Best of PrivacyOctober 2025

  1. 1
    Article
    Avatar of braveBrave·34w

    Brave browser passes 100 million monthly active users

    Brave browser reached 101 million monthly active users in September 2024, growing at 2.5 million users per month. Brave Search now handles 20 billion annualized queries with its independent index. The company has expanded into a privacy-focused ecosystem including Leo AI assistant, VPN services, and a cryptocurrency wallet, while building sustainable revenue through privacy-respecting ads, search API, and premium subscriptions. Brave emphasizes privacy-by-default design across all products, using aggregate analytics that don't collect personal user data.

  2. 2
    Video
    Avatar of fireshipFireship·32w

    Apple and Google won’t like this...

    The Free Software Foundation announced the Libriophone project, led by Rob Savois, aiming to create a fully open-source smartphone by replacing all proprietary firmware, drivers, and binary blobs with free software alternatives. Unlike existing solutions like LineageOS that still contain proprietary code, this initiative seeks complete software freedom through reverse engineering. The project faces significant challenges including the massive technical undertaking of replacing closed-source components, limited historical adoption of similar efforts like Replicant, and the dominant Apple-Google duopoly that controls mobile ecosystems.

  3. 3
    Video
    Avatar of awesome-codingAwesome·33w

    The browser monopoly is in big trouble...

    Brave browser has reached 100 million monthly active users by prioritizing privacy and performance. Built on Chromium, it blocks ads and trackers at the browser level, resulting in up to 3x faster page loads. Brave operates its own independent search index (one of only three in the western world), offers a privacy-focused business model with opt-in ads that reward users with tokens, and is developing AI capabilities with strict context isolation. The browser's growth accelerated 50% in the EU following the Digital Markets Act, demonstrating that users actively choose privacy-first alternatives when given the option.

  4. 4
    Article
    Avatar of securityboulevardSecurity Boulevard·30w

    MY TAKE: Have you noticed how your phone’s AI assistant is starting to remap what you trust?

    AI assistants like Google's Gemini are quietly remapping smartphone interfaces without user consent, transforming basic hardware controls into AI engagement points. This shift represents a new form of surveillance through interface colonization, where AI layers mediate user interactions and potentially manipulate information access. Unlike traditional government surveillance exposed by Snowden, modern control happens through convenience-driven defaults that gradually erode user autonomy. Recent reports show Gemini storing conversations, accessing apps with privacy toggles off, and activating unprompted, raising concerns about trust and manipulation at scale.

  5. 5
    Article
    Avatar of hnHacker News·32w

    The Day My Smart Vacuum Turned Against Me

    An engineer discovers their smart vacuum was remotely disabled by the manufacturer after blocking its telemetry servers. Through reverse engineering, they gained root access via an open ADB port, found the device running Google Cartographer SLAM software on Linux, and uncovered evidence of remote kill commands. The investigation revealed the vacuum transmitted unencrypted data including WiFi credentials, had pre-installed remote access software (rtty), and could be controlled by the manufacturer without user consent. The engineer successfully restored offline functionality and documented the findings, highlighting broader IoT security and privacy concerns affecting multiple brands using the same hardware platform.

  6. 6
    Article
    Avatar of hnHacker News·33w

    Why Self-host?

    Explores the motivations for self-hosting personal services, focusing on privacy and digital sovereignty. Discusses how calendar, contact, and location data reveal sensitive information about users, and argues against relying on big tech companies. Provides practical recommendations for self-hosting calendar/contact servers (Baïkal), email (Stalwart, Mailcow), smart home automation (Home Assistant), RSS aggregators (FreshRSS), and location tracking (dawarich). Shares a personal journey from single server to a 3-node Kubernetes cluster setup.

  7. 7
    Article
    Avatar of hnHacker News·32w

    GrapheneOS is finally ready to break free from Pixels, and it may never look back

    GrapheneOS, a privacy-focused Android fork previously exclusive to Google Pixel devices, has partnered with a major Android OEM to expand support to Snapdragon-powered flagship smartphones by 2026-2027. The partnership marks a significant shift for the security-focused operating system, which has maintained strict hardware requirements that only Pixels previously met. While the OEM partner remains unnamed, the new devices will be priced similarly to Pixels and available globally. GrapheneOS will continue supporting existing Pixel devices and confirmed Pixel 10 support, though Pixel 11 compatibility is uncertain.

  8. 8
    Article
    Avatar of twitter_xTwitter X·30w

    Windscribe Puts a $21,000 bounty on Theo

    Windscribe VPN service announced a $21,000 bounty targeting content creator Theo, likely as part of a marketing campaign or challenge related to their VPN product. The bounty appears to be a promotional initiative connecting the VPN provider with a prominent tech influencer.

  9. 9
    Article
    Avatar of dockerDocker·30w

    Self-Hosted Alternatives: Control Your Data

    Self-hosting is gaining popularity as developers seek alternatives to cloud subscriptions and regain control over their data. The article explores motivations like privacy, cost savings, and avoiding vendor lock-in, then covers different hosting approaches from Raspberry Pi setups to VPS rentals. It introduces beginner-friendly self-hosted tools including Immich for photos, LibreOffice/Collabora for productivity, Nextcloud for file storage, and Jellyfin for media streaming. Docker containers simplify deployment by packaging applications with their dependencies, making self-hosting more accessible than ever.

  10. 10
    Article
    Avatar of csoonlineCSO Online·31w

    Google kills its cookie killer

    Google is discontinuing 11 Privacy Sandbox technologies due to low adoption rates and ecosystem feedback. The initiative, launched in 2019 as a cookie alternative for advertisers, faced antitrust investigations from UK and US authorities over concerns about Chrome's market dominance. Despite Google's concessions to regulators, the technologies failed to gain traction due to operational complexity and unclear ROI. Discontinued APIs include Attribution Reporting, Protected Audience, Topics, and IP Protection across Chrome and Android. Google will continue privacy work but drop the Privacy Sandbox branding.

  11. 11
    Article
    Avatar of tailsTails·32w

    Free the internet

    The Tor Project launches a fundraising campaign with matching donations up to $250,000 to support internet freedom and privacy tools. Real-world examples include Turkmen.news using Tor for censorship circumvention, Freedom of the Press Foundation's SecureDrop for secure journalist communications, and individuals in Russia and Egypt accessing encrypted email services. The campaign includes two State of the Onion virtual events in November and December to share project updates and celebrate digital rights.

  12. 12
    Article
    Avatar of tailsTails·32w

    Tails 7.1

    Tails 7.1 is now available with several updates and improvements. The release changes the Tor Browser home page to an offline version, improves administration password messaging, and updates Tor Browser to 14.5.8, Tor client to 0.4.8.19, and Thunderbird to 140.3.0. A bug fix addresses the connection management message in new Tor Browser tabs. Users can upgrade automatically from Tails 7.0 or perform a manual upgrade if needed.

  13. 13
    Video
    Avatar of lowlevellearningLow Level Learning·30w

    this thing is a security nightmare

    AI-powered browsers like ChatGPT Atlas and Comet pose significant security and privacy risks. These browsers grant AI models access to complete browsing history and habits, creating privacy concerns even when opt-out settings exist. More critically, they're vulnerable to prompt injection attacks where malicious websites can embed hidden instructions that hijack the AI agent controlling the browser, potentially stealing sensitive data like authentication codes. The fundamental flaw is combining an AI system that ingests arbitrary content with browser control capabilities, creating attack vectors that even OpenAI's CEO acknowledges can only be 95% mitigated. Ironically, these AI companies build their browsers by forking Chromium rather than using AI to write code from scratch.

  14. 14
    Article
    Avatar of theregisterThe Register·32w

    Microsoft 'illegally' tracked students via 365 Education

    Austria's data protection authority ruled that Microsoft illegally tracked students through its 365 Education platform and violated GDPR by failing to provide complete information about data processing. Microsoft attempted to shift GDPR compliance responsibility to schools and education authorities, who lacked control over student data. When a complainant requested access to their data, Microsoft redirected them to their school, which couldn't provide complete information. The authority ordered Microsoft to disclose full details about data transmission, explain vague terms like 'business modelling,' and reveal any third-party data transfers. Microsoft must also stop deflecting data protection obligations to educational institutions.

  15. 15
    Article
    Avatar of phProduct Hunt·32w

    All Blur: Instantly blur your screen for privacy or content creation

    All Blur is a lightweight macOS application that provides instant screen blurring via keyboard shortcut (⌘+Control+B). It helps protect sensitive information during screen sharing, presentations, or when creating content by quickly obscuring on-screen data when needed.

  16. 16
    Article
    Avatar of appledevApple Developer·33w

    New requirement for apps using Sign in with Apple for account creation

    Starting January 1, 2026, developers in South Korea must provide a server-to-server notification endpoint when using Sign in with Apple. This endpoint enables Apple to send critical updates about user account changes, including email forwarding preference modifications, app-specific account deletions, and permanent Apple Account deletions. Developers must immediately process these notifications to update user data and maintain transparency around account changes, particularly for email forwarding and deletion events. The requirement aims to give users better control over their personal data while ensuring apps comply with privacy standards and local regulations.

See all Privacy archives