In an era where the internet has become an integral part of our daily lives, it's crucial to prioritize online safety. Safer Internet Day, observed this coming Tuesday (February 6), is yet another day to raise awareness of an issue. As I looked more into this day, I noticed that their stated aims were very nebulous, citing goals like making the internet “safer” (obviously), “inclusive,” “positive,” but I never actually found any specific guidelines or recommendations. I was further unsettled when I found an equally-vague teaser for the 2019 event with sponsors like Microsoft and X (Twitter at the time) – who as of this week expressed support for the highly problematic Kids Online Safety Act (KOSA) – as well as Meta (Facebook at the time), Snap, Google, and other problematic figures who’s efforts to make the internet “safer” can – at best – be described as misguided and controlling. The only unambiguous content to be found anywhere in the official online presences of this movement is a blog on the official website that discusses some of the various online legislation going around regarding online safety. So ultimately, it seems to me that – at best – this group is about campaigning for better “online safety” laws and – at worst – it’s a front for various Big Tech lobbying groups to control the narrative and conversation surrounding online safety.
Despite all that problematic context, let’s be real for a moment: the internet can be a toxic wasteland (heavy emphasis on the “can be” part), and at face value I do agree with the overall (alleged) mission of this day. So regardless of who’s behind this day, I think it’s worth taking a moment to discuss the idea of a safer internet and some of the steps we can take to protect ourselves and create a better online experience. For some context, today I will be focusing on the threat model of “other users” as opposed to companies, governments, or even insider threats like sysadmins and employees. I’m talking about cyberbullies, trolls, and other common threats who make our online experience less enjoyable.
At the time of publication, tomorrow is International Data Privacy Day. Like most “days” of this sort, the focus is on spreading awareness of data privacy and as such companies routinely post articles about some beginner tips, why privacy matters, and other similar ideas. This year, I want to do something a little different. With tomorrow being Data Privacy Day and most of us being chronically online, I want to encourage us all tomorrow to just disconnect. To be clear, those top 5 tips and philosophical musings are important and matter, but I’ve already seen plenty of interesting posts this week covering those bases so I don’t feel a need to add to the chorus. Instead, I thought it might be useful to focus on one thing that nobody else seems to be talking about: digital minimalism.
As a veteran, my approach to healthcare and job opportunities has always been different than most. I’ve always been in reasonably good health, never been much of a thrill seeker, and have a pretty robust immune system. Other than a hardcore sweet tooth, I generally take at least some care of myself. As such, that meant I could be a little riskier, allowing for a successful freelance career. But then, I got married. Suddenly, the math changed and I had to start considering health care when I considered employment. This is hardly a unique situation: after adopting pets you have to consider who will feed them when you’re on vacation, or when you have kids you have to consider what will happen to them if anything happens to you.
Every year, I like to remind everyone to go back to the basics. For those who are new to privacy and security and may be trying to create some new, positive habits, this serves as a great entry point. For veteran privacy enthusiasts, the basics form our foundation for more advanced techniques later, making it imperative to ensure we cover all those bases. So in that spirit, let’s all pause – wherever we are in our privacy journeys – to do a quick check and make sure we’ve got the basics covered. If you’re one of those new people I mentioned, welcome! But also know that this post is packed with information, so try not to get overwhelmed. Maybe bookmark this post and do one thing per day or something like that. As the classic phrase says, “you eat an elephant one bite at a time.”
This month, gift-giving season officially begins in the United States (and several other places, I presume). It kicks off in full with Black Friday, but brands are increasingly starting their holiday deals as early as the beginning of this month. Consequently, this is the time to discuss safe shopping tactics. Below are updated online shopping tips, reflecting techniques and strategies I've picked up in the last year. (Note: some of the services I suggest offer affiliate programs, which The New Oil has signed up for. Affiliate links are clearly marked and are optional.)
I'll keep this one brief: there's a lot going on behind-the-scenes at TNO and there's always more to do, but I'm incredibly excited to announce that one of my longtime goals has finally come to fruition: The New Oil is finally available as a Tor hidden service, aka a “.onion” domain. Over the years I've had several readers write in to inform me of all kinds of small issues with accessing the site, from being falsely flagged on VirusTotal to CDN misconfigurations to being to straight-up blocked by foreign ISPs. A hidden service is the holy grail for any privacy site such as myself: privacy-respecting, secure, and capable of bypassing censorship in even the harshest regimes. With this new offering, readers from anywhere in the world will be able to safely, securely, and anonymously access The New Oil's website, ISPs and other obstacles be damned.
While hidden services are riding a fine line of potentially being “out of scope” given my target audience, the required costs (in time, maintenance, technical proficiency, and finances) are quite low, and given that TNO explicitly states that we are not an adequate resource for high-threat-model individuals, I feel like this is a service we can confidently offer to give our readers an extra layer of privacy – even from ourselves (trustworthy though I may feel we are). That said, I am certain there is room for improvement, and if any of the more experienced readers out there see ways that we can offer our readers even more protection, please open an issue on GitLab or GitHub.
To access our new Hidden Service, simply navigate to TheNewOil.org in the Tor Browser as we already have the automatic redirect set up, so your browser will either automatically redirect you or at very least offer to redirect you depending on your settings. If you'd rather go there directly, you can find us at vyrgfx4jz2lnejqduons56ph5xtsrtaoo7ovny53dd7okyzhfsgkzbad.onion. Thank you to everyone who made this possible and helps make The New Oil a little better everyday. I look forward to many more privacy-friendly moves like this in the future!
You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...
This is an out-of-band blog post. If you're reading this (not on the day it was published via your usual subscription channels but instead because I shared this link directly with you), chances are you told me that an article I shared on the TNO newsfeed is paywalled. It's possible that this article was paywalled after I posted it and that what I'm about to share won't work. More likely, however, what happened is that my browser is set to block paywalls and yours isn't. Here's how to fix that.
If you haven’t read last week’s post, I highly recommend it to get up to speed. A quick recap for those who may have forgotten: The Privacy Dad shared a blog post about why his friend ended up abandoning Tutanota, citing a number of issues and difficulties he ran into. Last week, I examined TPD’s Friend’s criticisms, focusing specifically on the ones that I felt were areas that end users should improve on themselves – such as the need to be more flexible and forgiving as well as becoming a little more tech-literate when it comes to reading support documentation. (Before anyone starts telling me how I’m gatekeeping or blaming the users, please read the blog post in full.) However, that doesn’t mean that the developers are without room for improvement here. There are a lot of things that developers (and other members of the privacy community – myself included) could be doing to reduce the friction of onboarding and retaining “normies” with privacy tools. So this week, as promised, let’s focus on those.
Many of you may have come across this blog post from The Privacy Dad, which serves as a follow up to a previous post titled “Privacy Tools Are Not Worth the Hassle.” A few years back, I had my “aha moment” in regards to privacy. Ever since, I’ve delved deeply into privacy, always cautious not to negatively impacting my life my too much, a topic I’ve written about manytimes.As such, I was very interested to hear directly from a user why they didn’t stick with Tutanota and what obstacles they had.
As I read through TPD’s Friend’s feedback, I had a lot of thoughts I wanted to share, both for end users and developers. This post ended up being much longer than I expected, so I’ve decided to split this up into two parts. This week, let’s dissect TPD’s friend’s criticisms that ultimately led them to decide that privacy tech was no longer worth it and see where we can improve on the end user’s side of the equation. I’ll put the developers on blast next time.