The Plan for TOPS Going Forward – Some New Announcements

Hello, everyone!  As you may or may not have seen recently, my inability to keep things as updated as I’d like caused some confusion and even a little panic (sheesh) – but if nothing else, it did serve as a bit of a wake-up call as the project expands.  As personal obligations demand my time, I still want to ensure that TOPS and its content are available to the people who need it most. I also have plans I’d like to follow through on in the coming months.  There are a number of challenges I briefly touched on in the reddit post above, but I thought I might take a moment to go into more detail and talk about my plans to improve the situation.

Getting Donations of Time – I have reached out to a handful of people I trust – some that I know personally, and some that I’ve met (and vetted) throughout the course of this project.  A couple have graciously agreed to help with some of the more time-consuming tasks with the project – updating data on the charts and (actually) responding when readers like you email or PM me, etc.  I feel a little embarrassed by the catalyst, but it is exciting to officially form “That One Privacy Team” since it means the project and its needs have grown.  I’d like to take this opportunity to introduce a couple of new people who have agreed to assist me – we’ll call them That One Privacy Fox and That One Privacy Koala. These new assistants and some I’ll hopefully be getting the help of soon are located around the world, so while there might be a little bit of a delay from one of us, between us all we can hopefully answer quickly – (and even if a response comes a little later from another time zone, it’s certainly better than me not getting to it for a month!)

I also wanted to start asking for more help from the community in general.  Aside from monetary donations – if you wish to contribute to the site, and can maybe share your time, technical knowledge, or ability to translate content into other languages, please email us (team@thatoneprivacysite.net).  Let me know more about what you might wish to do to help.  I’d be willing to discuss it with you, though I do have a screening process of sorts in mind.  I feel a lot of support from the community, and one thing I regret a bit is not tapping into that desire to contribute more if there are those that are willing.

Making it Easier to Donate – I’ll be honest, getting rid of PayPal and Patreon was difficult.  I quickly found that paying for hosting and tools without that offset can at times be a serious burden.  Admittedly, terminating my relationship with both were by choice, and nothing was forcing me to end my relationship with either.  But if you know me, it was more the principle of the situation driving those decisions – and I stand by them despite the hardship they created.  (Though I had some trouble with it the last time I looked), I’ll be making another attempt to find a more privacy friendly service that could help restore that aid.  Many of you have been generous to the project and many more ask how they can donate in an easier way than the current limited crypto options.  As a side note, I want to thank you so much FOR your generosity.  Especially early on, the project likely couldn’t have gotten where it is today without it!

Publish new VPN Reviews, and refresh older ones – To prevent the VPN Reviews from getting too stale and to keep this popular feature of the site alive, I want to use some of the help I requested above to perform VPN reviews.  There are some potential pitfalls with this, but I believe I have a plan to counteract them.  There was never any secret to the way I conducted VPN Reviews, and this was intentional.  I link to my methodology from every review I do, and that formula is supposed to be reproducible – not just by me.  As mentioned above, if you wish to contribute your time and writing ability, feel free to reach out if that’s something you think you can do.  I care mainly about impartiality and ability to perform a review using the established methodology.  I want to stress that not just anyone is going to get the green light – the unbiased, thorough nature of the reviews is something that needs to be preserved.

Again I want to thank everyone in this community for their support and continuing contributions of many kinds.  Despite some growing pains, I’m looking forward to these next steps and I’m excited to breathe some new life into TOPS in the coming months – with your help!

Visualizing Privacy and Trust in the Digital Age

We live in a complicated world.  The rapid advancement of electronics and computerized tools is matched only by our reliance on them.  These tools bring with them faster and (in theory) more secure methods of communication.  One of the problems I often find when speaking with the average person about protecting one’s privacy is their ability to visualize what it is they’re being told.  I wish to attempt to bridge the gap between a complicated topic and you, the reader.

When taking the deep dive into concepts such as communication protocols and cryptography, it can be easy to get confused and lost in the maze of terms and specifications thrown around by others.  I find that in order to get your footing on the topic, it is important to take a step back and understand communications in a more abstract way.  Once someone can do so, they can make connections which they were not able to previously.  

One useful way to accomplish this is considering a similar concept that’s been around that is more tangible.  I’m certainly not the first person to propose the idea, but I find the analogy of sending a letter to be fitting.  In the “old days”, when you wanted to send someone information, you would do it by sending a physical, paper letter.  A letter has a few different parts.  It has a message, typically on a piece of paper inside an envelope.  It also has the envelope itself.  The basic function of the message is to contain information intended for a given recipient.  The envelope is mainly intended to shield the letter from eyes other than that recipient, as well as contain some necessary information to allow the letter to arrive safely at its destination.

When the letter is (I keep wanting to say was…) originally sent, it was sealed (so that the envelope couldn’t be opened without it becoming obvious that it had been).  It was then handed off to a mail carrier who would take it to one or more sorting facilities or distribution centers, until a carrier closer to the addressee would finally deliver it.

What is important to think about in this example (and it’ll make sense why I’m breaking this down shortly), is that sending data electronically has similar points through its journey where it is out of your control.  The difference being that a digital packet of data is transferred so quickly that it can seem more like magic than that it is traveling along a specified route.

This route IS understandable, and I’m going to attempt to explain (again, in abstract terms) how it works.  When you send some digital information from a computer or other internet connected device, it is packaged up in different ways depending on the method you send it (SMS, Email, Instant Message, etc).  Imagine these differences being comparable to mailing a letter versus mailing a postcard for example.  In the example above, it was a mail carrier handling your communication – and here it is servers, local networks, firewalls, and ISPs handling and delivering things down the chain.

Each of these stops along the route is a potential point of interception.  When we talk about security, we’re talking about the ability of the “envelope” or communication standard’s encryption methods to properly protect the data being sent.  When we talk about privacy, we get into such things as trust – a question to ask yourself when analyzing your data’s security is, “can each point in that route one that can be trusted to relay my data without it being compromised or read by an unintended third party?”

If for example, you are sending someone an email using a public Wi-Fi connection, many of these points of interception are higher risk, because the network is not one in which you are in control.  Naturally, things in your control you are more apt to trust.  One reason I spend so much time researching and discussing tools like a VPN, is because such a tool can help you to send that letter of yours in a proverbial lockbox.  That is to say, the method in which you contain and seal your message is much stronger (in theory) than a potential adversary at any of the points of interception ability to break.

Hopefully this helps visualize something that might otherwise be complicated in a more simple way using an example that by itself is easier to understand.  This is one of the reasons I so highly stress company ethics and am quick to distrust a company that is inconsistent with their own terms, or participates in questionable partnerships – if you can’t trust a company to be straightforward with company policies and responsible operation, how can you trust them with the points of interception that you’re placing in their care?

(Note that the purpose of all of this is to explain some basics, but I should mention that of course no one tool for security is perfect, and complete trust should never be put into a tool you rely on for privacy and security.  A determined and sophisticated adversary will use many methods to attempt to compromise your communications, but as always, layering your security and being smart are a good start.)

How to Loosen the Noose of Anti-Privacy Tech Companies

Recently, companies like Facebook and Google have been seeing an increase in scrutiny.  Such companies thrive on the ability to collect and sell their users’ data, and fear the spotlight being shined on them – as it poses a risk to their operations.  At this point, enough light has been shined that anyone paying attention with half a sense of privacy turn 180 degrees from them and run the other direction.  The point of me writing this isn’t to list off the countless ways that these companies abuse their users (I hesitate to say customers), but rather to explain how YOU can help influence change in the technological landscape, at least in time.

Read more

So You Want to Take Back Your Privacy

Written January 22, 2019

Many of you may not be aware of this That One Privacy Site’s origin.  For those who aren’t: a few years ago I got serious about my privacy and while moving away from proprietary software and services, I started moving towards using FOSS ones (VPNs being a large and trouble-infested corner of this realm).  Through my own search for answers where privacy was concerned, I did a lot of research, specifically in the realm of VPNs.  I decided to share my results to help others, and what resulted was the start of a snowball.

Read more

The Next Big Step(s) for That One Privacy Site

Written Dec 6, 2018
A few years ago, my desire for privacy grew and I started trying to change my digital habits. During this transformation, I discovered the need to opt out of unlawful mass surveillance using such tools as encryption, including a VPN. As is my personality, I wanted to thoroughly research the technology and the market before I made my selection on a service. At the time, I made a chart in Google Spreadsheets as I started my search, which over the next two years, spiraled into multiple full blown comparison charts and guides, today. If the feedback and attention the project has gotten means anything, many others have been able to use these tools as they have started down their same rigorous path of research.

Read more

A Belated April Fools Day Joke: SIMPs for Safety

Some Background: I originally wrote the below blog post intending to use it as an April Fools Day Joke.  When I showed it to a couple of people to read it early, I got feedback that it would be too subtle and could go over the heads of people who would then react badly.  Rather than making it more heavy handed and absurd to avoid this (and therefore ruin the tone I was going for), I decided to forego it all and go with a joke Twitter Poll, insead.  I still wanted to use it and hopefully put a smile on people’s faces, so I’m posting it today, a day after April Fools.  Enjoy!

Read more

PayPal is a Kafkaesque Nightmare

“Hey, TOPG, what the heck?  You’ve been off the radar for a couple of months, when’s the next review?”  Quick version – “Life has been hectic (in part due to what you’ll read below)” and “hopefully in the next couple of weeks”.

Read more

ProtonVPN Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #3 (at the time of the roll, ProtonVPN)

Read more

TunnelBear Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This review’s roll was #10 (at the time of the roll, TunnelBear)

Read more

Mullvad Review

Disclaimer: The below review is my opinion, which I will try to provide as many examples for and as much evidence as possible to support.  Readers can learn more about how I conduct my reviews, my methodology, etc – here.  More information on review badges here.

This is the first VPN review in which I’ve let my Patreon supporters choose the service I will be taking a look at.  For those who are unaware, patrons supporting That One Privacy Site at the $5/month level or higher are able to nominate a service in between reviews that use open-to-all nominations.  Normally this would still involve a random selection, but as I currently only have one patron at this tier, their nomination wins by default, lucky them!

Read more