The New Oil

Privacy and Voting

August 8, 2020

This year in the United States is an election year. To call this year’s election “contentious” is an understatement. In that spirit, I want to offer some advice on voting and privacy. I completely support the right to vote and the freedom of any American (and ideally any person) to express their vote if they desire to. I also don’t think that voting should cost you your privacy. I think that the only way democracy can truly work is if people can feel confident that expressing their political opinions won’t put them at risk. (Source)

Context

I worked in a county elections office almost a decade ago, during the gubernatorial race. In other words, I worked two local elections and one state election at the county level and I actually read the election law cover to cover. So while I’m far from a legal expert, I do actually know the rules for real from the source, not from “I heard once” or “I read on Facebook.”

Disclaimers: my knowledge is unique to that specific county, so while much of my knowledge is derived from national election law and applies across the board, some of it may also be area-specific. Also, this was roughly six years ago. Laws do change (albeit, quite slowly and with a lot of resistance), so some of my knowledge may be slightly outdated now. However, I do think the broad strokes I’m about to discuss should be universal, and if nothing else I hope I can give you some starting points.

Finally, as with most of my posts, I’m working under the assumption that you live in America and you possess a legal right to vote (not a convicted felon, of age, etc). I’m also working under the assumption that you possess a relatively low threat model.

Is It Even Possible?

In short, not exactly. It is not possible to lawfully vote without the government verifying your identity and location. Unfortunately, I do agree with the government on this one (I’ll take “things I never thought I’d say” for $500, Alex). It is imperative that we as a society make reasonable efforts to ensure that the only people who actually vote are the people who are invested in that vote: aka, people who actually live in the area affected and are legal citizens. Real quick, I do want to note that there’s a lot of issues to discuss here regarding citizenship, voter suppression, ID requirements, gerrymandering, and other related issues. These are important discussions to have, but this is not the place for them. I’m focusing solely on the privacy aspect.

While I recognize the importance of voter identification, I want to point out that I do not trust the government to guard a box of Tic-Tacs. Whatever information you submit, expect it to become public record eventually. In fact, it will absolutely become public record right away because most places publish an online voter log that is openly available to the public. Literally anyone anywhere with no record or oversight can go to your state or county election website, type in a few details about you (usually last name and date of birth are sufficient) and pull up your full name, date of birth, home address, phone number, email, sex, and more. In some cases you can even search the address to see who lives there. If you’re lucky, your county doesn’t digitize these records and someone would have to go in person to view them, but they’re still available.

I also want you to be aware that records are available in bulk for political purposes, however there is no oversight for this. For example, let’s say the city is planning to sell a local park to a private company who wants to build a mall there. I can request the information of every registered voter in that area so I can go door-to-door and ask them to sign my petition blocking the sale. The information requested can be configured and filtered in virtually any way you can imagine: maybe I want only women because it’s a women’s issue. Maybe I only want democrats and third parties, or only one. Maybe I want a specific zip code, or a specific area stretching from Main Street to MLK Boulevard. Maybe I only want active voters, so I want a list of people who have actually voted, or voted in the last two elections (records are not kept of how you voted, but records are kept of whether you showed up to vote or not). More often than not, the only obstacle in my path will be the price: $1 for every hundred or thousand records, $5 per CD or USB of records, which can store up to five thousand records, organized any way you want them. (Numbers are an estimate from memory, and may vary from place to place.)

Required Information

The first thing you should look into when registering to vote is how to keep your name off the public record. Some states – but not all – offer a form that you can submit at any time which will remove your information from online searches. This will not remove your records from the physical in-person searches or bulk purchases I mentioned above. I believe it’s still worth submitting this form, preferably at the same time as registration. Often this means registering separately. The DMV offers a box you can click that simultaneously registers you to vote while updating your license with your new address. However, the DMV rarely has the form required to keep your information off the internet, and may not even know what you’re talking about. It’s best to go to the election office in person and register there. They will be able to verify your ID, the information, and attach the necessary form (if it exists) all at once, and they will be more knowledgeable about the subject.

Again, this will not stop your information from being on file and abused by an employee, caught up in a data breach, or simply taken in and endlessly contacted by a political party. For that, I have a couple strategies. First, fill out as little information as possible. Information like email and phone number are optional, don’t fill them out at all. It should go without saying that I do not encourage lying or the use of disinformation in any way when it comes to voting. Using a VoIP number or masked email is fine. I’m talking about the use of fake names, nicknames, fake date of birth, or fake social security numbers. Never give the elections people fake information, that is a crime.

Address Information

This part is best used in conjunction with hiding your address. This trick requires you to have multi-unit housing – such as an apartment or condo – and simply to leave your address incomplete. For example, if you live at 500 Maple Street Apartment 315, register as living at just 500 Maple Street. Most systems don’t require a unit number, and if you took my advice to visit in person to register you can just leave the apartment number off. By the time they go to type it in and verify it, you’ll be long gone and the staff doesn’t get paid enough to hound you about it. They’ll just override it and leave it blank. Even if they put one in, the original document you filled out will be scanned and I feel pretty confident that you wouldn’t get in trouble for putting in false information when they view the original document (note: I’m not a lawyer, don’t point to this blog as legal defense).

Personally I don’t see this as fraud because you’re still voting in your specific districts and areas (although the law may disagree). When I worked at the elections office, the only time we ever sent mail was to send a sample ballot (which can be pulled online) or to verify an address if mail got kicked back. You can easily ensure this doesn’t happen by using a mailing address. I’ve never seen a voter registration form that doesn’t allow you to pick a mailing address that’s separate from your residential address. I firmly believe that you should have a PO Box that doesn’t point back to your true, current address so I don’t see an issue with using it here. Why not just put that in the address in the first place? Honestly, because that’s fraud and possibly puts you in the wrong voting zones (assuming it even passes registration verification in the first place). Even if your PO Box is only a block away from your actual house, that street could be the difference between District 5 and District 7. You run the risk of not being able to vote on issues that are actually relevant to you, and possibly screwing up issues for someone else who actually is affected by them.

If you live in a single-family house, things become much harder. You could possibly use your next door neighbor’s address, however I would caution you that this is definitely illegal, but I would argue that it’s ethically okay under two conditions: first, make sure you’re on good terms with your neighbor and they are consenting to this, because they will definitely get mail and possibly even in-person visitors looking for you. Second, do your research and be absolutely certain that the neighbor you’ve selected resides in all the same districts as you. As a final warning on this idea, be aware that in some states voter registration is sufficient evidence for certain tax-related issues like tax breaks, or even counts as identification in some scenarios, so this could come back to bite you. Do your research with this idea, and be warned that it comes at a high risk.

Registration and Unregistration

A final, more extreme option that I don’t recommend is to register to vote right before an election, then unregister. If you’re going to do this, make sure you know when to register. There is a cutoff date, usually 30 days prior to the election, to ensure that the election officials have adequate time to process your registration and add it to the voter rolls. If you miss this window, you will not be able to vote in that election. Furthermore, this strategy does not protect you from data breaches. I can’t remember if deactivated voters are included in purchased records or not. Best case scenario, now your data is safe from being purchased by political campaigns as they're usually interested only in active voters. However, your information is still in the system and is absolutely prone to being caught up in a data breach and is usually still searchable online (though it does not that your registration is inactive). Personally I find data breaches to be the much more likely risk rather than a rogue employee or stalker (speaking on a widely applicable, statistical scale).

Conclusion

I mentioned briefly up top that I think it’s critical for you to examine your threat model. If you absolutely cannot risk being exposed, I don’t think you should register to vote at all. Sucks, but that’s the price you pay for life. Ultimately voting comes with risks, both real (data breaches) and potential (possible abuse of voter data in the future). It’s up to you to decide if you want to cast a ballot and if the risks are right for you. But I hope this post has given you some ideas and starting points to consider so that you can – if you so choose – exercise your rights without totally giving up on privacy altogether.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...

Privacy and Death

August 1, 2020

I’m not trying to bum anyone out, but let’s get real for a moment: if you’re reading this, someday you will die. I don’t care if you’re sixteen, sixty, human, robot overlord, or post-human alien reading this a thousand years from when it was written (in which case, please pause for a moment to be impressed that this tiny little blog post somehow exists in a thousand years). No matter your situation, you will someday die. I hope it’s a long time from now with a happy and full life behind you, but regardless it’s coming.

The only real question, which I want you to think about today as you read this, is what will you leave behind? Maybe you’re a parent with kids and a decent amount of money stashed away for their future. Maybe you’re a billionaire and you want your estate divided up and given to charity after you pass (if you are, please consider my OpenCollective). Maybe you don’t have a penny to your name. But the fact is, unless you’re in a position to have an approximate date of your death (such as a terminal illness or being elderly), you’re probably not going to have warning and other people are going to have to pick up the pieces. Even if you do have your affairs in order, there is still a bit of work that your survivors will have to take on your behalf (such as filing for a death certificate, arranging a ceremony for your remains, and handling your property). So it’s important that you think about your death now. Go ahead and have an existential meltdown, and once you’re done let’s talk about how to balance privacy and putting your life in order.

Basic Stuff

I’m gonna make a few assumptions in this blog post, and if they don’t apply to you I hope you’ll still be able to find some food for thought and adapt the underlying principles to your situation. In this blog, I assume that you live in America. I assume that you have a family – not necessarily children, but maybe parents or siblings or close friends that you would trust with your life in an emergency. I also assume that you are at least upper lower class or lower middle class – in other words, you are not living literally paycheck-to-paycheck and have at least some degree of disposable income. With those assumptions, let’s begin.

Let’s start with the basic stuff that applies whether you’re a privacy enthusiast or not. You need to think right now about what you want to happen after you die. Death is a powerful and traumatic event for most people. When a person dies, things move extremely fast. The body begins to decay within minutes of death (the exact rate is determined primarily by the environment), so it’s important to get the deceased buried as quickly as possible. That means getting a death certificate, arranging a funeral, getting loved ones gathered together, taking time off work, traveling, etc, often in less than a week. That also entails alerting banks, creditors, employers, and others of your passing. And typically, the person handling all this has their own life to continue to live on top of that – a job, a family, hobbies, etc. So right now there’s a lot of things you can do to make life easier for whoever has to handle your passing.

Right now, while you’re still alive, you should start by deciding what you want to happen to your body. Do you want a funeral? Do you want to be cremated? Do you want to be an organ donor or donated to science? Look into this stuff right now and create a simple will. Then think about your assets. Do you own a house or a car? Do you have money in savings or stocks? Decide what you want to do with that. Are you single with kids? Decide who you would want to take care of them. Once you gather all this stuff up, type it up in a word processor, print it, sign it, and get it officially notarized. It only costs about $10. It’s probably not as good as an official legal will, but it will definitely go a long way and unless you’re quite wealthy with a complex array of investments and assets, that’s probably all you really need. The reason it’s important to have this written plainly and notarized is because – again – death is a traumatic and stressful event for most survivors. If you haven’t had this conversation with your family (and even if you have), a fight may ensue. Your spouse may want to cremate you, but your kids may argue that you wanted a traditional funeral and the surviving spouse is just trying to be cheap. Likewise, you may want to cut a child out of your will, or maybe two of your kids want to sell the house and split the money but the third wants to keep the house. The dispute could even make it all the way to court. Again, while a notarized document may not instantly solve this dilemma, it goes a long way and it does save a lot of time and money in the legal system. These examples aren’t as far-fetched as you may think. Call up any local estate planning attorney and ask about it, they see it all the time. (Disclaimer: I am not a lawyer, please don’t take estate planning advice from a random stranger on the internet, contact an actual lawyer for better advice.)

So you should start your planning by plainly stating what you want to happen with your body, your finances, your assets, and anything else you have strong opinions about (I want my Facebook account deleted, I want my dog adopted by my sister, I want my stocks liquidated and donated to X charity or political party, etc).

Account Access

The next important part of planning for the inevitable is to consider access, both to accounts and devices. In some ways, this is really tricky. In others, it’s quite simple.

Let’s start by considering your accounts. There are some accounts you will absolutely want your survivors to have access to. For example, they will probably need access to your bank and other financial accounts to clear and close the account. If you have any sort of life insurance accounts, they’ll need access to that so they can file a claim. Honestly, it’s probably not a bad idea to give them access to your primary banking email account and your work email so they can inform the relevant people of your passing. Other accounts may not require access unless you want them closed. If you come from a very traditional family, you may not be comfortable saying “here’s the login to my PornHub account, please delete it after my death.” The point is, consider all your various accounts and what you want to happen with them. Are you fine with them just collecting dust? Do you want them closed? Do you want the data in them – such as comments and messages – cleared if they can’t be deleted entirely?

Now that we’ve sorted out which accounts are needed and which ones aren’t, let’s talk about accessing them. This is where things get really tricky. You want a way for your executor (fancy legal word for “person who handles your will and affairs”) to be able to access all this stuff, but you also don’t want anyone else to be able to access that information. For example, you could write down all your passwords in a small notebook and stick it in a safe, but what if the safe gets compromised? If it’s a home safe, like a firebox, what if it gets stolen or cracked? If it’s a security-deposit box, what if the bank gets robbed and the thieves just take everything they can? Perhaps a better solution might be an encrypted USB stick, but you have to make sure that the person in question is comfortable decrypting it and has the password stored somewhere safe or can remember it. It’s also good to consider how you’re going to update the backup if you change any of your passwords. A possible solution might be using a reputable cloud-based password manager like Bitwarden and activating the Emergency Access feature. This is where a loved one can request account access and if you don’t deny it within a set period of time (I believe 7 days) the request is approved. The feature was made for exactly this type of situation. In the end I can’t tell you the best solution, just throwing out some ideas and considerations.

Device Access

If you’re reading this, I hope you’ve taken my advice to use two factor authentication. That means that while your accounts are incredibly secure, a backup stick full of passwords may not be enough for your executor or loved ones to access the required accounts. They’ll need access to your device with two factor on it. The solution here really depends a lot on how you execute 2FA. For example, if you use a hardware token, you could make your executor aware of this. Easy peasy. They now have your logins and your token (which they should’ve received when they took over your assets) and they can easily begin to access your accounts. If you use a software token, you could leave your device’s login information in your password backup (this is another reason you shouldn’t use biometric identification to unlock your devices). Going back to the Bitwarden idea, you could also store your 2FA keys there, giving whoever holds your Bitwarden account total access to everything. Overall this is a pretty simple consideration, you just have to make sure you’ve examined all angles and decided what works best for your situation.

Final Thoughts

Once again, I’m not recommending any specific procedures. I’m also not trying to bum anyone out with death talk, but it’s important that we remember that this stuff is inevitable and you can save your loved ones a lot of headache with just a simple document that says “here’s what to do with my body, my stuff, and the information necessary to make that happen.” They’re already going to have a hard enough time coping with losing you, so try to be considerate and make the process a little less stressful on them.

Privacy & Security 101: Compartmentalization

July 25, 2020

When I shared my previous post around, one comment pointed out that compartmentalization is another basic topic worth discussing, but they did note that such a topic is far too big to have been put into the previous post. Well thank you, random Redditor, because you’re right. I do hint at the topic somewhat on the website, but on the whole this is a topic I’ve never really gone into detail on before. So this week, let’s talk compartmentalization.

What is Compartmentalization?

As a true crime fan, I’d be remiss if I didn’t share the story of Dennis Rader (though some of you may already know it). Rader was elected president of his church council. He was a Cub Scout leader. He worked as a dogcatcher for the city, with a bachelor’s degree in administration of justice, and had a wife and two children. Which is why it was pretty horrifying when everyone found out he was also responsible for ten horrific murders. Some of my readers may better know him by his moniker “BTK,” which stood for “Bind, Torture, Kill.” It’s downright chilling to imagine him torturing and murdering a couple in cold blood after breaking into their home, then going home to read his daughter a bedtime story, but it did indeed happen. And this is an extreme version of compartmentalization.

While most of us aren’t killers (I hope), we all compartmentalize. We dress or talk a certain way while at work, but do so differently on days off. We talk to our kids differently than our partners, and them differently than our friends. We may tell our coworkers about the trip to the park this weekend, but not about the fight we had over finances. Compartmentalization is, as the name suggests, the act of separating different aspects of your life – putting information into compartments.

How Does One Compartmentalize?

Before I get into how compartmentalization helps you stay private and secure, I want to explain how it works. I think doing so will answer the next question by itself, but I’ll wrap it up in the next section as well.

The best and easiest way to compartmentalize is to think of every area of your life as a completely different individual. The personal you – the one that has a beer on weekends with your friends, or plays video games, or takes the kids to the park, whatever – is Person A. The work you – the one that goes to work on Monday and turns in reports or repairs engines or flips burgers, whatever it may be – is Person B. Now in most cases, there’s no need to get too extreme with segmenting these people. There’s no need to go by Bob at work and Jim at home (unless your first and middle names are Robert Jim, in which case that’s probably not a bad idea). But there is a need to use one email for all work-related matters and one for personal stuff. And by work email, I don’t mean your actual email issued to you by the company. I mean “BobLastname@Encrypted.Email.” That way if/when you need to job hunt or do anything else work-related that doesn’t explicitly involve your employer (maybe some freelancing on the weekends?) you now have a way to do that without it getting wrapped up in your personal life. Likewise, have you ever sent a text to the wrong person? Maybe you texted your partner to ask if the meeting was still at 8.

The question now becomes how much compartmentalization do you need? As usual, it depends on you and your threat model. There is no clear answer here. Let’s start trying to answer that by talking about levels of compartmentalization. A full compartmentalization might involve a fake name, a separate device, a separate email inbox, and the whole nine yards. This might be appropriate for a spy, but probably isn’t necessary for most people. Most people might prefer a more partial compartmentalization: a VoIP number from work that’s different from their personal number, a separate email for their banking institutions, utilities, rent portal, and other important matters, a different name and number for online dating, etc.

Do you need full-on separate personas for different areas of your personal life? Maybe. As I mentioned above, you may choose to use a fake name (or a nickname) when online dating in case you run into a stalker or a bad date. In such a case, I recommend going all out with a separate VoIP number and email for the online account. Do you need to make a separate phone number to give to your neighbors than you give to your wife and kids? Probably not, but that really depends on how closely you trust them. For most people, having just two main personas – work and personal – will be plenty. Separating them with a VoIP number and an email is fine. There will be other areas where you’re still you but want to compartmentalize information, like giving your doctor a unique email address that you don’t use anywhere else. You’ll have to examine each situation on a case-by-case basis and decide what the risks are, how you can mitigate them, and what steps are appropriate to managing those risks.

How Does Compartmentalizing Help Privacy/Security?

So now, let’s talk about how this all actually helps you. The biggest advantage to compartmentalization is protection against data breaches. Consider a few of the following examples:

Your X-Box email has a data breach. Some bored teenager finds your email, correlates it to your place of work, and files fake complaints about you.
Using a VoIP phone for work allows you to disable it after hours, creating healthy work/life balances and boundaries.
Using a separate browser (or VM) to check your bank means less risk of malicious plugins and trackers getting your financial information.
Using a separate email for your doctor means that if your personal email address leaks, it can’t be easily and directly tied to your doctor, reducing risks of malicious and dangerous social engineering.
You use online dating. You go on a date and decide the person isn’t right for you, but they take it personally and start stalking you. You used a VoIP number, meaning you can delete the number and move on and it has no information tied to you in real life. You’ve effectively ended the situation before it began.

As with my last post, it’s important to note that compartmentalization is yet another layer. It’s not foolproof protection on it’s own. And I’m not suggesting you make life harder on yourself for no reason. Examine the risks and benefits of compartmentalizing in each case, decide what amount is right for you, and how to best group things. There’s often a lot of messy overlap. If your HVAC breaks, do you send an email from your personal account or your home account, which is also the account tied to your bank? Or, if you buy a home, do you use your bank email account since the mortgage is with them, or do you make a new one? It’s very gray, fuzzy stuff but it’s important that you sit down and start working on it. And honestly, you’ll probably mess it up a little at first, but experience comes with time and soon enough you’ll have a solid, effective system in place for helping to keep your life organized and safe.

Privacy & Security 101: Layering Your Strategies

July 18, 2020

I honestly don’t know how long this blog post will be because the basic concept is actually really simple, but I’ll do my best to explain it without over-explaining it.

This morning while collecting links to share on my Mastodon account, I came across this gem. Basically, a VPN provider claimed not to keep logs and then got caught with an unsecured database exposing plain text passwords (let’s not even touch that one), VPN session keys, IP addresses of users and servers, timestamps, geotags, and other stuff. This is not a blog post about VPNs, but this story does highlight the point of this post. This post is about one of the most important yet rarely talked about foundational concepts in privacy and security: layering your strategies.

Points of Failure & Redudancy

In most industries, there’s what’s known as a “point of failure.” In other words, “this is the most likely spot where something will go wrong.” Because of my background, I’m going to use a concert as an example: when connecting a sound system, your points of failure are usually the cables themselves. The more cables you have, the more points of failure you introduce and the more risk you run of something going wrong. The more you have going on, the more points of failure you introduce. Which brings us to redundancy.

Redundancy is simply having two things that do the same thing. Let’s keep with the concert example above: a “snahWKv!EiQLShN{A”%C<gRh{RF^(Q&g-,4f5L2~R6*ke” is basically a super long audio cable that stretches from the sound booth a few hundred feet in front of the stage to the stage itself. This is how the signal gets transported back and forth from the mics to the mixer (where the sound gets processed) back to the speakers. These days, Ethernet cables are typically used as snakes because they’re cheap, fast, reliable, and smaller than a traditional snake. But Ethernet cables are also typically less physically sturdy than traditional XLR, which means they’re more likely to fail than a traditional snake. So many modern sound mixers come with two Ethernet snake ports, an A and a B. If A fails, you can instantly (sometimes automatically) switch over to B and keep the show going with no (or almost no) noticeable gap in sound. This is redundancy. A system that is redundant has more points of failure because there is more going on, but because of overlap there’s also less risk of that failure being a big deal. The odds of both Ethernet cables failing at the same time is almost nonexistent.

Privacy, Points of Failure, & Redundancy

While I do encourage the use of a reputable VPN provider (read as: not one who advertises all over their website that they’re free coughUFOcough), I also don’t encourage that as a single privacy tactic. I mentioned in a previous blog that if you delete Facebook, you’re getting a little bit of privacy. If you use Signal, you get a little bit of privacy and security. If you do both, you’re getting even more privacy and security. This is how privacy and security should be properly executed, by layering one privacy technique on top of another. I use Tor because I trust the decentralized nature of it, but I also layer that use of Tor with things like TLS. I use strong passwords, but I couple that with using two-factor authentication everywhere I can. My passwords are a point of failure. My two-factor is a point of failure. But the odds of both being compromised by the same person simultaneously? Almost nonexistent. The key to successfully being private and secure is to be redundant, to have overlapping tactics that help to accomplish the same goal, and to make sure there’s not a single point of failure in your approach.

Redundancy & Threat Models

Now, I have said from day one that there is no perfect “one-size-fits-all” approach to privacy. It’s important not to be overly redundant for a lot of reasons. For one, it will make things inconvenient, and unless your life is on the line you’ll eventually get sick of the inconvenience and stop doing it, making it useless. Some people preach using a completely separate device to do financial work, but I find that overkill in most situations. Maybe a virtual machine is more appropriate. Or, honestly, just using a separate Firefox container or separate browser is sufficient in many situations. In other cases, too much redundancy actually hurts you more than it helps you. For example, using too many browser add-ons makes your browser more unique and stands out among the crowd. The benefit of using these add-ons (disabling automatic trackers) is minimal: your life is not at risk if Google finds out you like Neapolitan ice cream and adds that to your marketing profile.

The point here is that it’s important to evaluate your threat model and determine how much redundancy you need. A journalist may find it very important – depending on the severity of the information they’re working with – to use separate machines for work and pleasure. An intelligence operative may risk their life if they don’t have two factor enabled. A celebrity may be putting their whole family at risk by not buying a house in an anonymous trust or shell corporation. But for most people reading this, the stakes are much lower.

Conclusion

I hope that I didn’t confuse you with the last paragraph. My point is not “eh, it probably doesn’t matter if you do or don’t do this stuff.” My point is to make sure that you’re not overdoing it. Once again, if you overdo something there’s a very high risk you just won’t do it at all. Let’s take passwords and two-factor as an example: we should all be using strong passwords with a password manager and two-factor authentication whenever possible. End of story, no debate. But if your two-factor of choice is a hardware token, and you find yourself frequently forgetting your token at home, it’s probably safe to use a software token. The redundancy should still be there because the effort is minimal while the payoff is immense. There’s no need to say “the hardware token isn’t working out, I guess I’ll just disable two-factor altogether.” But in most cases, the risks are also minimal. It’s highly unlikely – for most of my readers – that you’re being targeted by a nation-state or a sophisticated hacker that requires an extra hardcore measure of security. A software token is plenty sufficient. There’s no need to make life that much harder on yourself. (Of course, if you don’t forget the hardware token and you find it quite easy to adapt to, there’s also no reason to settle for less).

I hope this post was helpful and gave you some thoughts. Please don’t settle for a “one-and-done” privacy solution. And when you do have a single point of failure – for example, a ProtonMail inbox with multiple addresses – make sure you understand the risks and how to mitigate them. In that example, I would say to be certain that you’re using strong passwords and two-factor, and also keeping backups of your private key locally. Make sure the machine you’re using to access that email account is secure and clean. It’s all a series of overlapping, multilayered techniques that add up to create a more secure lifestyle. Perhaps another way to think of it might be a suit of armor. A helmet is important. A chest piece is important. Either one by itself is better than being naked. But only by combining the entire suit of armor do you achieve maximum protection. And some people may need bulletproof armor (my analogy is kind of falling apart here but just bear with me). Others may just need something that stops small pebbles and dull knives. Ask yourself where you are, what are the weaknesses in your armor, and how you can best patch them up. And remember: even a suit of armor has weak spots. Nothing is ever 100%. But we certainly can and should be aiming for as close as sustainably possible.

I Lost My Debit Card Last Weekend

July 11, 2020

I love sharing stories like this because as much as I love privacy and security and view it as a fun challenge, at the end of the day it’s really all about practicality. This website is aimed at “the average person,” meaning that if this information doesn’t have any real-world applications then it’s no better than watching Mr Robot (great show, by the way, completely recommend it).

So I lost my debit card this past weekend, and I want to explain how the privacy lifestyle I live helped me save the day. Before I go into it, I want to make two things clear: first off, this subject sort of overlaps with personal finance, but personally I don’t find privacy and personal finance to be mutually exclusive. In fact, privacy and security habits will also often improve your financial standing if executed properly (in my opinion). Second, I am writing this from a place of privilege. Not everyone is fortunate enough to put money into savings, or even to have a bank account. I realize that this story involves privilege, and my goal is not to disparage anyone who reads this and goes “wow, must be nice,” but rather to encourage those who are fortunate enough to be in similar shoes to see how this stuff can have real world impacts.

So What Did I Do?

This past weekend my partner and I drove about two and a half hours out of town to visit her mother. It was a birthday visit more than a Fourth of July visit, we’re rather indifferent to the holiday ourselves. At any rate, in our hometown I stopped and used my card for gas (blasphemy to some privacy enthusiasts, I know) and when we arrived I realized my card was gone. So like any sane person in my shoes, as soon as I discovered it was missing I canceled it and ordered a new one through my bank’s automated system. I use MySudo, so I used the VoIP number that I have set aside specifically for important matters – banking, housing, etc – to place the call. Just to fully flesh out my privacy model.

How Did It Impact My Weekend?

It didn’t really. First off, I’m an introvert. I spent the whole week playing Fable (Steam summer sale baby!) and making fun of the movies we watched on TV. But we follow the Dave Ramsey ideology of personal finance. So we have a moderate sum of money in cash for emergencies. We took this savings with us just in case, and we were fortunate enough to be able to dip into this for any expenses like food. As soon as my card gets here, I’ll be replenishing the money. In the meantime I can continue to dip into the savings for things like groceries and gas until my card arrives (sent to my PO Box, of course).

How Will It Impact Me Online?

The real question most people are probably wondering is “how will this impact me online?” Really that’s the big thing. After all, think of all the subscriptions I have to replace now with a new card number, right? First off, not really. I’m a minimalist. I try to keep the subscriptions I actually use to a minimum. From a personal finance perspective, subscriptions are usually a rip-off. They make continuous money off you while providing very little future returns (such as new features and upgrades) and at the end of the day you don’t actually own anything. From a privacy perspective, these companies usually make even more money off of you by harvesting and selling personal information about you. The less accounts I have, the better.

More importantly, I do almost all of my purchases using either cash (such as in-store groceries) or online using prepaid gift cards and Privacy.com cards. I have nothing to update once my new card comes in. Other than not being able to take money out at an ATM, this really has almost no impact on my life.

The Lesson

The moral here is that this privacy stuff has real world impacts. It’s not just about some nebulous abstract like “stopping Google from profiting at my expense” or “what if America turns police state.” There are actual, practical threats that face us everyday: losing our debit cards, bank data breaches, random stalkers. Don’t just brush the information in this site off as “tin foil hat” or “paranoid” because it actually has value in your life.

An Open Letter to Congresspeople Regarding S. 4051 (Lindsey Graham’s Bill to Outlaw End-to-End Encryption)

June 27, 2020

Dear Congresspeople,

I don’t even know where to begin writing this letter. I’m a very cynical person, especially when it comes to politics, and yet I’m no anarchist. I recognize the importance of having a representative government who dictates what is and isn’t allowed. I value individual freedom, and yet I realize that we need to draw lines in the sand and enforce them. And not to be too hard on you guys, but I think a lot of you don’t understand technology. You’re being lied to by people with an agenda who are making you think that the scary unknown is dangerous, a wild west of lawlessness, Silk Roads, and worse. But that’s not the case.

I am speaking, of course, about Senator Lindsey Graham’s latest assault on encryption. His so-titled “bill to improve the ability of law enforcement agencies to access encrypted data, and for other purposes” (what are those “other purposes” anyways?), which flat out says that he views end-to-end encryption as a tool for criminals to sell drugs and sexually abuse children. This is not true, and in this letter I hope to help you see why this is bill is at best a misguided effort to do the right thing and at worst a full on assault on the Constitutionally-guaranteed privacy of Americans.

Bad People Existed Before Encryption, Bad People Will Exist After Encryption

The primary crux of Sen. Graham’s argument against encryption is that it is used by very bad people, the kind of bad people we all universally agree are bad – specifically, drug dealers and pedophiles are often mentioned. And yet, child sexual abuse was recognized as a specific type of child abuse by Congress in 1973. Some of the earliest writings on the subject date back to 1857 in a paper by a French forensic pathologist. This is not a new issue, it’s one that predates the internet, the automobile, and almost the widespread use of electricity. As for drugs, I don’t think I need to provide evidence that drugs are an ancient problem. Drug abuse is nothing new, and dates back as long as drugs have been discovered.

I won’t disagree that bad people sometimes hide behind end-to-end encryption, but if you ban it they’ll just find another method. You’re treating the symptom, not the root cause. And that matters because you’re also penalizing law-abiding citizens in the process.

We Don’t Ban Freedom Because Some People Abuse It

Lots of law abiding citizens use end-to-end encryption for lots of perfectly legal purposes. I use it to transfer sensitive login or financial data with my partner (as well as more benign content like memes and what our dinner plans are). The Clinton Campaign made extensive use of Signal to keep their conversations confidential. Trump and his lawyer used Signal to discuss their legal matters in private (as they are legally entitled to by attorney-client privilege). The EU Commission has ordered all its staff to switch to Signal. And that’s just one specific app. Lots of high-level people use end-to-end encryption to protect sensitive conversations. WhatsApp is one of the most popular apps in the world for people to communicate with family members in other (sometimes hostile) countries so they don’t have to pay for expensive international plans. Does that make it illegal? If you have a sensitive conversation with your spouse about finances, would you want to record that and air it on national news? Does that make it illegal if you answered “no?”

My favorite comparison is clothes. Here’s a YouTube video about how many guns you can hide in your clothes. Here’s another story about a teen hiding drugs in his underwear. And yet, where are the cries to ban clothes? Why aren’t we making them illegal? What do you have to hide? You’re not doing anything wrong, right? So why use the same items that criminals do? The argument sounds stupid because it is stupid, no matter whether you use it on clothes or messenger apps.

Criminals, By Definition, Don’t Obey Laws

One of the top arguments in the gun control debate is that criminals, by definition, don’t listen to laws. If you ban guns, all you’re doing is taking guns out of the hands of law-abiding citizens who would otherwise use those guns to defend themselves. The same is true for end-to-end encryption. If you ban end-to-end encryption, criminals will still use it. The Great Firewall hasn’t stopped tech-savvy Chinese citizens from finding ways around it. Activists in Hong Kong were using Animal Crossing to bypass censorship earlier this year. Additionally, those same protestors are using decentralized apps – meaning apps that don’t have a central service provider the way that Facebook or Twitter does – to communicate and organize, which makes censorship exponentially harder. You can ban encryption in America, but all that’s going to do is make criminals use different services that are harder to shut down and based overseas. You won’t stop them, you’ll just punish law-abiding citizens by stripping them of their ability to be safe and protect themselves. If you vote against gun control, you’d be a hypocrite to vote for this law instead. And if you vote for gun control, then remember that encryption is a violence-free way of providing individual protections and civil liberties.

There are bad people in the world, and there always will be. That doesn’t mean we shouldn’t try to stop them and protect the innocent, but what kind of dystopian authoritarian says that it’s okay to strip everyone of their freedoms in exchange for stopping a few bad guys? The United Nations recognized privacy as a human right in 1948 (Article 12). This isn’t just about Democrats and Republicans or some other arbitrary “chalk one up for my team” fight, this is about human rights (and whether you want to admit it or not, America does not have the best human rights record (Alternate Source)). In another blog post, I mentioned that violent criminals make up less than 1% of the US population. Not pedophiles and drug dealers specifically, ALL violent criminals, including murderers, domestic assaulters, violent rapists, violent burglars, and more. Less than one percent. Would you do anything if your odds of success were less than 1%? In almost all situations, no. So don’t punish 99% of law abiding citizens by stripping them of their freedoms because of a few bad apples.

Why You Don’t Need a VPN

June 13, 2020

I’m gonna start this off by saying my title is wrong. I wanted something short and snappy, and “Why a VPN Shouldn’t be a High Priority for Your Privacy Model” was too wordy. So before anyone jumps down my throat, don’t?

VPNs are kind of a staple of privacy and security. They are most people’s first introduction into this kind of stuff. Maybe they use for one work, or maybe – like me – they were alarmed by the US Government allowing ISPs to sell your browsing data and the many ways that would definitely be abused. Maybe they just wanted to watch something that wasn’t available in their area. At any rate, most people are familiar with the basics of VPNs. If you need more information, check the website.

You might be confused why I listed VPNs in the lowest section of concern on the site, but it’s actually not as confusing as you might think. The reason is because these days, most of the privacy and security features that a VPN offers can be replicated in other ways. Privacy and security technology has come a long way.

What Does a VPN Do?

A VPN provides an encrypted connection between your device and the VPN server, and from there it goes out to the website in question. This all traffic on your device is hidden from anyone in between your device and the VPN server, including your local router, your service provider, and anyone else who might be looking along the way. Additionally, your traffic essentially appears to be coming from that server. So rather than appearing to come from your IP address in Portland, Maine, you might appear to be living in Los Angeles, California. Or Geneva, Switzerland. Or anywhere else you choose.

How Is That Replaced?

Security

For starters, TLS/SSL, better known as “HTTPS.” TLS allows encryption between your device and the server you’re accessing, and this is the technology that allows you to securely transmit login information and credit cards over the internet. The days of sitting in a Starbucks with a laptop and stealing the logins of other customers are pretty much over. As long as a site is using HTTPS – which most do, these days – you’re reasonably secure. Most apps also use TLS to communicate, meaning that almost all activity on your phone should be relatively encrypted (however it is hard to verify this so never assume that’s the case).

Privacy

Another powerful technique that helps is the resistance to tracking cookies and browser fingerprinting (at least, for VPN providers who provide their own DNS resolvers that block trackers, which the ones I recommend do). Under the Most Important section of my website, I have a chapter called “Securing Your Browser,” and several chapters on phones called “Securing Mobile.” These chapters share steps on how to institute anti-tracking measures on your phone and your web browser, which in turn help to eliminate some of the tracking that a VPN would help to protect you from.

So Is a VPN Useless?

No, not at all. TLS only hides everything after the slash, in essence. So for example, if you visited my blog, your internet service provider can see that you visited Write.As, a minimalist blogging website, but they can’t see exactly what posts you clicked on. A VPN tells them nothing, they can’t even see that much because all traffic is encrypted from your device to the server. Additionally, with a VPN, you’re encrypting everything on your device. With services like TLS and tracking protection you’re only protecting your web browser or specific app. With a VPN you’re protecting all the apps, telemetry, updates, and background stuff that may not be using TLS (or may be using an old, less effective version). Not to mention, last but least, a VPN will hide your IP address. There are many other ways of tracking you across the internet, but that's a pretty surefire one that a VPN can fix with a click.

In short, I’d put it this way: if you’ve already done all the other more important stuff and you have the money, a VPN is a great addition to your privacy and security model. But focus on other, more effective and more important stuff first. VPNs are still an important layer of protection for privacy and security, and lately I’ve seen a lot of debate over whether or not they matter. I think everyone should still be using a reputable VPN provider these days, but I do think there’s more critical steps to be addressed first. Using a VPN with Google still doesn’t help much. But coupled with other privacy-respecting services and techniques, it’s a powerful link the chain.

Case Study: Online Dating, Scams, and Why Privacy is Not a Reactive Issue

June 7, 2020

I know a guy. Let’s call him Ron because I’ve been reading a lot of Harry Potter lately. Ron swiped right on a dating app on a girl we’ll call Luna (because I haven’t finished the series yet so I don’t care about canon). He and Luna started talking. It soon moved to text, as most of these dating app conversations do. There was a lot of explicit flirting, and Luna even sent a few nudes (not at his request, she volunteered them). After a few weeks, the conversation died out and they stopped talking. Then, the other day, Ron got a call from Luna’s dad who furiously informed Ron that Ron had been sexting an underage girl. Floored, Ron checked his text messages and noticed one particularly long message that he had skimmed over before, but upon closer inspection he noticed that she had made a mention about her upcoming 17th birthday. Cue the panic.

Why Am I Telling You This?

It was Ron’s fault for not reading the text, right? Yeah, probably. But here’s the thing: we all make mistakes. Ron wasn’t being a creep. He was tired and distracted when she sent the original text and he didn’t notice it. Tell me about how you’ve never overlooked an important detail, missed an important email, or made a mistake. It happens to the best of us. Mistakes get made. And furthermore, we operate as a society on a basis of trust. Ron assumed that since Luna was on the dating app she was over 18. He can’t go around demanding everyone send him a copy of their ID and birth certificate. We have to place trust in people. He made an honest mistake. This case is a case study in why we need to be proactive about our privacy.

How Did it End?

Ron called me, panicked, knowing that I know a lot about privacy. As I began to investigate, cracks began to appear in the story. They’re not relevant, so I won’t bother sharing them, but I ended up reaching out to a close friend of mine who currently works in law enforcement at a relatively high level. Without even hesitating, my friend assured me that it was definitely a scam and that Ron should just block the number.

So How Should Ron Have Been Proactive?

For starters, use a Voice-over-IP number. I’m a big fan of MySudo, but there’s lots of other options out there, even Google Voice if you’re strapped for cash. I’m anti-Google for privacy reasons but I’d recommend a Google Voice number over your actual SIM card number any day. You should be compartmentalizing your life: you should have a VoIP number for work, another one for interacting with strangers (such as dating or selling stuff online), maybe even one for banking. The idea is to compartmentalize your life. Phone numbers are basically social security numbers these days. If I give my work a phone number that I only use for professional purposes, they can search that number but they’ll only find my professional life: my LinkedIn, my website, maybe a few other subscriptions related to my professional self. If I have a separate number for dating and I find out after a few dates that the person is a little mentally unstable, it becomes that much harder for them to stalk me when I cut it off. It also gives me the freedom to change the number without upending my entire life. I can change my dating number without my boss ever even knowing.

The second proactive step would’ve been for Ron to use a fake name. Ron used his real name on this app, and even though most apps only use a first name that’s still risky, especially combined with his real phone number. If I use a fake name and a fake phone number on Tinder, your odds of finding me get astronomically small without some advanced techniques. Remember: we’re not talking about hiding state secrets from the NSA, we’re talking about hiding from scammers, blackmailers, stalkers, and similar threats.

A final step I would suggest is to take unique pictures. We all know that a professional site should feature a clear, well-lit head shot. Your dating profile probably doesn’t need to be so exact. I’m not saying you should use a fake picture, that’s asking for an awkward meetup. And of course there’s something to be said for actually getting a good look at the person you’re considering meeting up with, whether it’s for a one-night stand or a potential lifetime together. Personal opinion but I think physical attraction does matter in any intimate relationship, though the exact amount and definition of “attractive” varies from person to person and situation to situation. The point is, maybe don’t use the same picture you use on LinkedIn, because a reverse Google Image search will find that in a heartbeat and now the person you’re trying to escape has your real name, your place of work, and more. Also consider what’s in the pictures. Can I get a good look at your apartment? Any identifying landmarks? (A group shot with friends at a popular bar might be an exception here.) Can I see any work logos, addresses, mail, or sensitive information? Google claims they don’t use facial recognition in their reverse image search, but even if they don’t companies like Clearview do. The idea is to make your dating pictures different enough from your professional ones that they can’t be super-easily linked with an image search by any random person.

By the time Ron called me, it was too late. If it had been a real situation and not a scam, it would not have been good. My law enforcement friend told me that in his experience, in this situation a lawyer wouldn’t even bother taking the case cause there’s so little evidence of criminal intent, it wouldn't be worth the trouble. But what’s to stop the dad from blasting Ron on Facebook? After all, he has Ron’s real name and number. And there’s nothing the internet loves more than to shame someone virally without hearing their side of the story or getting the facts right. And let’s be real: even hardened murderers will shank a pedophile in prison. This story had all the right bits to be a viral social media post. At that point, it’s too late. Even if he moved and changed his number, an employer doing a public background check (aka a Google search) would likely still find this story. This could’ve ruined Ron’s life. Don’t wait until crap hits the fan to decide that you need privacy cause then it’s too late. Take steps now to avoid a crisis later.

Protesting

May 30, 2020

Things are a little crazy here in the US right now – well, crazier than normal – so I thought now might be a good time to talk about protesting, surveillance, privacy and security. Now, before you roll your eyes and move on, I want to explain why I care: I fully support the right to a peaceful protest (peaceful being the key word). I absolutely despise the idea that you can be identified and tagged – 100% without human action – simply for exercising your constitutional rights and peacefully protesting. As the famous quote goes (roughly): “I disagree with what you say, but I will defend to the death your right to say it.” Without going into detail, I believe that attending a protest will absolutely get you put on a list automatically (if you can be identified), that being tagged for peacefully protesting chills free speech, that laws are not an indicator of morality, and that peaceful dissent is an absolutely valid way to demand change. So if being tagged discourages people from attending protests, then it’s a form of control and is immoral. (See my website for more detail and sources.) That’s why I want to cover protesting today: ways you might be tagged and how you can avoid it to protect your privacy and not end up on a list just for exercising your rights.

Finding and Attending the Protest

For most of us, social media will be our main avenue to learn about upcoming protests. That’s fine, but I recommend you don’t actually mark yourself as attending the protest. Several years ago during the Keystone XL protests, law enforcement was accused of using Facebook check-ins to target protesters. The veracity of this claim is debated, but why risk it? Feel free to keep checking the page before the protest to learn of any updates or changes, but don’t publicly mark yourself as attending. Police don’t need a warrant to look at a list of attendees on a Facebook event.

Getting to the protest can also present challenges. Protests often take place at locations that are politically relevant and heavily monitored such as capitol buildings or police station. If you’re in a large city (as the capitols usually are), you can pretty much guarantee that the city is using license-plate scanning technology to track your vehicle as you travel in real-time. Often times public transit is recommended. This of course, isn’t foolproof as many public transit services also have cameras and records, but we’ll come to that shortly. You could also order a cab and pay in cash, but even cabs are starting to include cameras.

Whatever method you take, I recommend arriving near but not at the location. If you drive or get a ride, park or get dropped off a few blocks away. In the unlikely event that public transit stops at the exact location, get off at the stop before or after. Same thing once you’re ready to leave. Move a few blocks away then get picked up. If you’re extra cautious, consider using a different location than you did before. Also if you have to pay for parking and can’t use cash, consider picking up a Vanilla gift card in cash so it can’t be easily connected to your debit or credit card.

Biometric Recognition

At the time of this writing, the COVID-19 pandemic is still a thing and therefore wearing face masks in public is not only acceptable but recommended. That’s great, but some facial recognition actually focuses on the eyes. I have it on good authority that I trust that the least-suspicious-yet-most-effective way to beat facial recognition is aviator sunglasses and a baseball cap. Try to get your hands on a plain black hat. I bought one with a design on it then cut the design off. You could also try getting one that’s out of character for you, maybe with a sports team you’re indifferent to or a band you don’t really listen to. Either way, get these items far in advance. It’s easier to pull up purchases from a week ago or earlier that day and correlate them to you. If you made the purchase more than a month ago, that makes things trickier.

For tattoos, wear long sleeves or clothing that covers them. Think smart. If you’re protesting in the summer, wearing a coat is kind of suspicious. Wearing a long-sleeve shirt is less suspicious. I’ve posted articles in the past about how even your walk can give you away. I read once somewhere (I forget where) that the best defense against this is to wear baggy clothes. These will help obscure your gait, but keep in mind that if they’re too baggy it could interfere with your ability to get away quickly if violence breaks out (and I highly recommend that you bail as soon as the first rock or punch gets thrown even if you had nothing to do with it).

Cell Phones

Now for cell phones. Cell phones are a death sentence if you want to remain anonymous at a protest. Even if you turn off all cell data, WiFi, Bluetooth, and location settings your phone still has to ping cell phone towers continuously to check for regular SMS messages and phone calls. And those pings contain unique, identifying information about your device, which is likely already linked to you unless you keep a device just for this kind of occasion. If you really think you might need your phone, you could leave it in the car or turn it off on arrival, but both of those things run the risk of being suspicious (the location and/or the sudden turning off of the phone, both of which are easily detectable by your provider and police). In my opinion, your safest bet is just to leave the phone on at home. If you must bring the phone, remember to make a backup before you go and maybe even wipe it in case it gets lost, stolen, broken, or confiscated.

What if you do need a phone but you also need to be invisible? Burner phone. Here’s how it works: buy a phone in cash. If you desperately need secrecy, get someone else to do it for you to avoid the cameras (former hacker Kevin Mitnick suggests even paying a stranger to do it if your threat level is high enough). If you need a cheap phone, you can buy a dumb phone but I don’t recommend that for reasons I’ll get into in a moment. Instead, you can buy a slightly-more-expensive-but-still-cheap smartphone Android for about $100. Do not under any circumstance give the phone any real information about you. Use a fake name, don’t use any biometric information to unlock it, etc. I know this is hard, but it can be done. You may have to use something like the Tor Browser to create an anonymous email account for this purpose. That’s fine. Once you have the phone, make sure not to put service in your name, either. Get a prepaid card and use fake information. Make sure to never, ever, ever have this phone on at home. Do the set up a public location like a library or Starbucks. Once you're done setting it up, turn it off and leave it off until you get to the protest. Turn it off again as you leave. If your threat model is low, you can probably repeat this strategy for a few protests at a time. If your threat level is high, I recommend ditching the phone as soon as the protest is over. And as always, I recommend using encrypted messaging – even on a burner phone – and encrypting the device itself whenever possible.

I mentioned not getting a dumb phone. The reason is this: I’ve mentioned Stingray devices before. Quick refresher: Stingrays (technically called IMSI-catchers) are cell-phone tower emulators. They forcibly capture all cell signal in a certain area, copy the data (including the content), and then pass the data along like normal as if nothing ever happened. In fact, you have almost no way of knowing one was even used. Also, these devices are incredibly small – about the size of a desktop computer on the large end and they only get smaller from there. One or more could be easily connected inside a police car along the protest perimeter and you’d never even notice them. I have absolutely zero doubt (though no proof) that these devices are used generously during protests, and that means that every single signal your cell phone sends during that protest will be copied by the police. If you buy a dumb phone, you have zero protection. You cannot load encrypted messaging apps or VPNs onto that device. That means every text you send is readable, as well as who it went to. Even if you only text one person and speak in code, that dramatically increases your risk of being identified. However, if you use a burner smartphone, you can load encrypted messaging apps and VPN apps which will dramatically improve your privacy. The police will still capture your traffic, but it will be all encrypted.

If Detained or Arrested

After extensive research, here’s some things I think every American should know:

Arrest means you are in police custody. They can place you in handcuffs, move you around, and more. At this point, you have a variety of rights such as the right to remain silent and the right to have an attorney. If you cannot afford an attorney, you have the right to have one provided to you by the state. You may or may not be entitled to any phone calls. The call does not have to be to an attorney, but if it is the police are not permitted to record or otherwise monitor the call. If it is not to an attorney, assume the call is being recorded. Also at this time you are not entitled to refuse a search without a warrant. At this point, you may be ordered to unlock a device such as a phone or computer, but you are not required to tell them the password.

Detainment means you are not under arrest, but you are not free to leave. At this point in time, you are not entitled to an attorney provided by the state, but you are entitled to stay silent, to have an attorney present if you can afford one or have one, and to refuse a search without a warrant. Keep in mind that your devices are protected by warrants. Police are not allowed to unlock and search your devices without a warrant or consent from you. I recommend you use a PIN or password lock anyways because unfortunately not all cops know this or care. Don’t use facial ID or fingerprint because the officer might try to point the camera at you in an attempt to unlock the device without your consent and search through it.

In general you are never required to answer any questions without an attorney present, regardless of whether you’re arrested or not. You are never required to tell the police any passwords to unlock your phone, computer, tablet, or any device although – as noted before – you may be required to unlock the device if you’re under arrest. Keep in mind that police are allowed to confiscate your device and copy the data (hence why encryption is necessary). I have been detained at protests. In my experience, it is generally okay to answer some questions such as identifying yourself and saying why you were in attendance. If you feel uncomfortable or the questions start getting accusatory, definitely request a lawyer. One of my non-privacy related interests is true crime, and I can’t tell you how many cases I’ve studied where innocent people thought they were making themselves look good and doing themselves a favor by not requesting a lawyer (cause they had nothing to hide) and it ended up coming back to bite them.

I am not a lawyer. I do keep very up to date with my rights, but things change, laws vary from place to place, and I have no legal background whatsoever. I have written all of this with the best faith, but I encourage you to contact an actual lawyer if you have concerns and questions in this area. Do your own research. I highly recommend EFF’s Surveillance Self Defense portal, especially their article on attending protests. EFF is comprised of actual, experienced lawyers, so I trust their judgement and information. I actually got a lot of the information in this blog post from there.

If you choose to exercise your first amendment rights, please do so peacefully and keep yourself safe. You should never be tagged on a list for peacefully exercising your rights, and you should not be marked for further surveillance or future retribution either. Keep yourself protected, and good luck!

Book Review: The Art of Invisibility by Kevin Mitnick

May 23, 2020

On my Mastodon bio I state that The New Oil is a website specializing in news, advice, and reviews for the average person, so in that spirit I figured this would be a good place to share my thoughts on my latest privacy-related read. Like many of you, I find myself with a lot of free time these days, so I’m setting aside some of that time to catch up on reading and other content. That includes working my way through some of the “recommended reading” of the privacy community. My local library had a digital copy of Kevin Mitnick’s classic readily available, so I decided to check it out.

About the Author & the Book

Kevin Mitnick is a famous hacker-turned-good-guy. He was arrested in 1995 for “various computer and communications-related crimes.” He now runs a security consulting company where he uses his skills for good, explaining how he performed his various crimes and how companies can defend against them.

The Art of Invisiblity is a non-fiction book that discusses various threats against privacy – mostly digital in nature, such as tracking cookies, surveillance cameras, and more – and how to defend against them.

The Good

The book was massively informative. In some ways it’s a great introduction to privacy for people who are totally new to this stuff. Mitnick does a fantastic job of explaining how encryption works, how cookies work, how your real-world identity gets correlated with your digital one, and more. Additionally, he lists real world case studies and research which were super helpful to me. It’s one thing to say “hypothetically, this thing could be used in a bad way” and a totally different thing to say “here’s a real-world example of this thing actually being used in a bad way, even if it was in a controlled environment to prove it could be done.” He also balances the realism of those threats as opposed to fear mongering. For example, in one section he goes in depth into how a smart thermostat could be hacked, but he did explicitly point out several times that every one of these techniques requires physical access to the device.

Because of the real-world examples Mitnick mentioned, I was able to share some of the concepts with my coworkers who have children (one example included Pearson monitoring Twitter for any mentions of their tests) and help them prepare for the world they’re raising their kids into. It also helped me tighten up some of the information in my website, such as how ad-blockers can save you from malware.

The Bad

Look, I’m gonna be honest: who am I to criticize a world-famous hacker? I can’t even get Kali to work half the time, let alone hack anything. My hacking skills end at being just charming enough to sometimes use social engineering. I readily admit on this website that I’m not an expert. Even if he did get caught, I would argue that failure is sometimes the best teacher and therefore the author probably knows more than me. Having said that, I found some of Mitnick’s suggestions to be inconsistent. For example, early on in the book he gives several detailed suggestions on how to attain an anonymous phone, but then makes almost no mention of the fact that having that phone at home and turned on will quickly defeat your anonymity (because if it stays on at the same location every night, eventually it’s pretty obvious who the phone belongs to). He waits entirely too long (the final chapter, actually) to point out that invisibility is kind of a sliding scale and it’s a really question of how much you need. He also offers almost no advice on Internet of Things devices other than “change the default password and be careful how much they say about you.” He doesn’t offer any kind of advice on putting a VPN or firewall on your router, using a separate network for IoT devices, or anything like that. Maybe that’s coming in a future edition, but I found it kind of lacking. Obviously he took the approach that I do, that not everybody is willing to forgo owning an Alexa for one reason or another, but there's still a lot of reasonable solutions he could've discussed to help people protect their privacy more.

Final Verdict

Definitely worth a read. It’s an easy read, written in a very casual (but clear) tone as opposed to being written like an academic paper. He has a great knack for explaining things in a way that make sense, and backs things up with real-world examples and research wherever possible. If you’re new to privacy, consider the book an introduction to digital surveillance rather than actual how-to guide. If you’re a privacy veteran, consider it a “fundamentals check” to make sure you’re paying attention to the basics and you’ve assessed your threat level correctly.