The Tide Is Turning
Privacy coverage tends to focus on what’s going wrong — the breaches, the surveillance expansions, the corporate overreach. That’s important, but it paints an incomplete picture. Across technology, law, and culture, meaningful privacy wins are happening right now. Here are five that deserve your attention.
1. Default Encryption Is Becoming the Norm
For years, end-to-end encryption was a feature you had to seek out. In 2026, it’s increasingly the default.
Apple enabled Advanced Data Protection (end-to-end encryption for iCloud backups, photos, notes, and more) as the default for all new accounts starting January 2026. Previously, users had to opt in — and most didn’t. This single change means that hundreds of millions of iCloud accounts are now protected by encryption that even Apple cannot bypass.
RCS messaging between Android and iPhone finally gained end-to-end encryption support through the updated GSMA standard, meaning cross-platform text messages are no longer sent in plaintext. It took far too long, but the era of unencrypted SMS as the default fallback is ending.
Proton Mail crossed 100 million accounts. Tuta passed 20 million. Encrypted email has gone from niche to mainstream.
Why it matters: When encryption is opt-in, adoption is low. When it’s the default, mass surveillance becomes exponentially harder. The infrastructure of privacy is being built into the plumbing of the internet.
2. Data Broker Industry Faces Existential Threats
The shadowy industry of data brokers — companies that buy, aggregate, and sell your personal information — is under unprecedented pressure.
The Consumer Financial Protection Bureau (CFPB) finalized rules in late 2025 classifying data brokers as consumer reporting agencies under the Fair Credit Reporting Act. This subjects them to accuracy requirements, dispute resolution obligations, and limits on who can purchase data and for what purposes. Several major brokers announced they would exit certain market segments rather than comply.
Meanwhile, California’s Delete Act is now operational. The law created a single mechanism for California residents to request deletion of their personal information from all registered data brokers simultaneously. Over 2 million deletion requests were processed in its first three months.
Texas and Oregon passed similar legislation, and the EU’s proposed Data Act includes provisions that would severely restrict data brokerage as a business model.
Why it matters: Data brokers are the hidden backbone of the surveillance economy. They connect your app usage, location data, purchase history, and browsing habits into comprehensive profiles sold to advertisers, insurers, employers, and government agencies. Regulating them out of existence would be one of the most consequential privacy developments in decades.
Take action now: You don’t have to wait for legislation. Our free Data Purge tool lets you opt out of major data brokers yourself — the same process that expensive “privacy services” charge hundreds of dollars for.
3. The Right to Repair Meets the Right to Privacy
The right-to-repair movement has been primarily framed as a consumer and environmental issue. But a quieter dimension is gaining traction: the privacy implications of manufacturer lock-in.
When only the manufacturer can repair your device, they control what data is accessed during service. When only the manufacturer’s software can run on your hardware, they control what telemetry is collected. Oregon’s expanded right-to-repair law, which took effect in 2025, explicitly includes provisions requiring manufacturers to allow users to install alternative firmware and operating systems on devices they own.
This directly enables projects like GrapheneOS (privacy-focused Android) and postmarketOS (Linux on phones). If you can install your own software, you can cut the surveillance cord entirely.
The EU’s Cyber Resilience Act, while primarily focused on security, also includes provisions requiring manufacturers to provide security updates for a minimum of five years — meaning devices remain usable without being forced into newer, more surveillance-heavy ecosystems.
Why it matters: Hardware sovereignty is the foundation of software sovereignty. You can’t truly own your data if you don’t truly own your device.
4. Privacy-Preserving AI Is Emerging
The dominant narrative around AI and privacy has been grim: AI companies hoovering up data, training on user content without consent, and building surveillance tools. But a counter-narrative is developing.
On-device AI processing is accelerating. Apple Intelligence processes most requests locally. Google’s Gemini Nano runs on-device for many tasks. This matters because data that never leaves your device can’t be intercepted, subpoenaed, or used for training.
Federated learning — where AI models are trained across distributed devices without centralizing data — is moving from research papers into production. Google’s Gboard keyboard has used federated learning for years, and the approach is now being adopted for medical research, financial analysis, and other sensitive domains.
Open-source AI models (LLaMA, Mistral, Qwen) that can run entirely on local hardware are becoming capable enough for serious use. Running your own AI means your prompts, documents, and creative work never touch a corporate server.
Why it matters: AI and privacy don’t have to be opponents. The technology exists to build powerful AI tools that respect user privacy. The question is whether the industry chooses to deploy it.
5. Young People Are Choosing Privacy
The most encouraging long-term trend might be demographic. Survey data from 2025-2026 consistently shows that Gen Z and younger millennials are more privacy-conscious than older generations — reversing the “young people don’t care about privacy” narrative that tech companies have relied on for years.
BeReal’s explosive growth was driven partly by its minimal data collection compared to Instagram. Mastodon and the broader Fediverse are growing steadily among younger users disillusioned with algorithmic manipulation. GrapheneOS adoption skews younger. Signal’s fastest-growing demographic is 18-25.
A 2025 Pew Research study found that 72% of Americans aged 18-29 had taken at least one active step to reduce their digital footprint in the past year — compared to 41% of those over 50. The steps ranged from using privacy browsers to deleting social media accounts to choosing encrypted services.
Why it matters: Corporate surveillance depends on user apathy. A generation that defaults to privacy-first choices will reshape the economics of the entire tech industry. Companies that can’t survive without surveillance will either adapt or lose their user base.
Keep Pushing
None of these wins are final. Encryption defaults can be reversed. Regulations can be weakened. Cultural trends can shift. The surveillance industry is enormous, well-funded, and deeply entrenched.
But the trajectory is clear: privacy is winning more battles than it’s losing, and the tools to protect yourself are better and more accessible than ever.
The most important thing you can do is keep choosing privacy with your daily decisions — the browser you use, the messenger you open, the cloud service you trust with your files. These choices, multiplied by millions of people, are what will ultimately determine whether the internet becomes a surveillance machine or a tool for human freedom.
We built I Am NOT The Product to be part of that better trajectory. Swiss-hosted, zero-knowledge encrypted, open-source, and funded by users — not data extraction. If you’re ready to make the switch, we’re ready to help.