I’ve been slowly listening through The Heart, which is a podcast of personal documentaries and essays. The episode ‘No: Inheritance‘ is a hard listen: it’s the sound of saying, and ignoring, the word “no”‘. The episode is a re-telling of two cases where the host’s utterances were ignored; one is dramatized, the other a recording of the event.
Throughout the episode the host ruminates on what consent is, and was, and how it was understood, and why her consent was ignored. It digs into the anger, shame, and strategies that she and other women adopt in response to men ignoring the word “no”. It sketches out why some women just let things continue and the mental traumas that follow.
These are the kinds of stories that men need to hear. They need to sit and listen, carefully, so that they can appreciate the concerns and traumas that many women have either experienced themselves or worry about experiencing in the future. It’s episodes like this that make it very clear how important it is to regularly obtain consent and to respect the decisions that are made by one’s partner regardless if they’re a partner for a night or for the rest of your life.
I shifted over to this domain name, and WordPress environment, a little over eight months ago. In addition to moving multiple years of content I also committed to at least one post a week though, ideally, would post many more than that!
I’ve been largely successful with meeting those goals. As such, I’ve been able to maintain a regular personal writing habit. It’s also meant I’ve locked down some of my ruminations and thoughts so that I can reflect on them later on down the line.
However, there are some things that I’m not entirely happy with. First, I’ve been privately writing small ‘reviews’ of books and movies but haven’t gotten around to posting them here. Part of that is wanting to do them ‘well’ and the other reason is that I’m trying to decide if I should have posts and then a master page that links to the posts, or just posts, or just a page. But expect that to be figured out pretty soon.1 I also really like the idea of putting up a gear/software list of things that I routinely use, and want to steal an idea from a friend of mine who posts the podcasts that she’s really into at any given time. And I want to put some thought into developing a public blogroll, likely based on the RSS feeds that I consume, though I admit that I’m not entirely sure of the utility of blogrolls in this day and age.
The reason for contemplating these changes to some of the content and structure? Mostly because I think I can move more of my writing to this location; there’ve only been a few times that I thought I was getting too ‘close’ to mimicking the work on my professional web presence or private journal, and even then the tone was sufficiently different that it belonged here as opposed to those other locations. But I’m also motivated to modify some of the content here because I want what I write to be interesting and useful for other people; I often find that bloggers’ reviews and insights about the things they use are the only way that I discover the existence of certain tools, products, workflows, and cultural items. So I want to give back to others, just as they have freely given to me and everyone else who visits (or has visited) their sites.
I spent some time this week writing about a recent proposal to significantly weaken the security of the devices we carry with us on a daily basis. In short, I think that the proposal:
doesn’t address the real technical or policy problems associated with developing a global backdoor system to our most personal electronic devices. Specifically the architect of the solution overestimates the existent security characteristics of contemporary devices, overestimates the ability of companies to successfully manage a sophisticated and globe-spanning key management system, fails to address international policy issues about why other governments couldn’t or wouldn’t demand similar kinds of access (think Russia, China, Iran, etc), fails to contemplate an adequate key revocation system, and fails to adequately explain why why the exceptional access system he envisions is genuinely needed.
Device security, and especially efforts to weaken it, fundamentally raises technical and policy issues. Neither type of issue can be entirely divorced from the other, and it’s important to recognize that the policy issues are both domestic and international; failing to address them both, at the same time, means that any proposal will almost certainly have terminal weaknesses.
Inspiring Quotation of the Week
“Do not let anything that happens in life be important enough that you’re willing to close your heart over it.”
Steven Levy has an article out in Wired this week in which he, vis-a-vis the persons he interviewed, proclaims that the ‘going dark’ solution has been solved to the satisfaction of (American) government agencies and (unnamed and not quoted) ‘privacy purists’.1 Per the advocates of the so-called-solution, should the proposed technical standard be advanced and developed then (American) government agencies could access encrypted materials and (American) users will enjoy the same degrees of strong encryption as they do today. This would ‘solve’ the problem of (American) agencies’ investigations being stymied by suspects’ adoption of encrypted communications systems and personal devices.
Unfortunately Levy got played: the proposal he dedicates his article to is just another attempt to advance a ‘solution’ that doesn’t address the realtechnical or policy problems associated with developing a global backdoor system to our most personal electronic devices. Specifically the architect of the solution overestimates the existent security characteristics of contemporary devices,2 overestimates the ability of companies to successfully manage a sophisticated and globe-spanning key management system,3 fails to address international policy issues about why other governments couldn’t or wouldn’t demand similar kinds of access (think Russia, China, Iran, etc),4 fails to contemplate an adequate key revocation system, and fails to adequately explain why why the exceptional access system he envisions is genuinely needed. With regards to that last point, government agencies have access to more data than ever before in history and, yet, because they don’t have access to all of the data in existence the agencies are claiming they are somehow being ‘blinded’.
As I’ve written in a draft book chapter, for inclusion in a book published later this year or early next, the idea that government agencies are somehow worse off than in the past is pure nonsense. Consider that,
[a]s we have embraced the digital era in our personal and professional lives, [Law Enforcement and Security Agencies] LESAs have also developed new techniques and gained additional powers in order to keep pace as our memories have shifted from personal journals and filing cabinets to blogs, social media, and cloud hosting providers. LESAs now subscribe to services designed to monitor social media services for intelligence purposes, they collect bulk data from telecommunications providers in so-called ‘tower dumps’ of all the information stored by cellular towers, establish their own fake cellular towers to collect data from all parties proximate to such devices, use malware to intrude into either personal endpoint devices (e.g. mobile phones or laptops) or networking equipment (e.g. routers), and can even retroactively re-create our daily online activities with assistance from Canada’s signals intelligence agency. In the past, each of these kinds of activities would have required dozens or hundreds or thousands of government officials to painstakingly follow persons — many of whom might not be specifically suspected of engaging in a criminal activity or activity detrimental to the national security of Canada — and gain lawful entry to their personal safes, install cameras in their homes and offices, access and copy the contents of filing cabinets, and listen in on conversations that would otherwise have been private. So much of our lives have become digital that entirely new investigative opportunities have arisen which were previously restricted to the imaginations of science fiction authors both insofar as it is easier to access information but, also, because we generate and leave behind more information about our activities vis-a-vis our digital exhaust than was even possible in a world dominated by analog technologies.
In effect: the ‘solution’ covered by Levy doesn’t clearly articulate what problem must be solved and it would end up generating more problems than it solves by significantly diminishing the security properties of devices while, simultaneously, raising international policy issues of which countries’ authorities, and under what conditions, could lawfully obtain decryption keys. Furthermore, companies and their decryption keys will suddenly become even more targeted by advanced adversaries than they are today. Instead of even attempting to realistically account for these realities of developing and implementing secure systems, the proposed ‘solution’ depends on a magical pixie dust assumption that you can undermine the security of globally distributed products and have no bad things happen.5
The article as written by Levy (and the proposed solution at the root of the article) is exactly the kind of writing and proposal that gives law enforcement agencies the energy to drive a narrative that backdooring all secure systems is possible and that the academic, policy, and technical communities are merely ideologically opposed to doing so. As has become somewhat common to say, while we can land a person on the moon, that doesn’t mean we can also land a person on the sun; while we can build (somewhat) secure systems we cannot build (somewhat) secure systems that include deliberately inserted backdoors. Ultimately, it’s not the case that ‘privacy purists’ oppose such solutions to undermine the security of all devices on ideological grounds: they’re opposed based on decades of experience, training, and expertise that lets them recognize such solutions as the charades that they are.
Footnotes
I am unaware of a single person in the American or international privacy advocacy space who was interviewed for the article, let alone espouses positions that would be pacified by the proposed solution. ↩
Consider that there is currently a way of bypassing the existing tamper-resistant chip in Apple’s iPhone, which is specifically designed to ‘short out’ the iPhone if someone attempts to enter an incorrect password too many times. A similar mechanism would ‘protect’ the master key that would be accessible to law enforcement and security agencies. ↩
Consider that Microsoft has, in the past, lost its master key that is used to validate copies of Windows as legitimate Microsoft-assured products and, also, that Apple managed to lose key parts of its iOS codebase and reportedly its signing key. ↩
Consider that foreign governments look at the laws promulgated by Western nations as justification for their own abusive and human rights-violating legislation and activities. ↩
Some of the more unhelpful security researchers just argue that if Apple et al. don’t want to help foreign governments open up locked devices they should just suspend all service into those jurisdictions. I’m not of the opinion that protectionism and nationalism are ways of advancing international human rights or of raising the qualities of life of all persons around the world; it’s not morally right to just cast the citizens of Russia, Ethiopia, China, India, Pakistan, or Mexico (and others!) to the wolves of their own oftentimes overzealous or rights abusing government agencies. ↩
On the one hand I feel foolish for not realizing until now that A Perfect Circle is fronted by Maynard James Keenan (Tool’s frontman). On the other hand it explains why I’ve always enjoyed A Perfect Circle’s albums so much.
Related: Eat the Elephant is a really terrific album that I’ve been listening to almost non-stop since it came out on Friday.
Earlier this year, I suggested that the current concerns around Facebook data being accessed by unauthorized third parties wouldn’t result in users leaving the social network in droves. Not just because people would be disinclined to actually leave the social network but because so many services use Facebook.
Specifically, one of the points that I raised was:
3. Facebook is required to log into a lot of third party services. I’m thinking of services from my barber to Tinder. Deleting Facebook means it’s a lot harder to get a haircut and impossible to use something like Tinder.
At least one company, Bumble, is changing its profile confirmation methods: whereas previously all Bumble users linked their Facebook information to their Bumble account for account identification, the company is now developing their own verification system. Should a significant number of companies end up following Bumble’s model then this could have a significant impact on Facebook’s popularity, as some of the ‘stickiness’ of the service would be diminished.1
I think that people moving away from Facebook is a good thing. But it’s important to recognize that the company doesn’t just provide social connectivity: Facebook has also made it easier for businesses to secure login credential and (in others cases) ‘verify’ identity.2 In effect one of the trickiest parts of on boarding customers has been done by a third party that was well resourced to both collect and secure the data from formal data breaches. As smaller companies assume these responsibilities, without the equivalent to Facebook’s security staff, they are going to have to get very good, very fast, at protecting their customers’ information from data breaches. While it’s certainly not impossible for smaller companies to rise to the challenge, it won’t be a cost free endeavour, either.
It will be interesting to see if more companies move over to Bumble’s approach or if, instead, businesses and consumers alike merely shake their heads angrily at Facebook’s and continue to use the service despite its failings. For what it’s worth, I continue to think that people will just shake their heads angrily and little will actually come of the Cambridge Analytica story in terms of affecting the behaviours and desires of most Facebook users, unless there are continued rapid and sustained violations of Facebook users’ trust. But hope springs eternal and so I genuinely do hope that people shift away from Facebook and towards more open, self-owned, and interesting communications and networking platforms.
Thoughtful Quotation of the Week
The brands themselves aren’t the problem, though: we all need some stuff, so we rely on brands to create the things we need. The problem arises when we feel external pressure to acquire as if new trinkets are a shortcut to a more complete life. That external pressure shouldn’t be a sign to consume. If anything, it’s a sign to pause and ask, “Who am I buying this for?”
I think that the other reasons I listed in my earlier post will still hold. Those points were:
1. Few people vote. And so they aren’t going to care that some shady company was trying to affect voting patterns.
2. Lots of people rely on Facebook to keep passive track of the people in their lives. Unless communities, not individuals, quit there will be immense pressure to remain part of the network. ↩
I’m aware that it’s easy to establish a fake Facebook account and that such activity is pretty common. Nevertheless, an awful lot of people use their ‘real’ Facebook accounts that has real verification information, such as email addresses and phone numbers. ↩
In my ongoing efforts to better understand myself, I’ve been listening to some of the early episodes of Gary Dunn’s podcast, Bad With Money. These episodes tend to focus on the narratives around money that have guided how she lives her life, where she learned them from, and how to overcome them, and have entailed conversations between her and her parents, her boyfriend, and with a financial psychologist and her sister.
What she’s learned, and how information is presented, has often resonated with my own experiences growing up in a family that went from middle-class, of upper-lower class, and then has split along a series of different lines as I’ve grown older. A lot of the conversations focus on how what her parents did with money while she was growing up subtly informed how Gaby, herself, has approached money as a result. And it’s gotten me thinking about the money narratives that I learned from my dad (generally really bad) and my mom (not super-terrific).
Of course, listening to some podcasts isn’t going to correct the narratives that have built up in my own head over the past several decades (e.g. debt is normal to have and carry, retirement savings are almost impossible, you should enjoy the benefits of your work now instead of later) but they do help to make explicit some of the challenges I know I need to overcome. Some of the conversations she’s had with her guests have been more or less insightful but, in aggregate, they’re useful because she uses such natural language to approach financial questions and issues that pervade many people’s daily lives. This natural language matters because it makes very clear that the show isn’t about an expert from on high explaining reality but, instead, involves the self-discovery of Gaby (and through her some discovery of the precise questions I need to ask myself). Her narratives and my own are not the same but the questions, on their own, are sufficient to jumpstart internal introspection.
The interviews she conducts are also helpful because so few people talk about financial mindsets in public that it’s hard to hear, let alone understand, the money narratives that different people hold. Through that act of listening I can better identify and situate my own narratives and ascertain what is normal, abnormal, and what needs to be corrected or remain the same. Dunn’s podcast is definitely only an early starting point but, regardless, it’s super helpful for people who don’t want to invest money but, instead, want to invest in themselves and their personal development.
On the same track of ‘podcasts I’ve listened to’ over the course of the past week, Dear Sugars has had a really good (if hard) series of episodes on consent in sexual relationships. The women who are submitting the questions are incredibly brave for presenting their experiences, and the hosts of the show are incredibly kind and nuanced in their analyses of what has taken place in their own pasts and in the lives of their letter writers. I care deeply about ensuring that all relationships — sexual or not — are consensual and these podcasts have given me insights to the challenges facing women that I may never have fully appreciated before listening to this series of episodes.
Insightful Quotation
One of the defining things about the nature of ideas is just how fragile they are: when you’re not sure whether some-thing is going to work, the idea is vulnerable. Part of protecting the idea is to be careful about who you show it to; premature criticism can shut something down that perhaps deserves more of a chance.
GQ has a good interview with Yvon Chouinard, the founder of Patagonia. It’s far-ranging, covering the company’s attitude to making clothing, to climate change, to politics. But what really struck me was this:
Gradually, the conversation went even darker. About Trump, Chouinard added, “It’s like a kid who’s so frustrated he wants to break everything. That’s what we’ve got.” I asked sarcastically if any part of him was an optimist. Marcario, sitting next to him, laughed loudly. “Did you just ask Yvon if he’s an optimist?” Chouinard smiled and cocked his head. “I’m totally a pessimist. But you know, I’m a happy person. Because the cure for depression is action.”
I would note that I think action is the cure for pessimism, as opposed to depression; one is a state of mindset whereas the other is often a serious mental condition that can require professional assistance. But that nitpick aside, I think he’s correct that you press through pessimism by acting to make the world a little bit better every day than how you started it.
Photographing something that captures the situation you’re in emotionally and in life, while reflecting something about wherever you are in space, can be a deeply revelatory experience. When I try to take such shots I’m often alone with just some music or podcast and a camera, and exploring areas that are sometimes brand new and other times are well tread shooting grounds. Sometimes I want to get a particular ‘feeling’ — one that, only afterwards, I tend to realize reflects where I was emotionally at the time — and other times I want to deliberately try to shoot for a certain kind of colour, shadow, or pattern. Quite often, it’s only after looking at photos taken during the session that I realize that a certain kind of emotion was really behind my shooting choices.
If I’m being honest, the experiential nature of photography really only hits me as I look through my photos, after taking them, after processing them, and after I set them to display through my TV (my ‘best of’ photos are my Apple TV’s screensaver). I need to see them, repeatedly, in order to appreciate what is in them. Sometimes it’s months before I really realize what was really going on in a given photo. Sometimes, even years later, I may know that particular shots are important to how I was at the time but still can’t quite describe why I know this to be the case. I can (at least somewhat) deconstruct the technical elements of the photos but can’t necessarily also identify the meaning of the photo I took.
At the same time, there are times when society asserts that I “should” want to hunt for photos, but I’m disinterested in doing so because I don’t want to try and capture the emotional or physical space I’m in, in the amber that is a photograph. Sometimes I want to ride out experiences; rather than hold onto them in perfect perpetuity, I want to leave them in the malleable space of human memory with the knowledge that how I remember the past will inevitably change over time as the temporal distance between my current existence and that memory grows and extends. Sometimes I want to experience to grow and contract, through and with me, instead of act as a defined anchor to a given time or place.
It’s that difference — between choosing to hold times in the amber of a photo versus storing it purely in the mind — that I’ve been mulling in my mind for the past little while. Some of the photos I have manage to capture times that are joyous, others melancholy, others full of light and joy, and yet others alienation and loneliness. And I tend to tightly hold onto the meaning of the photographs I’ve taken: I don’t go out of my way to explain my photography to anyone else, nor do I think it’s something that I need to do. Shutter therapy is just that: a kind of physical and intellectual therapy. But there are specific moments that I deliberately keep separate from my camera, and they’re often times wherein people are most likely to entrap time in amber, such as vacation or celebration. But I’ve found myself less and less excited to engage in such photography over the past several months.
I’m not entirely certain why: perhaps the weather has just been so miserable that it’s had an impact on my motivations to shoot. But equally possible it’s because something is changing in how I approach photography itself, at least right now: I don’t want as many amber memories, and instead want to enjoy the development and unfolding of certain memories, and feel more comfortable in the knowledge that the ‘final’ memories I’ll have will be even more subjective than those associated with photographs. Some will even vanish in their entirety. I don’t know why this is my current state of mind but, regardless, it’s an interesting intellectual moment that is prompting reflection on my photography, what drives it, and the relationship between amber memory and living memory.
Notable Quotation
“If you can change one thing about yourself then please be kinder and change how you end things because it matters way more than how you begin them.”
– Sartaj Anand
New Apps and Great App Updates from this Week
iOS 11.3 dropped last week and for the entire time I’ve been testing the Notes application pretty regularly to see if it’s stopped freezing, crashing, and otherwise not working properly. It seems to be working once more, which is a huge relief as huge portions of my life are locked up in the application. Not sure what was broken, or how it got fixed, but I’m pretty happy to discover that things are working once more!
Great Photography Shots
Many of the winning shots for the Smithsonian’s 15th Annual photo contest are just spectacular.
John Gruber is ripping into the Wall Street Journal for their reporting on Apple Pay. Specifically, he complains that the Journal didn’t explain how to remove an alert that is meant to encourage people to set up Apple Pay, agrees that Apple has done a bad job explaining how Apple Pay is more secure than using an actual credit card, and mocks an analyst’s comparison to Apple Pay to Microsoft’s antitrust cases in the 1990s and early 2000s.
I agree with a lot of what John wrote but, at the same time, think that it’s all too easy to dismiss complaints about Apple Pay. I work amongst an incredibly technical group of colleagues. Many of us have iPhones. But I’m the only person who uses Apple Pay with any regularity…and I’ve run into issues time after time. Let me list some of the problems I’ve experienced:
I tried to return an item I bought using Apple Pay (linked to my credit card). But when I returned it the credit card number displayed on the receipt was different from that on my credit card…so the retailer refused to take the return.1 It was only after I undertook some independent research that I figured out how to pull up the temporarily assigned number in Apple Pay and, then, additional time to educate the frontline staff, the manager, and then wait for the manager to call central office to confirm they could process the return. Time to return a product to a store that was down the street from me? About 3-4 hours split over 2 days. I wouldn’t have the same issue if I’d just bought the item with my physical credit card.2
Apple Pay doesn’t work as reliably with tap-enabled Point of Sale machines. I’d say that I have about an 85-90% ’hit’ rate with Apple Pay versus using the tap feature of my credit card. That makes Apple Pay less convenient than a tap-enabled credit card or debit card.
Various Point of Sale machines have disabled tap and force me to use one of my chip/PIN cards. This is typically done in restaurants or retail locations where either they can’t afford to fix their Point of Sale machine or refuse to pay to enable the feature (or simply haven’t upgraded their machines to accept tap payments). So I have to carry my regular credit card and debit card with me, wherever I go, on the basis that I can’t trust that I can use Apple Pay at any given location.
Sometimes Apple Pay just doesn’t work. I have no idea what the problem is but there are times where I just have to remove the cards and re-add them to Apple Pay. I don’t know why this takes place but it happens at least once a year. And I find out about it when I’m trying to pay for something. I don’t have this problem with my credit card.3
Do I like Apple Pay? I do, actually, and I use it a lot. But I’m willing to deal with the above teething issues as an early adopter. Security is fine and good, but for the majority of people usability is the most important component of using a product. And Apple Pay remains, in my eyes, only mostly-usable. It needs to be a lot more reliable before it is adopted by the mainstream.
I know: this is a security feature (one I love!) but it’s a feature that’s been introduced without an equally clear explanation of how to find the temporarily used number. This education needs to happen at both the end-user and retailer level. ↩
And I have no clue what you’d do if you lost your phone or it was stolen between the time of purchasing an item with Apple Pay and wanting to return it. ↩
To be fair, I have to replace my debit card (rarely used either as the card or in Apple Pay) approximately every six months because it just stops working. But this hasn’t ever happened with my credit card, which is my primary way of paying for everything. ↩
Excited Pixels 