Let’s Talk About Roe v Wade
25 June 2022 | 6:18 pm

This week, the US Supreme Court overturned a landmark decision from 1973. “Jane Roe” had filed a lawsuit against the state of Texas, claiming that banning abortions was unconstitutional. Regardless of your opinions of abortion, this is a discussion we need to have because the Supreme Court ultimately ruled 7-2 that the 14th Amendment of the US Constitution guaranteed a right to privacy, which included privacy over a woman’s body. In fact, the exact quote was “This right of privacy….is broad enough to encompass a woman's decision whether to terminate her pregnancy.” (Source). So this isn’t just about abortion, this decision has the possibility (probability, I would argue) to impact privacy on a long-term, national level. And that’s why I want to talk about it today. So put aside your political opinions for just a moment, and let’s talk about the impact of this decision.

The Direct Privacy Connection

With the overturning of Roe v Wade, abortion decisions must now be made at the state level. This means that in about half the US, abortions are now essentially illegal unless the life of the mother is at risk (many of these states do not provide exceptions for cases of rape or incest). This has thrown much of the US into a state of panic because of mass surveillance: it’s long been no secret among groups like Privacy International, EFF, and even a horde of mainstream news outlets that “period trackers” – like pretty much every other mainstream app on earth – collect vast amounts of data (more than they actually need) and submit it back to third party advertisers and data brokers who track people. Couple this with the US government’s long standing penchant of simply buying data from third parties to circumvent the red tape of court orders and due process and we have now entered a dystopian but 100% possible (and I would argue “likely”) scenario: the weaponization of data to hunt down and persecute people.

I have long said that if the data you collect would be dangerous in the wrong hands, you shouldn’t collect it. Likewise, I have also long said that “I have nothing to hide” is an absolutely insane argument because laws change. What’s legal today is not tomorrow. Unfortunately, I was ahead of my time. The data we’re collecting today can be weaponized in the future. Data that didn’t matter last week – like where you went – matters now. The Supreme Court has decided to weaken protections, and this case isn’t just about abortion. The decision was directly predicated on privacy: “you have a right to privacy from the government.” With that decision no longer valid, privacy protections in the US have taken a hit, and every blow that weakens privacy makes room for further losses in the future. Maybe you’re anti-abortion. In this case, I don’t think that matters. You may think this case was a win, but that trophy comes with heavy strings attached. Go ahead and quote me: the reduction in privacy protections that occurred this week will go beyond reproductive rights and be used to weaken other rights in other areas, probably in some that affect you negatively. This was not what you wanted. With the rampant, obscene overcollection and sharing of sensitive data, the price will be paid in other areas, and it will be expensive.

Practical Advice

It is with this in mind that I urge us all, now more than ever, to take our data seriously regardless of if or how this ruling has directly impacted you. Last week, researching abortion for any reason didn’t matter legally, and now it might. In the future, wanting to understand a particular medical or mental health issue could cost you health insurance or certain rights. The BDSM community has long struggled with the fear of having their children taken away because of their lifestyles. I personally could easily see a future where a quick Google search to better understand depression could be used to deny you a firearms license, or where researching Russia’s narrative of the war in Ukraine could be used to restrict your travel or financial purchases. Maybe today that sounds insane. The idea that abortion rights were going to be rolled back sounded insane to most a year ago. Maybe I’m wrong, but are you willing to take that risk? Your innocent data today can be used against you tomorrow. Why risk it?

Regardless of what you’re searching or why, I have some practical tips for everyone moving forward in a world where your data can be weaponized against you at some point in the future.

1. Encrypt and erase everything. You’ve got to stop using unprotected communications like SMS and things that identify and track you like Chrome. Use the Tor Browser (or Brave/Firefox with a VPN). Use Signal, Session, or Wire to communicate. Furthermore, set your browser to never save history or cookies, and set your messenger to automatically erase messages (hence why I suggested those three specifically). You should also switch to a privacy-respecting search engine that doesn’t try to track you. I personally use Brave, but DuckDuckGo, and Startpage are popular options, as well as Whoogle and SearX. Some of these even have onion versions for Tor users that can provide additional protection.

2. Check app permissions. It’s unrealistic to ask people not to have phones at all (if you can swing that, kudos to you). However, you should absolutely check all the apps on your phone right now. First off, delete the ones you don’t actually need or use regularly. For the ones you decide to keep, be sure to check the permissions. Does Tinder need location data access all the time, or only when using it? Does that game really need access to your contacts? Disable any permissions the app doesn’t actually need. I have some additional suggestions and information here. It should also go without saying that you should probably start checking the privacy policies and look for apps that either don’t collect data, or only collect data they actually need (for example, not location data). A great place to start is AlternativeTo.

3. Ditch the phone altogether. Of course, the best option is to simply not have a phone. While this is not feasible for most 24/7, it can easily be done in specific scenarios and there are two I want to highlight. First, research. Do not research sensitive stuff on your phone. Phones are incredibly locked down for security reasons, and they are very invasive by their nature. For these reasons, it’s best to use a computer where you can restrict the data collected easier and have stronger protections from your browser and VPN. Tor browser on a hardened computer will always be more private than Tor browser on an iPhone, in my opinion. Second, travel. If you’re going somewhere sensitive, leave the phone at home. If you take it with you, there will be a record of you going to that place. Trust me, you can live without it for a few hours. I am not convinced that airplane mode is enough for this purpose, I’d leave it altogether. (Note: this applies to anyone around you. If your friend or partner gives you a ride to your appointment, they could be tracked, too.)

4. Communications. Most places require you to make an appointment. For this, I recommend using an encrypted email provider as they will not be able to disclose your email contents even with a court order. Certain sensitive, one-time appointments may warrant making a new inbox altogether.

5. Payments Digital payments – like your debit/credit card, Venmo, PayPal, Cash App, etc – all leave a trail. Instead, you should always opt for cash. If for some reason your provider accepts cryptocurrency, please also note that Bitcoin is not private by default. I recommend Monero instead. If none of these are accepted, try to buy prepaid cards using cash.

While this information – at the time of writing – may be most relevant to those seeking certain forms of healthcare, I urge you not to ignore it if this doesn’t affect you. Like I said earlier, the Roe v Wade decision is about more than abortion. Our privacy rights in America have been weakened, and right now the only thing protecting most of us from data abuse as it is are some flimsy laws and empty promises from companies who value profit above privacy. This particular decision may not impact you right now, but I’m willing to bet that in the future others stemming from this will. So again, even if you’re anti-abortion or unaffected, I encourage you to heed this as a wake-up call and start valuing your privacy. Your data may be weaponized next. Protecting yourself is easier than you think.

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.


Upping Your Privacy Game
18 June 2022 | 12:31 pm

Lately I’ve been seeing a big trend among a lot of privacy content creators for wider acceptance of wherever people are in their privacy journeys. To be clear, this is a good trend. I think it’s vital that we accept that everyone is in a different place with different circumstances. Sometimes people just started their journey and haven’t decided to switch to Linux yet (or which distro to switch to), or maybe people are still filling in gaps in their technical knowledge before making a decision about something. Nobody is born knowing everything, and everything we do is a journey.

Having said that, pendulums can swing too far in either direction. Just as it’s possible to be too aggressive, too unforgiving, too dogmatic about forcing everyone to go to the maximum in privacy, it’s also possible to be too forgiving, too patient, and never push yourself (or those around you) to go further.

I’m a big believer in constant growth. My father once said that the day you wake up, watch TV, and go to bed without ever doing anything to grow or better yourself is the day you start to die. While I think everyone needs days off, I do believe in his overall message. You either grow or die. If your life is a chart, the general trend should be up and to the right. The day you stop trying to grow in any way, shape, or form is the day you’re just wasting air. Now before anyone thinks I’m being too harsh or discriminatory, let me be clear that growth comes in multiple forms. “Growth” doesn’t necessarily mean going to the gym, learning a language, or taking a college class. Growth could – in my opinion – mean reading a new book. Checking the news (assuming your mental health allows for that regularly). Going for a walk. Checking on a friend you haven’t chatted with in a while. “Growth” could also encompass “maintenance” – keeping your garden alive, keeping your friendship alive, keeping your mind sharp. The day you stop doing that – the day you wake and go to bed without having done anything to improve or maintain at least one thing in your life, and you make that the new norm – you may as well go lie down in the grave. Again, days off are fine. At the time of this writing, I took a day off yesterday. I watched TV, I played video games, I drank, and it was amazing. I needed that so badly. But today I’m back in action: writing, reading, running The New Oil, etc. The overall trend is upward and to the right.

I believe that our privacy journey should also be like this. For most people, privacy is not their passion. I don’t expect everyone to wake up every day and go “how can I improve my privacy and/or security?” For most people, privacy is – at best – an interest. It’s something they want to take seriously, but they also have to balance jobs, relationships, parent-teacher meetings, classes, emergencies, the usual gamut of things that we all struggle with. I accept that. But the day you say “okay, I’ve hit my privacy goal, I can quit now” is the day you start losing your privacy.

There’s two reasons I believe this. The first is the most practical: privacy is an ever-evolving field. Suppose a couple years ago I had signed up for CTemplar and said “okay, I’m good now. I’ve got privacy.” For those who don’t know, CTemplar shut down last month, which means if I wanted to stay private, I had to find a new email provider. Wickr was once a great choice for privacy – personally, Wickr was my favorite. No personal data required for signup, mobile and desktop clients, usernames. Man, Wickr had it all. But now they’re owned by Amazon, and quite frankly if you think that Amazon isn’t collecting metadata, you’re delusional.

The second reason I believe this is because our situations change. I’ve met numerous people in the privacy community who say things like “I have to use WhatsApp for class, but as soon as I graduate I’m deleting it.” I’ve mentioned myself how in the past, I had a job that required the use of Facebook to communicate schedules and other bulletins. These days I could easily find another job that doesn’t require me to use Facebook, but back then I was just starting my career and had no choice. News flash: none of us are the same person or in the same situations we were ten years ago – and frankly, if you are, that’s very concerning. I don’t mean to judge, but you should probably examine yourself and your life and make sure you aren’t stagnating. I think we should all always be striving to be better than we were yesterday.

This is why we should never settle. Maybe you’re using a Mac right now because it’s functional and you don’t have the money to justify just going out and buying a new PC to put Linux on it. That’s fine. I respect that. I’m a frugal person myself, and I would never condone discarding a perfectly good device if your threat model allows you to get the most usage out of it. But in a few years when your device gets outdated, maybe go ahead and take the leap into Linux. Maybe you can’t, perhaps your career field requires Mac-specific software. I also respect that. I’m an audio guy, and I do a lot of work in Pro Tools. But I dualboot. I run Linux for 90% of my day, and Windows only when I need to do production work (or gaming). Imagine if I had said “well I need Pro Tools, so I’ll just say with Windows full time.” I would be losing out on that privacy for 90% of my life.

In the past, I’ve mentioned threat modeling and not overloading yourself. That stuff still applies. It’s still critical that you don’t burn yourself out or run yourself into a mental hospital (no stigma intended) because you tried to emigrate to a country with better privacy laws when you didn’t have to. At the same time, however, I believe it’s critical to recognize when you can do better and do so. Suppose my partner asked me to put up a shelf as high as I could reach to store some of our lesser-used kitchen utensils. I’m 5’10” (that’s 178 cm, for my readers in literally every other country on Earth). If I put the shelf five feet off the ground, I think we can all agree that I could do better. Sure, five feet is better than three, but the goal was “as high as possible” and I can easily do more than that. We should approach privacy and security the same way. Sure, Google has good security, but we can do better. Sure, SMS 2FA is better than none at all, but we can do better.

We all have a set amount of stuff we can deal with in a day. Some people call it “spoons,” I call it “emotional bandwidth,” but at the end of the day it’s the same thing: we have a limit on what we’re capable of. This is usually a combination of decisions, physical effort, emotional attention, etc. but once we’re out, we’re out. Sometimes, taking our privacy to the next level involves waiting until we have a day when we can do more. “I don’t have the energy to set up my own Nextcloud server today, but next week is a three-day weekend and I can set aside a few hours to do it then.” That’s perfectly okay. But my point is that I believe it’s worthwhile to see where you can improve and try to. Maybe you’ll try out Nextcloud and go “wow this sucks.” But maybe Proton Calendar works for you. Or Tutanota’s calendar. If you’re still using Google or iCloud for a calendar, I believe it’s worth looking into these solutions and trying them. Maybe none of them will work. But you owe it to yourself to spot room for improvement and look for solutions. In some cases, there may not be room for improvement. But again, things change. Maybe last year there weren’t any good options for your problem, but maybe this year there’s a new service to try. If something is just too much, it’s okay to dial it back and admit that the particular service or solution isn’t right for you. But remember to circle back around when things are different, and look for other areas of improvement. It’s always important to check in regularly and see what we can do better.

Remember: never stop growing. Slow, incremental growth is still growth. Let’s all strive to always grow. A tiny sprout today could be a nearly-indestructible Redwood in the future.

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.


Daily Driving the Pinephone Pro
4 June 2022 | 5:37 pm

by Uncover

Pine64 has been known for their affordable GNU/Linux based devices for a while now. They released a Linux based phone called the PinePhone in early 2020, complete with switches to disable the camera, microphone, radios, and other sensitive hardware. I unfortunately didn’t get one at the time, but since then the Pinephone has become pretty decently stable (depending on what operating system – or “OS” – you use on it).

In Oct of 2021, the Pinephone Pro was announced and shipped early the following year. I preordered a Developer Edition, which is only intended for developers or people with extensive Linux knowledge, since I know the software will eventually mature and the higher hardware specs will be much better then the original PinePhone and I want to be along for the journey. I received it about one month ago and have been “daily driving” it as much as possible since, though I am unable to use it full time due to required work software I need to use and being available via phone is crucial (I did use it as much as possible besides required work needs).

I mostly used the default Manjaro KDE Plasma OS that it ships with, but I also tried Manjaro Phosh (the Gnome-based distribution that the Librem 5 also uses) and PostmarketOS with Plasma briefly. I have managed to put a sim card in it and test the calls and SMS/MMS.

What I Found

Image

Plasma

Plasma is my personal favorite in terms of look and layout. Unfortunately I had to reinstall the OS on three separate occasions because sometimes the lock screen would say the PIN was wrong which I’m sure it wasn’t. I also had some issues with the screen getting stuck when rotating where part of the screen was black.

Voice calls were mostly reliable but sounded far away and muffled. It was manageable, but clearly lower quality than what I was used to on my usual phone. SMS and MMS, on the other hand, were spotty and unreliable. I usually received them, but not always. Overall I’d give that experience an 8/10 if I had to rate it.

The overall speed was actually faster then my iPhone when it came to browsing on the Angelfish browser that is included (Firefox also ran faster than my main cellphone but not as significantly as Angelfish).

Finally, the biggest issue I had was when using Discover (the app software “store”). When updating, there was an error of “1 offline update failed” where it offers an option to repair or open Discover, but neither option solved the problem. It should be noted this has already been brought up to the developers and they are working on a solution last I checked.

Phosh

Phosh is the smoothest and least bug-filled OS I tried, likely due to Phosh being in use for a while now on other devices such as the Librem 5. Personally I didn’t care for the icons or the way it vibrates every time you swipe down on the notification bar. However, that’s personal preference. If you want the most functionality and reliability, that seems to be what Phosh offers.

Phosh’s native SMS/MMS and phone calls also suffered the same issues as Plasma (low quality, hit-or-miss reception rates) but because of the rest of the phone’s factors it was a slightly more pleasant experience, maybe a 9/10.

Overall I encountered almost no bugs except for some YouTube playback issues on Firefox, where it buffered endlessly until I restarted the browser. Thankfully a quick fix.

PostmarketOS

I wanted to love PostmarketOS so much. It has also been in development for a long time and is focused on replacing the Android-like experience with Linux on phones. Unfortunately I couldn’t manage to update it or do much of anything. I couldn’t even get native SMS or voice calls to work at all. However, it should be noted that PostmarketOS does not officially support the Pinephone Pro at the time of this writing. I was able to find a developer who was willing to build a custom image for me to try. This is almost certainly why I ran into so many issues. I’m sure that by the time it’s officially released most of these bugs will be fixed.

Image

Conclusion

The Pinephone experience varies wildly. Some people report a smooth, daily-drivable experience while others find it nearly unusable. I think this largely comes down to your daily lifestyle and what you need it to do for you. Pine64 has made it clear on the Pinephone Pro’s page who the product is and isn’t for at this stage (see the image above). I personally got one because I love FOSS and wanted to support a great company. I’m also impatient and would rather be along for the “software maturity” ride than wait until the final product is ready. I’m willing to risk some bugs in exchange for early adoption. If this sounds interesting to you and you are knowledgeable (very knowledgeable) in Linux, then I completely recommend checking out the Pinephone Pro. If you’re more of a casual user, then you may be more interested in a custom Android ROM until the software is more stable. But once it develops a little more, I bet it will be a powerful third option for those wishing to take back control of their data.

Stay safe and stay private.

You can find more recommended services and programs at TheNewOil.org. You can also get daily privacy news updates at @thenewoil@freeradical.zone or support my work in a variety of ways here.



More News from this Feed See Full Web Site