I highly recommend everyone to keep a privacy and security to-do list. Whenever I visit the privacy guides forum I like to check my to-do list and to take notes after reading the forum.
For 2026 I’d like to find solutions for lessening privacy leaks through my credit card, bank, and phone number. I would also like to help my significant other share the services I already have set up. Here’s some things from my list:
Set up a shared pseudonym and phone number for myself and my partner.
Set up KeePassXC and Syncthing sharing between myself and my partner.
Set up a credit card masking service and watch for updates to digital wallet software that can incorporate masking services for physical transactions.
Store my long term number in a read-only account that has the ability to push notifications when contacted.
I’d also like to mention my resolution to be more vocal in my privacy advocacy. For many years I have been advocating to reform the housing finance system and it is becoming clear how highlighting abuses in housing helps aid our case for privacy rights. If you’re reading this, the privacy community and the many progressive groups could use your help and involvement. If anything we all benefit when we think of privacy not just as a personal task, but one we approach together. Best, A
In 2025, I applied all the Privacy Guide recommendations. I tested various privacy tools, but ultimately decided to strictly follow the best recommendations. I don’t believe there are multiple threat models in relation to privacy: you either adhere to privacy or you don’t (either Microsoft or Linux). Of course, there is an additional layer for journalists. Since I am not a developer but a user, further improvements will depend on developments and problem solving with what has already been created.
I buy some very unusual/niche things (unfortunately), so my grocery purchases are by default not privacy-friendly yes.
I wouldn’t say they are unique, but definitely niche if you get the entire list of all the stuff I buy on a weekly basis.
Very good call indeed.
I mean, they have the footage so they can always run it through some Python to narrow down people. I achieved something similar in 2 hours using VueJS with no prior experience in local models few years ago. Nowadays + with some money (that decently-sized stores definitely have), it’s easier than ever to achieve that.
So overall, it’s very doable. But maybe not everybody is doing that particularly. Resources are not the blocker here for sure.
Oh, very much yes!
Very much sharing the anger. Most people get too much data for what they need, which is usually just money or some kind of proof that you’re the person you’re saying you are.
Depends on your country and how many stores you have, if it’s a duo/trio-poly then they are big enough to invest a bit of money into that. At least for their own safety of not letting shoplifters run away with things.
Not sure that people do care enough as a society unfortunately.
Oh yeah, like Twilio/Telnyx. But those ones are very easy to spot because there are official APIs for such things, hence it’s mostly hoping that the devs didn’t implemented it. I just skip the roulette entirely and use SMSpool, faster as a whole.
I don’t know if we are doing updates here throughout 2026 but … I bought a month of Mullvadvpn on Saturday to test on Linux. Within the first hour I could see the improvement. Ordering a voucher today for a year.
It really is the best in Linux. Through can use any with provider with WireGuard if you do want streaming support that Proton provides for example. But don’t think it matters on Linux because web based access to streaming services is never high quality hit only Full HD at best.
Doing a side-by-side comparison of the app on Android and Linux, it’s virtually identical. A few small differences but all the important settings are present.
I mean, they can only update one OS’s app at a time and that’s why some very small differences may occur. But considering how bad others are, Mullvad may as well be perfect in comparison.
NO MORE WINDOWS! 2026 will attempt to go a full year without using Windows, which should be easy as I barely used Windows last year. Of course, I would have to use Windows at work or when I’m on another person’s device, but me and my family don’t use Windows on any of our own devices.
Last year resolution was to reduce online shopping, and I did that by not having anything delivered to my home. But now I’ve centralized most of my online shopping to Amazon so this year, I will attempt to either cut my spending on Amazon in half or (preferably) stop shopping on Amazon, but I won’t delete my account.
I don’t want to focus too much on privacy this year, as last year, I switched to Linux (trying out different OS), started self-hosting, deleted a lot of my old accounts (have a few left that I can think of), switched e-mails and phone numbers, trying out different local AI models and web browsers, encrypting sensitive files. It felt too much to do in one year, so I’m mostly focusing on updating my threat model this year.
I’m also happy with the devices I currently have, but if I need a new laptop, it’ll either be QubesOS (which I have installed on my desktop PC) or a Macbook if it has to be an OS that isn’t Linux. I’m not sure if I’ll need one this year, but it’s on my resolution.
In the future (so not 2026), I would like to harden my network, but I don’t have much network experience. I also want to completely de-Google, but that won’t happen as long as I’m on Android. And I hope to move away from WhatsApp, which seems impossible, but at least I’m happy it’s the only Meta product I use. I have two friends that bought the creepy Meta RayBan glasses this year.
I remember reading that the profit margins of successful grocery stores, which includes big chains, are between 1 and 2 %. This really shocked me. If this is true, I would hope this low margin deters them from using AI. But by all indication with what grocery stores are doing in the UK and other countries like the US, or France, it does not seem to be the case.
Indeed. It’s already happening in the countries I mentioned above, which sucks.
We have to compel them to understand. I find it interesting that people are ok with Google scanning their emails, but suddenly they’re uncomfortable with being scanned in a grocery store. It’s clear that when surveillance is insidious, people are less likely to resist it, even if they are aware of it. And sometimes even when it’s visible, like having millions of cameras in London, people get so used to it that they don’t bother to protest anymore. There’s also the fact that many people buy into the idea that this is the best solution for safety, which it isn’t.
All of the following is to be treated as opinion and not as any claim of fact. Anyone who disagrees with any of it is more than welcome to challenge it as though it were a claim of some fact, as I am more than happy to be provided sources showing otherwise.
I’d think of it in a similar way to browser settings, personally. What you buy on a given day at a given time is probably not as certain as browser settings, but with enough time, it would most likely be very easy to have a probabilistic understanding of certain shopping habits (i.e., based on the last 2 years of customer X’s shopping data, we know they are very likely to buy a new bag of Brand Y flour every N weeks. If they do not do that, then they are very likely to buy a new bag of Brand Z chocolate chips instead). From there, it’s the same game of identifying someone based on yes/no questions.
The list of candidates narrows down very quickly if you make any purchases that are uncommon among the other candidates. If you have certain dietary restrictions, supplements, or medications you must adhere to, I’d imagine there is a very good chance the vast majority of candidates do not have to do so, which is a pattern that will show up in your shopping habits.
It’s also worth keeping in mind that identifying customers and their shopping habits is one of the biggest, if not THE biggest, uses of rampant corporate data collection. The advertising industry thrives off this. I’d expect they’ve put a lot of effort into perfecting their twisted art.
That all said, I am by no means suggesting the effort to shop privately and/or anonymously is pointless. I just think it’s very difficult to achieve the latter, and the best you can realistically achieve is likely the former.
You make some excellent points. I also think it’s important to remind people that, to my understanding, surveillance capitalism targets groups not individuals, based on a specific profile. Basically, based on you and other people’s purchasing habits, marketers determine that all the people who have the same habits fit into a specific profile (eg: female / single/ 30s, low income), and they advertise to that profile. They don’t really tailor their message specifically to you as a single individual, but to all the people who have similar habits as you.
Have you ever gone to a store, only to find out that the product that you bought every week has been discontinued because it didn’t “sell well”? If stores have your data, they know that you loved that product, and yet they stopped selling it because not enough people like you buy it.
Maybe it’s changing, but to my understanding, companies are not going to spend resources marketing to an individual. Especially if what you like is extremely unique.
Think of all the missing features you want in an app that never happen. Most of the time, app developer will not care to implement these features, unless enough users explicitly ask for them. If only 3 people ask for them, it won’t move them.
1000%.
Always remember that it’s never too late to stop giving data. Data is only as valuable as long as it’s relevant, and hence recent. If you stopped giving away data at 20, it’s unlikely that the stale data they have on you is relevant enough to market to you when you’re now 30.
This one isnt a personal effort insomuch as it is a hope for industry advancement: open source RCS
I encourage all to use a real E2EE messenger, like Signal. But I am not persuasive enough to convince every friend, loved one, client, and pretty girl to make the switch. Thus, SMS remains a necessary evil to maintain both professional & social connections.
E2EE RCS is a promising improvement, but to date, it seems locked within Google or Apple ecosystems. This makes me UPSET.
I continue to use Quik SMS, but I spend an hour or two per week seeking out news and novel projects that may develop into meaningful advancements for FOSS RCS. Hoping 2026 makes progress!
Alternatively you can try out with matrix bridges if you’re willing to
Depends on if you wanna pay with time or money but yeah
The fact that this is the only way so far, better than nothing but not so accessible of a thing even if possible (of course there’s a reason I said money or time or some combo of both)
I highly doubt this will happen any time soon if ever. Last I checked E2EE RCS wasn’t a thing in Apple land. AFAIK RCS requires buy-in from telecom companies because your messages need to be connected to your phone account to be able to seamlessly fall back to SMS. There’s no profit incentive to build-out the infrastructure to do this when you could be charging your customers extra for sending MMS. I guess Google is making a push to RCS to try to bridge the gap with Apple’s iMessage and Apple might be pressured to allow RCS to make it seem like less of a monopoly. It seems very highly unlikely that Google + Apple + Telecoms are going to be willing to give up any kind of power over this system and allow FOSS RCS apps to exist.
In 2025 I moved from iCloud ADP to Proton Drive after their big summer update fixed all the issues I previously had.
Also moved from Bitwarden to Proton Pass due to better user experience.
Finally I upgraded to an iPhone Air to get that awesome A19 MIE. As for the Air…..my 2026 goal is to get an iPhone 18 Pro Max . The iPhone Air is amazing to use daily but really miss having better cameras.
. The iPhone Air is amazing to use daily but really miss having better cameras.