If you dig a little deeper into privacy – beyond the basics like encrypted communications, password managers, 2FA, and Linux – you'll start to hear scary stories about the Intel Management Engine – or ME. To hear the internet tell it, ME is this scary backdoor built into all Intel processors (such as the i7) that will render all your hard work at being secure pointless, allowing expert hackers and cybercriminals to compromise your device at the most basic, privileged level – basically giving the attacker full control of the device the moment it boots before the operating system even loads – making everything else wide open and exposed to them. Every password entered, file opened, and packet sent is theirs to see.
Ben Bowlin, Matt Frederick, and Noel Brown cohost one of my personal favorite podcasts, Stuff They Don’t Want You To Know, which is about taking a fact-based approach to conspiracy theories ranging from Bigfoot and haunted houses to political coverups and mysterious deaths. It’s a podcast I’ve come to rely on – not as truth and gospel, but rather as a critical-thinking-based approach to learning about various goings-on (both recent and historical) and getting an additional educated opinion on the matter. I highly recommend it if you’re a podcast person.
The book was published late last year, and being a fan I was quick to preorder it to support the work. What was contained within was 9 chapters spanning over 200 pages covering everything from the history of biological warfare and human experimentation in the US to mass surveillance and propaganda and more.
A more advanced strategy that comes up often in the privacy community is that of “custom domains.” These tools can provide a wide variety of protections from proactively defending against slander and “revenge porn” to simply ensuring you always get your emails. Yet, as “common knowledge” as custom domains are, I still regularly see a lot of confusion and questions about the best way to use them, so this week I’d like to offer my thoughts. Don’t click away just yet if you’re not a techie or have a low threat model because I think there’s value in this tool for you, too.
Disclosure: The New Oil is sponsored by IVPN. Per the terms of this agreement, IVPN does not have any input on our review, but we want to disclose any possible conflicts of interest up front. You can read all of our guidelines for sponsorships here.
What is IVPN?
A VPN – or Virtual Private Network – is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your Internet Service Provider (ISP) or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. IVPN is one such service.
It’s a new year, and for most people that means “new beginnings.” Humans are naturally drawn to specific milestones in our lives because they feel like opportunities to start over fresh or rebuild from the ground up. The new year isn’t the only such milestone, it could also be a birthday, holiday, new week, etc. That’s why we get so excited about an – objectively speaking – arbitrary day. It’s a new chapter, a chance to redefine ourselves and do anything we want. In some cases, this could mean getting in shape, finding love, finishing a book, any number of things. But it could – and should – also mean a revaluation: where are you now? Where do you want to be? What can you do better? In privacy and security, I believe we should always be striving to take the next step and do better, but it’s always wise to check back and make sure you’ve got the basics covered. So in the spirit of new beginnings and revaluation, I’d like to present a few tips to help you check your privacy and security basics and set yourself for up a successful 2023.
2FA is an abbreviation for “two-factor authentication,” which is basically what it sounds like. Usernames and passwords are a form of authentication; if you don’t know the username and/or password, you cannot be authenticated, or prove that you are authorized to access whatever it is you’re attempting to access. Of course, that’s not totally true. Data breaches expose usernames and passwords all the time. Hence the need for more than one method of authentication at the same time. When you combine more than one form of authentication, you get “multifactor authentication,” or MFA. All 2FA is MFA, but not all MFA is 2FA.
“What a year.” My annual catchphrase. I always say that this project has exploded in ways I never expected, and that never stops being true. So where are we now?
Cathy O’Neil is an American mathematician and data scientist. She got a Ph.D in math from Harvard, and later taught at MIT. In 2007 she left academia to work in the finance industry, an experience she talks about in the book that left her disillusioned with the role of data collection and algorithms and the way that they can harm the outliers. This ultimately led to her publication of Weapons of Math Destruction in 2016.
The saying goes that if you want to cook an omelet, you have to break a few eggs. Weapons of Math Destruction focuses on those eggs who have become casualties on the way to algorithmically modernize the world, using big data to make decisions that are – on the surface – more objective, fair, and accurate. However, O’Neil explores how this is frequently not the case and the flaws with our current approaches to using Big Data to this end.
The following is an original piece of journalism from The New Oil
Twitter may be compromised, and nobody's covering it. This is the allegation from security researcher Lucky225.
In order to understand the context of this story, we have to briefly go back to 2010, where Army intelligence specialist Chelsea Manning was becoming disillusioned with – among other things – the actions she was helping to facilitate for the US incursions into Iraq and Afghanistan. This seems to be at least part of what led her to disclose hundreds of thousands of classified documents to whistleblower website WikiLeaks, which detailed everything from American war crimes in Iraq and Afghanistan to diplomatic cables showing China's frustrations with North Korea at the time.
Regardless of how you feel about capitalism, there is one aspect of it that – to some extent – I think we can all agree is nice: the free market. Exactly how “free” the market should be is up for debate, but I think it’s safe to assume that most of my readers are in favor of a world where someone can wake up one day and say “I hate my job, I’m gonna go find another one,” or “I don’t like that company (for whatever reason), I want to shop somewhere else,” or “I want to make a website teaching data privacy and cybersecurity to beginners. Oh look, I have a second job now.” I don’t believe it’s perfect by any stretch of the imagination, but I still choose to live my personal life largely by the free market hypothesis. I hate the way Walmart treats their employees, so I shop elsewhere. Earlier this year I left one job largely because I felt I was being underpaid (spoiler: I was). On the other hand, sometimes I choose to buy name brand because the better quality justifies the price increase. Free market in action: voting with your dollars.
This ties into privacy when it comes to the argument of “just don’t use X if you don’t like it.” I get that a lot. “Just don’t use Facebook if you don’t like it.” “I don’t see the problem, just don’t use Amazon if you hate them so much.” “I like Google, but you’re free to use something else.” In the free market, there’s the idea that every company is free to institute whatever rules, policies, and business strategies they feel are best. At The New Oil, for example, I have every right to list whatever tools I want for any reason I want. In theory, the market responds accordingly: if people agree with my reasoning – or the tools I list – then they reward me by visiting, recommending the site, maybe even buying merch, donating money, or using an affiliate link to help support the project. On the other hand, if people disagree with my reasoning or tools, they can choose to go support another project such as Privacy Guides or Privacy International the same way. But what if – hypothetically – all three of those organizations were under the same umbrella company?