New Year's Resolutions are a punchline. Everyone knows that nobody keeps them, and indeed statistics back that up. But I posit that that's because most of us were never taught how to create goals the right way, which in turn sets us up for failure before we even start. In this video I talk about how to establish goals that you can actually achieve, as well as other useful tips to make your success more likely. There's no substitute for putting in the work, but as the saying goes: work smarter, not harder. ### This post is for subscribers only Become a member to get access to all content Subscribe now

In college I took a Philosophy 101 class, mostly just to fulfill the credit requirements. Ironically, this ended up being one of the most insightful and important classes I ever took, as about half the class was an emphasis on critical thinking, specifically in the context of "how to evaluate a claim." This class has paid dividends for me, helping me navigate nearly every aspect of life ever since - especially the privacy space, which is rife with circumstantial "evidence" and sensationalist YouTubers looking to get clicks by riling up their audiences with wild speculation and confirmation bias. The information I learned in that class has only become increasingly valuable and vital in the years since, as fake/heavily biased news and AI deepfakes proliferate more every day. I feel like this is something that should be taught as a mandatory part of high school curricula, but unfortunately it's not and probably won't be any time soon. So in the meantime I want to share what I learned in the hopes it will help you, too. ### This post is for subscribers only Become a member to get access to all content Subscribe now

Like most areas of modern life, I believe technology has been both a blessing and a curse. Historically, dating has always been rough - a minefield of broken hearts, bad matches, and worse. The internet has made it possible to meet people we otherwise might not have, but has also opened us up to a lot of risk. With Valentine's Day around the corner, I want to offer some advice on how I would go about dating in today's modern digital landscape as a privacy enthusiast. This blog post assumes you want to take part in online dating and addresses the threat model of data breaches and unsophisticated stalkers. ### This post is for subscribers only Become a member to get access to all content Subscribe now

<p>As a content creator, I understand the value of analytics. It's crucial for me to understand what content did well and why or if my website views are decreasing. As a privacy advocate, it's also important to me to keep those analytics reasonable.</p><p>Unfortunately, most companies feel that there's no such thing as too much data in their quest to understand, predict, and nudge our behavior to their benefit. To this end, they often take every opportunity they can to sneak in just a little bit more surveillance. And thus, this week, I'd like to introduce the "tracking link" to those who've never heard of it: what it is, how it threatens the privacy of you and your loved ones, and how to easily avoid it.</p><div class="gh-paid-content-notice"><h3>This post is for subscribers only</h3><p>Become a member to get access to all content</p><a class="gh-paid-content-cta" href="https://ghost.thenewoil.org/when-sharing-isnt-caring-a-guide-to-tracking-links/#/portal/signup">Subscribe now</a></div>

<p>Some people claim to really appreciate targeted advertising. They say that they love hearing about new products, services, or media they might be interested. Others, like myself, hate advertising of any kind with an unhinged level of vitriol that I should probably talk about in therapy.</p><p>Regardless of where you fall on that spectrum, I believe that an ad blocker is a must-have for modern web browsing for a wide range of reasons. Here's just a few ways that blocking online ads can benefit you.</p><h2 id="ads-invade-your-privacy-a-lot">Ads Invade Your Privacy. A Lot.</h2><p>Ads are currently one of (if not <em>the)</em> biggest threats to privacy. Recently there's been growing news coverage about "Real-Time Bidding," which is the current system for how online ads are delivered. Here's a quick overview of how it works:</p><ol><li>You visit a website that has ads.</li><li>The ad network starts a bidding process for who gets that ad space.</li><li>Part of that bidding process involves transmitting your data to advertisers so they can decide if you're in their target audience and how much they're willing to bid on you.</li><li>Advertisers bid (if they decide it's worth it)</li><li>You see the ad that wins.</li></ol><p>Of course, this is all automated and takes fractions of a second, but there's two important things to note:</p><ol><li>The data that gets transmitted in Step 3 includes personally identifiable information like unique advertising ID, location, IP address, device details, interests, and demographic information. This is far more than enough information to link it back to your real identity if someone wanted to.</li><li>The advertisers still get a copy of your data even if they decline to bid (see Step 4), which they're under no obligation to delete. In at least <a href="https://www.bloomberg.com/news/articles/2023-05-11/surveillance-company-turns-ad-data-into-government-tracking-tool" rel="noreferrer">one case</a>, <strong>we've seen governments use the real-time bidding system as a surveillance method</strong>. It's safe to assume that there are several companies keeping the data for one reason or another.</li></ol><p>You can read more about real-time bidding and all the privacy concerns surrounding it in a variety of places online, but two standout sources are <a href="https://www.eff.org/deeplinks/2025/01/online-behavioral-ads-fuel-surveillance-industry-heres-how" rel="noreferrer">this</a> EFF article for a quick overview, or Byron Tau's <a href="https://www.penguinrandomhouse.com/books/706321/means-of-control-by-byron-tau/" rel="noreferrer"><em>Means of Control</em></a> for a deeper dive.</p><h2 id="advertisers-literally-stalk-you">Advertisers Literally Stalk You</h2><p>Most of us have had times that we've known someone well. You might know exactly the right gift to get them for Christmas, or you knew they were going to like a certain movie. Of course you're not always right, but that's because you're not a stalker.</p><p>Advertisers, however, are unashamed stalkers. In 2010, Google CEO Erich Schmidt famously and plainly <a href="https://www.youtube.com/watch?v=Jdtl1S4JHbo" rel="noreferrer">admitted</a>:</p><blockquote>We don't need you to type at all. We know where you are. We know where you've been. <strong>We can more or less know what you're thinking about.</strong></blockquote><p>In that interview, Schmidt kept emphasizing that the data collection this psychic ability is based on takes place "with your permission," but tech companies seem to have a very fuzzy understanding of permission and consent. Consider, for example, their rampant use of "<a href="https://www.deceptive.design/types" rel="noreferrer">dark patterns</a>," which is where <strong>companies will use deceptive practices to encourage certain behaviors</strong>. A famous example is how it may take only a few clicks to sign up for a service, but you have to contact support to delete your account.</p><p>It's also worth noting that the terms of service - wherein you give that "permission" Schmidt talked about - are purposely long and confusing. <a href="https://www.biggestlieonline.com/policy-length-analysis-2019/" rel="noreferrer">One group</a> asserts that <strong>most terms of service would take over an hour to read</strong> (many of them would take far more, into the double digits each).</p><p>And that's to say nothing of passive tracking methods like Google Analytics, the Meta Pixel, and others. <strong>Google trackers are present in some way, shape, or form on over 70% of websites</strong> according to <a href="https://www.datawrapper.de/blog/web-trackers" rel="noreferrer">one source</a>. Often the process to "opt out" of these kinds of trackers involves creating an <a href="https://www.zdnet.com/article/meta-uses-your-facebook-data-to-train-its-ai-heres-how-to-opt-out-sort-of/" rel="noreferrer">account</a> with the company or adding some kind of <a href="https://support.google.com/analytics/answer/181881?hl=en" rel="noreferrer">browser extension</a>.</p><p>Once you finally "agree" to hand over your data - in the same sense that a bank teller in a robbery "agrees" to hand over the money - the amount of data you hand over is so overreaching that most people would be left in shock. It often includes things like visits to houses of worship and <a href="https://www.404media.co/inside-the-u-s-government-bought-tool-that-can-track-phones-at-abortion-clinics/" rel="noreferrer">abortion clinics</a>. It could also include <a href="https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites" rel="noreferrer">confidential medical information</a> or even <a href="https://www.euronews.com/health/2022/05/03/top-mental-health-apps-are-data-sucking-machines-that-could-be-trading-your-sensitive-info" rel="noreferrer">chat logs</a> from online therapy services.</p><p>Just to drive the point home: <a href="https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/" rel="noreferrer">Target</a>'s advertisers once determined a teenage girl was pregnant before her own family did. That was over 15 years ago. Imagine how much worse it must be now.</p><p>I would say that the only way advertisers could stalk you harder is if they hired a physical person to follow you around, but actually that would be an improvement. At least that person couldn't read your <a href="https://www.theverge.com/2018/3/25/17160944/facebook-call-history-sms-data-collection-android" rel="noreferrer">texts</a>, every website you visit, every <a href="https://9to5google.com/2022/08/22/google-locked-account-medical-photo-story/" rel="noreferrer">photo</a> you take, and more.</p><h2 id="advertisers-are-predatory">Advertisers Are Predatory</h2><p>Advertising has always been about pressuring you into thinking that your life would be better with some product or service, but the rampant collection of data allows advertisers to really ramp that pressure up to 11 in sometimes the worst ways possible.</p><p>Our moods and willpower rise and fall throughout the day. Because advertisers have been stalking you all across the web,<strong> they know the precise moment to strike when you're most likely to buy something.</strong></p><p>Maybe it's at 8 pm, you've worked a 12-hour shift, you're exhausted, and suddenly DoorDash sends you a notification that the McRib is back. Maybe it's right after you just changed your Facebook status to "single" and you see an ad for a thing you've really been wanting but were holding off cause it's a little on the pricier side. Now seems like a good time to go easy on yourself, you think.</p><p>This is called "<a href="https://www.crowdspring.com/blog/nudge-marketing/" rel="noreferrer">nudge marketing</a>," and it's all about those tiny little things you won't notice that "nudge" you toward the decision they want you to make (kind of like a dark pattern). Some examples you might recognize are "only X remaining" or "frequently bought together" or "limited time offer."</p><p>These tactics are designed to pressure you into buying, but with nearly-psychic levels of data and insight, advertisers can take that to the next level by personalizing the messages, time of delivery, even the color of the item in the ad, all in an effort to make it irresistible in one way or another.</p><p>If you think I'm being dramatic with the word "predatory," consider the <a href="https://www.reddit.com/r/help/comments/14a5cq0/reddit_keeps_serving_me_up_alcohol_ads_even/" rel="noreferrer">recovering alcoholics</a> who see ads for alcohol or parents who've had a <a href="https://www.washingtonpost.com/lifestyle/2018/12/12/dear-tech-companies-i-dont-want-see-pregnancy-ads-after-my-child-was-stillborn/" rel="noreferrer">miscarriage</a> seeing ads for baby products.</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://images.unsplash.com/photo-1560472354-b33ff0c44a43?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDExfHxtYXJrZXRpbmd8ZW58MHx8fHwxNzY5MTE1NTM5fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=2000" class="kg-image" alt="monitor screengrab" loading="lazy" width="4688" height="2860" srcset="https://images.unsplash.com/photo-1560472354-b33ff0c44a43?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDExfHxtYXJrZXRpbmd8ZW58MHx8fHwxNzY5MTE1NTM5fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=600 600w, https://images.unsplash.com/photo-1560472354-b33ff0c44a43?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDExfHxtYXJrZXRpbmd8ZW58MHx8fHwxNzY5MTE1NTM5fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1000 1000w, https://images.unsplash.com/photo-1560472354-b33ff0c44a43?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDExfHxtYXJrZXRpbmd8ZW58MHx8fHwxNzY5MTE1NTM5fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1600 1600w, https://images.unsplash.com/photo-1560472354-b33ff0c44a43?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wxMTc3M3wwfDF8c2VhcmNofDExfHxtYXJrZXRpbmd8ZW58MHx8fHwxNzY5MTE1NTM5fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=2400 2400w" /><figcaption><span style="white-space:pre-wrap">Photo by </span><a href="https://unsplash.com/@hostreviews"><span style="white-space:pre-wrap">Stephen Phillips - Hostreviews.co.uk</span></a><span style="white-space:pre-wrap"> / </span><a href="https://unsplash.com/?utm_source=ghost&amp;utm_medium=referral&amp;utm_campaign=api-credit"><span style="white-space:pre-wrap">Unsplash</span></a></figcaption></figure><p>In this context, you should also know about "<a href="https://health.clevelandclinic.org/decision-fatigue" rel="noreferrer">decision fatigue</a>." Decision fatigue occurs when we've run out of emotional bandwidth (aka "<a href="https://en.wikipedia.org/wiki/Spoon_theory" rel="noreferrer">spoons</a>") and we struggle to make decisions. Steve Jobs was famously <a href="https://applescoop.org/story/why-did-steve-jobs-wear-the-same-outfit-everyday" rel="noreferrer">rumored</a> to wear the same outfit every day because that was one less decision to make each day, saving his bandwidth for the other important decisions involved in running a company.</p><p><strong>When we spend all day looking at ads, that takes up our emotional bandwidth</strong>. Even though it only takes a second, that's still a second where you have to pause, evaluate what you're looking at, parse whether it's a genuine piece of content or an ad, and then decide to skip it.</p><p>Multiply this by dozens, hundreds, maybe thousands of posts per day. Several studies suggest that we see up to <a href="https://www.digitalsilk.com/digital-trends/how-many-ads-do-we-see-a-day/" rel="noreferrer">10,000</a> ads per day (though this includes <em>everything</em> such as logos on shirts and cars, billboards, and others we may not consciously register).</p><p>Imagine how much more mental energy you'd have at the end of the day if you took even just a few hundred of these micro decisions off the table. It may not be enough to finally master quantum mechanics, but maybe it'll be enough to read a book, start learning a language, or cook at home and save money.</p><h2 id="minimalism-is-good">Minimalism Is Good</h2><p>Before I begin, I'll admit my bias here: I consider myself a minimalist. Let me clarify that minimalism isn't about having the fewest toys, it's about being intentional. If you bring a thing into your life - physical or otherwise - do it because it truly brings you value in some way that improves your life (objectively or personally), not just because it's trendy or you feel some kind of social or societal pressure.</p><p>Advertising, on the other hand, often convinces us to impulse-buy cheap crap we don't need because it uses nudge marketing and constant assaults on our mental bandwidth to wear us down, prey on our emotions, and catch us when we're most likely to buy, even if it's something we end up regretting (or at best, feeling indifferent about) later.</p><p>I'm sure I don't need to tell you how wasteful mindless materialism and consumerism is. You've heard it all before. But still, I'll give you a couple of reminders from <a href="https://relevantmagazine.com/current/11-stats-will-change-way-you-think-about-consumerism/">Relevant Magazine</a>:</p><ul><li>Americans spend more money on fashion accessories than college tuition.</li><li>Nearly half the world's toys are in America.</li><li>On average, American homes have more TVs than residents.</li><li>Plastic kills 1 million seabirds every year.</li></ul><p>A common critique says that if you didn't want or need a TV, you didn't save 50% by buying a TV on Black Friday. You still wasted hundreds of dollars because you bought something you didn't really want or need simply because it was on sale.</p><p>Ad-blocking helps us avoid being suckered by advertisers who only wish to part you with your <a href="https://pricetohours.com/">hard-earned money</a>, regardless if the purchase is something you really want or not. Blocking ads can help save you money and clutter (<a href="https://www.webmd.com/balance/ss/slideshow-clutter-affects-health" rel="noreferrer">mentally</a> and physically).</p> <div class="kg-card kg-cta-card kg-cta-bg-grey kg-cta-immersive kg-cta-centered"> <div class="kg-cta-sponsor-label-wrapper"> <div class="kg-cta-sponsor-label"> <span style="white-space:pre-wrap">is this post bringing you value?</span> </div> </div> <div class="kg-cta-content"> <div class="kg-cta-content-inner"> <div class="kg-cta-text"> <p><span style="white-space:pre-wrap">The New Oil is supported by our audience. If you're getting value out of our work, please consider supporting us.</span></p> </div> <a href="https://ghost.thenewoil.org/#/portal" class="kg-cta-button " style="background-color:#000000;color:#ffffff"> Support Us! </a> </div> </div> </div> <h2 id="ads-slow-you-down">Ads Slow You Down</h2><p>For most of us, bandwidth (the digital network kind, not the mental kind) isn't a concern at home, but it can be in some places. Even on mobile phones, usually an "unlimited data" plan means "we'll slow down your data after a certain amount of usage." In some places or on some plans, even home internet is limited on how much bandwidth you can use in any given month.</p><p>If bandwidth isn't a concern for you, you probably still want the internet to be as fast as possible. Once again, ads play a role here, too. <strong>Blocking ads will make your internet faster.</strong> Every thing you load from the internet takes times, so loading ads takes longer than not loading them. This goes for web pages and apps.</p><p><a href="https://adguard.com/en/blog/adguard-tracker-traffic-ad-report.html">AdGuard</a> reports that they tested 119 pages with and without ad-blocking. On average each page loaded 11 seconds faster with ads blocked, which may not seem like much but added up that was a nearly 50% speed increased.</p><p>For anecdotal evidence, my current Brave install claims to have saved me 6.1 hours on desktop and 41 minutes on mobile. It's hard for me to say exactly how much time I've spent browsing over the months for a variety of reason, but still. That's 6 hours of my life I've gotten back. (Now if only they could return the time I wasted watching <em>Rise of Skywalker</em>.)</p><h2 id="how-to-block-ads">How To Block Ads</h2><p>Hopefully by now I've converted you to thinking that ads are worth blocking. If so, there's several easy ways to do it.</p><h3 id="ublock-origin"><a href="https://ublockorigin.com/" rel="noreferrer"><strong>uBlock Origin</strong></a></h3><p>uBlock Origin is a web extension available for Firefox. A stripped down version called <a href="https://github.com/uBlockOrigin/uBOL-home">uBlock Lite</a> is available for Chrome and Safari (in order to comply with the more strict ad-blocking rules of those browsers). <strong>uBlock Origin is hands-down the best ad-blocker out there.<em> </em></strong>Adding uBlock Origin (or uBlock Origin Lite) to your existing browser is a great way to get started on ad-blocking, and as an added bonus it will block other invisible trackers to help protect your privacy even more.</p><div class="kg-card kg-callout-card kg-callout-card-blue"><div class="kg-callout-emoji">⚠️</div><div class="kg-callout-text">Note that the makers of uBlock Origin recommend against using it alongside other ad-blockers.</div></div><h3 id="brave"><a href="https://brave.com/" rel="noreferrer">Brave</a></h3><p>An even better solution (if you're currently using a browser like Chrome or Safari) would be to switch to a privacy-respecting browser such as Brave. Brave comes pre-loaded with an ad-blocker built on uBlock Origin's blocklists, plus a bunch of other behind-the-scenes privacy-preserving features.</p><p>It's worth noting that you could also switch to Firefox and add uBlock Origin. That's also good, but it requires a little bit of <a href="https://thenewoil.org/en/guides/most-important/browser/#firefox">tweaking</a> to get set up for maximum privacy. If you want something ready to go out of the box, Brave is the best choice.</p><h3 id="dns">DNS</h3><p>If you need to block ads in places other than the browser, you have several options (though the efficacy varies). Specifically you'll want to look into DNS-based blockers. Some DNS providers - like <a href="https://adguard.com/en/welcome.html" rel="noreferrer">AdGuard</a> - offer apps for a wide range of devices, so you may be able to simply use that. In some cases, you may have to <a href="https://thenewoil.org/en/guides/less-important/misc/#search-engines">search</a> for instructions on how to change the DNS for your particular device. Again, this is often hit-or-miss in my experience, but it's the best and safest place to start at least. If you need a list of trusted DNS resolvers, Privacy Guides offers a great one <a href="https://www.privacyguides.org/en/dns/#recommended-providers">here</a>.</p><h2 id="on-supporting-content">On Supporting Content</h2><p>A common argument for not blocking ads is that ads are how creators make money, but that's not really true. In fact, it's rarely true. On my previous podcast - <a href="https://surveillancereport.tech/">Surveillance Report</a> - the funding we got from patrons dwarfed our ad revenue. And that was with less than 150 paid members on a podcast that had 33,000 subscribers and routinely got five-figure views. (Adding sponsors made the ad-revenue even more insignificant.)</p><p>The truth is that most of your favorite creators have methods of being supported directly without ads, and those probably pay better than ads. If there's a service you like that offers a premium paid service, use it to show support. If there's a creator you like, sign up for their Patreon or buy a shirt. Ads aren't the only way to monetize.</p><p>Now, of course, I recognize that not everyone will love a product enough to pay. There are plenty of YouTubers and podcasts I love but not enough to pay for. And that's okay. The point is not to say that you have to pay for everything you like, but rather to remind us that other monetization methods exist and we can use them to support the things we do feel strongly about. Advertisers want us to think it's the only method because it benefits them, but it's not.</p><div class="kg-card kg-cta-card kg-cta-bg-grey kg-cta-immersive kg-cta-centered"> <div class="kg-cta-content"> <div class="kg-cta-content-inner"> <div class="kg-cta-text"> <p><i><em class="italic" style="white-space:pre-wrap">Tech changes fast, so be sure to check out our website for all the latest recommendations, tools, services, and more.</em></i></p> </div> <a href="https://thenewoil.org/" class="kg-cta-button " style="background-color:#000000;color:#ffffff"> The New Oil </a> </div> </div> </div>

Add "easily improve my cybersecurity" to your New Years Resolution with one of these options.

Privacy can feel overwhelming, but you don't have to strive for perfect privacy because it doesn't exist.

2025 was a hell of a year. In so many ways. But in most ways, it was positive for The New Oil. Let's check it out and see what's ahead. ## 2025 Goals Last year my main goal was to manage my time and continue putting out content. In some ways, this was disastrous. As most of you know I didn't put out a single video last year, and even my blog publishing was hit or miss (mostly miss). On the other hand, I personally edited nearly every single episode of Surveillance Report - including the Q&A's - right up until my departure. So in that sense, I put out two videos a week nearly the entire year. Regardless, between a day job that expected overtime, required me to wake up extremely early, and had obnoxious commute times & Surveillance Report, I was burned out more often than not and thus never really had time to do any The New Oil work other than the bare minimum of queuing up news articles and keeping the site current. On that note, my other major goal was infrastructure migration. My original plan was to self-host out of a homelab. Again, I was unable to make any real progress on this front because renewal time would always sneak up on me while I was too busy to focus on it. However, things did take a dramatic step forward toward the end of the year. In September I was able to carve out some time to migrate Nextcloud to Hetzner, and then Mastodon last month. There's been some hiccups that I'm still working out as I also migrated Mastodon to S3 storage along the way, but in the long run this should be less expensive and more scalable. Ghost was migrated to Pikapods, which costs a fraction of paying for Ghost.org while giving me the full feature set as if I were self-hosting, without the hassle of managing a server at the root level. I've already set calendar reminders and will be migrating additional services as they near renewal time in 2026, lowering my operating overhead even further. ## Growth Service | 2024 | 2025 | Growth ---|---|---|--- Mastodon | 9,218 | 10,365 | 12% Bluesky | 166 | 415 | 150% Blog/Ghost | 119 | 75 | -37% Patreon | NA | 44 | NA YouTube | 7,095 | 7870 | 11% PeerTube | 128 | 194 | 52% TikTok | 575 | 570 | -1% Loops | 11 | 14 | 27% Website (total) | 155,807 | 135,438 | -13% Given how little content I put out, it's a little surprising to see any growth at all. One thing of note is the blog losing subscribers, but this is due to the migration from Write.As to Ghost. Given how recent the move was, 75 subscribers is pretty good in my opinion, and it continues to grow steadily. I expect we'll be back at full strength and beyond sooner than later. Regarding the addition of Patreon on this chart, I'd rather people use Ghost, but given that I do my best to mirror content on both platforms (so that way people can sign up on either platform and still get perks) I figure it only makes sense to track that, too. It's disappointing to see the website visitors fell, but I have to assume that was also due to a lack of "marketing material" like videos and regular blog posts driving people there. Hopefully that will go back up in the coming year. ## Finances Category | 2024 | 2025 | Growth ---|---|---|--- Income: Surveillance Report | $7,345.66 | $15,717.50 | 114% Income: Contributions | $996.20 | $543 | -46% Income: YouTube Ads | $210.40 | $222.93 | 6% Income: Affiliate Links | $522.24 | $810.52 | 47% Income: Special Events | NA | $1,579.52 | NA Total | $9,189.15 | $19,316.26 | 110% Expenses: Operations & Infrastructure | $3,163.53 | $2123.52 | -33% Expenses: Production | $955.77 | $1425.35 | 49% Expenses: Content & Reviews | $162.27 | $572.16 | 253% Expenses: Travel & Conferences | NA | $2,423.47 | NA Expenses: Paycheck | $563.00 | $6,537.20 | 1061% Total | $8,119.32 | $18,250.16 | 125% Monero (income) | 1.027880684 | 1.53786428 | 50% Monero (expenses) | .288583534 | .2033446 | -130% Bitcoin (income) | .00348223 | .0 | -100% Bitcoin (expenses) | 0 | 0 | 0% BAT (income) | 22.13 | 0 | -100% BAT (expenses) | 0 | 0 | NA ### Income As you can see, 2025 was a record year in so many ways. The New Oil's income more than doubled. Sadly though, this trend is in keeping with an observation I made last year: Surveillance Report still accounted for nearly 80% of The New Oil's income. The massive rise in income was largely due to Surveillance Report's acceptance of sponsors. Affiliate links proved to be The New Oil's largest source of sustenance outside of Surveillance Report, followed by direct donations and ad revenue. Sadly, direct donations fell dramatically this year - again, likely due to the lack of consistent content - but it's surprising to see ad revenue went up slightly since, as noted above, I didn't release a single video all year. I guess I made some real good evergreen content. There is one anomalous entry this year that I don't expect to be prominent again next year: "Special Events." In the second half of 2025, Henry and I were invited by a very generous organization to come and speak at two of their events, one in America and one in Europe. They paid us for our time and covered travel. (We spoke about data breaches and the importance of cybersecurity and protecting customer data in corporate environments, nothing you guys didn't hear every week on the podcast.) While I do have some travel coming up in 2026, I don't expect anything near this level. On the topic of crypto, all donations came in the form of Monero, mostly to Surveillance Report through either direct donations or XMR Chat. I did spend Monero once to renew my Mullvad subscription, mostly on a whim to try to actually use Monero more. I also think I had NowPayments configured wrong in the past and I wasn't receiving payments made there, but it should be fixed now. I'll continue to keep an eye on it. The only major note I have is that I'm strongly considering dropping BAT support. In addition to not getting any at all this year, Uphold is now requiring users to log in via the app, which is astoundingly abusive. I don't want to do business with a company like that, and BAT is pretty useless anyways. Truth be told, I simply convert it to Bitcoin anyways. Not really anything else I can do with it. ### Expenses Aside from the aforementioned "travel" category, there were a couple other noteworthy changes to expenses this year. First off, infrastructure costs are already falling, and I expect them to decline even more this year as I migrate all my services over to more affordable solutions like Hetzner (as noted earlier in this post). Production costs rose slightly because I moved and had to replace some broken gear or get new gear to adapt to the new recording location. Likewise, I also purchased some new gear like a green screen for filming shorts. Content & Reviews rose quite a bit, but I think that may be more about restructuring how I consider expenses. For example, subscriptions to services like Proton & Tuta may have previously been considered infrastructure but this year were counted as "content" because I use these services a lot in my content. It's really a gray area and not an exact science sometimes. As with last year, I am still paying off some taxes. Those should be fully done this year - hopefully by the end of Q1 or Q2 - and should be a considerable drop in expenses once that's done. Finally, I want to be transparent about the "paycheck" category. I dipped _hard_ into The New Oil funds as a personal paycheck this year. Overall it was just over a third of our expenses. I am confident this trend won't continue into 2026. I have mentioned many, many times that the cost of living in my area was sky-high. I was barely keeping up, and honestly if not for The New Oil my wife and I would've gone homeless on more than a couple of occasions. To be clear, I am not a flashy man. I don't drive a fancy car, I don't buy expensive things, and I don't go out very often. In fact, I'm an introverted minimalist. Most often, for date night, my wife and I will order food (that I usually go pick up to save on the delivery fee) and watch a movie at home or play Stardew Valley together. But the cost of living was untenable in our old home. My wife has applied for disability and already been rejected once. We have appealed. And that's to say nothing of the precarious state of disability in the near future. Part of the "paycheck" spending this year went to simply covering rent or routine medical expenses for a couple months when things were tight, but the vast majority went toward helping fund our move to a new state. We no longer live in Texas, and my god can I tell by looking at my bank account. Taking the job at Privacy Guides came with a pay cut in terms of day job salary, and yet somehow I have been able to pay all my bills and then some in our new town. (We do have some new expenses set to kick in in 2026, but I'm still expecting the budget to be far more reasonable than before.) For the first time in years I'm actually building up a savings account again instead of simply treading water. It was painful to dip into The New Oil so much - even though I know that's part of the reason people donate - but it was an investment. I never could've afforded the pay cut to take the job at Privacy Guides in Texas, a job which in turn will enable me to pay more attention to The New Oil again. I should not need to dip into The New Oil funds to pay my personal bills in 2026, or if I do it shouldn't be nearly to this same extent. ## 2026 Goals ### Content When I announced that I was hired at Privacy Guides, I said more content would be coming soon. That wasn't just some hopeful ambition. When I got hired, there were many discussions about my plans for The New Oil and how we would handle the potential conflicts of doing the same material twice. One thing that was agreed upon by both sides is that neither of us wanted to see The New Oil go away. I have beat to death the horse that at my day job prior to Privacy Guides, I had no free time. While Privacy Guides is still a full-time gig, the lack of commute (and lack of podcast editing on weekends since my departure from Surveillance Report) has freed up massive swaths of time again. Most of the "infrastructure backlog" I mentioned in that blog post is now done (as stated above). There are still a few small things - like finishing my planned calendar for content in 2026 - but overall the heavy lifting is over, which means you guys should start seeing The New Oil churn back to life soon. You've likely already seen the cadence of blog posts start to pick up as I've smoothed out my workflow. Starting in January I hope to post videos again. My next project is making sure all my shipping prices are correct in the merch store at which point I'll likely add some kind of perpetual discount for paying subscribers. I'm also hoping to bring in some new designs later in 2026. (I still haven't settled on a graphic designer yet, so if you know one please send them my way!) When I made the switch to Ghost, I played with the idea of mass-importing all my old blog posts with a script. Ultimately I decided not to do that so that I could go through and check old posts for any necessary updates (and also post them to Patreon). I soon realized that a lot of my old posts aren't very good. I've grown a lot since then. Therefore, much of the blog content for 2026 will be revamping and sharing select posts - classics, if you will. I hope you'll enjoy them. New posts will be sprinkled in, too, of course. Video content will likely continue to be new, though I am eager to update some of that stuff, too, as necessary. Shorts will also get more attention as they can be quickly pumped out and I think my new camera setup will allow me to record content more often. ### Podcast One thing I hope to debut at some point in 2026 is a podcast. Don't get me wrong, Henry has been _crushing_ it on the new Surveillance Report 2.0, and of course I am one of the regular cohosts on This Week In Privacy now, but neither of those shows do what the co-produced Surveillance Report did. At This Week In Privacy, we pick about 5 stories and discuss them with each other. At Surveillance Report, Henry picks a handful of stories and dives in deep. In both cases, I feel there are lots of other stories that are being left on the table. I want to do more of a news-style brief covering more stories, like the co-produced Surveillance Report was. I can't promise when this show will debut - perhaps Q2 2026 or so - or exactly what form it will take. I don't want to bite off more than I can chew. But I can already tell that I want to do this and am formulating some loose thoughts. ### Funding Last but not least, I want to make a final call to readers: as part of my offer at Privacy Guides, I had to remove affiliate links from The New Oil to avoid any appearance of conflict of interest, and I cannot accept sponsors. I am now 100% dependent on ad revenue and audience donations. As noted above, Surveillance Report and affiliate links accounted for 85% of The New Oil's income. It is impossible to overstate what a devastating blow this is to our funding and my long-term goals. I am also, admittedly, very worried about what my tax burden will be in 2026. I have a lot less income that I can write off compared to most years, and due to the way The New Oil Media is structured, the IRS considers all that income as personal income for tax purposes. Right now, The New Oil has a small nest egg that should support us for a good while, but it's shocking how quickly that can be drained, especially when Uncle Same comes knocking. I am pleading with you: if you get value out of The New Oil, please consider supporting us. For recurring memberships, we only have one tier, $5/month on both Ghost and Patreon. That's one cup of coffee per month. I am working hard to bring more perks to that subscription to increase the value proposition, and I am very much open to suggestions if you can think of any I'm missing. We also offer recurring donations without perks through Open Collective and Liberapay. 2026 is going to be a very difficult year for TNO. Cutting spending is of vital importance. Our savings won't last forever based on the numbers above. Ad revenue should increase as content production resumes, but things like signing up for a membership or even one-time donations through Open Collective, the merch store, or cryptocurrency are all crucial to our long term sustainability and success. Now more than ever I will be relying on the audience to help keep us going. I know as much as any of you that times are tough right now with rampant layoffs, cost of living increases, tariffs, and more. But if you are in a position to donate, it would be so, so appreciated. (And of course, free support like sharing the project around and following us on your platform of choice are always helpful as well.) Thank you all for your support, for making another year possible, and now for literally changing my life. I could not have made this move or qualified for the job at Privacy Guides without all that you guys have enabled me to do so far. I hope I'll make you proud in new ways in 2026. _Tech changes fast, so be sure to check_ _TheNewOil.org_ _for the latest recommendations on tools, services, settings, and more. You can find our other content across the web_ _here_ _or support our work in a variety of ways_ _here_ _._

When people started buzzing about _Careless People_ , I admit that I found myself thinking "who cares? Meta is a morally rotten company run by greedy, out-of-touch sleezeballs? This isn't news." But as more and more people talked about it and I began to hear it discussed on non-privacy-focused mainstream outlets, I knew that my position as a privacy "expert" meant that I should probably go ahead and read it anyways so that I'd be prepared when people started to ask me about it. Sadly, I am a very busy person with very little time to read physical books - and I'm allergic to Audible - so I had to wait for a copy to become available at my local library. Over four hundred holds later, I finally got to give it a listen and see what all the buzz was about. ## Sarah Wynn-Williams _Careless People_ is a memoir by Sarah Wynn-Williams, who worked at Facebook (later Meta) between 2011 and 2017 as Director of Public Policy. Wynn-Williams is a lawyer born in New Zealand who worked at the United Nations before joining Facebook. According to Wynn-Williams, she joined out of idealism: she recognized what a game-changing force for good Facebook could potentially be, and she wanted to help further that cause. Instead, as readers likely know, she became part of the platform's slow descent into the amplification of the most toxic parts of humanity, including cyberbullying, scams, authoritarian abuses, fake news, and AI slop. Perhaps that's what drove Wynn-Williams to write this book. EFF's "How to Fix the Internet" has reiterated the idea that in order to criticize something, you first have to love it. Nobody accuses film critics of hating movies or food critics of hating food, but for some reason the moment you criticize tech, you're some kind of luddite who hates progress. In that spirit, it's easy to see how someone like Wynn-Williams looked at the "before" picture of Facebook's role in the 2011 Christchurch Earthquake (where she claims the website helped people account for loved ones, pass along information and resources, and more) and then the "after" of Meta literally enabling genocide and thought "my god, what have we done?" It seems only fair that she should feel the need (and be allowed) to criticize what Meta has become and to sound the alarm about the ongoing abuses. It is this context, I think, that makes the book relevant to our current day and age. Meta seems unable to die, like some sort of eldritch horror that the world can't be rid of even as we all agree we'd be better off without it. I've yet to hear anyone say they'd be sad if Facebook disappeared tomorrow. Maybe Instagram or WhatsApp, but certainly not Facebook. Yet, it persists, begging to be put out of our misery, holding us in its grip like addicts and zombies. This book adds more explanation of how we got here and just how dangerous the radioactive, biohazardous waste has truly become. ## _Careless People_ One reason I put off reading _Careless People_ for so long is because I'm tired of listening to snowflakes (not the political kind) make excuses for why they're not part of the avalanche. While Wynn-Williams could've done a much better job of taking responsibility for her actions, it was refreshing to hear her at several points admit "I should've left at this point." Of course, we can't let her off the hook entirely. People switch jobs all the time under conditions like hers and more, so really she had no excuse. She simply chose to bury her head in the sand and let inertia take her, but at least she admits that. Regardless, once I started reading I was hooked. Following Meta's spiral into complete psychosis is like watching a train wreck, a surgical training video, or a trashy reality show: you know it's going to be awful, but you just have to see it for yourself. Wynn-Williams's pacing is fantastic, each new crisis somehow more incredible than the last. In each situation, Facebook's current form begins to take shape as we see decisions made for the first time that would later seem to become precedent. That said, there is nothing new here for most Meta haters: _Careless People_ tells the story of a socially inept child who has no idea where he is, how he got there, or what to do now. Surrounding him are the leeches who are only interested in serving themselves, seeing their roles at Meta as existing purely to line their pockets with no regard for users, other employees, morals, or society. The company is run by the appropriately named careless people who want only to consume everything like the cancer they are to extract as much wealth and power as possible to continue their spoiled games like oversized children. Everything exists - they seem to believe - to serve them. It became apparent to me very quickly that I could not listen to this audiobook on the way to work in the morning. At one point I actually apologized to my coworker, telling him I was reading that book and it had put me in a bad mood. The next day he asked "you didn't read that book this morning, did you? I can tell. You're in a way better mood today." Perhaps the most eye-opening part - for me, at least - was just how truly detached from reality the rich and powerful really are. Among the many, _many_ stories shared, Wynn-Williams relays a particular story about Zuckerberg's upcoming visit to Peru. To start with, Zuckerberg forgot his passport, so the plane sat on the tarmac while someone had to run back to his house and grab it. Meanwhile, Zuckerberg spent the whole time blaming everyone else (and of course, they all eagerly took that blame like the good little sycophants they are) as if he isn't a grown-ass man who should be able to account for and manage his own identification paperwork like the rest of us do without issue. Then, after that, Zuckerberg suddenly decided that Zika is a concern since he and his wife are trying to get pregnant. This is despite the fact that the town they're visiting has reported zero cases and no part of this trip would require any sort of recommended precautions. The entire team - in the jet, on the tarmac - proceeded to wait while they had to contact the Peruvian government to have an exact replica of his office built so he could isolate while there. Imagine if you had to travel for work and you sat in the car while you made someone else run home for your ID and then called the out-of-town destination and said "yeah I'm gonna need you to build me an exact replica of my office before I arrive tomorrow." The book is riddled with stories such as these, anecdotes that make you pause, step back, take a deep breath, and go "wow, truly these people live in a completely different world." (And not in a good way.) From others letting you win in board games to sexually harassing your coworkers with impunity, it's shocking the immunity, isolation, and privilege these people walk around in, completely removed from all things. Anything you want, any time you want, never challenged. No wonder they're all children. I truly pity them: to be stagnant, to never grow, to never have to face yourself or any difficulty. To me this was the hardest part of the book to read. "How can anyone possibly be this entitled, this out-of-touch with how things work?" Moreover, how can anyone be content with that? I'd be lying if I said I didn't wish I could afford to buy anything I want any time I want, but to be surrounded by vapid yes-men? To never grow as a person? To not understand the basic functions of the world? To be so self-absorbed that I'm oblivious to how despised I am, how everyone around me only indulges me for what I can offer them, and how truly awful and wrong I am? And to be happy with that trade off? It's truly baffling. ## Conclusion If you already hate Meta, Zuckerberg, or anything Facebook-related this book will only further entrench that belief. If you already hate the rich, this book will make you hate them more. If you're still using Facebook, perhaps this book will make you reconsider wanting to support these kinds of people. I won't say this is the "must-read book of the year" but I will say that it's worth your time, and it's a relatively easy read ("relatively" if you don't count the rage-induced blood pressure spikes). But personally I appreciate nearly any history book that helps explain how we got where we are today, and while this book may not put any major historical events into context, it certainly helps explain how Meta got to be what it is today, and given that Meta is such a major part of our society, that context alone might make it worth a read. _Tech changes fast, so be sure to check_ _TheNewOil.org_ _for the latest recommendations on tools, services, settings, and more. You can find our other content across the web_ _here_ _or support our work in a variety of ways_ _here_ _._

Privacy isn’t just about data. It’s about control. We often use security as a means to enforce privacy - for example, encryption forces providers to respect our wishes rather than simply pinky-promising they won't do anything untoward. And threat modeling requires us to ask ourselves to weigh the tradeoffs vs the consequences in the case of a risk. At the intersection of these ideas we often find a particularly powerful but niche feature of many privacy-focused devices: the ability to quickly wipe a device in the face of danger. CalyxOS offers this in the form of a Panic Button, and GrapheneOS offers a duress PIN. But last week, we saw that these tools may not be right for every situation. On December 9, an activist from Atlanta, Georgia was arrested and charged for allegedly wiping his phone before Customs and Border Patrol (CBP) was able to search it. This became the headline story for This Week in Privacy, so to make sure I was prepared I consulted with a lawyer I know. Thankfully, she had a lot to say on the matter. Sadly, most of it was professional opinion because I was quickly informed that cell phones are a legal gray area in the US right now. ## Legal Background The legality of phone search overwhelmingly comes from a 2014 court case called _Riley v California_. David Riley was pulled over while driving for having expired tags on his vehicle. During this routine stop, police also discovered that his license was expired. As such, the police impounded the car. During this process, police searched the car for inventory purposes and found two hidden (and loaded) handguns, as well as "gang paraphernalia." This prompted an arrest. During an arrest, police are authorized to search the person being arrested and the immediate area (such as the car) to ensure officer safety. As part of that search, the police searched Riley's phone. Later, Riley argued that the search of his phone was a violation of the US Constitution's 4th Amendment because the data on the phone presented no risk to the police. Ultimately the Supreme Court agreed with Riley and thus it became legal precedent that searching a phone might require a warrant in some cases. Adding to this already very narrow ruling are further legal complications at the border. There's a 100-mile buffer zone within any land, sea, or air border (Atlanta International Airport, for example) that gives CBP extra authority and weakens the rights of people in that zone, including citizens. Within that zone, CBP is allowed to do "routine searches" without a warrant on anyone. What's a "routine search?" Great question. We only know what it isn't: if it requires an agent to use "external equipment" to "review, copy, and/or analyze its contents" or gain access, it's no longer routine. This basically means anything that doesn't involve Cellebrite could potentially qualify as "routine." There have been numerous court cases that have challenged the legality of searching phones, but none have gone before the Supreme Court to settle the answer once and for all. In the meantime, the lower courts have given a series of conflicting responses. Some courts have ruled that warrants aren't required, others have said they are. The Atlanta story seems clear cut at first - after all, 404 Media suggests that the activist wasn't under arrest yet - but it's likely still not an open-and-shut case. For starters, we don't have any details at the time of this writing, so we don't if that's true or what the circumstances of his possible arrest were. Regardless, one could argue that if the activist knew that an arrest was imminent, then wiping his phone could be treated the same as flushing drugs down the toilet knowing that the cops are knocking on the door, which would likely qualify at very least as "obstruction of justice" and/or "destruction of evidence." ## A Practical Compromise An individual's privacy and/or security posture is about finding the right balance between convenience and protection, which is a largely subjective line that varies from person to person. This is the reason behind threat modeling: it lets you know if you need to do more to protect yourself or that it's okay to dial it back a little bit if you're going too far rather than continue to subject yourself to unnecessary stress and frustration. There are truly some people with extremely high threat models, people who can't afford to make a single mistake or for whom the gamble of a court case is worth the guaranteed protection of keeping that data from falling into the wrong hands. And likewise, there are some people who are prepared to sacrifice everything for the sake of ideology. But for most people, there is a line in the sand. Most people have families, jobs, and other priorities that would be seriously inhibited by sitting in a jail cell or fighting a prolonged court case. This seems to leave us with two choices: reset our devices and risk prolonged legal hassle, or simply hand over our phones and suffer the humiliation of a privacy invasion. But as with most things in privacy, I think there is a middle ground that's acceptable for most people. ### The Panic Button Before I offer actual solutions, I want to address Calyx OS's panic button feature. While both Graphene and Calyx offer ways to quickly and completely factory reset your phone, only Calyx OS's panic button (a built-in integration of Ripple) can be configured to erase specific apps such as Signal while leaving the rest of the phone otherwise untouched. At first glance, this seemingly offers an advantage because erasing a few apps is less suspicious than having a phone that's clearly not new but somehow is on the initial setup page. (And if you prepared your phone properly, it would only contain data from that day such as any pictures or videos.) However, my research suggests this is a risky gamble. If you're lucky, the cop searching your phone shares this line of logic, decides that there's not enough evidence, and lets you go. But if they decide to arrest you anyways, forensic analysis can reveal that the apps were removed and thus you might still be open to the same "obstruction of justice" charge mentioned earlier. So what are the real solutions? ### Digital Minimalism I have long advocated for digital minimalism: the idea that you should strive to keep your digital life as small as possible. This includes things like not signing up for unnecessary accounts, deleting old content you no longer need, and keeping apps off your phone as much as possible. Needless to say, many of these words as subjective, like "unnecessary" and "as much as possible." The right amount of digital minimalism - or even the possible extent of it - will vary person to person. But finding that sweet spot for yourself can help you reduce the risk to your data. If the data was never on your phone to begin with, then you never need to worry having it fall into the wrong hands. Try to avoid putting things on your phone if you don't have to - especially sensitive data - in the form of banking apps, email apps, and more. Enable disappearing messages and wipe old content you no longer want or need like photos. ### BFU While much of phone-related law is still up in the air, one piece of precedent seems relatively consistent: your password. As it currently stands, you are never required to hand over your password as that violates the 5th Amendment. A court may require you to unlock a device, but not to hand over your password. Therefore, if you suspect your phone might be confiscated or you might otherwise be about to lose control of it, reboot it. This will put your phone in "Before First Unlock" or BFU state. In BFU state, your phone will require the password or PIN to unlock for the first time, even if you normally use biometrics (I would still recommend disabling biometrics prior to attending any sort of high-risk event, and of course you'll still need a strong password or PIN in this case). As a secondary bonus, this is the most secure your phone can possibly be in case the police decide to do a more advanced forensic search. iPhones only offer the option to shut down your phone, which is fine. Androids offer more options to power off, reboot, or "Lockdown." When selected, Lockdown will disable biometric unlock options as a few other things, but is not as secure as a full reboot or shutdown. **Disclaimer:** I did get the help of my aforementioned lawyer friend to look over this article, but it's important to note that every situation is unique and that she's 1) not _your_ lawyer, and 2) not specialized in this area of law. Any time you're facing arrest, your best bet is always to remain silent and demand a lawyer. When I first got into privacy, I told people how empowering and exciting it felt. I said that it felt like I was in a spy movie but without the risk of torture or death for messing up. Duress PINs and panic buttons are really cool, and I think that's why the community is largely drawn to them. They're exciting and empowering and feel cool. But I think sometimes we get so caught up in the excitement and romance of all these very powerful tools and lose sight of the practicality. Perhaps that particular activist really did have data worth protecting and would do this again, despite the legal repercussions. Regardless, we know have a better idea of some of the possible risks of these tools, and we can adjust our threat models accordingly. My sympathies go out that person, but we bystanders now have the chance to think about what we would do in that situation. Take advantage of this story to really consider your own threat model - especially the "how much effort am I willing to go through?" part - and prepare ahead of time rather than being caught off guard and taking that risk unnecessarily in the moment. _Tech changes fast, so be sure to check_ _TheNewOil.org_ _for the latest recommendations on tools, services, settings, and more. You can find our other content across the web_ _here_ _or support our work in a variety of ways_ _here_ _._

On a recent episode of This Week In Privacy, one of the Q&A questions asked "With it being Thanksgiving week in the US, what is one development in the privacy world that you are grateful for this year?" Currently, we lose more than we win in privacy. Sad, but true. Sometimes this takes the form of regulations such as age verification laws, other times it's merely social norms that become hard to push back against like the proliferation of apps. But I posit that there are more wins than we realize. Back when I co-hosted Surveillance Report, one thing I wanted to do every year was an end-of-the-year glance back at the good news in the privacy space from that year. Unfortunately I was always so busy that I never had time to go back through a year's worth of stories (especially when we averaged over 30 stories each week) to parse the good ones. One year I decided to keep a separate folder and drop any good news in there as the year went. As you can probably guess, I eventually stopped keeping up with this for lack of time, but before that happened I realized very quickly that we weren't going to be able to cover every single piece of good news that happened throughout the year. And by "very quickly" I mean "around February or March." In just a few months, the episode was bloating up to a crazy size that wouldn't be realistic, even for a special episode. The human brain is wired to remember the bad more than the good. This is an evolutionary advantage because in the hunter-gatherer days, getting it wrong was way higher stakes than getting it right. We evolved to _really_ remember if that plant made us sick because next time it may outright kill us. But like most evolutionary traits, this doesn't always serve us well in the modern era. These days, only remembering the bad can make us cynical and bitter. But it's crucial that we learn to recognize and celebrate the good things that happen in privacy. If we only ever focus on the bad, we soon lose hope and give up. I try hard to make sure that when I talk about these more philosophical topics, I don't just offer vapid advice like "don't give up hope!" Instead, I try to give actionable takeaways. So in that spirit, here's some actionable steps I recommend we take to help ourselves take space to celebrate the little wins and keep up our spirits in the seemingly endless fight for privacy: 1. **Build a sustainable rhythm.** I've written about burnout in a previous blog post. There, I mentioned the idea of finding a rhythm that works for you. Everyone's rhythm is different. Some people need their weekends, some people just need a night on the town, some people need full-on vacations. But regardless of your rhythm, it's important to make time to relax and unwind. If you're burned out, you won't have the energy to be able to really devote yourself to the things that matter to you, be it privacy or other issues. I especially encourage you to find other hobbies you enjoy and make time for those as well, whether it be reading, video games, movies, gardening, you name it. 2. **Join communities.** It's very encouraging to know that you're not alone, and to be able to ask for help and feedback and learn from others. Getting plugged into communities of like-minded folks - be it online or IRL - can help you stay focused, energized, and be part of the aforementioned rhythm. Privacy Guides*, Techlore, and even Firewalls Don't Stop Dragons all have communities of other privacy enthusiasts you can join up with. (You can also become a paying subscriber to The New Oil and gain access to leaving comments on these posts for a bit of community here, too). It may even help to go find some IRL groups you can attend to find community in your area. I've had a surprising amount of success on Meetup.com here. 3. **Keep perspective.** As I said before, good things happen all the time but we're wired to remember the bad. Try to keep track of the good things that happen or even just appreciate the good tools and services that are helping us to secure our privacy now. This might be the form of a journal, bookmarking some "good news" videos from privacy creators, or pretty much anything else that you can look back to when the fight feels hopeless. Many privacy advocates praised the show _Andor_ back when season 1 came out. They cited how it really captured the frustration and exhaustion of fighting a long, drawn-out rebellion - like privacy, for example. Privacy is not a sprint in any sense of the word: you can't get your data taken off people search sites immediately or implement every privacy tool overnight. Cliche though it may be, privacy is instead closer to a marathon, and like a marathon that may sometimes entail getting some water, reminding yourself of how far you've come, and accepting the cheers of others to motivate you. Slowing down or taking a break is fine, as long as you keep moving forward. *Full disclosure: I am currently a full-time employee of Privacy Guides, but of course even joining the forums at a free level is still a pretty vast level of community. _Tech changes fast, so be sure to check_ _TheNewOil.org_ _for the latest recommendations on tools, services, settings, and more. You can find our other content across the web_ _here_ _or support our work in a variety of ways_ _here_ _._

Yesterday, Naomi Brockwell released a video in which she shared the struggles one of her community members experienced trying to buy a new guitar online. The longer the video went on, the more I found myself saying things like "well obviously that caused problems" and "why would you do that?" So this week, I'd like to dig in to this video step by step and examine what this person did and what I'd recommend they (and you) do differently next time to have a smoother online shopping experience while also protecting your privacy. Before I begin, I want to make it clear: I'm not trying to criticize Naomi Brockwell or imply that she's wrong or dumb or anything like that. For starters, this is allegedly someone else's story that she's merely relaying, not her own. Also, I really like Naomi Brockwell. I think her videos are well made, entertaining, educational, and accessible - exactly what I aspire to be. I think she's doing fantastic work and I fully support her. (Also I'm not the kind of person to torture myself by ingesting content from people I fundamentally disagree with just to bash them later.) So this isn't me trying to write some kind of "EXPOSED!" takedown drama garbage. This is me going "ah, I see a lot of learning opportunities here," and I wanted to comment on them because truthfully I've made some of these mistakes myself at various times. **Shipping:** Naomi's video begins with the person placing the order. They say that for the shipping address they used a private mailbox that they secured under a fake name. I'm all about this, and this is actually one reason I've started to prefer private mailboxes over PO Boxes in the US. Whenever I get a USPS PO Box, they're pretty stringent about using my real name on it (despite constantly putting the old person's mail in my box). The first time I opened a private mailbox, however, they straight up asked me what other names I wanted to put on it, and didn't bat an eyelash when I gave them Nathan Bartram, The New Oil Media, and a few others. I still had to submit ID and proof of address and such, but I can now receive mail as Nate, The New Oil, or anyone else I need to. **Billing:** Here is - in my opinion - probably the first real mistake this person made. The person said they used privacy.com - which is great, I use and endorse privacy.com myself - but (quoting the video) "since privacy.com doesn't require a name or billing address, I just made one up." I can attest from past experience that this is a huge mistake. For one, this is probably what tripped the fraud department that the person had to deal with later (more on that in a moment). For another, it also doesn't make any sense. Based on my research, the payment processor (and possibly other parties involved in this supply chain) is able to see both billing and shipping information, so using different information isn't really accomplishing anything from a privacy perspective. But the biggest mistake here was making up an address. Back when I first started using privacy.com, I used to make up addresses - including, yes, I am shamed to admit this, "123 Main St." I realized very quickly that this was a surefire way to trip the fraud flags. Most payment processors verify that the address you entered is at very least a real address. So rather than making up an address, always use a real address. I personally switched to using a hotel downtown (because the address was very easy to memorize) and never had any issues on that front again, but you could also use a library, city hall, or pretty much any building. **Email and phone number:** Next, the viewer said they made up a SimpleLogin email address. This is another great idea. On rare occasions I have had issues getting emails delivered or having the email address rejected, so one tip I recommend is using a custom domain. (Bonus tip: you can set this domain to be the default for new addresses in SimpleLogin for a seamless experience.) Last, the viewer said they used Cloaked. This is a service I admittedly haven't had time to dig into, but I really want to. I've been putting it off because Cloaked seems a bit limited - you can't really make calls the way you can with stuff like MySudo or Hushed - but it does seem like it would be absolutely perfect for this kind of use case here, sort of a SimpleLogin- or Addy-type solution but for phone numbers. **The fraud department:** The final mistake came a few days later when the viewer received a call (the video didn't clarify from who, but I'm going to assume it was the vendor) asking to verify some of the information. The exchange started with the vendor asking "who am I speaking with?" so the viewer gave the name on the shipping address. The vendor then asked "so who's [name on the billing address]?" Again, this whole situation could've been avoided by simply using the same information in both cases, but instead the viewer gave what I would argue is a pretty facepalm-worthy reply: "Oh that's nobody. Just a name I made up." According to the viewer, this instantly resulted in a very confused and awkward back-and-forth as the vendor attempted to understand while the viewer attempted to explain. I've experienced this many times myself. I used to name my emails after where I used them, such as `amazon@mydomain.tld` or `dominos@mydomain.tld`. I stopped doing that because people got very, very confused. For example, when applying for a new apartment I would put `propertyname@mydomain.tld` and I could see the visible confusion on the leasing agents' faces when they'd go "wait... so you work for the property?" "No, it's just an email address." "But then how do you have an `@propertyname` email address?" I didn't, of course, but most people don't even know what a domain is, so even if it was `propertyname@gmail.com` it would still confuse them. Eventually I got tired of explaining things and just started going back to randomly generated email addresses. Obviously I'm all about sharing the message of privacy: I have The New Oil, I took on a full-time role with Privacy Guides, and I sit on the board of EFF Austin. This stuff is incredibly important to me. But I think there's a time and a place, and trying to explain complex privacy strategies to someone who's just trying to do their job and keep food on the table is, in my honest opinion, kind of in poor taste and gives off strong "main character energy." You've gained nothing and lost a lot of time and energy. You're not going to raise awareness or leave a positive impression and they're not going to ask you more about these tools. In many cases, company policy prohibits them from asking if they can contact you again after work even if they wanted to learn more, and it'll look bad on their performance reviews if they stay on the phone too long anyways. The New Oil lists a number of organizations you can get involved with on our website. If you really want to evangelize and make a difference, I'd recommend starting there or a similar local organization. Keep your online shopping smooth and convenient (but still private, of course). _Tech changes fast, so be sure to check_ _TheNewOil.org_ _for the latest recommendations on tools, services, settings, and more. You can find our other content across the web_ _here_ _or support our work in a variety of ways_ _here_ _._