Beware of Privacy Snake Oil

In your privacy advocacy, it's essential to use and recommend tools that reliably protect privacy. For this, you need to investigate and remain highly skeptical of any dangerous or unproven marketing claims.

Here's how to evaluate privacy claims, and recommend tools that are trustworthy:

Why is there so much privacy snake oil?

Regrettably, it's quite common to see businesses using privacy promises as a mere marketing strategy to reassure understandingly concerned users. But many aren't genuinely doing the work to make these promises come true.

Many businesses want to have their cake and eat it too, by attracting users with false promises of privacy while exploiting their data for profit all the while. Other times, failure to meet privacy promises simply comes from incompetence or negligence.

Misleadingly, or fraudulently, presenting a product, service, or organization as being responsible and trustworthy with data privacy when it isn't is called "privacy washing."

There are many things you can learn to become more resistant to privacy washing, and become better at using and recommending genuinely privacy-preserving technologies.

How to spot privacy snake oil

Never trust any privacy claims at face value.

Here are some red flags you should always keep in mind when evaluating a privacy tool, service, or organization:

• Conflict of interest: Is the source that is telling you this product is trustworthy independent of the company or parent-company that owns this product?

• Biased reviews: Is the review recommending this product truly independent, or has it received sponsorship money? Was the review AI-generated?

• Meaningless attestations: Are claims of privacy law compliance or trustworthiness supported by external sources, or do they only come from the organization itself?

• Buzzword language: Is the advertising and description of the product using a lot of privacy buzzwords like "military-grade encryption" or "AI-powered"?

• Unsupported claims: Are the product's claims supported by documentation and detailed descriptions? It's not enough to write "end-to-end encrypted." This claim should be supported by a detailed account of how the data is end-to-end encrypted, including which protocols and algorithms it is using.

• Unrealistic claims: Are the privacy claims being made realistic? Nothing can be 100% private or 100% secure. A trustworthy product will give you reasonable warnings about its limitations.

• Lack of deletion process: Does this product or service offer a clear process to delete your data upon request? How much of your data can you delete, and how quickly can you delete it if you wanted to stop using this service tomorrow?

• Untested technologies: Has this technology been tested by experts before? Are there any external parties who have verified its claims?

• Bad reputation: What are privacy and security experts saying about this product or organization? Was the product or organization subjected to multiple critiques from privacy experts? Has the organization ever been impacted by major data breaches?

How to trust privacy tools and services

You should never completely trust a product, service, or organization. Additionally, your trust should always be revocable, and you should revoke it when new information comes to light that warrants it. Even privacy professional sources that you trust might not always be up-to-date.

Things can change quickly in the tech world, and we must all be prepared to revoke our trust and adapt quickly when required.

With that in mind, here are some green flags you can keep in mind when evaluating a privacy tool, service, or organization:

• Good reputation: What are privacy and security experts saying about this product or organization? Does the product or organization have a good reputation within the field?

• Access to evidence: Are you able to verify the privacy claims from independent sources that aren't related to the business itself?

• Independent review: Was the product reviewed by an independent third-party who had significant access to test the product in a meaningful way?

• Transparency: Can you easily find detailed information about what data this organization collects, and how it processes and shares it? Would an independent expert have access to its software code to inspect it?

• Clear funding model: How does this organization make money? If it's free to use, does this organization rely on donations or grants? Is the product sold to users or to businesses? Where does the money come from?

• Availability: Could you easily contact this organization if you needed to? Can you find an email address dedicated to privacy requests and questions? Can you find where the organization is located? Would you have access to at least two different ways to contact it?

• Expert recommendation: Is this product recommended by independent privacy experts and nonprofit digital rights organizations?

More resources

• Tool recommendations vetted by our community (Privacy Guides)

• Extensive guide on how to evaluate better privacy tools and organizations (Privacy Guides)

• Privacy washing is a dirty business (Privacy Guides)

• Understanding encryption and end-to-end encryption (Privacy Guides video)

Функция "цифрового наследия": Термин "цифровое наследие" подразумевает под собой набор функций, который позволяет вам регулировать права доступа других людей к вашей информации после того, как вы умрете

Вы читаете Русский перевод сайта Privacy Guides, выполненный нашей невероятной командой переводчиков на платформе Crowdin. Если вы заметили ошибку или непереведенные части на этой странице, пожалуйста, помогите нам! Перейти на Crowdin

You're viewing the Russian copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!