The New Oil

2022 Review: Mullvad VPN

May 29, 2022

What is Mullvad VPN?

A VPN is a service that creates an encrypted tunnel between the device and the provider's server, protecting all your traffic from prying eyes along the way like your ISP or whoever owns the router (think public Wi-Fi, for example). After reaching the provider's server, your traffic continues on to your desired destination like normal. Mullvad is one such service, very popular in the privacy community for their low price and lack of required data at signup.

Why Do You Need a VPN?

You may not, to be honest. I recommend you check out IVPN's site “Do I Need a VPN?” here). A lot of people really hype VPNs as one of those absolutely, must-have, life-changing things that will solve all your problems. In all honesty, while I do believe that VPNs are an essential piece of your privacy strategy, there are many other free or low-cost strategies that will give you significantly more protection. A VPN these days pretty much only has two purposes: changing your IP address and protecting your traffic from local snoops. Changing your IP address is a valuable part of avoiding tracking, but it’s just one way and a VPN won’t protect you against those others like browser fingerprinting, tracking pixels, cookies, and more. Likewise, while it can be great to protect your traffic from your Internet Service Provider or a local cybercriminal, from a security perspective you’re already pretty well covered so long as you enable your browser’s HTTPS-Only mode and make sure you’re using the correct sites and not spoofed or phishing sites. Having said all that, I do still consider a VPN to be a critical part of your privacy and security posture if you can afford one. It can bypass censorship, stop your ISP from selling your browsing data, help obscure your IP address from tracking and logging, and protect your traffic from local attackers.

Why Not Tor?

Some people prefer Tor over VPNs. Tor is definitely right in certain situations, but not all of them. For one, many essential services – like banks – block known Tor IP addresses to prevent fraud and abuse, making using those services nearly impossible. Second, Tor loses almost – if not – all of its anonymity once you login to something. If you login to your email and then your Reddit account in the same session, they’re now tied to together and you’ve lost your anonymity benefit. For this reason, I recommend reputable VPNs for any services that are tied to your real identity or sensitive and Tor for random searches or accounts that are not tied to your real identity.

The Good

Mullvad has a lot of things to like. For starters, they require absolutely no identifying information to sign up. You are assigned a randomly-generated account number, you add however many months you want to your account (or sign up for an ongoing, indefinite account), and you download the app for the device you wish to protect. That simple. When it comes to buying time, you can pay with Bitcoin, Monero, privacy.com cards, or even cash!

The price is another popular selling point for many people. Most VPN providers offer tiers that give you different features for different prices – access to more servers, better speeds, or things like P2P servers for using Bittorrent and other services, for example. Mullvad doesn't do this. They offer only a single plan at a (in my opinion) very reasonable €5/month. Most people reading this have €5/month to burn, and the fact that Mullvad is committed to offering a full-service VPN at a consistent price point is admirable. They never do sales and they don't do any kind of a. Five Euros, no matter what. I admire that level of consistency.

Mullvad is based in Sweden. This is a double-edged sword in my opinion, but let's start with the good stuff. Sweden gone out of their way to build in strong consumer privacy laws. In addition to being accountable to the GDPR, Sweden has also determined that VPNs do not count as telecommunications providers and therefore are not subject to the usual wiretapping and surveillance laws and practices. Mullvad has an entire page here outlining all the various legal protections in place that make Sweden a good thing for VPNs.

Mullvad offers servers in 38 countries, and (as far as I can tell) uses very strong, state of the art security measures (see “The technical stuff” here). In a speedtest, I saw a ping of 34ms, a download speed of 76.73 Mbps, and an upload speed of 177.98 Mbps. Your results will vary based on your harware, ISP, and plan.

The Bad

Truthfully there's not much bad to say about Mullvad. My biggest concern with the service is their base of operations: Sweden is part of the 14-Eyes intelligence sharing agreement. Even if they do have good privacy laws in place, they as a country have – by entering into that agreement – expressed a level of comfort with secret surveillance intelligence sharing at the expense of the right to privacy for their citizens. In my opinion, it's that tone that makes it a bad thing when a country is part of a surveillance agreement. I trust that Mullvad wants to protect the privacy of their users, and I hope that if Sweden ever took a more invasive turn that Mullvad would respond accordingly. The choice to stay in Sweden should not be a dealbreaker for those considering Mullvad, but it does mean you should be keeping up-to-date on current events. Though personally, I think that's true of any service. Either way, Sweden is a country who has expressed a degree of comfort with surveillance, and that can never be overlooked or forgotten, no matter how strong the laws are right now. Laws can change.

Conclusion

With all my reviews, I try to use the product personally for at least a few weeks before publication, and at this time I have nothing bad to say about Mullvad and no negative experiences. Everything worked as expected, speeds were what I'm used to (given that I always use a VPN anyways), there was no real change in my internet experience after the switch. All that to say, there's a reason Mullvad is such a darling in the privacy community. If you're looking for a VPN, you'd be remiss not to consider Mullvad. They offer a 30-day money-back guarantee, so you've got nothing to lose.

You can learn more and sign up for Mullvad VPN here. No affiliate link available.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...

Disinformation Part 2

May 23, 2022

If you haven't read my last post you probably should. As the title suggests, I'm going to build heavily from it. In that post, I primarily wrote about “disinformation” – how to define it, when to use it, etc. But for many, knowing what to use can be an agonizingly difficult and confusing decision. In this post, I'll share my strategies for developing effective disinformation and hopefully give you a framework on how to do so yourself.

Identifying What You Need

The best place to start is by identifying your needs. This comes in two forms: the actual information (addresses, phone numbers, etc) and the context. By “context” I mean the kind of information you need. Does the address need to be local to confirm a story, or can it just be any random address? Does the name have to be one you'll use a lot or never again?

For example, in a prior blog post, I mentioned the idea of not using your real name when dating. But in this context, your fake name is one you'll have to reuse frequently. You'll need to respond to it when people call you from across the room, or you'll eventually have to explain that it's not your real name. There's numerous ways to handle this – some of which I discussed in that post – but ultimately you'll have to think in advance about it so you know the drawbacks and how to handle them.

Consider another scenario, one I've actually encountered many times: online ordering. I'm pretty vocal about my privacy.com usage. Privacy.com is a service that offers you digital debit cards where you can put in any billing information you want, allowing you to be John Doe at 123 Main Street, Smalltown USA. The problem, I quickly discovered, is that there are three parties involved in an online transaction: you, the bank (in this case, Privacy.com), and the vendor. While Privacy.com doesn't really care what information you put in the billing form, the vendor probably does. “John Doe at 123 Main Street” raises more red flags than a Chinese Communist Party rally on most vendor anti-fraud systems. I soon found that it was much, much easier to pick a generic sounding name – like Nathan Bartram – and an actual street address. This almost never flags the anti-fraud systems anymore.

Finally, you'll need to identify what information you actually need. This is based on your lifestyle and threat model. Perhaps you only ever buy physical goods online and never really buy software or other non-tangible services. In this case, you don't need to bother coming up with a fake address because you'll always need goods delivered to your actual address (PO Box or otherwise). Or perhaps you tell people that you’re from a certain part of town, so you’ll need an address in that town as a billing address to confirm your story and hide your real address.

Ultimately it’s important to think about what kinds of disinformation you’ll need and what the context for it will be. Once you’ve figured that out, it’s time to prepare.

Preparing Your Story

If you’re not prepared in advance with disinformation, you’ll probably end up folding every time and handing over real information. It’s just human nature. Therefore it’s important to pick your cover stories now. First off, you probably won’t remember your fake information – at least not at first. So when you’re digging through your notes app looking for it, you’ll feel compelled to explain why you don’t know your phone number or address.

Let me pause right here and deliver some wonderful news: most people don’t care. If you say “hold on, let me find it” and start scrolling your phone, most people will accept that and leave it at that. I’m willing to bet that for most readers, most of the people you interact with in day-to-day life (that you’ll be giving disinformation to) are underpaid and overworked employees. They don’t get paid enough to wonder why you can’t remember your information, and frankly they’ll probably forget about you about ten seconds after you walk out of sight. A lot of people get social anxiety over the idea that if they do anything “unusual” that people will somehow be suspicious of you. Let me reassure you: nobody cares. Everyone has their own lives, their own problems, their own boss constantly reminding them to do inventory after the registers slow down or their own fight with the significant other at home. Trust me, you are the last thing on their minds. Even if they did find you suspicious, what are they going to do? Refuse to sell you that coffee? Call the cops on you for not having your phone number memorized?

All you need to say when looking up your information is “one second, let me find it.” This lets them know you’re looking for the information they’ve asked for and you’re not just ignoring them and reading your text messages. If you feel compelled to say anything to explain, then just say “I just moved and I haven’t memorized the new address yet” or “I got a new phone and I can’t remember the number.” Again, however, this is almost never an issue.

With that handled, let’s turn to actually finding the information. Names and addresses are the easiest, so I recommend starting there. For names, I prefer to use Behind the Name’s Random Name Generator because you can narrow it down by sex (including “ambiguous”), how many names you need (first only or first and middle or more), and even ethnicity. Generate several options until you find one that sounds generic that you’re okay using.

For addresses, my preferred method is to use a local hotel. They already get tons of junk mail and they are a real, valid address so you’ll encounter less resistance from places that actually verify the address. If I need something sent to me, I use my PO Box.

Email addresses are a little tricky, but not much. For starters, I strongly encourage the use of an email forwarding service. If you pay for a premium subscription with either of the two I recommend and link a custom domain to them, you’ll be able to make up “wildcard” or “on-the-fly” addresses. So for example, I could make up “petstore@mydomain.com” at the register for my e-receipt and as soon as the store emails me the receipt, the forwarding service will automatically create it and forward the email to my inbox – no work needed on my end. If you’re unable to afford one of these services, you could try generating a few “junk” email addresses and writing them down in advance to hand out if you need to on the fly. Truthfully I’m rarely in a position where I must give someone a fake email address, but it never hurts to be prepared if you think it may happen.

Phone numbers get kind of tricky. If you just need to give them any kind of number, there’s lots of options. There’s the classic “867-5309” (this is from a hit 80’s pop song, in case you’re unaware), you can find an automated phone number online – something like a tech support number that leads to a phone tree, you can use Michael Bazzell’s “619-364-0090” through “0099,” and there’s tons of prank or false numbers online. My personal favorite is “248-434-5508.” Call it if you can. If you live in other countries, just do some research online. You’ll find tons of options. But what if it’s a number where you do need someone to reach you? Voice-over-IP is going to be your best bet by a wide margin, but again options are relatively limited if you live outside the US or other certain areas. There’s also the fact that most of these services don’t work if you need to verify a phone number for an account, like Twitter for example. In this case, your simplest bet is a second SIM card you only use for this purpose. There’s actually a few options here, but that’s going to be the most direct and simple. I could write an entire blog post about phone numbers alone, but if you ask around on some forums and do your research you should come up with some options that work for you.

Finally, you may be in a situation in which you need to invent a “backstory.” I’ve been known to frequent hobby-based meetup groups in the past – the kind where you find the posting online to get together to do nerd trivia with a bunch of strangers in a bar, stuff like that. This means I don’t know if the person next to me is my new best friend or secretly plotting to wear my skin and stash my body under their crawlspace. I’ve discussed in other blogs – namely the dating one I linked earlier – the idea of being vague when you disclose information. I tell people all the time that I work in audio-video, but not the company. I tell people I grew up in another state, but I don’t always say the city. If your threat model is high enough, you may wish to lie entirely and say you grew up in a state you never did or a city you never did. My only advice here is to make sure it’s a place you’re at least somewhat familiar with. I have visited Seattle, but I haven’t spent enough time there to be familiar with it. I would have a hard time saying I grew up there because I don’t know it well enough. If I ever met anyone else from Seattle, they’d be able to poke holes in my story instantly. On the other hand, I’ve visited San Diego multiple times for various reasons, and I could reasonably say I grew up in that area and be able to pass it off.

Conclusion

It’s pretty common to see people struggle with disinformation: how to come up with it, when to use it, etc. I hope this blog post has been helpful and given you a starting point, presented the right questions to ask yourself so you know what you need, the pitfalls to watch out for, and given you some ideas on where to go to find information to use. Now get out there and start protecting your privacy on a new level.

Disinformation, Part 1

May 7, 2022

Let's do this.

Since I started blogging in 2018 (or somewhere thereabouts) I've promised to write a blog about disinformation. I keep saying “eventually” and “someday” and “in time.” Well that time is now.

You need to start lying. Or at least telling half-truths. And I'm here to give you some pointers on how to do it in a smart, sustainable, and ethical way. In this post, I'm going to give you everything you need to know about disinformation, when to use it, how to use it, why to use it, and more. So let's get into it.

What is Disinformation (and Why Should You Use It)?

Disinformation is the act of intentionally lying to mislead someone. Generally speaking, this is not good. You shouldn't lie to your spouse, your boss, or the general public ([insert snide political opinion here]). But in the context of privacy, disinformation is not only ethical (I would argue) but it's often our only choice. Surveillance capitalism thrives on knowing your true identity – on being able to link every single step, click, view, like, and comment back to the source so they can improve their profiles about you and sell you more stuff. Sometimes “more stuff” means another pair of shoes or a new band. Sometimes it means a political ideology.

At very least, a pretty non-controversial definition of privacy is “the ability to control the flow of information.” Some people may prefer a more hardcore definition, but most people can agree that at a bare minimum privacy means having choice over what you disclose and to whom. This is why I find disinformation to be ethical: many companies and corporations do not give us meaningful consent. There's this idea that “if you don't like a product/service, just don't use it.” Ignoring the fact that they track you anyways, this doesn't account for things like signing up for financial aid for college and being tracked or the DMV selling your data. If you live in a town with poor public transit (which is most American towns), that basically means you have to pick between privacy or wasting hours of your life each week getting places that would otherwise take a fraction of the time. When your hands are so aggressively tied by the people above you and the “choices” given to you more closely resemble illusions and punishments, disinformation becomes the only ethical response.

All things being equal, it's always better to not hand out a piece of information. But sometimes that’s not an option. Most online retailers won’t let you finish the purchase until you provide a phone number (even though they literally always email you rather than call you). You have to give a name at Starbuck’s (I guess you could try fighting this one, I never have but I assume they wouldn’t appreciate you coming back). You can’t always just not give out information. But not everyone deserves your true information.

The fact is that once you give out a piece of information, you’ve effectively lost control of it. Really think about that. Every single thing you share – even just venting to your closest friend – is a piece of information you lose control over. You have no say in who they share that information with, where they post it, or what they do with it. You’re trusting them to lock it up inside their head and never share it, but you can’t force them. Even if you’re able to pursue some sort of recourse – like suing them or exiling them from your life – you can’t undo the disclosure.

This goes a thousandfold for companies, who basically treat everything you tell them like it’s public record with their poor security and data handling practices. Once you disclose something, you can’t take it back, especially once a company has leaked your data and now it’s all over the internet. Therefore it’s important to decide up front if someone needs that information in the first place.

Order of Operations

Perhaps a template for decision-making is in order here before we move on so we know what constitutes a “need” and a legitimate interest.

First off, I never encourage doing anything illegal. Don’t give the cops a fake ID. Don’t put a fake name on your taxes. Don’t ever lie to the government. This extends to directly-related situations. For example, your boss has to file taxes so you need to give them a real name or else they’ll end up reporting bad information to the government who will then come after you for fraud.

Next, let’s talk about “people with a legitimate interest.” The most salient example here is your doctor. Your age is an important factor in many medical situations, so maybe don’t give the doctor a fake birthday. Do they really need the exact date of birth? Probably not, but also don’t lie to people trying to help you. I would terminate a consulting relationship with a client who was repeatedly lying to me. I’m not here to judge you, I’m here to help you, and if you won’t work with me you’re wasting both of our times. Same with doctors. If you don’t trust your doctor, request a new one.

Sometimes “legitimate interest” can be examined on a “piece by piece” basis. My employer has a legitimate interest in knowing my real name, social security number, and date of birth to verify tax records and identity comply with laws. My employer has no legitimate reason to know where I lay my head at my night, what I do on the weekends, or anything else about my personal life, really. Hence I have a strict policy about only giving employers a PO Box and VoIP phone number, never my true home address or SIM number.

In my opinion, most “legitimate interest” needs for our real data are rare and relatively obvious. In most of our day-to-day lives, there is no “legitimate interest” for any data at all. A famous joke by comedian Mitch Hedberg states: “I bought a doughnut and they gave me a receipt for the doughnut; I don't need a receipt for the doughnut. I'll just give you the money, and you give me the doughnut, end of transaction. We don't need to bring ink and paper into this. I just can't imagine a scenario where I would have to prove that I bought a doughnut.” Truthfully this is how I feel about 99% of the transactions I participate in on daily basis. Getting a soda at the corner store: “do you have a phone number for the rewards program?” No. Here’s $2 in cash, give me a soda. “Would you like to add a photo to your online profile?” You mean the one to order a new microphone at work? How about no. Here’s the company card, the company address, and the company name. Send me a microphone. The other day I called the Department of Motor Vehicles and the automated phone tree asked me for a date of birth. Why? Are you going to hang up on me and refuse to answer my questions if I’m too young to drive?

Determining a legitimate need is really that simple: just ask “why”? When in doubt, ask the person making the request. I once went to a restaurant and there was a wait, so the server as for my phone number. All I said was “why?” She replied “we can text you when you’re table’s ready.” I claimed I left my phone at home and asked her to just call my name instead, and she wrote down my first name. Sometimes I ask why and get met with a legitimate answer: “the cable guy will call you when he arrives.” Fair enough. My home can be hard to find, he might need some help finding it. But most of the time, there’s no good reason to hand out data.

Pause

Perhaps this is a good place to stop this week. I like to keep my blog posts to around 1000 words, and we’ve passed that mark already with so much still to discuss. We’ve established, I think, a good foundation for what disinformation is, why we need it, and when to use it. Next time we’ll cover some examples of disinformation and how to come up with good, plausible disinformation. Until then, stay safe out there!

CTemplar is Dead (AKA Lessons About Email Sovereignty)

April 30, 2022

Icelandic encrypted email provider CTemplar went under this week. I could list dozens of reasons this comes as no surprise to me – and another dozen ways this was poorly handled – but that’s neither here nor there. There’s no reason to kick somebody while they’re down. Instead let’s focus what we can learn from this, because there’s two important lessons.

Lesson 1: Beware the Little Guys

In the privacy space, we are very skeptical of new services, and rightfully so. There’s a lot at play here. First there’s the fact that the privacy space is rife with scams, both direct and indirect. Direct scams would be the ten thousand new “shitcoins” that pop up each day who’s only purpose is to make someone rich in a pump-and-dump scheme – or an actual, outright honeypot service like Anom. An indirect scam would be services that lull you into a false sense of security with buzzwords like “encrypted” and “private” when what they really mean is “for now” or “moreso than the other guy” (if they even mean that much).

Assuming that a new project is honest and well meaning, they can still easily make mistakes with poor implementation, poor wording, or bugs. Security and privacy are both important – and incredibly easy to screw up, sometimes badly.

Last but not least, even the honest services face the same uphill battle you’ll find in literally any market: it’s hard to compete with the name brands – Proton, Tutanota, DuckDuckGo, Mullvad, etc. These are brands who have proven themselves (whether you like them or not) time and time again. You’re new. You’re nobody. Why should anyone believe you? What do you offer that they don’t? What do you do differently and/or better? What challenges will I have to overcome to benefit from your product (such as the Network Effect)?

That said, there’s nothing wrong with supporting the new guys. I think you should, actually. I was a new guy once. I still am, in a lot of ways. Tutanota was once the new guy. Signal. Tor. Your favorite privacy or security service or tool was once new and untested. It’s good to research a product and then decide “I like this, this is good, I want to support this.” But you need to remember that we have no idea what’s going on behind the scenes. Depending on the available research and your skill level, you may not know if the product’s implementation is secure. We may not know their financial situation. We may not know if some drug kingpin is using the service and they’ll be served with some kind of legal order that forces them to fold. There’s a million things that could happen, and we just don’t know. I don’t think this counts as a reason to stay away – if you never support the projects you like, they’ll die for certain. But even if you do support them, they might die anyways through no fault of yours. So always keep backups, always keep redundancies, and always be prepared to wake up one day and find out your emails won’t send. This leads us to an even more important and easier-to-practice point.

Lesson 2: Control Your Data

Frequently when we talk about “controlling your data,” we think of things like self-hosting, reducing data transmission (via tools like firewalls, DNS, or uBlock Origin), or not using a service altogether. But sometimes it’s a bit more complex than that. This is actually a subject I’ve been wanting to discuss for quite some time. Sometimes “controlling your data” can mean controlling how it gets handled, or where it goes.

Let’s look at this through the lens of email and CTemplar. Most of my long-time readers know that I recommend the use of an email masking service like SimpleLogin or AnonAddy. There’s numerous practical reasons for this which I outline on that page, but one that I haven’t discussed in depth (and should probably add) is the ability to quickly and easily redirect your emails in a situation exactly like this one. Right now, a lot of CTemplar users are scrambling to get all their accounts moved over to a new provider. While SimpleLogin & AnonAddy don’t make this a one-click process, they do make it easier than logging into a billion websites and manually changing and verifying everything. It can all be done from one simple dashboard in just a few minutes, no verification required.

There’s another layer of protection here I strongly recommend: custom domains. The default email addresses provided by SimpleLogin and AnonAddy are fine for the small stuff, they present two issues. First, a lot of companies don’t typically like these kinds of services, so it’s usually only a matter of time before they start getting blocklisted. These two services are attempting to circumvent that by constantly adding new domains, but they can only do so much. It’s a constant cat-and-mouse. Second, what happens if one of these services go under? It’s happened before, and it can happen again. In fact, that’s why we’re talking about this right now: a company went under and now the users have to find something else. With a custom domain, if your email-forwarding solution of choice ever goes out of business, you just point the records at a new provider, whether that’s another forwarding service or an email provider directly.

A quick note: I know setting up a custom domain sounds hard, but it’s REALLY not. You buy a domain name you like from a website (common privacy recommendations include 1984, NameCheap, Orange, and PorkBun), then you go check the help page on your email forwarding service of choice for instructions on how to add your custom domain. More often than not, they have very simple, straightforward instructions and sometimes even have screenshots. Same if you decide to cut out the forwarding service and use an email provider directly.

Having your own domain is the ultimate power in controlling your email data (except for self-hosting, but I don’t recommend that for a lot of reasons). Unless the domain registrar disappears or blocks you (which, in my experience, is highly unlikely) then it doesn’t matter who goes out of business. You can always just point your emails somewhere new and keep going with almost no disruption.

Controlling your data is important and powerful. It makes you independent, it makes you resilient, and it makes your life simpler by being prepared for when things change – and in tech, things are always changing. Part of threat modeling is planning for what could go wrong and then putting systems in place to mitigate it if it happens. Maybe you weren’t affected by this CTemplar situation. That doesn’t mean you won’t be affected by the next one. Be sure to review the products and services you use and plan ahead. There’s always room to improve. Take this time to learn some lessons and apply the necessary changes to your own posture.

2022 Review: Session

April 23, 2022

What is Session & Why Do You Need It?

Session is an end-to-end encrypted messenger available on Linux, Mac, Windows, Android, and iOS. I have long touted the need for E2EE in your daily communications for both practical and philosophical reasons. For practical reasons, it can protect sensitive communications like financial discussions, upcoming plans, and NSFW pics/texts if that’s your thing. For philosophical reasons, I think that everyone should use encryption whenever possible to normalize it and make mass surveillance less feasible/practical/economical.

The Good

Session has a lot of things to like. For starters, it’s on par with Signal’s “insultingly easy” setup. Seriously. It takes less than a minute (including downloading it). Setup involves clicking the “Create Session ID” button wherein it automatically creates an ID for you, then asks you to pick a display name, a notification mode (Apple/Google push notifications or their own Apple/Google-free notifications), and you’re ready to start chatting. You pretty just click “next” the whole way through. It’s actually faster than Signal’s setup because you don’t need to enter a code that they text to you.

Speaking of, you may have noticed in my description just now that Session requires absolutely NO user information to sign up, like phone number, email, etc. It’s not even optional – there’s no fields to enter it. While most of my readers probably don’t need anonymity, less data to hand out is always better, and it doesn’t get much “less” than Session.

Next, Session is onion-routed, which – for those unaware – means that your communication goes through several nodes (sometimes called “hops”) on the way both to and from each recipient. This is good for aiding anonymity. You may already be familiar with this concept from the Tor network, and if you’re not I suggest checking out my video about Tor here to learn more.

The next big plus is that Session is decentralized. This makes it censorship resistant and also resistant to malicious activity by the Session team. Nodes are run by volunteers, therefore any attempt to shut down Session or force them to log data would be pretty ineffective. And of course, the app is open-source so even if the Session organization was shut down, any sufficiently skilled developer could simply fork the project and continue to run it.

Finally, Session is audited, which they passed rather well in my opinion. All issues were fixed – including the only “severe” vulnerability – except ones that were intentional for functionality, all of which are not technical vulnerabilities but rather recommendations (like default notification configurations).

The Bad

Let me get a quick non-issue out of the way before I continue: the Session team is based in Australia, which is pretty much the most privacy-hostile Western country on the planet. But I don’t think this really matters as I mentioned above: Session is open source and decentralized. Any attempts to compromise it will only result in a fork of the client and the servers will likely continue to run unaffected.

With that out of the way, Session’s biggest drawback in my opinion is stability. While it has come a long way and should be pretty usable 95+% of the time, it does still experience the occasional bug, usually resulting in a message not being sent, received, or synced between devices. Understandably that can be a big deal, but also it’s so rare that I find the risk relatively low personally. You might feel otherwise if you’re a journalist or fall into some other high-risk threat model, which I accept. That’s why I’m acknowledging this stuff so you can know the drawbacks. It's also a little slow, but they're constantly working to speed it up and personally I don't mind “a little slow.” If it's urgent, I'll call you.

Speaking of, the single biggest thing keeping me from making Session my daily messenger is the lack of audio/video calls. At the time of publication, these were in closed beta with the Session team teasing that they should enter a public beta any day now, so maybe by the time you read this it’ll be out. When it is, I’m going to jump straight on that train. Session solves a lot of my personal, nitpicky complaints with Signal. Sadly though, for Android users, I don’t think Session will be able to replace Signal as your default messaging app for easy integration. That may be a dealbreaker for some.

The final bit that may put some people off of Session is their use of the Oxen cryptocurrency token. For 99% of users, this means absolutely nothing and you can skip to the conclusion. Session is not a “web3” app in the sense that you get paid for your content or can send or receive payments in crypto. The cryptocurrency aspect of Oxen does not come into play in any way, shape, or form for the end user. Rather, the Session team uses Oxen as a way to pay those who host nodes. It also comes into play in the hosting of nodes itself. Session is designed to be resistant to “Sybil” attacks, which is basically where one entity (like the NSA or GCHQ) hosts a ton of nodes so they have majority control of the network and can effectively spy on all the users. Session does this by making each node cost more Oxen to host than the previous, so the price of a node is always rising exponentially. This means that the cost of controlling a node quickly rises and becomes economically unfeasible for an entity attempting to control the network – governments have a lot of money, but realistically not enough to justify this. After a certain point, they’d be better off finding new attack vectors. Non-malicious, everyday users can still pool their resources together to host a node as a group, and they get rewarded in Oxen token for doing so. This is what helps run the network and protect it against Sybil attacks while keeping it accessible. Truth be told, all of this goes way over my head but I’m going to share some resources in the next section that you can listen to and get more information yourself. The reason I’m listing this as a con is because a lot of people feel very strongly about cryptocurrency, and knowing that Session is hosted off a centralized, home-brewed altcoin is definitely not something most cryptocurrency enthusiasts are happy about. At best, most crypto people seem to regard this as a necessary minor annoyance while others rage about how this could’ve easily been accomplished with an existing coin and no need to reinvent the wheel. Personally I don’t know who’s right, and I don’t care. Session works, it’s been audited, and I don’t have to deal with the crypto side as an end-user. I just want you to be aware in case you feel differently.

Conclusion

Session, in my opinion, is one of the best choices you can make for an encrypted messenger. They’re audited, they’re metadata– and censorship-resistant, and they make it easy to be totally anonymous (as always, if done right). Session is still young, but they’re growing fast and I don’t think it’ll take long at all before they can punch against some of the rockstars of the encrypted messaging community. Fortunately, if you still want more information to make up your own mind (or get more insight into the Oxen/cryptocurrency thing I mentioned earlier), I have two resources. First is my own interview with Kee Jeffrys, the Chief Technology Officer for Session, from about a year ago. The second is Seth For Privacy’s more recent interview, also with Kee. Both of these should give you more than enough information to decide if Session is right for you and if you want to try it out. I’d recommend at least giving it a shot. You have nothing to lose.

You can check out Session here.

Haven: “Self-Host a Private Blog Instead of Using Facebook”

April 16, 2022

A couple weeks ago, one of my blog posts went slightly viral and even ended up on Hacker News (for those who don’t know, Hacker News is an aggregate site where users submit links and comments, kind of like Reddit). Because of this, a developer saw my post, learned about The New Oil, felt that we had a similar target audience and mission, and reached out to me to ask if I’d check out his project called Haven.

Now, before everyone and their mother rushes to ask me to do a review of their project, first ask yourself if it’s even qualified. Quite frankly I’m already sick of getting emails asking me to check out your useless blockchain “military-grade encrypted” proprietary messenger or to sponsor a post for your enterprise suite that doesn’t apply to my target audience. Please do thirty seconds of research. That’s all I ask. That’s not a guarantee – if your project doesn’t interest me, I’m just not gonna talk about it.

With that out of the way, Haven interested me. To be honest, it’s not for me. I don’t have a use for it in my own life. But I liked the intention so I thought it might be fun to look into. With that, let’s dive in.

What is Haven?

Haven is – put simply – a private blog. Haven is aimed at solving the problem of “I hate Facebook but I need it to keep updated with my friends and family.” This is actually a pretty common thing I hear a lot: “Yeah, I know Facebook is evil, but it’s the best way I can keep my long-distance family in the know about what’s going on with my kids.”

You can self host a Haven instance or have the developer host it for you for only $5 USD/month. Payments are handled through Stripe, so card only (no cryptocurrency) but in my experience Stripe is pretty generous with things like Privacy.com or prepaid cards. It’s also been designed specifically for AWS or Raspberry Pi, giving options for both power users and novices (Note: the developer is working on a Docker deployment and has provided a few unsupported resources for hosting on other Linux distributions).

Here’s how it works: you sign up for an account (self-hosted or otherwise). On the dashboard, you can write a blog post. Posts are formatted in Markdown. On another page, you can subscribe to other blogs you wish to follow – or really any RSS feed you want (more on that in a moment). On yet another page, you can add “users.” Users can be administrators (who can add new users), publishers, or subscribers (who can only like and comment).

When you add another user, you are given the blog’s main address, the user’s email address, their password, and a “magic link” they can use for one-click login. You are then responsible for passing these on to the user.

The Good

Haven is – like my own site – targeted towards the non-tech-savvy and the “average person.” It is with this in mind that I went straight to my favorite test group: my family. While my family has very few “techy” members, we definitely don't have any flat-out tech morons – various family members have been able to sign up to Matrix with zero difficulty or help from me, and one successfully followed my instructions to install Linux Mint on an old device in only two tries (they missed a step the first time). With that context, here’s the good stuff.

The developer offers a paid hosting option rather than making it strictly self-hosted. This is great as it allows both experienced users who want total data sovereignty, but also caters to those who don’t feel comfortable self-hosting. I also appreciate the use of Markdown, which in my opinion is less complicated than HTML or CSS (which is already pretty simple). I also like the fact that it offers every account a “magic link.” This saves my friends and family from having to know their username and password, and it makes very easy for them to log in and get started (at least on my blog).

The thing that really impressed me was the RSS reader. I tested it by adding a subreddit, and to me this is a real game changer. This allows you to not just follow other blogs, but news outlets, subreddits, and even audio podcasts (tested with Surveillance Report). To me that’s huge. Imagine all your favorite news, YouTube channels, podcasts, family and friends’ blogs, all in one place. And all in chronological order. I have despised the algorithmic timeline since the day it got introduced, and so have many of my friends and family. I bet they'd really appreciate being able to get all their preferred information in the correct order.

The Bad

As I mentioned earlier, I asked my “normie” friends and family for feedback. Most of it was negative. Constructive, but negative. Few sent met any “I like this” parts, but rather “this needs work” notes.

The number one piece of feedback was that the website immediately put them off by being a wall of text with too much “technical jargon.” Truthfully I have no idea what part of the front page was “too technical,” but maybe that’s cause I’m so used to things like “self-hosting” and “RSS.” I think the real issue – as one person noted – is that the front page offers little in the way of explaining what Haven actually is. That part I definitely felt when I first got approached. You have to navigate to the Screenshots page before you get eyes on the software, which I think helps really drive the point home. As they say, “a picture is worth a thousand words.” Perhaps I overcomplicated it. I'm so used to people trying to change the universe with their “all-in-one” blockchain-based apps that I remember thinking “there's no way it's just a private blog. What else does it do?” One older family member said that they found the whole thing confusing and would rather stay where they are, but also admitted it could just be their generation. Perhaps a video demonstration or tutorial would be in order. I can’t imagine a comprehensive “how-to-use” video demo would be more than five minutes tops. Funny enough, one non-privacy friend noted the irony that it’s optimized for AWS while being a privacy-focused project, but did also say that they understood that you sometimes have to make tradeoffs to appeal to the widest audience.

I personally have questions about the idea of creating accounts for people. On the one hand, I think for people like me – who are more comfortable with tech – this would actually be a positive move. I’ve mentioned in a previous blog that I got my mom to use ProtonMail by creating the account for her, then sending over the credentials and letting her take it from there. I think you’d be much more likely to get friends and family to use Haven – at least as readers – by saying “here’s the magic link, just click it and you can view/comment/etc.” Having said that, I could see my mom very quickly and easily getting lost by this when it comes to her own blog and adding subscribers. After all, she’s never before had to make my Facebook profile on my behalf before, or subscribe to something for me. Usually that's my job to join, make an account, and go find and follow her.

The final big hurdle I could see (though it is no fault of the developer at all) is the use of RSS. RSS fell out of mainstream consciousness, and while it’s actually incredibly easy to use some people may be intimidated approaching it for the first time like this. This could make adding the feeds you wish to subscribe to very scary for non-techy folks. Perhaps the developer should include a page (their own or external) about what RSS is and how to use it to make it a bit more approachable to the non-techy folks. (Something like this already exists on the FAQ, perhaps they could just link that on the RSS page.)

Conclusion

I think Haven’s a really cool project. I don’t think it’s for everyone, but I think it could have uses, especially for those who want to share with a specific group privately. The website mentions how the developer wanted to share photos of his kids with family (that could be good marketing: keep your kid’s photos safe) or gives the example of a group newsletter of sorts, like for school or work. If you’re reasonably tech savvy, this could be a great solution for you to privately share information with a group of people. If the people around you know how to click a link, they’re in. Is it right for everyone? No. As I said at the top, I have absolutely no use for something like this. One of my friends noted that he just uses an iCloud folder and email to share photos of his kid with his family. But I don’t think it’s a stretch to say that some people out there do want something like Haven. It's an elegant solution – more polished than “iCloud an email” for sure – and I think the developer has made a very clean, useful project that functions very well. The marketing on the home page might need some work, but the product itself is pretty snappy. It only takes about five minutes of hands-on playing around with it to get the hang of it. If you’re in a position where you want a private blog, then I recommend you look into this. If I needed something like this, I’d say without reservation that it’s easily worth the $5/month for a hosted plan. I encourage you to check it out if you think you might need something like this.

You can check out Haven here.

2022 Review: AnonAddy & SimpleLogin

April 9, 2022

Disclosure: I have an affiliate link with SimpleLogin that gives me credit towards my own SL account. You do not have to use this link, I provide a non-affiliate link at the end, and I tried my best to be unbiased in this review.

In this review, I’ve decided to lump both AnonAddy and SimpleLogin into the same review because they’re so incredibly similar in their offerings and features, though I will note any differences between them. I don’t think of this blog as “AnonAddy vs SimpleLogin,” though I’m sure it will help anyone who’s on the fence decide between the two. Rather, I present this as simply two tools you can use to achieve the same protection. I keep referring to AnonAddy first because I’m listing them in alphabetical order.

The Services

AnonAddy and SimpleLogin are both email forwarding services. Having an account allows you to create an email address – such as “f9f24233-d80b-4e17-a689-b7f1d0cc04c8@anonaddy.me” or “panguingue_graphostatic@aleeas.com.” These email addresses then forward any mail they receive to the mailbox of your choice, such as contact@proton.thenewoil.org. I highly encourage the use of one – or both – of these services. (If you’ve found a comparable alternative that works for you, feel free to let me know because personally these are the only two I’m aware of.) The practical reason is that for most of us, email is the central hub of our lives. Everything is managed from that one inbox, from newsletters and Netflix to doctor’s appointments, job offers, and important correspondence. The compromise of an email account is the digital equivalent of getting kicked out of your own house. If your email address gets exposed in a data breach – which it certainly will if it hasn’t already – that’s half of the required login exposed, leaving only the password to be guessed for access. This can be mitigated by using strong, unique passwords and two-factor authentication, but the exposure of an email address can still be used in other ways, such as phishing attacks or tracking you across the various accounts and websites, leading to stalking by both individuals and companies.

The Good

Both services offer a free tier with premium, paid features. AnonAddy offers Lite ($12/year) and Pro ($36/year or $4/month) paid plans, while SimpleLogin offers only a single Premium paid plan for $30/year (or $4/month). In addition, both offer F-Droid apps, as well as Google Play and Apple App Store apps, allowing you to create masked addresses on the go. Both allow you to import your public PGP key (free for AnonAddy, paid feature for SimpleLogin), both support the use of custom domains (paid feature for both), and both allow catch-all email addresses (meaning if I make up an email address on the spot, that email address will be automatically created and forwarded to me as soon as the first email is sent, free for AnonAddy, paid feature for SimpleLogin). AnonAddy offers you the option to replace email subjects (so that the true subject isn’t visible (a shortcoming of PGP)). Both services support hardware security keys (like Yubikey) and offer browser extensions for Chromium-based browsers and Firefox (SimpleLogin also has a Safari plugin, AnonAddy does not). SimpleLogin also offers enterprise solutions if you happen to be responsible for a company.

The Bad

AnonAddy’s mobile apps are fan-made and not officially supported. AnonAddy also has a limited number of custom domains, a limited amount of bandwidth (except for the Pro plan), and a limited number of email addresses you can receive to. The bandwidth thing is probably not an issue for most people, but keep in mind that if your bandwidth is exceeded that means they won’t forward any emails for you for the rest of the month. The bigger issue to me is the limited number of emails you can send and receive – 20/50 (100 for the Pro plan). While most people probably don’t send 50 or even 20 emails in a single month, it’s something to be aware of if you’re a power user.

The drawbacks of SimpleLogin are that it is less feature-rich than AnonAddy (can’t change the email subject, can’t disable catch-all). SimpleLogin’s free tier is also much more restrictive than AnonAddy’s (can’t use PGP, 1 recipient inbox to AnonAddy’s 2). But they do make up for it by offering unlimited bandwidth, unlimited reply/send even on the free tier, and a variety of tools like alias directories and an email-by-email alias name option that can help you stay ultra-organized, which really is a must if you’re going to be compartmentalizing.

Final Verdict

I use both of these services, and honestly I find them almost identical. Being that I consider a custom domain to be a valuable part of a privacy strategy, I think the average user could get away with AnonAddy’s Lite tier ($12/year, $1/month), but SimpleLogin’s Premium will be the better bang for the buck with all the unlimited features. Neither service is bad and they really come down to what you want or need out of them and the price you’re willing to pay for those features you want. I’ve found both to be extremely user friendly and affordable, and I use them pretty interchangeably myself. I encourage you to explore their pricing options for yourself, and maybe even sign up for a free account for both to decide which is best for you.

You can check out AnonAddy’s Pricing here and SimpleLogin’s Pricing here and sign up for each service at their respective websites. If you decide to sign up with SimpleLogin, please consider using my affiliate link. I will not see any information about you, but I will get a few bucks added to my SimpleLogin account if you purchase a paid plan, which means more money I can put toward other The New Oil-related projects. Of course, I understand that not everyone is a fan of affiliate links, so no hard feelings if you choose not to use it. The important thing is that you use one of these services and start protecting yourself.

Why to Care About Privacy After Years of Sharing Data

April 3, 2022

I have a thought experiment for you. Pretend you’re driving somewhere local. A friend’s house, your favorite store, the office, whatever. You’re on autopilot, you’re not really paying attention. You reach a stop sign, take a left, and keep going. After about five or ten minutes, you snap out your highway hypnosis and go “oh wait, this isn’t the way to get where I’m going. This is the way to get to [another place I frequent]!” Do you just keep going?

The answer is “of course not!” That’s totally ridiculous. If you know you’re doing something wrong, why would you keep doing it? And yet, that’s exactly what many people ask. A common pushback against privacy is “well they’ve already got so much data about me already, would changing now really do any good?” The answer is a instant, emphatic “yes” and I can think of two good reasons for this.

Ethical

The first reason is related to the thought experiment I shared above: it’s a matter of ethics. If you’re doing something wrong out of ignorance, personally I think there’s no shame in that. But once you know better, continuing to do it wrong is a choice, and usually a bad one. What I’m about to say may be unbelievable to some readers: I used to be deep in the Big Tech data sharing ecosystem. I never changed the presets on my devices. I filled out every single field given to me like address, birthday, and favorite quote even when it wasn’t required. I posted every thought and accomplishment on Facebook. Yup, that’s right, I had a Facebook. This is one reason privacy matters so much to me: I was wrong and now I “see the light.” Once I realized I was doing it wrong, I couldn't in good conscience keep doing the same thing.

If I can change, so can you. And frankly, so should you. It’s a matter of principle. It’s like when you meet someone new and mishear their name. “Hi Toby, nice to meet you. Oh, Tony? My bad.” You don’t wouldn’t keep calling them Toby after that. You wouldn’t keep driving down the wrong street. You don’t keep using the pot that’s too small to cook the pasta in after realizing that the bigger pot works better. It’s really not complicated. “Oops, I was doing this wrong before, I should do it right.” There’s no shame in admitting you were wrong. In fact, that’s a sign of growth and maturity, and it acknowledges that things change. If I never admitted I was wrong, my site would be full of misinformation and outdated tools. Doubling down is just immature and stubborn.

Practical

The other reason to change is much more pragmatic: the data gets stale. For my readers who are at least thirty years old, pause for a moment to reflect on the “you” of ten years ago. (For my readers under thirty, perhaps only jump back five years.) Now stop cringing and come back to me. Chances are that there were parts of you that changed. Maybe the “stop cringing” joke a moment ago doesn’t apply – as a child I was always a pretty mature, well-behaved kid, but that doesn’t mean I didn’t say or do dumb things that I look back on and go “wow, I’m so glad I moved on.” Maybe it was a bad emo or goth phase (no shame if it wasn’t a phase, rock on), maybe it was something you used to believe or think (when I was little my siblings somehow convinced me I was born at Disneyland), or maybe it was the people you used to hang out with or the job you used to work. You changed. You grew, and you (hopefully) made yourself a better person. The data you produced back then – your favorite band, your home address, your social circle – those have all changed.

Really think about that for a moment. Where did you live ten years ago? Who were you dating? What was your nightly routine like? I’d bet money that 99.9% of people reading this will admit that they are a pretty different person now than they were back then. Now to be fair, 99.9% of people also haven’t dramatically changed. Maybe you were and still are conservative, or a jokester, or an activist, or a big sports junkie. But I’m willing to bet that you’ve changed enough that you’d consider yourself “a different person.” The exact differences may vary, but you know that there’s a distinct difference between you and that person, even if it’s just maturity and experiences.

There's serious reasons this might matter, like letting the past be in the past. In some cases, your profile built by ad companies to sell you stuff can make letting go of the past nearly impossible, like if you’re a recovering alcoholic who keeps seeing alcohol ads. I wish I’d kept the original story I saw this in, but regardless: a little bit of searching had no trouble turning up multiple stories of recovering alcoholics being served ads for drinks, and one story I found in the course of this search even talked about ads reminding you of dead loved ones, eating disorders, miscarriages, and more. If you’re trying to move on from a dark point in your past, lack of privacy will make this nearly impossible. Privacy helps you grow and become a new person. Continuing to drive down the wrong street won’t make this growth any easier, and won’t let you deal with your trauma on your own terms: you can only do that by turning around and going the right way.

Conclusion

For many, change is hard and scary. Fear of the unknown is a real thing. I have never started a new job and not felt some degree of anxiety, even if I was 100% sure it was the right move. Fear of the unknown has kept us alive as a species. But we evolved, and so must you as an individual. You have to conqueror your fear of change and be willing to make changes. It might be hard at first. It was hard for me to learn how to not just post every thought I had for the whole world to see. I had to completely retrain myself on how I interact with my friends and family without Facebook. But in the end, it can be done. Whatever those companies know about me now is only a fraction of what they knew before, and much of what they knew before is no longer true. I no longer have those same social circles, that same fashion sense, the same relationship patterns, or even work in the same industry. Change is inevitable and natural, so don’t fear it. Embrace it and the potential it brings to make your life better. Change to a life where you are in control of your direction.

One Week of LineageOS

March 27, 2022

Recently I came into possession of an old, cheap Android phone that just so happened to be compatible with LineageOS. I have no desire to use Lineage as a daily driver for security reasons I'll discuss shortly, but I thought it might be a fun experiment to flash the phone. It may surprise some of my readers to know that I’ve never flashed a phone before. My privacy journey started much more recently than some of you may suspect, and due to a combination of frugality and not wanting to bite off more than I can chew, I’ve been using the same stock device that I’ve had since then. So I decided this would be a zero-risk, zero-cost chance to experiment with both the flashing process and the phone itself. After having a Lineage phone for about a week, I thought I’d report on my initial impressions.

Why/What is LineageOS?

Google has an interesting and surprisingly supportive relationship with the Open Source community. Chrome is based on Chromium – an open-source, simplified version of Chrome. Likewise, Android is based on the Android Open Source Project (AOSP). Both of these projects are highly complete and well-supported, allowing for others to take the mantle and run with it relatively easily. This is where we get browsers like Brave, Vivaldi, and many, many others. Likewise, thanks to the open source nature of AOSP, we have alternative operating systems (called “ROMs”) for Android phones. Just like with Linux, these vary based on what they’re aimed to do, but generally in the privacy community there’s a few that get brought up most often: Graphene is best for security, Calyx is the best compromise between Graphene’s security and stock, mainstream Android’s user-friendliness, and then there’s a handful of popular but less secure options. Among these, the two that usually get cited most are /e/ and Lineage. These are typically considered less secure because they’re based on older Android kernels (Graphene and Calyx are both based on Android 12, the latest at the time of writing, while Lineage and /e/ are both based on 11 or earlier depending on your device) but more importantly because they don’t lock the bootloader, which – from what I understand – is similar to saying “everything runs with admin privileges 24/7.” This means that malware is virtually unchecked and can completely take over your device and access every single piece of sensitive information if you slip up even once.

So why did I go with Lineage? Frankly: because the phone was free, I had no plans to make it my daily driver, and because I have because internet common sense. I don’t mean that as an insult to the less tech-savvy amongst us, but there are some foundation rules for using technology: don’t click links you aren’t sure of, don’t download apps you don’t need, and don’t give away too much information (I discuss all of this on the website here). If you live by these rules, the unlocked bootloader is unlikely to be a problem (though I do recommend a secure ROM as a safety net). It was with this in mind that I decided to give Lineage a shot and see what I thought of it.

The Flashing Process

So the first and most obvious question was “how easy was it to ‘de-Google’ the phone?” The honest is answer is “not easy.” It was probably mostly user error, though my research did indicate that my particular brand of phone was not exactly friendly toward this process which probably didn’t make life any easier. Having said that, I still wouldn’t describe the process as “hard.” Lineage thankfully has a very active Reddit community who was incredibly gracious, patient, and helpful. Between that and just following the instructions, I was up and running in a collective total of a couple hours (a later flash I did on another, different device took less than one hour, so clearly the process isn't difficult if you follow the instructions and set aside some time to dedicate). The most time consuming part was getting the unlock PIN from my manufacturer, which was significantly more painful than necessary but I’ve come to expect no less from big tech companies. At any rate, all that to say it was a pretty simple process and there was help when I hit bumps.

Initial Impressions

As a first-time “degoogled” phone user, the thing I noticed right away was how fast I got up and running. Unlike a traditional Google phone (or iPhone, for that matter), there was nothing to sign into, no fifty pages of permissions and analytics to opt out of, no twenty extra pages of “here's what's new!” It asked me to set a PIN, connect to WiFi, and asked if I wanted to enable a few permissions, and possibly asked me if I wanted to submit analytics to the Lineage project (I can’t recall, but if they did it was only one page). The other big thing that stuck out to me was how clean it was, by which I mean “clean from apps.” Sure, it came with the obvious stuff: a camera, a browser, settings, a photo viewer, etc. But there was no Facebook, no fifteen Google apps or twelve stupid Apple apps I'll never use, no custom proprietary browser, etc. There was some stuff I removed because I knew I’d never use it, like the voice recorder or the file explorer, but there was nothing that I immediately identified as a privacy invasion that I wish would just go away.

The first order of business was apps. Normally I’d say settings, but as Lineage was already so clean there was very little to do in the way of changing settings. I did review them, but found very little to adjust other than personal-preference stuff like the background image and stuff. So that left me with getting the apps I wanted/needed onto it. Lineage comes with no app store, so I decided to start with F-Droid, an app store with very strict vetting procedures that accepts only open source apps. This was easily accomplished by simply navigating to F-Droid.org in the stock browser and choosing to install it. Once that was up and running, I decided to put my money where mouth is and install Bromite as my browser of choice. This was my first experience adding an F-Droid repository, and perhaps for that reason I was unable to add the repository via the link. Once again, this was almost certainly user error. The last time I recall having an Android of any kind was about 2013/2014. I had to pull up the QR code on a second device and scan it from there, which made me quickly realize that the stock Lineage camera did not feature a QR scanner. I had to go find one in F-Droid to finally scan it.

Once Bromite was installed, I searched for Signal and to my chagrin was reminded that Signal is not available via F-Droid. This meant I should use the Play store, but of course as this was my chance to try to finally be private, I decided to get Signal via the Aurora store, a Google Play proxy. Fortunately this turned out to be super easy as Aurora is available on F-Droid. From there, adding whatever I needed was a breeze. If it wasn’t on F-Droid, I’d simply pop over to Aurora and get it there.

One Week Later

Let me make something clear: I f*cking despise my phone (speaking now of my usual daily driver). I normally try not to drop “F-Bombs” on The New Oil, but I truly cannot impart on my readers the intensity with which I hate my phone. My hatred of my phone is rivaled only by my hatred of Old Navy commercials (dunno why) and Mitch McConnell (I’m told by my right-leaning friends that this is not exactly a controversial opinion, so that’s probably okay to say here). I truly mean that: I view my phone as a necessary evil that I’m forced to exist with for at least the next few years. (Don’t come at me with how you’ve been phone free for years. Trust me, I can’t do that right now and you’re only going to incur my ire by trying to convince my otherwise.)

Having said that, I love this Lineage phone. I haven’t shut up about it all week. One of my coworkers remarked that he’s never heard me rave about a phone like this before. I know it’s got some valid security concerns, but the peace of mind I get from this device is unreal. Every day I tell people that I’m one day closer to making it my daily driver. I love this phone.

There’s a few drawbacks, of course. Perhaps the most concerning is the lack of automatic updates. It seems that Lineage once had automatic updates, but something went wrong (probably a change on the AOSP end) and the devs are working to rebuild this capability. But this isn’t limited to just the OS, rather also to the apps. I have to manually check both F-Droid and Aurora to see if there’s any app updates. I’ve seen a few people in various forums speculate that turning off “battery optimization” for these services may allow them to run continuously, and therefore might allow automatic updates, but I haven’t seen anything to confirm that and I haven’t had time to confirm this myself. Personally this isn’t a dealbreaker – I usually manually check for updates about once a day anyways – but it makes me reticent to recommend the device to anyone else as not everyone is quite so studious. The device is also a bit slow and unresponsive at times, but I largely suspect that’s due to using such an old device and not an actual shortcoming of Lineage itself.

There have also been peripheral benefits I’ve enjoyed exploring. For example, my PineTime now works with my phone way more than it did before. I get notifications of Signal messages (but weirdly not content) and Matrix messages (weirdly with content). Syncing Nextcloud was absolutely painless. (Meanwhile, with my latest iOS device I’m still attempting to sync over a week later.) And thanks to using an old device, I still have a headphone jack (thus my Lineage device has become my workout device until I can afford some wireless headphones). It’s been fun to learn all the little quirks and differences on this device.

Final Thoughts

Will I make good on my promise to make Lineage my daily driver? Probably not, mostly because of the slow performance. I need a phone that’s at least moderately snappy when it comes to using VoIP and stuff like that. But I now carry two phones everywhere. Even without a SIM card, I can (and do) connect Lineage to the WiFi (with a VPN) and so far this system has worked very well for me. It’s been a wonderful breath of fresh air to have a device that isn’t stalking my every single move and forcing me to put up with bloatware. (I know that if I made it a daily driver I’d still have my location tracked by the carrier – plus the few proprietary apps I still use like Spotify – but that’s still a lot less tracking than a stock phone.)

Would I recommend Lineage? Only under a few specific circumstances. First and foremost: you have to know the security risks. Again, unlocked bootloader and no automatic updates. You have to be extra careful because there’s no malware safety net, and you have to be sure to stay on top of those updates (I recommend checking at least once per day). Second, I’d only recommend it if you’re unable to get a better device. If you have an old Android that’s compatible and you simply can’t afford to buy a more modern one, then I would recommend Lineage over an outdated Android version in a heartbeat. But if you can afford a Pixel with Graphene/Calyx (or a current iPhone if you don't want that for whatever reason), at least those offer a secure safety net against mistakes. Again though, if you exercise some basic caution and your threat model doesn’t include “targeted attacks,” you’ll likely be safe with Lineage.

Ultimately, not to sound overdramatic, but this week has made me rethink what a phone – and technology in general – can really be. Not every piece of technology has to be the antichrist incarnate come to stalk and track every breath I take. Rather, freedom through FLOSS technology may actually be not only more possible, but closer than we think. From a tech perspective, this has been a very exciting week for me, and I’m glad I went down the road of this little experience.

For those who fear they aren’t “tech savvy” enough or “smart enough” to flash a phone, I strongly encourage you to – if you can afford it – get your hands on an old device with no risk and try flashing it. I think you’ll find it’s a lot easier than you think, and the peace of mind and privacy is immeasurable. And if for whatever you reason you decide it’s not for you, you’ve lost very little and I would consider that knowledge worth the price. But either way, I encourage you to go find out. It’s worth it.

How to Make People Care About Privacy

March 19, 2022

It’s that time again. I’ve been seeing the question pop up a lot: “how do I get the people around me to care about privacy?” Truthfully I’ve tackled this topic a few times in a few different ways, but today I want to address a different side of this question.

Publicly asking “how do I make my friends and family care about privacy?” has several problematic components, and in this blog post I want to examine them. Particularly the fact that – as one podcaster jokes – I failed Psychic Powers 101. This is just a sarcastic way of saying “I’m not psychic.” Most of you reading this know nothing about my parents or my siblings. I’ve made offhand comments here and there in past blogs that you can probably infer a few things from, but overall I wouldn’t expect you to know a lot of vital information. “Vital information” in this case would include things like values and concerns. When I ask “how can I get my mom to care about privacy?” you are missing a lot of critical information to accurately answer that question. Ignoring the horde of stupid (and in some cases illegal) answers thrown out by people who clearly haven’t spoken to another actual human being in months, you may consider ideas like “explain how invasive Facebook tracking is” or “explain how this information could be used to censor you if the wrong political party took office.”

Let me tell you a little bit about my mom and see if your answer changes: when I asked her what she wanted to be when she grew up, she told me she always wanted to be a mother. As soon as my youngest sibling moved out of the house, she wasted no time in getting two cats because she enjoys caring for and nurturing someone. She adores her grandkids and talks about them all the time. My mom is also, well, I wouldn’t say “poor” but technically speaking. My mother once told me she never made more than $40,000/year at any point in her life (impressive how well she managed money, looking back on my childhood). She’s passionate about architecture and design, and is a woman of faith.

If you’re a veteran privacy advocate, your brain probably exploded with a ton of new arguments to win her over. “Facebook is stalking and brainwashing your grandkids.” “Your grandkids are growing up in a world where every dumb, innocent, ‘growing up’ mistake they make is being immortalized and may cost them a job in the future.” “Your bank is using your data – including your friends circle – to determine interest rates, coverage amounts, and loan eligibility.” “Your religion might be targeted for censorship or persecution.” I have shared many of these stories with her myself, and they do worry her. Last month, something amazing happened: my mom actually signed Fight For The Future’s petition for the IRS to stop using ID.me’s facial recognition software. I know this because she sent me their “victory” email and said “yay!” I told her that I was honestly surprised she signed it as I didn’t think she would care, and then went on to to praise her and thank her for helping and congratulate her for being part of positive change in the world (always gotta have that positive reinforcement). While I wish my mom would do more (namely quit Facebook and use better passwords), she’s on the right path. She has Bitwarden, now she just needs to change passwords. I think she’s moved off Chrome and started using DuckDuckGo instead of Google search. She even once called me and asked for helping putting Linux on an old Windows Vista computer she found because she wanted to use it but knew that Vista was no longer safe.

Here’s my point: it’s all about knowing how to reach the person. And this is what those random, public “how do I get people to care” posts always miss. I don’t know your mom. I don’t your sister, or brother, or significant other, or best friend, or boss, or whoever. My approach to making them care is going to change dramatically based off every piece of information I learn about them. Are they right-leaning or left-leaning politically? Are they even political? What do they value? Are they family-oriented or independent? Where do they draw the line between freedom and the “greater good”? Have they ever had a stalker? Have they ever had their identity stolen? Are they a cam girl? An adult actor is probably not going to be swayed by the “do you close the blinds at night?” argument when they post their nudes publicly online with the intention of being seen.

An example I made recently that I think really worked was guns. Bear with me, I’m not going to get political (even though I’ve now brought up guns twice in three weeks, I'm sorry). But that caveat proves my point: everyone reading this has an opinion on guns, and they’re probably all very, wildly different opinions. On one end of the spectrum we have people who think all firearms should be illegal and not even law enforcement should carry them. On the other end, we have people who think that guns shouldn’t be regulated in any way, shape, or form and that it should be on the user to be responsible. This is because we all have different beliefs, experiences, and values that shape how we view everything, like our views on guns. Another example I gave was “where do you think I [Nate] should go on vacation?” I’m sure you guys have some solid recommendations but I bet few (if any) of you are going list any of the really cool places that are on my actual bucket list. Again: I have unique experiences, values, and outlooks on life. Does that mean I’m a special snowflake and there’s nobody else on earth like me? Eh, yes and no. I’ve met lots of people that I share commonalities with, but it's probably safe to say that nobody has the exact same combination of interests and opinions that I do. True crime, video games, sci-fi, there’s a lot of categories I fall into, but even in those categories there's not a guaranteed uniformity. Not everyone agrees with my assessment of Tenet or who was the worst serial killer. And that’s true of anyone. My mother cares very much about her grandkids’ permanent records while my coworker – also a mother – doesn’t. A blanket “what should I say” question fails to recognize that despite all our commonalities, people are still people.

No two people are identical, and even despite their similarities they can still vary wildly in their values. Thus, there is no one-size fits all argument for why privacy matters, and there is no magic combination of words like some sort of incantation that will suddenly make every person care about privacy. If there was, don’t you think we would’ve started using it by now? That’s really what this question is always asking: “what’s the magic word I can say that’ll make people care about privacy?” The answer is that there is none. “Expecto Privacium” does not exist. And neither do psychic powers (at least, as far as science is concerned). Strangers on the internet are not qualified to tell you how to convince someone to care about privacy when they don’t know that person at all. It’s up to you to identify what a person cares about and find how that relates to privacy. And just a reminder: never go into a discussion expecting someone to change their minds, especially right there. That’s just asking for disappointment. Give them the facts, let them know how they’re affected, and leave it up to them. It may take a while, but you’d be amazed how often people come around.