Hello all!

Me and my CTO own Enclave. Enclave is kind of a company, kind of a lifelong project. We’re basically trying to build a full secure app suite.

You can see our work at https://enclave.talk. We first built Enclave Social, and then the dream expanded to creating a full privacy ecosystem.

Our MLS encryption is open source if anyone wants to look at it. Feel free to comment with any questions you guys have!

https://panamaseastudios.com. I’m building PanamaSea Studios around privacy oriented infrastructure.Reduce unnecessary accounts, tracking, and long term identity records.
So happy with how things are coming out. Would love to hear your experience with it.

Hey r/privacy,

Long story short — I built a search engine called Findise back around 2011. It grew to top 95,000 in the US on Alexa rankings. Then the search APIs I depended on changed their pricing model overnight and killed it. Classic rug pull.

Fast forward to 2026. I rebuilt it from scratch — but this time completely independently. No Google API. No Bing API. No third party dependencies. Ever.

Here's what makes Findise different from DuckDuckGo, Startpage, and most "privacy" search engines:

We have our own index. DuckDuckGo uses Bing's data. Startpage proxies Google. We crawl the web ourselves 24/7 with our own crawler. Nobody can change their pricing and kill us again.

What we don't do:

• No tracking
• No user profiles
• No search history stored
• No filter bubbles
• No cookies
• Contextual ads only — based on your search word, not your identity

We just crossed 1 million pages indexed and we're growing daily.

It's not perfect yet — the index is young and we're improving search quality every day. But it's real, it's independent, and it's live right now.

findise.net — would love honest feedback from this community.

Bill C-22 in Canada provides "Lawful Access" (which actually means warrantless) to your private communications.

While not an end-to-end encryption solution, automatically GPG encrypting email forwarded to your ISP covers your data-at-rest.

easyDNS (Canadian provider, impacted by C-22) has added that back to email forwarding functionality and the postfix relay that does the heavy lifting for this is now open source.

Hi everyone ,
I have a phone number that shouldn’t be associated with any account. I just wanted to check and make sure that the number isn’t being misused but when I clicked forgot password instead, it said it will send a code but that code never arrived.
I tried another number to verify but with that number it said no account found . So how the first number take me to the code entering stage? I’m concerned about the privacy and my phone number
Can someone please shed some light on how this can happen ?
Thanks

Hello there, as someone who is not from a tech background I didn't care much about my privacy until fairly recently. And since I started giving a shit, well it's been overwhelming. I've been a lurker for a while here thinking about posting and finally I finally decided to do it. So here goes...

I was wondering how people stay up to date on all matters related to privacy. This subreddit is great and it has helped me( the faq section as well) I was wondering what resources/forums/websites do people use to learn more about the topic. The reason I ask is that I am preparing to transition from big tech to more privacy focused options. And I wanna learn as much as I can to make an informed decision.

Any information will be helpful. You can pm me if you prefer to contact me that way. Thanks in advance. Have a nice day.

So Reddit announced the ability to hide your posts and comments a while ago. Many Redditors seem to think that this feature is completely private and that no one can view their posts/comments. But they are completely wrong! Please read this!

There are two types of API’s (Application Programming Interfaces) on Reddit: Public API and Third Party API. The public API is only available to developers, mega corporations, and research institutions, which grant access to user data for various purposes, such as AI training or psychological research. Google and OpenAI use this. But fraudulent developers with not-so-good intent register Limited Liability Partnerships (LLP) and Limited Liability Corporations (LLC) in the US to gain access to Reddit data and develop shady tools with it.

One such site created by a Redditor Aryan\\_Raj\\_7167 is https://ghostddit.pages.dev . Through this site, anyone can view any private profile! This site updates in real time as it directly fetches user data from Reddit’s public API. This is in direct violation of the API policy and privacy policy and Reddit already sent one “cease and desist” order to the developer but he just changed the name and continued operation like piracy sites do. Currently, around 100K+ people use this tool. Not many Redditors know that Reddit’s public API can be misused!

If you really want privacy on this site, use tools like PowerDeleteSuite or Redact to regularly delete posts and comments to preserve your privacy.

Here are guides on how to do it:

1)https://github.com/j0be/PowerDeleteSuite

2) https://redact.dev/blog/delete-all-reddit-posts-redact-guide-2025.

Your post/comment gets captured by sites like PushShift, PullPush, ArticShift, and CAMAS just 1 minute after you hit submit. If anyone who wants to know about you knows about these sites then it’s literally game over. These sites retain your account data even if you delete your account! Be careful what you post on Reddit, stay safe!

I spent a few hours reading the privacy policies of the major AI document tools. ChatPDF, Humata, similar products.

The pattern is consistent: your files are uploaded to their servers. They use third-party AI APIs, which means your document content passes through at least one more external service. Retention policies vary. Some store your files for days. Some longer.

For most users, this is fine. For anyone handling files that are confidential by obligation - legal discovery documents, unpublished research data, patient records, proprietary contracts - it's a structural problem, not a settings problem.

The issue isn't whether these companies are trustworthy. It's that the data left your device at all. Once it's on someone else's server, you've lost control of the chain.

I built SafeMind specifically to remove that problem at the architecture level:

• No server. Processing happens in your browser via Web Workers.
• No API calls to OpenAI, Anthropic, or anyone else.
• Vector search and document retrieval run locally.
• Nothing persists after you close the tab.

The tradeoff is real: local processing has limits that cloud compute doesn't. But for a specific set of users, the tradeoff is obvious.

Has anyone else gone looking for the actual data handling details on these tools? What did you find?

Hello All,

First ever post on Reddit, so apologies if I am in the wrong place or asking a clumsy question.

I am repeatedly told by data auditors in the UK that it is inadvisable to use ChatGPT or Claude for use cases involving confidential data, even when the training function is turned off, because of the risk of that data becoming public.

My understanding is that, in this scenario, the main risk arises when the data is in transit from the company to OpenAI or Anthropic, or when it is stored by them. From what I can tell from their privacy notices, data in transit and at rest is encrypted to a very high standard, apparently to a level that even government security agencies such as MI5 could not realistically break.

So what I am trying to understand is this:

1. If a user forgets to turn off the training function, what is the actual likelihood of that data being absorbed into a subsequent training round and then reproduced elsewhere? Have there been any documented examples of this happening? If so, where did it happen, and what harm resulted?

I have been unable to find any clear examples. There is the so-called Samsung case, but from what I can see, that involved an engineer being disciplined for breaching a rule against entering commercially sensitive data into a public LLM. It does not appear to be a case where the data was later discovered or used by an outside party.

1. Have there been any reported cases involving OpenAI or Anthropic where third parties have broken into their systems, stolen customer data, and then used that data against those customers?
2. If an enterprise subscription for ChatGPT or Claude allows the training function to be disabled centrally for all staff, does it not follow that these tools are reasonably safe to use, even with personal or commercially sensitive data? If so, is the advice from some UK auditors simply over-cautious?

I am not looking to be reckless with confidential data. I am trying to understand whether the perceived risk is evidence-based, or whether it is being overstated.

Hey everyone,

We've built an open-source, privacy-preserving alternative to Ring cameras using a Raspberry Pi Zero 2W (called Secluso). It uses end-to-end encryption to send videos from the camera to a mobile app, which is available both in Google Play Store and Apple App Store.

When you use a Ring camera, your videos are accessible to Ring/Amazon and whoever they share them with. With Secluso, your videos are available only to you in your phone!

We've put in a lot of effort to make it easy to set up! You can set up our camera on your own Pi in less than 5 minutes with minimal technical expertise using our easy-to-use GUI deploy tool. Here are our setup guide and open source release.

The image shows a Pi in an official Raspberry Pi enclosure that you can use for your camera. We've also been working on a HAT for the Pi to add night vision, audio, temperature monitoring for safety, all in a compact form factor. You can see the HAT and an enclosure for the whole plug-and-play camera in the photo. We're hoping to soon start shipping this camera prototype to people on the waitlist on our website!

Looking forward to seeing what you all think!

Title says it

[ Removed by Reddit on account of violating the content policy. ]

Last year, I was forced to switch to a new phone number (long and unrelated story), and I immediately saw a huge uptick in scam calls and texts compared to my previous number. I'm used to the occasional spam, but lately I've been regularly getting through days with 10+ spam calls. I get spam texts asking me about a piece of property I do not own. Phony and inflammatory "political alerts" that, without getting into it, do not align with any of my own politics. Apparently I've even got a free Margaritaville cruise waiting for me. I'm completely over it and feel like I'm being driven insane.

Is there anything I can do to exorcise the former owner of my number? If it's of any use, I believe I've been able to piece together his identity from the invasive messages (some of which have contained his full home address!). Obviously won't be sharing any of that, but I will say that he passed away in 2019 (if I did my detective work right) and seemed very prone to giving out his phone number to some very disreputable people.

Will a service like Incogni be of any help? Does it take a one-time scrub, or will it be an ongoing fight? Will anything help at all? I'm at a loss and don't know where to even begin. Not even looking to stop all spam, just desperate to reduce it even a little bit!!

Just like in the title

I’ve noticed that a lot of businesses, freelancers, agencies, and even legal professionals still use regular cloud storage links and email attachments for sensitive file sharing, even though privacy and cybersecurity concerns are becoming more serious every year.

Things like contracts, onboarding documents, invoices, financial records, and identity verification files are often shared through links that can stay active indefinitely or get forwarded without much control.

Recently I started researching secure file sharing platforms and encrypted document sharing tools that offer temporary links, private access, expiring downloads, and browser-based encryption, and honestly it feels like this approach makes much more sense for confidential document exchange.

Now I'm curious, what other people are using to share sensitive files?

Update: Someone recently suggested Mboxly a privacy focused file sharing tool with encrypted delivery and temporary password-protected links. Are more people switching to tools like this for sensitive file sharing?

i’ve been spending more time lately looking into personal privacy and data broker exposure after realizing how much information about me was publicly searchable across multiple aggregator sites. once i started checking, i found old addresses, relatives, phone numbers, and other details mirrored across way more sites than i expected.

that led me toward services like deleteme, although before subscribing i started looking for a deleteme promo code and comparing long term user experiences. what’s interesting is how divided opinions seem between people who think ongoing removal services are worth paying for and people who believe manual removals combined with better privacy habits accomplish nearly the same thing.

my main concern is sustainability over time. even if removals work initially, data seems to constantly get recopied and reindexed through different brokers and aggregation pipelines. i’m curious whether paid monitoring services meaningfully reduce long term exposure or mainly automate a process that eventually becomes repetitive anyway.

for people here who actively manage their online privacy footprint, have services like deleteme actually made a noticeable difference over time? and if you prefer self managed removals instead, what workflows, tools, or habits have been the most effective for keeping your information from resurfacing repeatedly?

whats the best chat app to use for privacy and extremely low data cosnumption?

Will android based mp3 players be affected by the age id verification laws

Google is going to Bake Age verification into the OS itself this is Very dangerous as there are multiple Android smartphones out there that will have android 17 as last update! once you install android 17 and its the final update for the phone the age signal API will be on your phone till the day the hardware dies! you cant even downgrade or the efuse trips! if you still have android 17 after at least 5 to 10 years and you accidentally factory reset it and verify your id again it will fail to send as device is old and might not connect to google servers and will send to hackers instead

Does anyone know how to do this safely? If so, please explain. My employer requires me to use a zipcar, but then they scream at me for going barely over the speed limit for 5 seconds on a 4 hour trip.

Free to use, offers document intelligence and audio capture with transcription using local LLM. Built with privacy and user-friendliness in mind.

Why YSK: Most people think antivirus software protects your privacy. Avast was doing the exact opposite — quietly selling what you searched, what sites you visited, and what you clicked to advertisers and data brokers for years.
The FTC investigated and took action. Avast shut down the subsidiary doing it only after they got caught.
Meanwhile Norton bundled a crypto miner into their antivirus, ran it on your PC, and took a cut of whatever it earned. They called it a “feature.”
These weren’t accidents. They were business decisions.

Secure file sharing is usually described as “end-to-end encrypted” or “privacy-first”.

Most platforms advertise things like:

- AES-256 encryption
- secure file transfer
- GDPR compliance
- privacy-focused infrastructure

These are meaningful practices, but in most cases the underlying model still relies on trust in the service provider.

In practice:

- encryption is often limited to transport (TLS)
- files may still be accessible server-side in some form
- and infrastructure-level guarantees are difficult to independently verify

So users are often relying on policy and assurances rather than strict technical constraints.

This raises a question:

What would secure file sharing look like if the provider could not access the data at all by design?

Not “we promise not to”.
But “we are technically unable to”.

I’ve been exploring this idea through a small open-source project called PrivCloud.

The goal is:

- client-side end-to-end encryption
- server never has access to encryption keys
- zero-knowledge design at the architecture level

While trying to keep usability simple:

- fast uploads, including large files
- browser-based usage
- no setup required

Repo: https://github.com/Simthem/PrivCloud_Sharing
Demo: https://share.privcloud.fr/

I’m mostly curious about the broader discussion:
Why do you think most file sharing systems still rely on trust-based models instead of strict zero-knowledge architectures?
Is it mainly usability, cost, or something else?