Our criteria ensures tool selection in our Privacy Hub prioritises privacy, security, and anonymity while still still being practical. We draw from our experiences, established privacy resources, communities and best practices to align with our goals to build digital resilience in Aussie communities.
Tools must be free (or have robust free tiers), be actively maintained, and evaluated holistically to avoid biases toward proprietary or data-harvesting options.
We update selections frequently based on audits, community feedback, and emerging threats.
Criteria:
- Open-Source Preference: Tools should be open-source for transparency, community scrutiny, and verifiable code, allowing independent modifications and reducing hidden backdoors. Exceptions for closed-source are rare and clearly noted.
- Security and Independent Audits: Tools should demonstrate strong security through regular third-party audits by reputable firms, end-to-end encryption (E2EE) where applicable, and hardening against common threats like tracking, fingerprinting, or breaches.
- Minimal Data Collection and Strong Policies: Tools should have unnecessary data logging, tracking, or sharing with third parties; must adhere to principles like data minimisation, purpose limitation, and user consent. We avoid tools from jurisdictions with weak privacy laws or those tied to ad-driven models.
- No Ads, Trackers, or Invasive Features: Tools should block or avoid ads/trackers by default; no telemetry or unnecessary permissions.
- Usability and Accessibility: Tools should provide user-friendly interfaces with minimal learning curves, cross-platform support (mobile/desktop), and compatibility with common devices/OS. We favour tools that balance privacy with convenience, avoiding overly complex setups unless essential for high-threat models.
- Active Development and Community Support: Tools should have regular updates (within the last 6-12 months), responsive to vulnerabilities, and backed by strong communities (e.g., GitHub activity). We assess longevity, user adoption, and incident history to ensure reliability.
- Australian Relevance and Compliance: Tools must respect AU privacy laws (e.g., Privacy Act 1988), with considerations for local threats like metadata retention. We prioritise options that work well in AU networks and avoid those conflicting with national standards.
