The New Oil

Information Security for normal people. https://www.TheNewOil.xyz

This is part of a series on how to navigate internet censorship in response to this blog post.

For a long time, I put this topic off for a variety of reasons. One of them is that this topic is already covered quite extensively online, but honestly I’ve never found any of the guides to be comprehensive. Either they were too technical or too vague. Typically I’ve always wanted to stay away from this subject because I gear my site towards the type person who has a very low willingness to trade off convenience for security, or has a very limited tech background. PGP is, relatively speaking, complicated.

But as per my blog post about the EARN IT Act a few weeks ago, I’ve come to decide that PGP is a pretty important topic, and that even the average user would benefit from having a basic understanding of it: what it is, how it works, and how to implement it themselves. If you decide you don’t want to use it yourself, that’s great! Hopefully you never end up in a situation where you have no other choice. But still, it’s one of those things it couldn’t hurt to know for its own sake.

What is PGP?

PGP stands for Pretty Good Privacy (I’m not making that up) and is an open-source encryption program. Generally speaking, it is most commonly used for encrypted email but it can actually be used to encrypt just about anything. It’s also a misnomer in that it’s actually one of the top encryption standards around, it’s not just “pretty good,” it’s incredible.

How Does it Work?

Simple version: sign up for a free ProtonMail account. ProtonMail’s end-to-end encryption is built on PGP. Let me give you an example: suppose you use ProtonMail and I use PGP with my regular Gmail account. If you have my public key, you can still send me an encrypted email – and I, you – with that information.

“Hold on,” you say, “you said Gmail and public keys, what’s that all about?” So without getting too much into the weeds, here’s how PGP works on a deeper level:

When you use any type of encryption (generally speaking), you create two keys. One is called the “private key” and one is called the “public key.” The private key is private: it stays with you. Never share it, keep it safe. Maybe create a backup of it somewhere safe. The public key, on the other hand, can be spread around as much as you want. The more the better.

Think of the public key as your address and the private key as your door key. The more people you give your address to, the more people can write you. But only you can unlock the door and enter the house where you have some privacy. So going back to my earlier example, if you have ProtonMail (or any other PGP-enabled service) and I’m using a different PGP service, as long as you have my public key you can send me an encrypted email. And vice versa. (Now seems a good time to note that I do, in fact, have my public key listed on my site for this exact reason.)

How Can I Implement PGP?

“You said Gmail though,” you say insistently. “Can I use PGP with Gmail?”

The single biggest pushback I get when I try to get people to switch to a more privacy-respecting service like ProtonMail or Tutanota is that they don’t want to go through the hassle of telling everyone to use their new email address. Let’s face it: changing emails is a lot like moving. There’s a lot of loose ends to update and it gets really annoying and tedious. It’s easy to overlook someone you should’ve updated or for someone to not take the memo to heart and email your old email.

I don’t think you should stick with your current Gmail or Yahoo Mail for lots of reasons. A major advantage to using an encrypted email provider is that even in your inbox, the emails are encrypted. This means they’re safe from data breaches or warrantless police surveillance. However, I get it. If you want to use PGP with your existing email provider, there’s two ways to do it. Honestly, I wouldn’t call either of them “easy,” but I would call them “relatively easy.”

The first is a browser plugin called Mailvelope. For most people, this will be the best solution. If you’re the type of person who goes to “gmail.com” to check your email, this is the solution you’ll want. You simply add it to your browser as a plugin, it generates all your various keys, and you simply use it whenever you want to encrypt, decrypt, or sign an email. The second option is if you’re a mail-client type of person – aka Outlook. If this is your preferred method of accessing your email, then consider switching to Thunderbird. This open-source mail client recently updated to ship stock with Enigmail, an email plugin that enables PGP. Just like Mailvelope, you’ll have lots of options to encrypt, sign, or decrypt messages on an as-needed basis.

Conclusion

Now you have a basic understanding of PGP, how it works, and how services such as ProtonMail implement it behind-the-scenes. You also have an option to add it to your own existing email service if needed. Hopefully this doesn’t matter in the long run, and hopefully this is just some fun facts for you to have in your head, but now you can consider yourself prepared and educated.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates on Mastodon or support my work on Liberapay.

If you are even slightly involved in the privacy community, you’ve probably heard by now about the EARN IT Act. If you’re relatively involved in the privacy community, you’re probably sick of hearing about it by now. But it’s important we need to talk about it: what it is and what to do about it either way.

What is the EARN IT Act?

S. 3398, also called the EARN IT Act of 2020, is “A bill to establish a National Commission on Online Sexual Exploitation Prevention, and for other purposes.” Basically, Senator Lindsey Graham and the National Center for Missing and Exploited Children have decided that end-to-end encryption is bad because it allows the proliferation of things like child sexual abuse, human trafficking, and drug trafficking. Without this side-tracking this post too much, the number of registered sex offenders in the US is less than a quarter of a percent of the population in 2018, and drug arrests account for only 1% of the US population (this post has more context, information, and my sources). So first of all, arguing that nobody should have encryption is a lot like saying nobody should have clothes because a few bad people use it to smuggle illegal items, or that nobody should have food because some people use silverware for murder. It’s ridiculous and blown out of proportion. But that’s exactly what the EARN-IT Act asserts. It’s a law that would ban end-to-end encryption, the most secure form of encryption around, and force all encryptions to have a “backdoor” for law enforcement. The problem is there’s no such thing as a backdoor that only the good guys can access. Just as your own house door can be broken into by a criminal, so can a technological door. The amount of personal liberty we’re giving up is not proportional to the amount of good it would do.

What to do about it

The bill was introduced earlier this month and is still in the very early phases of the legislative process. So that means there’s still tons of time left to fight it. The most effective way, of course, being to call your local politician and tell them you’re a voter in their district and you want them to vote against it. Don’t know who your politicians are? EFF has made this very handy site that will look them up and email them for you. But calls are more effective than emails, so use this site to find your representatives by zip code, and use this site to find your senators by state, then use DuckDuckGo or the direct links on the Senate and House websites to get the phone numbers of their offices nearest you. Then save them in your phone and set an alarm to call them every day and remind them you are against the EARN IT act. Typically all they ask is name, zip code, and your comment. You can leave it at “I disprove of it and want them to vote against it” or you can go on a whole diatribe about how it’s an assault on civil rights and statistically ridiculous. Just be polite. Finally, you can sign an official White House petition against the EARN-IT Act here. This alone won’t be enough to repeal it, but the more signatures it gets the more it shows that Americans don’t want this bill.

What to do if it passes

If this bill passes, we face some trouble, so it’s best to get your ducks in a row now. One solution is the previously-mentioned Firechat app that I shared in my COVID-19 post last week. Since this app stays off cell networks, it’s undetectable and therefore uncensorable. I first learned of it myself because of the role it plays in the ongoing Hong Kong protests.

Another open-source solution I mention on my site is Matrix. Encryption is not enabled by default but is activated easily with the click of a button, and with a little extra work it can bridge to a variety of apps and services.

The TOR Network is another valuable tool, but because it is easily recognizable it can also be easily blocked by internet service providers. So while that is a service to keep in our pockets, it’s important to have alternatives as well. VPNs are likely to not be affected as they are not end-to-end encrypted, but their no-logging policy may come under fire next.

Additionally now is a good time to get comfortable with PGP encryption, as this is a local type of encryption where the keys are stored on your device and you don’t have to rely on anyone else for the security or effectiveness of it. It is most commonly used via email, but it can be used for other types of data-at-rest encryption as well.

Mesh networks are a more complicated solution, but they are a potential solution and hopefully we’ll see them become more user-friendly in the future as a result of this attack.

As I said, now is the time to look into these solutions and start planning as it may be much harder to access these services if the bill gets passed. Hopefully we won’t need them, but better safe than sorry and preparation is key. I plan to put up more posts and tutorials on these subjects in the coming weeks. Up until now I’ve been putting them off as I didn’t think they concerned the average user, but clearly this is no longer the case. In the meantime, the best course of action is keep bugging your elected officials and hopefully this won’t be an issue in the near future.

Let’s (Not) Talk About COVID-19

I’m a little salty. The COVID-19 panic has finally hit my hometown late this week as three confirmed cases popped up in my relatively-large town of 1.5 million. Earlier this week I stopped by the grocery store and it was business as usual. Yesterday my girlfriend gave me a play-by-play of all the people that almost ran her over and sent me pictures of the empty shelves. I’m frustrated because I personally fall into the camp of “the seasonal flu is statistically more dangerous at this point, this is just public panic over nothing.”

Over the past few months, I’ve been publishing a lot of articles on Mastodon about hospital data breaches. It’s a topic I’ve been mulling over, figuring out how to best address the situation. After all, you want to be honest with doctors to get the right treatment but you also don’t want your personal information posted on the dark web simply because you decided to be healthy.

So today I’ve decided to roll a number of topics together to talk about how to handle your privacy in times of a pandemic (or a media panic over nothing). This article is probably going to run a bit longer than my usual post, so bear with me.

How to Handle Hospitals

Even if you’re the type of person to “take an ibuprofen and tough it out,” chances are you will eventually have something serious enough to warrant visiting a hospital, even if just out of caution. So let’s start with how to handle those. Rule number one: don’t lie to your doctor. They became a doctor because they wanted to help people and you’re just wasting their time and risking your own life by lying. Having said that, not all information on a hospital form is mandatory. When they give you the paperwork to fill out, I would ask them what the absolutely essential parts are. I’d also ask if they have a form allowing you to opt out of any data-sharing agreements. They won’t advertise that stuff, but they usually have it. The questions might catch them off guard but ultimately as long as you’re polite and cooperative they don’t really care.

Get a PO Box

I’ve mentioned before some of the benefits of a PO Box. They’re cheap, and they put another layer of protection between your real home address and the public world. And at no additional cost (through USPS, private places may charge) you can sign up to use your PO Box as a street address, which means nobody will even notice that it’s not a real address. This is great for things like hospital forms or employer records as they give those people a legitimate way to get in touch with you without risking your home address showing up in a data breach.

Get a Voice-over-IP (VoIP) Number

This is a thing that deserves its own article and will get one someday. A VoIP number is, in short, a digital phone number that forwards to your real number. Google Voice is a great option if you have an Android phone or budget constraints. I recommend MySudo for iOS. Keep in mind that no VoIP app is perfect for total privacy, but at least it removes your real number from potential data breaches and public records (I’ve got an article in the works about why that matters but for now just trust me that it does, it’s too much to get into in this already crowded article).

Freeze Your Credit

As is usual in times of chaos, scams are on the rise. So make sure to protect yourself and your dependents: freeze your credit and set fraud alerts. Thanks to the Equifax data breach, freezing your credit is now free by federal law in the US, and identity theft of minors is one of the leading cyber crimes. Freezing your credit will ensure that nobody can open an unauthorized account in your name. Even if you don't suspect yourself of being a target or you argue that your credit is too awful to be useful, rest assured that someone will always be able to open a high-interest account for you that a criminal has no intention of every paying off and now the task falls to you to jump through a million legal hoops and prove it wasn’t you. Just avoid it. Set up a credit freeze, and furthermore set up fraud alerts. Lately people have been finding very easy loopholes to unfreeze credit without a PIN – which defeats the whole purpose. A fraud alert is a second layer of protection to help defend against that.

Pay in Cash

This is kind of one of the foundational principles of privacy and data security. While credit cards do come with a lot of convenience and a few legal protections, the transaction information can and often is sold or shared from your bank to various third parties for advertising purposes. Paying with cash removes that tracking trail. I suspect – pardon my tin foil hat – that it’s only a matter of time before your shopping habits are used to determine things like approval and rates for loans, insurance, and other important aspects of daily life.

FireChat

I was actually planning an entire blog about this. Basically FireChat is an app that creates local networks with wifi and bluetooth cards on phones, bypassing cell towers entirely. The messages are end-to-end encrypted, meaning your message is safe as it hops from phone to phone. This could be a very useful feature in the future if things get worse and we start to see public services get overwhelmed or shut down. It could also be very useful at a theme park or concert once all this blows over, as large gatherings of people tend to overload and slow down the network even if they aren’t actively using their phones. Firechat is not open source, so I don’t recommend using it as a daily communication tool (for a host of other reasons as well). But it could potentially be a good tool to download now and have on standby in case of emergency.

Take Up a Passing Interest in Disaster Prepping and Personal Finance

Admittedly for some of us, this might be too little too late. But honestly, there’s a lot of overlap between the worlds of privacy, personal finance, and disaster prep. For example, disaster prep says “plan for the most likely scenarios first – emergency hospital visits, economic collapse, etc – before you plan for the zombie apocalypse.” Personal finance would agree with that logic 100%. Privacy says “use credit as little as possible because it tracks you,” and personal finance would agree that not relying on credit and staying out of small-time debt is a great idea (disaster prep agrees on that last one, too. If you have no debt, you have one less bill to worry about when the economy tanks). Disaster prep doesn’t mean building a doomsday bunker in the backyard with a thousand guns, it means having an emergency fund and a case of bottled water in the pantry just in case. Again, these are topics that are far too broad to get into in a single blog, and for the most part they are their own separate subjects that warrant pages and pages of discussion. Basically, these aren’t subjects I plan to get into too much ever because they simply fall outside the subject and scope of this site (maybe a few posts here and there in the future on relevant subjects). But they do offer some relevant advice on both the current situation and your privacy in general and I encourage you to look into the subjects.

The Aftermath

Okay, allow me to put on my tinfoil hat here, and if this section jumps the conspiracy-theory shark too much for you I completely understand and respect that and I hope you’ll still extract the meaningful advice in the rest of the article: I think we are going to see a suspension of civil liberties as a result of this epidemic. I think for the most part, it’s going to be well meant (and ineffective). However, just like the Patriot Act and the TSA, I think any such suspensions will be here to stay. In 2001, terrorists attacked the World Trade Center in New York and forever changed the course of history in both politics, war, surveillance, culture, and more. Many of our basic freedoms were suspended in the name of “The War on Terror” and to this day – nearly two decades later – we are still fighting to get many of them back. Already we have seen entire cities and regions quarantined, we’ve seen cities ban large gatherings (some as “large” as 500), we’ve seen the government demand more travel data from airlines to track the disease (many Asian countries have already ramped up their surveillance states to successfully combat the outbreak), and I wouldn’t be surprised to see curfews and other such things in the near future. Again, I’m certain that in most cases this is being done with the best intentions. But once Pandora’s Box has been opened, it is so damn hard to shut it again. So as the world scrambles to stop the spread of COVID-19, let’s be sure not to let our fear take us down that road again. Make sure that our civil rights continue to be respected, and make sure they are restored to us as the panic begins to wane. Hold your leaders accountable for that.

Conclusion

Again, I fall into the camp of “I think people are overreacting,” but whether I’m right or wrong we are facing some scary times ahead. Major events are being canceled worldwide, which will lead to economic implications (here in my town we’re already seeing the trickle down). Travel is being restricted, and whole areas are being quarantined. This is going to be a disruption to our daily lives, and it’s important to remember to protect our privacy as well as our health. Please, do visit a hospital if you think you need to. Buy some cold medicine to help with your symptoms. But remember to keep your privacy intact as we all push through this.

A Personal Note from the Author

I mentioned that in my hometown we are already seeing a trickle-down of economic impacts. I live in Austin, TX. We have already canceled the legendary, multi-million-dollar South By Southwest (SXSW), an international week-long music and technology festival that happens every spring in Austin. It’s a huge deal for our economy. This is the first time in over 30 years that’s happened. In response, SXSW had to lay off 1/3 of it’s permanent staff. All of our local major events centers have canceled all their events for the rest of the year, including sports, concerts, expos, and more – we’re talking arenas that seat tens of thousands. We've also canceled tons of other major economically-advantageous events like the Rodeo, just today the city is urging gatherings of more than 250 people to cancel, schools are canceled (or moved online wherever possible), our local racing track – which hosts F-1 and Indy and all other international events – is closed. I've heard the Austin City Limits festival is also cancelled, but that's not until October so I don't know if that's true. We are turning into a ghost town real quick.

My day job is audio/video. I currently work for a small audio/video installer – “less than ten people” small. Yesterday our owner (who is very transparent, which I appreciate) sent out an all-hands email letting us know that times are already getting tough. One of our clients – which was one of these ten-thousand-seat arenas – is having to push back working with us because of funds lost due to cancelled events. Another client that was set to start this month – a college – is also having to push back because of the scramble to move to online classes. Two other clients that were set to start this month – both tech companies – are pushing back because of the disruption of the epidemic. Our owner is doing everything in his power to keep us afloat and not cut any hours, but he is admittedly worried. We were already in a slow season as it is, and now almost all of our upcoming projects (and certainly all of our highest-paying ones) are pushed back indefinitely.

Without going into detail, I assure you that if hours are cut or people are laid off, I will be first on the chopping block. I don’t think it has anything to do with the quality of my work, my work ethic, or me as a person. It’s just a logical choice and one that I wouldn’t blame the owner for making. It’s the same choice I’d make. And I have no doubt that we are not an island – this disruption is happening industry-wide, so despite my impressive resume (I’m serious, I have a fantastic resume) I don’t think I would have an easy time hopping to another job simply because I suspect nobody is hiring right now.

I say all that to say this: I realize times are about to be tough for everyone if they’re not already right now, but I’m facing a pretty scary time ahead as my industry is not essential and neither is my position with my day job. As such, I will be leaning very heavily on side projects like this one and the generosity of its supporters. So, if you are in a position to give anything to help support this project and myself during these times of uncertainty, it would be extremely appreciated. And if you are not in such a position, I get it. Just try to stay healthy and weather through it. Thank you for reading.

https://liberapay.com/thenewoil

There’s a problem prevalent in some of the more experienced members of the privacy community: the problem of assuming that privacy and security are binary, that one size fits all. As I peruse questions from new people freshly introduced to privacy, I see more experienced people throw out ridiculous solutions. For example, I often see the question in other forums “should I use ProtonMail or Tutanota?” and without fail there’s always one person who says “self-host your own email. It’s more private cause you own your own data, and more secure because you don’t have to rely on anyone else and you’re not a target for hackers the same way a big company like Proton would be.” These answers aren’t technically wrong, but I find them ridiculous for a number of reasons. For one, there’s the technical obstacles: I have my own Nextcloud server at home and I promise you that was not easy to set up. No average person has the time, energy, resources, or sometimes courage to do that. For another, security is relative. I personally would rather trust a major company rather than trust myself to create a “secure” email. I am far from a cybersecurity expert. I think even a big target like Tutanota would be more secure than my garbage server at home. And there’s that: most people don’t have a spare computer lying around, and they’re not willing to go buy one just to spend weeks starting over and agonizing over how to get it barely working like a Rube Goldberg machine made of tinker toys and duct tape. The thing that most makes these solutions “ridiculous” however, is the egotistical assumption that their offered solution is perfect for everyone.

Privacy is Not Binary

Privacy is a sliding scale. Privacy is not a matter of “delete your Facebook and use Signal and now you’re secure.” Deleting Facebook from your phone makes you MORE secure than keeping Facebook’s app on your phone. Using Signal makes you MORE secure than using regular SMS. Doing both makes you MORE secure than doing just one. However, doing one is still better than doing neither. Deleting Facebook altogether is a great idea for so many reasons, but only accessing Facebook from your browser is MORE secure than using the phone app like everyone else. There is a gray area in between “go live in a cabin in the woods purchased under a fake name” and “post your Social Security number on Twitter.”

Privacy is Not One-Size Fits All

More importantly, privacy and security is not a one-size-fits-all solution. That’s exactly why I’ve organized my site in a “pros/cons” format. Using instant messaging as an example, Signal is world-renowned for their security and it’s ease of use, but it requires a phone number. That can be an issue for someone trying to maintain a degree of anonymity. Some people aren’t worried about that. My mom doesn’t care about privacy. If I want her to respect my private communications wishes, I have to find a solution that’s easy for her to adopt, and it doesn’t get much easier than Signal. In the early days of my career, I worked a job where work schedules and announcements were disseminated via a private Facebook group. If I didn’t at least have an account to access the group, I didn’t get my schedule or important updates. And that early in my career, I was still very much in the “take any job you can get” phase (these days I have a more robust resume and I can afford to be picky).

There are many, many valid reasons that a person may choose to keep their Facebook account. Or WhatsApp. Or Gmail. Or Windows operating system. There are even more valid reasons that a person may choose to use a service someone else created and hosts like Firefox, Wire, Tutanota, Bitwarden, and more. Privacy and security are not black-and-white “either you are secure or you aren’t.” In running this site, I have made myself less secure by creating a public image, posting regularly, and engaging with others. If I wanted total privacy and security, I wouldn’t do any of that. I would stay off the internet. But I’ve also reduced my “attack surface” by doing things like using services that don’t require a real name, using the TOR network to post, and using services that don’t track me such as Write.As and Mastodon.

I will always encourage you, my reader, to be as secure and private as possible because digital rights are human rights. But don’t let the more elitist hipsters of the privacy community fool you: if you’re reading their opinion online, they could be doing better as well. There are circumstances that sometimes require you to take a less secure option: work requires you to use Apple products, or your family simply refuses to leave WhatsApp, or you need Twitter to stay updated on a local issue, etc. I will always suggest you opt out of those things as much as possible and find workarounds, but I will also respect that that’s not always possible. And while you should try to be as strict with your privacy and security as you reasonably can, don’t beat yourself up. The fact that you’re here means you’re going in the right direction, and sometimes it’s enough just to lock your doors and windows.

About once a week or so, I see a post in the privacy community that says something along the lines of “If Product X is open source, how do we know The-Company-Behind-Product-X hasn’t just modified the public code to look good while secretly running something else on their servers?” The short answer is: we don’t.

You Always Trust Someone Somewhere. Always. Period.

My dad is one of those “I walked uphill in the snow both ways to school” types. To his defense, this is isn’t always a bad thing. His attitude did teach me a lot about self-reliance, taking initiative and control of my own future, and self-improvement. It was a good thing. But I remember one time where I was completely broke through no fault of my own. I don’t believe in playing the victim. Almost always you got yourself into a situation and you should take responsibility for that. But sometimes things happen that are genuinely out of your control and you truly are the victim. It’s rare (on an individual level) but it happens. I had three sources of income at the time and all three failed to pay me for reasons that – in all three cases – were legitimately out of my hands. I’ll never forget my dad telling me that it was my fault, that I should never trust anyone for anything and there had to have been SOMETHING I could’ve or should’ve done differently. To this day, over a decade later, I insist my dad was full of crap in this instance.

The fact is, you ALWAYS put SOME measure of trust in SOMEONE SOMEWHERE. Always. Period. Without question. You trust that your boss is going to pay you when you show up for work. You trust the other drivers to stay in their lanes when you drive (for the most part). You trust the food you get at the grocery store to be safe. You trust the construction of your home. You are ALWAYS trusting SOMEONE at SOME POINT. Even if you demand to be paid up front, you’re trusting that the check won’t bounce. Or that the economy won’t suddenly spiral into a recession with hyper inflation. Or that your bank won’t spontaneously close your account. Or that they won’t give you counterfeit bills. You are ALWAYS trusting SOMEONE SOMEWHERE. End of story. Period.

Trust and Due Diligence

The privacy community is a paranoid one. Sometimes that’s good, and sometimes that’s bad. A little paranoia is a good thing in a world where data breaches aren’t disclosed, apps and services lie about what they’re really doing, and companies are aggressively going out of their way to track you. But too much paranoia is bad. Uncontrolled paranoia can lead to problems like anxiety, depression, suicidal thoughts, and legitimate mental health concerns. (If you suspect you might be spiraling or have spiraled into that territory, please seek help. You are not alone.)

The point is that it’s about balance. Trust should not be blindly given in almost any context. You wouldn’t hire a random person off the street to babysit your kids, you wouldn’t pick a bank you’ve never heard of to manage your money, and you shouldn’t pick services you haven’t researched to safeguard your sensitive information, metadata, and communications. You should absolutely do your research. Is the company/app/service well respected? Do they have a track record of putting their money where their mouth is? They may be open source, but have they been audited? Has anyone expressed any legitimate concerns about their practices?

The key word there was “legitimate.” Lots of people dislike ProtonMail because it costs significantly more money than Tutanota, but their list of complaints ends there. While that may be a deciding factor for you, it doesn’t make ProtonMail any less trustworthy or reliable. As you research a product or service in the privacy community, you will find no shortage of people who have minor complaints about a product. “They’re based in the United States.” “They use X programming language instead of Y.” “They could be more secure if they did ABC.” It’s the privacy equivalent of someone who prefers vinyl over CD. They’re not technically wrong, but you risk getting lost in the weeds. If you’re so obsessed with finding the perfect turntable, cables, speakers, signal processing, and so forth you risk never actually listening to the music.

Instead, focus on legitimate complaints. Are they owned by an advertising company, or a company with a history of packaging malware? Has their code been audited? How do they make their money? If a product is free, you are the product, so if they don’t have a paid model of some kind they’re probably not very trustworthy. Are they using an encryption that’s known to be weak? Does their privacy policy state they log information that you find troubling? Are there credible whistle-blowers from inside the company that have made troubling claims or leaked documents that suggest troubling practices? These are all legitimate complaints. “They cost too much” or “I don’t like their mobile app” is not a legitimate complaint.

Trust Varies

There is something to be said for individual levels of trust and threat modeling. I use Signal as my primary messenger of choice. I do this because I have a VoIP number that I use only for Signal and nothing else. Anyone who searches my Signal number will find very little information about it or me. I can safely hand that phone number out like candy without fear of sacrificing my privacy. Not everyone has access to a VoIP number though, and thus they may only be able to use Signal by using their real phone number, and that may be a risk they don’t want to take. That’s not to say that Signal isn’t trustworthy. It has repeatedly stood up to scrutiny, auditing, data leaks, and has shown itself to be a reliable, secure messenger. But because of its limitations, it’s not right for everyone. Others may choose to use something like Wire or Wickr because they don’t rely on phone numbers. Your specific threat model determines what’s right for you, and picking one service over another doesn’t necessarily mean you don’t trust it. I don’t use Matrix myself, but I still recommend it on my site.

At the end of the day however, you have to trust something somewhere along the line. The goal of this site is not to remove trust. That’s impossible. The goal is to teach you how to evaluate things for yourself and decide the right level of trust. If your goal is simply to communicate securely (and cheaply) with family in another country, Signal is great. Even something like WhatsApp or Telegram is technically acceptable. But if your goal is to protect a whistle-blower who’s revealing top-secret information to you, a journalist, then you need a higher standard of trust.

The other day I posted an article on my feed about how the US Immigration service is using cell phone location data to track immigrants. In light of this article, I feel it a good time to remind you that cell phones are not your friends.

The Problem

Cell phones are 24/7 GPS surveillance devices, constantly leaking data at all times. At any given time, your phone is broadcasting your location. It’s also usually broadcasting a bunch of other information such as WiFi connection information and usage data. Recently, Privacy International found that some devices and apps even transmit personally identifying information such as name, date of birth, and gender without using any type of encryption or security measures. Even within the device itself, there’s a messy web of apps requesting information that they don’t really need and transferring that information to their own creators, leaking even more information about people who didn’t consent to having their information shared to people who don’t need it. (Source, just one of many.)

The Reminder

Phones have made life incredibly easy and convenient in so many ways, and as usual I’m not here to decry the rise of technology. Technology is fantastic and I love it. I have a phone. I have a smart TV. I use decentralized social media. But remember that our phones have been usurped as surveillance devices, constantly betraying us. Our messages, our locations – which are then correlated with other phone locations to create a network of who we know, further creating a startlingly accurate guess at our socio-economic status and a whole host of other things – even the games we play and shows we watch. It’s all being collected at all times for various ends. Some companies just want to sell things to us, some agencies want to catch the bad guys, and a small few of powerful people want to control things. The more data they have, the easier it is to do that. If you need a reminder of how this power can be abused, just take a moment to browse through my homepage.

The Solution

It’s hard to recommend a course of action. I personally have taken to simply leaving my phone at home as much as possible. If I’m going out to dinner with my girlfriend, I pay in cash and leave the phone at home. After all, my goal is to spend time with her. Leaving my phone not only ensures that “they” don’t know where I went, but also keeps me from getting an email or browsing memes when I should be spending time with her. I’ve also taken to doing as little as possible on my phone. I have Signal and Wire both loaded onto my computer, as well as my password manager. I try to keep my phone as clean as possible of apps, only keeping those that I absolutely need to do my job or be responsive as needed. Even though my phone still betrays my location, I try to replace my map app with something like OSMAnd, an open source navigator, to mitigate the amount of data reported. I believe I may have mentioned that I stopped sleeping with my phone in my room a few months ago and replaced it with an old-school digital alarm clock (not the smart kind, the $10 “just tells time and beeps real loud” kind).

As with most things, reasonably abandoning my phone hasn’t had any negative impacts and if anything has only made my life better. I sleep better, I focus more on where I’m at, and I tend to be more in-the-moment. Again, I’m the last person to decry technology, and obviously some of us can’t turn our phones off when we go home, but the goal of this post is not to tell you what to do. Just to give you a quick reminder that your phone, while undoubtedly having improved your life in many ways, is not your friend. Don’t forget that. Keep it on as short a leash as you reasonably can.

One thing I really like about running a news feed of sorts is that it gives me real-time insight into trending topics in the world of data privacy and security. One trending topic I’ve been seeing a lot lately is companies forcing the use of proprietary products over third-party alternatives via internet connections. (Example 1, Example 2.) If you peruse the suggested products and service on my site, you’ll notice that I always put “open source” as a point towards a product. With the rising tide of digital rights management (DRM), I think it’s worth plainly discussing what “open source” is, why it’s a good thing, and why I’ve decided it’s going to be an important factor moving forward.

What is “DRM” and “Open Source”?

While I’m explaining the concept of open source, I want to take a second to explain DRM as that will come into play later. DRM stands for digital rights management, which is basically a fancy way of saying anti-piracy or anti-copyright-abuse. It allows companies to ensure that you’re using a legitimate copy of their software, game, or ebook (or other digital files) rather than a pirated version, and also that you're using it in accordance with the terms of service (ex, not hosting a movie theater in your home). On the surface, this is a great thing. I’m a firm believer that people who create a product have the right to charge for it if they want to, and as such they deserve to be protected from piracy and other forms of theft. DRM is, however, prone to abuse, which I’ll get into later.

Open Source refers to something who’s process has been publicly posted or made transparent. For example, one might create a program and then post the source code publicly on a site like GitHub. Open Source software is usually free, and usually the source code is posted for two reasons: one is so that people can modify it as they wish and improve it independently, and another is for trust and transparency so people can rest assured there’s nothing unethical going on in the background such as unnecessary data collection. A great example I once read said to think of open source as cooking at home and proprietary or closed-source as eating at a restaurant: at home you can see each ingredient and have total control over which ones to add, exclude, substitute, or modify. In the restaurant, your knowledge of the ingredients and control over them is limited to varying degrees (think of the “secret sauce” at a fast-food chain).

The Dark Side of DRM

As I mentioned above, I personally am of the belief that creating a product or service entitles you to charge for it if you so choose. That’s not a requirement, I have great respect and appreciation for people who give those things away with no strings attached, and I think people who do so make the world a better place. But I also respect that some things take a lot of time, effort, and skill, and the creator wants to be compensated for that, and I think that should be respected. However, as with most things in life, that can be taken too far. In the links above, the manufacturers sold a product (a fridge and a printer, specifically, in each example). Those products come with additional accessories that provide a revenue stream, ink and water filters in these cases. In today’s competitive market, it’s often more frugal to find a third-party non-name-brand who offers a compatible part for less than the manufacturer’s product that works just as well. There is nothing illegal about this, and personally I find nothing unethical about it either. Manufacturers are beginning to respond by making their products digitally refuse to use third-party accessories (we’ve already seen Apple do this to some third party charging cables for years).

One could argue that this is a company protecting it’s investment or intellectual property, but I think it sets a dark trend where corporations control all the products in our lives, all but crushing out competition simply because it’s not compatible. When multiple products work across brand lines, it's call interoperability. Think of an Android phone charger. Whether your phone is from LG, Samsung, or Motorola, and no matter who made the charger, it will work for all of them.

Interoperability is a good thing. It encourages innovation and competition and drives down prices. As in the above mentioned Android example, who hasn't gone to a dollar store to replace a lost or damaged phone charger for much cheaper than the manufacturer's official replacement? It works just as well. Anyone who’s been in college during the digital age has seen the gross abuses of DRM and monopolies. Pearson is a striking example of DRM gone wrong, often overpricing digital books and creating clunky, buggy systems for accessing them, and even with their ridiculous prices, books are often rented and not owned during the duration of the student’s course, meaning the book stops being accessible once the semester or license period is up. Nightmarish situations like these can leak beyond protecting intellectual property and copyrights, like when Pearson decided to remove many of their books from the digital libraries of people who had already paid for them.

Where Open Source Comes In

Recently we entered a new chapter of the digital age of truly 24/7 online connectivity. Our cars can host apps just like our phones can, and some even have their own modems built in to connect to the internet. Even our appliances like thermostats, fridges, washing machines, and coffee makers are constantly connected. As connectivity begins to permeate every second of our lives, it's important to not only be aware of who's collecting that data, but also to know that they now have the ability to enforce the terms of service at any time for any reason. And as someone who actually reads the terms of service, I can tell you that the vast majority of them say word for word that they can change at any time without warning. Your car might not report you for speeding right now, but it has the ability to and at any time the service provider can change the rules and start reporting your speeding habits to insurance and law enforcement. In the future your car may only allow you to repair it with manufacturer parts, or may decide that attempting repairs at home voids your warranty. More and more of us are becoming increasingly depend on technology and the connectivity of it all.

Open Source products protect against situations like these because they are designed to be proliferated. You can’t control the competition if you make the product freely available without restriction. You can’t stop anonymous users from sharing and modifying it. Even if you tried to enforce DRM, the source code can be modified to remove that enforcement. An open source fridge, for example, could easily be modified to remove the digital locks requiring the manufacturer’s filters. It protects consumers. Additionally, it’s a trust measure. Many of the services I recommend on my site revolve around communication and protection, and open-source means that anyone can verify that the code does what it claims to. There’s no mystery, conspiracy theories, or lies (theoretically). And with many eyes on the code, weaknesses and bugs can be quickly identified and corrected. As we continue to navigate the murky waters of corporate greed in the digital always-online era, it's time to start being aware and future-proofing ourselves as much as possible. Going forward, I will be placing much more weight on open-source products and services and companies who behave ethically, and I encourage you to do the same.

The choice of web browser seems like a silly thing for me to talk about. As I’ve mentioned countless times before, when I run this site I strive to find a balance between throwing too much at my readers but also serving them with good, useful information. But honestly, a web browser is one of those things that on the end-user level makes almost no difference and on the backend makes a huge difference, so I figure it’s worth discussing. In other words: once you get used to it, the browser you use has almost no impact on your daily life, but it can have huge implications behind the scene.

What is a Web Browser and Why Does it Matter?

In the off chance you’ve somehow gotten very lost in your quest for cat videos and have no idea where you are or what I’m talking about, congratulations! You’re almost certainly reading this on a web browser! (Unless someone screenshotted this or copied it to a text file or something like that.) A web browser is simply a program you use to access and explore the internet. Sure apps and things of that nature also access the internet, but they do so in a very specific way. Your web browser allows you to do so openly and flexibly. Common examples of well-known Web Browsers include Chrome, Internet Explorer, Edge, Firefox, Opera, and Safari (in no particular order).

Why does it matter? Because frankly, there’s a lot more going on behind the curtain of your web browser than meets the eye. At eye level, you type in “buzzfeed.com” and you go to buzzfeed to watch reaction gifs and read clickbait articles. But behind the scenes where you can’t see it, so much more is happening.

I’ll try to make this as not-confusing as possible but I want to give you a rough idea of some common things that happen on the backend of any given web browser. You type in “buzzfeed.com.” Your browser contacts a Domain Name Server (DNS) and says “what’s a ‘buzzefeed.com’?” The DNS checks it’s records and goes “oh, that’s IP address 127.0.0.1” (that’s not it, for the record) and your computer goes “oh! I understand that!” and contacts that IP address. Once they’ve established that connection, your computer temporarily downloads the website to view on your computer, running all the HTML, CSS, Javascript, and more that the site has to offer. Likely it will even download cookies, which are small text files containing information about your visit to the site. In return, your computer will transmit – upon request (and most sites request it) – information such as existing cookies it already has stored and information about the device visiting the site, such as operating system (Windows, Mac, Android phone, etc), the web browser, your location, and more. Some of this information is used to make sure you see the site appropriately (for example, a desktop site rarely looks good on mobile) and some of it is just to help the site owner know more about their audience (“it seems my site is really popular in Canada”). But some of it, such as cookies and details about your device, are just invasive and unnecessary. And all the while, your Internet Service Provider (ISP) is watching all that traffic.

So What Browser is Best?

With most things on this website, I’m very hesitant to give a straight answer because there’s so many variables and options. But here I feel pretty confident giving a blanket statement: use Firefox. Let me go into detail.

Far starters, the worst possible browsers you can use include Edge, Internet Explorer, Safari, and Chrome. Chrome is very fast, very well supported, and very secure, but all of these browsers share one common dealbreaker, and that’s that they report detailed usage information back to their creators. They’re essentially spyware. All of them. So by using something like Chrome, not only are you sharing all your browsing with your ISP, you’re also sharing it with Google. Why would you willingly invite a spy into the mix?

Firefox is open source and privacy-minded. That’s not to say they’re perfect. They’ve had their fair share of “oops” moments, bad judgment calls, and unnecessary information collection, but compared to the other mainstreams browsers I mentioned above it’s practically not even worth considering. Additionally, while Chrome is fast and secure, it’s barely any faster than Firefox (the average person won’t even notice it), and for the average person your biggest security concerns should be things like data breaches, not obscure DNS injection attacks. Mainstream threats like breaches, bad passwords, and phishing are significantly more threatening to the average person than behind-the-scenes code vulnerabilities.

Now for the disclaimer: that’s a blanket statement for the average person reading this. For 90% of my readers, Firefox is a perfectly good browser. For those other 10%, you have plenty of options. I personally support “upstream” distributions because they’re so quick to get security updates and features. Because it’s open source, Firefox has a ton of “forks” – modified versions, basically – that focus on everything from improved privacy to lighter processing requirements to open source alternatives and more, but these all require updates and features to be added by the person or team who modified them, which means they could be slower to receive critical security updates. If you’re in a situation where something like that might of more concern to you, then I recommend you do your research and see if they’re right for you. But in my opinion, Firefox plus the add-ons I recommend on my own site would be more than enough for the average person. If you need additional privacy or security, consider the Firefox configuration tweaks recommended by PrivacyTools.io.

Mobile

For Android there’s no contest. Firefox is fully available on Android, including all the plugins mentioned here. You can easily replicate the same browsing experience. For iOS, things get a little trickier. The two main contenders I support are Firefox Focus and DuckDuckGo. To be honest, they are essentially the same. Both block ads, both block trackers, DDG offers multiple tabs while Focus instantly erases everything once you close it out. It’s really a matter of which you prefer. I’ve tried both and found both to be acceptable personally. DDG is a company with a great reputation in the privacy community, as is Firefox, so I feel comfortable saying “whichever floats your boat.”

Honorable Mentions

Brave is a very popular browser these days. It’s based on Chrome so it’s lightning fast, but it comes built in with ad-blockers and the “HTTPS Everywhere” plugin. I would recommend Brave before Chrome if you absolutely refuse to leave Chrome for whatever reason, but I think it’s not as good Firefox for two reasons. First, since Brave is based on Chrome, it still uses the Chrome DNS, which means you’re still inviting Google to spy on all your traffic without reason. Second, Chrome might do away with ad-blockers, so I can’t imagine that functionality will remain in Brave.

TOR is another browser quick to be touted by privacy enthusiasts. TOR (which stands for “The Onion Router”) works as an entire network protocol by bouncing your encrypted traffic around a few different relays before releasing it into the wild, in effect providing you with anonymity and security. (As usual, that was a really basic overview, it’s a little more complex than that.) TOR does work, and it’s fantastic. In fact, I access the internet in relation this project exclusively through TOR. But for the average user, it can be a bit unwieldy. For one, it’s quite slow. For another, because TOR is so often abused, many websites block known TOR addresses to prevent said abuse. You’ll drive yourself crazy trying to check your bank account via the TOR Browser. You may even run into the occasional issue where a website thinks you’re in a foreign country so they translate the site into a language you don’t understand. Most importantly is that insecure websites present an even greater risk on the TOR network as now you have to trust that the person at the end of the chain who can see your traffic isn’t stealing your information. I love TOR, and I use it for many things, but again, for the average individual, it’s probably a bit too clunky.

Closing Thoughts

As I said at the beginning, web browsers don’t mean much to the person using them. My girlfriend, a die-hard Chrome user, adapted instantly to Brave, then again later to Firefox. Once she settled in, she noticed no difference in her online experience. But the things happening behind the scenes are another story, and something as small as how you browse the internet can make a massive difference.

I'm amused – and slightly sad – that as I began to do my research for this blog post, every result for a search of “tracking links” or “tracking URLs” returned the same thing: web-hosting and analytics companies giving a very benign overview of what they are and then explaining why everyone who owns a website should be using them. I shouldn't be surprised. Like most surveillance technologies, the proliferation of tracking links is aided by two main concepts: the first is that they provide a very useful trade off, and the second is that people don't really understand or consider the danger of the capabilities.

Tracking links or tracking URLs are hyperlinks that not only direct you to a website, but also record information about you when you click on them. These can appear in the form of shortened links, such as the common “bit.ly” service, or it can appear in the full link, usually beginning with a question mark or a slash then followed by a bunch of other information, such as in the example I chose to use on my website (click to enlarge):

Image

This is not to say that every shortened link contains tracking, although it's hard to tell without seeing the full link. Likewise, not every question mark or slash signals the beginning of tracking information. But they are the most common indicators.

What do they do?

Tracking links, as the name suggests, track information when you click on them. As a business owner, I understand the value of certain metrics. It's useful to know if the majority of your website visitors are coming from mobile or desktop so you know how much focus you need to give to making your site responsive. It could even be useful to know if they're specifically coming from Apple or Android devices in case you were developing an app and needed to know which to prioritize. Even what sites they come from lets you know where your most engaged audience is.

However, as with most good technologies gone wrong, tracking links get so much more invasive than simple, useful metrics require. It's not uncommon for tracking links to be able to trace unique, personal information like IP address, MAC address, operating system down to which specific version or upgrade has been installed (ex: iOS 13.2). Some of them can even be used to track who sent the link, what time it was opened, other apps that are installed on the device, or websites that have been visited (this, I would imagine, involves the use of cookies stored on your device and therefore this becomes a coordinated effort from the tracking link). This is significantly more information than any website would need to know for metrics' sake, and it runs the high risk of identifying you personally in what's supposed to be anonymous data designed to help improve the site or service. Why does a recipe website need to know what other websites you've visited? What use does a clickbait article site have knowing the apps on the phone of the friend you shared the article with? It's a massive invasion of privacy.

The easiest way on desktop is to install a plugin such as NeatURL. However one should never rely on technology and should always know how to take matters into their own hands if necessary. (Also this solution isn't valid for many mobile users.) The key giveaway is to look for the aforementioned questions marks and gibberish. A link that goes “https://www.website.com/article-title/gfm-feed-12456" probably doesn't need that last bit (“gfm-feed-12456”). I've found the most effective solution is to erase it and see if the link still works. If it does, congratulations! You've erased the tracking link and helped protect the privacy of both yourself and your friends! Same thing applies with question marks. “https://www.website.com/article-title.html?=feed-123456." Delete everything from the question mark on, and check the link. This does require you to learn how to read a link, but honestly it's not that hard. Usually key words from the title will appear in the link, and it's a safe bet that anything you don't recognize beyond “.html” is probably not required. It's also a good idea to check the link before sharing it. I've found as I post news links to The New Oil's Mastodon account that some websites have gibberish-looking parts of their URL that are actually necessary (Forbes comes to mind, their links tend to look something like “forbes.com/article-title/12356” but deleting the gibberish actually brings up a 404 error page).

Stripping tracking links will not negatively impact the necessary metrics of a website, and frankly it won't stop invasive data collection. Any owner interested in the analytics will still be able to tell who visits their site, what device, how long they stay, and a ton of other invasive information that quite frankly they don't need. But it will help to protect both your privacy and the privacy of those around you by removing small parts of the puzzle – the fact that you sent your friend to that site, for example, or other invasive information that helps corporations and governments create a more complete but unnecessary picture of you that can and usually does get abused. And the more we take conscious stands against this kind of stuff and show that we as consumers will no longer tolerate it, the less common it will become (hopefully).

I personally am indifferent to New Year’s demarcations. I can often be found on any given NYE at midnight sleeping soundly in my bed. That’s not to say I don’t care for them, I just don’t care about them. Having said that, I do think it’s important to set goals for one’s self, and the arbitrary (if necessary) line in the sand of “new year” seems like a good time to revisit that for anyone. As 2019 draws to a close, I am assessing the past year both personally and professionally – what worked, what didn’t, etc – and am planning what’s to come in the next twelve months. Once a month, I post asking for financial support on Liberapay for this project, and so in the interest of transparency I wanted to take just a moment to outline what my goals are for this project. I want those who do support me to know what I’m doing with their hard-earned money, and possibly entice those who are on the fence about supporting me. And as always, if you are unable to support financially, I am totally okay with that and appreciate simply interacting with my posts, sharing them, and similar free shows of support.

If I had to define 2019 for The New Oil in one word, I’d call it “successful.” I hate when people say things like “this project has gone beyond my wildest dreams” because we all know that’s not true. Even bands who keep their hopes in check have dreams of playing the Superbowl (or similar large-scale successes) and even I myself have similar dreams for the scope of this project. But I will say I am pleasantly surprised how fast I’ve grown, as well as the overwhelming outpouring of positive feedback and interaction I’ve received.

When I started this project, I had one goal in mind: I wanted to take privacy and security – particularly against digital surveillance of all kinds – and make it accessible to “normal” people – that is, people who aren’t programmers, system admins, tech enthusiasts, etc and make them realize that it’s not as hard as they think to take some basic-level protections. There’s tons of great resources out there, but it’s not accessible to people like my mom, my girlfriend, or my best friend. They don’t understand it, and they need a translator to explain it to them in terms they get. That’s what my goal was with this site.

When I started the project, I had the same dreams as anyone else, but I tempered them with realistic expectations: I expected a few followers, the occasional hater, and overall I assumed this would become a passion project with no real effect. Instead I was greeted with tons of positive feedback, from “great article” to “everyone check this guy out.” Just last month I got my first financial supporter on Liberapay and broke 100 followers on Mastodon. I’ve even got people asking me questions about my thoughts on things or how I recommend tackling certain issues.

I have to remember that I am still a small fish in a small pond. There are people who are much more knowledgeable about this stuff than I am. Honestly, I like it that way. Snowden once said that his biggest challenge in presenting mass surveillance to the public was how to take complex issues and explain them in a way that everyday people could grasp. By keeping myself out of the higher levels of technical skill, I force myself to understand things at a general-public level, which I think (or hope at least) helps me present these things to the general public in an understandable format.

In 2019, I think I successfully found a sustainable foundation for the site going forward. I formed a working solution for selecting and posting articles based on a criteria that keeps them mostly relevant to the site. I created a solution for posting blog posts weekly, thought that one really comes down to just being disciplined. I think I showed both myself and my supporters that I’m serious about this project.

In 2020, I want to expand. In the closing weeks of 2019, I took a leap and started my own home server. Right now I mainly use it for things like RocketChat and Nextcloud, but I also run a TOR bridge. This is something I’ve wanted to do for years, to do my part to support digital freedom. In the coming weeks I plan to add a second relay for regular TOR users. In the future, I’d like to run a PeerTube instance and maybe even a Mastodon instance, as Eugen has indicated that Mastodon is growing rapidly and needs more servers. I’m currently torn between buying my own server and renting a VPS through a provider. There are pros and cons to both, feel free to message me your thoughts that might help me make a decision. This is still some time off, for now I’ll stick to running to small, personal services on the old desktop tower under my desk. But I do hope to have a professional-grade server running more advanced services before the end of the year.

In addition, I hope to start hosting regular cryptoparties in my area. Cryptoparties are basically classes where you explain encryption and surveillance to folks and help them get set up with things like 2FA, encrypted messaging, VPNs, and other simple such services and concepts. There are a startling lack of them in my area, despite being a major tech town, and I want to remedy that. Ideally I’d like to do them once a month, but I think I may aim for once per quarter so I don't overload myself.

In 2020, I also hope to attract more financial support for this project. This will help me cover the obvious things like hosting costs, VPS services (if I go that route), hardware maintenance (if I go that route) and other related expenses. Any excess support would go to helping me cover my own bills like housing, transportation, and groceries. I’m not a materialistic person, I actually identify as a minimalist, so rest assured that any “excess support” is not going to paying for a new Lexus or an expensive house. It’s going towards a moderate apartment and a used Toyota, and maybe some frugally-executed vacations in the future. And also two cats. They’re not very expensive though.

In the long term, I hope to be able to travel and speak and more on this project, lending my help wherever possible. I’ve got a few EFF links I need to look into this weekend about signing petitions against facial recognition and such. I work closely with my local EFF chapter to help bring these subjects to the general public in my area. I would love to be more closely involved in these types of organizations wherever I can. I would love to educate wherever I can. I would love to offer services and solutions of my own, hence my desire to invest in servers.

The purpose of this post was partially to put my own thoughts in order, but also to express transparency and let you guys know what to expect from me in the coming year. Two goals are actually not much for me, as someone who’s constantly on the go. Today is supposed to be my day off, but in the four hours since I woke up I changed a small part on my car, rescheduled a doctor’s appointment, made an appointment for the cats to get their annual shots, wrote this blog, and checked into some payroll stuff at my day job, so I’m not really much of “day off” kind of person. I wish I had more goals for this project in 2020, so if you see room for improvement please don’t hesitate to message me and let me know. And also feel free to keep suggesting services and products for me to review and add to the site, I want visitors to have as many options as possible.

For those who supported me in 2019, thank you so much. You honestly do inspire me to keep going on days when it feels hopeless or meaningless. For those who are new to the site, thank you for joining and I hope it lives up to your expectations. For those considering supporting me financially, I hope this post has helped you make the choice either way by explaining what I hope to accomplish in the future. And for those who can’t do so, I hope you can support me by sharing the site, the articles, the blogs, or whatever else you find worthy of sharing, and I hope it helps make this important subject more accessible to the general public.

Enter your email to subscribe to updates.