Frequently Asked Questions

Click any question to expand. Sources and further reading at the bottom.

• Does a VPN make me completely anonymous?+

  No. A VPN encrypts traffic between your device and the VPN server, hiding it from your ISP. However, the VPN provider now has full visibility — you shift trust, not eliminate it. Commercial providers are also subject to legal data requests. For genuine anonymity, use multi-hop routing like the Tor network, where no single operator can link your IP to your destination.

• What is the difference between privacy and anonymity?+

  Privacy means you control who sees your data — like a locked house. It doesn't hide that you live there; it controls who enters. Anonymity means your actions can't be tied to your identity — like walking through a crowd in a mask. You can have privacy without anonymity (encrypted chat with a known contact) and anonymity without privacy (pseudonymous post on a public forum).

• What is browser fingerprinting?+

  Fingerprinting identifies your browser using a combination of technical parameters: screen resolution, installed fonts, browser plugins, GPU rendering behavior, time zone, language settings, hardware concurrency, and more. Unlike cookies, fingerprints can't be cleared and require no consent. Research by the EFF (Panopticlick) found over 80% of browsers are uniquely identifiable. Mitigation: use Firefox with privacy.resistFingerprinting = true or the Tor Browser.

• Is Signal truly secure?+

  Signal's cryptography — the Signal Protocol — is best-in-class, providing forward secrecy and deniability. It is used by security professionals worldwide. Its real limitations are operational, not cryptographic: it requires a phone number (linking you to a real identity), and communication metadata (who you talk to, when) is not fully hidden. For phone-number-free messaging, consider Session.

• What is a threat model and why does it matter?+

  A threat model answers: What do you want to protect? From whom? How likely is an attack? What are the consequences of failure? Without one, security decisions are arbitrary. A journalist protecting a whistleblower needs Tails OS and air-gapped hardware. A person avoiding ad tracking needs uBlock Origin and Firefox containers. The same tool that is overkill for one person is dangerously insufficient for another.

• Are decentralized platforms safer?+

  More resilient against central censorship — yes. Safer for the end user — not automatically. Decentralized networks often lack moderation, enabling spam and harmful content. On public blockchains, your metadata (and sometimes content) is permanently visible to anyone running a full node. Many nominally decentralized apps also rely on centralized infrastructure (Cloudflare, AWS), reintroducing single points of failure.

• Why is metadata dangerous even with end-to-end encryption?+

  Encryption protects message content. Metadata — who you communicate with, when, how often, from where — is often transmitted in cleartext and logged by ISPs and service providers. Former NSA Director Michael Hayden stated: "We kill people based on metadata." Social graph analysis of metadata alone can reveal political affiliations, medical conditions, and personal relationships without reading a single message.

• Can I use the internet completely trace-free?+

  Practically, no. Every connection requires an IP address; every device leaves a fingerprint. You can dramatically reduce your exposure using Tor, Tails OS, compartmentalized browsing, and identity separation. However, a well-resourced state-level adversary can often de-anonymize targeted individuals through traffic correlation. For most people, the realistic goal is making mass automated surveillance economically unviable — not achieving perfect invisibility.