The New Oil

Data privacy & cybesecurity for normal people
TheNewOil.org

A more advanced strategy that comes up often in the privacy community is that of “custom domains.” These tools can provide a wide variety of protections from proactively defending against slander and “revenge porn” to simply ensuring you always get your emails. Yet, as “common knowledge” as custom domains are, I still regularly see a lot of confusion and questions about the best way to use them, so this week I’d like to offer my thoughts. Don’t click away just yet if you’re not a techie or have a low threat model because I think there’s value in this tool for you, too.

Read more...

Disclosure: The New Oil is sponsored by IVPN. Per the terms of this agreement, IVPN does not have any input on our review, but we want to disclose any possible conflicts of interest up front. You can read all of our guidelines for sponsorships here.

What is IVPN?

A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. IVPN is one such service.

Read more...

It’s a new year, and for most people that means “new beginnings.” Humans are naturally drawn to specific milestones in our lives because they feel like opportunities to start over fresh or rebuild from the ground up. The new year isn’t the only such milestone, it could also be a birthday, holiday, new week, etc. That’s why we get so excited about an – objectively speaking – arbitrary day. It’s a new chapter, a chance to redefine ourselves and do anything we want. In some cases, this could mean getting shape, finding love, finishing a book, any number of things. But it could – and should – also meaning a revaluation: where are you now? Where do you want to be? What can you do better? In privacy and security, I believe we should always be striving to take the next step and do better, but it’s always wise to check back and make sure you’ve got the basics covered. So in the spirit of new beginnings and revaluation, I’d like to present a few tips to help you check your privacy and security basics and set yourself for up a successful 2023.

Read more...

What is 2FA and Why Do You Need It?

2FA is an abbreviation for “two-factor authentication,” which is basically what it sounds like. Usernames and passwords are a form of authentication; if you don’t know the username and/or password, you cannot be authenticated, or prove that you are authorized to access whatever it is you’re attempting to access. Of course, that’s not totally true. Data breaches expose usernames and passwords all the time. Hence the need for more than one method of authentication at the same time. When you combine more than one form of authentication, you get “multifactor authentication,” or MFA. All 2FA is MFA, but not all MFA is 2FA.

Read more...

“What a year.” My annual catchphrase. I always say that this project has exploded in ways I never expected, and that never stops being true. So where are we now?

Read more...

About the Author & the Book

Cathy O’Neil is an American mathematician and data scientist. She got a Ph.D in math from Harvard, and later taught at MIT. In 2007 she left academia to work in the finance industry, an experience she talks about in the book that left her disillusioned with the role of data collection and algorithms and the way that they can harm the outliers. This ultimately led to her publication of Weapons of Math Destruction in 2016.

The saying goes that if you want to cook an omelet, you have to break a few eggs. Weapons of Math Destruction focuses on those eggs who have become casualties on the way to algorithmically modernize the world, using big data to make decisions that are – on the surface – more objective, fair, and accurate. However, O’Neil explores how this is frequently not the case and the flaws with our current approaches to using Big Data to this end.

Read more...

The following is an original piece of journalism from The New Oil

Twitter may be compromised, and nobody's covering it. This is the allegation from security researcher Lucky225.

In order to understand the context of this story, we have to briefly go back to 2010, where Army intelligence specialist Chelsea Manning was becoming disillusioned with – among other things – the actions she was helping to facilitate for the US incursions into Iraq and Afghanistan. This seems to be at least part of what led her to disclose hundreds of thousands of classified documents to whistleblower website WikiLeaks, which detailed everything from American war crimes in Iraq and Afghanistan to diplomatic cables showing China's frustrations with North Korea at the time.

Read more...

Regardless of how you feel about capitalism, there is one aspect of it that – to some extent – I think we can all agree is nice: the free market. Exactly how “free” the market should be is up for debate, but I think it’s safe to assume that most of my readers are in favor of a world where someone can wake up one day and say “I hate my job, I’m gonna go find another one,” or “I don’t like that company (for whatever reason), I want to shop somewhere else,” or “I want to make a website teaching data privacy and cybersecurity to beginners. Oh look, I have a second job now.” I don’t believe it’s perfect by any stretch of the imagination, but I still choose to live my personal life largely by the free market hypothesis. I hate the way Walmart treats their employees, so I shop elsewhere. Earlier this year I left one job largely because I felt I was being underpaid (spoiler: I was). On the other hand, sometimes I choose to buy name brand because the better quality justifies the price increase. Free market in action: voting with your dollars.

This ties into privacy when it comes to the argument of “just don’t use X if you don’t like it.” I get that a lot. “Just don’t use Facebook if you don’t like it.” “I don’t see the problem, just don’t use Amazon if you hate them so much.” “I like Google, but you’re free to use something else.” In the free market, there’s the idea that every company is free to institute whatever rules, policies, and business strategies they feel are best. At The New Oil, for example, I have every right to list whatever tools I want for any reason I want. In theory, the market responds accordingly: if people agree with my reasoning – or the tools I list – then they reward me by visiting, recommending the site, maybe even buying merch, donating money, or using an affiliate link to help support the project. On the other hand, if people disagree with my reasoning or tools, they can choose to go support another project such as Privacy Guides or Privacy International the same way. But what if – hypothetically – all three of those organizations were under the same umbrella company?

Read more...

About the Author & the Book

Shoshana Zuboff is no stranger to technology and the way it impacts our modern life. With a Ph.D. in psychology from Harvard (where she's tenured, by the way, in the Business School), she's written on such topics as the future of work in the digital age (In the Age of the Smart Machine) and somewhat predicted the current state of capitalism in her book The Support Economy (assuming I read the Wikipedia synopsis correctly, truthfully I haven't read any of her other works myself).

The Age of Surveillance Capitalism is arguably Zuboff's best-known book, and has certainly become one of the foundation “must-reads” in the world of privacy. It outlines a brief history of “how we got here” in terms of surveillance, notes the ways that Big Tech and the government often work together, explains how Big Tech encroaches on our privacy, and explains how all of this fits into a larger concept of our individual freedom of choice and a sort of “class struggle” between us as individuals and Big Tech companies as they seek to undermine our freedoms in exchange for profits.

Read more...

Next week, gift-giving season officially beginning in the United States (and at least a few other places, I presume) with Black Friday. As such, I figured this would be a great time to discuss safe shopping tactics. In what is becoming my own yearly tradition here at The New Oil, below are my list of online shopping tips, updated to reflect any techniques or strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs which The New Oil has signed up for. Affiliate links are clearly marked and are totally optional.)

  • Pay with cash in person. There’s a large push for credit card usage in the US, and it has some personal finance benefits. Cards often come with cashback and purchase protection, and while the risk of skimming still exists, fintech (financial technology) security has come a long way. However, cards are still a privacy nightmare. Your shopping data will absolutely be sold by your bank to data brokers. As such, cash is king. But if you need some less-paranoid, more practical reasons to use cash: if you’re buying a gift for someone who has access to your bank statements (significant other, parent, etc) it can help shield your purchases – both the site and the amount – and keep the gift a surprise. Furthermore, holiday spending and gift giving is often a source of debt in the new year, so using cash will help you stick to your budget. Personally I think racking up a boatload of new debt is a really crappy way to start the new year.

  • Of course, online shopping has long been popular and even moreso during Cyber Monday (not to mention some services are online-only). For online transactions, use pre-paid cards or card-masking services like Privacy.com, MySudo, or ViaBuy (if you live in Europe) to avoid having your real information stolen. If a scammer steals your info, the effects could be as minimal as having to get a new card or as serious as draining your bank account, stealing your identity, or even stalking you. So I definitely encourage you to use a masking service of some kind. Be aware that Privacy.com and MySudo essentially function as banks in this scenario, so they will ask for some personal information that some people may not be comfortable with. If that's the case, call your bank and ask if they offer virtual card services. Some banksk do – including large ones – and it's becoming more popular. You won't have the privacy benefit of having your transactions shielded from the bank, but you'll get the security of not having your card number stolen. Personally I’m a fan of Privacy.com for a lot of reasons (I actually have an affiliate link you can use here if you're interested) but this isn’t the time or place. Feel free to check out all of the solutions suggested and see if any of them are right for you.

  • Use HTTPS. HTTPS is a powerful and effective encryption method for data-in-transit (aka web traffic) that helps protect your sensitive information as it shoots across the web. The vast majority of the internet is now securely encrypted so you’re probably covered, but be vigilant anyways. All four of the browsers I recommend on my site – Brave, Firefox, LibreWolf, and Tor Browser – offer some type of “HTTPS-Only Mode” that will automatically upgrade connections when possible and warn you when it's not. On Brave, go to Settings > Privacy and Security > Security and enable Always use secure connections. On Firefox, Librewolf, and Tor Browser, go to Settings > Privacy & Security and scroll all the way down to HTTPS-Only Mode. Make sure you select Enable HTTPS-Only Mode in all windows.

  • Use a PO Box. PO Boxes can serve tons of great purposes that you didn’t even know you needed. For starters, they start off inexpensive, in some places as little as $20/year. They can be handy because your packages don’t sit unguarded on your porch while you’re at work, they sit safely inside the building of your box. And of course, you don’t have to worry about some stranger on the internet snagging your home address, whether that’s the random person on Etsy, the rogue employee at Amazon, or the cybercriminal who hopefully didn’t steal your information because you already implemented the above bullet points.

  • Use alias email addresses. These are services such as SimpleLogin (affiliate link here) and AnonAddy that offer you email addresses that automatically forward to your inbox. The website you sign up for only ever sees your alias email address, but it all arrives in the same easy-to-manage place. The privacy protection here is that it keeps you from being cyberstalked (there are lots of ways I can find your various other accounts just from an email address) and makes it slightly harder for companies to track you. The security benefit is that it changes your login on each site and makes it harder for credentials caught up in data breaches to be weaponized against you (see credential stuffing). And as a practical benefit, once you've signed up for these sites, they usually spam you with offers, newsletters, and other marketing crap. Usually you can simply click “unsubscribe” but some of the scummier sites don't respect that request. With an alias email address, you simply turn it off and stop getting the spam. Imagine having a peaceful, organized inbox again. Wonderful.

  • On the topic of security benefits, be sure to use strong passwords with a good password manager and use two-factor authentication (2FA) on all accounts that offer it. I know the holidays are a hectic time for most people with travel and family and such, but it also usually means more paid time off for most people. Take advantage of some of that time off and set aside an hour or two to pick a good password manager, change your passwords and password habits, and enable 2FA. This is one of the single most effective things you can do to protect your online accounts, and on top of that it's free and easy, yet still few people do any of this stuff. Doing this step alone is one of the one most powerful things you can do to protect yourself year-round. Speaking of year-round...

  • Don’t quit on December 26. The thing about these habits is that they’re great any time, not just around the holidays. Shopping is something we do all the time, all year, and these strategies can be implemented there, too. You can pay cash at the grocery store. HTTPS can protect your Facebook login from a random cybercriminal just as much as your card number. Online data breaches are quickly becoming a daily occurrence, so using card-masking can prevent your card number from getting permanently posted to the dark web (if you’re not worried about that, clearly you’ve never had the hassle of updating EVERY service you use after a card number changed for any reason). Even a PO Box can be a neat thing to have on hand if you rent and move in the same area frequently, if you need an address on file for work (again, data breaches), or freelance and need somewhere to send checks or a return address for merchandise you sell.

Take some time to think about which of these strategies can benefit you most. HTTPS is something that takes just a few seconds to ensure is enforced and you never have to think about it again. A PO Box can be easily added into your routine by renting one nearby or on your way to/from work. Cash can be handy as well to help you stick to a budget. I hope these tips help keep you safer online this holiday season, and good luck finding that perfect gift!

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates on Mastodon or support my work in a variety of ways here.

Enter your email to subscribe to updates.