Published

Some long-winded thoughts on privacy policies and consent popups

This Q&A is compiled from conversations I have had with many, many clients and collaborators who have had a hard time navigating things like the GDPR, privacy policies, cookie notices, consent messaging, and other related topics.

Here are all the questions covered below:

Read more

Published

On personal sites, and adios analytics

I’ve been getting approached more and more by people that want to put a link to their company’s content on specific pages of my site. I’d be up for it if the linked content was super relevant and unique, the sort of thing I’d bookmark, but it never is. The link usually leads to a generic article filled with ads, pop-up newsletter requests, trackers, etc on some faceless blog. Often the actual link they send me has a URL parameter to track whether or not I’ve clicked it (where is the self-awareness?!). I get that their employer is probably making them do it, but it feels pretty icky.

Alongside that uptick in ick, I’ve felt my relationship with my site shifting over the past few months. I loved cultivating my own little slice of the internet for so long, and some of that joy is slipping away. Some of this is probably related to the pandemic, some of it is busyness and stress, and some of it is for sure related to our SF move.

I came across this tweet from @lil_morgy, she’s definitely identified part of the problem. I’ve spent more time on Twitter in the past few months due to both moving and the pandemic. While it has introduced me to some great people, it has also started warping my idea of what success can look like. Does it mean having at least 2k followers and firing off hot takes? Sure as hell feels like it when I open up Twitter. I don’t have hot takes, my brain isn’t wired that way and they leave me with a bad taste. I like the ones that simmer, a messy family-sized stew as opposed to a perfectly formed amuse-bouche of a thought. Where does that leave me?

On a separate topic, a few days ago I came across Jim Nielsen’s post Comparing Data in Netlify and Google Analytics. (To be honest, I came across it via @davatron5000, probably wouldn’t have seen it otherwise. So there are good sides to it…) It reminded me of the often-futile role of analytics on so many sites. So many of my clients have added analytics because they thought they had to have it, or they’ve been forced to have it by some public funding body. But more often than not they have no time or inclination to make use of the data they collect and even if they did, how accurate is it actually in the end? The analytics platforms usually get so much more out of that data than they do.

Anyways, this is a roundabout way of saying that I just pulled the plug on my self-hosted Matomo analytics instance. Feels good. Consider it a first step towards repairing my relationship with this site that I have cared for over many years.

Note: I still feel like Matomo is one of the better options out there if you must have client-side analytics (more on this), but it was just pointless for me. I rarely looked at it, and I think even the presence of it was pulling this site father away from what it is at its core.

At its core, this is a personal site. A personal site, to me, is a website whose primary editor and intended audience is one and the same, a single, solitary, individual. My personal site is a repository for my memories, experiences, feelings, recipes, tips, photos, and more. A lot of it stays private. The things that might be interesting or useful to others are made public. Regardless, it is an ever-growing extension of myself that I have total control over, my mirror and memory aid. I want to be able to look back at this when I’m eighty and thank my past self for surfacing things that I otherwise would have forgotten, the good and the bad.

But a personal site can be anything, and that’s the beauty of it. This is my site, long may it change.


An additional thought.

What is yours?

I love coming across personal sites, and I love helping people set them up. If you give it a stab and run in to trouble, or just have no idea where to start, reach out to me and I’ll try to give you some pointers or at least bore you to death with some worthwhile questions.

Published

Anddddd here we go

Let’s see… since we arrived in the US late on Monday, I’ve signed up for Instacart, GrubHub, Postmates, 1stdibs, and Nextdoor with my “spam” email account. This is an account I only use for things that I suspect might get sketchy with my data. I am filled with regret.

I’m suddenly getting a lot more spam. Even though I’m now living in California under the CCPA, at least one of these platforms—let’s be real, probably a few of them—seems to be disclosing my email address to other unrelated service providers.

Shame on me for signing up, I guess? I haven’t identified the culprit, but I’m going to give it a go. Will also delete a few of these accounts.

I’ve just had a look at deleting my Nextdoor account and of course you have to contact them to do it. Unfortunately 1stdibs, Postmates, and GrubHub are all the same, you have to contact support to close your account. WHY? It absolutely doesn’t have to be like this! Scummy.

This is one of the bits about living in the US that I’ve been most dreading. Whelp, here we go.


Edit at 6:09pm:

I’ve sent CCPA requests to nearly all of them to find out more about the disclosure of my information. I can’t send one to Postmates since I only got through the very first step of signup, just gave them my email address and then never added my phone number since I don’t have a US mobile number yet. According to their privacy policy as of today:

We do not currently have a reasonable method of verifying the identity of non-registered users to a reasonable degree of certainty, as we do not maintain enough personal information to enable us to verify non-registered users with sufficient certainty. Thus, we cannot honor the access or deletion requests of non-registered users at this time.

Bull. Shit. In my humble opinion. Something as simple as a “forgot password”–style link would surely do. If it’s good enough for verifying identity for a password reset, it’s good enough for this purpose.

IDK why this makes my blood boil, but it does.

Published

Could NemID exist in other countries? And should it?

Front of a NemID card

Last Monday, I met with some friends at the Cock in Hackney. One of them had just returned from Copenhagen and mentioned having to sort out something related to his NemID. I’d never heard of it before.

Apparently NemID is a common login tool that Danish residents use to access online banking and services offered by public institutions. It’s a little credit card-sized booklet of 148 key pairs that you use alongside a user ID and a password. It’s like an analogue version of two-factor authentication. Each time you log in to something with NemID, the key pair you use is invalidated and is never used again. When you’ve used up all of your key pairs, you’re sent a new NemID booklet.

It seems like a great system. Unlike biometric data, it would be easy to replace if it were compromised. Unlike most other two-factor authentication methods, it doesn’t require an additional (usually smart) device of some sort.

There are downsides though. NemID is administered by a single organisation, Nets DanID A/S, and all of the data seems to be held in one place. This was a problem in 2013 when a DDoS attack knocked it offline temporarily. The oversight also seems pretty iffy, see this January 2016 blog article: “NemID is not cryptologically secure – and the authorities do not care”.

It’s also hard to say how this could be rolled out in countries with larger populations… Denmark’s population is around 5.7 million. That’s a bit more manageable than the UK (~ 66 million), Brazil (~ 209 million), or India (~ 1.3 billion).

Apparently NemID is going to be replaced by MitID in the next few years, so it will be interesting to see if the Danish government forces any changes to make the system less centralised.

And it makes me wonder (again) if something like Dark Crystal could ever work on a national scale.

Published

Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Read more

Published

I’m on the bandwagon

Just published a privacy policy. The styles don’t really support multi-level headings right now, that will have to come later.

It’s probably overkill to have such a long privacy policy for a personal website, but it felt like a useful exercise. I like the fact that an essential part of GDPR is that these policies have to be readable and easy to understand. That makes them both a policy and an educational opportunity. A lot of people don’t really know why they need to be careful with their data or how to do that and honestly, that’s fair enough. Data privacy has been under-appreciated for a long time. If we talk about it enough though, and be patient with one another, that can improve.

There are downsides to the GDPR hullabaloo though… so many people are applying quick, artificial fixes. Pop-ups, spammy-looking emails saying “please re-register!” that themselves feel like spam… It all feels a little web 1.0 at the moment. There’s a real fine line between being considerate and useful vs being shouty and in the way of day-to-day life on the web. There’s no quick fix really, it takes time and care to look long and hard at this stuff.

Published

On applying the three Rs to digital stuff

Reduce, reuse, recycle ♻️ Can this apply to digital material? What would that mean or look like?

When I say “digital material” I don’t mean visual waste like excessive banner ads and endless newsletter popups, but actual bytes of data. Is there an alternative to emptying the trash and/or permanent storage? Device storage – the management of it, its functionality – is effectively invisible until you have a sudden problem with it. The dreaded “low disk space” warning.

This feels somewhat analogous to our IRL trash problem, but an obvious difference is that emptying IRL trash ≠ emptying digital trash. When you empty the trash at home, it becomes someone else’s problem. When you empty your digital trash, it disappears (mostly). Also, it’s worth acknowledging: right now our physical trash problem > our digital trash problem.

If we focus on the digital side of things for the moment though, the biggest issue is that people don’t empty their trash. It’s a lot easier to dump a bunch of old files on to a hard drive and call it a day than to actually go through and get rid of unnecessary stuff. This is hoarding.

Consider this condensed intro to the compulsive hoarding entry on Wikipedia as of today:

Compulsive hoarding […] is a pattern of behavior that is characterized by excessive acquisition and an inability or unwillingness to discard large quantities of objects that […] cause significant distress or impairment. Compulsive hoarding behavior has been associated with health risks, impaired functioning, economic burden, and adverse effects on friends and family members. […] Compulsive hoarders may be aware of their irrational behavior, but the emotional attachment to the hoarded objects far exceeds the motive to discard the items.

I would guess that most of us (without a doubt including myself) are digital hoarders. For me, at least, it’s driven by mild fear, a “but I might need that” mentality. It’s the same reason I frequently leave multiple browser windows with multiple tabs open. So many major services – Gmail, iCloud, AWS, Dropbox – are built to encourage this behaviour. Some services even actively discourage deletion, or make it impossible. I’m looking at you, Facebook.

But stuff, both physical and digital, has to be cared for. I pay more and more for services that store my data, I worry about hard drives failing, I get secondhand anxiety when I borrow a loved-one’s phone for a moment and notice that they have 160,000+ unread emails. On top of this, the amount of electrical energy used for data storage is significant and is only expected to increase.

So if you apply the three Rs to our digital lives, “Reduce” is still right up there on the priority list. “Reuse” and “recycle” are a little harder to port over… Perhaps we could say that by contributing to open source technology and data, you are reusing and recycling digital material. I need to do more of this.

And to think, I haven’t even touched on the importance of recycling electronic devices! A separate note, maybe.

Published

cURL + Airtable + ./jq = squeaky clean JSON

We’re working on a new site for SB-PH at the moment, and we’re using Airtable to get our project documentation together. It’s also a good opportunity to test the platform a little (+ I’m a fan of tables). To grab tidy JSON for use with data-friendly design software like Sketch, we’re using the Airtable API with cURL and ./jq.

Simple example that dumps table records in to a JSON file for use with the the Sketch Data Populator plugin:

$ curl https://api.airtable.com/v0/YOUR_BASE_KEY/YOUR_TABLE_NAME -H "Authorization: Bearer YOUR_API_KEY" | jq '.records' > records.json

Published

Research involving NAS, backups, storage, etc.

Aside: Thumbs up to Katie Floyd’s Policies info. Super clear.

Edit: See well-timed Guardian article “Ask Jack: Should I buy a NAS drive to back up my laptop?”

Edit 15 March 2019: Katie Floyd seems to have taken her site offline, and her post about NAS usage isn’t archived in the Wayback Machine. 🙁

Published

Surfing with coffee

Surfing w/ coffee. Order of exploration:

A
Google image search “knyttan blanket scarves”Today and Tomorrow post about a scarf (↓B) → Nicolas Sassoon (↓C) → Computers ClubAlexandria McCroskyAlexandria McCrosky in i want you magazine (↓D) → Google image search Alexandria McCrosky

B
Emoji Portraits by Yung Jake on Today and Tomorrow

C
artnet interview w/ SassoonOpening Times – Digital Art Comissions (↓E) → How Do We Write When We Write Online by Orit GatGat’s review of The People’s Platform, “Was the internet intended for you?” (↓F) → The People’s Platform: Taking Back Power and Culture in the Digital Age by Astra Taylor

D
Jordan TateTrevor Paglen exhibition at Altman SiegelTrevor PaglenJacob Appelbaum (@ioerror)

E
“You Alright” by Nicholas O’Brien“In The Hollow of the Valley” by Nicholas O’BrienNewHive

F
BOMB magazine