There are many ways to describe Voice-over-IP, or VoIP. I've seen it called an anonymous, internet, alias, or throwaway phone number (and more). Regardless of the name, I personally consider VoIP to be a healthy part of a good privacy and security strategy. The advantages are endless. For one, VoIP is harder to SIM Swap compared to a normal SIM phone number. VoIP can also help provide you privacy since most SIM numbers can easily be Googled or looked up on any number of the hundreds of people search sites and return information about the carrier and who the number is registered to. On the day-to-day, VoIP – combined with other strategies I recommend on The New Oil – can help reduce spam calls/texts, prevent would-be stalkers, create healthy work/life balances, control what information people (like prospective employers) can find about you, and help compartmentalize or reduce tracking by big corporations. Sadly, VoIP is a tool that's not widely available in many countries, but for those with access to it, VoIP can provide numerous benefits and should at very least be considered. So this week let's explore some of the best VoIP options currently available for consumers.
As some of you may have noticed, TNO hasn't really been updated in a hot minute. I was working on a major overhaul, one that deserves a blog post. Let's talk about it.
In recent weeks, I’ve noticed a rise in censorship regarding SMS communication that’s not being discussed. At all. I’m concerned that it may become a slippery slope that eventually effects us all. I don’t have any dramatic, prose-ridden introduction this week. Just some news, facts, and observations I wanted to share. So this week, follow me down the rabbit hole as I explore an existing but rising threat to our free speech and what we can do about it.
Email aliasing is one of the most underrated privacy techniques that has yet to go mainstream. For the privacy-conscious user, it offers a degree of separation between all your accounts, making it harder for data brokers to correlate your various accounts across different services by not using the same email address to sign up. For security, the same technique can also help defeat credential stuffing while obscuring your true email address, which is the central hub where all your identities can be managed (and the email address itself is literally half of the login information a would-be attacker would need to attempt to login). Your inbox is a critical thing to protect since a breach can offer information about additional accounts you have (via the emails already sitting in your inbox like updates, notifications, sign-in verifications, etc) as well as allowing an attacker to simply hit “reset password” on websites where you already have an account and thus take them over. As for mainstream users, the biggest advantage is probably the ability to manage spam more effectively – particularly from companies who refuse to respect opt-out links – from a single inbox, rather than having one inbox for professional use, then logging out and back into another for online shopping, then another for personal or newsletters, and so forth or simply having to give up and hope the spam filters don’t falsely flag anything important (or let junk though). Email aliasing makes effectively managing and controlling your inbox incredibly easy. With that in mind, this week, let’s examine some popular email aliasing services that the privacy community has to offer.
When I announced I would be closing my communities earlier this year, a curious thing happened: a surprising number of regulars replied with some variation of “I think this is my exit.” While some were specifically talking about Matrix, claiming that mine was the only room they were really active in and therefore they saw no point to having a Matrix account anymore, at least one specifically announced they would be quitting privacy entirely, save for a few basic techniques like using a password manager and being mindful of what to post online. While I didn’t expect the number of people responding that way, I was expecting that response from one or two people. If you check any given privacy forum – especially the ones with a heavy overlap of mainstream users such as Reddit – you’ll find no shortage of people asking “is all this work worth it?” and/or announcing that they’re giving up privacy because it’s too much work. So what gives? Is privacy worth the work?
Things are a little crazy here in the US right now – as is our perpetual state of existence these days – so I thought now might be a good time to revisit my 2020 blog post about protesting, surveillance, privacy and security. For the cynics in the crowd, I want to make it clear that I am not supporting rioting, looting, or violence. This is a post about exercising your Constitutional right (in America and many other countries) to peacefully assemble and demonstrate over any given issue. I am vehemently opposed to the idea that you can be identified and tagged – 100% without human action – simply for exercising that right. Even if I disagree with the issue or the stance on it, as the famous quote goes (roughly): “I disagree with what you say, but I will defend to the death your right to say it.”
We are already in a world of 24/7 connectivity, and that coverage only expands and deepens with each passing day. While facial recognition tech and geofence warrants are not new, since I originally wrote this blog post these things have been kicked into hyperspeed and rolled out in greater numbers and with increasing frequency at all levels of government. And that’s to say nothing about the rise of AI, which – while sometimes faulty – is capable of parsing through vast amounts of data at (literally) inhuman speeds and noticing trends no human possibly could. These changes in effective surveillance coverage, previously unknown surveillance techniques, and the ability to automatically store, parse, and analyze it all is setting the stage for a new level of dystopian capabilities previously limited (mostly) to the realm of sci-fi and nation-state targeting. And now, with the reversal of Roe v Wade, I am unfortunately able to pull the “I told you so” card and point to concrete, Western-world proof that what was perfectly legal today may be a felony worthy of prison time tomorrow. So with that context, let’s talk about how you can legally express your voice without ending up on “a list.”
Like it or not, email is a critical part of our digital lives. It’s how we sign up for accounts, get notifications, and communicate with a wide range of entities online. Critics of email rightfully point out that email suffers from a significant number of flaws that make it less than ideal, but that doesn’t change the current reality. In light of that reality, I believe that an encrypted email provider is a must-have for everyone in today’s age of rampant data breaches, insider threats, warrantless police access, and targeted advertising. If I can get access to your emails, I can get a range of sensitive information including where you bank (to craft more convincing phishing attacks), information about pets (I get notifications each year from the vet for my cats’ annual checkups), calendar reminders, news announcements from family, support tickets from services you use, and more. In a worse case scenario, if I get access to the account itself, it’s trivial to simply issue password reset requests for nearly any of those accounts, have it to sent to said compromised email account, and gain access to a wide number of other accounts you use – from banking to shopping and more – for any number of reasons. So this week, let’s look into the top encrypted email providers The New Oil recommends and their features to help decide which one is right for you.
A few years ago, minimalism was all the rage. Marie Kondo was on every TV, The Minimalists were in everyone's podcast feed, and I found myself confused, regretting not having started a blog or something years ago. I've always been a bit of a minimalist myself, and it had never occurred to me that other people might not be aware of that philosophy. I figured that others simply chose to live a more materialistic lifestyle, and that at any point anyone could wake up and go “wait, I don’t actually want this crap” and downsize. It’s not like I took a class. I don’t even remember learning about “minimalism” until I was in my mid-twenties. I just took all those childhood after-school specials to heart when they said “things don’t matter.” It was also probably influenced by my time in the military, moving from duty station to duty station (or even just room to room) constantly and having to be able to pack my entire life into two bags I could carry by myself, sometimes with no warning.
The internet is full of outdated cybersecurity advice that just won’t die but should, like “public WiFi is unsafe” and “you should change your passwords regularly.” For the more pedantic in the crowd, yes, these pieces of “advice” do have tiny grains of truth under the layers of logical fallacies – public WiFi does come with some small risks (mostly in the privacy department, for the average individual) and changing your passwords regularly can have some potential benefits (mostly for companies). But generally speaking these are outdated pieces of advice from a different era. I’ve written before about how technology changes and those idioms are prime examples: back before the nearly-ubiquitous adoption of TLS, public WiFi presented considerably more risks. But the times have changed and that advice is no longer applicable. So on that note: let’s talk about antivirus.
This weekend in the United States, taxes are due. For the more responsible readers – aka “everyone but me” – this was probably already done weeks – if not months – ago. But don’t worry. Taxes will roll around again the same time next year, as inevitable as death itself as the famous philosopher noted, and our financial lives are year-round. So in other words, this is merely a good excuse to discuss some ways that you can protect your financial life – both online and off – and keep your funds, identity, and credit safe.