming Decade" (FTC Tech-ade Workshop, Nov. 8, 2006). On the truncated Fair Information Practices, the failure of notice-and-choice, and passivity as a knowledge problem rather than apathy.
  4. [4] Solove, D.J. & Hartzog, W., "The FTC and the New Common Law of Privacy," 114 Columbia Law Review 583 (2014). SSRN 2312913. Hoofnagle served as a commenter on this work at the 2013 Privacy Law Scholars Conference.
  5. [5] Federal Trade Commission Act Section 5, 15 U.S.C. 45; FTC Policy Statement on Deception (1983); FTC Policy Statement on Unfairness (1980), codified at 15 U.S.C. 45(n) (1994); Magnuson-Moss Warranty-FTC Improvement Act (1975), FTC Act Section 18, 15 U.S.C. 57a (rulemaking procedures). On the comparative burden and duration of Magnuson-Moss and ordinary APA rulemaking, Lubbers, J.S., "It's Time to Remove the 'Mossified' Procedures for FTC Rulemaking," 83 George Washington Law Review 1979 (2015).
  6. [6] AMG Capital Management, LLC v. FTC, 593 U.S. 67 (2021) (unanimous; FTC lacks authority to obtain equitable monetary relief under Section 13(b)).
  7. [7] LabMD, Inc. v. FTC, 894 F.3d 1221 (11th Cir. 2018) (vacating an FTC data-security order as impermissibly vague).
  8. [8] Hoofnagle, C.J., "Post Privacy's Paternalism," in Informationsfreiheit und Informationsrecht: Jahrbuch 2011 (A. Dix, G. Franssen, M. Kloepfer & P. Schaar, eds., Lexxion, 2012). SSRN 2468322.
  9. [9] Hoofnagle, C.J., "Facebook and Google Are the New Data Brokers," Cornell Digital Life Initiative, Critical Reflections (Dec. 18, 2018). | dli.tech.cornell.edu
  10. [10] On the FTC's monetary-remedy structure after AMG: Congressional Research Service, "AMG Capital Management v. FTC" (LSB10596, Apr. 2021); CRS, "Unfair or Deceptive Acts or Practices (UDAP) Enforcement Authority Under the FTC Act" (IF12244, Nov. 2022).
  11. [11] Van Eijk, N., Hoofnagle, C.J. & Kannekens, E., "Unfair Commercial Practices: A Complementary Approach to Privacy Protection," European Data Protection Law Review 3/2017.
  12. [12] Alston & Bird, "First 100 Days: Federal Privacy and Cybersecurity Regulation and Enforcement Under the Second Trump Administration" (May 2025). | alston.com
  13. [13] CNN, "Trump fires Democratic FTC commissioners" (Mar. 2025); PBS NewsHour interview with Commissioner Bedoya (Mar. 2025); The Record, "Trump admin's removal of FTC commissioners could shift privacy efforts" (Mar. 2025). | therecord.media
  14. [14] Goodwin, "Trump 2.0 Tech Policy Rundown: 100 Days In" (May 2025), noting deletion of 300+ blog posts. | goodwinlaw.com
  15. [15] FTC, "FTC Reopens and Sets Aside Rytr Final Order in Response to the Trump Administration's AI Action Plan" (Dec. 22, 2025). | ftc.gov
  16. [16] Reed Smith, "Rewriting Rytr: The FTC Sets Aside a Final Order" (Dec. 2025), noting the AI Action Plan's directive to review "all FTC final orders, consent decrees, and injunctions." | reedsmith.com
  17. [17] WilmerHale, "Year in Review: The Top Ten US Data Privacy Developments from 2025" (Jan. 2026); Perkins Coie, "Privacy Law Recap 2025: FTC Enforcement" (Jan. 2026). | wilmerhale.com
  18. [18] NPR, "Your data is everywhere. The government is buying it without a warrant" (Mar. 25, 2026); Government Surveillance Reform Act (introduced Mar. 13, 2026); Fourth Amendment Is Not For Sale Act. On compelled versus purchased records, Carpenter v. United States, 585 U.S. 296 (2018) (warrant required for cell-site location records compelled from a carrier).
  19. [19] On the UK's Investigatory Powers Act order and Apple's response: BBC and Washington Post reporting (Feb. 2025); Electronic Frontier Foundation, "The UK Is Still Trying to Backdoor Encryption for Apple Users" (Oct. 2025). Apple withdrew Advanced Data Protection for UK users rather than build a backdoor. Earlier US analogues: the Clipper chip (1993 to 1996), cryptography export controls, and the Communications Assistance for Law Enforcement Act (CALEA, 1994). | eff.org
  20. [20] Hoofnagle, C.J. & Whittington, J., "Free: Accounting for the Costs of the Internet's Most Popular Price," 61 UCLA Law Review 606 (2014); Whittington, J. & Hoofnagle, C.J., "Unpacking Privacy's Price," 90 North Carolina Law Review 1327 (2012). Transaction-cost economics applied to "free" services: personal information has asset specificity, the exchange creates lock-in, and zero price functions as a barrier to competition.
  21. [21] FTC v. Meta Platforms, Inc., No. 1:20-cv-03590 (D.D.C. Nov. 18, 2025) (Boasberg, J.) (ruling for Meta; FTC failed to prove current monopoly power, rejecting its proposed "personal social networking" market of Facebook, Instagram, Snapchat, and MeWe and holding the relevant market must include TikTok and YouTube, whereupon Meta's share fell below monopoly levels). FTC notice of appeal filed Jan. 2026. | ftc.gov | ftc.gov
  22. [22] On architecture's limits against compelled process: the split over Fifth Amendment compelled decryption and the "foregone conclusion" doctrine; the All Writs Act, invoked in the 2016 In re Apple (San Bernardino) dispute; and the border-search device exception. General legal background, not a single source.
  23. [23] FTC, "A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services" (Staff Report, Sept. 19, 2024), based on Section 6(b) orders issued in December 2020 to nine social media and video streaming companies; the accompanying release describes platforms that "engaged in vast surveillance of consumers in order to monetize their personal information." | ftc.gov
  24. [24] Katz v. United States, 389 U.S. 347 (1967) (Harlan, J., concurring) (reasonable-expectation framework). On the third-party doctrine's exposure logic, United States v. Miller, 425 U.S. 435 (1976); Smith v. Maryland, 442 U.S. 735 (1979).

Updated June 2026. Since publishing I have kept turning the argument over from different angles, the economics of personal data as a productive input, the older question of who gets to define privacy in the first place. This revision folds those connections in and narrows a few claims I had stated too broadly. The thesis is unchanged.

Investigative Report

The FBI director used Gmail. Iranian hackers read his email for years.

On March 27, 2026, an Iranian state-linked hacking group published over 300 emails, personal photographs, and documents from the personal Gmail account of FBI Director Kash Patel. The FBI confirmed the breach. The emails were not obtained by breaking Google's encryption or exploiting a zero-day vulnerability. They were obtained because the director of the Federal Bureau of Investigation kept a personal Gmail account that had been exposed in prior data breaches, and apparently did not take the steps necessary to prevent reuse of those credentials. This story is not about some sophisticated and coordinated cyberattack, but one about the gap between what people assume their email protects and what it actually does.

D David
March 28, 2026
Investigative Report
~10 min read
Last verified: March 28, 2026
The head of the FBI had his personal email hacked. Not his classified systems nor the Bureau's internal network. His personal Gmail. The account contained emails dating from 2010 to 2022 ranging from personal photos, travel receipts, family correspondence, apartment leasing inquiries, tax-related messages, and at least one email from 2014 in which Patel appears to have used his Department of Justice email to send himself a link, copying both his FBI address and his personal Gmail.(cite) The breach was claimed by Handala Hack Team, an Iranian state-linked group that the U.S. Department of Justice has formally accused of operating on behalf of Iran's Ministry of Intelligence and Security (MOIS). Cybersecurity researchers believe the compromise likely predates 2026 and that the hackers were sitting on the material, waiting for a strategically useful moment like war to release it. The Gmail address Handala claimed to have accessed also matches an address linked to Patel in previous data breaches cataloged by the dark web intelligence firm District 4 Labs. (cite) This article examines what happened, how it likely happened, why Gmail's architecture made it possible, and what the incident means for anyone who still uses a mainstream email provider for anything they would not want published on the internet.

What Happened

The Breach
On March 27, 2026, the Handala Hack Team published a cache of files on its website claiming to have breached the personal email of FBI Director Kash Patel. The release included personal photographs of Patel, a resume, and a sample of over 300 emails spanning 2010 to 2022. The emails contained personal, family, business, and travel correspondence, including flight and hotel receipts, apartment leasing inquiries in Washington D.C., tax-related messages, and photos exchanged with family members. [1] [2]
Confirmation
The FBI confirmed the breach in an official statement. "The FBI is aware of malicious actors targeting Director Patel's personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information." TechCrunch independently verified that at least some of the leaked emails were from Patel's Gmail account by confirming information contained in the message headers. CNN confirmed the authenticity of the images with a source familiar with the incident. [2] [3]
The Cross-Contamination ⚠ HIGH, this is the detail that matters most for operational security
NBC News reported that in one email from 2014, when Patel worked in the Department of Justice's National Security Division, he appears to have used his official DOJ email to send himself a link, copying both his FBI address and his personal Gmail. This means a single compromised Gmail account could expose not only personal correspondence but also reveal official government email addresses and demonstrate the habit of bridging personal and professional communications through a consumer email service with no end-to-end encryption. [4]
Who Is Handala
Handala Hack Team presents itself as a pro-Palestinian vigilante hacking collective. Western cybersecurity researchers and the U.S. Department of Justice consider the group to be a front for Iran's Ministry of Intelligence and Security (MOIS). The DOJ formally accused MOIS of operating the Handala group. Earlier in March 2026, the group claimed responsibility for a destructive cyberattack against medical device company Stryker that reportedly wiped tens of thousands of employee devices. The FBI responded by seizing several Handala-operated domains on March 19, 2026. Handala stated the Patel release was retaliation for that seizure. [5] [6]
The Timing
Cybersecurity researchers believe the actual compromise occurred well before the March 2026 publication. Alex Orleans, head of threat intelligence at Sublime Security, told NBC News that the release appeared to be material the group had been holding. "Looks like something they had sitting around. Iranian actors sit on all kinds of odds and ends for a rainy day." The metadata from the leaked files indicates they were last organized on May 21, 2025. Patel was informed in late 2024, before becoming FBI director, that he had been targeted by Iranian hackers and that some of his personal communications had been accessed. That earlier incident was part of a broader campaign targeting incoming Trump officials including Deputy Attorney General Todd Blanche and Donald Trump Jr. [3] [4]

How It Likely Happened

No technical details about the method of compromise have been officially confirmed. But the available evidence points clearly in one direction, and it is not a sophisticated one.

The Gmail Address Was in Prior Data Breaches ⚠ CRITICAL, this is almost certainly the entry point
Reuters reported that the personal Gmail address Handala claims to have breached matches an address linked to Patel in previous data breaches cataloged by the dark web intelligence firm District 4 Labs. This means Patel's email address and potentially an associated password were already circulating in breach databases available on criminal marketplaces. [1]

The most probable attack vector is credential stuffing. The hackers obtained Patel's email and password from an older breach, tested it against Gmail, and found it still worked, either because the password had not been changed or because a similar password was in use. This is not speculative. It is the most common method by which Gmail accounts are compromised, and it is exactly how John Podesta's Gmail was accessed in 2016.
No Evidence of a Gmail Infrastructure Breach
Google's servers were not compromised. This was not a failure of Gmail's infrastructure. It was a failure of account-level security on a consumer email service. The distinction matters. Gmail encrypts data in transit (TLS) and at rest on its servers, but Google holds the decryption keys. If an attacker obtains valid credentials, they have the same access Google does. They can read every email, download every attachment, and browse every conversation, because Gmail is not end-to-end encrypted. The attacker does not need to break any encryption. They log in as the user.
The Likely Kill Chain
Step 1: Obtain the target's email address and associated password from a prior breach database. These are commercially available on dark web marketplaces for very little money.

Step 2: Test the credentials against Gmail. If the password was reused or never changed (which is often the case), the login succeeds. If two-factor authentication is not enabled, the account is open.

Step 3: Access the account, download the full email archive using Google Takeout or IMAP, and exfiltrate everything. Google's own export tools make this trivial once you are authenticated.

Step 4: Encrypt and store the data. Wait for a strategically useful moment. Release it for maximum impact.

Reuters described the breach as "relatively unsophisticated," consistent with the type of low-level hack that U.S. intelligence assessments predicted from Iranian proxies. Check Point's Gil Messing described the operation as part of Iran's strategy to embarrass U.S. officials. [1]
KEY POINT The director of the FBI was not hacked by breaking encryption, exploiting a zero-day vulnerability, or compromising Google's infrastructure. He was hacked because he had a consumer Gmail account with credentials that appeared in prior data breaches. The encryption on Gmail's servers is irrelevant when the attacker has the password.

What Gmail Does and Does Not Protect

This incident is a concrete illustration of a point we have made repeatedly on this site. Encryption that protects data in transit and at rest is not the same as encryption that protects data from the provider, or from anyone who obtains your credentials.

Gmail's Encryption Model
In transitTLS Gmail encrypts email in transit between your browser and Google's servers, and between Google's servers and the recipient's server. This prevents network-level interception.
At restENCRYPTED, GOOGLE HOLDS KEYS Gmail encrypts stored email on Google's servers. But Google holds the decryption keys. Google can read your email. Google does read your email (for spam filtering, malware scanning, and feature delivery). And anyone with your credentials can read it too.
What This Means in Practice ⚠ CRITICAL, this is what happened to Patel
Gmail's encryption protects against network interception (someone sniffing your Wi-Fi with something like Wireshark) and physical theft of Google's servers. It does not protect against three things that matter here.

Compromised credentials. If an attacker has your email and password, they are you. Gmail cannot distinguish between you logging in and an Iranian intelligence operative logging in with the same credentials.

Legal compulsion. Google holds the keys. A search warrant compels Google to decrypt and hand over your email. As we documented in our messaging comparison, this is the fundamental difference between services where the provider holds the keys and services where only you hold the keys.

Data export by an authenticated user. Google provides tools (Google Takeout, IMAP access) that allow any authenticated user to download a complete archive of the account. An attacker with valid credentials can export years of email in minutes.
Would Encrypted Email Have Prevented This?
The honest answer is mostly no, and it is worth being precise about why. This was an authentication failure, not an encryption failure. An attacker who has your password and gets past your second factor logs in as you, and at that point the mailbox is decrypted for them the same way it is decrypted for you. That is true on Gmail. It is also true on Proton Mail and Tuta Mail. End-to-end encryption means the provider cannot read your mail, and that a warrant or a server-side breach cannot expose your content. It does not mean a person holding your password is locked out.

Proton has historically offered an optional second password ("two-password mode") that encrypts the mailbox separately from the login, which can add a layer if an attacker only has the login credential. It is not the default, and Proton has de-emphasized it, so it is not a reliable answer to this attack. Tuta does not offer a separate mailbox password, though it has said it is working on something similar.

So moving Patel to Proton or Tuta, on its own, would not have stopped this breach. What would have stopped it was a unique password that had never appeared in a breach database, and a hardware security key that a stolen password alone could not satisfy. Encrypted email matters a great deal, for the threats covered in our other analyses: the provider reading your mail, a court order, a server compromise. It is simply the wrong tool for the failure that actually happened here.

This Is a Pattern, Not an Anomaly

The Patel breach is not an isolated incident. It fits a documented pattern of state-linked hackers targeting the personal accounts of senior officials, and of those accounts being on consumer email services with no end-to-end encryption.

The Pattern
2015CIA Director John Brennan: teenage hackers broke into Brennan's personal AOL account and leaked data about U.S. intelligence officials. The director of the CIA was using AOL for personal email. [1]
2016John Podesta (Clinton Campaign Chairman): Russian-linked hackers accessed Podesta's personal Gmail account via a phishing email. The contents were published to WikiLeaks and arguably altered the course of the presidential election. [1]
The Pattern (continued)
2024Incoming Trump officials: Iranian and Chinese hackers targeted personal accounts of incoming administration officials including Patel, Deputy AG Todd Blanche, and Donald Trump Jr. Patel was informed of the compromise before taking office. [3]
2026Patel again: the same Gmail account, apparently still active, was accessed and its contents published by a different Iranian-linked group. The fact that Patel was warned about a compromise of this account in 2024, and the account was still accessible in 2025 (when the metadata shows the files were organized), raises serious questions about follow-through on basic security hygiene.
It Is Not Just Government Officials
The same techniques used against Patel, Podesta, and Brennan are used every day against professors, journalists, corporate executives, attorneys, healthcare workers, and private citizens. Iranian state hackers targeted university faculty and researchers in Operation SpoofedScholars. Chinese APT groups have targeted law firms handling sensitive merger and acquisition work. Russian groups have targeted journalists covering the war in Ukraine. Some of these attackers are far more sophisticated than the ones who reached Patel. The vulnerability is the same. A consumer email account with reused credentials, no hardware security key or strong two-factor, and no end-to-end encryption.

You do not need to be the FBI director for your email to be targeted. You need to be someone who has information that someone else wants. That includes lawyers handling sensitive cases, academics with controversial research, executives with access to proprietary data, healthcare professionals with patient information, journalists with source communications, and activists under government scrutiny.

What You Should Do

The Patel breach is a case study in what goes wrong when someone relies on the default security posture of a consumer email service. Every mitigation below addresses a specific failure point illustrated by this incident, and they are listed roughly in the order that would have mattered most here.

Check if your credentials are in breach databases
Go to haveibeenpwned.com and enter every email address you use. If your address appears in any breach (and it almost certainly will), assume the associated password is compromised. Change it immediately. Do not reuse any password that has ever appeared in a breach, even a modified version of it. Use a reputable password manager. This is the step most likely to have prevented the Patel breach outright.
Use a hardware security key for two-factor authentication ⚠ This is the most effective protection against account takeover
SMS-based two-factor authentication can be bypassed through SIM swapping or SS7 interception. App-based TOTP codes can be phished in real time, though that is harder and usually only happens in targeted attacks rather than credential stuffing. A hardware security key (YubiKey, Google Titan, SoloKeys) requires physical possession of the device. It cannot be phished, intercepted, or remotely compromised. If Patel had a hardware security key on his Gmail account, the stolen password alone would not have been enough to get in. Google's own internal data shows that after deploying hardware security keys to all employees in 2017, the company experienced zero successful phishing attacks against employee accounts.
Use a password manager with unique passwords for every account
The entire credential stuffing attack model depends on password reuse. If every account has a unique, randomly generated password stored in an encrypted password manager, a breach at one service cannot cascade to others. The password for your email should be a long, random string that you never type from memory and never use anywhere else.
Migrate to end-to-end encrypted email
This is the architectural fix, but for a different threat than the one that hit Patel, and it is still worth doing. On Gmail, Google holds the keys, so your mail is exposed to the provider, to a warrant served on the provider, and to any server-side breach. End-to-end encrypted providers (Proton Mail, Tuta Mail) encrypt your mailbox with keys the server never holds, which closes all three of those. What E2EE does not do is stop someone who logs in with your password, so it complements the steps above rather than replacing them. We have published a detailed comparison of Proton Mail vs Tuta Mail covering encryption scope, jurisdiction, court order compliance, and real-world cases. The Patel breach is a reminder that "encrypted at rest by the provider" and "end-to-end encrypted by the user" are not the same thing, even though, on its own, neither would have stopped this particular login.
Never bridge personal and professional email
Patel's 2014 email, in which he copied both his DOJ address and his personal Gmail, is a textbook example of cross-contamination. A compromised personal account should not reveal your professional email addresses, your workplace communication patterns, or the fact that you forward work-related material to a consumer email service. Use separate accounts for separate purposes. Never CC your personal email on work correspondence. If you must access work material on a personal device, use a secure method that does not leave copies in a consumer email archive.
Delete old email you do not need
Patel's Gmail contained emails from 2010. Twelve years of personal correspondence, travel receipts, family photos, and professional contacts, all sitting in a consumer email account with no end-to-end encryption. If you do not need an email from 2014, delete it. If you need to retain records, export them to encrypted local storage and remove them from the server (more on that in a later piece). Every email sitting in your inbox is one that can be read by anyone who obtains your credentials, by Google under a warrant, and by any future breach of your account. Keep less, and you expose less.
THE TAKEAWAY The FBI director was not hacked because Gmail's encryption failed. He was hacked because no encryption protects an account once someone logs in with the right password. The breach needed only two conditions to succeed, a password that had already leaked and the absence of a hardware key, and both were fixable in an afternoon. That is the uncomfortable part. This was not exotic. The tools to prevent it exist, they are inexpensive, and they are available to everyone. The director of the FBI did not use them, and most people reading this have not either.
Patel is a dramatic example, but the shape of it is quite ordinary. A consumer account, an address and password that leaked years ago in some other unrelated breach, no hardware key, and a decade of records just sitting in one place. That would describes most people who have been online for a while, not just the head of the FBI. The reason it keeps happening is not that the fixes are difficult but that almost no one ever sits down, looks at one specific person's actual accounts and breach exposure, and says, in order, what to fix and why.

That is the work I do at Orion Private. An audit looks at which of your credentials are already circulating, finds where your accounts chain together through a reused password, checks whether your two-factor would actually survive the attack that hit Patel, and decides which mail belongs on an encrypted provider and which should simply be deleted. While a breach check tool can tell you that you appear in a leak, it cannot tell you which exposure actually matters for you, or make sure the fix gets done. If reading this made you think about your own email, that instinct is correct, and it is a good place to start.

References

  1. [1] Satter, R. and Bayoumy, Y., "Iran-linked hackers breach FBI Director Kash Patel's personal email, publish excerpts online." Reuters / CNBC, March 27, 2026. | cnbc.com
  2. [2] Franceschi-Bicchierai, L., "Iranian hackers claim breach of FBI director Kash Patel's personal email account." TechCrunch, March 27, 2026. | techcrunch.com
  3. [3] Lyngaas, S., "Iran-linked hackers have breached FBI Director Kash Patel's personal emails." CNN, March 27, 2026. | cnn.com
  4. [4] Collier, K. and Kosnar, M., "Iranian hackers publish emails allegedly stolen from Kash Patel." NBC News, March 27, 2026. | nbcnews.com
  5. [5] "Pro-Iranian group claims credit for hacking into FBI Director Patel's personal account." PBS News / Associated Press, March 27, 2026. | pbs.org
  6. [6] Sommerville, M., "FBI director Kash Patel's email hacked: What has been leaked?" Newsweek, March 27, 2026. | newsweek.com
  7. [7] Raman, S., "Iran-linked group claims hack of FBI Director Kash Patel." Axios, March 27, 2026. | axios.com
Services

Privacy Consulting

Privacy consulting for individuals, professionals, and small teams in regulated fields. Threat modeling, jurisdiction analysis, encrypted infrastructure migration, and operational security designed around what you actually face.

✓ Who I work with
Professionals in sensitive or regulated fields. People facing specific exposures like stalking, harassment, custody disputes, or do public facing work. People who've watched the data economy and decided they want less of themselves in it. Anyone who has decided their privacy matters. No justification required.
✕ Not yet offered
Privacy program management for businesses with employees or IT infrastructure. Regulatory compliance work (HIPAA, SOC 2, CCPA operational implementation). Legal advice, documents, or representation. I refer these out today; business privacy services are on the roadmap, pending CIPM certification.
On qualifications: I studied Legal Studies and Public Policy at UC Berkeley and am working toward the CIPP/US certification through the International Association of Privacy Professionals. I am not an attorney and nothing on this site is legal advice. What I do is privacy research, threat modeling, jurisdiction analysis, and implementation. Every engagement produces a custom report written for the person reading it, not for a technical audience unless that is who you are. Orion Private LLC carries errors and omissions insurance and cybersecurity coverage.
Services & Pricing
How It Works
01
Encrypted intake form (free) or email
Fill out the form on the contact page or email. No commitment. I respond within 36 hours with an honest assessment of whether my services are a good fit.
02
Paid consultation ($60, 30 min)
We go deeper into your needs, exposure, and threat model. The $60 is credited toward any engagement that follows.
03
Scoping & proposal
I send a written scope of work covering what I will do, what you receive, and total cost. No hourly billing.
04
Execution
Research, configuration, migration, hardening. Any hands on work happens over screen share so you stay in control or preferably in person. During this process I teach you how to maintain the architectutre we have built, explain the reasoning behind my recommendaitons, and answer any questions that may come up.
05
Handoff & training
I deliver written documentation, walk through it with you, and provide hands on operational security training. Support continues 30–90 days.
Common Questions
Free, no commitment. I respond within 36 hours.
About

About Orion Private LLC

O
Orion Private LLC
Founded by David
privacy@orionprivate.com
Legal Studies (UC Berkeley)Privacy ResearchEncryptionDigital Rights
PGP Fingerprint
B4A7 B0FF 8F75 F17E A28E 056F F025 2FAB 7CB1 AA0C
Download public key →
For encrypted communication, use the intake form or encrypt with this key in your email client.

Hi, I'm David. I run Orion Private LLC, a one person privacy practice. Right now I work with individuals and families who have decided their digital lives are worth protecting and want to do something about it. A compliance side for small practices, professional firms, and startups is launching soon, and there's more on that just below.

My background is in Legal Studies and Public Policy from UC Berkeley, and that training shapes every engagement. I read statutes, analyze court opinions, and trace jurisdiction. But the heart of the work is simpler than that. Privacy is not an all or nothing approach. It runs on a spectrum, and where you belong on it depends entirely on your threat model. Who is knowledgeable, motivated, and sophisticated enough to come after your information, and what it would take them to get it. Most people do not have a single person like that actively targeting them, but everyone is under the watchful eye's of the surveillance economy. Big tech harvests all of us by default, brokers sell what they gather, and the government can reach much of it through those same companies. So the question is rarely whether you are exposed. It is what you most want to keep out of their hands. Once we know what you are actually protecting against, the rest follows. Threat modeling, encrypted infrastructure, and operational security, all built around your real exposure instead of a checklist.

I use these tools every day myself, so know they can be cumbersome to live with. A good consultant meets you where you are, brings the changes in at a pace you can actually handle, and tells you the truth when something is exposed enough that it genuinely has to change. Beyond any one client, I try to keep up with a field that never sits still. Privacy is under competeing pressures every single day, from companies that profit off your information and government surveillance alike. I aim my reading where I think it will make the most difference for the people I work with.

I built the whole operation from scratch. Client records, invoices, and bookkeeping live in encrypted spreadsheets I wrote myself, kept in VeraCrypt containers on local hardware and backed up to encrypted cloud. Your name and your engagement never touch a CRM, a billing platform, or an AI that trains on what passes through it, because privacy is control, and I am not handing yours to anyone.The practice also carries errors and omissions and cyber liability insurance.

Looking Ahead

Orion Private is built with a long-term trajectory in mind. The goal is law school, and from there, working on these problems wherever the leverage is greatest, in practice, in policy, or inside the agencies that are supposed to hold the line.

I am currently pursuing CIPP/US certification through the International Association of Privacy Professionals, with CIPM, the privacy program management credential, to follow. What draws me to the business side is a gap the economics of security makes almost inevitable. The cost of a breach lands on someone other than the firm, so protection gets underbuilt, and the standard firms are held to, "reasonable" security under the FTC's authority and rules like the Safeguards Rule, only gets defined after something goes wrong. Small practices fall under HIPAA and the Safeguards Rule with no one on staff to meet a duty of care no one has spelled out for them, and compliance becomes paperwork that is easy to show and does little to protect anyone.

The math on law school changed in 2025. The One Big Beautiful Bill Act ended Grad PLUS loans for new borrowers and, starting in 2026, caps federal borrowing for law students at $50,000 a year, well under what most law schools cost. A cap below the price pushes graduates toward whatever pays the balance down fastest, not the work that needs doing, and I would rather not let a massive loan balance decide what kind of law I practice.

Research Classification
Field Assessment Technical comparisons, tool evaluations, provider breakdowns
Regulatory Analysis Policy failures, regulatory gaps, government overreach
Technical Brief Educational explainers, foundational concepts
Investigative Report Exposure pieces, tracking research, hidden practices revealed
Policy Commentary Opinion, commentary on law

I use a wide range of sources including but not limited to official documentation, court records, transparency reports, academic research, and established reporting. No affiliate links. No sponsorship.

Generative AI tools may be used as writing aids for editing, summarizing, and restructuring content to improve clarity and presentation. This includes uses that support learning and help refine ideas. These tools are used to support clarity and refinement, not to replace independent thinking or original analysis. All ideas, interpretations, and conclusions are independently developed, and all content is reviewed and verified. While AI can be helpful for rephrasing and organizing information, I do not treat its outputs as a source of original ideas or substantive insight.

About This Site

This entire website is a single HTML file with no frameworks, no templates, and no WordPress, served as a static site on GitHub Pages with no server-side code or database to attack. The only external requests it makes are the OpenPGP library behind the encrypted contact form and a small analytics script, with no advertising trackers and nothing that follows you across the web.

The analytics is Plausible, an open-source tool that sets no cookies, stores no IP address, builds no profiles, and cannot track you across sites or devices. It is an EU company that keeps its data in Germany under European data protection law and never sells what it collects.

Contact

Get in Touch

Whether you need consulting, have a research question, or want to flag something I got wrong, I am happy to hear from you.

Encrypted Intake Form

Free, no commitment. Your message is encrypted with PGP in your browser. Only I can decrypt it.

Encryption happens in your browser. Nothing is sent until you email it.
Anonymous Encrypted Contact

No email. No phone number. No account. Check it out.

https://smp15.simplex.im/a#xZA93oZyUT6tQ7lAHF7K_45JNwSjTMQHzewneBQn8cU
Need SimpleX? Download here →
Encrypted Email*
privacy@orionprivate.com
PGP Fingerprint:
B4A7 B0FF 8F75 F17E A28E 056F F025 2FAB 7CB1 AA0C
Download public key →
*Or skip the setup and use the automated encrypted form.
How This Form Works
Your message is encrypted with PGP in your browser using OpenPGP.js. The plaintext never touches a server. You copy the ciphertext and email it. Only my private key can decrypt it.
Getting Started
Intake form (free) → I respond in 36 hours → Paid consultation ($60, 30 min) → Fee credited toward any service.
Response Time
Within 36 hours