14 Eyes countries are sharing your data right now — and how to stop it
Best secure phone 2025
Google Pixel 9 GrapheneOS VPN Encrypted
Google Pixel 9a GrapheneOS VPN Encrypted
Best secure router 2025
CryptHub V2 Portable 4G VPN Encrypted Router
CryptHub V3 Portable 4G VPN Encrypted Router
Every call you make, every message you send, every website you visit — someone is keeping a record. Not a hacker. Not a criminal. Your own government, and thirteen others just like it.
The 14 Eyes is an intelligence-sharing alliance between fourteen countries. They collect your communications data — who you talk to, when, for how long, from where — and share it freely among themselves. No warrant needed across borders. No notification. No opt-out.
This isn’t conspiracy talk. It’s documented policy, confirmed by leaked intelligence documents, government admissions, and court cases. And it affects you right now, whether you live in one of those countries or not.
This guide explains what the 14 Eyes alliance actually is, what data they collect, how the system works in practice, and exactly what you can do to protect yourself.
What is the 14 Eyes alliance?
The 14 Eyes started as something much smaller. In 1946, the United States and the United Kingdom signed the UKUSA Agreement — a secret treaty to share signals intelligence (SIGINT). That means intercepted communications: phone calls, radio transmissions, and later, internet traffic.
Over the decades, the alliance expanded:
- 5 Eyes (1946–1955) — United States, United Kingdom, Canada, Australia, New Zealand. The core group. Full intelligence sharing, almost no restrictions between members.
- 9 Eyes — Adds Denmark, France, the Netherlands, Norway. These countries share intelligence with the Five Eyes but with slightly less access.
- 14 Eyes — Adds Germany, Belgium, Italy, Spain, Sweden. The widest circle. These countries participate in intelligence sharing through the SIGINT Seniors Europe (SSEUR) framework.
What makes this dangerous isn’t just that they spy — every country does that. It’s that they share the results across borders to bypass their own laws.
Here’s how: In the US, the NSA is technically restricted from mass surveillance of American citizens. But GCHQ in the UK isn’t restricted from surveilling Americans. So GCHQ collects the data and shares it with the NSA. Everyone’s hands are technically clean. The citizen’s privacy is still violated.
This isn’t speculation — it’s exactly what Edward Snowden documented in 2013 when he leaked thousands of classified files from the NSA.
What data are they actually collecting?
When people hear “surveillance,” they think someone is listening to their phone calls. That happens too — but the real goldmine is metadata.
Metadata is the data about your data. Not what you said, but:
- Who you contacted — every phone number, email address, and messaging handle
- When you contacted them — exact timestamps, duration of calls, frequency of messages
- Where you were — cell tower data, IP addresses, GPS coordinates from your devices
- What devices you used — IMEI numbers, browser fingerprints, device identifiers
- How often and how long — patterns of communication that reveal relationships, habits, and routines
Former NSA Director Michael Hayden said it plainly: “We kill people based on metadata.”
Metadata reveals more about you than the content of your messages ever could. It maps your entire social network, your daily routine, your political affiliations, your medical visits, your romantic relationships, your financial activity. And unlike a phone call, metadata is collected automatically, stored indefinitely, and shared across all 14 Eyes members.
The programmes that collect this data have names: PRISM (direct collection from tech companies), XKeyscore (searching internet data in real time), Tempora (tapping undersea fibre-optic cables), MUSCULAR (intercepting data between Google and Yahoo data centres). All documented. All confirmed.
This has already happened — real cases
This isn’t theoretical. Here are documented cases of 14 Eyes surveillance in action:
Edward Snowden revelations (2013)
Snowden leaked thousands of classified NSA documents showing that the Five Eyes alliance was collecting phone records of millions of ordinary citizens, tapping the personal phones of world leaders (including German Chancellor Angela Merkel), intercepting data from major tech companies through the PRISM programme, and tapping undersea cables carrying internet traffic between continents.
Targeting journalists and activists
GCHQ was revealed to have monitored journalists at the BBC, Reuters, The Guardian, The New York Times, and Le Monde. In 2015, documents showed that intelligence agencies tracked environmental activists and classified Greenpeace as a threat alongside terrorist organisations.
Bypassing domestic law
In 2018, the European Court of Human Rights ruled that GCHQ’s bulk interception programme violated the right to privacy under Article 8 of the European Convention on Human Rights. The programme had been running for years before the ruling. The response? The UK passed the Investigatory Powers Act (nicknamed the “Snooper’s Charter”) to legalise much of what was already happening.
Election interference intelligence
Intelligence gathered through the 14 Eyes network has been used to monitor political movements, predict election outcomes, and track dissidents in allied countries. Leaked reports in 2024 confirmed that European agencies shared communications data of environmental activists and critical journalists among member states.
The pattern is always the same: surveillance programmes operate in secret for years, get exposed, face brief public outrage, and then get quietly legalised.
Why should you care if you have nothing to hide?
“I’ve got nothing to hide” is the most common response. And it’s the most dangerous one.
Here’s why:
You don’t decide what’s “suspicious”
Algorithms do. If your metadata pattern matches a profile — maybe you called someone who called someone who’s on a watchlist — you get flagged. You’ll never know about it. You can’t appeal it. And once you’re in the system, the data is permanent.
The rules change
What’s legal today may not be tomorrow. Metadata stored today can be reanalysed under future laws you haven’t agreed to yet. Activists who were perfectly legal five years ago have been reclassified as threats. In multiple countries, environmental groups, religious organisations, and political movements have all been surveilled using infrastructure originally built for “counter-terrorism.”
Metadata builds a complete profile of your life
From your metadata alone, analysts can determine your religion (which mosque/church/synagogue your phone visits), your politics (which rallies you attend, which news sites you visit), your health (which clinics you visit, how often), your relationships (who you call at midnight), and your finances (which banks, which crypto exchanges). You don’t need to “hide” anything for this to be a violation of your fundamental rights.
It’s used for more than security
Intelligence data has been shared with tax authorities, immigration agencies, and law enforcement for ordinary criminal investigations — far beyond the “national security” justification used to collect it. In some cases, intelligence has been shared with private corporations for commercial advantage.
Surveillance isn’t about catching criminals. It’s about control. And it works best when people believe they have nothing to worry about.
Which countries are in the 14 Eyes?
Here’s the full list, with what you should know about each tier:
5 Eyes — Full intelligence sharing
- 🇺🇸 United States (NSA) — The largest surveillance apparatus in the world. Runs PRISM, XKeyscore, and dozens of other programmes.
- 🇬🇧 United Kingdom (GCHQ) — Runs Tempora, tapping undersea cables. Passed the Investigatory Powers Act legalising bulk collection.
- 🇨🇦 Canada (CSE) — Works closely with NSA. Caught spying on Brazilian government communications.
- 🇦🇺 Australia (ASD) — Passed the Assistance and Access Act in 2018, forcing tech companies to build backdoors into encrypted products.
- 🇳🇿 New Zealand (GCSB) — Participated in mass surveillance of Pacific Island nations and shared data with Five Eyes partners.
9 Eyes — Extended sharing
- 🇩🇰 Denmark — BET (Danish military intelligence) was caught helping the NSA spy on European leaders including Angela Merkel, in 2021.
- 🇫🇷 France (DGSE) — Runs its own bulk collection programme. Shares data with both Five Eyes and European partners.
- 🇳🇱 Netherlands (AIVD) — Active in signals intelligence. Cooperates closely with NSA and GCHQ.
- 🇳🇴 Norway (NIS) — Monitors fibre-optic cables entering the country and shares the take with Five Eyes.
14 Eyes — Broader circle
- 🇩🇪 Germany (BND) — Caught helping the NSA spy on EU institutions and European companies including Airbus.
- 🇧🇪 Belgium (VSSE)
- 🇮🇹 Italy (AISE)
- 🇪🇸 Spain (CNI)
- 🇸🇪 Sweden (FRA) — Monitors all internet traffic crossing Swedish borders under the FRA law.
If you live in any of these countries, your government is both collecting your data and sharing it with the others. If you don’t live in one, your data is still collected whenever it passes through infrastructure in these countries — which includes most of the internet’s backbone.
How to protect yourself — step by step
You can’t opt out of mass surveillance entirely. But you can make it dramatically harder for your data to be useful. Here’s how:
Step 1: Use end-to-end encrypted messaging
Stop using SMS and regular phone calls for anything private. Switch to Signal or Molly (a hardened Signal fork). For maximum metadata protection, use Session or SimpleX — both work without requiring a phone number and route messages through decentralised networks, making metadata collection much harder.
Step 2: Switch to a privacy-respecting email provider
Gmail, Outlook, and Yahoo are all based in 5 Eyes countries and comply with government data requests. Move to ProtonMail (Switzerland) or Tuta (Germany, but end-to-end encrypted with zero-access architecture). Both encrypt your inbox so even they can’t read your emails.
Step 3: Use a VPN outside the 14 Eyes
A VPN hides your traffic from your ISP. But if the VPN provider is in a 14 Eyes country, they can be legally compelled to log or hand over data. Use Mullvad (Sweden — but operates with genuine no-logs policy, confirmed by police raid in 2023) or IVPN (Gibraltar). Configure it as always-on with kill switch.
Step 4: Encrypt your DNS
DNS queries reveal every website you visit. Use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) with Quad9 (9.9.9.9, based in Switzerland) or Mullvad DNS. Set this at the router level to cover all devices. Without encrypted DNS, your ISP has a complete log of every site you visit — VPN or not.
Step 5: Switch to GrapheneOS on your phone
Stock Android phones send data to Google constantly — location, app usage, network info, device identifiers. This data is stored in the US and subject to FISA court orders and NSA collection programmes. GrapheneOS removes all Google telemetry, gives you per-app network controls, and runs on Pixel hardware with the Titan M2 security chip.
Step 6: Protect your whole network with a privacy router
A VPN on your phone doesn’t cover your smart TV, cameras, or IoT devices. A CryptHub privacy router encrypts all traffic from every device on your network — VPN, encrypted DNS, no ISP telemetry, no backdoors.
Step 7: Use privacy-focused browsers
Chrome sends everything to Google. Use Vanadium (on GrapheneOS), Brave, or Firefox with uBlock Origin. For sensitive browsing, use Tor Browser — it routes traffic through multiple relays so no single point can see both who you are and what you’re accessing.
Step 8: Minimise your digital footprint
Delete accounts you don’t use. Stop signing up with your real email — use SimpleLogin or AnonAddy for disposable addresses. Remove metadata from photos before sharing (ExifCleaner is free). Pay with Monero or cash when possible. The less data on servers, the less there is to collect, share, or subpoena.
Step 9: Use a Faraday bag for high-risk situations
When you need to be completely invisible — meetings, protests, travel through surveillance-heavy areas — put your phone in a Faraday bag. It blocks all signals: cellular, Wi-Fi, Bluetooth, GPS. No metadata to collect if your phone can’t transmit.
Step 10: Stay informed and support privacy organisations
Follow the work of the Electronic Frontier Foundation (EFF), European Digital Rights (EDRi), Privacy International, and the Chaos Computer Club (CCC). Support them financially if you can. These organisations fight surveillance in courts, parliaments, and public discourse. Your privacy rights exist because people fought for them — and they need defending constantly.
iVPN — Voucher Subscription
Mullvad VPN — Voucher Subscription
Tails OS — Bootable Encrypted USB
Virtual Number for Signal, WhatsApp & Telegram — Private SMS Activation
Frequently asked questions
Does a VPN protect me from 14 Eyes surveillance?
Partially. A VPN hides your traffic from your ISP, which is one of the main collection points. But if the VPN provider is in a 14 Eyes country, they can be compelled to log or hand over data. Use a provider with a proven no-logs policy — Mullvad survived a police raid in 2023 with nothing to hand over because no logs existed. Combine a VPN with encrypted DNS, encrypted messaging, and a privacy-focused OS for real protection.
What if I don't live in a 14 Eyes country?
Your data is still collected whenever it passes through infrastructure in 14 Eyes countries — and most of the internet’s backbone runs through the US and UK. Undersea cables, cloud servers, CDNs, email providers, social media platforms — if any of these touch a 14 Eyes jurisdiction, your data is fair game. Physical location matters less than where your data travels. Encrypting your traffic end-to-end is the only reliable protection regardless of where you live.
Is metadata really that revealing?
More revealing than the content of your messages. Former NSA Director Michael Hayden confirmed that intelligence agencies “kill people based on metadata.” From metadata alone, analysts can map your entire social network, daily routine, political views, religious practices, health conditions, and financial activity — without ever reading a single message. It’s collected automatically, stored indefinitely, and shared across all member states. Protecting your metadata is just as important as encrypting your messages.
Privacy is resistance — start building yours
The 14 Eyes alliance has been collecting and sharing your data for decades. It operated in complete secrecy until whistleblowers exposed it. When it was exposed, governments didn’t stop — they legalised it.
You can’t change what intelligence agencies do. But you can change what they get from you. Encrypt your messages. Encrypt your DNS. Run your traffic through a VPN you actually trust. Switch to an operating system that doesn’t report on you. Protect your network at the router level.
None of this is paranoia. It’s documented reality, and the tools to protect yourself are available right now.
They’re collecting your data whether you act or not. The only question is how much you’re going to let them have.
