The New Oil

Practical privacy and simple cybersecurity.
TheNewOil.org

For many, this month is when gift-giving season officially begins in the United States (and several other places, I presume) thanks to Black Friday, which is quickly consuming most of November in many cases. As a result, even though online shopping is something most of us engage in year-round, now it’s particularly important to discuss how to safely shop online. Below is my now-annual updated online shopping tips, reflecting techniques and strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs, which The New Oil has signed up for. You can see a list of our affiliates here and see our affiliate link policy here.)

Read more...

Disclosure: we have an affiliate link with Proton VPN that gives us a small financial payout if you sign up for a paid plan using it. You can see our policy regarding affiliate links here.

What is a VPN?

If you found this page via a web search, there’s a possibility you’re not entirely sure what a VPN is or does. You may know that they help you bypass georestricted content – like sports or Netflix – or that they can protect you from cybercriminals (more on that in a moment), but you may not know how. The short, non-technical answer is that a VPN creates a secure, encrypted connection between your device (computer, phone, TV, router, etc) and the VPN Provider’s server. This has the effect of making it look like your device is wherever the server is located (usually another state/country, hence bypassing georestrictions) and as well as protecting your traffic from any local snoops (such as malicious public routers or nosy Internet Service Providers – or ISPs).

Do You Need a VPN?

If you’re here because you think a VPN will make you hacker-proof or anonymous, the answer is no. A VPN – contrary to much of the false marketing out there – will not do either of those things. VPNs can help mitigate these risks slightly. For example, the VPN providers I recommend do block some trackers, and changing your IP address will remove one way you can be identified and tracked online. However, modern internet tracking is far more complex than just blocking cookies and changing your IP address, so while a VPN can help, it’s not 100% effective. There’s a lot more that goes into online anonymity.

Read more...

I am a firm believer that there are many privacy techniques you should focus on before encrypted messaging because they will offer you much more “bang for your buck,” things like good passwords, two-factor authentication, and even encrypted email. That said, I still believe that encrypted messaging is a critical part of a well-rounded privacy and security strategy. While the vast majority of our day-to-day conversations may be benign, it can still offer a lot of insight into who we are as people – our routines, likes, and personal thoughts. This information – mundane or not – is worth protecting.

Fortunately encrypted messaging has become nearly ubiquitous today due to the rise of services likes WhatsApp or – here in America – due to the large marketshare of iPhones and the resulting use of iMessage. However, I still think that we should always strive to do better when there’s room for improvement and in this case there is a lot of room to improve easily with very little cost. The only challenges facing users in this case would be the time to switch and the effort of convincing others. For those interested in taking on the challenge, here are the best options we currently have for encrypted messaging in 2024.

Read more...

There are many ways to describe Voice-over-IP, or VoIP. I've seen it called an anonymous, internet, alias, or throwaway phone number (and more). Regardless of the name, I personally consider VoIP to be a healthy part of a good privacy and security strategy. The advantages are endless. For one, VoIP is harder to SIM Swap compared to a normal SIM phone number. VoIP can also help provide you privacy since most SIM numbers can easily be Googled or looked up on any number of the hundreds of people search sites and return information about the carrier and who the number is registered to. On the day-to-day, VoIP – combined with other strategies I recommend on The New Oil – can help reduce spam calls/texts, prevent would-be stalkers, create healthy work/life balances, control what information people (like prospective employers) can find about you, and help compartmentalize or reduce tracking by big corporations. Sadly, VoIP is a tool that's not widely available in many countries, but for those with access to it, VoIP can provide numerous benefits and should at very least be considered. So this week let's explore some of the best VoIP options currently available for consumers.

Read more...

As some of you may have noticed, TNO hasn't really been updated in a hot minute. I was working on a major overhaul, one that deserves a blog post. Let's talk about it.

Read more...

In recent weeks, I’ve noticed a rise in censorship regarding SMS communication that’s not being discussed. At all. I’m concerned that it may become a slippery slope that eventually effects us all. I don’t have any dramatic, prose-ridden introduction this week. Just some news, facts, and observations I wanted to share. So this week, follow me down the rabbit hole as I explore an existing but rising threat to our free speech and what we can do about it.

Read more...

Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

Read more...

When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?

Read more...

Things are a little crazy here in the US right now – as is our perpetual state of existence these days – so I thought now might be a good time to revisit my 2020 blog post about protesting, surveillance, privacy and security. For the cynics in the crowd, I want to make it clear that I am not supporting rioting, looting, or violence. This is a post about exercising your Constitutional right (in America and many other countries) to peacefully assemble and demonstrate over any given issue. I am vehemently opposed to the idea that you can be identified and tagged – 100% without human action – simply for exercising that right. Even if I disagree with the issue or the stance on it, as the famous quote goes (roughly): “I disagree with what you say, but I will defend to the death your right to say it.”

We are already in a world of 24/7 connectivity, and that coverage only expands and deepens with each passing day. While facial recognition tech and geofence warrants are not new, since I originally wrote this blog post these things have been kicked into hyperspeed and rolled out in greater numbers and with increasing frequency at all levels of government. And that’s to say nothing about the rise of AI, which – while sometimes faulty – is capable of parsing through vast amounts of data at (literally) inhuman speeds and noticing trends no human possibly could. These changes in effective surveillance coverage, previously unknown surveillance techniques, and the ability to automatically store, parse, and analyze it all is setting the stage for a new level of dystopian capabilities previously limited (mostly) to the realm of sci-fi and nation-state targeting. And now, with the reversal of Roe v Wade, I am unfortunately able to pull the “I told you so” card and point to concrete, Western-world proof that what was perfectly legal today may be a felony worthy of prison time tomorrow. So with that context, let’s talk about how you can legally express your voice without ending up on “a list.”

Read more...

Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.

Read more...

Enter your email to subscribe to updates.