Could NemID exist in other countries? And should it?

Front of a NemID card

Last Monday, I met with some friends at the Cock in Hackney. One of them had just returned from Copenhagen and mentioned having to sort out something related to his NemID. I’d never heard of it before.

Apparently NemID is a common login tool that Danish residents use to access online banking and services offered by public institutions. It’s a little credit card-sized booklet of 148 key pairs that you use alongside a user ID and a password. It’s like an analogue version of two-factor authentication. Each time you log in to something with NemID, the key pair you use is invalidated and is never used again. When you’ve used up all of your key pairs, you’re sent a new NemID booklet.

It seems like a great system. Unlike biometric data, it would be easy to replace if it were compromised. Unlike most other two-factor authentication methods, it doesn’t require an additional (usually smart) device of some sort.

There are downsides though. NemID is administered by a single organisation, Nets DanID A/S, and all of the data seems to be held in one place. This was a problem in 2013 when a DDoS attack knocked it offline temporarily. The oversight also seems pretty iffy, see this January 2016 blog article: “NemID is not cryptologically secure – and the authorities do not care”.

It’s also hard to say how this could be rolled out in countries with larger populations… Denmark’s population is around 5.7 million. That’s a bit more manageable than the UK (~ 66 million), Brazil (~ 209 million), or India (~ 1.3 billion).

Apparently NemID is going to be replaced by MitID in the next few years, so it will be interesting to see if the Danish government forces any changes to make the system less centralised.

And it makes me wonder (again) if something like Dark Crystal could ever work on a national scale.

Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Read more

I’m on the bandwagon

Just published a privacy policy. The styles don’t really support multi-level headings right now, that will have to come later.

It’s probably overkill to have such a long privacy policy for a personal website, but it felt like a useful exercise. I like the fact that an essential part of GDPR is that these policies have to be readable and easy to understand. That makes them both a policy and an educational opportunity. A lot of people don’t really know why they need to be careful with their data or how to do that and honestly, that’s fair enough. Data privacy has been under-appreciated for a long time. If we talk about it enough though, and be patient with one another, that can improve.

There are downsides to the GDPR hullabaloo though… so many people are applying quick, artificial fixes. Pop-ups, spammy-looking emails saying “please re-register!” that themselves feel like spam… It all feels a little web 1.0 at the moment. There’s a real fine line between being considerate and useful vs being shouty and in the way of day-to-day life on the web. There’s no quick fix really, it takes time and care to look long and hard at this stuff.

On applying the three Rs to digital stuff

Reduce, reuse, recycle ♻️ Can this apply to digital material? What would that mean or look like?

When I say “digital material” I don’t mean visual waste like excessive banner ads and endless newsletter popups, but actual bytes of data. Is there an alternative to emptying the trash and/or permanent storage? Device storage – the management of it, its functionality – is effectively invisible until you have a sudden problem with it. The dreaded “low disk space” warning.

This feels somewhat analogous to our IRL trash problem, but an obvious difference is that emptying IRL trash ≠ emptying digital trash. When you empty the trash at home, it becomes someone else’s problem. When you empty your digital trash, it disappears (mostly). Also, it’s worth acknowledging: right now our physical trash problem > our digital trash problem.

If we focus on the digital side of things for the moment though, the biggest issue is that people don’t empty their trash. It’s a lot easier to dump a bunch of old files on to a hard drive and call it a day than to actually go through and get rid of unnecessary stuff. This is hoarding.

Consider this condensed intro to the compulsive hoarding entry on Wikipedia as of today:

Compulsive hoarding […] is a pattern of behavior that is characterized by excessive acquisition and an inability or unwillingness to discard large quantities of objects that […] cause significant distress or impairment. Compulsive hoarding behavior has been associated with health risks, impaired functioning, economic burden, and adverse effects on friends and family members. […] Compulsive hoarders may be aware of their irrational behavior, but the emotional attachment to the hoarded objects far exceeds the motive to discard the items.

I would guess that most of us (without a doubt including myself) are digital hoarders. For me, at least, it’s driven by mild fear, a “but I might need that” mentality. It’s the same reason I frequently leave multiple browser windows with multiple tabs open. So many major services – Gmail, iCloud, AWS, Dropbox – are built to encourage this behaviour. Some services even actively discourage deletion, or make it impossible. I’m looking at you, Facebook.

But stuff, both physical and digital, has to be cared for. I pay more and more for services that store my data, I worry about hard drives failing, I get secondhand anxiety when I borrow a loved-one’s phone for a moment and notice that they have 160,000+ unread emails. On top of this, the amount of electrical energy used for data storage is significant and is only expected to increase.

So if you apply the three Rs to our digital lives, “Reduce” is still right up there on the priority list. “Reuse” and “recycle” are a little harder to port over… Perhaps we could say that by contributing to open source technology and data, you are reusing and recycling digital material. I need to do more of this.

And to think, I haven’t even touched on the importance of recycling electronic devices! A separate note, maybe.

cURL + Airtable + ./jq = squeaky clean JSON

We’re working on a new site for SB-PH at the moment, and we’re using Airtable to get our project documentation together. It’s also a good opportunity to test the platform a little (+ I’m a fan of tables). To grab tidy JSON for use with data-friendly design software like Sketch, we’re using the Airtable API with cURL and ./jq.

Simple example that dumps table records in to a JSON file for use with the the Sketch Data Populator plugin:

$ curl https://api.airtable.com/v0/YOUR_BASE_KEY/YOUR_TABLE_NAME -H "Authorization: Bearer YOUR_API_KEY" | jq '.records' > records.json

Research involving NAS, backups, storage, etc.

Aside: Thumbs up to Katie Floyd’s Policies info. Super clear.

Edit: See well-timed Guardian article “Ask Jack: Should I buy a NAS drive to back up my laptop?”

Edit 15 March 2019: Katie Floyd seems to have taken her site offline, and her post about NAS usage isn’t archived in the Wayback Machine. 🙁

Surfing with coffee

Surfing w/ coffee. Order of exploration:

A
Google image search “knyttan blanket scarves” Today and Tomorrow post about a scarf (↓B) Nicolas Sassoon (↓C) Computers Club Alexandria McCrosky Alexandria McCrosky in i want you magazine (↓D) Google image search Alexandria McCrosky

B
Emoji Portraits by Yung Jake on Today and Tomorrow

C
artnet interview w/ Sassoon Opening Times – Digital Art Comissions (↓E) How Do We Write When We Write Online by Orit Gat Gat’s review of The People’s Platform, “Was the internet intended for you?” (↓F) The People’s Platform: Taking Back Power and Culture in the Digital Age by Astra Taylor

D
Jordan Tate Trevor Paglen exhibition at Altman Siegel Trevor Paglen Jacob Appelbaum (@ioerror)

E
“You Alright” by Nicholas O’Brien “In The Hollow of the Valley” by Nicholas O’Brien NewHive

F
BOMB magazine