The New Oil

Data privacy & cybesecurity for normal people
TheNewOil.org

From the beginning I’ve always said this blog would be used to communicate major changes with the site in addition to reviews, ideas, etc. It’s been hard over the years to know what changes are big enough to warrant a full blog post, and which ones I should just let users see in the commit log. However, this past week, we made a few huge behind-the-scenes changes that I’m excited about and want to share. So in lieu of a traditional blog post, here’s some important stuff that happened this week.

Read more...

There are many enemies of privacy. There are politicians claiming the (at best) misguided pretense of “protecting the children,” intelligence agencies claiming “national security,” companies claiming to give us “the best experience” or serve us the most relevant ads, and even individuals who seek to intimidate us and threaten us for any number of perceived slights. But there is one enemy who I’ve come to believe stands head and shoulders above the rest as the greatest enemy of privacy, one who will utterly destroy us if we can’t get it in check: the community itself.

Read more...

2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to encourage cybercriminals to keep trying, and in the first two-thirds of 2023 alone, there were a record 2,116 data breaches (that we knew of) for a total of 234 million victims. Keeping your data safe is more important than ever. Thankfully, doing so is – in some ways – also becoming easier than ever. Using good passwords is just one part of a healthy cybersecurity posture, but many experts consider it the first and one of the most impactful parts. Of course, we all know that actually using good passwords as recommended is laughably impossible, so much so there’s a plethora of memes about it. Thankfully, password managers exist and are here to help. However, like any mainstream tech product, the marketplace is now flooded with password managers of varying quality. So this week, I want to breakdown my top recommendations for best password managers in 2024 and which ones are right for you.

Read more...

In an era where our lives are intricately intertwined with technology, the concept of cybersecurity has become paramount. One need look no further than my own Surveillance Report podcast, which features a weekly “Data Breaches” section that at times becomes so long we have to sacrifice some of the lesser stories. Consequently, many in the privacy and security communities strive to find systems and devices that are “unhackable.” But reality is a harsh mistress (or master, or whatever you prefer), for nothing is truly unhackable.

Read more...

Last week, encrypted email, cloud, and calendar provider Skiff announced they will be shutting down in six months after being acquired by Notion. This has understandably caused a lot of frustration in the privacy community as many people were initially quite excited about Skiff. Several other privacy outlets – including Michael Bazzell, Privacy Guides, and even our own Surveillance Report – have all discussed our own frustrations, lessons learned, and plans going forward. But really, this is nothing new. Two years ago (nearly to the month), CTemplar also suddenly shut down, and we saw nearly the same scenario play out (with different reasons being given by the companies). So this week, let’s take a moment to reflect back on the second email shutdown The New Oil has survived and see what lessons we can take away for the next inevitable disruption.

Read more...

Love it or hate it, online dating is here to stay. According to Pew Research, 30% of US adults say they’ve used online dating sites or apps, 1/10 say they’ve met their current partner via such a site/app, and 40% say that online dating has made the search for a long-term partner easier. I assume these numbers aren’t including non-dating sites like Facebook or Discord where it’s also possible to run into someone, hit it off, and begin a relationship. Like any other digital space, however, online dating is not without privacy and security concerns. As Valentine’s Day lies just around the corner, let’s revisit some privacy and security advice for those wading into the dating pool. (Don’t worry, not all of this advice is specific to online dating, so even if you’re against online dating there may still be something here for you, too.)

Read more...

In an era where the internet has become an integral part of our daily lives, it's crucial to prioritize online safety. Safer Internet Day, observed this coming Tuesday (February 6), is yet another day to raise awareness of an issue. As I looked more into this day, I noticed that their stated aims were very nebulous, citing goals like making the internet “safer” (obviously), “inclusive,” “positive,” but I never actually found any specific guidelines or recommendations. I was further unsettled when I found an equally-vague teaser for the 2019 event with sponsors like Microsoft and X (Twitter at the time) – who as of this week expressed support for the highly problematic Kids Online Safety Act (KOSA) – as well as Meta (Facebook at the time), Snap, Google, and other problematic figures who’s efforts to make the internet “safer” can – at best – be described as misguided and controlling. The only unambiguous content to be found anywhere in the official online presences of this movement is a blog on the official website that discusses some of the various online legislation going around regarding online safety. So ultimately, it seems to me that – at best – this group is about campaigning for better “online safety” laws and – at worst – it’s a front for various Big Tech lobbying groups to control the narrative and conversation surrounding online safety.

Despite all that problematic context, let’s be real for a moment: the internet can be a toxic wasteland (heavy emphasis on the “can be” part), and at face value I do agree with the overall (alleged) mission of this day. So regardless of who’s behind this day, I think it’s worth taking a moment to discuss the idea of a safer internet and some of the steps we can take to protect ourselves and create a better online experience. For some context, today I will be focusing on the threat model of “other users” as opposed to companies, governments, or even insider threats like sysadmins and employees. I’m talking about cyberbullies, trolls, and other common threats who make our online experience less enjoyable.

Read more...

At the time of publication, tomorrow is International Data Privacy Day. Like most “days” of this sort, the focus is on spreading awareness of data privacy and as such companies routinely post articles about some beginner tips, why privacy matters, and other similar ideas. This year, I want to do something a little different. With tomorrow being Data Privacy Day and most of us being chronically online, I want to encourage us all tomorrow to just disconnect. To be clear, those top 5 tips and philosophical musings are important and matter, but I’ve already seen plenty of interesting posts this week covering those bases so I don’t feel a need to add to the chorus. Instead, I thought it might be useful to focus on one thing that nobody else seems to be talking about: digital minimalism.

Read more...

As a veteran, my approach to healthcare and job opportunities has always been different than most. I’ve always been in reasonably good health, never been much of a thrill seeker, and have a pretty robust immune system. Other than a hardcore sweet tooth, I generally take at least some care of myself. As such, that meant I could be a little riskier, allowing for a successful freelance career. But then, I got married. Suddenly, the math changed and I had to start considering health care when I considered employment. This is hardly a unique situation: after adopting pets you have to consider who will feed them when you’re on vacation, or when you have kids you have to consider what will happen to them if anything happens to you.

Read more...

Every year, I like to remind everyone to go back to the basics. For those who are new to privacy and security and may be trying to create some new, positive habits, this serves as a great entry point. For veteran privacy enthusiasts, the basics form our foundation for more advanced techniques later, making it imperative to ensure we cover all those bases. So in that spirit, let’s all pause – wherever we are in our privacy journeys – to do a quick check and make sure we’ve got the basics covered. If you’re one of those new people I mentioned, welcome! But also know that this post is packed with information, so try not to get overwhelmed. Maybe bookmark this post and do one thing per day or something like that. As the classic phrase says, “you eat an elephant one bite at a time.”

Read more...

Enter your email to subscribe to updates.