This weekend in the United States, taxes are due. For the more responsible readers – aka “everyone but me” – this was probably already done weeks – if not months – ago. But don’t worry. Taxes will roll around again the same time next year, as inevitable as death itself as the famous philosopher noted, and our financial lives are year-round. So in other words, this is merely a good excuse to discuss some ways that you can protect your financial life – both online and off – and keep your funds, identity, and credit safe.
Identity theft is a common cause of anxiety in modern society, and it's pretty justifiable. According to a recent survey from US News, almost three quarters of adults have experienced at least one case of identity theft, and 27% have experienced more than one. In 2022 there were more than 1.1 million reports of identity theft, costing Americans a total of $8.8 billion dollars with a median of $650. One-in-five respondents reported that they continue to suffer financial consequences to this day. It's no wonder that a multi-billion-dollar industry has sprung up around protecting against identity theft. But does it make sense to pay for an identity theft protection service? Or is it just snake oil?
Cloud storage has become ubiquitous in modern society. The most widely-used example, I think, is the one that comes prebundled with our phones in the form of Google Drive or iCloud, but many desktop devices also come preloaded with iCloud or Dropbox (and we often add our own like Google Drive). We use them as a backup, as a way to share large or groups of files (such as a photo album from an event or vacation), and more. But not all cloud storage is equal. By default, mainstream offerings like Google Drive, iCloud, and Dropbox have access to your files. The consequences of this have ranged from insider threats snooping on files they shouldn’t be to people having their content or even entire accounts deleted, often for minor or no infractions and with little or no recourse. Those concerns aside, even big tech giants like Google have had problems with losing user data. So regardless of whether you’re storing sensitive, personal documents like taxes or sharing benign photos of the latest trip to the aquarium, it’s important to safeguard your personal data. And thankfully, in today’s landscape, users are awash with lots of solid, user-friendly choices who can easily take your privacy and security to the next level. So this week, let’s take a look at some of the top choices out there for secure cloud storage.
From the beginning I’ve always said this blog would be used to communicate major changes with the site in addition to reviews, ideas, etc. It’s been hard over the years to know what changes are big enough to warrant a full blog post, and which ones I should just let users see in the commit log. However, this past week, we made a few huge behind-the-scenes changes that I’m excited about and want to share. So in lieu of a traditional blog post, here’s some important stuff that happened this week.
There are many enemies of privacy. There are politicians claiming the (at best) misguided pretense of “protecting the children,” intelligence agencies claiming “national security,” companies claiming to give us “the best experience” or serve us the most relevant ads, and even individuals who seek to intimidate us and threaten us for any number of perceived slights. But there is one enemy who I’ve come to believe stands head and shoulders above the rest as the greatest enemy of privacy, one who will utterly destroy us if we can’t get it in check: the community itself.
2023 was a record-breaking year for cybersecurity in a bad way. Ransomware payments hit a record high of $1.1 billion, which is likely to encourage cybercriminals to keep trying, and in the first two-thirds of 2023 alone, there were a record 2,116 data breaches (that we knew of) for a total of 234 million victims. Keeping your data safe is more important than ever. Thankfully, doing so is – in some ways – also becoming easier than ever. Using good passwords is just one part of a healthy cybersecurity posture, but many experts consider it the first and one of the most impactful parts. Of course, we all know that actually using good passwords as recommended is laughably impossible, so much so there’s a plethora of memes about it. Thankfully, password managers exist and are here to help. However, like any mainstream tech product, the marketplace is now flooded with password managers of varying quality. So this week, I want to breakdown my top recommendations for best password managers in 2024 and which ones are right for you.
In an era where our lives are intricately intertwined with technology, the concept of cybersecurity has become paramount. One need look no further than my own Surveillance Report podcast, which features a weekly “Data Breaches” section that at times becomes so long we have to sacrifice some of the lesser stories. Consequently, many in the privacy and security communities strive to find systems and devices that are “unhackable.” But reality is a harsh mistress (or master, or whatever you prefer), for nothing is truly unhackable.
Last week, encrypted email, cloud, and calendar provider Skiff announced they will be shutting down in six months after being acquired by Notion. This has understandably caused a lot of frustration in the privacy community as many people were initially quite excited about Skiff. Several other privacy outlets – including Michael Bazzell, Privacy Guides, and even our own Surveillance Report – have all discussed our own frustrations, lessons learned, and plans going forward. But really, this is nothing new. Two years ago (nearly to the month), CTemplar also suddenly shut down, and we saw nearly the same scenario play out (with different reasons being given by the companies). So this week, let’s take a moment to reflect back on the second email shutdown The New Oil has survived and see what lessons we can take away for the next inevitable disruption.
Love it or hate it, online dating is here to stay. According to Pew Research, 30% of US adults say they’ve used online dating sites or apps, 1/10 say they’ve met their current partner via such a site/app, and 40% say that online dating has made the search for a long-term partner easier. I assume these numbers aren’t including non-dating sites like Facebook or Discord where it’s also possible to run into someone, hit it off, and begin a relationship. Like any other digital space, however, online dating is not without privacy and security concerns. As Valentine’s Day lies just around the corner, let’s revisit some privacy and security advice for those wading into the dating pool. (Don’t worry, not all of this advice is specific to online dating, so even if you’re against online dating there may still be something here for you, too.)
In an era where the internet has become an integral part of our daily lives, it's crucial to prioritize online safety. Safer Internet Day, observed this coming Tuesday (February 6), is yet another day to raise awareness of an issue. As I looked more into this day, I noticed that their stated aims were very nebulous, citing goals like making the internet “safer” (obviously), “inclusive,” “positive,” but I never actually found any specific guidelines or recommendations. I was further unsettled when I found an equally-vague teaser for the 2019 event with sponsors like Microsoft and X (Twitter at the time) – who as of this week expressed support for the highly problematic Kids Online Safety Act (KOSA) – as well as Meta (Facebook at the time), Snap, Google, and other problematic figures who’s efforts to make the internet “safer” can – at best – be described as misguided and controlling. The only unambiguous content to be found anywhere in the official online presences of this movement is a blog on the official website that discusses some of the various online legislation going around regarding online safety. So ultimately, it seems to me that – at best – this group is about campaigning for better “online safety” laws and – at worst – it’s a front for various Big Tech lobbying groups to control the narrative and conversation surrounding online safety.
Despite all that problematic context, let’s be real for a moment: the internet can be a toxic wasteland (heavy emphasis on the “can be” part), and at face value I do agree with the overall (alleged) mission of this day. So regardless of who’s behind this day, I think it’s worth taking a moment to discuss the idea of a safer internet and some of the steps we can take to protect ourselves and create a better online experience. For some context, today I will be focusing on the threat model of “other users” as opposed to companies, governments, or even insider threats like sysadmins and employees. I’m talking about cyberbullies, trolls, and other common threats who make our online experience less enjoyable.