The New Oil

Information Security for normal people. https://www.TheNewOil.xyz

This week I was reintroduced to a phrase I’m coming to love as I interact with the privacy community: “don’t let perfection be the enemy of good enough.” If you recommend Signal to someone for it’s security, someone else will complain that Signal uses phone numbers and AWS as a backbone. If you recommend Session, someone will complain that it’s not audited. If you recommend Matrix, someone will complain about the metadata collected, and if you recommend XMPP someone will complain about, well, something I’m sure.

About a month ago, I went off on someone because they tried to argue that MySudo is a “joke.” I readily agreed with them that MySudo is not open source and is not end-to-end encrypted (unless talking to other MySudo users), and therefore I wouldn’t recommend it for seriously sensitive communication, but I proudly promote the app as a way to have a wide array of both VoIP numbers and capabilities (such as email and SMS) readily available for a low price. This is great for not using your SIM number and for compartmentalizing your life. The person replied to me by saying that a better solution is to buy multiple phones in cash with multiple SIMs and use them as needed. I quickly pointed out that this solution is ridiculous because 1) it’s expensive, 2) it’s not user friendly, and 3) by turning the phones on and off as needed, you’re already creating a pattern that can be tracked back to you.

The fact is, anything can be hacked or traced. You can ask literally any privacy expert out there and they’ll agree with me. If you cause enough trouble, someone with enough resources will find you. It’s only a matter of time. This is one of the reasons I repeat over and over on my site that I’m not trying to teach you how to do illegal things. That’s not just a disclaimer to cover my butt, it’s because you will get caught. The goal of privacy and security – for the average person – is to find the right balance between protection and convenience. I mentioned in another blog post that if you make your security defense too difficult, you’ll simply never use it, so you have to find the balance between solutions that aren’t ideal but will be used against no solutions and solutions that are so hardcore you’ll never use them, thereby defeating the purpose.

Which brings us back to my first paragraph. The fact of the matter is, no solution is ideal. ProtonMail explicitly says on their website that if you’re leaking Snowden-level secrets, you probably shouldn’t be using email at all (he certainly didn’t). If you’re planning a revolution, you probably shouldn’t be using Signal even if it does have top-level security. You should be getting together in person. Anyone who claims to be perfectly secure or anonymous is – point blank – full of shit and you should run from them like Jason Voorhees. You shouldn’t rely on these electronic means which will someday become insecure, and for all we know might be already. State technology tends to be roughly a decade ahead of the public sector, so you should assume that the government can read everything you do.

For most of us, that’s okay. For most of us, the government is not interested in our selfies, bad puns, dinner plans, Starbucks orders, and the fact that we’re running fifteen minutes late. However, the fact that we can’t have perfect communication doesn’t mean we should throw the baby out with the bath water. “Signal requires a phone number and is based in the US and uses Amazon for infrastructure.” Those are all perfectly valid complaints depending on your threat model and what you’re communicating. When my partner gives me her debit card and asks me to pick up her medication at the pharmacy while I’m out, I would rather use than Signal than SMS to ask what the PIN is or to verify that I’m not missing any the medications that are ready. Just because Signal isn’t perfect doesn’t mean that I don’t use it. I wish she would use something a little more decentralized like Matrix or XMPP, but I’m not going to let perfection be the enemy of good enough. For us, for that situation, Signal is good enough.

Of course, it goes without saying that we also shouldn’t let good enough be the enemy of great. Many people fail at their dreams in life not because they fail, but because they say “eh, good enough” without striving for more. Someone who wants a penthouse gets a corner office and says “good enough. I have it better than most and I should just be grateful.” We should be grateful that we have hyper-secure options like Signal, decentralized options like XMPP, free options like Matrix, or metadata-resistant options like Session.

But we shouldn’t stop there. We should demand better. As with privacy and security itself, it’s a fine line. We shouldn’t forgo the pursuit of perfection because these products are good enough, but at the same time we should respect that these products do give us a huge service, often at little or no cost to us, and often at a massive labor and cost to the developers, who can range from a single person in their bedroom to a medium-sized company struggling to keep the lights on. We should also respect that different companies make different products aimed at different people. For example, ProtonMail started with the vision of making encrypted email easily accessible to the masses. They admit that they are not perfect because perfection would run counter to that mission – that is, it would make encryption not user-friendly and therefore not easily accessible to the masses. Just as my own site often chooses not to post certain information because it falls outside my target audience, many popular services are popular for a reason: they’re choosing to make the trade-off between security and convenience. It’s better to give a lot of people a moderate level of protection than to give a few people hardcore protection and alienate everyone else. At least, I think so.

I want to end by saying that you are always welcome to go the extra mile. I encourage “normies” to use various programs and settings to lock down the telemetry on their computers and give themselves a little more privacy and security, whether that’s Windows or Mac. But I don’t see that as a reason that I shouldn’t use Linux. Just because other people are content with “good enough” doesn’t mean that you aren’t allowed to go the extra mile. And yes, people should be making that decision with education and awareness, knowing the risks and benefits. But the answer there, in my opinion, is not to force people to use difficult solutions, but rather to educate them on why those difficult solutions are better. Forcing someone to do something they don’t want to for their own good will only lead to resistance and eventually abandonment of the proposed solutions, but education will lead to good decisions being made willingly and stuck with. At least, that’s my two cents.

Regardless, please stop letting perfect be the enemy of adequate, and remember that not everyone has the same threat model. Respect each other.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

This year in the United States is an election year. To call this year’s election “contentious” is an understatement. In that spirit, I want to offer some advice on voting and privacy. I completely support the right to vote and the freedom of any American (and ideally any person) to express their vote if they desire to. I also don’t think that voting should cost you your privacy. I think that the only way democracy can truly work is if people can feel confident that expressing their political opinions won’t put them at risk. (Source)

Context

I worked in a Supervisor of Elections office in 2014, during the gubernatorial race. In other words, I worked two local elections and one state election at the county level and I actually read the election law cover to cover. So while I’m far from a legal expert, I do actually know the rules for real from the source, not from “I heard once” or “I read on Facebook.”

Disclaimers: my knowledge is unique to that specific county, so while much of my knowledge is derived from national election law and applies across the board, some of it may also be area-specific. Also, this was roughly six years ago. Laws do change (albeit, quite slowly and with a lot of resistance), so some of my knowledge may be slightly outdated now. However, I do think the broad strokes I’m about to discuss should be universal, and if nothing else I hope I can give you some starting points.

Finally, as with most of my posts, I’m working under the assumption that you live in America and you possess a legal right to vote (not a convicted felon, of age, etc). I’m also working under the assumption that you possess a relatively low threat model.

Is It Even Possible?

In short, not exactly. It is not possible to lawfully vote without the government verifying your identity and location. Unfortunately, I do agree with the government on this one (I’ll take “things I never thought I’d say” for $500, Alex). It is imperative that we as a society make reasonable efforts to ensure that the only people who actually vote are the people who are invested in that vote: aka, people who actually live in the area affected and are legal citizens. Real quick, I do want to note that there’s a lot of issues to discuss here regarding citizenship, voter suppression, ID requirements, gerrymandering, and other related issues. These are important discussions to have, but this is not the place for them. I’m focusing solely on the privacy aspect.

While I recognize the importance of voter identification, I want to point out that I do not trust the government to guard a box of Tic-Tacs. Whatever information you submit, expect it to become public record eventually. In fact, it will absolutely become public record right away because most places publish an online voter log that is openly available to the public. Literally anyone anywhere with no record or oversight can go to your state or county election website, type in a few details about you (usually last name and date of birth are sufficient) and pull up your full name, date of birth, home address, phone number, email, sex, and more. In some cases you can even search the address to see who lives there. If you’re lucky, your county doesn’t digitize these records and someone would have to go in person to view them, but they’re still available.

I also want you to be aware that records are available in bulk for political purposes, however there is no oversight for this. For example, let’s say the city is planning to sell a local park to a private company who wants to build a mall there. I can request the information of every registered voter in that area so I can go door-to-door and ask them to sign my petition blocking the sale. The information requested can be configured and filtered in virtually any way you can imagine: maybe I want only women because it’s a women’s issue. Maybe I only want democrats and third parties, or only one. Maybe I want a specific zip code, or a specific area stretching from Main Street to MLK Boulevard. Maybe I only want active voters, so I want a list of people who have actually voted, or voted in the last two elections (records are not kept of how you voted, but records are kept of whether you showed up to vote or not). More often than not, the only obstacle in my path will be the price: $1 for every hundred or thousand records, $5 per CD or USB of records, which can store up to five thousand records, organized any way you want them. (Numbers are an estimate from memory, and may vary from place to place.)

Required Information

The first thing you should look into when registering to vote is how to keep your name off the public record. Some states – but not all – offer a form that you can submit at any time which will remove your information from online searches. This will not remove your records from the physical in-person searches or bulk purchases I mentioned above. I believe it’s still worth submitting this form, preferably at the same time as registration. Often this means registering separately. The DMV offers a box you can click that simultaneously registers you to vote while updating your license with your new address. However, the DMV rarely has the form required to keep your information off the internet, and may not even know what you’re talking about. It’s best to go to the election office in person and register there. They will be able to verify your ID, the information, and attach the necessary form (if it exists) all at once, and they will be more knowledgeable about the subject.

Again, this will not stop your information from being on file and abused by an employee, caught up in a data breach, or simply taken in and endlessly contacted by a political party. For that, I have a couple strategies. First, fill out as little information as possible. Information like email and phone number are optional, don’t fill them out at all. It should go without saying that I do not encourage lying or the use of disinformation in any way when it comes to voting. Using a VoIP number or masked email is fine. I’m talking about the use of fake names, nicknames, fake date of birth, or fake social security numbers. Never give the elections people fake information, that is a crime.

Address Information

This part is best used in conjunction with hiding your address. This trick requires you to have multi-unit housing – such as an apartment or condo – and simply to leave your address incomplete. For example, if you live at 500 Maple Street Apartment 315, register as living at just 500 Maple Street. Most systems don’t require a unit number, and if you took my advice to visit in person to register you can just leave the apartment number off. By the time they go to type it in and verify it, you’ll be long gone and the staff doesn’t get paid enough to hound you about it. They’ll just override it and leave it blank. Even if they put one in, the original document you filled out will be scanned and I feel pretty confident that you wouldn’t get in trouble for putting in false information when they view the original document (note: I’m not a lawyer, don’t point to this blog as legal defense).

Personally I don’t see this as fraud because you’re still voting in your specific districts and areas (although the law may disagree). When I worked at the elections office, the only time we ever sent mail was to send a sample ballot (which can be pulled online) or to verify an address if mail got kicked back. You can easily ensure this doesn’t happen by using a mailing address. I’ve never seen a voter registration form that doesn’t allow you to pick a mailing address that’s separate from your residential address. I firmly believe that you should have a PO Box that doesn’t point back to your true, current address so I don’t see an issue with using it here. Why not just put that in the address in the first place? Honestly, because that’s fraud and possibly puts you in the wrong voting zones (assuming it even passes registration verification in the first place). Even if your PO Box is only a block away from your actual house, that street could be the difference between District 5 and District 7. You run the risk of not being able to vote on issues that are actually relevant to you, and possibly screwing up issues for someone else who actually is affected by them.

If you live in a single-family house, things become much harder. You could possibly use your next door neighbor’s address, however I would caution you that this is definitely illegal, but I would argue that it’s ethically okay under two conditions: first, make sure you’re on good terms with your neighbor and they are consenting to this, because they will definitely get mail and possibly even in-person visitors looking for you. Second, do your research and be absolutely certain that the neighbor you’ve selected resides in all the same districts as you. As a final warning on this idea, be aware that in some states voter registration is sufficient evidence for certain tax-related issues like tax breaks, or even counts as identification in some scenarios, so this could come back to bite you. Do your research with this idea, and be warned that it comes at a high risk.

Registration and Unregistration

A final, more extreme option that I don’t recommend is to register to vote right before an election, then unregister. If you’re going to do this, make sure you know when to register. There is a cutoff date, usually 30 days prior to the election, to ensure that the election officials have adequate time to process your registration and add it to the voter rolls. If you miss this window, you will not be able to vote in that election. Furthermore, this strategy does not protect you from data breaches. I can’t remember if deactivated voters are included in purchased records or not. Best case scenario, now your data is safe from being purchased by political campaigns and possibly from public searches, both online and in person. However, your information is still in the system and is absolutely prone to being caught up in a data breach, and personally I find that to be the much more likely risk rather than a rogue employee or stalker (speaking on a widely applicable, statistical scale).

Conclusion

I mentioned briefly up top that I think it’s critical for you to examine your threat model. If you absolutely cannot risk being exposed, I don’t think you should register to vote at all. Sucks, but that’s the price you pay for life. Ultimately voting comes with risks, both real (data breaches) and potential (possible abuse of voter data in the future). It’s up to you to decide if you want to cast a ballot and if the risks are right for you. But I hope this post has given you some ideas and starting points to consider so that you can – if you so choose – exercise your rights without totally giving up on privacy altogether.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I’m not trying to bum anyone out, but let’s get real for a moment: if you’re reading this, someday you will die. I don’t care if you’re sixteen, sixty, human, robot overlord, or post-human alien reading this a thousand years from when it was written (in which case, please pause for a moment to be impressed that this tiny little blog post somehow exists in a thousand years). No matter your situation, you will someday die. I hope it’s a long time from now with a happy and full life behind you, but regardless it’s coming.

The only real question, which I want you to think about today as you read this, is what will you leave behind? Maybe you’re a parent with kids and a decent amount of money stashed away for their future. Maybe you’re a billionaire and you want your estate divided up and given to charity after you pass (if you are, please consider my Liberapay). Maybe you don’t have a penny to your name. But the fact is, unless you’re in a position to have an approximate date of your death (such as a terminal illness or being elderly), you’re probably not going to have warning and other people are going to have to pick up the pieces. Even if you do have your affairs in order, there is still a bit of work that your survivors will have to take on your behalf (such as filing for a death certificate, arranging a ceremony for your remains, and handling your property). So it’s important that you think about your death now. Go ahead and have an existential meltdown, and once you’re done let’s talk about how to balance privacy and putting your life in order.

Basic Stuff

I’m gonna make a few assumptions in this blog post, and if they don’t apply to you I hope you’ll still be able to find some food for thought and adapt the underlying principles to your situation. In this blog, I assume that you live in America. I assume that you have a family – not necessarily children, but maybe parents or siblings or close friends that you would trust with your life in an emergency. I also assume that you are at least upper lower class or lower middle class – in other words, you are not living literally paycheck-to-paycheck and have at least some degree of disposable income. With those assumptions, let’s begin.

Let’s start with the basic stuff that applies whether you’re a privacy enthusiast or not. You need to think right now about what you want to happen after you die. Death is a powerful and traumatic event for most people. When a person dies, things move extremely fast. The body begins to decay within minutes of death (the exact rate is determined primarily by the environment), so it’s important to get the deceased buried as quickly as possible. That means getting a death certificate, arranging a funeral, getting loved ones gathered together, taking time off work, traveling, etc, often in less than a week. That also entails alerting banks, creditors, employers, and others of your passing. And typically, the person handling all this has their own life to continue to live on top of that – a job, a family, hobbies, etc. So right now there’s a lot of things you can do to make life easier for whoever has to handle your passing.

Right now, while you’re still alive, you should start by deciding what you want to happen to your body. Do you want a funeral? Do you want to be cremated? Do you want to be an organ donor or donated to science? Look into this stuff right now and create a simple will. Then think about your assets. Do you own a house or a car? Do you have money in savings or stocks? Decide what you want to do with that. Are you single with kids? Decide who you would want to take care of them. Once you gather all this stuff up, type it up in a word processor, print it, sign it, and get it officially notarized. It only costs about $10. It’s probably not as good as an official legal will, but it will definitely go a long way and unless you’re quite wealthy with a complex array of investments and assets, that’s probably all you really need. The reason it’s important to have this written plainly and notarized is because – again – death is a traumatic and stressful event for most survivors. If you haven’t had this conversation with your family (and even if you have), a fight may ensue. Your spouse may want to cremate you, but your kids may argue that you wanted a traditional funeral and the surviving spouse is just trying to be cheap. Likewise, you may want to cut a child out of your will, or maybe two of your kids want to sell the house and split the money but the third wants to keep the house. The dispute could even make it all the way to court. Again, while a notarized document may not instantly solve this dilemma, it goes a long way and it does save a lot of time and money in the legal system. These examples aren’t as far-fetched as you may think. Call up any local estate planning attorney and ask about it, they see it all the time. (Disclaimer: I am not a lawyer, please don’t take estate planning advice from a random stranger on the internet, contact an actual lawyer for better advice.)

So you should start your planning by plainly stating what you want to happen with your body, your finances, your assets, and anything else you have strong opinions about (I want my Facebook account deleted, I want my dog adopted by my sister, I want my stocks liquidated and donated to X charity or political party, etc).

Account Access

The next important part of planning for the inevitable is to consider access, both to accounts and devices. In some ways, this is really tricky. In others, it’s quite simple.

Let’s start by considering your accounts. There are some accounts you will absolutely want your survivors to have access to. For example, they will probably need access to your bank and other financial accounts to clear and close the account. If you have any sort of life insurance accounts, they’ll need access to that so they can file a claim. Honestly, it’s probably not a bad idea to give them access to your primary banking email account and your work email so they can inform the relevant people of your passing. Other accounts may not require access unless you want them closed. If you come from a very traditional family, you may not be comfortable saying “here’s the login to my PornHub account, please delete it after my death.” The point is, consider all your various accounts and what you want to happen with them. Are you fine with them just collecting dust? Do you want them closed? Do you want the data in them – such as comments and messages – cleared if they can’t be deleted entirely?

Now that we’ve sorted out which accounts are needed and which ones aren’t, let’s talk about accessing them. This is where things get really tricky. You want a way for your executor (fancy legal word for “person who handles your will and affairs”) to be able to access all this stuff, but you also don’t want anyone else to be able to access that information. For example, you could write down all your passwords in a small notebook and stick it in a safe, but what if the safe gets compromised? If it’s a home safe, like a firebox, what if it gets stolen or cracked? If it’s a security-deposit box, what if the bank gets robbed and the thieves just take everything they can? Perhaps a better solution might be an encrypted USB stick, but you have to make sure that the person in question is comfortable decrypting it and has the password stored somewhere safe or can remember it. It’s also good to consider how you’re going to update the backup if you change any of your passwords. A possible solution might be using a reputable cloud-based password manager like Bitwarden and just letting the executor have 24/7 access, but that requires you to trust the person with having constant access to your life and trusting that they won’t abuse it. I don’t recommend LastPass because of the proprietary nature of the app, but I admire their feature where a loved one can request account access and if you don’t deny it within a set period of time (I believe 7 days) the request is approved. The feature was made for exactly this type of situation. In the end I can’t tell you the best solution, just throwing out some ideas and considerations.

Device Access

If you’re reading this, I hope you’ve taken my advice to use two factor authentication. That means that while your accounts are incredibly secure, a backup stick full of passwords may not be enough for your executor or loved ones to access the required accounts. They’ll need access to your device with two factor on it. The solution here really depends a lot on how you execute 2FA. For example, if you use a hardware token, you could make your executor aware of this. Easy peasy. They now have your logins and your token (which they should’ve received when they took over your assets) and they can easily begin to access your accounts. If you use a software token, you could leave your device’s login information in your password backup (this is another reason you shouldn’t use biometric identification to unlock your devices). Going back to the Bitwarden idea, you could also store your 2FA keys there, giving whoever holds your Bitwarden account total access to everything, but again this requires an immense amount of trust in the person who holds that access if they have 24/7 access. Overall this is a pretty simple consideration, you just have to make sure you’ve examined all angles and decided what works best for your situation.

Final Thoughts

Once again, I’m not recommending any specific procedures. I’m also not trying to bum anyone out with death talk, but it’s important that we remember that this stuff is inevitable and you can save your loved ones a lot of headache with just a simple document that says “here’s what to do with my body, my stuff, and the information necessary to make that happen.” They’re already going to have a hard enough time coping with losing you, so try to be considerate and make the process a little less stressful on them.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

When I shared my previous post around, one comment pointed out that compartmentalization is another basic topic worth discussing, but they did note that such a topic is far too big to have been put into the previous post. Well thank you, random Redditor, because you’re right. I do hint at the topic somewhat on my website, but on the whole this is a topic I’ve never really gone into detail on before. So this week, let’s talk compartmentalization.

What is Compartmentalization?

As a true crime fan, I’d be remiss if I didn’t share the story of Dennis Rader (though some of you may already know it). Rader was elected president of his church council. He was a Cub Scout leader. He worked as a dogcatcher for the city, with a bachelor’s degree in administration of justice, and had a wife and two children. Which is why it was pretty horrifying when everyone found out he was also responsible for ten horrific murders. Some of my readers may better know him by his moniker “BTK,” which stood for “Bind, Torture, Kill.” It’s downright chilling to imagine him torturing and murdering a couple in cold blood after breaking into their home, then going home to read his daughter a bedtime story, but it did indeed happen. And this is an extreme version of compartmentalization.

While most of us aren’t killers (I hope), we all compartmentalize. We dress or talk a certain way while at work, but do so differently on days off. We talk to our kids differently than our partners, and them differently than our friends. We may tell our coworkers about the trip to the park this weekend, but not about the fight we had over finances.

How Does One Compartmentalize?

Before I get into how compartmentalization helps you stay private and secure, I want to explain how it works. I think doing so will answer the next question by itself, but I’ll wrap it up in the next section as well.

The best and easiest way to compartmentalize is to think of every area of your life as a completely different individual. The personal you – the one that has a beer on weekends with your friends, or plays video games, or takes the kids to the park, whatever – is Person A. The work you – the one that goes to work on Monday and turns in reports or repairs engines or flips burgers, whatever it may be – is Person B. Now in most cases, there’s no need to get too extreme with segmenting these people. There’s no need to go by Bob at work and Jim at home (unless your first and middle names are Robert Jim, in which case that’s probably not a bad idea). But there is a need to use one email for all work-related matters and one for personal stuff. And by work email, I don’t mean your actual email issued to you by the company. I mean “BobLastname@Encrypted.Email.” That way if/when you need to job hunt or do anything else work-related that doesn’t explicitly involve your employer (maybe some freelancing on the weekends?) you now have a way to do that without it getting wrapped up in your personal life. Likewise, have you ever sent a text to the wrong person? Maybe you texted your partner to ask if the meeting was still at 8.

The question now becomes how much compartmentalization do you need? As usual, it depends on you and your threat model. There is no clear answer here. Let’s start trying to answer that by talking about levels of compartmentalization. A full compartmentalization might involve a fake name, a separate device, a separate email inbox, and the whole nine yards. This might be appropriate for a spy, but probably isn’t necessary for most people. Most people might prefer a more partial compartmentalization: a VoIP number from work that’s different from their personal number, a separate email for their banking institutions, utilities, rent portal, and other important matters, a different name and number for online dating, etc.

Do you need full-on separate personas for different areas of your personal life? Maybe. As I mentioned above, you may choose to use a fake name (or a nickname) when online dating in case you run into a stalker or a bad date. In such a case, I recommend going all out with a separate VoIP number and email for the online account. Do you need to make a separate phone number to give to your neighbors than you give to your wife and kids? Probably not, but that really depends on how closely you trust them. For most people, having just two main personas – work and personal – will be plenty. Separating them with a VoIP number and an email is fine. There will be other areas where you’re still you but want to compartmentalize information, like giving your doctor a unique email address that you don’t use anywhere else. You’ll have to examine each situation on a case-by-case basis and decide what the risks are, how you can mitigate them, and what steps are appropriate to managing those risks.

How Does Compartmentalizing Help Privacy/Security?

So now, let’s talk about how this all actually helps you. The biggest advantage to compartmentalization is protection against data breaches. Consider a few of the following examples:

  • Your X-Box email has a data breach. Some bored teenager finds your email, correlates it to your place of work, and files fake complaints about you.
  • Using a VoIP phone for work allows you to disable it after hours, creating healthy work/life balances and boundaries.
  • Using a separate browser (or VM) to check your bank means less risk of malicious plugins and trackers getting your financial information.
  • Using a separate email for your doctor means that if your personal email address leaks, it can’t be easily and directly tied to your doctor, reducing risks of malicious and dangerous social engineering.
  • You use online dating. You go on a date and decide the person isn’t right for you, but they take it personally and start stalking you. You used a VoIP number, meaning you can delete the number and move on and it has no information tied to you in real life. You’ve effectively ended the situation before it began.

As with my last post, it’s important to note that compartmentalization is yet another layer. It’s not foolproof protection on it’s own. And I’m not suggesting you make life harder on yourself for no reason. Examine the risks and benefits of compartmentalizing in each case, decide what amount is right for you, and how to best group things. There’s often a lot of messy overlap. If your HVAC breaks, do you send an email from your personal account or your home account, which is also the account tied to your bank? Or, if you buy a home, do you use your bank email account since the mortgage is with them, or do you make a new one? It’s very gray, fuzzy stuff but it’s important that you sit down and start working on it. And honestly, you’ll probably mess it up a little at first, but experience comes with time and soon enough you’ll have a solid, effective system in place for helping to keep your life organized and safe.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I honestly don’t know how long this blog post will be because the basic concept is actually really simple, but I’ll do my best to explain it without over-explaining it.

This morning while collecting links to share on my Mastodon account, I came across this gem. Basically, a VPN provider claimed not to keep logs and then got caught with an unsecured database exposing plain text passwords (let’s not even touch that one), VPN session keys, IP addresses of users and servers, timestamps, geotags, and other stuff. This is not a blog post about VPNs, but this story does highlight the point of this post. This post is about one of the most important yet rarely talked about foundational concepts in privacy and security: layering your strategies.

Points of Failure & Redudancy

In most industries, there’s what’s known as a “point of failure.” In other words, “this is the most likely spot where something will go wrong.” Because of my background, I’m going to use a concert as an example: when connecting a sound system, your points of failure are usually the cables themselves. The more cables you have, the more points of failure you introduce and the more risk you run of something going wrong. The more you have going on, the more points of failure you introduce. Which brings us to redundancy.

Redundancy is simply having two things that do the same thing. Let’s keep with the concert example above: a “snake” is basically a super long audio cable that stretches from the sound booth a few hundred feet in front of the stage to the stage itself. This is how the signal gets transported back and forth from the mics to the mixer (where the sound gets processed) back to the speakers. These days, Ethernet cables are typically used as snakes because they’re cheap, fast, reliable, and smaller than a traditional snake. But Ethernet cables are also typically less physically sturdy than traditional XLR, which means they’re more likely to fail than a traditional snack. So many modern sound mixers come with two Ethernet snake ports, an A and a B. If A fails, you can instantly (sometimes automatically) switch over to B and keep the show going with no (or almost no) noticeable gap in sound. This is redundancy. A system that is redundant has more points of failure because there is more going on, but because of overlap there’s also less risk of that failure being a big deal. The odds of both Ethernet cables failing at the same time is almost nonexistent.

Privacy, Points of Failure, & Redundancy

While I do encourage the use of a reputable VPN provider (read as: not one who advertises all over their website that they’re free coughUFOcough), I also don’t encourage that as a single privacy tactic. I mentioned in a previous blog that if you delete Facebook, you’re getting a little bit of privacy. If you use Signal, you get a little bit of privacy and security. If you do both, you’re getting even more privacy and security. This is how privacy and security should be properly executed, by layering one privacy technique on top of another. I use Tor because I trust the decentralized nature of it, but I also layer that use of Tor with things like TLS. I use strong passwords, but I couple that with using two-factor authentication everywhere I can. My passwords are a point of failure. My two-factor is a point of failure. But the odds of both being compromised by the same person simultaneously? Almost nonexistent. The key to successfully being private and secure is to be redundant, to have overlapping tactics that help to accomplish the same goal, and to make sure there’s not a single point of failure in your approach.

Redundancy & Threat Models

Now, I have said from day one that there is no perfect “one-size-fits-all” approach to privacy. It’s important not to be overly redundant for a lot of reasons. For one, it will make things inconvenient, and unless your life is on the line you’ll eventually get sick of the inconvenience and stop doing it, making it useless. Some people preach using a completely separate device to do financial work, but I find that overkill in most situations. Maybe a virtual machine is more appropriate. Or, honestly, just using a separate Firefox container or separate browser is sufficient in many situations. In other cases, too much redundancy actually hurts you more than it helps you. For example, using too many browser add-ons makes your browser more unique and stands out among the crowd. The benefit of using these add-ons (disabling automatic trackers) is minimal: your life is not at risk if Google finds out you like Neapolitan ice cream and adds that to your marketing profile.

The point here is that it’s important to evaluate your threat model and determine how much redundancy you need. A journalist may find it very important – depending on the severity of the information they’re working with – to use separate machines for work and pleasure. An intelligence operative may risk their life if they don’t have two factor enabled. A celebrity may be putting their whole family at risk by not buying a house in an anonymous trust or shell corporation. But for most people reading this, the stakes are much lower.

Conclusion

I hope that I didn’t confuse you with the last paragraph. My point is not “eh, it probably doesn’t matter if you do or don’t do this stuff.” My point is to make sure that you’re not overdoing it. Once again, if you overdo something there’s a very high risk you just won’t do it at all. Let’s take passwords and two-factor as an example: we should all be using strong passwords with a password manager and two-factor authentication whenever possible. End of story, no debate. But if your two-factor of choice is a hardware token, and you find yourself frequently forgetting your token at home, it’s probably safe to use a software token. The redundancy should still be there because the effort is minimal while the payoff is immense. There’s no need to say “the hardware token isn’t working out, I guess I’ll just disable two-factor altogether.” But in most cases, the risks are also minimal. It’s highly unlikely – for most of my readers – that you’re being targeted by a nation-state or a sophisticated hacker that requires an extra hardcore measure of security. A software token is plenty sufficient. There’s no need to make life that much harder on yourself. (Of course, if you don’t forget the hardware token and you find it quite easy to adapt to, there’s also no reason to settle for less).

This post ended up being much longer than I expected. I hope you found it helpful and gave you some thoughts. Please don’t settle for a “one-and-done” privacy solution. And when you do have a single point of failure – for example, a ProtonMail inbox with multiple addresses – make sure you understand the risks and how to mitigate them. In that example, I would say to be certain that you’re using strong passwords and two-factor, and also keeping backups of your private key locally. Make sure the machine you’re using to access that email account is secure and clean. It’s all a series of overlapping, multilayered techniques that add up to create a more secure lifestyle. Perhaps another way to think of it might be a suit of armor. A helmet is important. A chest piece is important. Either one by itself is better than being naked. But only by combining the entire suit of armor do you achieve maximum protection. And some people may need bulletproof armor (my analogy is kind of falling apart here but just bear with me). Others may just need something that stops small pebbles and dull knives. Ask yourself where you are, what are the weaknesses in your armor, and how you can best patch them up. And remember: even a suit of armor has weak spots. Nothing is ever 100%. But we certainly can and should be aiming for as close as sustainably possible.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I love sharing stories like this because as much as I love privacy and security and view it as a fun challenge, at the end of the day it’s really all about practicality. This website is aimed at “the average person,” meaning that if this information doesn’t have any real-world applications then it’s no better than watching Mr Robot (great show, by the way, completely recommend it).

So I lost my debit card this past weekend, and I want to explain how the privacy lifestyle I live helped me save the day. Before I go into it, I want to make two things clear: first off, this subject sort of overlaps with personal finance, but personally I don’t find privacy and personal finance to be mutually exclusive. In fact, privacy and security habits will also often improve your financial standing if executed properly (in my opinion). Second, I am writing this from a place of privilege. Not everyone is fortunate enough to put money into savings, or even to have a bank account. I realize that this story involves privilege, and my goal is not to disparage anyone who reads this and goes “wow, must be nice,” but rather to encourage those who are fortunate enough to be in similar shoes to see how this stuff can have real world impacts.

So What Did I Do?

This past weekend my partner and I drove about two and a half hours out of town to visit her mother. It was a birthday visit more than a Fourth of July visit, we’re rather indifferent to the holiday ourselves. At any rate, in our hometown I stopped and used my card for gas (blasphemy to some privacy enthusiasts, I know) and when we arrived I realized my card was gone. So like any sane person in my shoes, as soon as I discovered it was missing I canceled it and ordered a new one through my bank’s automated system. I use MySudo, so I used the VoIP number that I have set aside specifically for important matters – banking, housing, etc – to place the call. Just to fully flesh out my privacy model.

How Did It Impact My Weekend?

It didn’t really. First off, I’m an introvert. I spent the whole week playing Fable (Steam summer sale baby!) and making fun of the movies we watched on TV. But we follow the Dave Ramsey ideology of personal finance. So we have a moderate sum of money in cash for emergencies. We took this savings with us just in case, and we were fortunate enough to be able to dip into this for any expenses like food. As soon as my card gets here, I’ll be replenishing the money. In the meantime I can continue to dip into the savings for things like groceries and gas until my card arrives (sent to my PO Box, of course).

How Will It Impact Me Online?

The real question most people are probably wondering is “how will this impact me online?” Really that’s the big thing. After all, think of all the subscriptions I have to replace now with a new card number, right? First off, not really. I’m a minimalist. I try to keep the subscriptions I actually use to a minimum. From a personal finance perspective, subscriptions are usually a rip-off. They make continuous money off you while providing very little future returns (such as new features and upgrades) and at the end of the day you don’t actually own anything. From a privacy perspective, these companies usually make even more money off of you by harvesting and selling personal information about you. The less accounts I have, the better.

More importantly, I do almost all of my purchases using either cash (such as in-store groceries) or online using prepaid gift cards and Privacy.com cards. I have nothing to update once my new card comes in. Other than not being able to take money out at an ATM, this really has almost no impact on my life.

The Lesson

The moral here is that this privacy stuff has real world impacts. It’s not just about some nebulous abstract like “stopping Google from profiting at my expense” or “what if America turns police state.” There are actual, practical threats that face us everyday: losing our debit cards, bank data breaches, random stalkers. Don’t just brush the information in this site off as “tin foil hat” or “paranoid” because it actually has value in your life.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

Dear Congresspeople,

I don’t even know where to begin writing this letter. I’m a very cynical person, especially when it comes to politics, and yet I’m no anarchist. I recognize the importance of having a representative government who dictates what is and isn’t allowed. I value individual freedom, and yet I realize that we need to draw lines in the sand and enforce them. And not to be too hard on you guys, but I think a lot of you don’t understand technology. You’re being lied to by people with an agenda who are making you think that the scary unknown is dangerous, a wild west of lawlessness, Silk Roads, and worse. But that’s not the case.

I am speaking, of course, about Senator Lindsey Graham’s latest assault on encryption. His so-titled “bill to improve the ability of law enforcement agencies to access encrypted data, and for other purposes” (what are those “other purposes” anyways?), which flat out says that he views end-to-end encryption as a tool for criminals to sell drugs and sexually abuse children. This is not true, and in this letter I hope to help you see why this is bill is at best a misguided effort to do the right thing and at worst a full on assault on the Constitutionally-guaranteed privacy of Americans.

Bad People Existed Before Encryption, Bad People Will Exist After Encryption

The primary crux of Sen. Graham’s argument against encryption is that it is used by very bad people, the kind of bad people we all universally agree are bad – specifically, drug dealers and pedophiles are often mentioned. And yet, child sexual abuse was recognized a specific type of child abuse by Congress in 1973. Some of the earliest writings on the subject date back to 1857 in a paper by a French forensic pathologist. This is not a new issue, it’s one that predates the internet, the automobile, and almost the widespread use of electricity. As for drugs, I don’t think I need to provide evidence that drugs are an ancient problem. Drug abuse is nothing new, and dates back as long as drugs have been discovered.

I won’t disagree that bad people sometimes hide behind end-to-end encryption, but if you ban it they’ll just find another method. You’re treating the symptom, not the root cause. And that matters because you’re also penalizing law-abiding citizens in the process.

We Don’t Ban Freedom Because Some People Abuse It

Lots of law abiding citizens use end-to-end encryption for lots of perfectly legal purposes. I use it to transfer sensitive login or financial data with my partner (as well as more benign content like memes and what our dinner plans are). The Clinton Campaign made extensive use of Signal to keep their conversations confidential. Trump and his lawyer used Signal to discuss their legal matters in private (as they are legally entitled to by attorney-client privilege). The EU Commission has ordered all its staff to switch to Signal. And that’s just one specific app. Lots of high-level people use end-to-end encryption to protect sensitive conversations. WhatsApp is one of the most popular apps in the world for people to communicate with family members in other (sometimes hostile) countries so they don’t have to pay for expensive international plans. Does that make it illegal? If you have a sensitive conversation with your spouse about finances, would you want to record that and air it on national news? Does that make it illegal if you answered “no?”

My favorite comparison is clothes. Here’s a YouTube video about how many guns you can hide in your clothes. Here’s another story about a teen hiding drugs in his underwear. And yet, where are the cries to ban clothes? Why aren’t we making them illegal? What do you have to hide? You’re not doing anything wrong, right? So why use the same items that criminals do? The argument sounds stupid because it is stupid, no matter whether you use it on clothes or messenger apps.

Criminals, By Definition, Don’t Obey Laws

One of the top arguments in the gun control debate is that criminals, by definition, don’t listen to laws. If you ban guns, all you’re doing is taking guns out of the hands of law-abiding citizens who would otherwise use those guns to defend themselves. The same is true for end-to-end encryption. If you ban end-to-end encryption, criminals will still use it. The Great Firewall hasn’t stopped tech-savvy Chinese citizens from finding ways around encryption. Activists in Hong Kong were using Animal Crossing to bypass censorship earlier this year. Additionally, those same protestors are using decentralized apps – meaning apps that don’t have a central service provider the way that Facebook or Twitter does – to communicate and organize, which makes censorship exponentially harder. You can ban encryption in America, but all that’s going to do is make criminals use different services that are harder to shut down and based overseas. You won’t stop them, you’ll just punish law-abiding citizens by stripping them of their ability to be safe and protect themselves. If you vote against gun control, you’d be a hypocrite to vote for this law instead. And if you vote for gun control, then remember that encryption is a violence-free way of providing individual protections and civil liberties.

There are bad people in the world, and there always will be. That doesn’t mean we shouldn’t try to stop them and protect the innocent, but what kind of dystopian authoritarian says that it’s okay to strip everyone of their freedoms in exchange for stopping a few bad guys? The United Nations recognized privacy as a human right in 1948 (Article 12). This isn’t just about Democrats and Republicans or some other arbitrary “chalk one up for my team” fight, this is about human rights (and whether you want to admit it or not, America does not have the best human rights record (Alternate Source)). In another blog post, I mentioned that violent criminals make up less than 1% of the US population. Not pedophiles and drug dealers specifically, ALL violent criminals, including murderers, domestic assaulters, violent rapists, violent burglars, and more. Less than one percent. Would you do anything if your odds of success were less than 1%? In almost all situations, no. So don’t punish 99% of law abiding citizens by stripping them of their freedoms because of a few bad apples.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I promised on my site that I’d use this blog to announce any major updates to my website, so in that spirit: I’ve massively updated my site! Here’s some of the changes I’ve made:

  • Added an “advanced” section for those who want to go the extra mile and get extreme privacy and security
  • Added categories (privacy, data breach defense, cybersecurity, etc) to help readers more easily determine what sections are most relevant to their concerns
  • Added suggestions on how to start using these services and techniques in your own life, as well as tips and tricks I’ve picked up along my own journey that may benefit new readers
  • Added Mailbox.org as an encrypted email provider
  • Noted potential business practices that might alarm privacy extremists with Signal and DuckDuckGo
  • Removed several books from the Resources section on the grounds of being more than five years old and/or not containing enough educational content to justify
  • Removed ExpressVPN on the grounds of not being open source and there being enough open source alternatives to warrant this
  • Reorganized certain sections’ importance on the grounds of changing social landscapes

Feel free to provide any suggestions or constructive criticism. Thanks for your support!

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I’m gonna start this off by saying my title is wrong. I wanted something short and snappy, and “Why a VPN Shouldn’t be a High Priority for Your Privacy Model” was too wordy. So before anyone jumps down my throat, don’t?

VPNs are kind of a staple of privacy and security. They are most people’s first introduction into this kind of stuff. Maybe they use for one work, or maybe – like me – they were alarmed by the US Government allowing ISPs to sell your browsing data and the many ways that would definitely be abused. Maybe they just wanted to watch something that wasn’t available in their area. At any rate, most people are familiar with the basics of VPNs. If you need more information, check my website.

You might be confused why I listed VPNs in the lowest section of concern on my site, but it’s actually not as confusing as you might think. The reason is because these days, most of the privacy and security features that a VPN offers can be replicated in other ways. Privacy and security technology has come a long way.

What Does a VPN Do?

A VPN provides an encrypted connection between your device and the VPN server, and from there it goes out to the website in question. This all traffic on your device is hidden from anyone in between your device and the VPN server, including your local router, your service provider, and anyone else who might be looking along the way. Additionally, your traffic essentially appears to be coming from that server. So rather than appearing to come from your IP address in Portland, Maine, you might appear to be living in Los Angeles, California. Or Geneva, Switzerland. Or anywhere else you choose.

How Is That Replaced?

Security

For starters, TLS/SSL, better known as “HTTPS.” TLS allows encryption between your device and the server you’re accessing, and this is the technology that allows you to securely transmit login information and credit cards over the internet. The days of sitting in a Starbucks with a laptop and stealing the logins of other customers are pretty much over. As long as a site is using HTTPS, you’re reasonably secure. Most apps also use TLS to communicate, meaning that almost all activity on your phone should be relatively encrypted (however it is hard to verify this so never assume that’s the case).

Privacy

Another powerful technique that helps is the resistance to tracking cookies and browser fingerprinting. Under the Most Important section of my website, I have a chapter called “Securing Your Browser,” and several chapters on phones called “Securing Mobile.” These chapters share steps on how to institute anti-tracking measures on your phone and your web browser, which in turn help to eliminate some of the tracking that a VPN would help to protect you from.

So Is a VPN Useless?

No, not at all. TLS hides everything after the slash, in essence. So for example, if you visited my blog, your internet service provider can see that you visited Write.As, a minimalist blogging website, but they can’t see exactly what blog you visited. A VPN tells them nothing, they can’t even see that much because all traffic is encrypted from your device to the server. Additionally, with a VPN, you’re encrypting everything on your device. With services like TLS and tracking protection you’re only protecting your web browser or specific app. With a VPN you’re protecting all the apps, telemetry, updates, and background stuff that may not be using TLS (or may be using an old, less effective version).

In short, I’d put it this way: if you’ve already done all the other more important stuff and you have the money, a VPN is a great addition to your privacy and security model. But focus on other, more effective and more important stuff first. VPNs are still an important layer of protection for privacy and security, and lately I’ve seen a lot of debate over whether or not they matter. I think everyone should still be using a reputable VPN provider these days, but I do think there’s more critical steps to be addressed first. Using a VPN with Google still doesn’t help much. But coupled with other privacy-respecting services and techniques, it’s a powerful link the chain.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

I know a guy. Let’s call him Ron because I’ve been reading a lot of Harry Potter lately. Ron swiped right on a dating app on a girl we’ll call Luna (because I haven’t finished the series yet so I don’t care about canon). He and Luna started talking. It soon moved to text, as most of these dating app conversations do. There was a lot of explicit flirting, and Luna even sent a few nudes (not at his request, she volunteered them). After a few weeks, the conversation died out and they stopped talking. Then, the other day, Ron got a call from Luna’s dad who furiously informed Ron that Ron had been sexting an underage girl. Floored, Ron checked his text messages and noticed one particularly long message that he had skimmed over before, but upon closer inspection he noticed that she had made a mention about her upcoming 17th birthday. Cue the panic.

Why Am I Telling You This?

It was Ron’s fault for not reading the text, right? Yeah, probably. But here’s the thing: we all make mistakes. Ron wasn’t being a creep. He was tired and distracted when she sent the original text and he didn’t notice it. Tell me about how you’ve never overlooked an important detail, missed an important email, or made a mistake. It happens to the best of us. Mistakes get made. And furthermore, we operate as a society on a basis of trust. Ron assumed that since Luna was on the dating app she was over 18. He can’t go around demanding everyone send him a copy of their ID and birth certificate. We have to place trust in people. He made an honest mistake. This case is a case study in why we need to be proactive about our privacy.

How Did it End?

Ron called me, panicked, knowing that I know a lot about privacy. As I began to investigate, cracks began to appear in the story. They’re not relevant, so I won’t bother sharing them, but I ended up reaching out to a close friend of mine who currently works in law enforcement at a relatively high level. Without even hesitating, my friend assured me that it was definitely a scam and that Ron should just block the number.

So How Should Ron Have Been Proactive?

For starters, use a Voice-over-IP number. I’m a big fan of MySudo, but there’s lots of other options out there, even Google Voice if you’re strapped for cash. I’m anti-Google for privacy reasons but I’d recommend a Google Voice number over your actual SIM card number any day. You should be compartmentalizing your life: you should have a VoIP number for work, another one for interacting with strangers (such as dating or selling stuff online), maybe even one for banking. The idea is to compartmentalize your life. Phone numbers are basically social security numbers these days. If I give my work a phone number that I only use for professional purposes, they can search that number but they’ll only find my professional life: my LinkedIn, my website, maybe a few other subscriptions related to my professional self. If I have a separate number for dating and I find out after a few dates that the person is a little mentally unstable, it becomes that much harder for them to stalk me when I cut it off. It also gives me the freedom to change the number without upending my entire life. I can change my dating number without my boss ever even knowing.

The second proactive step would’ve been for Ron to use a fake name. Ron used his real name on this app, and even though most apps only use a first name that’s still risky, especially combined with his real phone number. If I use a fake name and a fake phone number on Tinder, your odds of finding me get astronomically small without some advanced techniques. Remember: we’re not talking about hiding state secrets from the NSA, we’re talking about hiding from scammers, blackmailers, crazy exes, and similar threats.

A final step I would suggest is to take unique pictures. We all know that a professional site should feature a clear, well-lit head shot. Your dating profile probably doesn’t need to be so exact. I’m not saying you should use a fake picture, that’s asking for an awkward meetup. And of course there’s something to be said for actually getting a good look at the person you’re considering meeting up with, whether it’s for a one-night stand or a potential lifetime together. Personal opinion but I think physical attraction does matter in any intimate relationship, though the exact amount and definition of “attractive” varies from person to person and situation to situation. The point is, maybe don’t use the same picture you use on LinkedIn, because a reverse Google Image search will find that in a heartbeat and now the person you’re trying to escape has your real name, your place of work, and more. Also consider what’s in the pictures. Can I get a good look at your apartment? Any identifying landmarks? (A group shot with friends at a popular bar might be an exception here.) Can I see any work logos, addresses, mail, or sensitive information? Google claims they don’t use facial recognition in their reverse image search, but even if they don’t companies like Clearview and Facebook do. The idea is to make your dating pictures different enough from your professional ones that they can’t be super-easily linked with an image search.

By the time Ron called me, it was too late. If it had been a real situation and not a scam, it would not have been good. My law enforcement friend told me that in his experience, in this situation a lawyer wouldn’t even bother taking the case cause there’s so little evidence of criminal intent, it wouldn't be worth the trouble. But what’s to stop the dad from blasting Ron on Facebook? After all, he has Ron’s real name and number. And there’s nothing the internet loves more than to shame someone virally without hearing their side of the story or getting the facts right. And let’s be real: even hardened murderers will shank a pedophile in prison. This story had all the right bits to be a viral social media post. At that point, it’s too late. Even if he moved and changed his number, an employer doing a public background check (aka a Google search) would likely still find this story. This could’ve ruined Ron’s life. Don’t wait until crap hits the fan to decide that you need privacy cause then it’s too late. Take steps now to avoid a crisis later.

You can find more recommended services and programs at TheNewOil.xyz. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work on Liberapay.

Enter your email to subscribe to updates.