What is the deal with PrivacyTools?

If you don’t like drama, feel free to ignore this whole post. It’s honestly a very boring topic that nobody besides terminally online people with an axe to grind will care about, however because I continue to be asked about this topic anyways, I had to publish this for future reference.

An extended version of this page was originally published on Privacy Guides to clear up misinformation being spread by the project currently known as PrivacyTools. Because “PrivacyTools” continues to engage in spreading misinformation about me personally, I am adding some of this information to my own website. More information can be found on the original page.

A Brief Summary

In September 2021, every active contributor to PrivacyTools unanimously agreed to move to Privacy Guides. This decision was made because PrivacyTools’ founder and controller of the domain name had disappeared for an extended period of time and could not be contacted.

Having built a reputable site and set of services on PrivacyTools.io, this caused grave concerns for the future of the project, as any future disruption could wipe out the entire organization with no recovery method. This transition was communicated to our community many months in advance via a variety of channels to ensure the entire process went as smoothly as possible. We did this to ensure nobody was kept in the dark, which has been our modus operandi since our team was created, and to make sure Privacy Guides was recognized as the same reliable organization that PrivacyTools was before the transition.

After the organizational move was completed, the founder of PrivacyTools returned and began to spread misinformation about these moves. They continue to spread misinformation and operate a paid link farm on the old PrivacyTools.io domain.

What is PrivacyTools?

PrivacyTools was created in 2015 by Marco Wollank, AKA “BurungHantu,” who wanted to make a privacy information resource following the Snowden revelations. The site grew into a flourishing open-source project with many contributors, some eventually given various organizational responsibilities, such as operating online services like Matrix and Mastodon, managing and reviewing changes to the site on GitHub, finding sponsors for the project, writing blog posts and operating social media outreach platforms like Twitter, etc.

Beginning in 2019, BurungHantu grew more and more distant from the active development of the website and communities, and began delaying payments he was responsible for related to the servers we operated. To avoid paying server costs out of my own pocket, we changed the donation methods listed on the site from BurungHantu’s personal PayPal and crypto accounts to a new OpenCollective page on October 31, 2019. This had the added benefit of making our finances completely transparent, a value we strongly believe in, and tax-deductible in the United States, because they were being held by the Open Collective Foundation 501(c)3. This change was unanimously agreed upon by the team and went uncontested.

Why The Team Moved On

In 2020, BurungHantu’s absence grew much more noticeable. At one point, we required the domain’s nameservers to be changed to nameservers I controlled to avoid future disruption, and this change was not completed for over a month after the initial request. He would disappear from the public chat and private team chat rooms on Matrix for months at a time, occasionally popping in to give some small feedback or promise to be more active before disappearing once again.

In October 2020, I left the project because of these difficulties, handing control to another long-time contributor. Since I had been operating nearly every PrivacyTools service and acting as the de facto project lead for website development in BurungHantu’s absence, my departure was a significant change to the organization. At the time, because of this significant organizational change, BurungHantu promised the remaining team he would return to take control of the project going forward. The remaining team reached out via several communication methods over the following months, but did not receive any response.

Domain Name Reliance

At the beginning of 2021, the PrivacyTools team grew worried about the future of the project, because the domain name was set to expire on 1st March 2021. The domain was ultimately renewed by BurungHantu with no comment, but the discussions held in the months prior generated significant concern within the project. Because the domain was renewed on a year-to-year basis, this would be a concern every year, and if the domain expired it would have posed massive problems for our SEO rankings and recognition, because the team would have no way to inform the community of a migration to a new domain without the original website.

Without being in any contact with BurungHantu, the remaining team decided the best course of action would be to move to a new domain name while we still had guaranteed control over the old domain name, sometime before March 2022. Because I had left the team months earlier, I was not involved with making this final decision. This decision was made many months in advance and communicated to the entire team in the hopes that BurungHantu would reach out and assure his continued support for the project, because with a recognizable brand name and large communities online, moving away from “PrivacyTools” was the least desirable possible outcome.

Following this, in mid-2021 the PrivacyTools team reached out to me, and I agreed to rejoin the team to help with the transition. We informed the community about our intentions by the end of July.

Control of r/privacytoolsIO

Simultaneously with the ongoing website issues at privacytools.io, the r/privacytoolsIO moderation team was facing challenges with managing the subreddit. The subreddit had always been operated mostly independently of the website’s development, but BurungHantu was the primary moderator of the subreddit as well, and he was the only moderator granted “Full Control” privileges. u/trai_dep was the only active moderator at the time, and posted a request to Reddit’s administrators on June 28, 2021, asking to be granted the primary moderator position and full control privileges, in order to make necessary changes to the Subreddit.

Reddit requires that subreddits have active moderators. If the primary moderator is inactive for a lengthy period of time (such as a year) the primary moderation position can be re-appointed to the next moderator in line. For this request to have been granted, BurungHantu had to have been completely absent from all Reddit activity for a long period of time, which was consistent with his behaviors on other platforms.

If you were removed as moderator from a subreddit through Reddit request it is because your lack of response and lack of activity qualified the subreddit for an r/redditrequest transfer.

r/redditrequest is Reddit’s way of making sure communities have active moderators and is part of the Moderator Code of Conduct.

Beginning the Transition

On September 14th, 2021, we announced the beginning of our migration to the new domain the community had chosen:

[…] we found it necessary to make this switch sooner rather than later to ensure people would find out about this transition as soon as possible. This gives us adequate time to transition the domain name, which is currently redirecting to www.privacyguides.org, and it hopefully gives everyone enough time to notice the change, update bookmarks and websites, etc.

This change entailed:

  • Redirecting www.privacytools.io to www.privacyguides.org.
  • Archiving the source code on GitHub to preserve our past work and issue tracker, which we continued to use for months of future development of this site.
  • Posting announcements to our subreddit and various other communities informing people of the official change.
  • Formally closing privacytools.io services, like Matrix and Mastodon, and encouraging existing users to migrate as soon as possible.

Things appeared to be going smoothly, and most of our active community made the switch to our new project exactly as we hoped.

Following Events

This brings us to an ongoing, regrettable source of drama. Roughly a week following the transition, BurungHantu returned online for the first time in nearly a year, because he was no longer receiving crypto donations from the website, and he noticed the website redirects in place and his removal from the subreddit a few months ago.

Nobody on the team was willing to return to PrivacyTools at this point given his historic unreliability, but given that he claimed to want to continue working on privacytools.io on his own, we agreed to remove the redirect from www.privacytools.io to www.privacyguides.org, if he agreed to keep the subdomains for Matrix, Mastodon, and PeerTube pointed to our servers. Our intention was to continue running these platforms as a public service to our community for at least a few months in order to allow users on those platforms to easily migrate to other accounts, because federated accounts are inherently tied to specific domain names, and they are very difficult to migrate once the domain and server no longer exist.

Unfortunately, because control of the r/privacytoolsIO subreddit was not returned to BurungHantu at his demand (further information below), those subdomains were cut off at the beginning of October, ending any migration possibilities to any users still using those services.

PrivacyTools.io Now

As of September 25th 2022 we are seeing BurungHantu’s overall plans come to fruition on privacytools.io, and this is the very reason we decided to create this explainer page today. The website he is operating appears to be a heavily SEO-optimized version of the site which recommends tools in exchange for financial compensation. Very recently, IVPN and Mullvad, two VPN providers near-universally recommended by the privacy community and notable for their stance against affiliate programs were removed from PrivacyTools. In their place? NordVPN, Surfshark, ExpressVPN, and hide.me; Giant VPN corporations with untrustworthy platforms and business practices, notorious for their aggressive marketing and affiliate programs.

PrivacyTools has become exactly the type of site I warned against on the former PrivacyTools blog in 2019. I’ve tried to keep my distance from PrivacyTools since the transition, but their continued harassment towards myself, our project, and now their absurd abuse of the credibility their brand gained over 6 years of open source contributions is extremely troubling. Those of us actually fighting for privacy are not fighting against each other, and are not getting our advice from the highest bidder.

r/privacytoolsIO and OpenCollective

I am not a moderator of r/privacytoolsIO, and I have no control over its current operation. However, according to Reddit’s rules, subreddits do not belong to anybody, and they especially do not belong to brand-holders. They belong to their communities, and the community and its moderators made the decision to support the move to r/PrivacyGuides. For a community with many thousands of remaining subscribers, Privacy Guides feels that it would be incredibly disrespectful to return control of that massive platform to the person who abandoned it for over a year, and who now operates a website that we feel provides very low-quality information. Thus, u/trai_dep and the rest of the subreddit moderation team has made the decision to keep r/privacytoolsIO as-is.

Our fundraising platform, OpenCollective, is another source of contention. Our position is that OpenCollective was put in place by our team and managed by our team to fund services we currently operate and which PrivacyTools no longer does. We reached out to all of our donors regarding our move to Privacy Guides, and we were unanimously supported by our sponsors and community.

Thus, the funds in OpenCollective belong to Privacy Guides, they were given to our project, and not the owner of a well known domain name. In the announcement made to donors on September 17th, 2021, we offered refunds to any donor who disagrees with the stance we took, but nobody has taken us up on this offer:

If any sponsors or backers disagree with or feel misled by these recent events and would like to request a refund given these highly unusual circumstances, please get in touch with our project admin by emailing [email protected].