Skip to content
Man on airplane to seatmate: “It’s funny you’re wearing headphones, because I just read this article about a study that showed lots of people can’t pick up on basic privacy-seeking cues like, wait for it, *wearing headphones.*”


Noise-cancelling published on

Guys: just don’t, okay?

* * *

I have a pair of big ear-can headphones: the Sony MDR-7506, acquired used on Craigslist last year. I haven’t used headphones this big since… wow, since high school.

It seemed like overnight everyone stopped using them in the 80s, and started sporting tiny foam Sony Walkman headphones. Its headband looked so tiny and fragile that I couldn’t believe it would survive the rough and tumble of my backpack on a daily commute to and from university. And yet…

…well, actually, it broke pretty quickly, as did its replacement. But soon the market responded with cheap knock-offs with sound every bit as good as Sony’s.

A few years later, along came earbuds, which became the must-have audio accessory once the iPod debuted. Wonderful for most people, but hellish for me because I couldn’t figure out how to use them properly. They kept falling out, and I started to feel increasingly stupid at not being able to grasp this simple technology.

Then David Pogue saved me with a column revealing I wasn’t alone. He and I and lots of other people lack a little nub of ear cartilage known as the antitragus which, for most of the world, holds those earbuds in snugly.

It took me a few years after that to finally shell out for the big ol’ headphones of my youth, but I did and I’m happy. The kids are finally at an age where me isolating myself with a little music isn’t going to threaten anyone’s safety. And they’ve grown up on much smaller headphones, so neither one is pestering me to use these.

Truth be told, they’re heavy and inconvenient, and I actually prefer to wear a lightweight pair of cheap off-brand Bluetooth headphones for day-to-day use. But when I want to disappear into a cocoon of sound, there’s nothing like two 1970s-style ear-mattresses to do the trick.

(Child to an Elf on the Shelf) Snitches get stitches.

Snoop on the shelf

Snoop on the shelf published on

It’s no secret I don’t like the Elf on the Shelf. Between my built-in prejudice against cutesy “traditions” that date back to the medieval era of, oh, 2004 or so, and a healthy aversion to normalizing surveillance culture, I was never going to warm to this little creep.

Now, though, I seem to have company. The Elf has made its move in Britain, and the backlash is underway. (Apparently Britain’s embrace of the surveillance state outweighed their distaste for newcomers. Which is saying something, since anti-immigrant sentiment helped convince them to commit national economic self-disembowelment. Am I blaming the Elf for Brexit? I am absolutely blaming the Elf for Brexit.)

And in the meantime, 2016 has given me one more reason for Elf-loathing. Or am I wrong to feel uneasy about an army of red-capped zealots, rabidly loyal to an absolute ruler, reporting our every move to him?

(A barefoot woman and man, both without noses. The woman is speaking.) Apparently there's been another huge data breach. They got users' names, passwords, noses and shoes.

Once more unto the breach

Once more unto the breach published on No Comments on Once more unto the breach

Another day, another data breach —this time with a British teleco called TalkTalk. Unlike the Ashley Madison breach, the very fact that someone’s profile is in their database isn’t damaging, but the personal information attached to that profile could be.

There’s a ton of good common-sense security advice out there for users (the folks we used to call “consumers”). Use a different password on every site. Use hard-to-guess passwords. Be careful of public Wi-Fi. Don’t have children.

That’s fine for locking up our own front doors. But how to protect ourselves when someone breaks into the bank vault and raids our safe deposit boxes? In terms of defending ourselves from third-party security breaches, there isn’t a lot of advice out there — other than “don’t share any more information than you have to.”

Unfortunately, many of the companies we deal with make sharing more data than necessary part of the price of doing business with them. And that’s not just the data they gather in a registration form; they track how we use their services relentlessly, and cross-reference that data with information from other services.

Everything they have on us is there on their servers, ready for an enterprising hacker to swoop in and harvest if the company fails to mount an adequate defence. There isn’t a lot you can do about that; we don’t even have a good sense of how well the companies we deal with are protecting our data, because they’re notoriously tight-lipped about their security practices, citing security concerns.

The key message is just “Trust us,” which doesn’t inspire confidence with the mounting pile of headlines suggesting many data warehouses aren’t impregnable fortresses so much as all-you-can-download buffets. That’s especially frustrating if you’re otherwise careful about protecting your privacy. It doesn’t do you a lot of good to cover your tracks if your partner in crime (or data) sings like a canary.

Worse yet, you don’t have to be a customer to run afoul of a company’s disregard for your privacy and security. In their quest for ever-harder-to-ignore ads, companies have embraced Flash-based tools that expose browsers to gaping security holes.

Which is why the breaches we’ve seen so far are probably just prologue. As Cory Doctorow put it, “Ashley Madison and the Office of Personnel Management weren’t the big leak-quake: they were the tremors that warned of the coming tsunami. Every day, every week, every month, there will be a mounting drumbeat of privacy disasters. By this time next year, it’s very likely that someone you know will have suffered real, catastrophic harm due to privacy breaches. Maybe it’ll be you.”


(worried web strategist) On the bright side, our SEO strategy seems to be compliant with the right to be forgotten.

You have the right to… wait, who was I just talking to?

You have the right to… wait, who was I just talking to? published on No Comments on You have the right to… wait, who was I just talking to?

Most of the reading I’ve done on the right to be forgotten has been U.S. tech media commenting on what crazy people the Europeans are, and how big a pain it’ll be for Google et al to deal with. I’ve also read a few pieces weighing freedom of expression against the damage that revenge porn sites do to people’s lives, and the legalized extortion conducted by mugshot sites. The headline today on this front is the EU’s application of the right to be forgotten not only to Google’s European properties, but to itself (when accessed from within Europe).

It’s fraught, but it’s also fascinating. And part of the reason it may clash so severely with sensibilities of libertarian-leaning North Americans is that it has its roots in French law’s droit à l’oubli“a right that allows a convicted criminal who has served his time and been rehabilitated to object to the publication of the facts of his conviction and incarceration.”

This is a right I had no idea even existed: the idea that once you’ve done your time, your crime should be allowed to fade with people’s memories.

As someone pathologically unable to remember people’s names once I’ve met them, I seem to have this right hard-wired into my cerebral cortex. (I once spent two hours having a delightful dinner conversation with someone, only to re-introduce myself to them five minutes later in the foyer. In my defence, there may have been wine involved.) But my inner jury is still out as to whether I want that to be enforceable in a court of law.

Bumpy ride

Bumpy ride published on No Comments on Bumpy ride

Thanks, Uber, for giving me the chance to combine two of the issues I hold dearest to my heart: privacy, and awkward forced conversation with strangers.

Edward Snowden at SXSW

Edward Snowden at SXSW published on 1 Comment on Edward Snowden at SXSW

Man tries to do the right thing against a backdrop of deadly espionage, 1959: North By Northwest.

Man tries to do the right thing against a backdrop of deadly espionage, 2014: South By Southwest.

Immunity for Edward Snowden sounds about right. Instead, he has to live under the threat of abduction, interrogation and if some especially awful U.S. politicians got their way, execution.

There’s little indication that President Obama’s administration is open to leniency, or even an alternate perspective on Mr. Snowden. But as LGBT Americans can attest, the president has changed his mind before. We can hope.

The blood elf flies north at midnight

The blood elf flies north at midnight published on No Comments on The blood elf flies north at midnight

So now we know that the NSA isn’t just mining mobile phone metadata. They’re mining World of Warcraft gold.

I suspect their people are a lot less clueless than my cartoonist’s heart would like to believe. Sure, I’m tickled at the thought of James Bond flailing helplessly in mid-air for hours in Second Life. But even as someone whose knowledge of the intelligence community is largely informed by Michael Westen‘s monologues (see previous cartoon), I’m pretty sure these folks are used to adapting quickly to different cultures and unfamiliar environments.

And intelligence work in a MMORPG probably isn’t much different from intelligence work anywhere else: building relationships, gaining trust, listening carefully, and doing a lot more boring sifting through data than you might think. (So online community managers, you can probably expect a call from a CIA human resources officer any day now.)

That doesn’t mean the execution went off without a hitch. According to the documents leaked by Edward Snowden, there were so many intelligence agents in the virtual field that a “deconfliction” group had to keep them from wasting time infiltrating each other. Not that there aren’t folks who use Second Life as a way of infiltrating each other, but that’s a whole ‘nother topic. And the ProPublica article on the Snowden revelations suggests strongly that terrorists weren’t actually using World of Warcraft or Second Life except for recreation and getting one’s freak on.

What the article doesn’t address, and what I suspect the biggest danger posed by MMORPG ops, is mission creep.

Anyone who has missed work to finish a quest, or looked up from an online melee to realize it’s four in the morning, knows what I’m talking about. Intelligence agencies used to have to worry about field agents “going native”; now they have to worry their loyalty could be divided between their country and their guild. Yeah, you’re pretty sure that mage is MOSSAD, but she’s awfully handy with a Frost spell, so now she’s in your questing party. And maybe you haven’t come up with a lick of actionable intel in three years, but you’ve kept Al Qaeda off the leaderboard, and isn’t that what really matters?

Incidentally, there’s also the massive violation of privacy (and community). Wouldn’t it be great if there was someone trying to do something about that?

Rainbow Gumball Racerz would like access to your bank account and dental records (Y/N)

Rainbow Gumball Racerz would like access to your bank account and dental records (Y/N) published on No Comments on Rainbow Gumball Racerz would like access to your bank account and dental records (Y/N)

This cartoon came about because I came across one app too many asking for outrageous access and permissions: see my contacts, tweet on my behalf… stuff that’s becoming numbingly routine, but which the app really has no need for.

I know the platforms often don’t make it easy, but I’d love developers to go beyond just saying they want this access; tell me what you’ll do with it. Are you going to store my list of contacts locally and offer to autocomplete names as I enter them? That might be cool. Are you going to email everyone I know each time I defeat a level boss in Avatar Vs. My Little Pony? Not so cool.

And I’d like fewer vampires and more houseguests. Invite a vampire into your house once, and that permission’s apparently irrevocable (or so a lot of late-night movies would have me believe). But a houseguest has to ask permission every time they drop in, and that’s what I’d like to be able to opt for with some apps. One example: I’d like to require a passcode entry before enabling Facebook and Twitter “integration” on kids’ games, so my little ones can’t gunk up my updates (and your news feeds) with useless status updates unless I say so.

One last thought about the cartoon: what are the chances there are already apps out there performing surreptitious surveillance? Or maybe, what are the chances there aren’t?

This is the bonus cartoon I promised after folks kindly pushed the Noise to Signal Facebook Page past the magic 2,000-Like mark. (That may seem like an arbitrary number, but it really isn’t. I’m now officially entitled to a friendly nod and a “S’up?” from Mark Zuckerberg if we ever walk by each other.)

Unfortunately, it’s late, because the server crashed under mysterious circumstances. I choose that wording deliberately, because it suggests the involvement of nefarious forces, which has more cachet than “I have no idea why this is broken; maybe some disk corruption or a squirrel got into the datacenter.”

Now, however, I have resurrected the server (with lots of encouragement from the good folks at Linode!), so we’re back up and running. Better yet, we’ve made the leap from Ubuntu’s Karmic Koala to Raring Ringtail, completely bypassing Maverick Meerkat, Tempestuous Tapeworm, Obsequious Okapi and Passive-Aggressive Porpoise.

What will this mean to you? Well, other than a possible Funny Ubuntu Animals cartoon in the offing, maybe nothing. Or maybe it will mean shorter load times and an undefinable yet undeniable sense of well-being. Let me know.

Get out of my underwear drawer: mobile apps and privacy

Get out of my underwear drawer: mobile apps and privacy published on No Comments on Get out of my underwear drawer: mobile apps and privacy

I like to think of the apps I load on my mobile devices as guests I’ve invited over. I want them to be themselves, relax, chat… but I also want them to have some level of respect for the place.

I don’t expect to find them looking through my underwear drawer.

But some apps do just that. (Provided you’re willing to accept “underwear” as a metaphor for your address book.) The moment you head to the kitchen to whip up a plate of cheese and crackers, they’re peeking into your medicine cabinet, flipping through your diary or perusing that photo album of awkwardly-posed boudoir shots you’d swear you’d hidden at the back of the bedroom closet.

App vendors will tell you (as they nervously scrunch and unscrunch your “Incredible Hunk” mini briefs) that they’re just trying to be helpful. And they would never, never use this information that they’ve just sent back unencrypted to their servers for anything except improving your user experience. Possibly also for a funny skit they’re doing for next week’s we-just-got-our-first-round-of-funding party. Did you notice your underwear is now sorted by texture? Isn’t that helpful?

And in the vast majority of cases, I think developers actually are trying to be helpful. They’ve had a cool idea, something that could be useful, and they can implement it with just a few lines of code. When most of your job involves seeing data in terms of its structures and relationships, it’s easy to miss the question of how that data’s owner feels about it.

Of course, there are vendors whose motives aren’t nearly as pure, and involve aggregate data mining (in the mountain-top-removal sense of “mining”) at best.

The point is, get out of my underwear drawer. Unless I’ve explicitly invited you over for that purpose, and believe me, it’s a very select few guests who fall into that category. (They’re the ones who get the good cheese and crackers.)

Boundaries, people.

He sees you when you’re surfing, he knows when you’re on Skype…

He sees you when you’re surfing, he knows when you’re on Skype… published on No Comments on He sees you when you’re surfing, he knows when you’re on Skype…

Originally posted on ReadWriteWeb

It was just over a week ago that the Canadian government was preparing to table its new Internet surveillance legislation.

For the Conservatives, it was supposed to be a very good week. Tough posturing on crime has been a vote-winner for them in the past, and the only people who care about civil liberties are those herbal-tea-swilling vegan-sashimi-ordering bicycle-riding bleeding hearts* who’d never vote for them anyway – right?

And then Public Safety Minister Vic Toews went and said something that galvanized a community that went far beyond the herbal-tea-swilling crowd. Replying to a questioner in the House of Commons (or “House of Representatives” to Americans, Australians and New Zealanders), he said:

We are proposing measures to bring our laws into the 21st century and to provide the police with the lawful tools that they need. He can either stand with us or with the child pornographers.

The government promptly rebranded the bill, hastily changing its name from “Lawful Access Act” to “Protecting Children from Internet Predators Act.” And all holy hell broke loose.

This being Canada, by “all holy hell” I mean there was a hashtag – #TellVicEverything. Twitter’s Canadian users bombarded Toews with the mundane details of their lives. One of the country’sleading voices for online freedom, Michael Geist, summed it up:

Yesterday’s Twitter-based #tellviceverything was the perfect illustration for how the Internet can fuel awareness and action at remarkable speed. Through thousands of tweets, Canadians used humour to send a strong message that the government has overstepped with Bill C-30 (my favourite remains @kevinharding’s Hey @ToewsVic, I lost an email from my work account yesterday. Can I get your copy?). Alongside the Twitter activity are dedicated websites, hundreds of blog postings from commentators on the left and right of the political spectrum, thousands of calls and letters to MPs, and nearly 100,000 signatures on the Stop Spying petition at Open Media.

By the end of the week, several of the country’s editorial pages that are normally pretty sympathetic to the Conservatives’ agenda had swung against them on this issue. A Twitter account appeared, revealing purported details of Toews’ personal life, and then went dark again. And the government was signalling it might be open to amending the bill, with at least one Conservative Member of Parliament saying it’s “too intrusive as it currently stands.”

This isn’t the first time our politicians have accused defenders of privacy and civil liberties of siding with child pornographers. But it’s the first time it’s backfired this spectacularly.

Maybe it’s because Canada’s net activists were spurred by the success of the fight against SOPA/PIPA in the United States (a fight many of us played some small role in waging). Maybe it’s because we’ve become a little more sensitive on online privacy issues, after a few high-profile clashes with social networking giants. Or maybe it’s just that we won’t tolerate being lumped in with terrorists, child pornographers, thieves and counterfeiters whenever it suits a politician’s or lobbyist’s communications strategy.

Whatever the reason, Canada now has a northern counterpart to the wired community’s newfound activism in the US. And #TellingVicEverything is only the beginning.

Or as I call them, “my people”.

Did I just say that out loud?

Did I just say that out loud? published on 1 Comment on Did I just say that out loud?

Originally posted on ReadWriteWeb.

In a week where U.S. news coverage was dominated by an inappropriate tweet from a congressperson’s Twitter account, maybe it’s worth taking a moment or two to think about your own personal social media policy. (Alex has a great post about family social media policies, by the way.) What are you doing to avoid landing in the same soup that Rep. Anthony Weiner has been sloshing around in for the past several days?

For instance, do you consciously avoid tweeting or blogging after you’ve had a few drinks? (I’ve had an idea for a smartphone breathalyzer. Blow anything over 0.08%, and it wouldn’t let you tweet. Or, optionally, it switches you over to a special Twitter account you’ve created that consists only of drunk tweets.) Do you have a policy of running anything that seems iffy past a trusted colleague or a loved one?

Do you ensure all of your social media profiles are protected by secure, complex passwords? Disable all post-by-email functionality? Require background checks and kill-chip implants for anyone who ever touches your logged-in devices?

Or is the occasional I-can’t-believe-my-elected-representative-just-tweeted-that (or I-can’t-believe-my-favorite-clothing-designer-just-tweeted-that) the price we pay for a free-wheeling, spontaneous Web?

Just between you and me (and the entire Internet)

Just between you and me (and the entire Internet) published on 5 Comments on Just between you and me (and the entire Internet)

Are you finding the same thing I am? Where you’re having a casual conversation with a friend, and you’re in the middle of saying something… well, not exactly secret, but not the sort of thing you want shared with the world… and you stop dead, suddenly worried that it might end up in their Twitter stream?

When I’m talking to someone with a blog, a Twitter feed or even a Facebook account (which, these days, means nearly everyone), I’m often just a little guarded. I have my own guidelines and boundaries when I’m dealing with other people’s information – basically, if there’s any ambiguity, I ask permission before I share – but I know other people draw the line differently.

Sometimes they’ll reveal a confidence but change a few details to protect identities. Or maybe they’d never do that, but they’ll readily tag an embarrassing party photo of you on Facebook.

While some people lay down hard and fast rules about the new online etiquette, the reality is things are still a lot more fluid than many of us realize. You’ve just had lunch with a potential client; do you tweet that? You shot a hilarious video at the company picnic; do you upload it? And do we all just assume we’re all on the record, 24-7, until and unless we agree otherwise?

Several years into the social media revolution, we’re still only making baby steps toward some kind of shared understanding of the terrain we’re walking on together. And in some ways, netiquette seems as nebulous a concept as ever.

We are all in Witness Protection

We are all in Witness Protection published on 1 Comment on We are all in Witness Protection

It’s not just that some social networking platforms make it almost ridiculously hard to find the “delete” button on your profile. (Enough people are searching Google for how they can delete their Facebook account that it’s actually making news headlines. I want you to think about that for a second: the popularity of a search engine query is now newsworthy. Truly, we live in the future.)

It’s that they make it emotionally painful, too. Facebook throws up faces of your nearest and dearest on its confirmation screen, asking, “Are you sure you want to do that? Really? YOU WILL NEVER SEE THESE PEOPLE AGAIN.” (I’m paraphrasing. Facebook’s language is far more manipulative.)

Here’s one clue that your platform may not be delivering the value to your users that it ought to: you need to take hostages to get them to stay.

Your friend just sniffed you! Sniff back? (y/n)

Your friend just sniffed you! Sniff back? (y/n) published on 7 Comments on Your friend just sniffed you! Sniff back? (y/n)

This cartoon is an updated look at my original Facebook dogs, who kicked off Noise to Signal as the first cartoon under that name. And they are, of course, a reference/homage to Peter Steiner‘s iconic New Yorker cartoon.

This hasn’t been a good past few weeks for Facebook. Growing concerns over what Facebook’s deliberately doing to your privacy collided with news about what Facebook’s doing accidentally with your data.

There are two upcoming ways you can protest: by not logging in on June 6, or – if you’re ready to finally cut the umbilical cord – quitting altogether on May 31. So far, while they’re getting press attention, neither initiative is showing signs of snowballing yet, with registered followers numbering only in the hundreds.

That’s not to say the discontent is limited to net activists and privacy advocates. “How do I delete my Facebook account” is suddenly a very popular search on Google.

Which I actually find encouraging, and not because of hostility toward Facebook. (Not that I’m happy with its privacy practices, or its approach to the open Web, by which it seems to mainly mean a Web that’s open to driving data into Facebook. And not that I side with the “your-privacy’s-dead-anyway-so-shut-up” crowd, either.) If so many people are at least thinking of voting with their feet, then maybe there’s at least some awareness among regular users that our privacy, attention and data are all worth something. And maybe, just maybe, that awareness could coalesce into a market force that rewards openness and accountability, and punishes arbitrary, high-handed behaviour.

Otherwise, well, I likely won’t quit this year. But there’s always May 31, 2011.


2009-03-09-reality published on No Comments on 2009-03-09-reality

Also, they think you should floss more

Also, they think you should floss more published on No Comments on Also, they think you should floss more