I often don’t end up listening to podcasts that are recommended to me. It’s a real shame. I think it’s sometimes hard to know where to start, to find a way in. The next time I get a recommendation, I’ll ask if there’s a specific episode I should try.

Along those lines, here’s a list of a few particular episodes I like. These are in date order, most recent first. Might add more at some point.


Risky Business #535, 20.03.19 — Stop giving Cloudflare money

I’m very interested in information security but definitely an amateur, so most Risky Business episodes go a bit (or entirely) over my head. This episode with host Patrick Gray (AU) and guest Alex Stamos (US) is accessible for less infosec-aware people though. It’s heavy, but very worthy of a listen for anyone influenced by the internet (i.e. everyone).

The major topic is the Christchurch, NZ shootings on the Al Noor Mosque and Linwood Islamic Centre where 50 people were killed and 50 more injured by a white supremacist. They focus on the web’s role in the rise of white supremacist communities and propaganda, and what could be done about it. Cloudflare is highlighted as a particularly irresponsible and unsupportable service provider due to the company’s response following the attack. They have refused to pull their services from 8chan, a website that facilitates the spread of white supremacist ideology and the site where the attacker announced his intentions.

Stamos tries to present the difficulties that companies and law enforcement face. Gray understandably gets pretty heated during the discussion, I think initially interpreting Stamos’s comments as an excuse for the inaction of companies like Cloudflare (though I don’t think they were). Ultimately though they seemed to be in agreement. Towards the end of their discussion, around 40:51, Stamos summarises: “We’re going to have to start to treat white nationalists like the Islamic State was treated. To the point that if you’re on 8chan and you’re talking about an attack, you’re actually feeling that there’s some kind of risk, that somebody’s gonna bust your door down. That’s where we got to with the Islamic State. […] We’ve got to get to that same place, but [Cloudflare and other organisations] can make that hard for non-US law enforcement.” He is saying that white nationalist groups need to be classified as potential terrorist organisations so that there is a legal framework forcing companies to adopt stronger policies instead of just hoping they’ll do the right thing. It’s a very good point.

– – –

BBC Earth Podcast 27.12.18 — Hide and Seek

I’ve never finished an episode of BBC Earth… but that’s why I like it. It’s the perfect podcast to fall asleep to if you’re having trouble drifting off. Interesting – but not *too* riveting – facts and stories about nature told by presenter/producer Emily Knight and guests. And great jungle sounds. I’ve put this particular episode on here because I really liked the wildlife calls while they were explaining how to track tigers. Can’t really say much about what happened after that though, I was asleep.

– – –

Darknet Diaries #27, 01.12.18 — Chartbreakers

The tagline for Darknet Diaries is “True stories from the dark side of the Internet”. This episode is a little different, investigating something ongoing rather than covering something that has already occurred. Host Jack Rhysider tries to figure out why shady podcasts with zero reviews or subscribers regularly climb the Top Charts on Apple Podcasts. In doing so, he finds out that it involves dubious promotional activity, and it isn’t just the little guys doing it. He also finds out this isn’t a web-only problem, that a similar thing has happened multiple times with the New York Times Bestsellers list and could still be happening. It’s yet another wakeup call that we should be suspicious of algorithms, particularly those that are meant to be infallibly meritocratic. Rhysider ends the episode by saying that he hopes his listeners recommend the podcast to their friends since he puts no faith in likes or reviews. It made me think about how much I like receiving recommendations from people I care about, and kind of became the catalyst for this list.

– – –

Roderick on the Line #300, 13.08.18 — The Airplane Doesn’t Care

One of Merlin Mann and John Roderick’s weekly Skype calls. Their conversations go all over the place, this one is no different. They always touch a bit on philosophy and mental health, but it’s more prominent in this episode due to a then-recent event. On Saturday 11.08.18, 29-year-old Richard Russell stole an empty turboprop from SeaTac airport, performed difficult stunts with basically no training, and then committed suicide by deliberately crashing in to a small island in Puget Sound (more here). One of those things that made me laugh and cry.

– – –

Syntax #29, 24.01.18 — Hosting & Servers

Wes Bos and Scott Tolinski dive in to hosting. It’s a great primer on a lot of the options out there at the moment, even if you consider yourself relatively familiar with these things. It’s all about the way they walk through it, from Squarespace to Docker, including personal experiences, pitfalls, and use cases.

– – –

Ear Hustle #2, 28.06.17 — Misguided Loyalty

Ear Hustle, stories of life inside prison, is presented by visual artist Nigel Poor and former San Quentin inmate Earlonne Woods. I had no idea which Ear Hustle episode to choose, every one is a jewel. This early episode is about gangs; the pressure, the violence, and the repercussions.

– – –

Adam Buxton Podcast #37 and #38, 06.04.17 — Brian Eno

Adam Buxton having a chat in two parts with Brian Eno. Not much more to say.

Might be at a turning point in my career. A lot of my friends are expressing similar feelings. I think it has something to do with working for nearly 10 years.

This frame of mind has made me really interested in manifestos. Not anything strident really, more purpose-driven lists that can help guide everyday decision-making. Here are a few manifesto-y links I’ve identified with recently.

  • These things I believe from “Not the user’s fault”. I think this is Jono Xia’s blog from when he was part of the Mozilla Labs team. I’ve tried to find him elsewhere on the web but haven’t found him anywhere so far. He raises some really good points about software design and development.
  • The Recurse Center’s Social Rules. Such a good, concise set of guidelines for public discourse. “No well-actually’s, no feigned surprise, no backseat driving, no subtle -isms”.
  • Immaculate Heart College Art Department Rules. Also available as a free tear-away poster at the Corita Kent: Power Up exhibition (8 Feb – 12 May 2019) at the House of Illustration.
  • GitLab’s Remote Manifesto. SB and I try to implement a lot of this, though we’re definitely not strict enough about it! We also strive to work this way with clients and collaborators, even those that live in London. Face-to-face IRL meetings are great, but it can be tough to squeeze them in when it takes an hour to get anywhere in this city.
  • Daniel Eatock’s manifesto, particularly “propose honesty as a solution”. See also the Scratching the Surface episode with Daniel Eatock from last September. Off the back of the Corita Kent exhibition, SB and I were talking about the lack of irony and cynicism in her work, about how refreshing that feels even though a lot of it is from over 50 years ago. He mentioned this podcast episode, that Eatock touches on this topic in relation to his kids, how kids just don’t perceive irony. I need to have a listen.

I’ll try to add more here as I come across them. Who knows, maybe I’ll add my own some day.

Q&A related to privacy-first messaging apps

I rely heavily on messaging services since many of my friends and family (probably the majority) live outside of the UK, as do some critical professional contacts. I mainly use WhatsApp for encrypted messaging but have wanted to move away from it for some time due to concerns about Facebook. The recent news regarding the integration of WhatsApp, Instagram messages, and Facebook Messenger has been the catalyst for actual change within my group of peers.

The Q&A below is an amalgamation of many different conversations I am having at the moment about moving to a more privacy-first messaging app. I have focused on Signal and Telegram for the time being since they seem to be the most likely candidates.

I’ve done my best to pull together this information in a fairly short time, and some of it is new to me. If any of it seems incorrect, let me know.


I have nothing to hide, and I have no fear of my data being used against me by a private company or the government. Why should should I make data privacy a priority when I’m choosing a messaging app?

There are many ideological arguments against the “I have nothing to hide” viewpoint, most of which I agree with. That said, it can be near-impossible to agree 100% on ideology, so perhaps it is better to consider the practical.

When your messages are not encrypted, their contents are visible to anyone that has access to them. In an ideal world that would only be you, the recipient, and whatever app you use to manage your messages. Unfortunately, the reality is more complicated and there are many weak points that can be exploited. For example, if the WiFi network you’re on is insecure, your messages will be exposed to unintended prying eyes. Think of the last time you connected to WiFi in an airport, hotel, or cafe. Was it always password protected? Was it clear who supplied the network?

You may not be worried even if your messages were compromised, surely there is nothing in your messages that could be of consequence. But what about the photos of your adorable 4 year old niece from your sister? The online banking details you sent to your partner since the rent payment failed and they needed to sort it out? The message to your worried mother about your blood test results? The company Twitter password you sent to a co-worker that urgently needed access?

There are some things that are best kept private, and encryption lets you do just that.

I’m concerned about the privacy of my data, but why should I switch when WhatsApp already has end-to-end encryption? Isn’t that enough?

It is certainly a great step in the right direction, but whether it’s enough depends upon how much you trust Facebook and how you feel about Facebook’s role in the spread of misinformation.

As things currently stand, WhatsApp’s privacy policy allows limited data sharing with Facebook even though messages are encrypted end-to-end. Since the integration between WhatsApp and Facebook is only being strengthened, I feel it is reasonable to think that the data sharing will continue or possibly grow.

I don’t personally have much confidence in Facebook regarding their use of my data, no matter how minimal, so WhatsApp is not my first choice for encrypted messaging.

Oh man, another app… I really don’t want another app

I’m with you! It’s frustrating. I don’t have a good answer for this, except that personally I’m going to try to cultivate a little more patience for multiple apps. The WhatsApp / Facebook “monopoly” is kind of what led us here in the first place.

Besides that, the best advice I can give is to frequently Kondo apps and micromanage your notifications. Smartphones give you great, granular control over notifications nowadays, so take full advantage. Turn off the chimes, turn off the lock screen notifications, turn off the message previews. It makes managing multiple messaging apps (and your sanity) a lot easier.

And finally, if you feel like one particular app is a really great fit, then advocate for it! If you’re enthusiastic about it and get your friends / family on board, you may find you have fewer apps to juggle.

My phone is ancient! What privacy-focused messaging app would offer support for my device?

It depends upon the limitations of your specific device.

Signal currently supports Android and iOS. You can find more information about Signal’s operating system requirements in their documentation. Telegram currently supports Android, iOS, and Windows Phone. You can find more information about Telegram’s operating system requirements in their FAQs.

I am not sure about the memory or disk space usage for the different apps though, this is something I would have to look in to further.

I’m very up for switching to a privacy-first messaging app, but the actual switch will involve convincing my contacts to leave too. I wouldn’t mind bringing this up, but it feels like a political decision. Political discussion is not welcome in my field / organisation / family / friend group. How can I approach this?

This is a very understandable and tricky concern. How best to approach this depends completely on your specific circumstances and relationships. It is impossible to give general advice, but I’ll give it a go.

You could delay the conversation, however I would say that even if you do not have the “should we make the switch” conversation with your contacts now, it will likely come up at some point due to the current trajectory of WhatsApp. When you do broach the subject, perhaps consider focusing on the practical upsides of switching to an encrypted messaging app (see answer to first question above for more on this).

If you feel you simply can’t bring this up, then of course you could always continue to use WhatsApp for certain conversations and use a different app for others. Though every app provider would probably prefer you believe otherwise, there is no rule against using multiple apps!

On a more general note, the mis-use of personal data has led to previously unimaginable consequences and turbulence in recent years. As such, every decision related to the transmission of personal data, even something as mundane as choosing a messaging app, is unavoidably political. So though we cannot avoid the political nature of the choice, we can control how we treat that choice. We can be passive, or deliberate.

What is preventing these privacy-focused messaging apps from being acquired by some tech giant and the cycle happening all over again?

If the messaging service is already controlled by private investors, perhaps not much. Here is a very brief summary of how Telegram and Signal are structured as organisations. Note that much of the information that follows has been gleaned via Signal article and Telegram article on Wikipedia.

Telegram is owned by Telegram Messenger LLP and has been funded by Digital Fortress LLC. They have stated that they are not for profit but are not structured as a nonprofit, possibly due to the overhead involved in setting up an official nonprofit. The sustainability of their business model is unclear, however they did put together an Initial Coin Offering (ICO) to fund a new blockchain platform and cryptocurrency. Activity around this seems to have halted in early 2018.

Signal is owned by Signal Messenger LLC which is funded by the Signal Foundation, a 501(c) nonprofit organisation whose mission is to make “private communication accessible and ubiquitous”. Much of the funding ($50 million) used to create this nonprofit came from Brian Acton, a WhatsApp co-founder. Acton left Facebook in late 2017 and is now the foundation’s Executive Chairman. Signal’s open source Signal Protocol is said to be used by a number of large entities (including WhatsApp) for encryption. Part of Signal’s ongoing business model may be to offer services in relation to their protocol, though that is just speculation.

Because of Signal’s nonprofit status, I feel more confident in Signal’s longevity as an independent entity.

Regardless, there will always be churn in this sector, so I would expect to switch again some day. I look at switching messaging apps in a similar way to how I look at switching banks. It is a big hassle to switch, but eventually the arguments for leaving outweigh the reasons to stay. So I switch, and then I keep tabs on it to ensure it remains the best of the options that are open to me.

I really rely on [insert very specific feature]. Would another privacy-focused messaging app support the features I need?

Perhaps! The best place to find out is the app’s own website, they’re jumping to tell you all of the great things their app can do. Another place that might be worth checking is Slant.

Personally, I am most concerned about conversation backups and mute / unmute capabilities.

I want to have some way of backing up my conversations in case I ever lose my phone. But with convenience comes a cost. Backups are notoriously tricky with encrypted messaging since they introduce another potential weak point, the server that stores the backup. With Signal, you can back up on Android but not iOS (though iOS backups do seem to be on their roadmap). Telegram seems to allow backups of some sort, but it is unclear what this means for encryption. The only easily-available information I could find currently was their related FAQ “Why not just make all chats ‘secret’?” and their founder’s blog post “Why Isn’t Telegram End-to-End Encrypted by Default?

Both Telegram and Signal seem to support conversation muting according to various documentation and articles I found online. The muting duration and other functionality offered by each service will likely be slightly different from WhatsApp.

If I’m going to switch to a more privacy-focused messaging app, which app should I choose?

The three biggest factors in choosing a messaging app are probably the user base, features, and data privacy.

From a data privacy perspective, Signal is likely the best choice. Signal is fully open source, meaning that the security in every aspect of the service can be reviewed and is publicly-verifiable. Though Telegram has an open API and protocol, the backend software is not open source so the security cannot be fully evaluated by a third party.

From a features perspective, it is probably safe to say that WhatsApp is the most fully-featured encrypted messaging app out there currently. It is hard to tell how those features might change over time in light of Facebook’s plan to integrate it with Facebook Messenger and Instagram. Telegram used to be more fully featured than Signal, but at the moment it seems about neck-and-neck.

In terms of user base, it seems impossible to get very accurate numbers. The better thing to do, perhaps, is to just ask around. See what your friends and family are already using. There is a very good chance that certain circles will prefer one to the other. Personally I have more friends on Signal than Telegram, but that may relate to the sector that I work in.

But as a final point, maybe just don’t choose. There is nothing wrong with using multiple messaging apps. I use FaceTime and iMessage with my family because they all happen to have iPhones (though Apple’s not perfect!). I use Signal with lots of friends. I’ll probably hang on to WhatsApp ultimately as well, for a little while at least, since certain contacts are going to struggle to switch to a different app for one reason or another.


A closing thought. Though I’ve focused on Telegram and Signal here, there are a lot of other encrypted messaging apps out there to explore.

For mobile, take a look at Viber, Line, Threema. For business-y stuff, maybe take a look at Wire or Keybase. If you’re just talking desktop and are interested in getting a little techy, check out Freenode and Scuttlebutt.

This is a conversation worth continuing.

Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Read more

I believe that a worthwhile clinic must have a purpose to compliment its existence; not only the everyday purpose it was designed for, but beyond that, a practice must improve the quality of the field it belongs to and the athletic community it works for.

A little while back, Sam showed me a video on BBC sport with runner Simon Lamb about how running has helped him manage his mental health problems. He then showed me Simon’s blog, Six Seconds High. Though I’m not a runner (and unfortunately probably never will be due to knee stuff), I really liked reading his thoughts about running, sport, mental health and how he runs his sport therapy clinic.

Look in to Ken Garland’s First Things First manifesto, particularly his reflection on its impact over the years, how it has or hasn’t been misinterpreted, the original signatories I’m not familiar with. I think there’s a bit of information about this around page 40 of Ken Garland: Structure and Substance by Adrian Shaughnessy. Haven’t yet had the pleasure of reading the book, but read a few extracts last night after Garland’s (great) talk and book launch last night at Sheffield Hallam. The Garland exhibition in the Cantor Building gallery is on until 9 November. 

Incidentally, the electric doors at the main entrance to the Cantor building sound like dubstep. Cannot be unheard…