20240721

- Updated VoIP service pros & cons
- Added Filen to the Notes Apps for mobile section since they now include notes
- Changed TNO Bluesky account to a third-party bridge we'll be using going forward
- Added a note about SIM Swapping for VoIP and MFA.
- Added clarification for searching for your own data on people search sites

src/assets/data/BlogPages.json

@@ -1,4 +1,9 @@
 [ 
+  {
+    "slug": "best-voice-over-ip-providers-in-2024",
+    "created": "2024-07-21T15:00:39Z",
+    "title": "Best Voice-over-IP Providers in 2024"
+  },
   {
     "slug": "major-changes-to-the-website",
     "created": "2024-07-05T15:01:41Z",

src/assets/data/pages/en/guides/less-important/Voip.json

@@ -8,7 +8,6 @@
     "pros": [
       "Unlimited numbers",
       "International calling",
-      "Can work just with WiFi (doesn't need mobile data to operate)",
       "Does not require your SIM number"
     ],
     "cons": [
@@ -29,10 +28,7 @@
     ],
     "cons": [
       "US and Canada only",
-      "No group chats",
-      "No video calls",
-      "Requires your SIM number",
-      "Requires a Google account"
+      "Requires a Google account (which requires a SIM number)"
     ]
   },
   "mysudo": {
@@ -45,12 +41,9 @@
       "Does not require your SIM number",
       "Includes fully functional email, web browser, and [digital masked cards](/guides/most-important/payments) (iOS only)",
       "Zero-knowledge at rest",
-      "End-to-end encrypted (only to other MySudo users)",
-      "Group chats (only to other MySudo users)",
-      "Video calls (only to other MySudo users)"
     ],
     "cons": [
-      "US, Canadian, and UK phone numbers only",
+      "US, Canada, and UK phone numbers only",
       "Desktop client in beta, web-based only, can only sync with iOS"
     ]
   },
@@ -66,8 +59,6 @@
       "Desktop app available"
     ],
     "cons": [
-      "No group chats (over normal protocols)",
-      "No video calls (over normal protocols)",
       "Requires a Microsoft account",
       "Pay by the minute"
     ]
@@ -80,13 +71,13 @@
     "pros": [
       "Unlimited numbers",
       "International calling",
-      "Available in 70 Countries",
-      "No phone app required (forwards calls and texts to your SIM number)"
+      "Available in 72 Countries",
+      "No phone app required (can optionall forward calls and texts to another number)"
     ],
     "cons": [
       "No free tier",
       "No desktop app",
-      "International Calls are billed per minute",
+      "International calls are billed per minute",
       "SMS only supported on US and Canada Numbers"
     ]
   },
@@ -96,17 +87,14 @@
     "logo_alt": "Viber logo",
     "link": "https://www.viber.com/",
     "pros": [
-      "Group chats (only to other Viber users)",
-      "Video calls (only to other Viber users)",
       "Desktop client",
-      "Zero-knowledge storage",
-      "End-to-end encrypted (only to other Viber users)",
-      "Worldwide numbers available",
+      "Available in 59 countries",
+	  "International calling",
       "Does not require your SIM number"
     ],
     "cons": [
-      "External messaging and calling cost extra",
-      "Only one number available"
+      "Calls are billed by the minute",
+      "Only offers one number per user"
     ]
   }
 }

src/assets/data/pages/en/guides/most-important/MobileApps.json

@@ -68,6 +68,7 @@
       "values": {
         "Alternatives": [
 		  "[Cryptee](https://crypt.ee/)",
+		  "[Filen](https://filen.io/r/834a3bd235bca0caa53141f2ebc30438) ([Non-affiliate link](https://filen.io/))",
           "[Joplin](https://joplinapp.org/)",
           "[Nextcloud](https://nextcloud.com/)",
 		  "[Notesnook](https://notesnook.com/)",

src/assets/data/pages/en/links/PodcastsNewsAndBlog.json

@@ -18,7 +18,7 @@
   },
   {
     "name": "Bluesky",
-    "link": "https://bsky.app/profile/thenewoil.org",
+    "link": "https://bsky.app/profile/thenewoil.mastodon.thenewoil.org.ap.brid.gy",
     "img": "/images/logos/bluesky.png",
     "not_encouraged": true
   }

src/pages/en/guides/less-important/voip.mdx

@@ -17,12 +17,14 @@ Voice-over-IP is the technology allowing phone calls to be sent over the interne
 
 ## Why do I Need Voice-over-IP?
 
-If you are a freelancer, still dating around, work in a high-profile or sensitive position, job hunting, or \*\*any other similar situation, this section is critical for you. I would define a "similar situation" as any situation where you hand your phone number out frequently to strangers or you have an increased need for privacy. If you don't feel you fall into this category, consider this section "not mandatory but highly recommended."
+There are dozens of reasons to use VoIP as part of your cybersecurity and privacy strategy. If you are a freelancer, still dating around, work in a high-profile or sensitive position, job hunting, or any other similar situation, this section is critical for you. I would define a "similar situation" as any situation where you hand your phone number out frequently to strangers or you have an increased need for privacy. If you don't feel you fall into this category, consider this section "not mandatory but highly recommended."
 
 Regular SIM phone numbers are often tied to individuals. In some parts of the world, an identification is required, but in other places the most common way it gets tied to a person is by setting up a phone plan in a real name, often accompanied by a credit check to buy an expensive smartphone on a payment plan. Once that happens, **the phone number issued by the cell provider basically becomes a type of identification number.** There are numerous websites where one can type in a phone number and get varying degrees of information about the owner of that number. Usually at a bare minimum one can get the provider and general location of the the owner (often accurate to within the city). Sometimes one can get a full address, a full name, roommates, historical information, and more. Voice-over-IP numbers are significantly less regulated and therefore give away immensely less information. By using a VoIP number instead of your real number, you dramatically reduce risk to yourself.
 
 ## Example Advantages of VoIP
 
+VoIP is harder to [SIM-swap](https://us.norton.com/blog/mobile/sim-swap-fraud) than a normal SIM phone number assigned by your carrier.
+
 Using VoIP is a great way to compartmentalize your life. For example, **using a VoIP number exclusively for dating is a great way to protect against potential stalkers.** The person won't be able to research your number and find any information about you, leaving you free to cut off the number and safely lose them before you put yourself in danger.
 
 Another handy feature of VoIP is professional protection. **As a freelancer, I can give out my work phone number to anyone they want and not have to worry about a client discovering any personal aspects of my life** that I may not want them to know. Consider this: in some states, public records are so open that many people search websites are able to connect your phone number to your voter records and publish your registered party online. I would hate for a client to not hire me based on my registered political party without knowing me.
@@ -51,4 +53,4 @@ Many of my readers often write me to suggest [JMP.Chat](https://jmp.chat/). JMP.
 
 Almost across the board, I recommend [MySudo](https://mysudo.com/). It is available for both iOS and Android, and they have plans that will give you the ability to communicate with non-MySudo users beginning at $1 USD per month, or $10 per year. I would recommend SudoPro or SudoMax ($5/$50 and $15/$150 respectively) for most people depending on your needs. If you're on a tight budget, I recommend [Google Voice](https://www.google.com/voice).This will allow you to create VoIP numbers that forward to your real number. If you live outside the US, UK, or Canada, then Viber is the clear choice.
 
-**VoIP is not meant to replace [secure messaging](/guides/less-important/messaging).** Just as with a regular SIM, you should assume that anything you submit - be it text, voice, or video - is recorded and plainly visible to any companies and or governments. VoIP solutions are recommended purely as a way to keep your data out of the hands of people search websites and protect you against relatively unsophisticated threats like stalkers and doxxers.
+**VoIP is not meant to replace [secure messaging](/guides/less-important/messaging).** Just as with a regular SMS/MMS/RCS, you should assume that anything you submit - be it text, voice, or video - is recorded and plainly visible to any companies and or governments. VoIP solutions are recommended purely as a way to keep your data out of the hands of people search websites and protect you against relatively unsophisticated threats like stalkers and doxxers.

src/pages/en/guides/moderately-important/people-search.mdx

@@ -36,7 +36,7 @@ For those who wish to do so manually, Michael Bazzell offers a [free workbook](h
 
 For those with some time to spare but not a lot, I recommend a mix of both approaches. An automated service can be a great way to get the bulk of the removal done, all the "low-hanging fruit." Then you can come back a few months later after all that easy stuff has been removed and check for any remnants.
 
-In my experience, the best way to manually check for data (other than the sites listed by your service of choice and Michael Bazzell's/Yael Grauer's resources) is to use Google (or another effective search engine) to search for your name, email address, or phyiscal address in quotes. The more data you remove, the more the old, forgotten stuff will rise to the surface. Therefore I encourage you to go back a few times a year and check for anything the automated services have missed. This may include forgotten social media posts, accounts, or new, smaller public data sites.
+In my experience, the best way to manually check for data (other than the sites listed by your service of choice and Michael Bazzell's/Yael Grauer's resources) is to use Google (or another effective search engine) to search for your name, phone number, email address, and/or phyiscal address in quotes. The more data you remove, the more the old, forgotten stuff will rise to the surface. Therefore I encourage you to go back a few times a year and check for anything the automated services have missed. This may include forgotten social media posts, accounts, or new, smaller public data sites.
 
 One service not covered by traditional opt-out services is facial recognition. The best publicly-available service I have found for facial recognition services is [PimeEyes](https://pimeyes.com/). All other alleged public facial recognition search engines are basically just glorified reverse-image search and I haven't found them to be effective. PimEyes offers a subscription service that lets you know when new photos of you surface, the idea being to know when photos you don't want are made available and thus to have them removed. However, in my case, I found several websites who were not responsive to takedown requests, so for some people it may be better to opt out of their service entirely. You can do that [here](https://pimeyes.com/en/opt-out-request-form).
 

src/pages/en/guides/most-important/mfa.mdx

@@ -23,7 +23,7 @@ According to [Microsoft](https://www.microsoft.com/security/blog/2019/08/20/one-
 
 ## What Should I Look For in a Multifactor Authentication Solution?
 
-When picking an MFA solution, **be sure to pick something you will use consistently.** For example, if you need the ability to log into your account from any computer at any given time, a hardware key may not be convenient for you. You should also avoid SMS 2FA whenever possible because it is relatively easy for an attacker to steal your phone number and recieve the incoming 2FA text. Use SMS if nothing else is available, but use something better if you have the option. Lately push notifications have also become a risk in attack known as "[MFA fatigue](https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications)" in which the attacker will spam the user with requests until the user either accepts the login to make the requests stop, or accidentally accepts one. The order of recommended 2FA methods from strongest to weakest are hardware keys, TOTP, push notifications, email (especially if secured with TOTP or better), and finally SMS. TOTP will be the sweet spot for most people.
+When picking an MFA solution, **be sure to pick something you will use consistently.** For example, if you need the ability to log into your account from any computer at any given time, a hardware key may not be convenient for you. You should also avoid SMS 2FA whenever possible because it is [relatively easy](https://us.norton.com/blog/mobile/sim-swap-fraud) for an attacker to steal your phone number and recieve the incoming 2FA text. Use SMS if nothing else is available, but use something better if you have the option. Lately push notifications have also become a risk in attack known as "[MFA fatigue](https://portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overload-of-push-notifications)" in which the attacker will spam the user with requests until the user either accepts the login to make the requests stop, or accidentally accepts one. The order of recommended 2FA methods from strongest to weakest are hardware keys, TOTP, push notifications, email (especially if secured with TOTP or better), and finally SMS. TOTP will be the sweet spot for most people.
 
 _Listed in alphabetical order, not order of recommendation_
 

src/pages/en/guides/prologue/encryption.mdx

@@ -34,7 +34,7 @@ Encryption can and should be used in any situation where it is possible and avai
 
 ## Don't Lose Your Password!
 
-Perhaps the biggest drawback of end-to-end encryption is that - if done correctly - the provider has no access to your encryption keys. Put simply, the provider cannot reset your email without permanently encrypting all of your data. I have personally had (or secondhand seen others have) this experience with services like [ProtonMail](/guides/moderately-important/email/), [Bitwarden](/guides/most-important/passwords/), and [cloud storage](/guides/moderately-important/backups/). In some cases, there are workarounds or recommended recovery solutions, however these are often user-unfriendly or come with [caveats](https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/) the user should be aware of. The simplest solution is to never lose your password. For more information on how to safely store passwords, see [this page](/guides/most-important/passwords/). I also recommend taking advantage of most or all recovery methods (as long as you have researched the risks and they fit your [threat model](/guides/prologue/threat-model/). These often include things like a backup code, recovery contacts (such as a secondary email address or other users who can verify you), a file you can download, or something similar.
+Perhaps the biggest drawback of end-to-end encryption is that - if done correctly - the provider has no access to your encryption keys. Put simply, the provider cannot reset your email without permanently encrypting all of your data. I have personally had (or secondhand seen others have) this experience with services like [ProtonMail](/guides/moderately-important/email/), [Bitwarden](/guides/most-important/passwords/), and [cloud storage](/guides/moderately-important/backups/). In some cases, there are workarounds or recommended recovery solutions, however these are often user-unfriendly or come with [caveats](https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/) the user should be aware of. The simplest solution is to never lose your password. For more information on how to safely store passwords, see [this page](/guides/most-important/passwords/). I also recommend taking advantage of most or all recovery methods (as long as you have researched the risks and they fit your [threat model](/guides/prologue/threat-model/)). These often include things like a backup code, recovery contacts (such as a secondary email address or other users who can verify you), a file you can download, or something similar.
 
 </Highlighting>