If you like this guide, please consider making a donation to support me.

How to judge a a service or provider?

1. Introduction
2. Surfaces 3. Legal documents 4. Other important considerations 5. Summary


Nowadays privacy violators are all over the web, some of them are pretty easy to avoid, for example Google, which is obvious and well-known that they track you all over the web and spies on you, some of them try to pretend that they are private but it actually is a honeypot of the Government/Big Corpos like ProtonMail. But how can we disinguish between those? That's what we will cover them in this article.


Basic requirements

Here are the basic requirements that every provider or service should have or avoid:
Now just take a look at those so-called privacy-respecting providers, we can see that almost all VPNs, instant messengers, email providers and website hosting providers have failed to achieve for these basic requirements. Many instant messengers stucked at the phone number requirement. The VPN industry is even worse - most of them have google analytics and is cloudfared, while some of them don't accept cryptos. Even you find out a service that met all those requirements (already pretty hard), a more advanced challenge comes below:

Advanced requirements

Here are the advanced requirements for a provider to get a higher grade/rating from me. However, even a provider scores well below, it won't reach a higher score from me as long as they failed to pass the basic requirements.

Legal documents

The Terms of Service/Use tells you how restrictive the provider is, while the Privacy Policy tells what they do with your data. Even the massive privacy violators collects your information and share them in purpose, if the provider is located in the European Union, they can face legal consequences if they lied. In case a provider doesn't have a Privacy Policy, you may just leave it alone and avoid - all privacy-respecting providers should have considered to release a statement of how they handle your data.

Without further ado, here's what you should be looking for in particular:

The Privacy Policy

Terms of Service

The ToS is quite a minor part of the privacy index, but it's still important to see what's the provider's view or attitude towards what should/should not be accepted:

Other Important Considerations

There are always situations where a provider achieves all the basic (or even advanced requirements), and having a good privacy policy. However, they may actually in fact being not trustworthy at all. These providers usually have loopholes in their privacy policy, e.g. They will easily transfer your personal data to the court when there is a court order (which can easily happen especially if you're an activist), or have an dark background or history, e.g. owned by a big corpo (or ad company)/having private linkage with Governments/changing their ToS/Privacy Policy suspiciously. In this section, we'll discuss the other important considerations for a provider besides the essentials and their privacy policy. Make sure to do in-depth research by yourself before using an unkown provider! (or read my imcompleted reviews)

Transparency Report

The transparency report of a provider tells you how they respond to government requests regarding the disclosure of personal data - whether they will kneel down and give the Government the requested data in order to prevent from shutting down, or reject them to protect user's privacy. Let's take Proton's Transparency Report as an example: This is typically an illusion (to be discussed in the next sections) - they try to create a fact in your brain that swiss laws protect your privacy, but in fact it's the company's policy - whether they hand your data to them, or not. Great! Now with the fact that your privacy is being held on Proton, who decided to transmit your data to swiss under the "privacy-respecting" swiss law, your privacy is now directly risked under the Diplomatic relations of Swiss (because they decide whether a country abuses human rights). Now let's check out the percentage of complied request out of all orders: Impressive. They managed to get 4920/6243*100% = 78.8 % of complied requests out of all requests, which is equal to that of google. If you use their services and be targeted by a foreign authority probably because you are involved in activism, you have a chance of 78 percent having your data to be released to the authority.

This is just an example. In fact there are a lot worser cases than the Proton example, so do the research before using a provider.
Don't forget to support me with a donation if you like the guide!

Return to main page