Privacy-protecting tools that have passed their final exam (the government trying to access user data):
- Proton Mail (protonmail.com): In 2021, they were forced to give the date and location a user's account was created on/in, as well as begin logging their IP address. However, they were unable to decrypt the user's emails. https://archive.ph/JSDBB | https://archive.ph/kTXaX
- Mullvad VPN (mullvad.net): Earlier this year, in April, Swedish police showed up at their office trying to collect user data, but walked away after Mullvad's lawyers explained that the company doesn't collect any of the information they were looking for, and therefore a search is illegal under Swedish law. https://archive.ph/XzIyf | https://archive.ph/fh7JQ
- Signal (signal.org): In 2021, the Central District of California issued a subpoena, forcing Signal to give up all the information they had on a specific user. This amounted to their phone number, the date and time their account was created, and the date and time they last connected to the service. https://archive.ph/NRgUy Something similar happened in 2016, and again in November 2021, with similar results. https://archive.ph/JdEwH | https://archive.ph/bnQ60
- Tor (torproject.org): Goes without saying, the government has only successfully deanonymized users once as far as I know, in Operation Torpedo (https://archive.ph/4M3dO) in 2014. However, the vulnerability had already been fixed at the time of the operation (it only worked on a handful of people running old versions of Tor or who downloaded Flash despite all the warnings not to). Additionally, a DuckDuckGo search for "Tor deanonymization" only comes up with people asking if it's possible/been tried, with the occasional old article about a hypothetical attack that doesn't seem to have actually been performed (https://archive.ph/YcACc) (https://archive.ph/K5cla) (there was one more about Windows DRM files, but it seems to have been taken offline the instant I put it in archive.ph, and archive.org breaks when I try to search for it. Weird. https://www.bleepingcomputer.com/news/security/windows-drm-files-used-to-decloak-tor/)