The Permission slip link takes you to the Consumer Reports Page, but be careful. The link "Permission Slip App" on the consumer reports page takes you to https://joindeleteme.com/permission-slip/ which will try to upsell you a the paid delete.me service
Within hours, readers flagged something I'd missed: **on May 28, Consumer Reports handed Permission Slip to DeleteMe — a paid service.** The free app I recommended is now a funnel to a subscription.
There is still core free functionality, but you are right the DeleteMe operating acquisition opens a real hole in this advice. I am thinking about how I can best help. Perhaps we need an actually free version.
The most important line here is not “protect your privacy.”
It is “make yourself expensive.”
That turns privacy from a moral slogan into a market structure problem.
Data brokers win because the marginal cost of harvesting, matching, and reselling a person is close to zero. The state can then buy what it would otherwise need to legally compel.
The counter-move is not purity. It is margin pressure.
Remove records. Break identity links. Reduce metadata. Poison confidence. Make the dataset less clean, less complete, and less cheap to use.
Exactly! "The whole apparatus runs on volume economics: collect everything, sell it in bulk, keep the marginal cost of each record near zero. That’s the weakness. You don’t have to make the surveillance machine blind. You just have to make it expensive."
Thank you. Thank you for sharing this information and putting it all together for us. I've been on Proton for 2 years, eliminated use of Google apps, and use Duck Duck Go, and thought that might be enough, but sensed there was more to do.
Yes, none of this prevents all attack vectors. Signal chats are encrypted, but the metadata is not. In the EU, Proton, which has the same vulnerability, has turned over metadata that exposed patterns of communication of activists.
There is no silver bullet, but there are actions we can take to make ourselves harder to track, more expensive to manipulate, and that matters at the personal scale, and if we do it together it matters at the societal scale.
My oldest took a cyber security class in high school and has since become hyper vigilant in managing his online presence. He's since started helping me. I navigated to Proton but am still extricating myself from Google. Also switched to Vivaldi as a browser. Apps are the hardest because so many are convenient. It's definitely a process but better to just start somewhere and keep going!
I’m in the process of switching from Gmail to proton now. I’m confused, are you recommending Proton mail? Or not?
It seems like it’s better than Google because it’s not reading all of your content all the time by default. But if a government agency went to them to ask for your info specifically, they would give it to them? But wouldn’t every other email service as well?
Right — every provider can be compelled to give up metadata (to/from, timestamps, and with Proton, subject lines and any recovery email/IP they're ordered to log). The difference is the body. Google can read and hand over what you actually wrote; Proton mathematically can't, because they don't hold the keys. So it's not "nobody can ever touch your data" — it's "the contents are off the table, and the metadata request has to go through Swiss courts and be specific." For most people switching off Gmail that's a large, real upgrade. Just don't put anything in a subject line you'd hate to see in a warrant.
Apparently proton VPN doesn’t log traffic. It’s essential in a lot of countries now (such as the uk) so Americans should be aware they may need one very soon
Just to let you know, the “Consumer Reports found 12 of 16 VPNs made misleading claims like “complete anonymity.”” link is not working. I’d love to read what you were linking to
This approach is the best of America; my dad never went to the university but taught himself smart investing enough to secure a good retirement for himself. He did not accept the limitations of retirement pay from his manual job. No one could believe someone like him could figure it out; but he did. What you’ve posted here is pretty amazing. I’ll subscribe/pay as soon as I can.
Your dad sounds like exactly the kind of person this is written for — someone who didn’t accept that the system’s complexity was a reason to stay out of it.
That’s the whole argument of the piece: the surveillance economy counts on people assuming it’s too complicated to fight. It isn’t.
Thank you for sharing that, and no rush on the subscription — the free version is always here.
Duck Duck Go did have an incident where they allowed Microsoft trackers, but after public pressure they have since reversed course and blocked them. So, the track record is not perfect, but at least they are better than Google and Bing.
Vivaldi is a genuinely good choice — strong built-in blocking, no telemetry, privacy-focused team. The one caveat is it’s Chromium-based, which keeps Google’s engine dominant, but as a practical daily browser it’s solid.
On Brave: I covered it in the piece with some reservations. The built-in blocking is aggressive and effective, but it has baggage — it was caught silently inserting its own affiliate codes into crypto-exchange URLs users typed, and it runs a cryptocurrency rewards scheme. The privacy protection is real; the business model around it gives some people pause. If you’re not doing anything crypto-adjacent and you’re aware of the tradeoffs, it’s a reasonable choice. Just go in with eyes open.
I’m going to have to read this more than once for it to all sink in, but I really appreciate the info you’ve laid out.
The Permission slip link takes you to the Consumer Reports Page, but be careful. The link "Permission Slip App" on the consumer reports page takes you to https://joindeleteme.com/permission-slip/ which will try to upsell you a the paid delete.me service
When I published "Make Yourself Expensive) https://transparencycascade.org/resources/data-footprint/ my #1 free recommendation was Permission Slip — the Consumer Reports opt-out app.
Within hours, readers flagged something I'd missed: **on May 28, Consumer Reports handed Permission Slip to DeleteMe — a paid service.** The free app I recommended is now a funnel to a subscription.
If you use it, decline the "PLUS" upsell.
Good point!
I have updated the article.
I went straight to the Play Store and installed it, read the user agreement and it said it will charge you. So I uninstalled it.
There is still core free functionality, but you are right the DeleteMe operating acquisition opens a real hole in this advice. I am thinking about how I can best help. Perhaps we need an actually free version.
The most important line here is not “protect your privacy.”
It is “make yourself expensive.”
That turns privacy from a moral slogan into a market structure problem.
Data brokers win because the marginal cost of harvesting, matching, and reselling a person is close to zero. The state can then buy what it would otherwise need to legally compel.
The counter-move is not purity. It is margin pressure.
Remove records. Break identity links. Reduce metadata. Poison confidence. Make the dataset less clean, less complete, and less cheap to use.
Surveillance is a volume business.
Resistance starts by ruining the unit economics.
Exactly! "The whole apparatus runs on volume economics: collect everything, sell it in bulk, keep the marginal cost of each record near zero. That’s the weakness. You don’t have to make the surveillance machine blind. You just have to make it expensive."
Thank you. Thank you for sharing this information and putting it all together for us. I've been on Proton for 2 years, eliminated use of Google apps, and use Duck Duck Go, and thought that might be enough, but sensed there was more to do.
Your work here is MUCH appreciated. Thank you.
Thank you for this information I to will have to re-read or get some help with some of it but truly appreciate all you have stated in your sub stack
Thank you for this info! Super helpful. A potential caveat for Signal: the government used Signal chats for an indictment of protestors/activists recently: https://www.mprnews.org/story/2026/06/17/ice-protester-charges-attorneys-activists-react
Yes, none of this prevents all attack vectors. Signal chats are encrypted, but the metadata is not. In the EU, Proton, which has the same vulnerability, has turned over metadata that exposed patterns of communication of activists.
There is no silver bullet, but there are actions we can take to make ourselves harder to track, more expensive to manipulate, and that matters at the personal scale, and if we do it together it matters at the societal scale.
Kash Patel is a remarkable coward and an absolute whore.
Useful guidance with the additional benefit of decreasing the need for data centers- every broker is storing redundant bytes…
Greatly appreciate your work.
I have begun my “clean-up”
Thank you,
My oldest took a cyber security class in high school and has since become hyper vigilant in managing his online presence. He's since started helping me. I navigated to Proton but am still extricating myself from Google. Also switched to Vivaldi as a browser. Apps are the hardest because so many are convenient. It's definitely a process but better to just start somewhere and keep going!
I’m in the process of switching from Gmail to proton now. I’m confused, are you recommending Proton mail? Or not?
It seems like it’s better than Google because it’s not reading all of your content all the time by default. But if a government agency went to them to ask for your info specifically, they would give it to them? But wouldn’t every other email service as well?
Right — every provider can be compelled to give up metadata (to/from, timestamps, and with Proton, subject lines and any recovery email/IP they're ordered to log). The difference is the body. Google can read and hand over what you actually wrote; Proton mathematically can't, because they don't hold the keys. So it's not "nobody can ever touch your data" — it's "the contents are off the table, and the metadata request has to go through Swiss courts and be specific." For most people switching off Gmail that's a large, real upgrade. Just don't put anything in a subject line you'd hate to see in a warrant.
Thank you! This all so helpful.
But if you correspond with those who have gmail, your correspondence is exposed in their emails read by Google.
But if you correspond with those who have gmail, your correspondence is exposed in their emails read by Google.
Yes. It’s such a crazy game we have to play.
Apparently proton VPN doesn’t log traffic. It’s essential in a lot of countries now (such as the uk) so Americans should be aware they may need one very soon
Thanks so much for this.
Just to let you know, the “Consumer Reports found 12 of 16 VPNs made misleading claims like “complete anonymity.”” link is not working. I’d love to read what you were linking to
I’ll fix the link.
https://www.consumerreports.org/vpn-services/vpn-testing-poor-privacy-security-hyperbolic-claims-a1103787639/
Thank you!
This approach is the best of America; my dad never went to the university but taught himself smart investing enough to secure a good retirement for himself. He did not accept the limitations of retirement pay from his manual job. No one could believe someone like him could figure it out; but he did. What you’ve posted here is pretty amazing. I’ll subscribe/pay as soon as I can.
Your dad sounds like exactly the kind of person this is written for — someone who didn’t accept that the system’s complexity was a reason to stay out of it.
That’s the whole argument of the piece: the surveillance economy counts on people assuming it’s too complicated to fight. It isn’t.
Thank you for sharing that, and no rush on the subscription — the free version is always here.
How about Brave browser? I also heard DuckDuckGo is no longer as secure?
Duck Duck Go did have an incident where they allowed Microsoft trackers, but after public pressure they have since reversed course and blocked them. So, the track record is not perfect, but at least they are better than Google and Bing.
I use Vivaldi. Any issues you're aware of?
Vivaldi is a genuinely good choice — strong built-in blocking, no telemetry, privacy-focused team. The one caveat is it’s Chromium-based, which keeps Google’s engine dominant, but as a practical daily browser it’s solid.
On Brave: I covered it in the piece with some reservations. The built-in blocking is aggressive and effective, but it has baggage — it was caught silently inserting its own affiliate codes into crypto-exchange URLs users typed, and it runs a cryptocurrency rewards scheme. The privacy protection is real; the business model around it gives some people pause. If you’re not doing anything crypto-adjacent and you’re aware of the tradeoffs, it’s a reasonable choice. Just go in with eyes open.