Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Amba Kak on data and digital rights in Asia

Aadhaar is the biometrics system being spearheaded by Indian government. Heavily used by private services as well until the supreme court ruled STRONGLY in defence of regulation. This was a somewhat surprising turn of events, and not what the government expected. Ruling was that even though nothing in Indian law gives Indian citizens the right to privacy, right to privacy is still an inalienable right and must be protected.

GDPR has been a major catalyst for change in India. Part of the GDPR requires that for foreign companies to be able to work/trade with EU-based companies, the foreign company’s country must have adequate “matching” data laws. It has effectively turned Indian companies in to data privacy advocates since they want access to the EU market, whereas they previously may have argued against stronger privacy regulations.

The Data Balancing Act, a panel discussion between Zara Rahman, Malavika Jayaram, and moderator Leo Mirani

[Not sure how I felt about the moderation. I was somewhat glad that he was playing devil’s advocate — it’s boring when a panel discussion is just everyone agreeing with one another — but do agree with what a friend said afterward, that he could have been more nuanced in his disagreement. It felt a little sledgehammer-y.]

Justifying an advancement in tech by saying it is being created for good is a dangerous, slippery slope. [It’s such a seductive argument, but it’s a non sequitur. You can’t attempt to verify the “goodness” or “badness” of something until it actually exists. To simply leap in to it with that sort of justification, without carefully considering the consequences at every step along the way, is wilfully blind.]

MJ: Why are people in 3rd world countries so frequently the Petri dish for tech and data experiments? What about areas that are more local to the companies/organisations doing these experiments? Places where the individuals have more agency due to stronger local rules and regulations, but are still desperately in need? See Detroit.

ZR: Tech is always political, never neutral.

[Just like individuals are not good, bad, or neutral. Each individual is an amalgamation of the decisions they have made previously, and they should be held responsible for these decisions.]

ZR: This is a problem of imagination. Why are we taking the data-controlled world as a foregone conclusion?

MJ: We should not be using biometrics for identity verification, full stop. If biometrics fall in to the wrong hands, that’s it. They’re irreplaceable. We’re not living in Minority Report.

MJ: Ambient collection is exceptionally problematic, it completely bypasses consent.

MJ: You only need one specific attribute for specific transactions! Amazon almost always needs only your address for a purchase, not your age/gender. A bar just needs to know you’re above drinking age, not your address or even your exact age. Why are we providing so much sensitive information all the time? We should be working on ways to present individual credentials, not a collection of credentials. Or consider multiple/fluid identities! Consider the analogy of an identity as a Rubik’s cube, a set of many smaller credentials that can be shifted to provide identity verification as needed yet never reveal the entirety. [Would like to figure out who suggested the Rubik’s cube analogy, didn’t catch the name.]

[What about socially-verifiable identity? Like Dark Crystal?]

ZR: Just don’t do it you can’t assess the risk! See example of Oxfam deciding not to use biometrics in humanitarian aid since the risks outweigh the benefits.

Slow and thoughtful wins the race. “Move fast and break things” is a broken and exceptionally dangerous basis for progress when it comes to personal data.

Renee DiResta on flaws in the data-driven digital economy

[Found this talk particularly fascinating, couldn’t take notes fast enough.]

Talk focuses on “the internet’s original sin”, leading to the evolution of our current information ecosystem.

Note the difference between misinformation vs disinformation. Disinformation is deliberately disseminated false information. Misinformation is all false information, including both disinformation and mistakenly spread false information.

Political conversations are being had on platforms that are based on viral advertising as the main monetisation tactic. Virality is critical to the major apps (Facebook, Twitter, etc.) because they are all competing for time, even when not competing on other levels. Also critical because these platforms are dealing with information glut which has led to proliferation of algorithms, “virality engines”. These algorithms are contributing to the erosion of our epistemological framework, what is truth.

Propaganda is just marketing for an idea.

*We* have built this broken information ecosystem.

See the Internet Health Report.

The spread of disinformation could be considered information laundering. We need something akin to what exists in finance to prevent money laundering, a user verification process.

[I’d love to just get rid of some of these services/platforms. I can do that as an individual, but what do you do when you HAVE to use these tools as an organisation? See Facebook ads for NGOs, independent publishers, etc.]

Need advertising policy on the corporate level, similar to environmental policy. See example of Unilever who decided not to advertise at night when people might be too vulnerable. [Can’t seem to find this example, though I have seen a bunch of reports about Unilever heavily reconsidering the pros/cons of advertising on social media platforms. See short It’s Nice That article.]

Interesting question arose during Q/A at end. Q: “When you were researching Isis’s use of social media in recruitment and propaganda, what surprised you the most?” A: “That their content was *good*.” It’s funny, charismatic, exactly what it needs to be as a marketing tactic. Makes it exceptionally hard to fight. If we make fun of it, pretend it’s not as effective as it is, we’re dismissing the seriousness of what we’re up against. These are compelling media mirages. Highly targeted, cross-linked and cross-promoted content that is hard to see if you have not been exposed to it directly but is very seductive once you have.

Tim Berners-Lee on his latest work, Solid

There are a lot of problems with the internet as it has evolved, Solid focuses on privacy as the crux of all these issues. Inrupt is the company supporting Solid.

Solid PODS are personal clouds for absolutely all of your data. Apps and data are completely separate, and you can have more than one identity.

[Collecting so much information in one place makes a pretty big target. Apps need to behave. How can that be enforced? And how can we ensure that Solid PODS are actually secure themselves? Perhaps the portability of data helps? Seems pretty risky/sketchy, but I don’t know enough to make any real assessment. Need to do some experimentation with the platform.]

Solid documentation is poor currently! Look at blogs for guidance, and if you have success in your experiments, contribute to docs. See also Gitter channel.

As with similar concepts/platforms, pirated or illegal data is problematic. The EU Copyright Directive may be particularly problematic. [Looks like the Copyright Directive might not be a problem for something like Dat or SSB since these aren’t large centralised platforms… Not sure, would be interested to talk to someone with more expertise in that.]

Another potential problem is the possibility of radicalisation amongst Solid communities. This is already a problem in existing platforms like WhatsApp. [Also something I’ve considered frequently about P2P stuff, particularly SSB. Decentralisation doesn’t mean that radicalising forces go away, it means that the regulation responsibility passes to those individuals most involved in the community. It also may simply not be possible to fully eradicate. It is a problem.]

A question arose about why the Solid repo is on GitHub, in relation to questionable ethics surrounding that platform. [I don’t know much about the ethical problems with GitHub, need to look in to it!] Is there a distributed/decentralised Git solution to be created?

Related to Solid, see also the Data Transfer Project.

[I’m interested in looking in to Solid but something about it feels… not quite right. There is something about the messiness of the web that feels integral to its success, and that messiness seems to be missing in Solid. It feels like a one-solution proposal. Could there not be a future that involves many, maybe hundreds, of different solutions? Part of the current problem, IMO, is that HTTP/S has a monopoly on data transfer. To hand that monopoly over to Solid doesn’t necessarily seem like the right answer. Why not focus more on breaking up the monopoly?]

Build your own private smart home, a Project Things workshop with Ben Francis and Kathy Giori

Project Things is SO COOL!! This was the last event/talk we went to that day, it was such an uplifting event to wrap things up with. An initiative that contributes towards greater personal agency, data self-sovereignty. See How to build your own private smart home with a Raspberry Pi and Mozilla’s Things Gateway. They’re working on Alexa and Google Home compatibility as well for v0.7.0, but it’s a difficult task. Alexa + Google Home have built in compatibility for other platforms, but only those tied to cloud services. They’ve potentially got to set up a cloud service just to proxy users’ server setups. Complicated!

Really look forward to experimenting with this. SB and I got a bunch of Ikea bulbs/switches recently and have been trying to figure out how we want to control them outside of the Trädfri app, so this is perfect timing.


Privacy not included is such a fantastic idea, a gift guide for Internet of Things-related devices that you might consider (or reconsider!) getting for a loved one.

SB and I spent a little time wandering aimlessly around Ravensbourne, got chatting about the building. So much cool stuff going on around us, but the space itself felt pretty disconcerting. It was kind of a weird backdrop to all of the interesting events, all of the engaging flyers up on the walls. Made us nostalgic for the Foulis at GSA, somehow the Foulis was such a good backdrop for everything that went on in there. See also Byam Shaw up in Archway, at least up until the major 2011 shakeup at CSM. How do you cultivate the online equivalent of the Foulis/Byam Shaw? Something that works as a solid canvas for experimentation as opposed to just “wearing” the experiments?

My main takeaway from Mozfest was optimism, which was not the outcome I expected. Even though it was an intense deep-dive in to data-related issues, many of them exceptionally serious, I came away feeling positive about the ideas and solutions that are proliferating and being freely shared. It feels like there is something in the air.

Evening social events were super fun, I feel thankful to have met so many interesting and easy-to-hang-out-with, likeminded people. I also have a new appreciation for pop song lyrics! Need to look in to this weird niche of mid-life crisis-related songs. Playlist includes You Can Call Me Al, Once In A Lifetime, Mushaboom.

Winged karaoke creature against a blue background