The New Oil

As some of you may have noticed, TNO hasn't really been updated in a hot minute. I was working on a major overhaul, one that deserves a blog post. Let's talk about it.

Auditing Devices

The single biggest new change is that we've added a page about how to audit your devices and reasonably ensure they're safe from compromise such as spyware. This is an extremely difficult subject to tackle. Often, in the privacy community, we adopt a mentality of “if your device is compromised, just give up.” There are times when this mentality is fair: for example, a few years back, there was a lot of FUD (fear, uncertainty, doubt, aka “conspiracy theories”) going around that Signal was compromised because the FBI was able to read a congressional aide's Signal messages as part of their investigation. However, as numerous experts have pointed out, the much more likely story is that they simply confiscated his phone as part of a search warrant. Aside from enabling disappearing messages, there's not much you can do to defend against this kind of compromise – and I think that's a valid thing to point out. Nothing can ever be 100% hackproof, and it's important to know where the reasonable limitations of a service exist. If you choose not to enable ephemeral messaging, it's not really Signal's fault if your messages get scooped up by someone with physical access to your phone. There's only so much they can do.

However, the flip side of this mentality is that we have left a significant number of people hanging – specifically people in the most vulnerable of demographics. There are a lot of people out there who don't know about this stuff, and furthermore don't know what to do about it. People who are exposed to consumer-grade spyware or attackers who might sync their own devices to a person's account to get a copy of every message may not know what signs of compromise to look for or what to do when they find it. This seems like an egregious oversight to me. As such, I have added a new page toward the beginning of the website about how to audit your devices and accounts to check for potential signs of compromise.

Needless to say, as the veterans reading this are no doubt aware, this a monumental undertaking. On the one hand, it's critical I don't lull users into a false sense of security. As Privacy Guides rightly points out (multiple times), you cannot prove a negative. Nobody can ever 100% prove that a device isn't compromised. (Some people have made whole, profitable careers out of stoking this sort of fear.) On the other hand, the vast majority of common malware that readers are likely to encounter can be easily removed by rebooting, uninstalling a malicious app, or simply factory resetting their phones or buying a second device. It's hard to find that balance between helping those users without overpromising the world for those who really are in unique, high-risk situations.

It is with that in mind that I want to put out an especially larger-than-usual call for help from the community. I know that this is a gray area, and I know there's lots of nuance and caveats. It's hard to condense something this advanced into a single, easily-digestible page. However, the stakes are simply too high to be wrong while also being too high to just wash my hands and steer clear. I would really appreciate the community's help in vetting this page and ensuring that it's accurate and complete. Any missing tools, settings, or incorrect settings or information should please be reported so that we can keep this resource helpful and accurate for those who need it most. You can check out the new page here.

Reorganization

Another major change is that I have reorganized the site. Previously, I had various concepts like “encryption” or “the Five Eyes” sprinkled throughout the site. This was designed to make the concepts more manageable. I've said from the beginning that TNO should be considered more of an e-book than a website, and nobody wants to read a book that infodumps at the beginning and has 25% prologue before getting to the good stuff. Unfortunately, doing it that way makes a lot more sense for a reference, which is what TNO is. It makes more sense to simply condense all the concepts and fundamentals into the beginning, then let readers explore the various tools and techniques later on. And given that TNO is designed to let you jump around as you wish, this seems like a small price to pay. Readers who want can simply move on to the pages they find interesting and circle back later on if they find they don't understand a concept.

From a community perspective, this also means some of my links may now be broken as they link to where pages used to be instead of where they are. I've done my best to fix this, but please feel free to report any such links you find.

Content Changes

That said, there were a significant number of new content changes:

• Added Bitwarden Auth as a recommended 2FA app.
• Added CalyxVPN as a recommended Free VPN offering after learning that they were not, in fact, simply a whitelabelled RiseUp VPN like I thought they were.
• Added DuckDuckGo as a data removal service option
• Added Firefox Relay & DDDG as masked email options since they've become quite mature
• Added “Means of Control” by Byron Tau as a recommended book
• Added a completely updated section about Linux including a mention of Qubes, and also a “Mac vs Windows” segment
• Added more source links to the iOS claims (mobile.html)
• Updated the VeraCrypt instructions with new screenshots and instructions
• Updated Ente links and wording for OS availability and F-Droid
• Updated info about iVerify since it's now on Android, too
• Updated Mullvad Browser listing to reflect new info, like how it can now be made the default browser on your OS
• Removed Communications page
• Removed LibreWolf as honorable mention since Mullvad now supports “default browser” compatibility and is more hardened than LW – in other words, LW is basically redundant now.
• Removed a bunch of unneeded logos from services we no longer support (Discord, for example) and dark mode logos we no longer need
• Removed PayPal as a donation option
• Recategorized & renamed a bunch of pages
• Renamed “Public Protections” as “People Search Sites”

You can find more recommended services and programs at TheNewOil.org, and you can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...