Frequently Asked Questions

1. I’m a student doing an assignment, can you help me?
2. Can you give me legal advice?
3. What is EFA’s copyright policy?
4. May I link to information on EFA’s site from my own site?
5. Are donations to EFA tax deductible?
6. I’d like to volunteer to help EFA — what can I do?
7. How else can I support EFA?
8. Want to improve your digital health?
9. Do you support private email services?
10. Do you support VPNs?
11. Do you support data deletion services?
12. Which privacy-preserving browsers and search engines do you recommend?
13. How do I keep all my passwords safe?
14. How do I minimise my online footprint?
15. Want to make a complaint to a regulator?
16. I need help with a privacy complaint — what should I do?
17. I need help with a spam complaint — what should I do?
18. I have a problem with a goods/services purchase online — can you help?
19. For journalism students

I’m a student doing an assignment, can you help me/tell me…?

It depends. EFA is a non-profit, primarily volunteer organisation funded by membership subscriptions and donations. Unfortunately, our capacity for assistance of this type is very limited and we are frequently unable to provide personalised or in-depth responses to the many questions from students who email EFA.

Many students ask for information that is readily available on EFA’s site (which includes a search engine). EFA does not respond to such questions, nor to requests that sound as though the person is asking EFA to write their assignment, or sections of it, in order to save the person having to research the assignment topic for themselves. If you have an inquiry that does not fall into the above categories, EFA may respond depending on time availability. You will be more likely to receive a response if you ask specific and clear questions and advise a date by which you need a response (and also if that date is at least a week into the future).

If you are a student journalist please see more under the topic Student Journalism Guide below.↑ Back to top

Can you give me legal advice about…?

No. EFA is a non-profit, primarily volunteer organisation principally involved in advocacy and educational activities concerning online freedoms and digital rights. EFA’s work and activities are funded by membership subscriptions and donations. Although from time to time some of our board members may be lawyers, they are not able to provide legal advice on behalf of EFA.

EFA is not a legal service or law firm and therefore may not provide legal advice to its members or the public. However, EFA may provide information of an educational nature concerning laws affecting online users, publishers, content hosts and others. In a very limited range of circumstances EFA may be able to assist in other ways relative to a particular case, for example, on how to lodge a privacy complaint and with which regulator. The EFA cannot hold a practising certificate as a lawyer, therefore, cannot give anything that could be understood to be legal advice.↑ Back to top

What is EFA’s copyright policy: Do I need permission to copy or quote information on EFA’s web site?

Please refer to EFA’s copyright policy for full details on copying or quoting content from our site.↑ Back to top

May I link to information on EFA’s site from my own site?

You do not need permission from EFA to link to any of EFA’s pages, provided that clicking on the link on your site does not result in the text/content on EFA’s page being framed/displayed on your site (e.g. under a banner heading) in a way that could give readers the impression the text/content is on your site rather than on EFA’s site. If you are intending to link in a manner that results in text/content on EFA’s page being framed/displayed under a banner or beside a side bar on your site, you should advise EFA of this intention and ask for permission to link, which may or may not be granted depending on the purpose and circumstances.↑ Back to top

Are donations to EFA tax deductible?

No, not at this time. EFA is not able to obtain tax deductible gift recipient (“DGR”) status due to the provisions of Australian tax law which does not permit organisations whose principal activities include political lobbying to be granted DGR status.

EFA Registered Charity Status

EFA is officially registered with the Australian Charities and Not-for-profits Commission (ACNC).

• Registration Date: EFA has been a registered charity since July 1, 2023.
• Entity Type: It is registered as an “Other Incorporated Entity” (specifically, it is incorporated in South Australia).
• Charitable Sub-type: Its registration is focused on its role in advancing education and promoting/protecting human rights (digital rights).

Tax Deductibility (DGR Status)

While EFA is a charity, it does not have Deductible Gift Recipient (DGR) status. This means if you make a donation to EFA, you cannot claim it as a deduction on your personal or business income tax return.

Under Australian tax law, DGR status is only available to organisations that fit into specific categories (such as “Public Benevolent Institutions,” health promotion, or environmental groups). Because a significant portion of EFA’s work involves political lobbying and advocacy to reform laws, it does not currently fit the strict criteria set by the Australian Taxation Office (ATO) for a DGR-endorsed entity.↑ Back to top

I’d like to volunteer to help EFA, what can I do to help?

Thank you for showing an interest in helping EFA! Please visit the volunteer section of the More Ways to Help EFA page for information about volunteering to help EFA.

↑ Back to top

How else can I support EFA?

Besides volunteering you can:

• Join as an individual or business member.
• Make a donation.
• Buy some EFA merch.
• Include a thoughtful bequest gift to EFA in your Will — one of the most powerful things you can do to contribute towards a better, brighter and safer digital future for all Australians. See the steps below.

How to make a bequest gift to EFA

It’s easy to include a gift in your Will, legally known as a ‘bequest’. Simply follow the steps below.

1. Speak to your family and loved ones and to your lawyer. Making or updating your Will is an incredibly personal and significant decision. Consider your family and friends, reflect on leaving a gift to EFA, and discuss your decision with your loved ones.
2. Decide what type of gift you want to give. You can leave the residual of your estate after caring for your loved ones, or choose a percentage of your estate.
3. Enlist the help of a professional. Your Will is an important legal document and should be worded correctly. A solicitor or public trustee can help with this process.
4. Create your legacy in digital rights. To include a gift to EFA, all you need is our ABN 35 050 159 188 and registered name – Electronic Frontiers Australia Inc.

You may wish to use our recommended wording:

“I give to Electronic Frontiers Australia Inc (ABN 35 050 159 188) free of all taxes and other deductions (the residue of my estate / a ___% share of my estate) for its general purposes, and the receipt given on behalf of Electronic Frontiers Australia Inc shall be sufficient discharge of my instructions to the trustee/executor/executrix of my estate.”

Contact [email protected] if you would like to discuss making a bequest gift to EFA.↑ Back to top

Want to improve your digital health?

Have a look at our Digital Health Check content for practical guidance on improving your digital wellbeing and security.↑ Back to top

Do you support private email services? Do you have recommendations?

Yes, we do. Private email services provide enhanced security and privacy through end-to-end encryption, ensuring only you and the recipient can read your messages. Unlike some providers, they don’t scan your emails for advertising purposes and protect against data tracking, profiling, and hackers. Many also use zero-knowledge architecture, meaning even the provider itself cannot access your data.

Based on current (Mar 2026) reputable published reviews, the best private email services include:

• Proton Mail (Best Overall Privacy): Based in Switzerland, offering end-to-end encryption, zero-access encryption, and anonymous sign-ups. Also includes a built-in calendar and VPN.
• Tuta (Best for Security/Open Source): Uses a unique, quantum-safe encryption method that secures subject lines and contacts, not just the body. Fully open-source with a free tier.
• Mailfence (Best for Integration): A Belgian-based service offering OpenPGP, digital signatures, and an integrated suite including secure calendars, document storage, and chat.
• Mailbox.org (Best for Productivity): A German provider offering a secure, ad-free email experience that includes cloud storage, video conferencing, and office tools.
• Posteo (Best for Anonymous Personal Use): A simple, ad-free, sustainable, and entirely anonymous email service that allows cash payment for subscriptions.

↑ Back to top

Do you support virtual private networks (VPNs)? Do you have recommendations?

Yes, we do. VPNs are used to enhance online privacy, security, and internet anonymity by encrypting internet traffic and masking your IP address. They protect your personal data on public Wi-Fi, prevent ISP snooping, bypass geo-restrictions for streaming, and avoid bandwidth throttling.

Key reasons to use a VPN include:

• Secure Public Wi-Fi: Encrypts data on public networks (cafes, airports), preventing hackers from stealing sensitive information.
• Privacy from ISP Tracking: Prevents Internet Service Providers (ISPs) from tracking your browsing history or selling your data.
• Bypass Geo-Restrictions: Allows you to appear as if you are in a different country to access region-locked streaming content.
• Prevent Bandwidth Throttling: By hiding your online activity, ISPs cannot slow down your connection based on what you’re doing.
• Remote Work Security: Enables secure access to company resources for remote workers.
• Secure Transactions: Protects financial transactions and personal data from being monitored by third parties.

Warning: Not all VPNs are created equal! Free VPNs often compromise user privacy and security by logging and selling user data to third parties. Studies show over 60% of free VPNs contain tracking libraries.

Based on current (Mar 2026) reputable published reviews, the best VPNs appear to be:

• NordVPN (Best Overall): Known for the fastest speeds, a massive server network, and high-level security features.
• ExpressVPN (Best for Beginners): Highly reliable with an intuitive, user-friendly interface and strong streaming performance.
• Surfshark (Best Budget/Value): Offers competitive speeds and premium features at a lower price point, plus unlimited device connections.
• Proton VPN (Best for Privacy): A highly secure, audited, and open-source option with a strong free tier.
• Mullvad VPN (Best for Anonymity): Highly regarded for its commitment to privacy, including allowing accounts without personal emails and accepting cash payments.

↑ Back to top

Do you support data deletion services? Do you have recommendations?

Data deletion services (or data removal services) scan, locate, and remove personal information — such as addresses, phone numbers, and family members — from data broker sites and public search engines. They automate opt-out requests, reducing your digital footprint, improving privacy, and limiting risks like phishing, identity theft, and telemarketing.

While effective, these services cannot erase 100% of personal data from the internet. They cannot prevent data brokers from re-acquiring information and often require recurring fees for continuous protection.

EFA does not have any particular view on the utility, effectiveness, or safety of online data deletion services. From EFA’s perspective, the best strategy is to reduce your online footprint generally — see How do I minimise my online footprint?↑ Back to top

Which privacy-preserving web browsers and search engines would you recommend?

Based on current (Mar 2026) reputable published reviews, the best privacy-preserving web browsers appear to be:

• Brave: A Chromium-based browser that blocks ads, trackers, and fingerprinting by default. High speed with a familiar interface for Chrome users.
• Tor Browser: The gold standard for anonymity. Routes traffic through multiple nodes, hiding your IP address and location, though it is slower.
• LibreWolf: A version of Firefox focused on privacy and security, removing telemetry and including tools like uBlock Origin.
• DuckDuckGo Browser: Available on mobile and desktop, providing strong tracker blocking and easy data clearing.
• Epic Privacy Browser: Strictly blocks trackers, fingerprinting, and scripts through an encrypted proxy.

The top 5 privacy-preserving search engines are:

• DuckDuckGo: The most popular privacy-focused search engine, which does not track your search history, IP address, or user information.
• Startpage: Serves as a proxy delivering Google-quality search results while scrubbing identifying data from your search requests.
• Brave Search: Operates its own independent index, not relying on Bing or Google, offering a fully private searching experience.
• Qwant: A Europe-based (France) engine complying with strict GDPR standards, not storing personal data or selling it for advertising.
• Swisscows: A Switzerland-based search engine that does not track or store user data, and offers “family-friendly” content filtering.

↑ Back to top

I have so many passwords covering multiple devices. How do I keep them all safe?

In the early to mid 2020s, the strategy for protecting passwords shifted from “making them complex” to “removing the need to remember them.” The most effective protection uses a multi-layered approach that prioritises automation and hardware over human memory.

1. Adopt Passkeys

Wherever possible, switch from passwords to passkeys. Instead of a typed string, a passkey uses a cryptographic key pair — your device stores a private key, and the website stores a public one. They are inherently phishing-resistant because there is no “secret” to type. You simply authenticate using your device’s biometrics (Face ID/Fingerprint) or PIN.

2. Use a Dedicated Password Manager

For accounts that don’t yet support passkeys, a password manager is essential. Top choices in 2026: 1Password (best-in-class UI), Bitwarden (open-source and excellent free tier), or Apple Passwords/Google Password Manager (for seamless ecosystem integration).

Your Master Password for the vault should be a passphrase — a string of 4–5 random words (e.g., Coffee-Table-Green-Running-99). Easier for you to remember but statistically harder for a computer to brute-force.

3. Layer with Hardware-Based 2FA

Multi-Factor Authentication (MFA) is now a must-have, but not all MFA is equal. Avoid SMS — scammers can bypass SMS codes via “SIM swapping.” Use authenticator apps like Microsoft Authenticator or Authy instead. For your most sensitive accounts, use a physical security key like a YubiKey, which requires the physical device to be present to log in.

4. A tip for older users

Consider using no-longer-extant addresses and phone numbers of friends and relatives from the 1970s/1980s (or beyond!) that can’t be researched online. Since this information is already encoded in your memory, you are less likely to write it down. A calendar note using a mnemonic (e.g., “Grandauntie Edie’s”) can remind you what your password was without giving it away.

↑ Back to top

How do I minimise my online footprint?

The best overall strategy is a combination of digital minimalism (intentional, reduced sharing) and active removal of existing data, rather than trying to disappear entirely. Here is a 3-step process that should substantially improve your privacy and safety.

1. Initial Audit and Cleanup (The “Delete” Phase)

• Search yourself: Use Google, Bing, and Yahoo to look up your full name (in quotes), email addresses, and phone numbers to see what is public.
• Delete unused accounts: Use services like JustDelete.me to find and delete old social media, shopping, and app accounts. Dormant accounts are prime targets for hackers.
• Request data removal from brokers: Use opt-out procedures for “people search” sites (e.g., Whitepages, Spokeo).
• Use automated tools: Consider data removal services such as Incogni, DeleteMe, or Optery. See Do you support data deletion services?

2. Tighten Privacy and Security (The “Lockdown” Phase)

• Audit app permissions: Review and revoke unnecessary app permissions on your phone (location, contacts, microphone).
• Social media lockdown: Set all profiles to “private,” review tagged photos, and limit past posts.
• Use a password manager: Generate unique, complex passwords for every account.
• Set up 2FA: Enable two-factor authentication on all sensitive accounts, preferably using an app rather than SMS.

3. Change Daily Habits (The “Minimalism” Phase)

• Share less personal data: Avoid posting sensitive personal information (birthdays, addresses, pet names) or sharing real-time locations.
• Use aliases and masking: Use email alias services (e.g., SimpleLogin) and masked phone numbers for sign-ups to keep your primary contact info private.
• Use a VPN: Always use a quality VPN on public Wi-Fi to mask your IP address and encrypt your internet traffic.
• Switch browsers: Use privacy-respecting browsers (e.g., Brave, Firefox, TOR) and search engines (e.g., DuckDuckGo) that block third-party trackers.

↑ Back to top

Want to make a complaint to a regulator?

See the sections below for guidance on privacy complaints, spam complaints, and consumer complaints.↑ Back to top

I need help with a privacy complaint, what should I do?

In Australia, most privacy complaints are dealt with by a Privacy or Information Commissioner depending upon the relevant jurisdiction. Importantly, complaints at this level are free (they are not litigation) and you are not exposed to costs consequences.

1. The Federal Privacy Commissioner (OAIC)

The Office of the Australian Information Commissioner (OAIC) enforces the federal Privacy Act 1988. They handle complaints regarding the mishandling of personal information by Australian Government agencies and private sector organisations (typically businesses with an annual turnover of more than $3 million, as well as all private health service providers and credit reporting bodies).

You can complain to the OAIC about issues such as:

• Breaches of the Australian Privacy Principles (APPs)
• Data Breaches — unauthorised access, disclosure, or loss of your personal information
• Access and Correction — an organisation refusing to give you access to or correct your personal information
• Sensitive Data Mishandling — improper handling of your Tax File Number (TFN), credit report, My Health Record, or spent convictions

2. State and Territory Privacy Commissioners

State and territory regulators handle complaints regarding state and local public sector organisations, including state government departments, local city councils, state police forces, public universities and TAFEs, and statutory authorities.

Common Requirements for Investigation

• You must complain to the organisation first before escalating to the commissioner.
• Time limits: the complaint usually needs to be about something that occurred within the last 12 months.
• It must involve “personal information” identifiable to you.

State and Territory Privacy Contacts

• ACT: ACT Information Privacy Commissioner — [email protected]
• NSW: Information and Privacy Commission NSW — [email protected]
• NT: Office of the Information Commissioner NT — [email protected]
• QLD: Office of the Information Commissioner QLD — [email protected]
• SA: Privacy Committee of South Australia — [email protected]
• TAS: Ombudsman Tasmania — [email protected]
• VIC: Office of the Victorian Information Commissioner — [email protected]
• WA: Office of the Information Commissioner WA — [email protected]

Other ways to make a privacy complaint

On 10 June 2025, changes to the Privacy Act took effect creating a statutory tort for serious invasions of privacy, giving individuals an additional avenue for redress in the courts. The tort extends to individuals and other entities that may not necessarily be an Australian Privacy Principle entity.

An individual (plaintiff) may have a cause of action where another person or organisation has invaded their privacy by intruding upon their seclusion, or by misusing information that relates to them — in instances where the plaintiff would have had a reasonable expectation of privacy.

Timeframes: Proceedings must be commenced within the earlier of 1 year after becoming aware of the invasion, or 3 years after it occurred. Those under 18 when the invasion occurred must commence before their 21st birthday.

Risks and Expenses: Going to court is similar to a defamation action — you will need a solicitor and a barrister and it will likely be expensive. Consider approaching professional pro bono services such as Law Right in Queensland.

Note: All of the above information is general in nature and is not legal advice. EFA urges individuals to seek independent legal advice.↑ Back to top

I need help with a spam complaint, what should I do?

The rules of the Spam Act 2003 (Cth) are fairly straightforward.

• The law prohibits a person or business from sending unsolicited commercial electronic messages, emails, texts, or instant messages without a person’s consent.
• Any commercial message must include an option to unsubscribe. The unsubscribe function must be clear and work for at least 30 days. It cannot require additional personal information or login to opt out.
• The rules apply when the sender or recipient is located in Australia.

Exceptions: The rules don’t apply to registered charities, educational institutions, government bodies, and registered political parties.

Anyone who thinks they’ve received a non-compliant message can complain to the Australian Communications and Media Authority (ACMA). You can also report it by:

• Forwarding email spam to [email protected] (do not change the subject line or add any text)
• Forwarding SMS or MMS spam to 0429 999 888 (standard message charges apply)

↑ Back to top

I bought/tried to buy goods or services via a web site and now I have a problem/complaint with the seller. Can you help me?

No. EFA does not provide a complaints handling or dispute resolution service. We suggest you contact the Consumer Affairs or Fair Trading departments in your state or territory:

• ACT: Access Canberra (Fair Trading) — [email protected]
• NSW: NSW Fair Trading — [email protected]
• NT: Northern Territory Consumer Affairs — [email protected]
• QLD: Office of Fair Trading Queensland — [email protected]
• SA: Consumer and Business Services (CBS) — [email protected]
• TAS: Consumer, Building and Occupational Services (CBOS) — [email protected]
• VIC: Consumer Affairs Victoria — [email protected]
• WA: Consumer Protection — [email protected]

You may also contact the Australian Competition & Consumer Commission (ACCC) for certain consumer protection issues, though they generally focus on systemic issues rather than individual disputes. For individual “money back” or “repair” issues, your local state or territory agency is usually the more effective choice.

You may also have rights in respect of online purchases made via your payment provider (e.g., PayPal, credit card platforms, your bank).

Note: All of the above information is general in nature and is not legal advice. EFA urges individuals to seek independent legal advice.

↑ Back to top

For journalism students — Student Journalism Guide

At EFA we often receive requests for comment in the media on issues within the association’s scope. Subject to the board’s other priorities, we respond to student journalism requests as promptly and as detailed as possible. Please read the following guidelines before contacting us — it will help us assist you more effectively and you can expect a better quality result with more time before your deadline.

• Please do not misrepresent yourself. It is not only unnecessary to pretend you are a technology journalist with an established career at a large publication, but it is unethical and academic misconduct.
• Please consider what EFA’s likely stance is on issues before asking questions about them. Answers about why EFA holds a particular position are much more likely to be of interest to your readers than self-evident questions.
• Please do not leave your assignment until the night before it’s due — it’s unlikely an EFA spokesperson will be able to assist you in time to meet your deadline.
• Please try to articulate your questions clearly. If we can’t understand your questions no matter how hard we try, we can’t help you.
• Please familiarise yourself with our website and blog, where we have already answered many questions in detail. Try searching at www.efa.org.au/search first.

Once you are familiar with these notes, email our media address and we’ll try to help you out.

↑ Back to top