Man on airplane to seatmate: “It’s funny you’re wearing headphones, because I just read this article about a study that showed lots of people can’t pick up on basic privacy-seeking cues like, wait for it, *wearing headphones.*”

Noise-cancelling

November 10, 2018

Guys: just don’t, okay?

* * *

I have a pair of big ear-can headphones: the Sony MDR-7506, acquired used on Craigslist last year. I haven’t used headphones this big since… wow, since high school.

It seemed like overnight everyone stopped using them in the 80s, and started sporting tiny foam Sony Walkman headphones. Its headband looked so tiny and fragile that I couldn’t believe it would survive the rough and tumble of my backpack on a daily commute to and from university. And yet…

…well, actually, it broke pretty quickly, as did its replacement. But soon the market responded with cheap knock-offs with sound every bit as good as Sony’s.

A few years later, along came earbuds, which became the must-have audio accessory once the iPod debuted. Wonderful for most people, but hellish for me because I couldn’t figure out how to use them properly. They kept falling out, and I started to feel increasingly stupid at not being able to grasp this simple technology.

Then David Pogue saved me with a column revealing I wasn’t alone. He and I and lots of other people lack a little nub of ear cartilage known as the antitragus which, for most of the world, holds those earbuds in snugly.

It took me a few years after that to finally shell out for the big ol’ headphones of my youth, but I did and I’m happy. The kids are finally at an age where me isolating myself with a little music isn’t going to threaten anyone’s safety. And they’ve grown up on much smaller headphones, so neither one is pestering me to use these.

Truth be told, they’re heavy and inconvenient, and I actually prefer to wear a lightweight pair of cheap off-brand Bluetooth headphones for day-to-day use. But when I want to disappear into a cocoon of sound, there’s nothing like two 1970s-style ear-mattresses to do the trick.

(Child to an Elf on the Shelf) Snitches get stitches.

Snoop on the shelf

December 20, 2016

It’s no secret I don’t like the Elf on the Shelf. Between my built-in prejudice against cutesy “traditions” that date back to the medieval era of, oh, 2004 or so, and a healthy aversion to normalizing surveillance culture, I was never going to warm to this little creep.

Now, though, I seem to have company. The Elf has made its move in Britain, and the backlash is underway. (Apparently Britain’s embrace of the surveillance state outweighed their distaste for newcomers. Which is saying something, since anti-immigrant sentiment helped convince them to commit national economic self-disembowelment. Am I blaming the Elf for Brexit? I am absolutely blaming the Elf for Brexit.)

And in the meantime, 2016 has given me one more reason for Elf-loathing. Or am I wrong to feel uneasy about an army of red-capped zealots, rabidly loyal to an absolute ruler, reporting our every move to him?

(A barefoot woman and man, both without noses. The woman is speaking.) Apparently there's been another huge data breach. They got users' names, passwords, noses and shoes.

Once more unto the breach

October 24, 2015 No Comments

Another day, another data breach —this time with a British teleco called TalkTalk. Unlike the Ashley Madison breach, the very fact that someone’s profile is in their database isn’t damaging, but the personal information attached to that profile could be.

There’s a ton of good common-sense security advice out there for users (the folks we used to call “consumers”). Use a different password on every site. Use hard-to-guess passwords. Be careful of public Wi-Fi. Don’t have children.

That’s fine for locking up our own front doors. But how to protect ourselves when someone breaks into the bank vault and raids our safe deposit boxes? In terms of defending ourselves from third-party security breaches, there isn’t a lot of advice out there — other than “don’t share any more information than you have to.”

Unfortunately, many of the companies we deal with make sharing more data than necessary part of the price of doing business with them. And that’s not just the data they gather in a registration form; they track how we use their services relentlessly, and cross-reference that data with information from other services.

Everything they have on us is there on their servers, ready for an enterprising hacker to swoop in and harvest if the company fails to mount an adequate defence. There isn’t a lot you can do about that; we don’t even have a good sense of how well the companies we deal with are protecting our data, because they’re notoriously tight-lipped about their security practices, citing security concerns.

The key message is just “Trust us,” which doesn’t inspire confidence with the mounting pile of headlines suggesting many data warehouses aren’t impregnable fortresses so much as all-you-can-download buffets. That’s especially frustrating if you’re otherwise careful about protecting your privacy. It doesn’t do you a lot of good to cover your tracks if your partner in crime (or data) sings like a canary.

Worse yet, you don’t have to be a customer to run afoul of a company’s disregard for your privacy and security. In their quest for ever-harder-to-ignore ads, companies have embraced Flash-based tools that expose browsers to gaping security holes.

Which is why the breaches we’ve seen so far are probably just prologue. As Cory Doctorow put it, “Ashley Madison and the Office of Personnel Management weren’t the big leak-quake: they were the tremors that warned of the coming tsunami. Every day, every week, every month, there will be a mounting drumbeat of privacy disasters. By this time next year, it’s very likely that someone you know will have suffered real, catastrophic harm due to privacy breaches. Maybe it’ll be you.”

(worried web strategist) On the bright side, our SEO strategy seems to be compliant with the right to be forgotten.

You have the right to… wait, who was I just talking to?

November 27, 2014 No Comments

Most of the reading I’ve done on the right to be forgotten has been U.S. tech media commenting on what crazy people the Europeans are, and how big a pain it’ll be for Google et al to deal with. I’ve also read a few pieces weighing freedom of expression against the damage that revenge porn sites do to people’s lives, and the legalized extortion conducted by mugshot sites. The headline today on this front is the EU’s application of the right to be forgotten not only to Google’s European properties, but to Google.com itself (when accessed from within Europe).

It’s fraught, but it’s also fascinating. And part of the reason it may clash so severely with sensibilities of libertarian-leaning North Americans is that it has its roots in French law’s droit à l’oubli—“a right that allows a convicted criminal who has served his time and been rehabilitated to object to the publication of the facts of his conviction and incarceration.”

This is a right I had no idea even existed: the idea that once you’ve done your time, your crime should be allowed to fade with people’s memories.

As someone pathologically unable to remember people’s names once I’ve met them, I seem to have this right hard-wired into my cerebral cortex. (I once spent two hours having a delightful dinner conversation with someone, only to re-introduce myself to them five minutes later in the foyer. In my defence, there may have been wine involved.) But my inner jury is still out as to whether I want that to be enforceable in a court of law.

Edward Snowden at SXSW

March 12, 2014 1 Comment

Man tries to do the right thing against a backdrop of deadly espionage, 1959: North By Northwest.

Man tries to do the right thing against a backdrop of deadly espionage, 2014: South By Southwest.

Immunity for Edward Snowden sounds about right. Instead, he has to live under the threat of abduction, interrogation and if some especially awful U.S. politicians got their way, execution.

There’s little indication that President Obama’s administration is open to leniency, or even an alternate perspective on Mr. Snowden. But as LGBT Americans can attest, the president has changed his mind before. We can hope.

The blood elf flies north at midnight

December 10, 2013 No Comments

So now we know that the NSA isn’t just mining mobile phone metadata. They’re mining World of Warcraft gold.

I suspect their people are a lot less clueless than my cartoonist’s heart would like to believe. Sure, I’m tickled at the thought of James Bond flailing helplessly in mid-air for hours in Second Life. But even as someone whose knowledge of the intelligence community is largely informed by Michael Westen‘s monologues (see previous cartoon), I’m pretty sure these folks are used to adapting quickly to different cultures and unfamiliar environments.

And intelligence work in a MMORPG probably isn’t much different from intelligence work anywhere else: building relationships, gaining trust, listening carefully, and doing a lot more boring sifting through data than you might think. (So online community managers, you can probably expect a call from a CIA human resources officer any day now.)

That doesn’t mean the execution went off without a hitch. According to the documents leaked by Edward Snowden, there were so many intelligence agents in the virtual field that a “deconfliction” group had to keep them from wasting time infiltrating each other. Not that there aren’t folks who use Second Life as a way of infiltrating each other, but that’s a whole ‘nother topic. And the ProPublica article on the Snowden revelations suggests strongly that terrorists weren’t actually using World of Warcraft or Second Life except for recreation and getting one’s freak on.

What the article doesn’t address, and what I suspect the biggest danger posed by MMORPG ops, is mission creep.

Anyone who has missed work to finish a quest, or looked up from an online melee to realize it’s four in the morning, knows what I’m talking about. Intelligence agencies used to have to worry about field agents “going native”; now they have to worry their loyalty could be divided between their country and their guild. Yeah, you’re pretty sure that mage is MOSSAD, but she’s awfully handy with a Frost spell, so now she’s in your questing party. And maybe you haven’t come up with a lick of actionable intel in three years, but you’ve kept Al Qaeda off the leaderboard, and isn’t that what really matters?

Incidentally, there’s also the massive violation of privacy (and community). Wouldn’t it be great if there was someone trying to do something about that?

Rainbow Gumball Racerz would like access to your bank account and dental records (Y/N)

September 6, 2013 No Comments

This cartoon came about because I came across one app too many asking for outrageous access and permissions: see my contacts, tweet on my behalf… stuff that’s becoming numbingly routine, but which the app really has no need for.

I know the platforms often don’t make it easy, but I’d love developers to go beyond just saying they want this access; tell me what you’ll do with it. Are you going to store my list of contacts locally and offer to autocomplete names as I enter them? That might be cool. Are you going to email everyone I know each time I defeat a level boss in Avatar Vs. My Little Pony? Not so cool.

And I’d like fewer vampires and more houseguests. Invite a vampire into your house once, and that permission’s apparently irrevocable (or so a lot of late-night movies would have me believe). But a houseguest has to ask permission every time they drop in, and that’s what I’d like to be able to opt for with some apps. One example: I’d like to require a passcode entry before enabling Facebook and Twitter “integration” on kids’ games, so my little ones can’t gunk up my updates (and your news feeds) with useless status updates unless I say so.

One last thought about the cartoon: what are the chances there are already apps out there performing surreptitious surveillance? Or maybe, what are the chances there aren’t?

This is the bonus cartoon I promised after folks kindly pushed the Noise to Signal Facebook Page past the magic 2,000-Like mark. (That may seem like an arbitrary number, but it really isn’t. I’m now officially entitled to a friendly nod and a “S’up?” from Mark Zuckerberg if we ever walk by each other.)

Unfortunately, it’s late, because the server crashed under mysterious circumstances. I choose that wording deliberately, because it suggests the involvement of nefarious forces, which has more cachet than “I have no idea why this is broken; maybe some disk corruption or a squirrel got into the datacenter.”

Now, however, I have resurrected the server (with lots of encouragement from the good folks at Linode!), so we’re back up and running. Better yet, we’ve made the leap from Ubuntu’s Karmic Koala to Raring Ringtail, completely bypassing Maverick Meerkat, Tempestuous Tapeworm, Obsequious Okapi and Passive-Aggressive Porpoise.

What will this mean to you? Well, other than a possible Funny Ubuntu Animals cartoon in the offing, maybe nothing. Or maybe it will mean shorter load times and an undefinable yet undeniable sense of well-being. Let me know.

A couple has dinner while a giant eyeball stares at them from outside. One of the couple tells the other, 'Relax - it can only see metadata.'

If you have nothing to hide…

July 5, 2013 3 Comments

A quick public service annountment: the Electronic Frontier Foundation does great work on this and many other issues. Learn more about the implications of NSA surveillance, and then take action to protect your privacy.

“Why are people so up in arms about government surveillance, when they already share all this stuff on Facebook anyway?”

That’s what someone asked me a few days ago. I argued that what people get to choose what they share on social channels (at least in principle), which got an eloquently unconvinced silence in reply.

Which is strange, because I don’t think anyone would have suggested a few decades ago that because you write letters to the editor or call phone-in shows, you should never have any privacy ever again.

Maybe it reflects an appetite out there for retribution against the Twitter generation for burdening the rest of us with their status updates about lunch. “You wanna live-tweet tonight’s episode of The Mindy Project? Ha! Surprise! Now the government knows about your walnut-shell fetish.”

Or maybe it’s that people aren’t really thinking through what a tiny proportion of our lives is still getting tweeted, pinned, blogged, uploaded and shared. I’m not posting “@robcottingham: Still asleep. Posted at 3:03 am. @robcottingham: Still asleep. Posted at 3:04 am. @robcottingham: Half-awake. Bladder full. Get up, or try to press on until 7? Posted at 3:03 am.” (That may be because I haven’t yet acquired a Fitbit Flex, and connected it to IFTTT… so stay tuned.)

Then again, a lot of our activity is getting shared with others. Just not with our friends and contacts. It gets shared with data warehouses, advertising vendors, telecom providers, search engines, and the rest of that long list of businesses that have found a way to mine profit out of the information we often don’t really know we’re handing to them.

Hey, big thanks to the crowd at the Noise to Signal Facebook Page, who helped me choose a caption for this cartoon! You can see the runners-up here.

Get out of my underwear drawer: mobile apps and privacy

July 20, 2012 No Comments

I like to think of the apps I load on my mobile devices as guests I’ve invited over. I want them to be themselves, relax, chat… but I also want them to have some level of respect for the place.

I don’t expect to find them looking through my underwear drawer.

But some apps do just that. (Provided you’re willing to accept “underwear” as a metaphor for your address book.) The moment you head to the kitchen to whip up a plate of cheese and crackers, they’re peeking into your medicine cabinet, flipping through your diary or perusing that photo album of awkwardly-posed boudoir shots you’d swear you’d hidden at the back of the bedroom closet.

App vendors will tell you (as they nervously scrunch and unscrunch your “Incredible Hunk” mini briefs) that they’re just trying to be helpful. And they would never, never use this information that they’ve just sent back unencrypted to their servers for anything except improving your user experience. Possibly also for a funny skit they’re doing for next week’s we-just-got-our-first-round-of-funding party. Did you notice your underwear is now sorted by texture? Isn’t that helpful?

And in the vast majority of cases, I think developers actually are trying to be helpful. They’ve had a cool idea, something that could be useful, and they can implement it with just a few lines of code. When most of your job involves seeing data in terms of its structures and relationships, it’s easy to miss the question of how that data’s owner feels about it.

Of course, there are vendors whose motives aren’t nearly as pure, and involve aggregate data mining (in the mountain-top-removal sense of “mining”) at best.

The point is, get out of my underwear drawer. Unless I’ve explicitly invited you over for that purpose, and believe me, it’s a very select few guests who fall into that category. (They’re the ones who get the good cheese and crackers.)

Boundaries, people.

He sees you when you’re surfing, he knows when you’re on Skype…

February 20, 2012 No Comments

Originally posted on ReadWriteWeb

It was just over a week ago that the Canadian government was preparing to table its new Internet surveillance legislation.

For the Conservatives, it was supposed to be a very good week. Tough posturing on crime has been a vote-winner for them in the past, and the only people who care about civil liberties are those herbal-tea-swilling vegan-sashimi-ordering bicycle-riding bleeding hearts* who’d never vote for them anyway – right?

And then Public Safety Minister Vic Toews went and said something that galvanized a community that went far beyond the herbal-tea-swilling crowd. Replying to a questioner in the House of Commons (or “House of Representatives” to Americans, Australians and New Zealanders), he said:

We are proposing measures to bring our laws into the 21st century and to provide the police with the lawful tools that they need. He can either stand with us or with the child pornographers.

The government promptly rebranded the bill, hastily changing its name from “Lawful Access Act” to “Protecting Children from Internet Predators Act.” And all holy hell broke loose.

This being Canada, by “all holy hell” I mean there was a hashtag – #TellVicEverything. Twitter’s Canadian users bombarded Toews with the mundane details of their lives. One of the country’sleading voices for online freedom, Michael Geist, summed it up:

Yesterday’s Twitter-based #tellviceverything was the perfect illustration for how the Internet can fuel awareness and action at remarkable speed. Through thousands of tweets, Canadians used humour to send a strong message that the government has overstepped with Bill C-30 (my favourite remains @kevinharding’s Hey @ToewsVic, I lost an email from my work account yesterday. Can I get your copy?). Alongside the Twitter activity are dedicated websites, hundreds of blog postings from commentators on the left and right of the political spectrum, thousands of calls and letters to MPs, and nearly 100,000 signatures on the Stop Spying petition at Open Media.

By the end of the week, several of the country’s editorial pages that are normally pretty sympathetic to the Conservatives’ agenda had swung against them on this issue. A Twitter account appeared, revealing purported details of Toews’ personal life, and then went dark again. And the government was signalling it might be open to amending the bill, with at least one Conservative Member of Parliament saying it’s “too intrusive as it currently stands.”

This isn’t the first time our politicians have accused defenders of privacy and civil liberties of siding with child pornographers. But it’s the first time it’s backfired this spectacularly.

Maybe it’s because Canada’s net activists were spurred by the success of the fight against SOPA/PIPA in the United States (a fight many of us played some small role in waging). Maybe it’s because we’ve become a little more sensitive on online privacy issues, after a few high-profile clashes with social networking giants. Or maybe it’s just that we won’t tolerate being lumped in with terrorists, child pornographers, thieves and counterfeiters whenever it suits a politician’s or lobbyist’s communications strategy.

Whatever the reason, Canada now has a northern counterpart to the wired community’s newfound activism in the US. And #TellingVicEverything is only the beginning.

* Or as I call them, “my people”.

Did I just say that out loud?

June 6, 2011 1 Comment

Originally posted on ReadWriteWeb.

In a week where U.S. news coverage was dominated by an inappropriate tweet from a congressperson’s Twitter account, maybe it’s worth taking a moment or two to think about your own personal social media policy. (Alex has a great post about family social media policies, by the way.) What are you doing to avoid landing in the same soup that Rep. Anthony Weiner has been sloshing around in for the past several days?

For instance, do you consciously avoid tweeting or blogging after you’ve had a few drinks? (I’ve had an idea for a smartphone breathalyzer. Blow anything over 0.08%, and it wouldn’t let you tweet. Or, optionally, it switches you over to a special Twitter account you’ve created that consists only of drunk tweets.) Do you have a policy of running anything that seems iffy past a trusted colleague or a loved one?

Do you ensure all of your social media profiles are protected by secure, complex passwords? Disable all post-by-email functionality? Require background checks and kill-chip implants for anyone who ever touches your logged-in devices?

Or is the occasional I-can’t-believe-my-elected-representative-just-tweeted-that (or I-can’t-believe-my-favorite-clothing-designer-just-tweeted-that) the price we pay for a free-wheeling, spontaneous Web?

Just between you and me (and the entire Internet)

May 31, 2010 5 Comments

Are you finding the same thing I am? Where you’re having a casual conversation with a friend, and you’re in the middle of saying something… well, not exactly secret, but not the sort of thing you want shared with the world… and you stop dead, suddenly worried that it might end up in their Twitter stream?

When I’m talking to someone with a blog, a Twitter feed or even a Facebook account (which, these days, means nearly everyone), I’m often just a little guarded. I have my own guidelines and boundaries when I’m dealing with other people’s information – basically, if there’s any ambiguity, I ask permission before I share – but I know other people draw the line differently.

Sometimes they’ll reveal a confidence but change a few details to protect identities. Or maybe they’d never do that, but they’ll readily tag an embarrassing party photo of you on Facebook.

While some people lay down hard and fast rules about the new online etiquette, the reality is things are still a lot more fluid than many of us realize. You’ve just had lunch with a potential client; do you tweet that? You shot a hilarious video at the company picnic; do you upload it? And do we all just assume we’re all on the record, 24-7, until and unless we agree otherwise?

Several years into the social media revolution, we’re still only making baby steps toward some kind of shared understanding of the terrain we’re walking on together. And in some ways, netiquette seems as nebulous a concept as ever.

Your friend just sniffed you! Sniff back? (y/n)

May 17, 2010 7 Comments

This cartoon is an updated look at my original Facebook dogs, who kicked off Noise to Signal as the first cartoon under that name. And they are, of course, a reference/homage to Peter Steiner‘s iconic New Yorker cartoon.

This hasn’t been a good past few weeks for Facebook. Growing concerns over what Facebook’s deliberately doing to your privacy collided with news about what Facebook’s doing accidentally with your data.

There are two upcoming ways you can protest: by not logging in on June 6, or – if you’re ready to finally cut the umbilical cord – quitting altogether on May 31. So far, while they’re getting press attention, neither initiative is showing signs of snowballing yet, with registered followers numbering only in the hundreds.

That’s not to say the discontent is limited to net activists and privacy advocates. “How do I delete my Facebook account” is suddenly a very popular search on Google.

Which I actually find encouraging, and not because of hostility toward Facebook. (Not that I’m happy with its privacy practices, or its approach to the open Web, by which it seems to mainly mean a Web that’s open to driving data into Facebook. And not that I side with the “your-privacy’s-dead-anyway-so-shut-up” crowd, either.) If so many people are at least thinking of voting with their feet, then maybe there’s at least some awareness among regular users that our privacy, attention and data are all worth something. And maybe, just maybe, that awareness could coalesce into a market force that rewards openness and accountability, and punishes arbitrary, high-handed behaviour.

Otherwise, well, I likely won’t quit this year. But there’s always May 31, 2011.

2009-03-09-reality

February 26, 2009 No Comments

…

Also, they think you should floss more

February 5, 2009 No Comments

…

Content Header

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Share:

Content Footer