Quick Look • Barlow penned his bold and controversial take on the future of the Internet 30 years ago. • Many of Barlow's predictions about the capabilities of the Internet to remain free have not panned out and unforseen threats have cropped up. • But, it's hard not to feel his central thesis can still be achieved—though perhaps, only if you chose it.

Today marks 30 years since John Perry Barlow—co-founder of the Electronic Frontier Foundation—opened his laptop at the 1996 Economic World Forum in Davos and penned an unforgiving declaration of independence for the Internet.

Now, three decades later, as the Internet has come to dominate our lives and is in a crucial period of transition, it's a good time to reflect on Barlow's early vision of the Internet and how it might guide the Internet's future.

There are, no doubt, many parts of his declaration that simply haven't come true, but I can't help thinking that the spirit of Barlow's message can be achieved—at least for those who might be willing to seize it.

A Declaration of the Independence of Cyberspace by John Perry Barlow, February 8, 1996

Barlow's Declaration

There are a lot of ways to describe Barlow's A Declaration of the Independence of Cyberspace.

Lofty, inspiring, and courageous might come to mind. But so might pompous, blow-hard, specious and grandiloquent.

When Barlow wrote his declaration, the Internet was a very different place. Most homes, if they had computers at all, put them in “computer rooms.” The idea that every individual would have their own computer—let alone multiple—connected to the Internet at all times wasn't yet a thing. Total Internet users were counted in the millions, rather than billions.

Google had not yet been founded, and social media, cryptocurrency, and generative AI were many years away.

Yet, Barlow made bold declarations about the capabilities of cyberspace to flourish, and governments' inability to contain it:

“You have no moral right to rule us nor do you possess any methods of enforcement we have true reason to fear.”

He claims that cyberspace exists without borders and outside jurisdictions:

“Our identities may be distributed across many of your jurisdictions. The only law that all our constituent cultures would generally recognize is the Golden Rule.”

While in spirit, some of these declarations may be true. I think most would disagree with Barlow's claim that governments do not possess “any” methods of enforcing their laws on the Internet, and that because users are distributed around the globe that jurisdictions are rendered meaningless.

Governments around the world have spent the last three decades working to reign in the Internet and enforce laws on its users. In China, the country's Great Firewall heavily regulates the country's domestic Internet. Iran recently disconnected its country from the world's Internet amid widespread protests.

And in the West, the United States and Europe have been on foolhardy campaigns to institute age verification laws, crackdown on VPNs, and backdoor end-to-end encryption on popular messaging services.

The United States has incredible influence to enforce its criminal laws concerning computer crimes well beyond its geographic borders.

Alexandre Cazes of notorious AlphaBay fame was arrested in Thailand, while Kim Dotcom of Megaupload was arrested in New Zealand—both on U.S. warrants. Julian Assange spent seven years in the Ecuadorian Embassy in London to avoid arrest by the U.S. and other western countries, and Edward Snowden fled to Russia in 2013 to avoid prosecution.

Additionally, Barlow's declaration did not predict the considation of the Internet and how that has impacted online freedom.

Over the past 30 years we have seen the giants of the Internet rise and take hold: Google, Meta, Apple, Microsoft, X/Twitter, and Amazon.

They operate as proxy governments online, enforcing terms of service and privacy policies that limit expression and pry into every aspect of our lives.

They have disrupted industries in the real world and online, baited our society and culture with “free” services, and sunk their tentacles into our communications, our jobs, our banking, our health, our entertainment, and even our frontdoors and living rooms.

Digital town squares and convenience have given way to hive-minds and dependence.

But for those who want it...

In re-reading Barlow's declaration today, it's hard not to question whether there remains the kind of freedom online that Barlow describes.

There are threats to Internet freedom on all sides, as society moves into this post-modern era we find ourselves.

Yet, I can't help but agree with Barlow's claim that the Internet is “an act of nature and it grows itself through our collective actions.”

In Iran, as the government shut down access to the Internet, people started setting up Starlink connections to reach the global Internet; people in China have used VPNs and international SIM cards to circumvent the country's firewall for years; and age restriction laws in the United States are easily avoided with a VPN or TOR browser.

The more restrictions that governments attempt, the more they push people toward alternatives.

The same goes for corporations.

Some have sought refuge from Microsoft's unwanted and invasive AI features by moving to Linux. Others have ditched Google for Proton or Tuta. Others still, have left behind centralized social media for the Fediverse. Linux desktop usage topped 5% globally in 2025

An unheeded plea

We have to ask whether Barlow's declaration is really a declaration, or is it more of a plea?

The second sentence of his declaration is a request: “I ask you of the past to leave us alone.”

Unfortunately, I think it's safe to say this plea has not—and will not—be respected. Governments are not going to step away from the Internet and corporations are not going stop maximizing their control and revenue.

Yet, for those who are willing to break free from governments and the centralized control of corporations online, there are still ways to make the best of Barlow's vision a reality:

“We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.”

~ Torman

Verify this post: Source | Signature | PGP Key

#privacy #Internet #policy #InternetFreedom

If you enjoyed reading this or found it informative, please consider subscribing in order to receive posts directly to your inbox:

Also feel free to leave a comment here: Discuss...

Quick Look
• The FBI raid on Washington Post reporter’s home shows uncertainty about biometrics under the Fifth Amendment.
• Hannah Natanson was compelled to unlock a MacBook with her fingerprint.
• Until the law is clarified, use PINs/passwords instead of biometrics.

Recently, the FBI served a search warrant on the home of Washington Post reporter Hannah Natanson.

It's rightfully being decried as yet another disturbing attack by the Trump Administration on America's tradition of free and independent press—a tradition that was dealt yet another blow this week when the Administration arrested four Black journalists in Minnesota, one of whom was former CNN anchor Don Lemon.

While much ink has been spilled about the potential chilling effect the raid on Natanson's home may have, some key details of the search are now coming to light.

Authorities seized several devices from Natanson's home

Authorities compelled Natanson to unlock her device

The warrant used by authorities to search Natanson's home explicitly stated that agents could compel her to unlock her devices using biometrics, such as a fingerprint or face scan, but they could not compel her to reveal any passwords.

Yet, as the search continued, authorities eventually discovered a second computer inside a red backpack in her kitchen.

When agents opened the computer, the lockscreen prompted them to enter a password or use TouchID. The agents then insisted—perhaps against the orders of the search warrant shown above—that she attempt to unlock the device.

The government states that Natanson put her index finger on the scanner, which then unlocked it.

Can you be compelled to unlock your device with biometrics?

This is the exact issue the Decent Project wrote about a little more than two weeks ago.

In our article entitled Should you use biometrics on your phone?, we explored the murky legal landscape over whether law enforcement can compel someone to unlock their device using their fingerprint or face.

Currently, courts are split on the issue. It comes down to whether a court sees the use of biometrics as “testimonial” evidence.

Testimonial evidence is generally anything that requires you to divulge the contents of your mind, i.e. things you know, have seen, or have heard. This kind of evidence has a long tradition of being protected by the Fifth Amendment's privilege against self-incrimination, meaning you cannot be compelled to reveal it.

However, some courts do not think that biometrics are “testimonial” in nature. Instead, they argue a biometric unlock doesn't reveal anything about the content of an individual's thinking or knowledge.

For example, in 2024, the 9th Circuit (in purple above) said in United States v. Payne that biometrics are not afforded the same protections as passwords or PIN numbers:

“While providing law enforcement officers with a combination to a safe or passcode to a phone would require an individual to divulge the 'contents of his own mind,' turning over a key to a safe or a thumb to unlock a phone requires no such mental process.”

We at the Decent Project strongly disagree with this view, and we think Natanson's case is a great example as to why.

What Natanson's fingerprint actually revealed

When Natanson unlocked the MacBook in her kitchen, it revealed several things about her and her relationship to that device.

First, it demonstrated that Natanson knew how to biometrically unlock the device.

This, in our opinion, stands in direct contrast to the 9th Circuit's view that unlocking a device with your finger “requires no ... mental process.”

The government's filing isn't particularly clear on the exact exchange, but when agents “told her to try” to unlock the device and she did so with her index finger, it raises the question: how did she know which finger to use?

Second, her fingerprint demonstrated her control over the computer.

Unlocking a device with your fingerprint is a pretty clear indication that you are the owner of that device, or at least in control of it. If this device is not a shared computer, then it effectively demonstrates that Natanson is responsible for the content found on the device.

It's important to note that Natanson is not a defendant in this case, nor is she a target of the investigation—but in any other context, this kind of evidence could be damning.

Instead, imagine if authorities had found the computer in Natanson's home and it did not have TouchID. Since Natanson cannot be compelled to reveal a PIN or password, what would authorities have to demonstrate that the device is hers?

They could say the device was in her kitchen and that it was found in her backpack, but that's about it.

Takeaway

Not all courts agree with the 9th Circuit when it comes to biometrics. As discussed in our earlier article, the D.C. Circuit Court of Appeals ruled last year that biometrics can be afforded the same protections as other testimonial evidence.

While that's good news, this issue is new and the law is still developing. As such, unless and until there is legal clarity, the Decent Project continues to recommend that individuals do not use biometrics on their devices.

~ Torman

Verify this post: Source | Signature | PGP Key

#privacy #security #OPSEC #FifthAmendment

If you enjoyed reading this or found it informative, please consider subscribing in order to receive posts directly to your inbox:

Also feel free to leave a comment here: Discuss...

There is a saying in cryptocurrency: “not your keys; not your coins.”

In essence, if you don't control the keys to the wallet containing the cryptocurrency—usually a series of random words generated at the time that the wallet is created—then you don't really own the money inside it.

It's the difference between having your money in a bank that actually possesses your cash and lets you access it, or in an impenetrable safe where only you know the combination. If you possess the cash and the safe, you truly own the money.

The same can be said for encryption. Whether you realize it or not, it's likely that many of your devices enable encryption by default. For example, iPhones are encrypted by default and so are most modern Windows machines.

Sounds good, right?

But it presents the same problem as with crypto: who holds the keys?

When your Windows computer is encrypted, it's using Microsoft's BitLocker. The data can be accessed only once you type in your password or PIN, or authenticate with biometrics. However, Microsoft also ensures that a recovery key is created and backed up to your Microsoft account.

It's a convenient solution and provides an avenue of recovery should you ever forget your password or PIN. But it also means that Microsoft has access to that recovery key at any time.

This was evidenced recently when Microsoft gave the FBI the recovery keys to unlock hard drives belonging to suspects in a fraud case.

Notably, Microsoft complies with these kinds of requests from law enforcement multiple times each year:

Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year.

The story isn't much different at Apple, though there are some notable improvements. The company's iCloud services are encrypted by default, but similar to Microsoft, the decryption keys are sent to Apple's servers, giving the company access if needed.

The good news is that Apple has set aside 14 categories that it says it cannot access no matter what, as the keys are only stored on your devices. These categories include your messages, health, passwords, and maps.

Owning your data is a form of digital autonomy

Some might say Microsoft sharing a user's recovery key with law enforcement is not a problem. Generally speaking, the Decent Project agrees.

The Decent Project believes that law enforcement has a job to do and there are laws within which they must operate. When law enforcement has identified a suspect and obtains a lawful warrant to access account information from a company, we do not argue that the company is under an obligation to comply.

Instead, the Decent Project advocates for individuals to minimize their own risks by reducing their attack surface. If Microsoft or Apple do not have access to decryption keys, then there's virtually nothing they can turn over.

To be clear, government officials seeking information via a lawful warrant is the least of our concerns. Instead, we recognize that what is available to the “good guys” is also available to the “bad guys.”

Any decryption key stored by Microsoft or Apple runs the risk of being exploited by rogue employees, hackers, or government officials who are not operating with the bounds of the law.

Are you comfortable them seeing all your photos? Your digital journals? Your notes? Your health records?

The best defense is an offense in which individuals retain control of their data—and most importantly—the keys to it.

Recommendations

Turn on encryption wherever possible

Whether it's your computer or phone, if there are options to encrypt your device your should always do so.

Encrypting your device ensures better security and privacy, but does comes with additionally responsibility.

When encrypting your devices, you should look for options that allow you to control the recovery/decryption keys. With BitLocker, for example, this means declining any options to store the recovery key in your Microsoft account.

Keys should be securely stored and this can be done by using a reputable password manager—another basic privacy and security tool discussed below.

Turn on Apple's Advanced Data Protection

For Apple users, it is a simple procedure that can be done by following this guide.

There are two ways you can ensure recovery, one is by designating a trusted contact who would be able to use their Apple device to unlock your account, or by storing the recovery key yourself.

You'll have to decide which method is best for you, but again, storing your own recovery key is the safest method—just be sure to store it in a manner that ensures it will not get lost, stolen, or compromised.

Use a password manager

It is 2026. If you are not yet, it is time to start using a password manager.

There are a number of free or nearly free options out there that will greatly enhance your privacy and security.

Password managers almost always include password generators to ensure unique and strong passwords for each account. Your credentials can be autofilled so you virtually never have to type in your passwords or copy/paste.

A reputable password manager is an essential tool in an idividual's privacy and security toolkit. Please check out our Resources page where you can find recommendations. (As of the time of this writing, we are still working to put this together but it should be there for those reading this the future).

Many providers also allow you to securely store more than just passwords. You can store passphrases, decryption keys, or files. This makes it extremely easy to take advantage of encryption while not relying on providers like Microsoft and Apple to store your decryption keys.

~ Torman

Verify this post: Source | Signature | PGP Key

#privacy #security #bigtech #encryption

If you enjoyed reading this or found it informative, please consider subscribing in order to recieve posts directly to your inbox:

Also feel free to leave a comment here: Discuss...

There are a lot of positives to using biometrics on your devices. It's hard to deny their convenience and in some ways, avoiding passwords can be a good thing since they can be forgotten or stolen.

But the law doesn't necessarily treat your fingerprint the same as a PIN code or password when it comes to unlocking your device. This means you could be compelled to unlock your phone or computer depending on which unlock method you use.

Testimonial vs. non-testimonial evidence

Whether the government can compel you to unlock your device hinges on whether a court considers your biometric data to be “testimonial” or not.

Testimonial evidence is anything that reveals the contents of your mind, i.e., things you've seen, heard, or know.¹

Importantly, testimonial evidence falls under the Fifth Amendment's protections against self-incrimination. In other words, you cannot be compelled to provide testimonial evidence that may incriminate you.

However, courts distinguish testimonial evidence from non-testimonial evidence, which doesn't call on a person to reveal the “contents of [their] own mind.”² For example, compelled physical actions are not usually considered testimonial.^3. This is why you can be compelled to provide fingerprints during booking, or a bloodtest as part of an investigation.

Courts have illustrated the distinction between testimonial and non-testimonial by comparing an individual who is compelled to produce keys to a lockbox (non-testimonial) against an individual who is compelled to produce a combination to a safe (testimonial).⁴ One is simply handing over a key while the other requires you to divulge something you know.

This disctinction is important because when it comes to your devices courts typically agree that PINs and passcodes are testimonial, while some courts have found that biometrics are non-testimonial.

That might make the difference as to whether you can be compelled to unlock your device.

Circuit Split

Currently, there are different schools of thought on this issue.

Just last year, in United States v. Brown⁵ the D.C. Circuit Court of Appeals found that compelling an individual to unlock their phone with biometrics was testimonial. The court found the act of opening a phone with biometrics—while physical—is testimonial because it “directly announces the owner's access to and control over the phone, as well as his mental knowledge of how to unlock the device.”⁶

It's an interesting take on the testimonial vs. non-testimonial issue.

It illustrates the distinction between physical acts that communicate something and those that don't. Submitting to a fingerprint panel at the police station doesn't reveal anything incriminatory. It's only once those fingerprints are anaylzed that they may incriminate. Whereas, a fingerprint that unlocks a phone essentially authenticates you as its owner.

However, in 2024, the 9th Circuit Court of Appeals in United States v. Payne⁷ found the opposite. It ruled that a fingerprint unlock of a phone is akin to handing over the keys to a safe, rather than divulging its combination.⁸

The court rejected the idea that biometrics are a substitute for PINs or passcodes and should therefore enjoy the same protections.⁹ It also rejected the idea that a biometric unlock is testimonial because it confirms ownership and knowledge of the device's contents. The court said the access is not incriminating by itself, but only provides access to potential source of incriminating information.¹⁰

Should you use biometrics?

Each person has to assess their own threat model. But given the variances in the law and the lack of direct precedent in many circuits, it would seem that the safest approach is to use a PIN or passcode to unlock your device.

Even if you find the Brown case pursuasive or think it would apply, there have already been court decisions that distinguish its finding.

Noteably, P. Diddy cited Brown, among other cases, in his criminal case in New York in order to prevent compelled production of a cell phone. The District Court ruled in favor of the government, in part, because there was no question as to whether the phone was his.¹¹

Essentially, Brown suggests that the testimonial aspect of unlocking the phone is that it communicates control and ownership. But if the government can show that you own and control the device in other ways, then compelling a biometric unlock is not really implicating your Fifth Amendment rights.^12.

Recommendations

The Decent Project recommends you avoid using biometrics on your devices. There is little debate over whether divulging a PIN constitutes testimonial evidence.¹³

We recognizes, though, that typing in a six-digit PIN (yes, please make your PINs at least six digits) every time you want to unlock your phone can be annoying. Given this, you may consider PIN-locking important apps, such as your e-mail, messengers, and password managers.

We also recommend using unique PINs for each of these apps rather than one generic PIN.

Additionally, if you are traveling across an international border, such as returning to the U.S. from a vacation overseas, consider disabling your biometrics temporarily. This way, if you are stopped your device cannot be unlocked simply with a face scan or fingerprint.

~ Torman

Verify this post: Source | Signature | PGP Key

#privacy #security #opsec #FifthAmendment

Subscribe & Comment

If you found this post informative, please subscribe by entering your email below. You'll receive the latest posts from the Decent Project to you inbox.

Do you use biometrics on your phone or devices? Do you think there should be an exception for device biometrics in the testimonial/non-testimonial paradigm? Let us know your thoughts in the comments below! Discuss...

Footnotes

^1. “The touchstone of whether an act of production is testimonial is whether the government compels the individual to use 'the contents of his own mind' to explicitly or implicitly communicate some statement of fact.” United States v. Doe (In re Grand Jury Subpoena Duces Tecum), 670 F.3d 1335, 1345 (11th Cir. 2012).

^2. “[F]orcing the custodian to testify orally as to the whereabouts of nonproduced records requires him to disclose the contents of his own mind. He might be compelled to convict himself out of his own mouth. That is contrary to the spirit and letter of the Fifth Amendment.” Curcio v. United States, 354 U.S. 118, 128 (1957).

^3. “[T]he Fifth Amendment privilege is not triggered where the Government merely compels some physical act, i.e. where the individual is not called upon to make use of the contents of his or her mind.” _In re Grand Jury Subpoena, 670 F.3d at 1345.

^4. “He may in some cases be forced to surrender a key to a strongbox containing incriminating documents, but I do not believe he can be compelled to reveal the combination to his wall safe — by word or deed.” Doe v. United States, 487 U.S. 201, 219, 108 S. Ct. 2341, 2352 (1988) (Justice Stevens dissent).

^5. United States v. Brown, 125 F.4th 1186 (D.C. Cir. 2025).

^6. “Though placing a thumb on a phone may seem akin to submitting to fingerprinting or providing a handwriting exemplar, the act, as performed here, is much closer to responding to a lie detector test or complying with a command to say a password. When Schwartz was ordered to open the cellphone, his act of unlocking the phone represented the thoughts “I know how to open the phone,” “I have control over and access to this phone,” and “the print of this specific finger is the password to this phone.” If Schwartz had instead been compelled to disclose whether he could open the phone, and made to say yes or to verbally disclose the password, those answers unquestionably would be testimonial communications. The compelled opening of the cellphone that occurred here is no different.” United States v. Brown, 125 F.4th 1186, 1202-03 (D.C. Cir. 2025).

^7. United States v. Payne, 99 F.4th 495 (9th Cir. 2024).

^8. “While providing law enforcement officers with a combination to a safe or passcode to a phone would require an individual to divulge the “contents of his own mind,” turning over a key to a safe or a thumb to unlock a phone requires no such mental process.” Payne, 99 at 511.

^9. “[T]he Supreme Court has framed the question around whether a particular action requires a defendant to divulge the contents of his mind, not whether two actions yield the same result.” Payne, 99 at 511.

^10. “The officers were left to identify any incriminating evidence through their own investigation.” Payne, 99 at 511.

^11. United States v. Combs, No. 24-CR-542 (AS), 2025 LX 289072 (S.D.N.Y. Apr. 18, 2025).

^12. But when “'[t]he existence and location of the papers are a foregone conclusion and the [defendant] adds little or nothing to the sum total of the Government's information by conceding that he in fact has the papers,' production does not run afoul of the Fifth Amendment.” Combs, LX 289072 at 2 (quoting Fisher v. United States, 425 U.S. 391, 410-11, 96 S. Ct. 1569, 48 L. Ed. 2d 39 (1976)); “Second, under the 'foregone [1346] conclusion' doctrine, an act of production is not testimonial—even if the act conveys a fact regarding the existence or location, possession, or authenticity of the subpoenaed materials—if the Government can show with 'reasonable particularity' that, at the time it sought to compel the act of production, it already knew of the materials, thereby making any testimonial aspect a 'foregone conclusion.'” In re Grand Jury Subpoena, 670 F.3d at 1345-46.

^13. “[P]roviding law enforcement officers with a combination to a safe or passcode to a phone would require an individual to divulge the “contents of his own mind.” Payne, 99 at 511; “Requiring Doe to use a decryption password is most certainly more akin to requiring the production of a combination because both demand the use of the contents of the mind ... Hence, we conclude that what the Government seeks to compel in this case, the decryption and production of the contents of the hard drives, is testimonial in character.” In re Grand Jury Subpoena, 670 F.3d at 1346.

Disclaimer: I am not a lawyer, and I am not your lawyer. This post is meant to be informative and not to be taken as legal advice. If you are facing a legal issue you should always consult with a licensed attorney who can render legal advice that is specific to your needs.

They show up in U.S. neighborhoods around the country dressed like a paramilitary organization—tactical vests, camouflage, and assault rifles—illegally detaining and arresting U.S. citizens, and scanning the faces of anyone who might criticize or confront them.

And perhaps worst of all, they show up wearing masks or balaclavas, concealing their identity, and refusing to identify themselves when asked.
Since the start of the second Trump Administration—and particularly since the ramp up in operations in Minnesota—there has been a steady stream of disturbing videos showing ICE agents operating more like a shadowy guerilla snatch-and-grab organization rather than a federal immigration enforcement agency required to operate within the bounds of the constitution and laws.

In response, ICE efforts have been met with protests and disruptions. There have also been efforts to track their movements online and unmask ICE agents.

Now, in what is the largest leak of its kind, Ice List has put out a list revealing the identities of some 4,500 ICE and Border Patrol employees.

The leak comes just days after the ICE shooting of Renee Good in Minneapolis by a masked ICE agent, later identified as Jonathan Ross.

Predictably, the Trump Administration has been quick to blame Good and others for any complaints against ICE's operations while ramping up its enforcement actions.

While the Decent Project advocates for privacy rights, it believes those rights belong to the people. Civil liberties belong to the people.

Federal agents should not be roaming American streets in masks and arresting people without cause or in violation of their rights.

Federal agents should not enjoy anonymity when they violate the rights of immigrants and U.S. citizens.

Law enforcement agencies should operate with a presumption of transparency and identification—save for some narrow and well justified exceptions. This is how law enforcement builds trust and credibility with the people they police.

Further, accountability demands, at minimum, the ability to identify offenders.

The Trump Administration will no doubt argue this leak threatens the safety of ICE agents. It will probably try to get the site shut down and the data removed.

We'd argue, however, that the best way to protect federal agents is for leaders to ensure they follow the law and respect the rights of their fellow citizens.

~ Torman

Verify this post: Source | Signature | PGP Key

#ICE #ReneeGood #privacyrights #doxxing

Subscribe and comment

If you found this post interesting or informative, please considering subscribing to the Decent Project by entering your email below!

And if you have thoughts you would like to share, reach Torman on Mastodon @torman@privacysafe.social or post a comment in our discussion here: Discuss...

Thank you for reading!