Last week, encrypted email, cloud, and calendar provider Skiff announced they will be shutting down in six months after being acquired by Notion. This has understandably caused a lot of frustration in the privacy community as many people were initially quite excited about Skiff. Several other privacy outlets – including Michael Bazzell, Privacy Guides, and even our own Surveillance Report – have all discussed our own frustrations, lessons learned, and plans going forward. But really, this is nothing new. Two years ago (nearly to the month), CTemplar also suddenly shut down, and we saw nearly the same scenario play out (with different reasons being given by the companies). So this week, let’s take a moment to reflect back on the second email shutdown The New Oil has survived and see what lessons we can take away for the next inevitable disruption.
Love it or hate it, online dating is here to stay. According to Pew Research, 30% of US adults say they’ve used online dating sites or apps, 1/10 say they’ve met their current partner via such a site/app, and 40% say that online dating has made the search for a long-term partner easier. I assume these numbers aren’t including non-dating sites like Facebook or Discord where it’s also possible to run into someone, hit it off, and begin a relationship. Like any other digital space, however, online dating is not without privacy and security concerns. As Valentine’s Day lies just around the corner, let’s revisit some privacy and security advice for those wading into the dating pool. (Don’t worry, not all of this advice is specific to online dating, so even if you’re against online dating there may still be something here for you, too.)
In an era where the internet has become an integral part of our daily lives, it's crucial to prioritize online safety. Safer Internet Day, observed this coming Tuesday (February 6), is yet another day to raise awareness of an issue. As I looked more into this day, I noticed that their stated aims were very nebulous, citing goals like making the internet “safer” (obviously), “inclusive,” “positive,” but I never actually found any specific guidelines or recommendations. I was further unsettled when I found an equally-vague teaser for the 2019 event with sponsors like Microsoft and X (Twitter at the time) – who as of this week expressed support for the highly problematic Kids Online Safety Act (KOSA) – as well as Meta (Facebook at the time), Snap, Google, and other problematic figures who’s efforts to make the internet “safer” can – at best – be described as misguided and controlling. The only unambiguous content to be found anywhere in the official online presences of this movement is a blog on the official website that discusses some of the various online legislation going around regarding online safety. So ultimately, it seems to me that – at best – this group is about campaigning for better “online safety” laws and – at worst – it’s a front for various Big Tech lobbying groups to control the narrative and conversation surrounding online safety.
Despite all that problematic context, let’s be real for a moment: the internet can be a toxic wasteland (heavy emphasis on the “can be” part), and at face value I do agree with the overall (alleged) mission of this day. So regardless of who’s behind this day, I think it’s worth taking a moment to discuss the idea of a safer internet and some of the steps we can take to protect ourselves and create a better online experience. For some context, today I will be focusing on the threat model of “other users” as opposed to companies, governments, or even insider threats like sysadmins and employees. I’m talking about cyberbullies, trolls, and other common threats who make our online experience less enjoyable.
At the time of publication, tomorrow is International Data Privacy Day. Like most “days” of this sort, the focus is on spreading awareness of data privacy and as such companies routinely post articles about some beginner tips, why privacy matters, and other similar ideas. This year, I want to do something a little different. With tomorrow being Data Privacy Day and most of us being chronically online, I want to encourage us all tomorrow to just disconnect. To be clear, those top 5 tips and philosophical musings are important and matter, but I’ve already seen plenty of interesting posts this week covering those bases so I don’t feel a need to add to the chorus. Instead, I thought it might be useful to focus on one thing that nobody else seems to be talking about: digital minimalism.
As a veteran, my approach to healthcare and job opportunities has always been different than most. I’ve always been in reasonably good health, never been much of a thrill seeker, and have a pretty robust immune system. Other than a hardcore sweet tooth, I generally take at least some care of myself. As such, that meant I could be a little riskier, allowing for a successful freelance career. But then, I got married. Suddenly, the math changed and I had to start considering health care when I considered employment. This is hardly a unique situation: after adopting pets you have to consider who will feed them when you’re on vacation, or when you have kids you have to consider what will happen to them if anything happens to you.
Every year, I like to remind everyone to go back to the basics. For those who are new to privacy and security and may be trying to create some new, positive habits, this serves as a great entry point. For veteran privacy enthusiasts, the basics form our foundation for more advanced techniques later, making it imperative to ensure we cover all those bases. So in that spirit, let’s all pause – wherever we are in our privacy journeys – to do a quick check and make sure we’ve got the basics covered. If you’re one of those new people I mentioned, welcome! But also know that this post is packed with information, so try not to get overwhelmed. Maybe bookmark this post and do one thing per day or something like that. As the classic phrase says, “you eat an elephant one bite at a time.”
This month, gift-giving season officially begins in the United States (and several other places, I presume). It kicks off in full with Black Friday, but brands are increasingly starting their holiday deals as early as the beginning of this month. Consequently, this is the time to discuss safe shopping tactics. Below are updated online shopping tips, reflecting techniques and strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs, which The New Oil has signed up for. Affiliate links are clearly marked and are optional.)
I'll keep this one brief: there's a lot going on behind-the-scenes at TNO and there's always more to do, but I'm incredibly excited to announce that one of my longtime goals has finally come to fruition: The New Oil is finally available as a Tor hidden service, aka a “.onion” domain. Over the years I've had several readers write in to inform me of all kinds of small issues with accessing the site, from being falsely flagged on VirusTotal to CDN misconfigurations to being to straight-up blocked by foreign ISPs. A hidden service is the holy grail for any privacy site such as myself: privacy-respecting, secure, and capable of bypassing censorship in even the harshest regimes. With this new offering, readers from anywhere in the world will be able to safely, securely, and anonymously access The New Oil's website, ISPs and other obstacles be damned.
While hidden services are riding a fine line of potentially being “out of scope” given my target audience, the required costs (in time, maintenance, technical proficiency, and finances) are quite low, and given that TNO explicitly states that we are not an adequate resource for high-threat-model individuals, I feel like this is a service we can confidently offer to give our readers an extra layer of privacy – even from ourselves (trustworthy though I may feel we are). That said, I am certain there is room for improvement, and if any of the more experienced readers out there see ways that we can offer our readers even more protection, please open an issue on GitLab or GitHub.
To access our new Hidden Service, simply navigate to TheNewOil.org in the Tor Browser as we already have the automatic redirect set up, so your browser will either automatically redirect you or at very least offer to redirect you depending on your settings. If you'd rather go there directly, you can find us at vyrgfx4jz2lnejqduons56ph5xtsrtaoo7ovny53dd7okyzhfsgkzbad.onion. Thank you to everyone who made this possible and helps make The New Oil a little better everyday. I look forward to many more privacy-friendly moves like this in the future!
You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here.
This is an out-of-band blog post. If you're reading this (not on the day it was published via your usual subscription channels but instead because I shared this link directly with you), chances are you told me that an article I shared on the TNO newsfeed is paywalled. It's possible that this article was paywalled after I posted it and that what I'm about to share won't work. More likely, however, what happened is that my browser is set to block paywalls and yours isn't. Here's how to fix that.