A few months ago, as my wife and I sat in the study doing our separate things, she suddenly asked if I noticed a certain smell in the room. Truthfully I had – a “chemically” smell is the only way I know how to describe it – but I have a notoriously bad sense of smell that sometimes plays tricks on me so as the scent came and went I simply assumed it was just another thing that was all in my head. However, once she spoke up I realized that I had been getting slightly light-headed, so we popped open a window, set up a fan, and moved to the living room to give the study time to air out. Afterward – the smell still very present but at least mixed with some fresh air – we went to hunt down the source of the issue. It ultimately ended up being a power strip that was going bad (did you guys know those things only have a shelf-life of a couple years? Be sure to replace your power strips periodically). Perhaps as a part of this problem or perhaps totally unrelated, it turned out that the power supply for my Jellyfin server had died (we initially incorrectly diagnosed this as the source of the problem). Never one to let an opportunity go to waste, I thought this might make a good blog post to share.
A VPN is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your ISP or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. Mullvad is one such service, very popular in the privacy community for their low price, lack of required data at signup, and other privacy-first policies which will be discussed in this review.
In the past week, I’ve had a number of people ask me the same question: namely what are my thoughts on privacy and banking (with some variation and additional expansions). This is a topic I’ve covered before, however with so many asking about it it’s clear that it wouldn’t hurt to bring some updated thoughts to the discussion. So without further ado, let’s talk about financial privacy.
Among the more hardcore privacy enthusiasts, the cloud is anathema. To be fair, this isn't a bad philosophy – the saying that the cloud is simply “someone else's computer” may not be entirely accurate, but it's also not totally wrong either. However, we live in a world where advising most people to simply avoid the cloud is on par with advising most people to avoid getting a job: it's just not realistic advice. Most of us have come to rely on the cloud to easily sync and share files, and on the website I acknowledge the cloud as the most feasible off-site backup solution for many people (though for the record, a regularly-updated non-cloud backup – such as a USB stick stored at your desk in the office – is preferred whenever possible).
Normally when I do reviews, I pick 1-2 services and highlight the good and the bad. In this review, however, I want to roll all the cloud options listed on the site into a single snapshot review, so in this blog post I will be listing each service (in alphabetical order, as always) and giving it a paragraph or two of a review. I hope this helps for those who have decided that a cloud service – for backups or for any other reason – is right for their threat model. In this review I have included affiliate links where I have them, but as always feel no pressure to use them if you don't want to. Also in this blog post I'll be talking a lot about encryption, not in a technical way, but if you're unfamiliar with encryption or some of the common phrases like “zero-knowledge” and “end-to-end,” you can get a quick rundown here.
As some of you probably noticed, I've been pretty absent for nearly a month. I apologize for that. First we had a move that ended up sucking a lot more time than expected. That was the main time suck, but closely after that several other personal events happened and it really just drained me for time. I had actually been planning this blog post before everything started demanding my attention so it fell by the wayside, but now that things are slowly starting to get back to normal, I figure this would be a great way to resume things. A while back, I stated that I would be relegating The New Oil to a slightly less important role in my life due to a sheer lack of time constraints. That is still the case, but I've made a number of significant changes in that regard that I wanted to clue supporters into.
Note: this blog post is one of those “behind the scenes” updates. If you're here for reviews or general privacy stuff, feel free to skip this one and tune in next weekend.
A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal.
The Safing Private Network, however, takes things a little further. Many privacy veterans know that VPNs were never designed to be privacy tools, they are a band-aid solution. VPNs were designed to create a secure connection between two networks so that remote workers could safely access company intellectual property when off-campus. It’s only in the past few decades that we’ve co-opted this tool for privacy purposes, but as a result it leaves much to be desired. SPN aims to solve these issues by essentially rethinking the concept of VPNs for privacy from the ground up with features like a multi-hop architecture (similar to Tor), giving each connection a different IP address, and more.
What is Zero-Knowledge/End-to-End Encrypted Email & Why Do You Need It?
Encrypted email is a bit of a misnomer. Technically all emails are “encrypted” using technologies such as TLS but in this context I'm specifically referring to “end-to-end” encrypted (sometimes called “zero knowledge”) email providers. This means that the provider can’t read your inbox, which is – in my opinion – a must-have for any person who values their privacy and security. Many people argue that zero knowledge email providers are overhyped – or worse – because you’re only securing half of the chain. If I’m emailing someone at a Gmail address, the contents are still exposed on Google’s servers. However, in my opinion, that’s still cutting your attack surface in half. If we’re both using Gmail – or if one of us is using another provider like Yahoo – that’s just twice the opportunity for a data breach, warrants, or an insider threat. Sure, you may not get the full benefit without both parties using encryption, but it still counts for something. See my past post about how privacy is a spectrum for more on that logic. Today, I’ll be taking a look at a newcomer in the encrypted email provider and giving my thoughts on them. A lot of people have been asking for my opinions on them, and they’ve generated quite a bit of buzz. But how does Skiff stack up to the tried and true competitors?
I'm not a fan of Elon Musk for a variety of reasons. I've been relatively open about that. But even a broken clock is right twice a day, and shortly after the first Twitter Blue catastrophe, Musk tweeted something that I respect: to summarize from memory, he basically said “over the coming months, we're going to try a lot of different things at Twitter. Some will work, some won't, and some will look stupid from the outside. That's just how business goes. You have to try things.” I respect that, because it's true (and also I respect when people are vulnerable, human, and admit they don't have it all figured out). At The New Oil, I have tried a lot of different things. Some worked, like TikTok and making videos. Some have yet to be seen, like Discord and Reddit. And some were failures, like Patreon and Tumblr. That's just how it goes. You have to experiment and see what works.
If you dig a little deeper into privacy – beyond the basics like encrypted communications, password managers, 2FA, and Linux – you'll start to hear scary stories about the Intel Management Engine – or ME. To hear the internet tell it, ME is this scary backdoor built into all Intel processors (such as the i7) that will render all your hard work at being secure pointless, allowing expert hackers and cybercriminals to compromise your device at the most basic, privileged level – basically giving the attacker full control of the device the moment it boots before the operating system even loads – making everything else wide open and exposed to them. Every password entered, file opened, and packet sent is theirs to see.
Ben Bowlin, Matt Frederick, and Noel Brown cohost one of my personal favorite podcasts, Stuff They Don’t Want You To Know, which is about taking a fact-based approach to conspiracy theories ranging from Bigfoot and haunted houses to political coverups and mysterious deaths. It’s a podcast I’ve come to rely on – not as truth and gospel, but rather as a critical-thinking-based approach to learning about various goings-on (both recent and historical) and getting an additional educated opinion on the matter. I highly recommend it if you’re a podcast person.
The book was published late last year, and being a fan I was quick to preorder it to support the work. What was contained within was 9 chapters spanning over 200 pages covering everything from the history of biological warfare and human experimentation in the US to mass surveillance and propaganda and more.