Most efficient way to monitor apps/services for privacy changes?

I am reviewing my privacy setup, and am trying to find a way to “stay updated” with the services and apps I use.

For example, it was recently revealed that StartPage has started fingerprinting people. I know this because I saw it on the PG forum feed, but I just don’t have the time to scroll on this feed everyday, and even if I did, my eyes could miss something relevant to me, or the community could miss something.

I suspect people are going to recommend RSS updates and/or Github. If this is the case, I need further guidance as I don’t use either. I don’t know what to subscribe, and whenever I end up on a Github page I feel so overwhelmed and don’t understand what anything is or where to look.

@jordan wrote a nice guide for getting started with RSS, over on the techlore forum (link to post) PG also has an RSS page in the recommendations section.

It seems the sources you cite provide two methods of monitoring apps (with help of RSS). 1. blogs of applications and 2. blogs of 3rd parties such as PrivacyGuides. The former is vulnerable to bias and deception. If a company decides to take a sudden malicious turn and sneak spyware into its code, I doubt they will warn everyone in their blog. PrivacyGuides would be more likely to report on something like this, but how would they find out about this in the first place? I mean no disrespect to PrivacyGuides, but I wonder, is there something more centralized? Which is why I mentioned Github, but I don’t know if Github is something worth looking at for someone who is not into coding, or if the best I can do is rely on privacy journalists (such as PG/techlore) to find and report the problems.

PrivacyGuides would be more likely to report on something like this, but how would they find out about this in the first place?

I think You’ve misunderstood my mention of privacy guides. I mentioned them as a source to Learn how to use RSS I wasn’t specificially recommending that you follow PG’s RSS feed (though I would recommend that also if you do decide to use RSS).

Which is why I mentioned Github, but I don’t know if Github is something worth looking at for someone who is not into coding

I think it definitely is. You do have to be somewhat technical, and you do have to accept you won’t be able to actually audit or understand most of the code, but Github can be very useful and informative even if you are not a developer.

Some aspects of github that are useful even without knowledge of coding are: Github Issues, Discussions, Releases, and Readme’s.

Part of the reason I recommended RSS is because it is really flexible, you can use it for following things like Github releases for example, or changelogs.

whenever I end up on a Github page I feel so overwhelmed and don’t understand what anything is or where to look.

In my experience (as a non-developer) this feeling diminishes with time/familiarity.

The former is vulnerable to bias and deception. If a company decides to take a sudden malicious turn and sneak spyware into its code, I doubt they will warn everyone in their blog

I think this is just somewhat of an unavoidable reality. I think this is why choosing trustworthy, well established software, and staying vigilant to changes (in code, or in ownership) is important. And also choosing to use software where the developer’s business model and/or incentives are well aligned with your own, or where secretly violating your privacy would be technically impractical or difficult (such as services based around zero knowledge or end-to-end encryption) but that isn’t always possible.

is there something more centralized?

I’m not sure that this is really possible. But its possible I’m not correctly understanding what you are envisioning/seeking.