Published

Some long-winded thoughts on privacy policies and consent popups

This Q&A is compiled from conversations I have had with many, many clients and collaborators who have had a hard time navigating things like the GDPR, privacy policies, cookie notices, consent messaging, and other related topics.

Here are all the questions covered below:

Read more

Published

Anddddd here we go

Let’s see… since we arrived in the US late on Monday, I’ve signed up for Instacart, GrubHub, Postmates, 1stdibs, and Nextdoor with my “spam” email account. This is an account I only use for things that I suspect might get sketchy with my data. I am filled with regret.

I’m suddenly getting a lot more spam. Even though I’m now living in California under the CCPA, at least one of these platforms—let’s be real, probably a few of them—seems to be disclosing my email address to other unrelated service providers.

Shame on me for signing up, I guess? I haven’t identified the culprit, but I’m going to give it a go. Will also delete a few of these accounts.

I’ve just had a look at deleting my Nextdoor account and of course you have to contact them to do it. Unfortunately 1stdibs, Postmates, and GrubHub are all the same, you have to contact support to close your account. WHY? It absolutely doesn’t have to be like this! Scummy.

This is one of the bits about living in the US that I’ve been most dreading. Whelp, here we go.


Edit at 6:09pm:

I’ve sent CCPA requests to nearly all of them to find out more about the disclosure of my information. I can’t send one to Postmates since I only got through the very first step of signup, just gave them my email address and then never added my phone number since I don’t have a US mobile number yet. According to their privacy policy as of today:

We do not currently have a reasonable method of verifying the identity of non-registered users to a reasonable degree of certainty, as we do not maintain enough personal information to enable us to verify non-registered users with sufficient certainty. Thus, we cannot honor the access or deletion requests of non-registered users at this time.

Bull. Shit. In my humble opinion. Something as simple as a “forgot password”–style link would surely do. If it’s good enough for verifying identity for a password reset, it’s good enough for this purpose.

IDK why this makes my blood boil, but it does.

Published

Switching from Google Analytics to Matomo (f.k.a. Piwik) on WordPress

It’s a new decade, time to leave Google Analytics.

A big part of me wants to say screw it, just get rid of analytics altogether. But I find it interesting. I’ve never used it to decide what to write, and I don’t think I ever will, but it’s just fascinating to find out what makes the rounds. I’ll never know why a short post about repairing my mom’s straw bag was my most popular post for years, but I’m glad to know a lot of people checked it out.

So I decided to keep my Google Analytics property in place and just locked it down as much as I could. I adjusted the script to respect users’ Do Not Track browser settings (Paul Fawkesley has a short article about how to do this). I also configured Google Analytics to anonymise IP addresses, and I deliberately disabled Data Collection for Advertising Features, Demographics and Interest Reports, User-ID, and all data-sharing settings. I also set a low data retention policy to make sure old data would get deleted.

None of this changed the fact that I was still sharing data with Google.

Read more

Published

Notes from Redecentralize 2019

Been a busy few days with Redecentralize on Friday followed by MozFest over the weekend. Redecentralize was a one-day unconference at 4th Floor Studios in Whitechapel. The event was expertly organised by Ira Bolychevsky and her crack team.

It was a day of thought-provoking conversations and notebook scribbling. This is an attempt to decode the scribbles, make some follow-up plans, and to generally summarise the day from my perspective. There was a lot going on so I can’t cover it all, but I’m going to keep an eye out for other people’s notes via the Redecentralize newsletter.

\              \                      \                   \
\\\   \   \    \\            \        \\       \       \  \\
\\\\\ \\\ \\\  \\\   \    \  \\     \ \\\  \   \\  \   \\ \\\ \
\\ \\\\\\\\\\\ \\\\ \\\\  \\\\\\   \\\\\\\\\\\ \\\ \\\ \\\\\\\\
\\   \\\  \\\\\\\ \\\\\\\\\\\\\\\\\\\\\\ \\ \\\\\\\\\\\\\\\\  \
 \     \    \\  \   \    \\\  \  \\\   \  \   \\\ \\\ \\\  \   
              \            \       \            \   \   \

Read more

Published

Could NemID exist in other countries? And should it?

Front of a NemID card

Last Monday, I met with some friends at the Cock in Hackney. One of them had just returned from Copenhagen and mentioned having to sort out something related to his NemID. I’d never heard of it before.

Apparently NemID is a common login tool that Danish residents use to access online banking and services offered by public institutions. It’s a little credit card-sized booklet of 148 key pairs that you use alongside a user ID and a password. It’s like an analogue version of two-factor authentication. Each time you log in to something with NemID, the key pair you use is invalidated and is never used again. When you’ve used up all of your key pairs, you’re sent a new NemID booklet.

It seems like a great system. Unlike biometric data, it would be easy to replace if it were compromised. Unlike most other two-factor authentication methods, it doesn’t require an additional (usually smart) device of some sort.

There are downsides though. NemID is administered by a single organisation, Nets DanID A/S, and all of the data seems to be held in one place. This was a problem in 2013 when a DDoS attack knocked it offline temporarily. The oversight also seems pretty iffy, see this January 2016 blog article: “NemID is not cryptologically secure – and the authorities do not care”.

It’s also hard to say how this could be rolled out in countries with larger populations… Denmark’s population is around 5.7 million. That’s a bit more manageable than the UK (~ 66 million), Brazil (~ 209 million), or India (~ 1.3 billion).

Apparently NemID is going to be replaced by MitID in the next few years, so it will be interesting to see if the Danish government forces any changes to make the system less centralised.

And it makes me wonder (again) if something like Dark Crystal could ever work on a national scale.

Published

Q&A related to privacy-first messaging apps

I rely heavily on messaging services since many of my friends and family (probably the majority) live outside of the UK, as do some critical professional contacts. I mainly use WhatsApp for encrypted messaging but have wanted to move away from it for some time due to concerns about Facebook. The recent news regarding the integration of WhatsApp, Instagram messages, and Facebook Messenger has been the catalyst for actual change within my group of peers.

The Q&A below is an amalgamation of many different conversations I am having at the moment about moving to a more privacy-first messaging app. I have focused on Signal and Telegram for the time being since they seem to be the most likely candidates.

I’ve done my best to pull together this information in a fairly short time, and some of it is new to me. If any of it seems incorrect, let me know.


I have nothing to hide, and I have no fear of my data being used against me by a private company or the government. Why should should I make data privacy a priority when I’m choosing a messaging app?

There are many ideological arguments against the “I have nothing to hide” viewpoint, most of which I agree with. That said, it can be near-impossible to agree 100% on ideology, so perhaps it is better to consider the practical.

When your messages are not encrypted, their contents are visible to anyone that has access to them. In an ideal world that would only be you, the recipient, and whatever app you use to manage your messages. Unfortunately, the reality is more complicated and there are many weak points that can be exploited. For example, if the WiFi network you’re on is insecure, your messages will be exposed to unintended prying eyes. Think of the last time you connected to WiFi in an airport, hotel, or cafe. Was it always password protected? Was it clear who supplied the network?

You may not be worried even if your messages were compromised, surely there is nothing in your messages that could be of consequence. But what about the photos of your adorable 4 year old niece from your sister? The online banking details you sent to your partner since the rent payment failed and they needed to sort it out? The message to your worried mother about your blood test results? The company Twitter password you sent to a co-worker that urgently needed access?

There are some things that are best kept private, and encryption lets you do just that.

I’m concerned about the privacy of my data, but why should I switch when WhatsApp already has end-to-end encryption? Isn’t that enough?

It is certainly a great step in the right direction, but whether it’s enough depends upon how much you trust Facebook and how you feel about Facebook’s role in the spread of misinformation.

As things currently stand, WhatsApp’s privacy policy allows limited data sharing with Facebook even though messages are encrypted end-to-end. Since the integration between WhatsApp and Facebook is only being strengthened, I feel it is reasonable to think that the data sharing will continue or possibly grow.

I don’t personally have much confidence in Facebook regarding their use of my data, no matter how minimal, so WhatsApp is not my first choice for encrypted messaging.

Oh man, another app… I really don’t want another app

I’m with you! It’s frustrating. I don’t have a good answer for this, except that personally I’m going to try to cultivate a little more patience for multiple apps. The WhatsApp / Facebook “monopoly” is kind of what led us here in the first place.

Besides that, the best advice I can give is to frequently Kondo apps and micromanage your notifications. Smartphones give you great, granular control over notifications nowadays, so take full advantage. Turn off the chimes, turn off the lock screen notifications, turn off the message previews. It makes managing multiple messaging apps (and your sanity) a lot easier.

And finally, if you feel like one particular app is a really great fit, then advocate for it! If you’re enthusiastic about it and get your friends / family on board, you may find you have fewer apps to juggle.

My phone is ancient! What privacy-focused messaging app would offer support for my device?

It depends upon the limitations of your specific device.

Signal currently supports Android and iOS. You can find more information about Signal’s operating system requirements in their documentation. Telegram currently supports Android, iOS, and Windows Phone. You can find more information about Telegram’s operating system requirements in their FAQs.

I am not sure about the memory or disk space usage for the different apps though, this is something I would have to look in to further.

I’m very up for switching to a privacy-first messaging app, but the actual switch will involve convincing my contacts to leave too. I wouldn’t mind bringing this up, but it feels like a political decision. Political discussion is not welcome in my field / organisation / family / friend group. How can I approach this?

This is a very understandable and tricky concern. How best to approach this depends completely on your specific circumstances and relationships. It is impossible to give general advice, but I’ll give it a go.

You could delay the conversation, however I would say that even if you do not have the “should we make the switch” conversation with your contacts now, it will likely come up at some point due to the current trajectory of WhatsApp. When you do broach the subject, perhaps consider focusing on the practical upsides of switching to an encrypted messaging app (see answer to first question above for more on this).

If you feel you simply can’t bring this up, then of course you could always continue to use WhatsApp for certain conversations and use a different app for others. Though every app provider would probably prefer you believe otherwise, there is no rule against using multiple apps!

On a more general note, the mis-use of personal data has led to previously unimaginable consequences and turbulence in recent years. As such, every decision related to the transmission of personal data, even something as mundane as choosing a messaging app, is unavoidably political. So though we cannot avoid the political nature of the choice, we can control how we treat that choice. We can be passive, or deliberate.

What is preventing these privacy-focused messaging apps from being acquired by some tech giant and the cycle happening all over again?

If the messaging service is already controlled by private investors, perhaps not much. Here is a very brief summary of how Telegram and Signal are structured as organisations. Note that much of the information that follows has been gleaned via Signal article and Telegram article on Wikipedia.

Telegram is owned by Telegram Messenger LLP and has been funded by Digital Fortress LLC. They have stated that they are not for profit but are not structured as a nonprofit, possibly due to the overhead involved in setting up an official nonprofit. The sustainability of their business model is unclear, however they did put together an Initial Coin Offering (ICO) to fund a new blockchain platform and cryptocurrency. Activity around this seems to have halted in early 2018.

Signal is owned by Signal Messenger LLC which is funded by the Signal Foundation, a 501(c) nonprofit organisation whose mission is to make “private communication accessible and ubiquitous”. Much of the funding ($50 million) used to create this nonprofit came from Brian Acton, a WhatsApp co-founder. Acton left Facebook in late 2017 and is now the foundation’s Executive Chairman. Signal’s open source Signal Protocol is said to be used by a number of large entities (including WhatsApp) for encryption. Part of Signal’s ongoing business model may be to offer services in relation to their protocol, though that is just speculation.

Because of Signal’s nonprofit status, I feel more confident in Signal’s longevity as an independent entity.

Regardless, there will always be churn in this sector, so I would expect to switch again some day. I look at switching messaging apps in a similar way to how I look at switching banks. It is a big hassle to switch, but eventually the arguments for leaving outweigh the reasons to stay. So I switch, and then I keep tabs on it to ensure it remains the best of the options that are open to me.

I really rely on [insert very specific feature]. Would another privacy-focused messaging app support the features I need?

Perhaps! The best place to find out is the app’s own website, they’re jumping to tell you all of the great things their app can do. Another place that might be worth checking is Slant.

Personally, I am most concerned about conversation backups and mute / unmute capabilities.

I want to have some way of backing up my conversations in case I ever lose my phone. But with convenience comes a cost. Backups are notoriously tricky with encrypted messaging since they introduce another potential weak point, the server that stores the backup. With Signal, you can back up on Android but not iOS (though iOS backups do seem to be on their roadmap). Telegram seems to allow backups of some sort, but it is unclear what this means for encryption. The only easily-available information I could find currently was their related FAQ “Why not just make all chats ‘secret’?” and their founder’s blog post “Why Isn’t Telegram End-to-End Encrypted by Default?

Both Telegram and Signal seem to support conversation muting according to various documentation and articles I found online. The muting duration and other functionality offered by each service will likely be slightly different from WhatsApp.

If I’m going to switch to a more privacy-focused messaging app, which app should I choose?

The three biggest factors in choosing a messaging app are probably the user base, features, and data privacy.

From a data privacy perspective, Signal is likely the best choice. Signal is fully open source, meaning that the security in every aspect of the service can be reviewed and is publicly-verifiable. Though Telegram has an open API and protocol, the backend software is not open source so the security cannot be fully evaluated by a third party.

From a features perspective, it is probably safe to say that WhatsApp is the most fully-featured encrypted messaging app out there currently. It is hard to tell how those features might change over time in light of Facebook’s plan to integrate it with Facebook Messenger and Instagram. Telegram used to be more fully featured than Signal, but at the moment it seems about neck-and-neck.

In terms of user base, it seems impossible to get very accurate numbers. The better thing to do, perhaps, is to just ask around. See what your friends and family are already using. There is a very good chance that certain circles will prefer one to the other. Personally I have more friends on Signal than Telegram, but that may relate to the sector that I work in.

But as a final point, maybe just don’t choose. There is nothing wrong with using multiple messaging apps. I use FaceTime and iMessage with my family because they all happen to have iPhones (though Apple’s not perfect!). I use Signal with lots of friends. I’ll probably hang on to WhatsApp ultimately as well, for a little while at least, since certain contacts are going to struggle to switch to a different app for one reason or another.


A closing thought. Though I’ve focused on Telegram and Signal here, there are a lot of other encrypted messaging apps out there to explore.

For mobile, take a look at Viber, Line, Threema. For business-y stuff, maybe take a look at Wire or Keybase. If you’re just talking desktop and are interested in getting a little techy, check out Freenode and Scuttlebutt.

This is a conversation worth continuing.

Published

Saturday at Mozfest 2018

SB and I went to Mozfest for the first time last Saturday. What a lovely day! Took some haphazard notes throughout, see below for a dump of notes/links related to the sessions I attended. The bits in brackets are mostly thoughts that bounced around my head while taking notes during talks. All quotes are paraphrased.

Read more

Published

If a tree falls in a forest

❤️👍😍⭐️🙌

The quick-kudos tools that have evolved online definitely have their usefulness, but most of the time it feels like sugar. Satisfying and fostering a hunger. It cultivates a bottomless pit of competition, arbitrary measurements of self worth, and requires a level of intrapersonal gymnastics that I’m not personally capable of sustaining.

Is the problem just the public-ness of it all? What about deliberately quiet kudos?

I want to give those sorts of kudos almost every day. It’s hard to describe the use cases, though there are many… Maybe someone famous does work you admire. That’s the I-want-to-tell-you-that-this-is-fantastic-but-I’m-genuinely-not-latching-on-for-likes use case. Or a rather private friend finishes a project they should be damn proud of. That’s the you-need-to-know-this-is-great-but-we-both-know-you’d-prefer-if-I-didn’t-turn-this-in-to-a-conversation use case.

And I sure as hell would be happy to receive that sort of thing. Little pick-me-ups are critical, especially when you are mostly/fully your own employer.

It’s the digital equivalent of a great compliment from a stranger. The sort of compliment that leaves you feeling a tiny bit lighter. The sort of compliment that isn’t motivated by a mob of people giving you the same compliment. And it usually has little to do with the identity of the complimenter. (In fact, when a complete stranger follows up an IRL compliment by introducing themselves, that’s often when the moment sours a bit, or gets a smidge creepy.)

So how to give quiet kudos? It should be as simple and familiar feeling as similar features – as in, just select an emoji – but definitely not public. It shouldn’t associate an identity with the kudos either, IMO. Hopefully that would avoid spamminess. It’d probably also need a daily/weekly/monthly summary setting but good lord, it definitely shouldn’t ever send a “you received 0 kudos this week!” sort of email. And it should include other reactions, the bad with the good.

I would be surprised if this doesn’t exist already in some form or another… need to dig a little harder. I suppose one preexisting version of this is the e-newsletter since it’s an opt-in system. Particularly TinyLetter. But that just feels a little too business-y for what the sort of thing I’m imagining. Might look in to making the tool I’m imagining. Add it to the someday list.

In summary:
If a tree falls in a forest and no one is around to hear it, does it make a sound? I say yes.

Published

I’m on the bandwagon

Just published a privacy policy. The styles don’t really support multi-level headings right now, that will have to come later.

It’s probably overkill to have such a long privacy policy for a personal website, but it felt like a useful exercise. I like the fact that an essential part of GDPR is that these policies have to be readable and easy to understand. That makes them both a policy and an educational opportunity. A lot of people don’t really know why they need to be careful with their data or how to do that and honestly, that’s fair enough. Data privacy has been under-appreciated for a long time. If we talk about it enough though, and be patient with one another, that can improve.

There are downsides to the GDPR hullabaloo though… so many people are applying quick, artificial fixes. Pop-ups, spammy-looking emails saying “please re-register!” that themselves feel like spam… It all feels a little web 1.0 at the moment. There’s a real fine line between being considerate and useful vs being shouty and in the way of day-to-day life on the web. There’s no quick fix really, it takes time and care to look long and hard at this stuff.