Good security is mostly about reducing your attack surface and making the cost of compromising you higher than the value of what an attacker would get. For individuals, that means: use a password manager, enable multi-factor authentication everywhere, keep software updated, and be skeptical of unexpected messages (especially ones that create urgency).

The landscape changes constantly, particularly with [[AI]]-powered threats that can generate convincing phishing at scale and clone voices from a few seconds of audio. Staying informed matters as much as staying locked down.

RSS never died, it just stopped being the default. Most blogs, podcasts, and news sites still publish feeds. The infrastructure is there; the missing piece is usually awareness that it exists and a reader app to consume it. Tools like Current, Reeder, Readwise, NetNewsWire, and Feedbin make the experience feel modern again.

The real value of RSS is ownership of attention. You decide what enters your information stream, and you can leave at any time without losing your subscriptions (export your OPML and go). No account needed, no tracking, no ads injected into your timeline.

Privacy isn’t about having something to hide. It’s about maintaining agency over your own information in a world where the default is to collect everything, store it forever, and monetize it later. Every data point you hand over is a bet that the company holding it will never be breached, acquired, or compelled to share.

The practical toolkit: [[Email Masking|email masking services]], [[Encryption]], strong [[Password Management]], and a healthy skepticism about “free” services that fund themselves through surveillance.

I support either Bitwarden or 1Password as great options for most people. Apple Passwords is okay, but vendor and ecosystem locked, and doesn’t have all the standard features; but it is better than nothing.

I would avoid using Google Chrome’s password manager (or any browsers).

I do not recommend LastPass at all.

End-to-end encryption means only the sender and recipient can read the message; not the service provider, not the government, not an attacker who compromises the server.

It also provides a more centralized definition of a topic across the site. Rather than redefining constantly or having old definitions linger, it allows me to have steady control over how I articulate different subjects.

For example, using AI to write you TPS Report, probably fine; no one reads those anyway. On the flip-side, using it to write personal or engaging blog posts? Probably can be a bit soulless if you aren’t also heavily controlling the output.

I’ve often heard “If you can’t be bothered to write it, then I can’t be bothered to read it.”

Or, another example, “I used AI to take these 5 bullet points to make a five page report, that the recipient then used AI to turn back into 5 bullet points.”

The current wave of AI (roughly 2022–present) is dominated by transformer-based large language models that can generate text, code, and images. The capabilities continue to grow at a rapid pace. So are the risks: hallucination, deepfake-enabled scams, labor displacement, and the erosion of the ability to distinguish human from machine.

Some interesting cases with AI, to me, involve [[Security]], [[Privacy]], and skill augmentation. How these tools change the threat landscape (AI-powered phishing, voice cloning, automated vulnerability discovery) and how we can use AI to defend against AI. The reshaping of what “trust” means when you can no longer assume a message, image, or voice is from a real person.