Privacy nerd reads mobile fine print - wins trip to Switzerland

A self-proclaimed privacy nerd shopping for a new mobile carrier actually read through one company’s privacy policy — and won a free trip to Switzerland to prove it.

To get people talking about data privacy, the ultra-secure carrier Cape Mobile quietly planted the “privacy Easter egg” deep inside its policy last fall, offering a round-trip getaway to the first person who found it.

Cape announcing the privacy stunt also lands just days before Data Privacy Day, which falls this Wednesday, January 28th.

“I think on one level, people are inundated with so many privacy policies, terms and conditions, fine print everywhere, your emails, it can be overwhelming. The hardest part to believe about this story is that I read privacy policies.”

- Winner of Cape Mobile privacy Easter Egg sweepstakes

For simply reading the policy, the winner landed flights to Switzerland for two, a three-day private chalet stay, a $1,500 dining stipend, a private chef-hosted dinner, and three years of Cape service.

Why nobody reads the fine print

Be honest: when was the last time you actually sat down to read the privacy policy for any device, service, or app before hurriedly clicking the accept button?

In fact, only between 0.55% and 6.7% of mobile phone users ever visit their telecom provider’s privacy policy, let alone read the entire thing, according to a 2021 FTC report.

The report also shows that mobile customers often don't realize just how much data their provider collects – including access to all their Internet traffic and real-time location data – and how little control they have over how that data is used.

“It doesn’t surprise me at all” about the numbers, says John Doyle, founder and CEO of Cape Mobile. "The industry standard for privacy is broken."

“Most carriers rely on the fact that users don’t read the fine print, and use that rationale to monetize and sell their data with marketing affiliates or data brokers,” Doyle explained to Cybernews.

So, Doyle and his team decided to put consumers to the test, burying an Easter egg directly into Cape’s online privacy policy in the form of an all-expenses-paid trip to Europe right around the holidays.

And all the lucky winner had to do was stumble upon the free trip and claim it.

“During our early launch, people who came to us had acute privacy needs – journalists, domestic violence survivors, and others with extremely high threat profiles,” Doyle said.

For those unaware, Cape offers its untraceable mobile phone service at no cost to high-risk users, including its newly launched IMSI rotation last month, among other privacy-focused features. It also forgoes storing your personal identifiers (name, address, DOB, email, etc) as well as your location, ad ID, and credit card number.

“We were hoping for a regular person who just wants more privacy in modern life – someone who is relatable – and so we were very pleased that the winner turned out to be just that!” the CEO said.

Privacy vigilance pays off with trip to the Alps

Cybernews had a chance to talk to the Easter egg winner, who, not surprisingly, wanted to remain anonymous.

What we can say is that she is 33 years old, married, lives in San Francisco, and works as the head of internal communication at a tech company.

Interestingly enough, Doyle said it took 655 readers before the winner claimed the prize – and she was the only one to do so.

“Overall, we found that people read the privacy policy less carefully than we would have imagined, even when they're interested in a privacy-first mobile carrier.”

And though the contest ran for just several weeks – taken down on September 19th as soon as “Winner X” was verified – Doyle and his team expected the hidden prize to have been found sooner.

“In fact, we were preparing to take it down quickly so that we weren't inundated with replies,” he said.

Doyle noted that it was an added bonus that she was already a Proton customer, given Cape’s partnership and collaboration with them on this initiative.

Finding the privacy Easter egg

Winner X turned out to be the perfect candidate – savvy on all things privacy, given her previous tech jobs, including some in the ad space that involved tracking online behavior to create individual profiles for targeted ads.

She also spent several years at Google X working on cybersecurity-related projects that, she said, “opened my eyes to how so much of the convenience in modern tech also comes with a lot of risks when it comes to our personal security.”

Reminiscing about the days when people could easily buy burner phones and SIM cards to protect their identity, Winner X said her growing awareness around data tracking pushed her to start reading fine print more carefully and to eventually shop for a new carrier, leading her to Cape’s website.

“Something that caught my eye while I was looking for the privacy policy. They had this abridged version that summarized the big points. I hadn't seen that before.“

"And a few paragraphs in, there's this sentence: ‘If you find this, email us for a chance to win a free trip to Switzerland.’”

“At first, I thought it was a scam. But because it was an email to their domain, I thought, 'What’s there to lose?' It would be a weird place to scam someone in this way,” she explained.

Fast forward to late December 2025, and Winner X and her husband “flew into Zurich and went to the Christmas markets that night. Then we took a train down to Zermatt, a little car-free village in the Alps.

“My husband and I are both skiers… We spent Christmas Eve and Christmas Day skiing the Alps – very beautiful," she said.

“We tacked on a few extra days to go to Lucerne and up Mount Rigi on a cog wheel train at a 30-degree incline – climbing, climbing, climbing. It was a great time,” she said, adding that she's now "told this story to so many of my friends, and the first response that I get is like, oh my gosh, I'm going to start reading privacy policy.”

What should consumers actually look for in a privacy policy?

While Cape’s campaign made headlines for its creativity, Doyle says it exposed a much bigger problem with how consumers interact with privacy disclosures.

Still, Doyle argues the burden shouldn’t fall entirely on consumers.

“I don't think consumers should have to pore through every single privacy policy to see where the hidden costs and loopholes are,” he said. “The industry should turn that assumption on its head – assume privacy by default, rather than default opt-in to data sharing.”

For users who want a practical starting point, Doyle offers Cybernews readers three simple privacy red flags to look out for:

• Check whether your service provider can sell your data to third parties – this is how your data gets aggregated and enriched in the hands of data brokers and ad networks.
• Check for plain language on exactly what data is collected, and how long it's kept for (and why) – avoid providers that assert broad, blanket permissions.
• Review how government data requests are handled – does the provider publish a transparency report, or alert its users their data was accessed when legally allowed?

Doyle also advises asking yourself: Does this company really need all this data to provide the service I'm buying?

To combat privacy policy fatigue among consumers, Doyle stresses that the industry itself needs a simpler standard – something the average person can understand at a glance.

“Similar to nutrition labels on food packaging, the industry should converge on standardized disclosures showing what data is collected, how long it’s kept, and for what purpose,” he said.

The Federal Communications Commission (FCC) rolled out a similar nutrition-like broadband label to help consumers to easily compare Internet Service Providers (ISP) in 2024.

“Most consumers just expect and accept that their data will be sold in some way,” Doyle said, adding that the industry should “turn that assumption on its head and assume privacy by default."

---

Unlock more exclusive Cybernews content on YouTube.