Reference

Plain-language explanations of the laws, programmes, and methods that turn your device data into government surveillance, wrongful arrests, and frozen bank accounts.

How we work

What our findings mean and how we find them.

What is a contradiction?

The core of everything we do. A manufacturer says one thing. Their product does another. We document

Surveillance and the law

The programmes and laws that give governments access to your data. Every claim here is sourced and documented.

What is PRISM?

The NSA surveillance programme that collects your data from 9 tech companies — without telling you.

What is the CLOUD Act?

US law that lets authorities demand your data from any American company — no matter where in the wor

What is a geofence warrant?

Police draw a circle on a map. Google gives them everyone who was inside it. Including you.

What is the Investigatory Powers Act?

The UK's 'Snoopers' Charter' — bulk surveillance powers that reach any company operating in Britain.

China's National Intelligence Law

Article 7: All organisations and citizens must support, assist, and cooperate with national intellig

Israel's Privacy Landscape

Strict privacy law on paper. The world's largest surveillance technology exporter in practice.

Australia's Assistance and Access Act

The government can secretly compel companies to break their own encryption. The company is legally p

Russia's SORM Surveillance System

Direct FSB access to all telecommunications. No warrant shown to the company. No notification to the

Russia's Data Localisation Law

All personal data on Russian citizens must be stored on servers physically located in Russia — where

China's Data Security Law

The state decides what data is 'important.' Once classified, it can demand access for national secur

UK Online Safety Act

Ofcom can force companies to scan private messages. If they can't break encryption, they must build

Australia's Mandatory Metadata Retention

Your ISP stores 2 years of who you contacted, when, where you were, and how long you talked — access

GDPR — General Data Protection Regulation

The EU's privacy framework gives you real rights over your data. But enforcement depends entirely on

Ireland's Data Protection Commission

Most of Big Tech chose Dublin as their EU base. The regulator responsible for 400M Europeans' data a

Sweden's FRA Law (Signals Intelligence)

All internet traffic crossing Sweden's borders is tapped by military intelligence. If your data rout

Switzerland's Federal Act on Data Protection (nDSG/FADP)

Strong privacy law, banking tradition of secrecy — but the US broke Swiss banking confidentiality in

South Korea's Personal Information Protection Act (PIPA)

One of the world's strictest data protection laws — heavy fines, criminal penalties — but the Nation

Japan's Act on Protection of Personal Information (APPI)

Data protection with EU adequacy and strong business norms — but wiretap law exists and government a

Singapore's Personal Data Protection Act (PDPA)

Data protection for the private sector — but the government exempts itself entirely. Security servic

Canada's PIPEDA

Federal privacy law with real enforcement — but Canada is a Five Eyes member and shares intelligence

Taiwan's Personal Data Protection Act (PDPA)

Data protection modelled on EU principles. No documented mass surveillance programme. Strong rule of

India's Digital Personal Data Protection Act (DPDP)

India's first comprehensive data protection law — passed in 2023, but with sweeping government exemp

New Zealand Privacy Act 2020

Five Eyes member with a Privacy Commissioner who can investigate but not fine. Good principles, weak