The New Oil

Practical privacy and simple cybersecurity.
TheNewOil.org

Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.

Read more...

When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?

Read more...

Things are a little crazy here in the US right now – as is our perpetual state of existence these days – so I thought now might be a good time to revisit my 2020 blog post about protesting, surveillance, privacy and security. For the cynics in the crowd, I want to make it clear that I am not supporting rioting, looting, or violence. This is a post about exercising your Constitutional right (in America and many other countries) to peacefully assemble and demonstrate over any given issue. I am vehemently opposed to the idea that you can be identified and tagged – 100% without human action – simply for exercising that right. Even if I disagree with the issue or the stance on it, as the famous quote goes (roughly): “I disagree with what you say, but I will defend to the death your right to say it.”

We are already in a world of 24/7 connectivity, and that coverage only expands and deepens with each passing day. While facial recognition tech and geofence warrants are not new, since I originally wrote this blog post these things have been kicked into hyperspeed and rolled out in greater numbers and with increasing frequency at all levels of government. And that’s to say nothing about the rise of AI, which – while sometimes faulty – is capable of parsing through vast amounts of data at (literally) inhuman speeds and noticing trends no human possibly could. These changes in effective surveillance coverage, previously unknown surveillance techniques, and the ability to automatically store, parse, and analyze it all is setting the stage for a new level of dystopian capabilities previously limited (mostly) to the realm of sci-fi and nation-state targeting. And now, with the reversal of Roe v Wade, I am unfortunately able to pull the “I told you so” card and point to concrete, Western-world proof that what was perfectly legal today may be a felony worthy of prison time tomorrow. So with that context, let’s talk about how you can legally express your voice without ending up on “a list.”

Read more...

Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.

Read more...

A few years ago, minimalism was all the rage. Marie Kondo was on every TV, The Minimalists were in everyone's podcast feed, and I found myself confused, regretting not having started a blog or something years ago. I've always been a bit of a minimalist myself, and it had never occurred to me that other people might not be aware of that philosophy. I figured that others simply chose to live a more materialistic lifestyle, and that at any point anyone could wake up and go “wait, I don’t actually want this crap” and downsize. It’s not like I took a class. I don’t even remember learning about “minimalism” until I was in my mid-twenties. I just took all those childhood after-school specials to heart when they said “things don’t matter.” It was also probably influenced by my time in the military, moving from duty station to duty station (or even just room to room) constantly and having to be able to pack my entire life into two bags I could carry by myself, sometimes with no warning.

Read more...

The internet is full of outdated cybersecurity advice that just won’t die but should, like “public WiFi is unsafe” and “you should change your passwords regularly.” For the more pedantic in the crowd, yes, these pieces of “advice” do have tiny grains of truth under the layers of logical fallacies – public WiFi does come with some small risks (mostly in the privacy department, for the average individual) and changing your passwords regularly can have some potential benefits (mostly for companies). But generally speaking these are outdated pieces of advice from a different era. I’ve written before about how technology changes and those idioms are prime examples: back before the nearly-ubiquitous adoption of TLS, public WiFi presented considerably more risks. But the times have changed and that advice is no longer applicable. So on that note: let’s talk about antivirus.

Read more...

This weekend in the United States, taxes are due. For the more responsible readers – aka “everyone but me” – this was probably already done weeks – if not months – ago. But don’t worry. Taxes will roll around again the same time next year, as inevitable as death itself as the famous philosopher noted, and our financial lives are year-round. So in other words, this is merely a good excuse to discuss some ways that you can protect your financial life – both online and off – and keep your funds, identity, and credit safe.

Read more...

Identity theft is a common cause of anxiety in modern society, and it's pretty justifiable. According to a recent survey from US News, almost three quarters of adults have experienced at least one case of identity theft, and 27% have experienced more than one. In 2022 there were more than 1.1 million reports of identity theft, costing Americans a total of $8.8 billion dollars with a median of $650. One-in-five respondents reported that they continue to suffer financial consequences to this day. It's no wonder that a multi-billion-dollar industry has sprung up around protecting against identity theft. But does it make sense to pay for an identity theft protection service? Or is it just snake oil?

Read more...

Cloud storage has become ubiquitous in modern society. The most widely-used example, I think, is the one that comes prebundled with our phones in the form of Google Drive or iCloud, but many desktop devices also come preloaded with iCloud or Dropbox (and we often add our own like Google Drive). We use them as a backup, as a way to share large or groups of files (such as a photo album from an event or vacation), and more. But not all cloud storage is equal. By default, mainstream offerings like Google Drive, iCloud, and Dropbox have access to your files. The consequences of this have ranged from insider threats snooping on files they shouldn’t be to people having their content or even entire accounts deleted, often for minor or no infractions and with little or no recourse. Those concerns aside, even big tech giants like Google have had problems with losing user data. So regardless of whether you’re storing sensitive, personal documents like taxes or sharing benign photos of the latest trip to the aquarium, it’s important to safeguard your personal data. And thankfully, in today’s landscape, users are awash with lots of solid, user-friendly choices who can easily take your privacy and security to the next level. So this week, let’s take a look at some of the top choices out there for secure cloud storage.

Read more...

From the beginning I’ve always said this blog would be used to communicate major changes with the site in addition to reviews, ideas, etc. It’s been hard over the years to know what changes are big enough to warrant a full blog post, and which ones I should just let users see in the commit log. However, this past week, we made a few huge behind-the-scenes changes that I’m excited about and want to share. So in lieu of a traditional blog post, here’s some important stuff that happened this week.

Read more...

Enter your email to subscribe to updates.