Among the more hardcore privacy enthusiasts, the cloud is anathema. To be fair, this isn't a bad philosophy – the saying that the cloud is simply “someone else's computer” may not be entirely accurate, but it's also not totally wrong either. However, we live in a world where advising most people to simply avoid the cloud is on par with advising most people to avoid getting a job: it's just not realistic advice. Most of us have come to rely on the cloud to easily sync and share files, and on the website I acknowledge the cloud as the most feasible off-site backup solution for many people (though for the record, a regularly-updated non-cloud backup – such as a USB stick stored at your desk in the office – is preferred whenever possible).
Normally when I do reviews, I pick 1-2 services and highlight the good and the bad. In this review, however, I want to roll all the cloud options listed on the site into a single snapshot review, so in this blog post I will be listing each service (in alphabetical order, as always) and giving it a paragraph or two of a review. I hope this helps for those who have decided that a cloud service – for backups or for any other reason – is right for their threat model. In this review I have included affiliate links where I have them, but as always feel no pressure to use them if you don't want to. Also in this blog post I'll be talking a lot about encryption, not in a technical way, but if you're unfamiliar with encryption or some of the common phrases like “zero-knowledge” and “end-to-end,” you can get a quick rundown here.
As some of you probably noticed, I've been pretty absent for nearly a month. I apologize for that. First we had a move that ended up sucking a lot more time than expected. That was the main time suck, but closely after that several other personal events happened and it really just drained me for time. I had actually been planning this blog post before everything started demanding my attention so it fell by the wayside, but now that things are slowly starting to get back to normal, I figure this would be a great way to resume things. A while back, I stated that I would be relegating The New Oil to a slightly less important role in my life due to a sheer lack of time constraints. That is still the case, but I've made a number of significant changes in that regard that I wanted to clue supporters into.
Note: this blog post is one of those “behind the scenes” updates. If you're here for reviews or general privacy stuff, feel free to skip this one and tune in next weekend.
A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal.
The Safing Private Network, however, takes things a little further. Many privacy veterans know that VPNs were never designed to be privacy tools, they are a band-aid solution. VPNs were designed to create a secure connection between two networks so that remote workers could safely access company intellectual property when off-campus. It’s only in the past few decades that we’ve co-opted this tool for privacy purposes, but as a result it leaves much to be desired. SPN aims to solve these issues by essentially rethinking the concept of VPNs for privacy from the ground up with features like a multi-hop architecture (similar to Tor), giving each connection a different IP address, and more.
What is Zero-Knowledge/End-to-End Encrypted Email & Why Do You Need It?
Encrypted email is a bit of a misnomer. Technically all emails are “encrypted” using technologies such as TLS but in this context I'm specifically referring to “end-to-end” encrypted (sometimes called “zero knowledge”) email providers. This means that the provider can’t read your inbox, which is – in my opinion – a must-have for any person who values their privacy and security. Many people argue that zero knowledge email providers are overhyped – or worse – because you’re only securing half of the chain. If I’m emailing someone at a Gmail address, the contents are still exposed on Google’s servers. However, in my opinion, that’s still cutting your attack surface in half. If we’re both using Gmail – or if one of us is using another provider like Yahoo – that’s just twice the opportunity for a data breach, warrants, or an insider threat. Sure, you may not get the full benefit without both parties using encryption, but it still counts for something. See my past post about how privacy is a spectrum for more on that logic. Today, I’ll be taking a look at a newcomer in the encrypted email provider and giving my thoughts on them. A lot of people have been asking for my opinions on them, and they’ve generated quite a bit of buzz. But how does Skiff stack up to the tried and true competitors?
I'm not a fan of Elon Musk for a variety of reasons. I've been relatively open about that. But even a broken clock is right twice a day, and shortly after the first Twitter Blue catastrophe, Musk tweeted something that I respect: to summarize from memory, he basically said “over the coming months, we're going to try a lot of different things at Twitter. Some will work, some won't, and some will look stupid from the outside. That's just how business goes. You have to try things.” I respect that, because it's true (and also I respect when people are vulnerable, human, and admit they don't have it all figured out). At The New Oil, I have tried a lot of different things. Some worked, like TikTok and making videos. Some have yet to be seen, like Discord and Reddit. And some were failures, like Patreon and Tumblr. That's just how it goes. You have to experiment and see what works.
If you dig a little deeper into privacy – beyond the basics like encrypted communications, password managers, 2FA, and Linux – you'll start to hear scary stories about the Intel Management Engine – or ME. To hear the internet tell it, ME is this scary backdoor built into all Intel processors (such as the i7) that will render all your hard work at being secure pointless, allowing expert hackers and cybercriminals to compromise your device at the most basic, privileged level – basically giving the attacker full control of the device the moment it boots before the operating system even loads – making everything else wide open and exposed to them. Every password entered, file opened, and packet sent is theirs to see.
Ben Bowlin, Matt Frederick, and Noel Brown cohost one of my personal favorite podcasts, Stuff They Don’t Want You To Know, which is about taking a fact-based approach to conspiracy theories ranging from Bigfoot and haunted houses to political coverups and mysterious deaths. It’s a podcast I’ve come to rely on – not as truth and gospel, but rather as a critical-thinking-based approach to learning about various goings-on (both recent and historical) and getting an additional educated opinion on the matter. I highly recommend it if you’re a podcast person.
The book was published late last year, and being a fan I was quick to preorder it to support the work. What was contained within was 9 chapters spanning over 200 pages covering everything from the history of biological warfare and human experimentation in the US to mass surveillance and propaganda and more.
A more advanced strategy that comes up often in the privacy community is that of “custom domains.” These tools can provide a wide variety of protections from proactively defending against slander and “revenge porn” to simply ensuring you always get your emails. Yet, as “common knowledge” as custom domains are, I still regularly see a lot of confusion and questions about the best way to use them, so this week I’d like to offer my thoughts. Don’t click away just yet if you’re not a techie or have a low threat model because I think there’s value in this tool for you, too.
Disclosure: The New Oil is sponsored by IVPN. Per the terms of this agreement, IVPN does not have any input on our review, but we want to disclose any possible conflicts of interest up front. You can read all of our guidelines for sponsorships here.
What is IVPN?
A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. IVPN is one such service.
It’s a new year, and for most people that means “new beginnings.” Humans are naturally drawn to specific milestones in our lives because they feel like opportunities to start over fresh or rebuild from the ground up. The new year isn’t the only such milestone, it could also be a birthday, holiday, new week, etc. That’s why we get so excited about an – objectively speaking – arbitrary day. It’s a new chapter, a chance to redefine ourselves and do anything we want. In some cases, this could mean getting in shape, finding love, finishing a book, any number of things. But it could – and should – also mean a revaluation: where are you now? Where do you want to be? What can you do better? In privacy and security, I believe we should always be striving to take the next step and do better, but it’s always wise to check back and make sure you’ve got the basics covered. So in the spirit of new beginnings and revaluation, I’d like to present a few tips to help you check your privacy and security basics and set yourself for up a successful 2023.