Best of PrivacyNovember 2025

  1. 1
    Article
    Avatar of phProduct Hunt·26w

    Onyx: Free, local-first 4K screen recorder

    Onyx is a free, privacy-focused screen recorder that runs entirely in the browser without requiring cloud uploads or subscriptions. It captures studio-quality 4K video with high bitrate, storing recordings locally on your device. The tool eliminates common limitations like time restrictions and quality downgrades found in cloud-based alternatives, making it suitable for creators who need to share their work while maintaining full control over their data.

  2. 2
    Article
    Avatar of newstackThe New Stack·28w

    Why the Frontend Should Run AI Models Locally With ONNX

    Running AI models locally in the browser using ONNX Runtime Web offers significant advantages over cloud-based approaches. Local execution eliminates privacy concerns by keeping sensitive data on-device, enables offline functionality, and provides instant feedback loops. ONNX acts as a universal format for ML models, allowing models trained in PyTorch or TensorFlow to run anywhere via JavaScript. Angular's Signals feature (v16+) provides the performance isolation needed for heavy inference operations. The approach enables mixing local models for low-latency tasks with cloud calls for complex reasoning, while maintaining transparency about data handling.

  3. 3
    Article
    Avatar of 80lv80 LEVEL·29w

    Programmer Discovers His Smart Vacuum Was Spying on Him

    A programmer discovered his ILIFE A11 smart vacuum was sending unencrypted data including Wi-Fi credentials and home maps to manufacturer servers. When he blocked the data transmission, the device was remotely bricked by the manufacturer. After disassembling it and accessing its unprotected Android Debug Bridge, he found the manufacturer had root access via pre-installed software. The same hardware powers devices from multiple brands including Xiaomi and Wyze, suggesting widespread vulnerability. He successfully restored the device with full local control by removing manufacturer access.

  4. 4
    Article
    Avatar of tonskytonsky.me·28w

    Needy Programs

    Modern software has shifted from serving users to demanding attention and data from them. Applications increasingly require accounts, push constant updates, send unwanted notifications, and force onboarding flows—none of which users actually need. Traditional tools like command-line utilities and programs like Syncthing demonstrate that software can function effectively without these intrusive patterns. The author advocates for returning to user-centric design where programs remain quiet tools that serve their purpose without demanding ongoing engagement or personal information.

  5. 5
    Article
    Avatar of hnHacker News·28w

    WICG/email-verification-protocol: verified autofill

    A proposed web standard for verifying email addresses without sending verification emails or leaving the current page. The protocol uses DNS delegation, SD-JWT tokens with key binding, and browser mediation to enable mail domains to delegate verification to an issuer. The browser requests a token from the issuer using authentication cookies, verifies it, and provides it to the web application. This approach enhances privacy by preventing issuers from learning which applications users are accessing, while eliminating the friction of traditional email verification flows that cause user drop-off.

  6. 6
    Article
    Avatar of phProduct Hunt·29w

    QuiteInbox: Take back control of your inbox

    QuiteInbox is a free, open-source tool that helps users unsubscribe from unwanted emails quickly. It operates entirely in the browser with no servers or tracking, ensuring complete privacy and local data processing.

  7. 7
    Article
    Avatar of hnHacker News·29w

    Manufacturer issues remote kill command to disable smart vacuum after engineer blocks it from collecting data — user revives it with custom hardware and Python scripts to run offline

    An engineer discovered his iLife A11 smart vacuum was sending telemetry data without consent. After blocking the manufacturer's servers, the device was remotely disabled via a kill command. Through reverse engineering, he found the vacuum had unsecured root access and was transmitting 3D maps of his home. He successfully revived the device using custom hardware, Python scripts, and a Raspberry Pi, enabling it to run completely offline. The incident highlights serious privacy and ownership concerns with IoT devices that rely on cloud processing.

See all Privacy archives