As global surveillance awareness increases, more and more people are looking for information about the five-eye, nine-eye, and four-eye surveillance alliances. This guide is regularly updated to provide new information and to provide you with all the information you need.
The words ” five eyes “, ” nine eyes ” and ” 14 eyes ” often appear in the privacy community , especially when discussing VPNs and other privacy tools.
In short, these are just international surveillance alliances representing countries around the world . These surveillance alliances collectively collect and share large-scale surveillance data. In other words, they basically act as a global surveillance entity , monitoring you and recording your activities.
Currently, data collection is being conducted from a variety of sources: your browsing activity, phone and text messages, electronic documents, location history, and more. The sound is crazy? In many countries, it is perfectly legal to record and collect your online activities (data retention) – in some cases it is mandatory (UK and Australia). By simply recording all DNS requests (unless you are using a good VPN service ), Internet Service Providers can easily collect your browsing history.
In this guide, we will explain all the different “X” eye surveillance alliances and why this topic is important when choosing privacy tools. Here’s what we’re going to cover:
- Five eyes
- Nine eyes
- 14 eyes
- Other supervisory partners
- NSA and GCHQ cooperate in 5 eyes
- ECHELON monitoring system
- VPN service at 14 Eyes
- How to protect yourself from global surveillance
- VPN beyond 14 eyes
- Trust and jurisdiction
Now let’s get started.
The Five Eyes (FVEY) Surveillance Alliance includes the following countries:
- new Zealand
- United Kingdom
- United States
The history of the alliance dates back to the UKUSA agreement officially promulgated after World War II and the 1946 war . The agreement formally established a partnership between the United Kingdom and the United States to collect and share intelligence. This partnership continued throughout the Cold War and was only strengthened after the “war on terror” and the subsequent “terrorist” incident.
When Edward Snowden revealed the surveillance activities of the US government and its allies in 2013, he re-focused on the five-eye surveillance alliance.
Here are the different “5 Eyes” monitoring agencies that collectively collect and record your activities:
There is no doubt that some of the five-eye countries listed above are also the most serious online privacy abusers:
- UK – Since the passage of the Investigative Powers Act in 2016 , Internet service providers and telecommunications companies have been recording browsing history, connection time and text messages. The data is stored for two years and is available to UK government agencies and their partners without any authorization.
- US – The US government has been implementing Orwell-style large-scale surveillance collection methods with the help of large telecom and Internet service providers (see the PRISM program ). In March 2017, Internet Service Providers obtained legal rights to record user activity and sold it to third parties (you cannot opt out). Of course, Internet service providers have been collecting customer data for years, as early as the passage of the law in 2017.
- Australia – Australia has also implemented a comprehensive data retention method similar to the UK. (See the Best VPN for Australia guide.)
Wide authority of 5 countries
Whether it’s the US NSA or the UK’s GCHQ, the “Five Eyes” are home to the world’s most powerful surveillance agencies.
Another shortcoming of these five-eyed countries is that they have strong powers to force companies to record handover data . In the United States, the Patriot Act has brought new power to federal data collection, especially through the use of national security letters . These laws basically give the government the power to force legitimate privacy-focused companies to become national data collection tools. (See the Lavabit example.)
Nine-eyed countries include:
- 5 eyes country +
The existence of the Nine-Eye Alliance was cited online by various sources and became well known after Snowden’s disclosure in 2013. It is just an extension of the five-eye alliance, collecting and sharing large-scale surveillance data through similar collaborations.
The 14 eye surveillance countries include:
- 9 eyes country +
As before, the initial oversight agreement has been extended to other countries. The official name of this group of countries is called SIGINT Seniors Europe (SSEUR).
Other supervisory partners
+Israel – Israel must be included in the discussion of the five-eye surveillance partner. Many sources pointed out that it is one of the closest partners with the US government and the National Security Agency (NSA). Here are some examples of recording this:
- Wikipedia claims that Israel is the official “observer” of the five-eye alliance.
- Source – National Security Agency shares original monitoring data directly with Israel; close cooperation between US/Israel oversight bodies
- Source – “The dark company associated with Israel steals the US National Security Agency’s US”
- Source – Israeli authorities have greater oversight power than US authorities
+Singapore, South Korea and Japan – It is reported that Singapore and South Korea are also close partners of the Five Eyes Alliance. Japan also appears to be a close monitoring partner of the United States ( source ; source ; source ).
NSA and GCHQ cooperate in 5 eyes
The release of various government documents, published through the official FOIA channel, reveals the close relationship between NSA and GCHQ. As the two most powerful monitoring entities in the world, they have historical connections, so it is not surprising that they work closely together.
A top secret document NSA 1985, which was released through the Freedom of Information Act in 2018, reveals that today’s close cooperation continues on the basis of extensively written Anglo-American agreements:
The UKUSA Agreement of March 5, 1946 has 12 short paragraphs and is generally written in such a way that it has not been modified except for a few proper nouns. It was signed by a British representative of the London Signal Intelligence Committee and a senior US member of the National-Army-Navy Communications Intelligence Committee (a predecessor organization that later evolved into the current National Foreign Intelligence Council). The principles remain the same, allowing for a complete and interdependent partnership. In fact, the underlying agreement allows for the exchange of all COMINT results, including the associated mortgage data for each model of the final product and the global target, unless explicitly excluded from the agreement at the request of either party.
Another secret National Security Agency document (published in 2018) in 1997 further elaborated on the close cooperation between the National Security Agency and GCHQ:
Some GCHQ  is only used to satisfy NSA tasks. NSA and GCHQ work together to collect programs to reduce duplication and maximize coverage through joint sites and cross-tasks, even though the site is closed.
When it comes to the “joint website” mentioned above, it is important to discuss ECHELON.
ECHELON monitoring system
ECHELON is a network of spy stations for large-scale espionage and data collection in five-eye countries. The Guardian described ECHELON as follows:
A global network of electronic spy stations that can tap phones, faxes and computers. It can even track bank accounts. This information is stored on the Echelon computer and can hold millions of people’s records.
However, officially, Echelon does not exist. Although Echelon’s evidence has been growing since the mid-1990s, the United States has categorically denied its existence, and the British government’s answer to this systemic question is evasive.
Despite these denials, various whistleblowers have confirmed what happened behind the scenes. Regardless of the various aspects of Perry Feuker and Margaret Newsham, ECHELON was recorded to the public.
VPN service at 14 Eyes
Jurisdiction is an important consideration for most people when choosing trusted VPN services and other privacy tools. Therefore, we will briefly summarize the VPN services in the following 14 countries.
Looking back, this list includes VPNs located in the following locations:
- Five eyes (USA, UK, Australia, Canada and New Zealand)
- Nine eyes (five eyes + Denmark, France, Netherlands and Norway)
- Fourteen eyes (nine eyes + Germany, Belgium, Italy, Sweden and Spain)
- Other partners (Israel, Singapore, South Korea and Japan)
Avira Phantom VPN (Germany)
BTGuard (United States)
Expat Surfer (UK)
Hide My IP (US)
Hotspot Shield (USA)
My Expat Network (UK)
Norton WiFi Privacy (US)
Opera Browser VPN * (Norway) [Note: “Opera VPN” is not a VPN, but an agent. It is now owned by the Chinese consortium. ]
Private Internet Access (USA)
RA4W VPN (USA)
TorVPN (UK) TotalVPN (UK)
Unseen Online (USA)
Virtual Shield (USA)
VPN Gate (Japan)
VPN Land (Canada)
VPN Master (USA)
VPN Unlimited (US)
WASEL Pro (Netherlands)
WiTopia (USA) )
WorldVPN (United Kingdom)
ZoogVPN (United Kingdom)
How to protect yourself from global surveillance
First of all, disclaimer: If the National Security Agency and GCHQ personally aim at you to use their strong resources to strengthen monitoring, I wish you good luck. We cannot fully understand its powers and capabilities. Having said that, we will introduce some simple steps you can take:
- Provide you with a higher level of privacy and security than the average user;
- Make your activity tracking and monitoring more difficult
So, nevertheless, we’ll cover some quick basics.
1. Your electronic device is a potential monitoring tool, especially for all “smart” devices
Whether it’s your smartphone or Amazon Alexa in the living room, all of these devices are tools for monitoring your activity. As recorded in the PRISM program , it is an established fact that private companies are working hard to help maintain global surveillance. Therefore, it is wise to limit all “smart” devices in your daily life, or at least start using privacy-friendly alternatives.
2. Use VPN when surfing the Internet
A good VPN will securely and effectively encrypt and anonymize your internet traffic without slowing down your internet. With Internet providers in all Western countries snooping on customer activity, VPNs are now an important tool for digital self-defense. Connect it and forget about it. (For a quick course on this topic, see the main VPN guide or get the latest recommended best VPN report.)
3. Consider using other privacy tools
Your daily online activities can disclose a large amount of personal and private data to various third parties. Here are some things to keep in mind:
- Use private and secure email services
- Use a private search engine
- Use a private and secure browser
- Use good ad blockers (most ads are available as tracking and data collection tools)
These are just some basic, simple steps that anyone can achieve in a matter of minutes. For more information, see the Privacy Tool Guide .
4. Advanced online privacy and security
Ok, so you want more privacy and security than regular users. This can also be achieved without much effort. In addition to all the above suggestions, you may also want to consider the following:
- Consider your operating system. Switching to a secure and privacy-friendly Linux style is a good idea, although it may have some trouble depending on the distribution you choose.
- Use a privacy-focused VPN service. A good multi-hop VPN service (such as Perfect Privacy ) will allow you to encrypt traffic on multiple servers in different jurisdictions.
- Chain different VPN services. Another good way to divide privacy is to link multiple VPN services. For example, you can run VPN Provider#1 on your router and connect to it through VPN Provider#2 on your computer. This not only distributes and divides risks among different VPN providers, but also ensures that no VPN service has both your original IP address and your online activity (the site you are connecting to). You can also cycle through different VPN providers at different times to prevent any single VPN from fully understanding your online activity (in theory, the VPN will be compromised).
- Use a virtual machine. Using a virtual machine is a good idea for privacy and security. You can install VirtualBox , which is free and open source, and then run different Linux VMs for different purposes (also free). The virtual machine acts as a separate “virtual” computer on the host to help keep the host and data secure. In addition, you can easily link VPN services by using VPN #1 running on the host and VPN #2 on the VM.
Note: The Tor browser is often seen when discussing online anonymity. However, I found many danger signals in Tor’s research, as explained in the Tor guide.
Some people object to the VPN and say “I have nothing to hide” or “I don’t believe in VPN.” These are very unwise arguments for several reasons:
- Your Internet Service Provider may record everything you do (via DNS request) and provide this data (or direct access) to the monitoring agency – see the Room 641a example . Your internet service provider also knows everything about you (name, address, billing information, etc.). Why do you give this entity all the private browsing activities that might be used to deal with you? This is meaningless.
- With VPN, you will distribute trust from your Internet provider to the VPN service. There are some proven logless VPN services that have been reviewed by third parties or passed real test cases. VPNs in secure offshore jurisdictions add extra protection because they cannot be forced to hand over data to your government.
- You can also recycle different VPN services or use two or more VPNs (Linked VPN) at the same time. This provides a higher level of privacy and security, especially if the VPN and VPN servers are distributed across different jurisdictions.
- If someone wants to play a movie with you (DMCA complaint), there will be three layers to protect you: 1) the VPN server you use in country A; 2) the VPN provider in country B; 3) your internet provider in country C .
Trust and jurisdiction
Finally, jurisdiction is just one of many factors when choosing a reliable privacy tool for your unique situation . The degree of importance to you depends on many factors, especially your threat model and the type of opponent you want to protect yourself.
Jurisdiction is an important consideration for those seeking a higher level of privacy and security, especially when you consider the government’s growing power to force companies to hand over data and log in users.
Trust is also a major factor you should consider. After all, VPNs can operate in good “overseas” jurisdictions, but still deceive customers and provide data to government agencies.
Take PureVPN, for example , a Hong Kong-based provider that provides US authorities with a connection log of criminal cases. However, PureVPN has a poor record and has been involved in countless scandals for many years , so this is definitely not the norm.
There are also some US VPNs that provide data to the authorities, even when they promise to provide “no record” to their customers. An example of this is IPVanish (see IPVanish Logging Case ), which records user data and provides it to the FBI for criminal prosecution.
So, to summarize what we cover here, choosing the best privacy tools comes down to trust and finding the best service for your unique needs .
Good luck and keep safe!