Privacy? Nyet!

Many people worry about privacy these days — and rightfully so. Common practices of modern web lead to privacy violations left, right, and center. Websites tracking visitors and selling the data to advertisers became the norm rather than an exception. For the less technical people among us it’s easy to get confused and scared, and being confused and scared is the perfect way to become a victim. Where there are potential victims, there are predators.

The increasing number of people and companies prey on people’s insecurity and desire for privacy. “Malware detectors” and “spyware removers” that actually spy on the users themselves, “privacy-oriented” VPN providers that leak and sell users’ data, privacy-themed websites that spy on their visitors, and so on, and so forth. One such example surfaced in my email inbox lately:

Privacy Badger alternative/suggestion

Hi Evgeny,

I noticed you shared the Privacy Badger tool here - https://evgenykuznetsov.org/en/about/ - and I wanted to share something your visitors might find useful.

My privacy analyzer (‍https://privacy.net/analyzer/) tests everything Privacy Badger does but also covers some things it doesn’t such as testing for autofill leaks and logged in accounts.

Don’t get me wrong I am a huge fan of Privacy Badger, I just wanted to suggest mine as a supplementary tool.

Perhaps you could link to it as well?

Thank you in advance.

-Dennis

PS. If you’re not interested just let me know and you won’t hear from me again.

---

Dennis

Privacy.net

It was immediately obvious that whatever Dennis was suggesting was absolutely irrelevant to me and the visitors of this website. I do indeed recommend Privacy Badger as a tool to block JavaScript and avoid the (possibly unwanted) data leakage through requests to third party websites. This has nothing to do with testing anything, no analyzer tool is even relevant here, and definitely can not be viewed as an alternative. What Dennis of privacy.net likely did here was just scan the web for any Privacy Badger links and send his unsolicited “suggestion” emails without really considering how relevant they were — perhaps, using an automated script to do that. And the letter itself is nothing but spam. I marked it as such and forgot about it in a second.

Spam itself can be thought of as a privacy violation. I agree with the concept I’ve read in A. Stolyarov’s articles (in Russian) — though I’m not sure whether he invented it¹ — that spam, being an act that the recipient never agreed or wanted to participate in, can be considered informational violence, no too much conceptually different from physical violence, rape and such. Sending spam while calling yourself “privacy.net” is quite ironical, if you ask me. The “opt-out” post-scriptum is even more ironical.

I wouldn’t have given any of it a second thought, let alone write this blog post, but Dennis persisted. A week later I received a new email:

Hi Evgeny,

Perhaps you may have missed my earlier email as I’ve not heard from you. For reference, I’ve included a copy below.

[the content of the first email]

Well, Dennis seemed to really want my feedback, and to give it I had to visit his website. Turns out, the website is no good — what a surprise!

As I initially suspected, Dennis’s privacy analyzer is in no way useful for the purposes I recommend Privacy Badger for; it’s basically a simple JavaScript that displays some of the properties the browser reports, not really different from thousands of similar scripts easily found by googling something like “test browser privacy”. As for the website itself, for something that is called “privacy.net” it leaks an awful lot of information about visitors to third parties. Google Analytics, cookies, web fonts, CDNs — you name it, privacy.net uses it and doesn’t even attempt to warn the visitor. Privacy policy? No such thing. No disclosure about what’s being collected and how it’s being used, nothing. Would be ridiculous if it wasn’t so pathetic and sad.

What is privacy.net then? I’m not sure, but it definitely isn’t anything about your privacy. I skimmed through a couple of articles and it looks like the whole endeavor is just a promotional website for Express VPN. Which doesn’t reflect well on Express VPN itself, either.

Being a native Russian speaker, I can’t help noticing the irony: net immediately reads as нет (usually transcribed as nyet — Russian for “no”). Privacy.net — “no to privacy” — looks like a perfectly appropriate name after all.

Lack of links to privacy.net in this post is, of course, intentional — I don’t think anyone should visit it. Me visiting it is already one visitor more than it deserves.