Making My Own Cloud

Nic and I got our first camera together a few months before our wedding — it was also our last film camera. I had a few digital cameras, but at the time, the quality was low and the prices still high, and we wanted really good pictures that would last. So we got a good scanner to go along with our film, and resolved to began preserving memories.

A couple of kids at Dunn’s River Falls, 2001

The subsequent economies of scale for digital cameras, and later the rapidly improving quality of phone cameras resulted in a proliferation of photographs — and many hours spent on a strategy for organizing and storing them. This got even more complicated with 3 new digital archivists when our kids got phones and began photographing and recording everything.

The result is more than 140GB of photos over 20+ years, organized in folders by year, then by month. The brief metadata I can capture in a folder name is rarely enough to be able to quickly pinpoint a particular memory, but wading through the folders to find something is often a fun walk down memory lane anyway.

Apple's Digital Hub strategy of yester-yearSince I first started out archiving photos, a number of technology solutions have come along claiming to be able to do it better. Flickr, Google Photos, iPhoto, Amazon Photos all made bold assertions that they could automatically organize photos for you, in exchange for a small fee for storing them. The automatic organization always sucked, and the fees were usually part of an ecosystem lock-in play. It seems nothing has been able to beat hierarchical directory trees yet.

Still 140GB is a lot, and 20 years of memories can’t be saved on a single hard drive — there’s too much risk. Some kind of bulk back-up mechanism is important. For the past 8 years, we’ve used Microsoft’s OneDrive. Their pricing is the best, and their sync clients work well on most platforms. They don’t try to force any organization on you, it kinda just works.

Lately, though, they’ve begun playing into the “ecosystem lock” trap. The macOS client is rapidly abandoning older (and more functional) versions of the OS. OneDrive is priced most attractively if you also subscribe to Office, which is also moving to the consumer treadmill model of questionable new features requiring newer hardware. It seems that in order to justify the subscription software model, vendors need us to abandon our hardware every 3-4 years. This artificial obsolescence must be the industry’s answer to the fact that consumer computing innovation has plateaued, and there’s no good reason to replace a computer less than 10 years old any more — and many good reasons not to.

Hidden in an unknown corner of Inner Mongolia is a toxic, nightmarish lake created by our thirst for smartphones, consumer gadgets and green tech. Read the article.

In short, while I’m not unhappy with OneDrive, and consider the current incarnation of Microsoft to be one of the more ethical tech giants, it was high time to begin exploring alternatives. If you’re sensing a theme here lately, it stems from a realization that if us nerds willingly surrender all our data to big companies, then what hope does the average person have of privacy in this connected age?

Fortunately, like with most other tech, there are open source alternatives. Some are only for those who can DIY, but a significant number are available for the less tech savvy willing to vote with their wallets. Both NextCloud and OwnCloud offer sync clients that are highly compatible with a range of operating systems and environments. Both are available as self-host and subscription systems — from a range of providers. At least for now, I’ve decided to self-host OwnCloud in Azure. This is largely because I get some free Azure as a work-perk. If that arrangement changes in the future, I’m very likely to subscribe to NextCloud provided by Hetzner, a privacy-conscious European service that costs less than $5.

My first digital camera, a Kodak DC20, circa 1997. Thanks mom and dad!Right now, our total synced storage needs for the family are under 300GB. I have another terabyte of historical software, a selection of which will remain in a free OneDrive account. The complete 1.3TB backup is on dual hard drives, one always stored offsite. This relatively small size is due to the fact that we stopped downloading video as soon as streaming services became a viable paid alternative — although that appears to be changing.

I started making money on computers as a teen by going around and fixing people’s computers for them. Most made the same simple mistakes, were grateful for help, and were generally eager to learn. In 2022, I’m afraid we’ve all just surrendered to big tech — we’ve decided its too hard to learn to manage our digital lives, so we let someone else do it; in exchange, we’ve stopped being customers and instead we’ve become the products. With our digital presence being so important, maybe its time consumers decided we’re not for sale.

The Next Web

The tech bros have declared a new era of the Internet; they call it Web 3.0, or just web3. They claim this new era is about decentralization, but their claims are suspiciously linked to non-web-specific ideas like blockchain, crypto currency and NFTs. I object to all of it.

I consider myself a child of Web 1.0 — I cut my teeth on primitive web development just as it was entering the mainstream. But I consider myself a parent of Web 2.0. Not that I was never in the running to be a dot com millionaire, but my career has largely been based on the development and employment of technologies related to the read/write web, and many of my own personal projects, such as this website, are an exploration of that era of the Internet. Web 2.0 is the cyberspace I am at-home in. So one might accuse me of becoming a stodgy old man, refusing to don my VR headset and embrace a new world of DeFi and Crypto — and time will tell, maybe I am…

But its my personal opinion that web3 is on the fast track to the Trough of Disillusionment, and that when the crypto bubble bursts, there will be much less actual change remaining in the rubble than the dot-com bubble burst left us with.

Before I dive in, let’s clear up some terms. “Crypto” has always been short for cryptography. Only recently has the moniker been re-purposed as a short form for cryptographic currency. Crypto being equated with currency is a bit of a slight to a technology space that has a wide-variety of applications. But fine, language evolves, so let’s talk about crypto using its current meaning. Crypto includes BitCoin, Dogecoin, Litecoin, Ethereum and all the other memetic attempts at re-inventing currency. Most of these are garbage, backed by nothing except hype. People who are excited by them are probably the same people holding them, desperate to drive up their value. There’s literally no “fundamentals” to look to in crypto — its all speculative. But that doesn’t mean they don’t have value; the market is famously irrational, and things are worth what people think they’re worth. Bitcoin, the original crypto-currency, has fluctuating, but real value, because virtual though it may be, it has increasing scarcity built-in.

I stole this image from somewhere on the web. I assume someone else owns the NFT for it.

I’ve owned Bitcoin twice — and sold it twice. The first time was fairly early on, when I mined it myself on a Mac I rescued. What I mined was eventually worth about $800: enough to buy myself a newer and more powerful computer.

My next Bitcoin experiment was last year, where I bought a dip and sold it when it went high. I made about $300. I made more money buying and selling meme stocks with real companies behind them, so I have no plans to continue my Bitcoin experiments in the near future.

As a nerd who’s profited (lightly) off it, you’d think I’d be more of a proponent of digital currency, but the reality is that none of its purported benefits are actually real — and all of its unique dangers actually are. I won’t cite the whole article, but I need to do more than link to this excellent missive I found on the topic, because its much better written than I could manage, so here’s a relevant excerpt — go read the rest:

Bitcoin is touted as both a secure and non-inflationary asset, which brushes aside the fact that those things have never simultaneously been true. As we’ve seen, Bitcoin’s mining network, and therefore its security, is heavily subsidized by the issuance of new bitcoin, i.e. inflation. It’s true that bitcoin will eventually be non-inflationary (beginning in 2140), but whether it will remain secure in that state is an open question…

The security of bitcoin matters for two reasons. First, because bitcoin’s legitimacy as the crypto store of value stems from it. Out of a sea of coins, the two things that bitcoin indisputably ranks first in are its security and age. In combination, these make bitcoin a natural Schelling point for stored value. If halvings cause bitcoin’s security to fall behind another coin, its claim to the store of value throne becomes a more fragile one of age and inertia alone.

The second reason is the tail risk of an actual attack. I consider this a remote possibility over the timeframe of a decade, but with every halving it gets more imaginable. The more financialized bitcoin becomes, the more people who could benefit from a predictable and sharp price move, and an attack on the chain (and ensuing panic) would be one way for an unscrupulous investor to create one.

Paul Butler – Betting Against Bitcoin

I think a few crypto-currencies will survive, and that blockchain as a technology may find a few persistent use-cases. But I’m also convinced that the current gold rush will eventually be seen as just that. Crypto isn’t that much better than our current banking system: its not faster, it doesn’t offer any real privacy, it isn’t truly decentralized, and blockchain itself is grossly inefficient. But that doesn’t mean people won’t try find uses for it. Just look at NFTs!

NFTs, or Non Fungible Tokens, employ blockchain technology to assert ownership of digital assets that are, by their very nature, fungible. You could, right now, take a screen shot of this website and share it with everyone. You could claim it was your website, and I couldn’t stop you. The website itself would continue to be mine, and DNS records for the domain will be under my ownership as long as I pay the annual renewal. But that screen shot you took can belong to anyone and everyone. This fact has caused no end of grief for media companies, who have been trying, almost since the dawn of the web, to control the distribution of digital media. No wonder NFTs are taking the world by storm right now, both the tech and investment community (who desperately need a reason to justify their blockchain investments) and the media conglomerates, want it to be the answer. Its not — but that reality won’t impact the hype cycle.

A NFT is an immutable record of ownership of a digital asset. The asset may be freely distributed, but the record of ownership remains, preserved in a blockchain that can be added to — but not removed from. Its like a receipt, showing that you bought a JPG or GIF… except that this receipt imparts no rights. I can still freely copy that JPG, host it, post it, email it and share it. The purchase record only serves as evidence that someone stupidly spent money (sometimes incredible amounts of money) for it. Everyone else just gets to benefit from the asset as before. If the stock market indicates the perceived value of holding a share of a company, the NFT market indicates that some people are willing to assign value to holding only the perception itself. Its ludicrous.

You can start to understand why some are calling web3 a giant ponzi scheme. People who bought into ephemeral perceptions of value need to increase the perceived value of their non-existent holdings, so they hype them up and try to get others to buy in, to raise that perceived value — until at some point, the bubble bursts, and not only does all the perception disappear — but the basis of those perceptions mostly go away too. Unlike the dot com bubble, which left behind useful ideas to be gainfully employed in less foolish ways, the web3 bubble has created nothing of real value, and little useful technological innovation will remain.

All that said, I do despair for the state of Web 2.0 — it has been almost completely commercialized, and the individual freedom of expressions the “eternal September” has wrought clearly indicated that our Civilization of the Mind needed some better guardrails. I also believe in some of the concepts of decentralization that are being espoused for the next web. But I’d argue that hyped up ideas of virtual ownership, meta realities, and the mistaken assumption of privacy that comes with cryptographic currency, are not the changes we need. The barrier to entry for the freedom of exchange shouldn’t be based on how much money you’re willing to gamble on dubious claims of hyped-up technologies…

I’m not sure I know what would be a fair and equitable way to approach Web 3.0. Web 1.0’s barriers were around a user’s ability to understand technology — a bar that ensured that most of its participants were relatively intelligent. Web 2.0’s democratization lowered that bar, enabling more diverse conversation and viewpoints (both good and bad), but also enabled a level of exploitation that even the original denizens of the web were unable to stop. The next web can’t be allowed to be more exploitative — and its participants shouldn’t be more easily misled. We need to learn from our mistakes and make something better.

Maybe I’m too old, or too disconnected from the metaverse and tech bro culture to influence much. But I observe that there are still wonderful communities on the web. They’re a little harder to find (sometimes deliberately so), but there are still (relatively small) groups of people who can converse civilly on a topic of shared interest. Since leaving Facebook, I’ve created and joined a few, and it gives me hope that technology can still be enabler for real communication and community. For some people, wearing a funny headset might be a part of that, and that’s OK. For others, it may mean speculating on stocks or new forms of stored value, and if they’re doing that responsibly, maybe that’s OK too. But if Silicon Valley decides that web3 requires crypto currency, NFTs and the metaverse, I think I’m going to skip that update… forever.

Alexa, shut up!

The next tech company we’re redefining our relationship with is Amazon. We’re not breaking up, but we are going to set some more healthy boundaries with the A to Z company.

Amazon has never been as creepy as Facebook, or more recently, Google. As a former employee, I can say with confidence that they are very careful with customer data — the data isn’t the fuel for that particular machine, actual purchases provide that. But data is a valuable lubricant that keeps its gears turning. When I was there, all trackable customer data was immediately anonymized. The encrypted customer ID was a carefully guarded secret that didn’t appear in any reports or analysis. But analysis was very much a part of the business. Data from different classes of customers was aggregated to create predictability and targetability — but never against an individual, only against kinds of shoppers. Its entirely likely that Facebook and Google behave the same way internally — but the difference is the amount of personally identifiable information they store. Amazon mostly just wants your address so they can ship you things.

No, Amazon’s guilt lies more in their impact on its work force. This isn’t entirely their fault, though. We all bought into the amazing convenience of clicking “Buy Now” and having something show up surprisingly fast — next, or even the same, day in some markets. It really is remarkable. At some point, though, to push that convenience to the next level, they have to start pushing against human limitations. Our laws and technology aren’t quite ready for drones to deliver things to our door, so to drive down costs and timelines, we need the people in the process to do more and do it faster. That means warehouse workers working harder, delivery drivers delivering more, and customer service serving more customers. The results are self-evident… the warehouse workers are ready to break, the drivers can’t get one, and the customer service has declined.

At the rate Ben’s toy drones crash, I’m not sure we’re ready for this tech anyway.

Last year we tried ditching Amazon Prime. Initially we expected it to be very difficult — we like getting free 2-day shipping, who doesn’t?! But not having that convenience was a trigger to look other places. We tried to buy local more, or at least spread the purchases to some different big box retailers. Sometimes we paid a little more, usually it took longer to arrive, but at least we weren’t the ones making some fulfillment center employee skip a bathroom break, or some Amazon driver pee in a bottle. It wasn’t more convenient, but it did feel more human. The experiment was a success, and despite Amazon’s attempts to sign us back up at every turn, we won’t be joining Prime again (except maybe for a month when the new Jack Ryan season comes out.)

Also getting significantly cut back at our house is Amazon’s robotic offspring, Alexa. My voice was one of those that helped train her — we had early prototypes in our home, listening to our conversations and performing daily training. Initially they wanted only born-and-raised US English speakers, but I convinced the dev team that my background was so diverse that Alexa wouldn’t be confused by any strong Canadian accents or turns of phrase, so they let me bring her home. It was exciting being a part of making a voice interface an actual reality, and we soon had an Alexa device within earshot of almost every part of our home (although she’s never been allowed in a bedroom.)

However, like many other innovative products from that business unit, Alexa is in a tough spot in 2022. Its great when invention starts out for the pure nerdy joy of creating something new, and I’ll always treasure the memories I have of working on so many secret projects. But all gadgets eventually need a way to support themselves — a business model that justifies their existence. Alexa was created with the distant possibility in mind that customers might one day shop with it, or that Alexa users might become more loyal Amazon customers, and thus influence revenue indirectly. In reality, most orders created by voice were probably mistakes, and Alexa herself is… well, she’s becoming rather annoying.

Shut up, Alexa!

As they’ve added more features, the machine learning algorithm has not improved. This means she gets confused more easily. Our programmed routine to dim the lights for a movie results in instructions on how to make popcorn about 50% of the time.

And if that’s not bad enough, in a desperate attempt at relevance, she’s started notifying us of things… daily. Batteries are on sale! That thing I bought a month ago needs a review! Did we know she could help us with our mental health through daily meditation? Not content to sit and listen quietly, nor to exist just to turn on our lights or spell a word for the kids, Alexa has begun insisting that she needs to be a bigger part of our life. Our reaction to this increasingly pushy robot is to just unplug her. We have three kids, a cat and a bunch of chickens. We haven’t got time for a needy smart speaker too.

So, two Echo devices are being replaced with Apple HomePod Minis. They’re significantly less capable, but also exponentially less demanding. The rest of the Echos, save one in the kitchen, will be decommissioned. Occasionally that’ll meaning turning off a light the old fashioned way. So be it.

Some tech companies are reaching the point of being irredeemable. I don’t think Amazon is there. But I do think its an awfully large commerce engine, barrelling down the information super highway, and it might not be a bad idea for us as consumers to post some speed limits — or for those behind the wheel to tap the brakes every now and then.

Besides, Jeff Bezos is fast becoming a super villain. He doesn’t need any more of my money…

Managing Social Media: Google

The company that started with the motto “Don’t Be Evil” has spent the last decade or so flirting with ideas that are awfully close to evil. That doesn’t mean that the organization is bad — any more than a hang nail means a human being is dying — but Google sure could use a pair of nail clippers.

When GMail first came out, I was ecstatic to get an invite. They were transparent about the trade-off at the time, and we all accepted it as reasonable: Google has automated systems that read your mail so that they can personalize advertisements to your interests. If you send an email to someone about how you burnt your toast that morning, seeing ads for toasters in the afternoon seemed fairly innocuous — even a little amusing! At the time, though, Google’s coverage of your digital life was just search results. Adding e-mail felt natural and not really that intrusive.

Fast forward to today, and what Google knows about you is downright terrifying. They don’t just know where you go on the Internet, they know where you’ve been, how often, and when you’re likely to go there again in the real world. And their influence doesn’t stop at knowledge: because of the virtual monopoly of Chrome, and its underlying tech called Chromium which powers most browser alternatives, Google has started making unilateral decisions about how the Internet should work — all in their favor, of course. They don’t like it when you’re not online, because they stop getting data about you. And it doesn’t matter if you’re not using one of their properties directly, because 70% of the 10,000 most popular Internet destinations use Google Analytics. Its actually a great product; it helps web developers understand their audience and build better offerings — and all Google wants in exchange is to know everything about you.

And let’s talk about YouTube, a virtually unavoidable Google property, full of useful content, and a site that historians might one day determine was a leading cause for the end of our democracy. YouTube is awful — and its entirely by accident. Google deflects privacy concerns by pointing out that the analysis of all this data is done by algorithms, not people. There’s probably no person at Google that actually knows how to gather all the information you’ve given them into a profile of you personally. But there doesn’t need to be: their software is sufficiently empowered to manipulate you in ways you aren’t equipped to resist.

YouTube’s recommendation algorithm has been disowned by its own creator as reckless and dangerous, and while its been tweaked since it was launched on the world like SkyNet, the evil AI from the Terminator movie franchise, and now has human over-seers to guide its machinations towards less destructive content, its still a pernicious and outsized influencer of human thought. Look no further than 2020’s rampant embrace of conspiracy theories for proof positive that recommendation engines are not our friends.

Google set out to do none of these things. I’ve been to their campus, and interviewed for jobs with their teams. To a fault, everyone I’ve met is full of idealism and optimism for the power of the Internet to empower individuals and improve society. I actually still like Google as a whole. But if the Internet is Pandora’s box, Google is the one that pried it open, and can’t quite figure out how to deal with what was inside. Humanity is not inherently good, and accelerating our lesser qualities isn’t having the positive outcome Google’s founders might have hoped for.

So, how do you throw the bath water out, but keep the baby? Can you use Google’s awesome tech, without contributing to the problems it creates? I don’t know, but here’s a few of the ideas we’re trying:

Diversify Your Information Holdings

I’ve said this before, and it bears repeating: don’t put all your eggs in the same basket. If you have a Google Mail account for work, have your personal account with another provider. If you use Google Classroom for school, use OneDrive for your private documents. If you have an Android phone, don’t put a Google Home in your bedroom. This isn’t just good security practice, preventing an attacker from gaining access to everything about you from a single hack, its good privacy practice. It limits the picture of you that any one service provider can make. Beware, though, of offerings that appear to be competitive, but are actually the same thing under the hood. The privacy browser Brave may tell a good story about how they’re protecting you, but their browser is based on Google’s Chromium, so its effectively the same as just using Google’s own browser.

Castrate the Algorithm

The YouTube recommendation engine is getting better. They’ve taken seriously the impact they’ve had, and they have smart people who care about this problem working on it. Until they get it right, though, you can install browser extensions that just turn it off altogether. You can still search YouTube for information you want, but you can avoid the dark rabbit trail that leads to increasingly extreme viewpoints. Choose carefully, because browser extensions are information collectors too — but here again, at least you’re diversifying.

Tighten the Purse Strings

Use an ad-blocker, and contribute less to their bottom line. Ad-blockers are relatively easy to use (again, reputation matters here), and available in multiple forms, from user-friendly browser extensions that can be toggled on-and-off, to nerd-friendly solutions you can run on a Raspberry Pi. We’ve eliminated about 80% of the ads we see on our home Internet by using DNS-level filtering — and its remarkably easy to do.

Do a Privacy Check Up

I’ve been involved in software development for 20 years — data really does make software better — but did you know Google will willingly relinquish older data they have on you? All you have to do is ask. Whether you’re an active Google user, in the form of an Android device or one of their enterprise offerings (like Google Classrom), or just an occasionally searcher with an account, you should take them up on this offer and crank up your privacy settings.

Search Elsewhere

Google is still pretty much the top of heap as far as search results go, but they’re far from the only game in town — and the deltas shrink daily. Bing is remarkably close in the search race, although its backed by an equally giantic corporation that is probably no more altruistic with their data acquisition, and DuckDuckGo does a decent job most of the time. Why not switch your default search engine to something other than Google, and switch back opportunistically if you can’t find what you need?

Check Who’s Watching

Just like Facebook has its fingers in most of the Internet, Google is everywhere. A service called Blacklight lets you plug in the address of your favorite website, then gives you a report on all the data collection services that website is cooperating with. The scariest ones are probably the ones you trust to give you news and information. Use RSS where possible, anonymizers, or different browsers for different purposes… which brings me to my final suggestion.

Stop Using Chrome

Oh man, I could go on for pages about how scary Google’s control over the Internet has gotten — all because of Chromium. If you’re old enough to remember all the fears about Microsoft in the 90s, this should all seem familiar. Just like the PC was Microsoft’s playground, and anyone who tried to compete was in danger of being crushed under the grinding wheel of their ambition, the world wide web has become Google’s operating system, and Chrome is the shiny Start Menu that graced every screen. Everything uses Chromium, even Apple’s browser, and Microsoft’s new Edge. It allows Google to basically dictate how the Internet should work, and while their intentions may be mostly good, the results will not be. I’m practically pleading with you: install Firefox and use it as your default browser; switch to a Chromium-based browser only when you have to.

If I sound like a paranoid old man by now, I’ve earned it. I’ve literally been working on the Internet my entire career — my first experiments in web development date back to 1996. I love this thing called the web, and generally Google has been good for it. But a democracy isn’t democratic if its ruled by dictator, and the Internet isn’t open if its entirely controlled by Google. As citizens of cyberspace, you own it to your community to help it stay healthy, and as individuals, you owe it to yourself to practice safe web surfing.

Managing Social Media: Facebook

The Delete Facebook movement has been around for a while now, and I have to admit, the idea is tempting. The downside of allowing a single company to have such an outsized view into our lives has become increasingly obvious, while the benefits have dwindled. By design, Facebook is more than just a social network – its evolved over the years to become something of an Internet hub. Sure, there’s a lot less people playing Farmville, but it’s still the closest thing to a ubiquitous messaging platform we have on the Internet, so it’s hard to just turn it off. Short of writing a letter and putting it in the mail, Facebook is the one place where I can get a message to most of my extended family. And there are things to be said too (both good and bad) about Facebook Groups, where strangers with common interests can meet and create connections — most of my hobby projects have been significantly helped by members of one Facebook group or another.

So quitting Facebook might be going a little too far for most of us, but maybe putting some limits on Facebook’s reach can help. Here are some easy steps you can take to control Facebook’s visibility into, and impact on, your digital life.

Delete the App from your Phone… Then Put it Back

Facebook’s mobile app, whether on Android or iOS, has a staggering privacy impact. Except on the latest OS versions, most of these permissions, once granted, are permanent, and accessible in the background. Recent improvements to underlying platforms have revealed numerous “bugs” that have all the appearance of spying on users – even while the app is not in use. For example, Facebook helpfully asks for access to your Address Book to facilitate “finding friends” but can use that information at will to quietly strengthen its social graph (the powerful database that makes Facebook so interesting to advertisers and political parties.) Recently a former engineer reported that Facebook experimented with uploading all your pictures in the background to “improve performance” when you chose to post a picture on their site.

Obviously, it’s nice to have your social network in your pocket – it’s convenient and helps pass the time. But, giving away all your personal data seems foolish. Fortunately, there is a work-around, and its actually quite nice. By design, your mobile web browser is a “sandbox” – websites can’t get the same permissions as Apps can, so they’re intrinsically safer. And to make it more convenient, both Android and iOS allow you to “pin” a website to your home screen so that you can launch it just like an App. The experience is slightly diminished from the full App, but its remarkably elegant, and significantly less intrusive.

The process is slightly different for each platform, but it amounts to:

  • Open Facebook in a web browser
  • Find the browser’s menu, and choose the option to Pin to your Home Screen
  • Find the new Facebook “App” icon on your Home Screen and launch from there
  • Use Facebook more-or-less as normal

A nice side effect of this change is that Notifications go away. You can always launch the “App” to see what’s new, but you won’t get things pushed to you constantly. Facebook Messenger is a separate app, which seems to have less privacy issues, so it can remain installed to allow message notifications.

Put Facebook in a Box

This tip applies to both your phone and your laptop or desktop computer, although the process is a little different. It requires you to get used to having multiple web browsers – and keeping Facebook in a secondary one.

Firefox believes that good fences make good neighbors

My strong recommendation is to use Firefox as your daily driver – it has an extension that can limit Facebook’s reach automatically. Chrome and Edge both are reasonable for privacy, Brave is better, but in other ways all of these browsers contribute to Google’s unreasonable control over the evolution of the Internet – but I’ll get to Google in another post. Suffice it to say, choose your main web browser and make sure you’re signed out of Facebook (and Instagram) completely on it. When you visit facebook.com from that browser, you should get prompted to sign-in – otherwise, assume Facebook is tracking you all over the web.

(Update: if you have to have Chrome, check out these extensions to help keep you safe.)

Facebook uses a browser fingerprint it establishes when you sign-in to their site, combined with tracking that same fingerprint detected through their pervasive advertising network, to piece together your browsing history — this is why Facebook ads seem like they’re reading your mind: they really do know everything you do online. Never use “sign in with Facebook” to log into a non-Facebook website or service. This is another way they track your activity. Your main web browser should be anonymous to Facebook at all times.

Once you’re confident that your primary browser is Facebook free, install and setup a secondary web browser that can be signed in with Facebook. Use this secondary browser for your Facebook community, and limit other web surfing. On a computer this is really easy – your computer comes with a web browser that should be your secondary browser:

On a phone this is a little harder, because you can’t completely change the default browser – the built-in engine will still handle embeds and links no matter what you do. But you can still follow the same pattern – create the Home Screen shortcut “App” using the built-in browser and install another browser to do most of your surfing.

Prune Your Timeline

Aside from its privacy issues, Facebook also functions as sewage run-off for some of the Internet’s worst information pollution. Political viewpoints turn angry during an election year (or pandemic) and sometimes it gets to be a little much. You may learn things about your social network that you wish weren’t true – or maybe you just need a break from all the memes.

Sometimes you have no choice but to just remove connections (de-friend people) if they won’t listen to reason. But often a genuinely decent person has just listened to a little too much Fox or NBC News and you need to take a break from the partisanship. It’s OK to “snooze” people or unfollow them. This allows you to stay connected, without having to get inundated with their ideology.

I don’t mean to suggest we shouldn’t hear ideas and perspectives that are different from ours – in fact, I believe it’s healthy to hear both sides of a debate… as long as both sides are rational, thoughtful and based, at least in part, on objectively verifiable reality, or reasoned interpretations of events. But not all opinions are created equal, and not all sources of information are valid. I’d advocate first for a loving attempt to reason, out of concern for a friend, but I’d also advocate (especially as my kids are moving into an online world) for a limitation of the pollution you expose yourself to online.

The Facebook timeline algorithm is tweaked for engagement (sucking you in) and for maximizing advertising impressions (keeping you on the site so you see more ads). It’s not a good source of information, any more than if everyone in town went to the same park and all started shouting our opinions at each other. Prudently manage who and what shows up on your timeline, or ignore the timeline entirely, in favor of personal interactions or Facebook groups that are healthy for you.

Set App Timers

If you use the Facebook app, or a dedicated browser, both Android and iOS will allow you to limit your time in those apps. You can use this for any App that you find yourself mindlessly scrolling through more than you want to. In iOS, it’s called “Screen Time”, in Android it’s called “Digital Wellbeing”, but in either case you can find it in Settings, and easily set a timeout in minutes per day. Of course, you can over-ride it if you need to, but it’s a good reminder to manage what you’re consuming in a given 24 hour period, and make sure you’re including other interactions and sources of information.

Protecting Your Brain

We don’t let our kids use social media yet – their brains are still forming, and they don’t have all the tools they need to discern what they may read online. But adults aren’t immune from the cognitive biases that can trick our brains into unhealthy patterns. Facebook is a relatively new kind of media – one that empowers peer-to-peer sharing and information dissemination much faster than what we had a generation ago. It has many incredible benefits but inherits all the same problems of previous kinds of media, while introducing a slew of others that humanity isn’t really equipped yet to understand. There are efforts underway to understand and improve how this kind of media works, but until those things mature and inform the evolution of the Internet, it’s up to us as users to think about and manage how we interact with technology and other people using it.

How to Read the News Online

This post is probably long overdue. I’m guilty myself of scrolling through Google News and letting an algorithm decide what I should see. But now, more than ever, its important to get the best information possible. Outlined here will be my attempt to provide some tips to escape the echo chamber, see past ideological spin, and find better sources of information online.

I should start with the caveat that of course this isn’t perfect. But its preferable to the norm…

App and website developers build for “stickiness” — that’s a primary goal. The longer they can keep you inside their experience, the more you are worth to them. That worth is often in advertising dollars, but its always in data: user and behavior information that lets providers create better personas (digital “voodoo dolls“) of their audiences. To restate that more clearly: the main goal of your favorite news app or website is not to inform you — its to make money off you. The longer you stay inside their experience, the more you are worth to them.

With this in mind, its easy to understand how content is created and prioritized. Content creators want to develop content that is interesting to their audiences. Content selection algorithms want to provide content that you resonate with — even when that’s not good for you. The “news” system is designed to affirm your biases, and reinforce the beliefs that brought you there.

Even information aggregators, like Facebook, YouTube and Twitter are running algorithms trying to find what you like and give it to you. They’re everywhere, and they’re cloyingly sycophantic. About once a day Google News offers me a bikini pic of a celebrity along-side other headlines — they know I’m an adult male, and they’re sure I want to see that content. All it takes is one tap to confirm that interest, and tip the algorithm toward more of it.

So if you’re ready to escape the fun house mirror that is Internet news, here’s what to do:

  1. Dump your current News app or go-to website. Google News, Apple News, MSN News, Fox News, CNN news… whatever you use, its all the same. I’m not even talking network bias yet, I’m just talking about algorithm-driven content providers. They’ve all got to go.
  2. Identify raw sources. In the US almost all news comes from the Associated Press first. Each network gets those stories, and puts their own ideological spin on that news. Skip the spin, and find the source: AP, and Reuters are both good for North America.
  3. Identify alternative sources. I’m not talking about fringe sites with extreme beliefs, I’m talking about a source of news that is further removed from the reach of your country’s political parties. In the US, the BBC or the CBC are reasonably impartial observers of what’s happening in your country. Find world news sources that aren’t reported from within your country — you’ll still get the big news items, but the context will be improved.
  4. Once you’ve selected better news sources, find their RSS feeds. OK, I know that sounds like techno-babble, so let’s break out of the numbered list and explain…

RSS stands for Really Simple Syndication (or Rich Site Summary), and its been a backing technology for the web since 1999. If you listen to podcasts, you use it regularly. An RSS feed is just the content from a site, none of the ads, none of the tracking technology, and none of the algorithms. Just the raw content.

Increasingly sites are hiding or obscuring their RSS feeds, because they want you on their site in your browser or on their app, so they can track you. But so far, no one has succeeded in removing it entirely. If you’re technically inclined, you can use tools in your browser to find the feed URL, but if not, there’s easier ways to get it.

I use a service called InoReader. They have a pro version, but the free one has everything you need to search for RSS feeds from the news sources you trust. Once you create an account in InoReader, you can add your selected news sources directly. The content is sucked out of the site via RSS, in aggregate, anonymously and automatically, then made available at the InoReader website or on the InoReader app on your phone or tablet, in a neatly organized fashion. Its a curated news stream that breaks the algorithms that taint the information you’re getting.

InoReader’s RSS Based News Feed

Like I said, its not perfect. InoReader knows what you’re reading — but because it serves raw feeds, it can’t alter them without detection (you can always look at the RSS directly to see if they’re changed; in 4 years of monitoring, I’ve never seen it happen.) Another challenge is that sometimes news sites only publish the first sentence or two into their RSS feed, and you have to click through to their website to read the whole article — but when you do, you can visit as a signed-out, anonymous reader (there are other work-arounds, for those comfortable with deploying a little open source software.) And of course, your critical thinking skills are always needed for any media you consume.

But even with the challenges, and the little bit of extra work it takes to make good selections, the difference is night-and-day. Do this for awhile, then compare the real headline with the liberal and conservative spin carried by other sources, and you’ll realize just how bad things are.

The dangers of the filter-bubble are real, and the increasing polarization in the US (and Canada too!) is a very real result. If you’re going to use technology, you should use it responsibly. The onus is on you to consume information that challenges your beliefs, educates you, and makes you more empathetic toward people who are different than you. Popular “news” technology does the opposite.

Update 10/5/2020: Associated Press feeds are increasingly difficult to find. This person has a solution — scroll to the bottom of his associated-press-rss repo to find a working URL.

Getting to Know Your Digital Voodoo Doll

Cambridge Analytica LogoIf the Cambridge Analytica scandal told us one thing, its how poorly people understand how data is being used. Although the folks at CA may not have had the most altruistic of intentions, they were really only exploiting what was freely available. That they used some data Facebook didn’t intend them to use doesn’t change the fact that the data was there for the taking. People volunteered it willingly, so it was inevitable that it would be put to use.

What is probably less clear in this tale of targeting was that they weren’t really targeting you or I. Rather, the technology allowed them to identify what kind of people we are like, and target people of that kind. This aggregate group identity makes up a persona — a fictional person that has traits and attributes, gathered from the self-provided data of real people, that are useful for addressing many actual individuals that are similar to that persona.

This is not new. In fact, in programming, type inheritance is a powerful concept that is useful for generalization. What’s new in the last decade or so is the volume of self-identified human data, and a few primary keys that allow that data to be associated with unique donators. Lots of web sites have data on you as a mostly anonymous visitor. There’s identifying information, for sure, but nothing you deliberately confirm or setup, so its a “weak link”. When a website requires you to create an account, then they truly have uniquely identifying information for tracking you within the properties that account uses. Facebook is mostly unprecedented because of the scope of that account. As an identifier, its used far beyond the actual Facebook website — its used on other Facebook properties (WeChat, Instagram) and on millions of partner sites that use Facebook log-in, or Facebook data sharing (when you see “Like on Facebook” on a website that is not Facebook, they are sharing data using your identity as a key.)

The effect is that activities spanning the web are opted-in to Facebook data collection, whether you’re aware of it or not. Suddenly a single primary key has a rich repository of information about billions of individuals. Realistically, it would take an incredible effort to actually target a single individual, but it does become very easy to group individuals based on activity. Individuals who “Like” a Republican candidate, individuals who participate in discussions about vaccinations, individuals who view religious videos, etc…

The field of psychographics is the emerging social science of identifying groups based on these common activities, then determining what methods are most effective at influencing the individuals within those groups. Facebook helps out even more, due to a built-in concept called Graph Relationships. These are the links between individuals that can be used to tie people to groups even if those linked individuals provide no explicit data that identifies them as part of the group. You may not have shown any visible interest in a particular political candidate, but if you’re linked to many people who have, you may find yourself targeted as part of that group.

https://www.businessinsider.com/explainer-what-exactly-is-the-social-graph-2012-3

This self-identification increases with your social network, and with your activity. If you’ve seen ads for something you recently thought about (but could swear you didn’t write down or say out loud) the odds are good that you’ve been targeted based on your activities or affiliations, and advertisers “knew” you would be interested in that product or service, because other people like you are interested in it.

I recently saw this concept described as a digital voodoo doll, and the analogy is apt. Advertisers and other influencers aren’t interacting with you directly, instead they’ve created an avatar that is like you, they’ve experimented to determine how best to impact those like you, and then they’ve launched their digital onslaught against the group. When the voodoo doll gets really precise, its called micro-targeting, and you really should be scared of it.

So what can you do about it? Well knowing the importance of identifier keys, you can participate in the web more strategically. It may be easier to sign up for a new service with your Facebook account (keeping track of multiple passwords is hard!), but know that when you do, Facebook gets all that data. Use different keys (new accounts) for different services, to reduce the chance of your activity being linked. You don’t have to quit Facebook entirely, but be careful what you indulge within their scope of view.

On that topic, there are ways to keep fences around that garden. FireFox has an extension that does just that — blocking Facebook tracking on sites not owned by Facebook. The same cautions should apply to any service whose tendrils extend beyond their own .com front-end. Microsoft, Amazon, Google all offer useful developer tools for web creators — in exchange for data collected from those sites. Diversify your digital activity: use different services for different features, and don’t mix and match. For example, Microsoft hosts our email, but not our voice commands. Amazon gets our voice commands through Alexa, but doesn’t store any of our documents. Opt out of data collection when given the choice.

As tech providers find newer, more clever ways to collect data, and the legal framework struggles to keep up, be aware of how you’re inevitably being targeted. Information is neutral — it doesn’t have a bias. Human beings, on the other hand, are biased. If something is presented as information but appeals to your natural bias, question the source — odds are that you’re being manipulated.

The dream of the Internet was that information could be shared instantly and freely with everyone. Those altruistic nerds that invented it may have forgotten that someone has to pay for technology somehow, and perhaps unknowingly, we backed our technology revolution into an ad-supported model. Being willing to pay for content that isn’t ad sponsored seems to have a tendency to inspire a little less subterfuge in the content provider. If you want to learn something new, or engage with a community on a topic, consider private online services — even those that aren’t free, or require a little more work.

There’s no quick fix for Facebook, or Google or even Apple. To make the Internet a better place, its citizens must be aware, involved and active. You can be online without responding to your baser instincts for affirmation or attention, but if you find the dopamine rush too irresistible, you might be better off closing those accounts after all…

Internet Safety – a moving target

When you visit a webpage, you might think of its address, like www.cnn.com. That address isn’t really an Internet address though. It’s a domain name — a friendly and memorable shortcut for an Internet Protocol (IP) address. That kind of address is made up of four groups of numbers, called octets. CNN’s actual address (today) is 151.101.1.67. That’s what your browser really goes to.

The mechanism the browser uses to look up the number from the shortcut is called DNS, or Domain Name System. One of the most resilient and important parts of the Internet, DNS is often provided by your Internet service, whose own servers sync with other DNS servers around the world, providing a distributed system of record — a phone book, if you’d like, for instant address look-ups.

Importantly, DNS is first provided by your computer (or mobile device) that forwards DNS requests from the browser, to your router or modem, which forwards the request to your Internet provider, etc… If you don’t like your Internet provider’s answers (or the speed with which they answer), you can choose a different DNS provider by making a configuration change downstream (eg: on your router, or on your computer.)

This “chain of trust” allows organizations to filter the Internet within the network they provide internally. If an organization doesn’t want its members to visit a website (like pornography) they can insert DNS records locally that prevent the request from actually finding that website.

This is also the basis of many parental controls systems. They keep a list of addresses kids probably shouldn’t go to, and all you have to do is configure your local environment to use the parental controls DNS server, rather than a public unfiltered one. This chain, and the ability for administrators to control the chain, is a part of how the Internet was designed: the browser asks the computer, the computer asks the router, the router asks the network provider, the network provider asks the rest of the Internet.

Last year, Mozilla (makers of the FireFox browser) decided to experiment with breaking that chain of trust. Instead of the browser asking the PC (and so on), they decided maybe the browser could go around the chain, and just ask someone that Mozilla decided to trust. They claim this makes people safer, since they can encrypt that request, using a non-standard approach called DNS over HTTPS (DoH). The effect is that intentionally crafted trust chains will be broken. Fine as an experiment, but this month they decided this behavior would be the default for all FireFox users. If you don’t know how to work around it, your parental controls are effectively disabled.

And working around it is possible — but not easy. Because this is not a standard, or even an accepted RFC (the process by which the Internet is evolved through review and consensus), Mozilla gets to impose arbitrary hoops you have to jump through to disable it. The easier they are for you to implement, the easier they are for someone to defeat.

And Mozilla isn’t the only browser maker messing with trust on the Internet. I’ve written before about Google’s attempts to re-make the ‘Net in their own image.

So, how can you filter the Internet at home while bigger groups than you and me are hard at work funneling all traffic through bastardized versions of the Internet where they can monetize your queries? As of late 2019, here’s what still works — and my best guess about how long it will continue to work…

Circle with Disney – another 1-2 years
Circle is a device that you put on your WiFi network that filters actual traffic. Below DNS is the actual routing of data from a website to a device. This path is managed via ARP (Address Resolution Protocol) tables, which tell your router how to get traffic to a given device. Circle needs to know which devices on your network belong to a child (which is a bit of a pain to setup), then it can stop traffic that’s not appropriate.

Unfortunately, Circle is abandoning the one-time purchase device, in favor of a device+service model that will cost you more. If you can still find them, the original Circle is less than $100, and really works well. It also lets you set time limits and curfews from a reasonably friendly app on your phone.

PiHole + OpenDNS – 3-5 years
PiHole is a tiny service that runs on a Raspberry Pi. In total it’ll cost you about $50 to set this up on your network. Once the Pi is built and running, you can install PiHole in a couple seconds, and tell it to use OpenDNS as your upstream DNS provider (instead of your Internet provider.) Then tell your router to use the Pi as a DNS server — your own chain of trust. You can then use the OpenDNS website to determine what kinds of web pages should be allowed within your home network.

It sounds complicated, but its really not too hard, and because its actively being developed, they’ve been able to stay on top of changes, like Mozilla just made. As of today, they’ve implemented one of the work-arounds for DoH, that tells the browser not to trust any other DNS provider. Eventually Google is going to realise there’s an untapped data source here, and move to eliminate competition from parents who want to protect their kids. But for the near future, this works well.

Mobile Device Parental Controls – constantly changing
The best phones for parental controls are iPhones… personal preference aside. The Screen Time feature lets you set a PIN and access control for many things on the device. Unfortunately, you need regular physical access to configure and change these settings, which appear and disappear through different OS versions. This obviously requires parents to keep a certain amount of hands-on with their kids devices.

Apple has an app called Apple Configurator that allows you to setup a number of Supervision controls over the device remotely — but they’ve intentionally limited that capability so only organizations (schools or businesses) can use it. They actually research you to determine if you should be allowed to Supervise users before you can use the feature with kid’s devices — presumably they’re monetizing this somehow, because there’s no reason this shouldn’t be free to everyone.

Amazon has a number of features for parental control and monitoring on their tablet devices (yours truly was responsible for some of them), but with each version of their OS, they make those harder to find and use.

Our kids don’t have their own phones…yet. We have one “kid phone” that they can check out if they’re going to an event where we’re not with them — but its locked down tight. Still, their friends all have phones, and the pressure is on. Soon enough, I guess I’ll be trying out some parental control apps, to see what works best outside the home. Any suggestions?