Privacy By Design For Everyone

Welcome to the Calyx Institute

Our mission is to educate the public about privacy in digital communications and to develop tools that anyone can use. By embracing "privacy by design," we help make digital security and privacy more accessible to everyone.

Mobile Internet

With an Internet Membership, enjoy truly unlimited internet connectivity via a mobile Wi-Fi hotspot.

Read MoreJoin Now


With a CalyxOS Membership, get a new Pixel phone with CalyxOS, the OS focused on usable security and privacy.

Read MoreJoin Now

Digital Privacy and Security Survey 2021

We're excited to release our analysis of our first Digital Privacy and Security Survey. The survey and analysis were conducted by Maya Ninova between October and December 2021. With this survey, we sought to provide insights about people’s attitudes towards digital privacy and security, identify their awareness of protection and protective behavior, and explore internet users' knowledge and concerns related to digital privacy and security.

A total of 1146 individuals aged 18 years and over from different parts of the world responded the online survey, which contained 34 questions, available in Spanish and English. This online survey is based on non-random sampling and therefore we cannot draw conclusions for the entire population nor make predictions, but we hope that it serves as a useful foundation for future research.

This survey was funded by Internews' BASICS program. The full survey is available here.

The Pixel 4a (5G) with CalyxOS installed is now available as part of our new Privacy Hero Membership!

We're pleased to announce that we're now offering the Pixel 4a (5G) with CalyxOS preinstalled as part of our new Privacy Hero level membership. The Pixel 4a (5G) has a 6.2" Full HD+ OLED display, Sub-6 5G (no mmWave), 12 MP dual-pixel & 16 MP ultrawide lens, a long lasting battery, and a 3.5mm headphone jack. The phone can also be used as a 5G hotspot, data provided by your mobile carrier. As with all CalyxOS Memberships, our privacy phones do not come with a voice or data plan and you must add your own SIM card. The phone comes with our privacy based OS preinstalled, with continual over-the-air updates and support by the CalyxOS team into 2024.

The yearly dues for our Privacy Hero membership are $700 for the first year, with renewal dues at $10 the subsequent years. The Privacy Hero membership is not available as a quarterly membership.

CalyxOS is a project of the Calyx Institute. Our OS is guided by the principles of privacy, security, usability, and the support and use of free software. To learn more about CalyxOS, vist here:

To become a CalyxOS Privacy Hero, enroll here:

Microgrant: S.T.O.P. Surveillance Technology Oversight Project: Ban the Scan Campaign

We are excited to continue our partnership with the Surveillance Technology Oversight Project (S.T.O.P.) by making them one of our recipients of our Regional & Local Privacy Microgrants! We previously supported S.T.O.P. through our Microgrant project to support their work in publishing reports on the New York Police Department's compliance with privacy policies under the new POST Act, and on the implementation and impact of Community Control of Police Surveillance (CCOPS) legislation around the country. S.T.O.P. is a non-profit advocacy organization and legal services provider fighting to abolish local governments’ systems of mass surveillance.

S.T.O.P. uses a combination of education, advocacy, and litigation to research, expose, and abolish mass surveillance and support privacy. Their work focuses on the disproportionate and negative outcomes surveillance has on Muslim Americans, immigrants, the LGBTQ+ community, Indigenous peoples, and communities of color. For example, S.T.O.P. started the Ban the Scan Campaign in 2021, which highlighted the discriminatory and violent use of facial recognition on communities of color in NYC. Facial recognition has already led to the arrest of several innocent Black men. These arrests highlight facial recognition’s biased, flawed, and discriminatory use.

This grant will support S.T.O.P.'s expansion of the Ban the Scan Campaign - a campaign to abolish the use of facial recognition technology in NYC. The campaign will include media engagement and community outreach via written materials, trainings and forums to educate community members on the use and harms of facial recognition. S.T.O.P. will also use its litigation and legislation experience to support three bills to ban facial recognition use by the local government, workplaces, and residential buildings.

For info on S.T.O.P.:
For info on Ban the Scan:
For info on our Regional & Local Privacy Microgrants Fund:

Microgrant: AEMP Landlord Tech Watch

We are excited to announce the Anti-Eviction Mapping Project (AEMP) as one of the recipients of our Regional and Local Privacy Microgrants! The AEMP is a volunteer-run housing justice collective using data visualization, critical cartography, and community organizing to fight dispossession and evictions upon gentrifying landscapes in San Francisco, Los Angeles, and New York City.

Landlord tech (aka “proptech”) refers to the products and platforms used to control and surveil residential spaces, subjecting tenants to new forms of housing injustice. In collaboration with other local organizations, the AEMP launched Landlord Tech Watch as a platform for information on harms associated with landlord technology. They also offer resources on tenant rights, toolkits for how to keep landlord tech out of one’s home, and the opportunity for residents to self-report how landlord tech is being deployed in their buildings and neighborhoods.

Our funding will support the research and writing of two reports on landlord tech harms in San Francisco and New York City - both epicenters of proptech development and deployment. These reports will hopefully empower tenants by providing useful information in understanding the harms, histories, and geographies of landlord tech in these cities. Ultimately, these studies aim to serve coalition, policy, and housing justice work in the fight against landlord tech abuse.

For info on the AEMP:
For info on Landlord Tech Watch:
For info on our Regional and Local Privacy Microgrants Fund:

Sustainer Membership Sign-Up Temporarily Suspended

Thanks so much for your interest in our Sustainer memberships, which include M2000 5G mobile hotspots. Supply chain issues have caused some delays in our ability to restock the M2000 hotspots, so new Sustainer membership sign-ups will be temporarily paused so we can prioritize fulfilling existing orders. We are working with our hardware provider to restock these hotspots so we can fulfill all existing orders and begin new Sustainer membership signups again ASAP. Thanks so much for bearing with us!

Targeted Advertising on Mobile

Mobile Advertising Is A Nightmare

Two recent studies in 2021, one from Oxford and one from University of Edinburgh, have attempted to develop metrics for how much advertising-related tracking of personal information and behavior actually happens on Android and iOS devices.

Shocking no one, the answer is: a lot. The first study compares the apps in iOS and Android, looking at the level of tracking and personal information that is gathered by these apps, much of it likely in violation of various privacy laws in the EU. The authors conclude that consolidation in the tracking industry means that few a companies (particularly Google, Apple, and Facebook) have extensive access to user activities, and Apple and Google have no incentive to reduce bad behavior among apps.

The second study examines various distributions of Android OS itself: how the different device manufacturers such as Samsung and Xiaomi include all sorts of tracking in the stock operating system that is included with their devices. CalyxOS has zero trackers built into the OS, although CalyxOS was not included in this study.

The Future of Mobile Advertising

Both Google and Apple have designed their operating systems to facilitate the process of turning your personal information into a revenue stream, for apps you have installed and ultimately for carriers, device manufacturers, and Google or Apple. This is not simply a question of advertising: the extent of the personal data accumulated for the purpose of marketing is truely staggering, and has increasing consequences in our everyday lives, including health care, insurance, credit, immigration, and incarceration.

After years of public criticism, both iOS and Android have gradually made it harder for app developers to track users without going through the recommended hoops. While it was once possible for normal apps to track users with immutable identifiers related to the device, such as the IMEI number, this is no longer possible.

For both iOS and Android, major changes are coming soon (or newly deployed) to make tracking user behavior across apps and platforms more difficult.

In iOS 14.5, users now have to opt-in to being tracked on a per-app basis (previously they could opt-out). In Android 12, the ability to opt-out of tracking will actually be enforced on a per-device basis (previously, the opt-out was just a flag sent to the apps, now the apps won’t get the tracking identifier).

The operating systems can enforce these changes because there are basically three identifiers that the vast majority of advertising networks and data brokers use to correlate user behavior and personal information:

  • Apple Advertising Identifier (IDFA): provided to each app by the OS on Apple devices and shared among all the apps.
  • Android Advertising ID (AAID): provided to each app by the Google Play Services on stock Android devices and shared among all the apps.
  • Facebook App User IDs: An additional unique identifier for a Facebook user account that can be used by the Facebook ad network if the app is privvy to the user ID (for example, if you used Facebook to authentication for the app or if you linked your account in any way).

The Google advertising network uses AAID (on both stock Android and iOS devices), Apple’s network uses IDFA (on iOS only), but most third party networks (including Facebook’s) can use all three. If you supply an app with an email address, or other unique identifier, that is certain to be used as well.

With the changes made by Google and Apple, there is likely to be attempts recover some of the lost revenue. As with websites, many apps may stop working if you have interest-based advertising disabled. Or, apps may attempt to track users by other means, such as building a unique fingerprint of the hardware by measuring slight variations in the sensors. Some website do this already with web browsers, allowing a website to uniquely identify a visitor even if all cookies are turned off (although this practice is not common). The use of any hardware-based identifiers for advertising tracking is strictly forbidden by the Google Play terms of service, but enforcement has always been lax.

Lest one think that Google and Apple are making these changes because of a sudden change in heart, the new privacy enhancements in their respective platforms have the consequence of limiting the information that advertisers have about your personal information, but not limiting how this information is retained by Google or Apple themselves, potentially increasing their strategic leverage over competitors.

How Does All This Relate to CalyxOS?

In CalyxOS, the Android Advertising ID (AAID) is always random, every single time an app requests the value. There is no way to turn off this behavior. Like it or not, CalyxOS prevents all tracking with the AAID, which has the effect of preventing most tracking by all ad networks and data brokers.

However, you will still see ads, and CalyxOS doesn’t do anything to prevent tracking through the Facebook ID.

With Android, if you want to block ads themselves you have two options:

  • rooted devices: install an app that modifies your system to block certain domains known to be used for tracking. This is a bad option, because running a device with root privileges completely undermines the security of your device. CalyxOS does not support this.
  • unrooted devices: install an app that sets up a fake VPN that filters out certain domains. This is also a bad option, because then you cannot run a real VPN.

For apps available in F-Droid, TrackerControl supports the VPN approach, and AdAway supports both rooted and VPN approaches. Additionally, there are numerous similar commercial apps available in Aurora Store.

In the future, CalyxOS will incorporate a simple way to block ads and tracking in apps, but in a way that does not require a rooted device and still works with VPN. This will allow you to both not see advertising in apps, and also prevent tracking that uses other networks that don’t rely on AAID.

One additional note: mobile carriers still have access to the hardware identifiers on Android and can use this to correlate hardware information with advertising IDs that might be reset. Verizon, for example, directly owns one of the largest advertising networks and is also the largest mobile carrier in the US. I have not seen research or reporting that answers the question of how Verizon uses it privileged position as a mobile carrier to enhance it’s ad network, but chances are they do. CalyxOS does not allow carrier apps with special access to hardware identifiers to be automatically installed (as is usually the case on stock Android), but these apps can still be installed manually through Aurora Store. The carrier obviously always knows most of the hardware identifiers, because that is how you connect to the mobile network, but the carrier only can tie this to your advertising identifier if they additionally have an app installed on the device.

CalyxOS Phones Available Again Soon

We're so excited about the tremendous interest that the world has shown in our CalyxOS phones, which we offer as part of our CalyxOS Privacy Defender membership. We're currently waiting for our next shipment of phones to arrive, so we expect to have them back in stock and available again as as part of our membership program soon!

Interested in new developments in cybersecurity? Check out our Medium page!

In our work developing free digital privacy technologies and partnering with other organizations who protect privacy and free speech, we often find ourselves at the right place at the right time to get "the inside scoop" on cybersecurity's cutting edge.

We're excited to bring that info to our members in the form of our Medium page, where we'll be posting deep-dive articles written by our staff about the tech, policy and people who are at the forefront of the digital privacy movement. It's a great place to learn about a new app to stay connected during an internet blackout, tools to make Tor accessible in countries experiencing extreme censorship, and much more!

As always, many thanks to our Calyx Institute members, whose generous donations make our mission of preserving and expanding digital privacy possible!

2021 Annual Report

Our annual report is officially here! You can read about what we've been up to this past year here.

Some highlights include: tremendous growth in membership program, further development on CalyxOS, and an expansion of our Microgrants and Small Projects program.

"We were driven by two ideas over the past year...making it simple and supporting those around us." - Nicholas Merrill, Executive Director

This past year, we made it a priority to put the privacy and security of CalyxOS in the hands of the people by making it simple enough for anyone to use. Inspired by the mutual aid of our neighbors and friends, we expanded our Micgrogrants program to provide more financial aid to struggling organizations and projects in our Internet Freedom community. Of course, none of this would have been possible without our members.

Thank you so much for your continued support!

Happy Memorial Day!

Thank you so much for your support and patience throughout this busy season! Our office will be closed this coming Monday, May 31 2021, in observance of the Federal holiday, and at low staff capacity in following days while a few staff take time off. If you reach out to us during that time, our response may be slower than expected.

We have been surprised and delighted by the tremendous response to our new Sustainer memberships. We are packing and shipping as fast as we can to make up for the delay we experienced when our latest shipment of hotspots was delayed. If your M2000 hotspot has been delayed, don't worry! We'll be extending the memberships of all new and newly-upgraded Sustainer members to make up for the delay. If you have an existing Calyx hotspot that is set to be replaced by an M2000, your existing hotspot will continue to work until your M2000 arrives.

We really appreciate your enthusiasm for our mission, and the patience you have shown our small team. As always, if you experience problems with your hotspot or wifi service please call tech support at 877-216-9603 for help. If there are any questions we can answer for you, or anything we can do to improve your membership experience, please don't hesitate to reach out at