The Proton Blog

How to clear your cache on iPhone and free up storage space

Elena Constantinescu — Tue, 05 May 2026 17:16:12 GMT

If your iPhone feels sluggish or you’re dismissing “Storage Almost Full” warnings despite deleting apps, your cache might be part of the problem. Browsers and apps save temporary data to help things load faster, but over time, it accumulates and works against you, causing issues like iPhone slowdowns and app crashes.

iOS doesn’t make it obvious, but we’ll show you where to look and how to clear cache for the biggest offenders, such as your browser and apps like Instagram, TikTok, and YouTube.

Safari cache
Chrome cache
App cache
System cache
Get more space
Frequently asked questions

How to clear Safari cache on iPhone

Go to Settings → Apps.
Find and tap on Safari.
Tap Clear History and Website Data.
Choose All History for a full clear.
Tap Clear History to confirm.

This will clear your browsing history, cookies, and cached files. Your saved passwords and bookmarks will remain. Note that you will be signed out of websites.

How to clear Chrome cache on iPhone

Open the Chrome app.
Tap the three-dot menu ⋮ in the bottom right corner.
Tap Delete browsing data.

Set the Time range to All Time for a full clear.
Select Browsing data and then Cached images and files. You can also include Cookies, site data to clear more data.
Tap Delete data.

Clearing cookies will sign you out of websites.

If you’re using a different browser, like Firefox or Brave, look for options labeled “Privacy,” “Data,” or “Clear Browsing Data” in the app’s settings.

How to clear app cache on iPhone

Apps also store their own cached data on your iPhone. Unlike Safari, there’s no single place in iOS to clear app cache. Some apps let you do it from within their settings, while others require you to delete and reinstall entirely.

How to clear WhatsApp cache on iPhone

WhatsApp doesn’t have a single button to clear all cache, so you have to free up space from each chat separately:

Open WhatsApp.
Go to Settings → Storage and Data.
Tap on Manage storage.
Select a chat to view cached files and delete them.

How to clear TikTok cache on iPhone

Open TikTok.
Go to your profile and tap on the three-line menu icon on the top right.
Tap on Settings and privacy, and select Free up space.
Tap Clear on the cache row.

How to clear Instagram cache on iPhone

Some apps like Instagram don’t have a cache option, but there are alternative solutions:

Open the Settings app.
Go to General → iPhone storage.
Find and tap on Instagram. You can choose from
- Offload App: This removes the app while keeping local data, such as settings and documents.
- Delete App: This removes the app and its local data.

If you’ve deleted the app, you can reinstall Instagram from the App Store and log back in. After offloading, look for the faded Instagram icon on your homescreen and tap on it to reinstall app data.

Offload or delete app to clear cache

For apps without a built-in cache option, you have two choices:

Offload app: Removes the app while keeping local data, such as settings and documents. When you reinstall the app, local data is restored. This doesn’t free up much space but is less disruptive.
Delete app: Removes the app and its local data, so you can use a fresh installation. Your account isn’t affected, and you’ll just need to log back in after reinstalling the app.

How to clear system cache on iPhone

System cache, also known as system data on iPhone, includes caches, logs, and temporary files that your iPhone stores to run smoothly. Unlike browser or app cache, there is no direct way to clear it from within iOS.

A restart does help with clearing temporary memory, though, which can fix minor glitches and reclaim a tiny amount of storage. Here’s how to restart your iPhone:

Press and hold the side button (the power button) and either volume button simultaneously until the power off slider appears.
Drag the slider to turn off your iPhone.
Wait for about 30 seconds.
Press and hold the side button until the Apple logo appears.

If system data is eating up a large chunk of storage, you’ll need to clear your browser cache and app cache. An alternative method is to clear system data by setting your iPhone’s date to the future, though this isn’t an official fix.

Get more space on iPhone with secure cloud storage

Cache builds over time, but so do photos and videos. When media files start accumulating, your iPhone storage fills up quickly. Clearing cache helps free up some space, but it eventually rebuilds. And deleting personal memories just to keep your phone functional shouldn’t be an option.

Backing up your photos to secure cloud storage means you don’t have to make that trade-off. Proton Drive offers a privacy-first approach to storing photos, videos, documents, and other files so you don’t have to worry about running out of space on your iPhone. We’ve made it easy and safe with automatic backups of photos and videos, and file sharing outside of Apple’s ecosystem.

Proton Drive’s end-to-end encryption keeps your files truly private and accessible only to those you choose. With apps for iPhone, iPad, and Mac, your files are always within reach — even if your phone is lost or stolen.

Frequently asked questions about iPhone cache

What is the difference between cache and cookies?

Cache saves pieces of content from websites and apps, so that they load faster when you return. Cookies are browser-specific and store details like your login status and site preferences.

When you clear cache, it means your browser or app has to redownload content to your device, and you might even notice it taking longer to load. Clearing cookies removes your website preferences and signs you out across the web. Most browsers let you clear one without the other.

What is cache on iPhone?

Cache is like a cheat sheet your iPhone keeps for itself. When you visit a website or use an app, bits of content and data get saved locally so that your phone can skip a full download next time. It helps things load and open faster, so you’re not stuck on a loading screen for too long.

The problem is that this cheat sheet grows endlessly. Every site and app adds to it, and iOS does not automatically purge it. This is where the cache becomes an unwieldy storage hog that limits your iPhone’s performance and functionality.

When should you clear cache on iPhone?

You should not clear iPhone cache regularly, but only when storage is getting full or as a troubleshooting step when apps don’t function properly. Doing it too often can make your iPhone load things slowly, as it has to re-download content it would normally pull from storage.

Will clearing cache delete passwords?

No. Your saved passwords live in iCloud Keychain or your password manager; clearing cache will not touch them. However, clearing cookies will sign you out of websites, so make sure your logins are saved to your password manager before you clear them.

How do you clear cookies on iPhone?

You can follow the steps above to clear cache on iPhone, which also includes cookies. To delete cookies without clearing history, go to Settings → Safari → Advanced → Website Data, then tap Remove All Website Data, or swipe left on individual sites to delete specific cookies.

Do iPhone app cleaners work?

iPhone app cleaners can help with some things, like finding duplicate photos, but they can’t actually clear cache from other apps. Apple doesn’t let apps access each other’s data, so a cleaner app has no way to reach the cached files in other apps. If an app claims it can clear your cache for you, take that with a grain of salt.

Proton Mail now supports post-quantum encryption

Anant Vijay Singh — Tue, 05 May 2026 11:55:05 GMT

The quantum era is no longer a distant thought experiment. Quantum computers — advanced computing systems designed to solve complex problems that classical computers cannot — are not yet capable of breaking the encryption that protects email today. But the risk is real enough that security teams, standards bodies, and technology providers are already preparing for what comes next by adopting post-quantum encryption.

Post-quantum protection is now an optional upgrade in Proton Mail, available on all plans including free. Once enabled, Proton Mail can generate and use post-quantum-ready keys for new encrypted emails to protect your personal messages and business communications against today’s threats and a future where current public-key cryptography may no longer be enough.

Enable post-quantum protection now

Don’t use Proton Mail yet? Create a free account.

What’s changing in Proton Mail

Proton Mail has long used OpenPGP with ECC (Elliptic Curve Cryptography) and RSA (Rivest-Shamir-Adleman) keys to protect encrypted email, which remain secure against the computers of today. But large-scale quantum computers could break those schemes using algorithms such as Shor’s algorithm, a quantum computing technique designed to solve the kinds of mathematical problems that make RSA and ECC secure.

To prepare for that future, Proton Mail now supports encryption keys that withstand post-quantum cryptography (PQC). Find out how to enable post-quantum protection in Proton Mail with just a few simple steps.

Enabling PQC helps protect new encrypted emails going forward. It does not retroactively re-encrypt the emails already in your mailbox, for now. As with existing keys, PQC keys can still be managed in familiar ways. You can generate more PQC keys later, and those keys can be marked obsolete or compromised just like RSA or ECC keys.

As part of this work, we are also adding support for OpenPGP v6, the newer framework that enables modern algorithm support, including post-quantum cryptography.

We are also standardizing quantum-safe encrypted email across the open email ecosystem, including with projects such as Thunderbird, so these protections can work between providers — not just within Proton — and help people stay safe no matter which email service they use.

Why prepare now for post-quantum attacks?

The quantum era may not be here yet, but an attacker can collect encrypted data today and keep it for the future, hoping to decrypt it once quantum capabilities improve and proliferate. That is one reason the migration has already started across the industry, even before practical quantum attacks exist.

The most important security transitions usually start before the wider public is paying attention. By the time they become obvious to everyone, the organizations that waited are already behind.

With post-quantum cryptography support in Proton Mail, we are taking a proactive step to help protect encrypted email against the threats of tomorrow, without compromising the privacy guarantees that matter today.

Enable post-quantum protection now

Don’t use Proton Mail yet? Create a free account.

A practical password policy template for organizations

Kate Menzies — Tue, 28 Apr 2026 10:48:59 GMT

Your organization can no longer afford to leave password security up to individual team members. Despite their best intentions, humans default to convenient but risky habits, such as saving credentials in browsers, spreadsheets, or sticky notes.

A strong password policy establishes a clear, enforceable standard for how passwords are created, stored, shared, reviewed, and protected across your organization. A modern policy reduces credential-based risk, supports compliance, and brings consistency to access security across systems, teams, and workflows.

This isn’t something businesses can afford to ignore. Verizon’s 2025 Data Breach Investigations Report found that credential abuse accounted for 22% of leading initial attack vectors in confirmed breaches. The cost of poor credential security also surfaces in operational disruption, regulatory exposure, reputational damage, and the prolonged downtime that follows when teams scramble to recover lost or compromised access.

In addition to creating a password policy, your organization needs systems and tools that make secure habits easy to adopt. Rules are not enough to ensure operational security because, where friction exists, even well-intentioned professionals will take shortcuts. The goal is to make password hygiene the path of least resistance.

The password policy template below can help your business stay grounded in current best practices and NIST-aligned guidance. You can adapt it into an internal policy, security handbook, or governance control for organizations that need something more practical than general advice.

Password policy template (sample)

Section	Policy requirement (example language)	Implementation notes
Scope	This policy applies to all employees, contractors, vendors, and third parties who access company systems or data using password-based authentication. It covers all systems, including SaaS platforms, cloud services, internal tools, endpoints, and administrative environments.	Ensure no systems or user groups fall outside scope. Include vendors and shared environments.
User responsibilities	All users must create, store, and manage passwords in accordance with this policy. Users must not share credentials, reuse passwords, or store them in unapproved locations. Suspected credential compromise must be reported immediately.	Include in onboarding and security training.
Management responsibilities	Managers must ensure timely communication of onboarding, role changes, and offboarding to enable proper access control and credential updates.	Tie into HR workflows.
IT and security responsibilities	IT and security teams are responsible for enforcing this policy, approving password management tools, monitoring compliance, and responding to credential-related incidents.	Assign clear ownership internally.
Password length	Passwords must meet the following minimum lengths: 15 characters (standard accounts), 16 characters (privileged accounts), and 20 characters (shared or service accounts where feasible).	Systems should support long passwords (ideally up to 64 characters.)
Password creation	Passwords must be randomly generated using the organisation’s approved business password manager. User-created passwords based on patterns, personal data, or predictable structures are not permitted.	Proton Pass for Business can automate the creation of strong, random passwords.
Password uniqueness	Passwords must be unique for every account, system, and service. Reuse across work systems, personal accounts, or client environments is strictly prohibited.	Enforce through tooling and training, not just memory.
Password strength testing	Passwords must not be weak, reused, or previously exposed in known data breaches.	Use systems that support breached password detection where possible.
Prohibited practices	The following are prohibited: password reuse; use of personal or company-related terms; predictable patterns; storing passwords in plain text; sharing credentials via email, chat, or notes.	Keep this section explicit to remove ambiguity.
Multi-factor authentication (MFA)	MFA must be enabled on all systems that support it, particularly for email, identity providers, remote access, financial systems, HR platforms, and administrative accounts.	Prioritize high-risk systems first.
Password storage	All credentials must be stored only in the organisation’s approved password manager. Storage in browsers or local tools is not permitted unless centrally managed and approved.	Proton Pass for Business provides encrypted vaults with controlled access.
Prohibited storage methods	Passwords must not be stored in spreadsheets, documents, email drafts, ticketing systems, shared drives, or personal notes.	Audit for these regularly as they’re very common.
Password sharing	Passwords must not be shared through informal channels. Where sharing is required, it must occur through approved secure systems that support access control, auditing, and revocation.	Proton Pass for Business enables secure credential sharing without exposing the password itself.
Shared accounts	Shared or service account credentials must have a designated owner, limited access, secure storage, and regular review. Credentials must be rotated when personnel changes occur or compromise is suspected.	Prefer individual accounts where possible.
Training and awareness	All users must complete password and credential security training at onboarding and periodically thereafter. Training must include password management, MFA use, phishing awareness, and incident reporting.	Keep training practical and up-to-date.
Incident response	Any suspected or confirmed credential compromise must be reported immediately. Affected credentials must be reset, sessions revoked, and access reviewed. Incidents must be documented.	Response speed matters more than perfection.
Reporting requirements	Users must report suspected credential exposure through the designated reporting channel. No disciplinary action will result from good-faith reporting.	Encourages early reporting.
Monitoring and logging	Authentication activity must be logged where feasible, including login attempts, credential changes, and privileged access. Logs should be reviewed periodically for anomalies.	Focus on high-risk systems first.
Offboarding and access revocation	Upon role change or termination, access must be removed immediately. Shared credentials must be reviewed and rotated where necessary.	Essential, as this is one of the most common failure points for organizations.
Compliance alignment	This policy supports organizational compliance with recognised frameworks such as NIST and ISO 27001 access control requirements.	Useful for audits and governance.
Enforcement	Failure to comply with this policy may result in retraining, access restrictions, or disciplinary action depending on severity.	Apply consistently.
Review cycle	This policy must be reviewed at least annually or following significant changes in systems, risks, or regulatory requirements.	Assign an owner for updates.

What is a password policy? Definition, purpose and objectives

A password policy is a formal set of rules that defines how credentials are created, managed, stored, and protected across an organization’s systems.

The concept of a password policy sounds simple but the impact is broad. It’s much more than just mandating the use of a business password manager for business credentials. In modern organizations, password policies serve as the foundation of identity security.

Without a consistent policy governing how credentials are handled across systems, password practices tend to become fragmented, and organizations gradually lose visibility over how access is actually being managed.

The purpose of a strong password policy

A well-defined password policy addresses security gaps by setting clear expectations for how credentials should be handled across your organization. It establishes consistent standards for password creation, storage, sharing, and lifecycle management.

Password policies also play an important role in governance and compliance. Security frameworks such as the NIST Digital Identity Guidelines and standards like ISO 27001 emphasize the importance of strong authentication practices as part of modern access control.

Organizations that handle sensitive data, particularly personal information, financial records, or proprietary business information, are increasingly expected to demonstrate that access to those systems is governed by documented security controls.

With a password policy, your organization defines the minimum requirements for creating, storing, sharing, and managing passwords used to access company systems, services, devices, applications, and data.

What should a password policy do?

A password policy document is intended to:

Reduce password-related security incidents
Prevent password reuse and insecure storage practices
Require secure password creation and management practices
Support secure access across employees, vendors, and systems
Strengthen audit readiness and access governance
Define response procedures for compromised credentials

Together, these objectives help ensure that password security is treated as an operational standard rather than an informal expectation.

Password policy: scope, roles, and responsibilities

A strong password policy should make two things explicit. First, it should clearly define which users, systems, and data must adhere to the policy.

Second, it should clarify who is responsible for following, implementing, and maintaining those standards across your organization.

Define the scope of your password policy

In modern organizations, access is rarely limited to full-time employees on internal networks. Contractors, vendors, and service providers may all require access to corporate systems, so the policy should extend to everyone interacting with company systems or data through password-based authentication.

It should also apply across the entire technology environment, including:

Cloud platforms
SaaS tools
Internal systems
Development environments
Administrative consoles
Shared operational accounts

This is important because attackers rarely distinguish between primary and secondary systems when looking for entry points.

Define roles and responsibilities within your password policy

Without clear ownership, password management becomes fragmented. Employees assume IT handles security automatically, while IT assumes users follow best practices independently. Effective credential security requires coordination across your organization.

While employees and contractors maintain password security in their day-to-day interactions with systems, managers oversee access governance during onboarding, role changes, and offboarding. IT and security teams will be responsible for implementing technical controls and monitoring compliance. System owners will also ensure standards are enforced within the applications and environments they manage.

Password policy guidelines on minimum password length and entropy requirements

Password length is one of the most important factors in determining the strength of a credential. Longer passwords dramatically increase the number of possible combinations an attacker would need to test during a brute-force attack.

In fact, NIST recommends prioritizing password length over strict composition rules. Rather than forcing users to include specific combinations of symbols, numbers, and uppercase letters, modern policies focus on ensuring passwords are sufficiently long and screened against known compromised credentials.

Accordingly, organizations should also ensure that their systems support longer, more complex passwords wherever technically feasible. Doing so allows security teams to adopt stronger credential standards over time and ensures your organization is prepared to meet evolving security requirements in the future.

A strong password should meet or exceed these key requirements:

Sufficient length to resist brute-force and automated cracking attempts
Unique to a single account or service, preventing credential reuse across systems
Difficult to guess, avoiding personal information, company references, or predictable patterns
Random or highly unpredictable, ideally generated by an approved password manager
Not previously exposed in known data breaches or present in common password lists

Note that passwords based on names, birthdays, company terms, or simple keyboard patterns can often be cracked quickly using automated password-cracking tools, regardless of length. See our detailed guide on strong password requirements for individuals and businesses alike.

Password randomness and complexity

Modern security frameworks recommend generating passwords randomly rather than asking users to invent them manually. Random passwords generated by approved password management tools provide significantly stronger protection because they avoid predictable patterns and can be created at lengths that are impractical to remember.

For example, you can use the secure password generator and secure credential management practices built into Proton Pass. Together, these tools help generate strong, unpredictable passwords while addressing common challenges around password storage, sharing, and lifecycle management.

The following minimum requirements can be included in a password policy to discourage weak or reused passwords:

Standard user account passwords must be at least 15 characters long.
Privileged or administrator account passwords must be at least 16 characters long.
Shared or service account credentials should be at least 20 characters long where technically feasible.
Systems should support passwords of at least 64 characters where possible.
Long passphrases may be used where supported and appropriate.
Passwords must meet the organization’s approved strength and screening requirements before use.

Use of unique passwords per system or service

Password reuse is one of the most common causes of credential-based security incidents. When the same password is used across multiple services, a single breach can expose access to several systems at once.

Attackers routinely exploit this behavior using a technique known as credential stuffing, where stolen usernames and passwords from one service are automatically tested across other platforms.

For this reason, uniqueness is a non-negotiable requirement. Each account, service, and system should have its own password that is never reused elsewhere.

Managing dozens or hundreds of unique passwords would be unrealistic without the support of secure password management tools. Enterprise password management tools make this requirement practical by generating strong passwords automatically and storing them securely, allowing employees to maintain unique credentials without relying on memory.

Multi-factor authentication (MFA) requirements

Multi-factor authentication (MFA) is one of the most effective ways to reduce the risk of unauthorized access, particularly in environments where credentials may be exposed through phishing, malware, or external data breaches.

MFA works by requiring users to verify their identity through at least two independent factors before gaining access to an account. These include:

Something the user knows (a password)
Something they have (such as a security key, authentication app, or mobile device)
Something they are (biometric authentication such as fingerprint or facial recognition).

Because attackers rarely have access to all of these factors simultaneously, MFA significantly reduces the likelihood that stolen credentials alone can be used to compromise an account.

Guidelines from organizations such as NIST and CISA strongly encourage the use of multi-factor authentication wherever password-based access is used, particularly for systems that contain sensitive data or provide administrative privileges.

Baking MFA into your password policy

Your organization can further strengthen MFA adoption by using tools that make two-factor authentication easier to deploy and manage across accounts. For instance, Proton Pass can store and autofill time-based one-time passwords (TOTP) alongside saved credentials, simplifying login workflows while keeping authentication data encrypted.

For organizations that prefer to separate authentication factors, Proton also offers a dedicated Proton Authenticator app, which generates secure six-digit verification codes and can sync them across devices using end-to-end encryption. The authenticator works offline and is open source, allowing organizations to implement MFA across business accounts while maintaining transparency and strong privacy protections

Secure password sharing practices

Although many security guidelines advise against sharing passwords altogether, real-world business environments still require it. Service accounts, vendor access, and emergency procedures may occasionally require multiple authorized users to access the same credentials.

When sharing occurs informally, such as through email, chat, or verbal communication, credentials become exposed and difficult to control. Once shared through these channels, there is typically no reliable way to track who has access or revoke it later.

Password policies should therefore define how and when sharing is permitted. In most organizations, it should only occur through approved credential management tools that provide access controls, auditing, and the ability to revoke access when necessary.

Offboarding and access revocation procedures

When employees change roles, leave the organization, or vendor relationships end, access must be reviewed and adjusted promptly. Failure to revoke credentials in a timely manner is one of the most common sources of unauthorized access.

A strong password policy should integrate with onboarding and offboarding processes, ensuring that access privileges are updated immediately to reflect role changes or departures, including disabling accounts, rotating shared credentials, and revoking unnecessary system access.

If multiple individuals had access to a shared service account, the password should be rotated as soon as personnel changes occur to prevent former employees or contractors from retaining access after their accounts have been disabled.

Bridge the gap between password policy and human habits

Password policies are only effective if people follow them.

In most organizations, failures don’t happen because policies are missing; they happen because the policies aren’t embedded into everyday workflows. Employees take shortcuts when processes are unclear, tools are inadequate, or expectations are not reinforced.When implemented properly (and in combination with a business password manager), a strong password policy replaces informal habits with consistent controls, reduces credential-related risk, and makes secure access management part of everyday operations, not merely an afterthought.

Google has a price for you. We found it.

Edward Komenda — Tue, 28 Apr 2026 09:58:06 GMT

Proton analyzed over 54,000 demographic profiles using 2025 ad auction data to estimate what advertisers pay to reach different types of Americans. The range is much wider than you might expect.

The average American generates about $1,605 a year in advertising value. A 35- to 44-year-old man in Bozeman, MT, without children, using a desktop and making high-value corporate searches, generates an estimated $17,929.30. An 18- to 24-year-old father in Fort Smith, AR, using an Android phone and making low-value searches, generates $31.05.

That’s a 577x difference between two people using the same free service.

Here’s a look at how we assembled our latest report: The Price of Free Google.

How we built this

We constructed a matrix of over 54,000 profiles varying four variables: age, gender, location, and device type. To each profile, we assigned what we call “search archetypes” — realistic search behavior based on life stage. A 30-something without children is statistically more likely to search for investment accounts and B2B software. A 60-something is more likely to query Medicare supplements and retirement planning. We modeled these behavioral patterns across each demographic group rather than applying a flat search assumption.

We then applied real advertising auction benchmarks to each archetype. The cost-per-click figures reflect live market rates drawn from aggregated, anonymized pricing data across active campaigns — what advertisers actually pay to reach these demographics in Google’s auction system.

One caveat: this analysis estimates advertiser demand for access to a given profile. It does not reflect the exact revenue Google receives from any individual user. What the model reveals is the ceiling, the maximum price the market places on your attention.

The key numbers

$1,605: average annual ad value of a U.S. user
$760: median annual ad value
$17,929.30: maximum estimated annual value (35–44-year-old man, Bozeman, MT, desktop, high-value corporate searches)
$31.05: minimum estimated annual value (18–24-year-old father, Fort Smith, AR, Android, low-value searches)
The top 10% of profiles: heavy desktop users — generate 43% of all advertiser value
Over a decade, the average American represents roughly $16,050 in ad value; the most monetized profiles approach $180,000

The gap between mean ($1,605) and median ($760) shows how a small number of high-value profiles pull the average up. The business model runs on premium outliers.

What exactly determines your value to Google?

Children

Non-parents are worth approximately 17% more on average, with the gap widening during peak earning years. Once a profile is flagged as a parent, it gets shifted from $6-per-click wealth management ads to $2-per-click ads for minivans and preschools. The highest-value profiles in the dataset are not defined by a single trait, but by a combination of signals pointing to spending power and commercial intent — and none of them are parents.

Device

A desktop user is worth 4.9x more than the same person on Android. An iPhone user is worth 2.7x more than on Android. Advertisers treat device type as a proxy for income and purchase intent. Desktop signals professional context and transaction readiness. iPhone signals premium consumer spending. Android signals lower expected conversion. The same person carries a different price depending solely on what they’re searching on.

Age

Advertiser value peaks between 35 and 44. By 65, average value drops to $511. Older Americans don’t disappear from the ecosystem — they’re reassigned to a narrower set of high-spend categories: Medicare supplemental insurance, pharmaceuticals, and financial products targeting dependency. Lower general value, more aggressive targeting from a smaller slice of advertisers.

The geography of value

Ad value is partly set by zip code. Google’s auction is driven by local service providers — lawyers, real estate agents, financial planners — bidding against each other for local clicks. The more competitive the local market, the higher the floor price for everyone in it.

The two highest-value individual profiles in the dataset both come from the top of the market list: Bozeman, MT and Edmond, OK. In Bozeman, the influx of remote tech workers and outdoor recreation spending has made it one of the most fiercely contested local ad markets in the country, despite its size. Edmond’s density of high-CPC professional services makes it the top-ranked market overall.

At the bottom, cities across the Rust Belt and Appalachia reflect the inverse: lower median incomes and fewer competing local advertisers mean less bidding pressure, and lower prices for local attention.

Top 10 most valuable U.S. ad markets

Edmond, OK
Bozeman, MT
Naperville, IL
Santa Fe, NM
Durham, NC
Bellevue, WA
Silver Spring, MD
Baton Rouge, LA
Washington, DC
Colorado Springs, CO

Top 10 least valuable U.S. ad markets

West Valley City, UT
Lowell, MA
Fort Smith, AR
Gulfport, MS
Greensboro, NC
Evansville, IN
Buffalo, NY
Toledo, OH
Wheeling, WV
Parkersburg, WV

Why lock-in has a price

Over 10 years, the average American represents roughly $16,050 in ad value. The most monetized profiles approach $180,000. With 1.8 billion active Gmail users, the long-term value of keeping users in the ecosystem is enormous, and it scales with every additional year of behavioral data.

Every cross-product integration, every friction point on data export, every feature built to increase daily engagement is backed by this math.

Google’s advertising mechanics have always been deliberately opaque. The data shows why: users are considered money-generating assets, assigned a value and targeted accordingly. Every feature built to increase engagement, every product designed to deepen lock-in, serves that extraction.

Most people would not knowingly hand a corporation hundreds of thousands of dollars over a lifetime to process their email. But that is what the system is built to collect.

Children and the ad ecosystem

The ad ecosystem begins categorizing users when behavioral signals appear. For children growing up online, that process starts early — first school searches, first health queries, first location data feed the profiling system before most kids understand how it works.

Proton Mail’s Born Private lets parents opt a child into an end-to-end encrypted environment from the start, keeping their data out of the auction entirely.

No data, no auction

The alternative is clear: use services that have no financial incentive to monitor you.

Proton Mail and Proton Drive encrypt data before it reaches the server. We cannot scan emails, build a profile, or sell access to your attention. Funded by subscriptions rather than behavioral tracking, Proton has no use for the data that makes you worth $17,000 a year to an advertiser.

Take away the data, and the auction collapses.

Proton 2026 spring and summer roadmaps

Andy Yen — Fri, 24 Apr 2026 15:46:23 GMT

Privacy-focused alternatives to Big Tech services have never been more important. In the last year, we’ve significantly built out the Proton ecosystem with more essential tools, including a private AI chat assistant, 2FA app, and encrypted spreadsheets, along with new features for our existing products. Our new private video calling platform and appointment scheduling tool are also now available in a new Workspace plan, a privacy-first suite for business users.

We aim to accelerate this pace of development in 2026, focusing heavily on improvements to our existing services. Our product roadmap for the first half of 2026 includes new features and improvements throughout the Proton ecosystem.

As always, our development strategy is rooted in the feedback you give us through our user feedback platform, on social media, and directly to our team. Because Proton is 100% community supported, your input is critical, so please continue to share your thoughts with us.

Proton Mail

Your mailbox will be getting new updates that make it easier to manage and organize your emails.

Find what you need with category view

To help you take control of your inbox, our new category view automatically categorizes your emails to make it easier to find what you’re looking for. You can choose to categorize by different types: Primary, Social, Promotions, Newsletters, Transactions, and Updates. Categories are enabled by default, but you can turn them on or off in your settings and control notifications, so your inbox stays organized without extra setup.

Manage all your email inboxes from Proton Mail

Working from one inbox makes it much easier to handle emails. To support people who have multiple inboxes with other providers and are in the process of switching to Proton, we’re evolving our Forwarding feature. Soon, you’ll be able to send and receive emails from your existing Gmail email address directly from your new Proton Mail inbox.

While you settle into your Proton Mail account and your old Gmail account is still active, you’ll be able to reply to and send emails from your new Proton Mail inbox without needing to visit your previous provider. Support for more email providers is coming soon.

Content search is coming to mobile

Your Proton Mail mobile app is about to become more powerful: Content searching will help you find emails on your mobile app by searching their full body text as well as their subject lines. This enhanced search capability helps you find things faster without changing how search works from a privacy perspective: Your queries stay on your device, keeping your communications, receipts, attachments, and other data completely confidential.

Proton Calendar

Your next-gen calendar with new features

Proton Calendar is being completely rewritten from scratch to deliver a modern, secure experience that includes long-awaited capabilities like offline mode. We’ll be working on this all year, but we’re already rolling out immediate improvements like appointment booking pages and the ability to set Proton Calendar as your default calendar on Android.

Proton VPN

Between online censorship and concerns around age verification systems collecting personal data, VPNs have never been so important. Protecting your privacy should be easy and accessible to all, which is why we’re focusing on making Proton VPN faster, more reliable, and more consistent across platforms.

Unlocking the next generation of performance

As we mentioned in our fall and winter recap in 2025, we’ve been working on a new client-side WireGuard® codebase. This new codebase means a more reliable and censorship-resistant Proton VPN: Your Proton VPN apps will be faster and more reliable, with improved anti-censorship capabilities, and fewer disconnects and dropouts. Beta testing will be available in the coming months for Windows, Android, macOS, iOS, iPadOS, and Linux.

A sleeker and more private Proton VPN Linux app

We’re planning to make the user experience smoother when you’re using Proton VPN between devices or platforms. Our team is currently working on visual updates for the Linux GUI app that will give you a more consistent experience between apps on different platforms. The modern, sleek UI you know for other platforms will soon be available for Linux. These improvements are coming alongside long-awaited support for the Stealth protocol as part of the new WireGuard codebase. By helping mask VPN traffic, Stealth will make Proton VPN on Linux more private, harder to detect, and better equipped to work on networks that try to restrict or block VPN use.

Stay connected, your way

Last year, we introduced improved connection preferences that allowed you to exclude specific countries and cities from Fastest Country and Random connections permanently for Android. You can set your preferences once, and then your VPN will always pick from locations that actually work for you. Soon, we’re making the same connection preferences available for Windows.

Proton Pass

Keeping your digital identity safe and organized requires a versatile and convenient password manager. That means more storage options and robust autofill capabilities, and new ways to organize and share sensitive information.

Even smarter autofill

Last year, autofill in Proton Pass became more useful with quality of life updates including credit card autofill, auto-type, and HTTP Basic Auth. In the first half of 2026, more improvements are coming for autofill.

iFrame autofill will help your Proton Pass app detect login fields on websites with more complicated layouts, such as online banking or enterprise tools. URL matching, one of our most requested features, will allow Proton Pass to suggest information for the exact website you’re visiting so you won’t need to search for it.

Easier organizing with folders

We’ve been working on the cryptography model that protects your credentials in Proton Pass, which is a prerequisite to offering folders within your vaults. Soon, you’ll be able to sort your items within custom folders, opening up new possibilities for organizing and secure sharing. Your passwords, your notes, your aliases, and more can be organized into categories of your choosing for easier and faster retrieval.

Put your SSH keys to work across devices

Working between multiple devices can be complex when you’re a developer. You can already store your SSH keys in Proton Pass, and soon you’ll be able to use them with an SSH agent to simplify authentication in your Git and SSH workflows. No more manual syncing when you switch devices, plus added security and convenience with biometric unlock for terminal-based authentication.

Read Proton Pass’s spring and summer roadmap

Proton Drive

Ease of use and core functionality are our key focuses for Proton Drive this spring and summer. We’ll be making improvements to Proton Drive that’ll help you upload and download files and photos faster, and work more easily across multiple Proton apps for increased productivity.

Proton Drive is 70% faster and it’s just getting started

Earlier this year, we gave you a progress update about Proton Drive SDK. This project will give you faster and better Proton Drive apps, no matter which platform you’re using.

Since January, you may have noticed that uploading and downloading files and photos on Proton Drive has become significantly faster. Thanks to the progress in building our SDK, downloading shared files is 70% faster and uploading to a shared folder is 30% faster whether you have a Proton Account or not.

In the coming months, we’ll improve performance further and make features more consistent across all of the Proton Drive apps. We’ll be able to add document and folder sync on macOS, which we know many people are eager for. We’re also working on the highly anticipated Linux app.

Proton Sheets and Proton Docs improvements are in the works

For Proton Docs and Proton Sheets, our focus is on building out their feature and collaboration set, so you can move more of your existing files and workflows out of Big Tech apps.

Since we released Sheets in late 2025, we’ve consistently been making updates and releasing new features. We’ll continue to focus on making improvements to Sheets that give you more power over how you create and manage your spreadsheets.

For Proton Docs, we’ll focus on usability and collaboration features. These updates are essential because they make it easier for you to get work done, whether it’s a solo project or a group effort. Soon you’ll be able to create a table of contents for your Proton Docs, and more updates are coming soon. This will also include shared Drive, one secure, shared storage space giving improved collaboration capabilities to families and businesses.

Enhanced ecosystem integration

We understand that as you move toward privacy-focused apps, you’re moving away from an existing, fully integrated Big Tech ecosystem. To make the transition easier for you, we’re focusing on building our own integrated ecosystem. To make working between different Proton apps more fluid, we’re investigating how we can build closer integration between our tools for faster workflows. We’ll be introducing new integration features in the coming months.

Read Proton Drive’s Q1 recap

Lumo AI

AI assistants shouldn’t advertise products to you, collect your data, or share it with third parties and governments. But those are precisely the risks presented by Big Tech AIs. We developed Lumo last year to provide people and businesses with a private alternative that never trains AI models using your data. Since introducing Lumo, we’re building out tools that make it smarter and better at helping you or your team save time.

A new Lumo update, coming soon

We’re planning to release an update for Lumo that will introduce significant new capabilities. Right now, we’re working on faster speed and performance, and improved mobile apps and additional new features: Watch this space.

Get more done with a desktop Lumo app

Lumo is available on any web browser and mobile device, but we’re developing a desktop app to supercharge your productivity. Lumo for desktop will give you a seamless experience, allowing you to move quickly between your native work tools: email, web, chat apps, and your personal AI assistant. It can be a hub for everything you’re working on, where you can store all your projects and conversations in one encrypted place, and get more context-aware answers for your queries.

A private AI assistant for your platform

For most organizations, building a private AI tool isn’t a feasible. So we’re releasing a Lumo API that will let you add Lumo to your product or software, no matter the size of your platform.

Lumo API offers what Big Tech AI chatbots don’t: a private and secure AI assistant that gives you the benefits of AI without the privacy concerns. Instead of compromising on security, you can build Lumo into your workflows for fully private and trustworthy AI support. With the API, you can also make it easier to use Lumo within other platforms, helping you work smarter and faster.

Moving beyond Big Tech with you, our community

Everything we’ve released in the last year, including our new products and every new feature for our core services, has been possible because of your support. As an independent, European alternative to Big Tech, we see building a private ecosystem of apps as a reclamation of our rights to privacy on the internet and a reminder that there’s a better way to build tech: for people, not profit.

Your investment in our mission is what helps us make better products. Feedback is invaluable to our teams, so let us know in our forums and on Discord, X, Bluesky, Facebook, LinkedIn, Threads, Telegram, Reddit, and UserVoice, or leave us a review in the App Store or Play Store. Thank you for helping us build a more private internet, and we’ll see you in the fall for our next roadmap updates.

Proton Pass spring and summer 2026 roadmap

Son Nguyen Kim — Fri, 24 Apr 2026 15:39:36 GMT

Proton Pass is an essential tool for managing credentials and protecting your identity, but it has become much more than that. Now you can use it even for specialized purposes, whether that’s segmenting access to information among teams or managing developer workflows.

This year, we’re continuing to expand the ways you can use Proton Pass, for teams, individuals, and families.

Our latest updates and upcoming features focus on improving usability, adding more control and flexibility to sharing, enhancing the autofill experience, and providing new tools for developers. Proton Pass is becoming more capable and convenient, all without raising prices or compromising on our values of privacy and transparency.

What we launched in fall and winter 2025

We know that everyone uses Proton Pass differently. For it to be as useful to as many people as possible, we focused on a few core areas last year.

Improved usability and more convenience

When you’re using Proton Pass, the app should help you get your admin done and make your tasks easier. That’s why we focused on improving usability and convenience.

We introduced improvements for autofill, including credit card autofill, auto-type, and HTTP Basic Auth to handle non-standard login dialogs. Right-click menu and offline mode also gave you more options to tailor Proton Pass for your specific needs.

Enhanced security for your browser extension

As a privacy-first business, our tools have to give our users the best protection possible for their sensitive data. We made Pass Monitor accessible through your Proton Pass browser extension so that it’s easier to spot and change your weak and reused passwords and get notifications if you’re affected by a data breach.

Additional privacy updates included the ability to choose a set period of time after which copied passwords are cleared from your clipboard, and being able to create and use passkeys in Safari with the Proton Pass extension.

Secure secret management for developers

To make it a more capable solution for developers who are managing software development, we introduced Proton Pass CLI which enables engineers to access secrets via the terminal.

Personal Access Tokens (PATs) are now supported in the Proton Pass CLI. PATs provide precise control over the secrets that scripts or AI agents have access to within the CLI. You can manage access more easily by granting scoped access to specific vaults to third-party applications or scripts, making Proton Pass a natural fit for managing secrets across your automation and tooling.

Greater access control for teams

Organizations rely on Proton Pass for a lot more than password management, including access management and enforcing security policies for tens, hundreds, or even thousands of users. We focused on making access management easier and faster for admins, while also providing more granular control over security policies.

Groups now make it easier to organize team members or projects, defining access controls at scale. You can share access to vaults and items at the group level rather than the individual level for faster and easier sharing without compromising on security. This simplifies sharing and access management for admins, who can also choose group owners within their organization. Admins can also create policies to ensure that email aliases and secure links are used responsibly and in line with your business’s security policies.

What’s coming this spring and summer

Our focus for the first half of 2026 is to make continual improvements to our core offerings, improving the flexibility and convenience that Proton Pass can offer you. We’re also committed to introducing new features:

Organize your data your way with folders

Folders will be a significant building block for Proton Pass that will go beyond just helping you organize your items. Introducing folders will require some rethinking of our cryptography model, which we’re currently working on. Eventually, you’ll also be able to share folders and subfolders just like your vaults and individual items, giving you another flexible way to share access.

Folders will be available in the coming months. As well as creating vaults, you’ll be able to create dedicated folders and subfolders to organize crucial information for quick retrieval: you can organize by project, by team, by year, or whatever else you need.

Simplify SSH workflows with the SSH agent

The default SSH agent built into your OS isn’t built for convenience and flexibility, so we’re launching an SSH agent that will let you work with the SSH keys stored in your vaults while keeping them automatically in sync wherever you work. You can already keep your SSH keys in Proton Pass, and with the SSH agent, you’ll be able to use them for your Git and SSH workflows, simplifying authentication and making it easier to work across several computers.

Keeping your SSH keys in Proton Pass lets you use them on multiple devices without needing to manually sync them, saving time and effort as you work. Git workflows are much easier when you can simply use biometric unlock for committing or signing, adding an extra layer of security and convenience to terminal-based authentication.

Do even more with your Proton Pass browser extension

We’re going to continue focusing on making Proton Pass a powerful assistant for you on your web browser.

To speed up your browsing, biometric unlock is coming to the Proton Pass extension. It’ll be available for macOS and Chromium first, with other browsers and OS released gradually. You’ll be able to use your fingerprint or face ID to unlock your account instead of using your master password or PIN code for added convenience. Your account will remain just as secure while saving you time logging in.

We’re also making improvements to autofill in your Proton Pass browser extension. iFrame autofill will detect autofill opportunities in websites and apps with more complicated layouts, like banking apps. URL matching will allow you to configure autofill exactly the way you want, allowing Proton Pass to suggest information for the exact website you’re visiting, a highly requested update.

Because you always need access to your vaults, offline mode for browser extensions is also coming soon. Offline mode is already available for your web, desktop, and mobile Proton Pass apps, so this will keep your vaults accessible when you’re not connected to the internet, no matter which app you’re using. If you’re traveling or if you’ve simply lost connection, you won’t be cut off from the valuable information you need.

Much more than a password manager

Everything we’re developing for Proton Pass makes it easier and more convenient for you to protect your online accounts and organize your digital life. Expanding the core features and capabilities available helps us make Proton Pass a valuable tool for anyone and everyone, at home or at work.

We couldn’t make these updates without the valuable guidance of our community, and we want to hear from you: What would you like to see released for Proton Pass? Tell us what works for you and what you need on Reddit or UserVoice.

Together, we’ll make an internet where your identity is secure and your privacy is protected by default.

Meta is using employee behavioral data for AI training

Elena Constantinescu — Thu, 23 Apr 2026 16:55:20 GMT

Meta is reportedly preparing to capture US-based employee behavior — including mouse movements, clicks, keystrokes, and screen snapshots — to help train its AI systems to navigate software the way humans do.

Dubbed the Model Capability Initiative (MCI), according to Reuters, the program is part of Meta’s broader push to build AI agents that can autonomously perform computer-based tasks, from navigating dropdown menus to using keyboard shortcuts.

Meta said it will protect sensitive information but didn’t clarify what data qualifies as sensitive material, how that protection would work, or whether it would extend to third-party information that employees may handle on the job.

The move comes as Meta prepares to cut 10% of its workforce starting May 20, with more layoffs reportedly expected later this year.

The new AI gold rush is behavioral data

AI companies have already burned through huge amounts of public internet data, and Meta’s MCI is an example of these companies going deeper in their pursuit of the latest AI training fodder: behavioral data.

Behavioral data refers to the digital traces people leave behind as they move through systems: the clicks, keystrokes, pauses, corrections, shortcuts, and navigation patterns that show how a task actually gets done. It is valuable to companies because it captures not just the output of work, but the process behind it — something that AI systems currently struggle to process and replicate.

Microsoft Recall follows the same logic by taking snapshots of what a person does on their computer, with Microsoft presenting it as a form of productivity tracking software, not an AI training pipeline. But it still shows how comfortable Big Tech has become with turning highly detailed behavioral traces into something systems can record and learn from. In workplace settings, features framed as optional can become hard to refuse when employers control company policy and shape the power dynamics around consent.

In Meta’s case, MCI seems like another building block in a broader push to capture more intimate and revealing forms of personal data. The company is already using all Meta AI interactions across Facebook, Instagram, WhatsApp, and the rest of its ecosystem for product improvement, AI training, and targeted ads in places that don’t have strong privacy protections like the GDPR.

Tracking employees can make work worse

Another problem with Meta tracking employees for AI training is that it can make work worse. Like click tracking software, it treats keystrokes and mouse movements as meaningful signals. But even with more advanced AI layered on top, those are still poor stand-ins for actual performance, particularly in knowledge work where critical thinking, planning, connecting ideas across functions, and solving problems often look invisible from the outside.

Once workers know those signals are being captured — especially if they suspect they could one day be replaced by the AI agents they are helping refine — it creates a perverse incentive to optimize for looking busy, or even to deliberately distort their behavior instead of doing meaningful work. Surveillance and mistrust become the workplace norm.

A privacy-first infrastructure matters

Platforms built around extraction make every interaction start to look like data waiting to be monetized, optimized, or fed back into another system. When AI is involved, that system may be used to study you, imitate you, and eventually displace you.

Privacy-first services matter because the less data a company can access, the less room it has for this kind of mission creep. Strong protections like end-to-end encryption help limit what a platform can see in the first place, while open-source code adds transparency by allowing independent scrutiny of how those systems actually work. Together, they help protect the trust of both employees and customers.

Simplify team password sharing with groups for Proton Pass

Son Nguyen Kim — Thu, 23 Apr 2026 14:56:57 GMT

Sharing in Proton Pass is flexible by design. Whether you need to share a single item or an entire vault, or grant temporary or permanent access, there’s an option to do so securely from your Proton Pass account. Today we’re introducing groups in business plans to give you more control over your team’s sharing and improve collaboration.

Admins for most multi-user Proton Pass plans can create groups that organize team members by category, such as by team, department, or project. Once you’ve created a group, you can control access to credentials by assigning those groups to specific vaults and items. Instead of sharing items or vaults individually, access is managed at the group level, making it easier to scale up or down as you need.

Groups are available in Pass Professional and the VPN and Pass Professional bundle.

Create your first group.

What you can do with groups

Groups make it easier to manage access and share items or vaults at scale. Instead of providing or revoking access one user at a time, you can create groups, add members, and assign permissions to all members at once.

As an admin, you can:

Create structure within your business by organizing users into groups based on teams, departments, projects, or roles.
Save time by assigning access to vaults and items at the group level instead of sharing individually.
Reduce manual work by managing access centrally through group membership.
Streamline onboarding and offboarding by adding or removing users from groups.

Within your organization, team members can:

Create items and share them directly with groups for easier collaboration.
Belong to multiple groups, inheriting access (to items or vaults) from all assigned groups and never wasting time chasing access to the tools and systems they need to get work done.
Always have access to the latest passwords and data shared with the groups they belong to, no matter which device or platform they’re using.

Put an end to unnecessary access

Protecting sensitive data within your business is easier when you team members have access to what they need and nothing more.

This is known as the “principle of least privilege,” and it’s one of the core principles of zero trust security. Zero trust is a cybersecurity framework that means a system never assumes anyone’s identity or access rights, and will verify every time access is attempted.

When it comes to sensitive data such as financial records or customer details, access must be limited strictly to those who need access. Otherwise, insider threats proliferate — 83% of businesses reported accidental or malicious data breaches caused by their own employees in 2024. If you’re not taking care to ensure that access is limited strictly to those who need it, and regularly removing legacy accounts for ex-employees, your valuable business data is at risk.

Groups make it simple to define who can access what within your network. Working with the principle of least privilege is difficult and prone to errors when you’re managing access at the user level. But working at the group level gives you a much clearer picture of access rights within your organization, making it easier and quicker to enforce properly structured access rights.

Simplify onboarding and offboarding

Introducing a new team member can be time-consuming and error prone, from assigning equipment to ensuring they have access to the tools and systems they’ll need for their role. A team member can get to work faster when the appropriate access is designated from day one. Adding them to a group is the most efficient and reliable way to set up their role and permissions within your network.

Groups also make offboarding easier and safer. Old accounts for former employees and contractors increase your attack surface and risk leaving “ghost access” to accounts they’re no longer authorized to see.

Easier team password sharing for faster work

Sharing credentials, WiFi passwords, payment details, and notes is a daily necessity in the modern workplace.

Vaults in Proton Pass are the ideal location to centralize the information and make it available to your team across multiple devices. But without proper access controls, sensitive information can still leak.

Groups reduce this risk and also ensure that members always have access to the latest version of credentials; if a password is changed by one user, it’s updated in real time for all other users.

Secure links are still available for one-off and temporary sharing, but group access permissions will prevent unauthorized sharing, reducing errors and protecting your network.

See Proton Pass in action

Proton Pass was designed to help everyone take control of their passwords, but businesses have unique collaboration needs and heightened risks. Small businesses are especially targeted by hackers, with one in four experiencing a cyberattack in the last year.

Swiss IT management firm GILAI and the French managed office provider Morning have enabled security and collaboration by switching to Proton Pass.

See how Proton Pass met GILAI’s rigorous security standards

Read about how Proton Pass powers Morning’s business model

Groups is the next step in making Proton Pass for Business the ideal tool for password management, access control, and collaboration. If you’re interested in finding out more about Proton Pass for Business, contact our sales team for more information.

We must keep age verification from killing anonymity online

Andy Yen — Thu, 23 Apr 2026 11:57:59 GMT

Online threats to children are real, but the headlong pursuit of age verification that we’re seeing around the world is unacceptable in its approach and far too broad in scope — and we simply can’t afford to get this wrong.

To be clear, parents’ concerns are valid and sincere. Few people would argue that kids should have unfettered access to adult material, to self-harm how-tos, to social media platforms that manipulate them and expose them to abuse.

But it’s the very depth of those worries that is being cynically exploited. Age verification as is currently being proposed in country after country would mean the death of anonymity online.

And we know exactly who stands to gain: The same tech giants who built the privacy nightmare that the internet is today.

When data gets collected, it will get out

The business of age-gating the internet has come a long way since the days of “Check this box if you’re over 18.” Now people are sending in passports and videos and even fingerprints. And what’s happened? The same thing that’s always happened: That data gets leaked.

Look at Discord. Last October, the chat platform beloved by gamers acknowledged that hackers had accessed the records, including photos of government IDs, of more than 70,000 users being held by a third-party vendor it had hired to enforce age verification.

And this will keep happening. The more sensitive data you stockpile in privately held databases, the bigger a target it becomes for criminals. If a social platform or dating app without expertise is ordered to collect it, they’re easy prey. Thousands of companies may manage to do it right, but some of them will surely fail. (Remember Ashley Madison?)

Even if you outsource age verification to a “specialist” third party, that’s no silver bullet, as Discord discovered. When age checks are a company’s sole business, the company may develop greater skill in shielding the data from hackers, but it also becomes an even more appealing target. And because it lacks other income streams, it needs to offset its costs somehow — and the temptation to monetize that data, to sell it, becomes hard to resist.

There are no heroes here

Governments cannot be trusted to come to the rescue. The European Union just unveiled a mobile app to check people’s ages, and it took hackers a matter of hours — one claimed only two minutes — to discover fatal flaws.

Calls are also growing for Big Tech to step in. Make Apple and Google and Microsoft do it, people say. With their control over operating systems, they can require IDs and block access to kids at the device level, right? And just a few weeks ago, Apple announced a plan in the UK to do exactly that.

But these companies have built their empires on collecting data and on preferencing their own products to disadvantage competitors. They’ve paid billions in fines for doing it. If they’re given even more power to decide who can download what, and track who is doing what, does anyone seriously believe they won’t abuse that power?

Leads to ID verification for adults

Online privacy has always been tenuous. But with age verification, we’re on the cusp of, once and for all, requiring ID for every single person going online, for any reason, legal or not, adult or not. And that should terrify us all.

While no business can simply disregard the laws in its jurisdiction, Big Tech companies have demonstrated that they will collude with governments on an industrial scale. They cooperate with hundreds of thousands of data requests from governments every year, many never seen by a judge, and that number is only growing.

What’s more, they are known to cave to state pressure and ban apps. If every Apple account in the UK is tied to a government-issued ID, how long will it be before every other country expects the same? Once you’re using these collected IDs to block access based on age, it’s a short leap to blocking access based on nationality or other factors as well.

How long before China demands the names of every person who downloaded a certain app? How long before lists of “undesirables” are sent to the tech giants, with orders to be blocked from the internet entirely? Is this really a road we’re prepared to go down?

When online anonymity is stripped away, whistle-blowers keep their mouths shut. People in desperate need of help don’t ask for it. And democracy itself suffers, as those would seek to hold their government accountable don’t always want to do so with their real name attached.

Power needs to shift, but not to Big Tech

Technology companies should never become gatekeepers for every adult on the internet, but they must still do their part. They must direct their design firepower toward improving parental-control features at both the app and device levels. These should be obvious and easy to use, not an afterthought scattered across hidden menus. This puts the power and authority to protect children firmly where it belongs: with parents.

We cannot accept a world where every adult is expected to hand over ID as the price of going online. The scope of places where age verification is required must be strictly confined to areas like pornography and social media, where the potential for harm is greatest.

And if as a society we conclude that a narrowly drawn age-verification system is both necessary and inevitable, it must be done right. Checks must be conducted entirely client-side, on the user’s device. They should rely on facial scans, not uploaded IDs, that are instantly discarded once processed. The answer to the binary question of whether the user is “of age” must be fully anonymized, divorced from any identifying information, and transmitted entirely under end-to-end encryption. And the code that underpins the system must be open-source, allowing the public to be certain that these expectations are being met.

Never forget what the real threats are

These requirements are non-negotiable, because the only way to guarantee that age-verification data will not be stolen, shared, or abused is to not collect it at all. We certainly cannot entrust it to the same giants that have a proven track record of exploiting our private information. Or to faceless new companies with incentives to misbehave. Or to governments that, let’s face it, have their own history of failing to protect user information or abusing it themselves.

And bit by bit, we need to tackle the real root cause of so much of the harm we see online: The advertising- and attention-based business model that gives almost every company an incentive to spy, to track, and to keep everyone, and especially kids, hooked on their products.

Meta, the parent of Facebook, has been strongly lobbying in favor of age verification for years, but not out of concern for children. They want to lift any responsibility from their shoulders, so they can keep targeting adults with their toxic products. Age verification should not distract us from the real danger to children and adults alike.

Given all the online threats out there, the desire to “do something” to protect kids is understandable, even laudable. But with age verification, we’re at risk of locking in and reinforcing all the worst aspects of the internet. And the end of the road for all these good intentions is a hellish place indeed.

Survey shows Nordic countries are fed up with US tech

Edward Shone — Thu, 23 Apr 2026 11:55:17 GMT

Citizens of Denmark, Sweden, Norway, and Finland are becoming increasingly critical of US tech companies and worried about their outsize power in Europe. Much like their neighbors to the south, consumers in the Nordic countries believe Europe has become overly dependent on Big Tech companies answerable to Washington and think it’s time to find alternatives.

A new Proton survey of 4,000 people living in Nordic countries found that around 83% believe Europe is reliant on US apps and services, and 85% find this reliance concerning.

In our earlier study of 3,000 people across the UK, France, and Germany, we discovered that 73% believed their societies were far too dependent on US tech companies. Recently, the French government said it was dropping Windows and other US services, and Germany and other countries are also seeking European digital sovereignty. The de-Americanization trend is clear.

But what about the Nordic countries? Perhaps unsurprisingly, they were just as worried, if not more so.

Nordic citizens are more likely to want to switch to European tech services than people in other European countries are.
64% of those who follow the news say that tensions between the US and Europe have changed how they feel about using US tech apps and services.
Data sovereignty and pro-European sentiment are the strongest motivators for people in Nordic countries when choosing European tech.

Geopolitical tensions between the United States and the Nordic countries have skyrocketed since January. President Trump threatened to invade Greenland, a Danish territory. Greenland’s Prime Minster Jens Frederik-Nielsen has continually pushed back on US aggression and called on NATO to defend it against invasion. Subsequently, Trump threatened to end the US military alliance with Europe.

Amid this turbulence, consumer attitudes toward US tech are changing. Our survey investigates how the current political landscape is shaping the attitudes of citizens in Nordic countries.

Resistance to US tech is strongest in Nordic countries

85% of Danish respondents believe Europe is very or extremely dependent on US technology companies, with 87% expressing concern about this dependence
78% of Norwegian respondents believe Europe is very or extremely dependent on US technology companies, with 84% expressing concern about this dependence
82% of Swedish respondents believe Europe is very or extremely dependent on US technology companies, with 81% expressing concern about this dependence
86% of Finnish respondents believe Europe is very or extremely dependent on US technology companies, with 89% expressing concern about this dependence

People in Nordic countries are even more concerned about over-reliance on US tech than their European counterparts. This is unsurprising, given the contentious standoff between Denmark and the United States over Greenland.

It has become obvious to most consumers that anything you do using US tech will never be private. Cloud storage, email, and messaging apps operating out of the US capture activity that can potentially be shared with the NSA, even when users are based in another country. This is thanks to agreements such as Five Eyes, Nine Eyes, and Fourteen Eyes, which allow intelligence gathering across borders.

Section 702 of the Foreign Intelligence Surveillance Act (FISA) has also allowed the US to surveil foreigners overseas without suspecting terrorism or requiring approval from a court since 2008. Europeans’ communications including emails, phone calls, text messages and more can be demanded from American companies from intelligence agencies.

People in Nordic countries and their European neighbors don’t want to be subject to unwarranted surveillance, and they’re getting less comfortable with sending money abroad to companies that constantly flout data regulations.

The Nordic countries also have a healthy software industry of their own, with many newer organizations pursuing alternative strategies to their US counterpart. Rather than focusing on personal data collection or social media, these new software companies are focusing on solutions for specific, less digitized industries such as construction, regulation enforcement, and real estate. As this industry grows and resistance to US tech increases, Nordic countries are clearly more interested in finding or even building alternatives.

Nordic sentiment is strongly influenced by the news

67% of Danish respondents of those who follow the news state that growing tensions between the US and Europe motivate them to prefer European services.
65% of Norwegian respondents of those who follow the news state that growing tensions between the US and Europe motivate them to prefer European services.
65% of Swedish respondents of those who follow the news state that growing tensions between the US and Europe motivate them to prefer European services.
60% of Finnish respondents of those who follow the news state that growing tensions between the US and Europe motivate them to prefer European services.

Globally, the US’s behavior on the world stage has drawn sharp criticism in recent months. Trump’s threats of leaving NATO have united member countries in opposition. Even within the US itself, protests have broken out against the administration, acts of violence by ICE agents, and the invasion of Iran.

US tech is deeply entwined with the US government. When Trump’s second term began, Big Tech leaders took their place at the inauguration to signal their willingness to work with the administration. OpenAI’s close and changing relationship with the US military and DHS officials’ unsanctioned use of Meta’s Ray-Ban smart glasses are just two recent examples of the blurring boundary between Big Tech’s surveillance platforms and government operations.

Clashing values are likely a driving force behind the change in perception toward American tech. When people in Nordic countries see that Meta endangers child safety, or that Google doesn’t keep their photos private, this reinforces the idea that these companies don’t share the Nordic values of building a healthy society and conducting business ethically.

Desire for secure European tech is growing

If a European app or online service could match the price, features, and usability of an American app or service, 71% of Danes would prefer companies based in Europe
If a European app or online service could match the price, features, and usability of an American app or service, 75% of Norwegians would prefer companies based in Europe
If a European app or online service could match the price, features, and usability of an American app or service, 67% of Swedes would prefer companies based in Europe
If a European app or online service could match the price, features, and usability of an American app or service, 74% of Finns would prefer companies based in Europe

Once again, people in Nordic countries are more likely to prefer European tech if they had access to tech of equal quality. Much like their European neighbors, Nordic respondents are keen to find alternatives to the American tools they’re already using.

Interest in building the EuroStack has significantly grown in recent year, for obvious reasons. The European Commission has issued more than $7 billion in fines to Google, Apple, and Meta since the start of 2024, which the White House is positioning as over-regulation that will ultimately prevent the EU from benefiting from AI.

When asked which features would encourage them to choose a European app or service, respondents said they want products that protect their privacy with local laws and support their own economies.

In Denmark:

49% want to support the European economy
48% want their data stored under European laws
47% want greater trust when it comes to processing personal data

In Norway:

55% want stronger data-privacy protections overall
54% want their data stored under European laws
53% want greater trust when it comes to processing personal data

In Sweden:

49% want their data stored under European laws
47% want stronger data-privacy protections overall
47% want to support the European economy

In Finland:

57% want greater trust when it comes to processing personal data
52% want stronger data-privacy protections overall
51% want to support the European economy

Nordic countries are ready to make a change

65% of Danish respondents agree that people in Europe should rely more on European technology companies for everyday apps and services
66% of Norwegian respondents agree that people in Europe should rely more on European technology companies for everyday apps and services
62% of Swedish respondents agree that people in Europe should rely more on European technology companies for everyday apps and services
69% of Finnish respondents agree that people in Europe should rely more on European technology companies for everyday apps and services

Around two-thirds of Nordic respondents say they want more buy-in from Europeans for homegrown technology. To make this happen, we need to understand what’s at stake if Europe continues to rely on US tech.

US Big Tech companies have created not just a technological monopoly, but also a global surveillance apparatus. This apparatus is being used to dominate international markets, control political narratives, and invade the privacy of citizens everywhere.

Breaking up with Big Tech itself isn’t that simple, given the enormous monopolies US companies hold. Denmark is refusing to sign licensing deals with Meta and Google, building its own Danish Press Collective Management Organization (DPCMO) to empower the country’s media ecosystem. However, the country has also hosted a Google data center since 2020. We’re watching sentiments towards US tech change in real time, and consumer attitudes will likely affect the directions that governments choose to take.

There’s never been a better time to switch to European tech

Now that there’s a groundswell of desire for better European tech, a change is possible. Once Europeans and people in Nordic countries know exactly what’s at risk when they keep relying on Google, Meta, and Microsoft, they know they want to protect themselves against this surveillance. In the past, there haven’t been European tech options that could compete with US tech — but that’s changing.

Surveillance isn’t automatically built into every tech product — that’s a deliberate choice made by US companies that people around the world have now come to expect from every service. But everything from email to video calls to AI chatbots can actually be private (and should be.)

Proton operates out of Switzerland, giving people in every country around the world Swiss regulatory data protection and access to end-to-end encryption that prevents international surveillance. We understand what’s at stake if the US continues to dominate the world with Big Tech; that’s why we’ve built an ecosystem that competes with those services without compromising on data privacy. By choosing European alternatives like Proton, it’s possible to both support the European economy and protect your own personal data.

Learn the specific risks to businesses relying on US tech