rina's space

hiii! <3 _

anime girl with cat ears and pink hair posing with paws up

october 23, 2025 @ 12:32 pm | est. reading time: 5 - 6 mins | word count 950


online privacy is (mostly) snake oil

yeah, it may not be something some of you are ready to hear, or want to hear at all. but the concept of online privacy is pretty much just a huge jug of snake oil, at least in the way most people do it.

if you’re online, you aren’t private. and by using those alternative services, you’re just shifting your trust to someone else, not increasing your privacy necessarily.

so, one of first recommendations is “switch off gmail”. sure? which way? can you REALLY trust protonmail or tutanota? they say they’re anonymous and in some cases encrypted. but it’s just their word, and it’s up to you to trust them or not. Hell, it’s even debated can *i* trust my email provider for @riri.my email, which i pay for, let alone countless of free services recommend for your to switch off gmail.

while, i obviously, don't agree with their ideals, i will have to quite cock.li to make a point.
“How can I trust you?
You can't. Cock.li doesn't read or scan your e-mail content in any way, but it's possible for any e-mail provider to read your e-mail, so you'll just have to take our word for it. No "encrypted e-mail" provider is preventing this: even if they encrypt incoming mail before storing it, the provider still receives the e-mail in plaintext first, meaning you're only protected if you assume no one was reading or copying the e-mail as it came in. When possible, you should use X.509 or GPG with your mail correspondents to encrypt your message content and prevent it from ever being handled in plaintext on our servers. You should also download and delete your mail from our servers regularly, which alone is almost as good as encrypting your mail.”

as you can see, there is no such thing as private email. no matter what anyone says. and sure you can argue you can use PGP, or even S/MIME, or any other true encryption method, but good luck getting any of your friends to use any of that. and would you rather LARP as epix haxxor, or talk with your friends?

next, alternative DNS servers. sure, but just like before, you’re just shifting your trust from your ISP to say cloudflare or quad9 (i use quad9). is a “random” company more trustworthy than your ISP? unless you live in Russia or China, likely not.

another thing i’ve seen is “degoogling” your phone. but can you REALLY trust an alternative store more than google play? in a sense, the alternative one might not track you, but if you’re not careful enough, the chances of downloading a malicious apps is also higher. you can also kiss goodbye to contactless payments, banking apps and even paypal.

and some of you may be yelling to use crypto but crypto isn’t private unless you’re a wizard. every transaction’s is actually public! congratulations, you’ve made your purchases even more traceable. okay, maybe monero is bit more private, but the rest, nope.

talking about degoogling still, some of you might be like “use duckduckgo” but you’re still giving your search queries to someone and duckduck still relies on bing. you’re just outsourcing your trust again. and microsoft is not more trust worthy than google. not at the slightest.

i’ve also seen advices such as “delete social medias”. most social medias are fine, as long as you don’t overshare, and what you use isn’t facebook.

next, some people say to use TOR. depending where you live, connecting to TOR alone might be suspicious, and even if it’s perfectly legal where you are, there isn’t a lot of reasons to be there. if you’re on TOR to “hide”, if you’re doing something actually illegal, the government will find you eventually, you aren’t immune.

what about “regular” browser alternatives? firefox has more and more telemetry. brave browser or duckduck’s are still chromium. it makes no difference. but if not using chrome makes you feel better, be my guest.

VPNs? again just shifting your trust elsewhere. doesn’t matter if you use a commercial one, seemingly private one like mullvad, or selfhost one. VPNs arent exactly meant for privacy. those VPN advertisements rotted your brain.

“block ads to decrease tracking”. YES. one of few points for which the privacy-obsessed folk are right. you should definitely block ads! (and trackers if possible)

“use linux” is another advice. this one is the only that somewhat makes sense. but i still think linux is not desktop-ready for a lot of people. if you play games or rely on certain software, wine still isnt perfect and neither is valve’s proton. and setting up KVM virtual machines with hardware passthrough, to run the software properly is difficult and technical for the majority of the people. and even if this is easy for you, the moment you want to play certain games, you’ll be banned due to their overreacting anticheat. but if you just want to browse the internet linux is a good choice.


true privacy online doesn’t exist, you’re always trusting someone. the developers, the service providers, etc. even if you are selfhosting you need to trust someone be it your ISP if you’re onprem, the datacenter youre colocating your dedi, or even your VPS provider. you always have to trust someone.

privacy doesn’t truly exist. the only way to stay private is to disconnect. if you care too much about privacy and “opsec” is always on your mind, you’ll just grow more and more paranoid, and that alone may ruin your life. besides, the more you try to hide and obfuscate things, the more you actually stick out. but at the end of it all, is up to you what you do.

⟵ back to blog

got comments, thoughts or feedback about this post? email me at comments@riri.my •ᴗ•

© 2025 rina's space • made with 🤍 by rina

privacy policyterms of service