Current Berkman People and Projects

Keep track of Berkman-related news and conversations by subscribing to this page using your RSS feed reader. This aggregation of blogs relating to the Berkman Center does not necessarily represent the views of the Berkman Center or Harvard University but is provided as a convenient starting point for those who wish to explore the people and projects in Berkman's orbit. As this is a global exercise, times are in UTC.

The list of blogs being aggregated here can be found at the bottom of this page.

August 27, 2014

Bruce Schneier
The Problems with PGP

Matthew Green has a good post on what's wrong with PGP and what should be done about it.

by Bruce Schneier at August 27, 2014 03:54 PM

Friday Squid Blogging: Squid Boats Illuminate Bangkok from Space


To attract the phytoplankton, fishermen suspend green lights from their boats to illuminate the sea. When the squid chase after their dinner, they're drawn closer to the surface, making it easier for fishermen to net them. Squid boats often carry up to 100 of these green lamps, which generate hundreds of kilowatts of electricity--making them visible, it appears, even from space.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at August 27, 2014 03:42 PM

Security Flaws in Rapiscan Full-Body Scanners

Security researchers have finally gotten their hands on a Rapiscan backscatter full-body scanner. The results aren't very good.

Website with paper and images. News articles and commentary.

Note that these machines have been replaced in US airports with millimeter wave full-body scanners.

by Bruce Schneier at August 27, 2014 03:24 PM

Security by Obscurity at Site

The White House is refusing to release details about the security of because it might help hackers. What this really means is that the security details would embarrass the White House.

by Bruce Schneier at August 27, 2014 03:20 PM

Eavesdropping Using Smart Phone Gyroscopes

The gyroscopes are sensitive enough to pick up acoustic vibrations. It's crude, but it works. Paper. Wired article. Hacker News thread.

by Bruce Schneier at August 27, 2014 02:03 PM

Learning from bad @TWC #CX

Here in New York City, Time Warner Cable is down. (I’m getting on over my mobile phone’s T-Mobile data connection.)

According to DownDetector, TWC is also down in a lot of places:

Screen Shot 2014-08-27 at 7.44.38 AM

This is a developing story, in the midst of which I can take the opportunity to have a meaningful encounter with CX — Customer eXperience. Let’s make lemonade.

My cable modem shows the connection is live, but just blinking steadily in its attempt to pass data back and forth with TWC itself. Earlier ping tests (when the connection was merely bad) went somewhere, but latencies were all high. Now they go nowhere.

Calls to Time Warner Cable get me a message: “All circuits are busy now. Please try again later. Message NY-224-55.”

A visit to @TWC_Help finds the last two postings are on 15 and 22 August. TWC’s many other social channels on Twitter are useless promotional vehicles. A Twitter search for TWC shows lots of problems in lots of places, right now. So this is a developing story.
No doubt the story in the mainstream media will go along the lines of these two:
The big angle will be around the planned merger of  TWC and Comcast — two well-hated ogres.
But we’re here to help, not complain. What can we do with VRM here? Not just for TWC, but for every company in TWC’s position? Specifically,
  1. What code do we have already? and 
  2. What development paths are VRooMers on that can lead toward better CX?


by Doc Searls at August 27, 2014 11:59 AM

Bruce Schneier
People Are Not Very Good at Matching Photographs to People

We have an error rate of about 15%:

Professor Mike Burton, Sixth Century Chair in Psychology at the University of Aberdeen said: "Psychologists identified around a decade ago that in general people are not very good at matching a person to an image on a security document.

"Familiar faces trigger special processes in our brain -- we would recognise a member of our family, a friend or a famous face within a crowd, in a multitude of guises, venues, angles or lighting conditions. But when it comes to identifying a stranger it's another story.

"The question we asked was does this fundamental brain process that occurs have any real importance for situations such as controlling passport issuing ­ and we found that it does."

The ability of Australian passport officers, for whom accurate face matching is central to their job and vital to border security, was tested in the latest study, which involved researchers from the Universities of Aberdeen, York and New South Wales Australia.

In one test, passport officers had to decide whether or not a photograph of an individual presented on their computer screen matched the face of a person standing in front of their desk.

It was found that on 15% of trials the officers decided that the photograph on their screen matched the face of the person standing in front of them, when in fact, the photograph showed an entirely different person.

by Bruce Schneier at August 27, 2014 02:34 AM

August 26, 2014

Berkman Center front page
Upcoming Events: Berkman Center 2014-2015 Orientation
Berkman Events Newsletter Template
join us!

Berkman Center 2014-2015 Orientation: Academic Year Kickoff Activities

September 5-17. Events will take place across the Harvard campus. See each event page (and below) for more detailed information.


Please join us for the Berkman Center for Internet & Society’s Fall 2014 Orientation to meet our faculty, fellows, and staff, and to learn about the many ways you can get involved in our dynamic, exciting environment.

This year, we're hosting a series of events across the campus of Harvard University focused on different areas of activity and research at the Center. We invite you to attend any and all that are of interest to you:

- 9/5: Internet Policy Symposium @ Harvard Kennedy School at 9:00AM ET

- 9/9: Open Tuesday Luncheon @ Harvard Law School at 12:30PM ET

- 9/10: Research Showcase @ Harvard Law School from 4:30-6:30PM ET

- 9/11: Digital Problem Solving Initiative Kickoff @ Harvard Graduate School of Education at 5:30PM ET

- 9/15: Special EFF / Berkman Cyber Law Pub Trivia Night @ Harvard Law School at 7:00PM ET

- 9/17: Technical Project Showcase with the Berkman Geeks @ TBD at 3:00PM ET

As a University-wide research center at Harvard, our interdisciplinary efforts in the exploration of cyberspace address a diverse range of backgrounds and experiences. If you're interested in the Internet’s impact on society and are looking to engage a community of world-class fellows and faculty through events, conversations, research, and more please join us to hear more about our upcoming academic year.

People from all disciplines, universities, organizations, and backgrounds are encouraged to attend our orientation events. We look forward to seeing you there! RSVP Required (please RSVP to each event you'd like to attend). more information on our website>

Berkman Center 2014-2015 Orientation

Internet Policy Symposium

Friday, September 5, 9:00pm ET, Harvard Institute of Politics, Harvard Kennedy School.


The Internet Policy Symposium, hosted by Harvard University's Institute of Politics, the Berkman Center for Internet & Society at Harvard University, and The Internet Association, will feature a public forum on "Innovation in Action" on September 4th and discussions on "Will Governments Break the Internet" and "Why Internet Policy Matters" on September 5th.

RSVP Required. more information on our website>

Berkman Center 2014-2015 Orientation

Tuesday Luncheon

Tuesday, September 9, 12:30pm ET, Wasserstein Hall, Milstein West B Room (2nd Floor), Harvard Law School. This event will be webcast live at 12:30PM ET.


Learn more about the Berkman Center for Internet & Society -- and its network of researchers, activists, faculty, students, technologists, entrepreneurs, artists, policy makers, lawyers, and more -- in an interactive conversation lead by Faculty Chair Jonathan Zittrain. If you’re curious about connecting with our research, our community, or our events, or are just generally interested in digital technologies and their impact on society, please join us at our first Tuesday lunch of the academic year on September 9th on the Harvard Law School campus.

To find more information about this year’s Berkman Center community, visit: RSVP Required. more information on the IOP's website>

Berkman Center 2014-2015 Orientation

Berkman Research Showcase

Wednesday, September 10, 4:30-6:30pm ET, Wasserstein Hall, Milstein East Rooms (2nd Floor), Harvard Law School. Refreshments will be served.


Select Berkman projects will be present with information about their projects' current activities. Staff working with each of these projects are eager to share information about the big research questions they are considering, meet potential future collaborators, and solicit ideas. In addition to the project tabling, there will be space and opportunity to connect with other Berkman community members and open house participants. You may come for any portion of time during this session. RSVP Required. more information on our website>

Berkman Center 2014-2015 Orientation

Digital Problem Solving Initiative Kickoff

Thursday, September 11, 5:30pm ET, Harvard Graduate School of Education (location TBA). Refreshments will be served.


Please join the Berkman Center for Internet & Society at Harvard University for the launch of the Digital Problem-Solving Initiative (DPSI), one of the many initiatives and projects at the Center focused on education and digital technologies. DPSI is an innovative and collaborative project that brings together a diverse group of learners (students, faculty, fellows, and staff) to work on projects to address challenges and opportunities across the university. DPSI offers participants a novel opportunity to engage with research, design, and policy relating to the digital world.

Applications are open until September 6 - click here to find out more.

Speakers will include Dean Martha Minow, Professor Urs Gasser, Professor Tom Eisenmann, and Research Fellow Justin Reich. RSVP Required. more information on our website>

Berkman Center 2014-2015 Orientation

Cyberlaw Pub Trivia: A Joint EFF / Berkman Center Event

Monday, September 15, 7:00pm ET, Wasserstein Hall, HLS Pub (1st Floor), Harvard Law School. Refreshments will be served. Cash bar.


Please join us for a special edition of the Electronic Frontier Foundation's Cyberlaw Pub Trivia Night -- held in collaboration with the Berkman Center for Internet & Society as part of our 2014-2014 orientation activities -- which will bring together legal geeks, students, EFF board members, faculty, and others who are interested to join us for an evening of cyberlaw pub trivia. Trivia questions have been carefully constructed by EFF's crack team of technology law experts, focusing on the obscure, fascinating and trivial aspects of privacy, free speech, and intellectual property law.

A Note on RSVPs: If you plan to come with a team (6 people per team), please encourage your teammates to RSVP as soon as possible, as we will close registration when we hit capacity. In order to allow as many people as possible to participate, teams with less than 6 people may have individuals without a team added to them on the day of. Individuals: Don't have a team? No problem, we will help bring together cool and competitive teams. RSVP Required. more information on our website>

berkman luncheon series

Drone Warfare and the Public Imagination

Tuesday, September 16, 12:30pm ET, Berkman Center for Internet & Society, 23 Everett St, 2nd Floor. This event will be webcast live.


In 2012, U.S. drone strikes occurred most often in which nation?

If you don’t know, don’t feel too bad. You’re not alone. You could just admit it and join the 27 percent of Americans who report that they haven’t a clue. Or you could guess, give the wrong answer, and join the 60 percent of Americans who just plain get it wrong. Many people know this answer first-hand, but they tend not to be Americans, and for them the answer has a non-trivial significance.

A large majority (65 percent) of Americans claimed that they had heard a lot about the U.S. drone program in 2013. This is a significant increase from the year before. But what they’d heard hadn’t furnished the answer to this most basic question about the purpose and nature of targeted killings. This makes sense, since the media often focuses on what is most important to its readers: namely, themselves. This is why the death of Americans in targeted killings dominated early discussion of drone warfare, why the mere prospect of domestic surveillance has taken center stage in the drone debate, and why commercial uses of drones has gained more attention in 2014.

So what should the media cover when it comes to drones and military robotics? What is worth reporting? And what responsibility do journalists have to focus in on the most pressing moral and legal questions when it comes to drone technologies? At what point should reportage blend into legal commentary and moral argumentation? What are the dangers associated with this sort of public discourse?

John Kaag is an Associate Professor of Philosophy at the University of Massachusetts Lowell and Director of the Doctoral Program in Global Studies. RSVP Required. more information on our website>

Berkman Center 2014-2015 Orientation

Technical Project Showcase with the Berkman Geeks

Wednesday, September 17, 3:00pm ET, Location TBA.


The Berkman Center for Internet & Society welcomes students and other Harvard community members to an open session with the Center’s software development and systems operations team (affectionately known as "The Geeks”).

Jonathan Zittrain, George Bemis Professor of Law at Harvard Law School and the Harvard Kennedy School of Government, Professor of Computer Science at the Harvard School of Engineering and Applied Sciences, Director of the Harvard Law School Library, and Faculty Director of the Berkman Center for Internet & Society, will kick things off, and the Geeks will present some of the most interesting projects and initiatives currently on our plates.

The Berkman Center's Geek Cave works with ruby, perl, php, bash, jQuery, PostgreSQL, MySQL and a slew of other tools to build and extend open source software, create scalable websites, and manage the mixed desktop network that keeps the Center moving. We have a small group of talented, devoted, fun, full-time developers on staff that want to hear about your 1337 coding skillz and talk about fun projects to pair code or geek out on; two project managers to give you tips to about keeping your work on track; and technologists to talk about what hardware and software support it takes to deploy our projects on Berkman infrastructure.

This is a great opportunity to learn more in detail about the technical work done at the Berkman Center, to learn how your own personal or class-related projects might align with the Center’s, and to consider ways you might be able to collaborate with our team on some of the work we have lined up for this year!

More info about the projects that we work on can be found on our github organization page at RSVP Required. more information on our website>

Other Events of Note

Local, national, international, and online events that may be of interest to the Berkman community:

You are receiving this email because you subscribed to the Berkman Center's Weekly Events Newsletter. Sign up to receive this newsletter if this email was forwarded to you. To manage your subscription preferences, please click here.

Connect & get involved: Jobs, internships, and more iTunes Facebook Twitter Flickr YouTube RSS

See our events calendar if you're curious about future luncheons, discussions, lectures, and conferences not listed in this email. Our events are free and open to the public, unless otherwise noted.

by ashar at August 26, 2014 05:53 PM

Berkman Center 2014-2015 Orientation: Academic Year Kickoff Activities

Please join us for the Berkman Center for Internet & Society’s Fall 2014 Orientation to meet our faculty, fellows, and staff, and to learn about the many ways you can get involved in our dynamic, exciting environment.

This year, we're hosting a series of events across the campus of Harvard University focused on different areas of activity and research at the Center. We invite you to attend any and all that are of interest to you:

Find a list of those who have RSVPed to these events and have opted in to having their information shared in order to facilitate connections over at Hei.

As a University-wide research center at Harvard, our interdisciplinary efforts in the exploration of cyberspace address a diverse range of backgrounds and experiences. If you're interested in the Internet’s impact on society and are looking to engage a community of world-class fellows and faculty through events, conversations, research, and more please join us to hear more about our upcoming academic year.

People from all disciplines, universities, organizations, and backgrounds are encouraged to attend our orientation events. We look forward to seeing you there!

We'd love to see you! If you're joining us, consider:

RSVP and Attendee List - Connect and Collaborate


You must RSVP to each event individually that you wish to attend. RSVP forms are found on the event pages linked above.

Public Attendee List:

Find a list of those who have RSVPed and have opted in to having their information shared in order to facilitate connections at Hei

Names, contact information, links to relevant projects, and tags representing research interests and activities may be found, and you may sort by tags in order to identify others who may be working in common cause.

Please note that the system in which the list lives, Hei, is a new development project of the Berkman Center. If you identify any bugs, or have any ideas or thoughts about it, please let us know at

Berkman Research Projects

The Berkman Center enjoys a global reputation for cutting-edge work centered on the relationships between the Internet, law, and society. Our mode — entrepreneurial nonprofit — embraces our pursuit of scholarly research in the manner and spirit of an academic think tank, anchored by the diverse collaborative and individual work of our faculty and fellows.

More about our research is here.   

2014-2015 Berkman Community

In addition to the Directors and staff, the Berkman Center hosts a community of fellows, faculty associates, and affiliates. The diverse class of fellows will work primarily in Cambridge, MA and will serve as key instigators within the vibrant research community. Honoring the networked ethos central to Berkman, faculty associates and affiliates from institutions the world over will actively collaborate with the Berkman community through an array of channels. Click here to learn more about their work!

Select Opportunities to Get Involved at Berkman

The success of the Berkman Center's mission rests upon our community, starting with students and building from there. We don’t simply study networks – we consciously and deliberately create them, linking students, faculty, fellows, affiliates, alumni, staff, researchers, funders, other nonprofit and academic organizations, for-profit ventures, government entities, and the public we serve. Some specific opportunities are listed below, and other opportunities are available, too - please feel welcome to approach Berkman staff and fellows if you have interest in their work, and ask if there are any ways to collaborate.

To note, absolutely no formal affiliation with Berkman is necessary for you to engage and be part of the Berkman Center community. Informal collaborations are often the source of our most fruitful relationships.

  • We are currently accepting applications from Harvard students who wish to be a part of the Digital Problem Solving Initiative Learn more!
  • We have begun to add information about available fall internships.
  • We will soon begin accepting applications for 2014-2015 fellowships. More about our fellowship program is here.
  • Through discussions, lectures, conferences, and other gatherings, the Berkman Center convenes diverse groups around a wide range of topics related to the Internet as a social and political space. The unique interactions generated through these events - both as process and product - are fundamental elements of the Berkman Center's modus operandi. Many events are open to the public.
  • You may sign up for our mailing lists here.

Location, Directions, and Logistical Information

  • Location: Our different events will take place in different locations across the Harvard University campus.  Please check each event's page for location specifics.  A map of the Harvard University campus is here.
  • Parking is not available through Harvard Law School, but there are several parking garages in Harvard Square.
  • Wireless internet access will be available.
  • Questions? Contact Rebecca Tabasky at

by ashar at August 26, 2014 05:47 PM

Justin Reich
Navigating the Two Kinds of Online Discussion Forums
Changes have been made to edX discussion forums that highlight the differences between discussions meant to explore a topic and discussions meant to identify a single correct answer.

by Justin Reich at August 26, 2014 04:21 PM

Nick Grossman
Dropbox and Personal Data

More and more, recently, I’ve been noticing web services that use Dropbox for storing user data.  For example, 1Password, OneName and Diaro.

With all the talk about user control of data, data liberation, privacy, etc — I actually feel like this is is a super nice approach, at least for some use cases.

I am more comfortable using Diaro as my journal because they don’t keep the data, I do (sort of — really Dropbox does, but it’s my dropbox acct and I can take it/delete it whenever I want).  I think that may have actually been my deciding factor in choosing Diaro.

In this particular case, using Dropbox has the added (I’d say necessary) feature of syncing across devices so any apps that store user data there can see it anywhere and not have to worry about managing it.

It’s also interesting to note that this wasn’t really the #1 use case (afaik) for Dropbox.  But it does seem to be a natural (albeit relatively fringe) additional use case.  And I wonder if we will see an increasing number of apps (maybe health?) take this route, and marketing it to privacy/control conscious users.

August 26, 2014 11:13 AM

Willow Brugh
Another Whirlwind Tour

The Bank booked my tickets for me (yay no financial overhead!.. but–) with an 11-hour layover at LHR. So I popped on the Heathrow Express to Paddington. I’m sitting in a Starbucks, of all places. They’re playing Morrisey. It’s pretty awful, but it’s also a holiday and everything else around here was closed. I was meant to have been back in Boston for the past week, after a long stint of travel, but things got extended by a continent, so here I am.


I gave a keynote at Cascadia.JS, and the event and its people were absolutely wonderful. Even played some pinball with Case (oh, PS, we’re throwing a CyborgCamp at MIT in October and you should come). I was soooo stressed when I gave this talk. Not from the talk itself – this community is lovely! I even wrote about it on the Civic blog – but because of the things surrounding this entry. When I watched the video later, it’s actually pretty alright. They gave me a full 30 minutes, and I wish I had padded it with more information. C’est la vie. Huge huge hugs to Ben and Tracy and the rest of the crew. You made a rough time easier through your care.

The drawings I did for other people’s talks are all here.


This was my first Wikimania, and it was stunning. So so much fun. Many things to think about, frustrations in new light, conversations over cider, and even more stick figures. And! Some lovely person taught me how to upload my drawings to the commons, and so now I’ll be hosting from there instead of from Flickr. Got to spend too-short time with Laurie (who I’ll see more of in Boston! Yay!), AND found out about Yaneer’s work on networked individuals and complex systems which rings closer to true in my intuition than most anything else I’ve run across recently.

Getting to know a neighborhood in London that I actually like, with art in the alleys and a bike repair and tailoring shop with a pub and wifi while you wait that is totally hipster gentrification and I so don’t care. And a strange moment in a Bombay-style restaurant of a half-recognized face, that ends up being the brother of the heart-based Seattle ex-Partner. We hug fiercely (as is the way of his family, and mine), until his manager gets angry. We laugh and promise to catch up.

Thence to Future Perfect, through the too-early fog of morning, and a panic attack, and dear Sam handling the accompanying compulsive need to stick to The Plan, even if it did not make the most sense, with the sort of calm curiosity and fondness which is exactly what is needed in those moments, and jogging through far away airports to finally arrive at our not-even-yet-boarding gate.

Future Perfect

A short flight (slept through) and a longer ferry ride (also slept through) through the archipeligos of Sweden, and Sam and I are on the island of Grinda for Future Perfect. We’re here at the behest of one Dougald Hine, long-time mirror-world not-quite-yet-cohort, to be Temporary Faculty at the festival, and to “difficultate.” It’s a strange thing, to be encouraged to ask the hard questions, and Ella and I are a bit adrift in the new legitimacy of our usual subversive action. “Ella, I think we’ve just been made legible.” “Shit. Quick, act polite!” But there’s an awfully strong thread of Libertarianism and Profiteering From The Future, so it’s not a difficult thing to ask stir-up questions. I sit on a panel called When Women Run the World, and mock the title, and question the assumption of binary sex, and point out matrixes of power. I draw as people talk, and post the print-outs to a large board for all to see, a strange combination of digital and analogue. Another panel I’m pulled onto I advocate for inclusion and codesign on the basis of values – not everyone bites. So then, pulling from Yaneer’s work, I point out that hierarchies fail at the capacity of any individual, whereas examined networks can scale in complexity. They nod. I grit teeth.

We also meet Bembo and Troja Scenkonst and Billy Bottle and Anna and the Prince of the Festival Lucas, and see old friends Ben and Christopher and Smari. We walk through the cow and sheep pasture as a shortcut from breakfast to festival, avoiding dirty boots and communicating via body language to over protective rams. I jump into the half-salt water of the archipelagos after a long sauna stint, and we drink sweet Swedish cider, and we sing Flanders and Swann across our joined repertoires. Ed gives me access to his audio book library, and I’m high on dopamine and scifi for hours to come. Our tiny temporary faculty crew sleeps in adjacent cabins, keeping the floors swept and porches clean.

And another early flight, stomach dropping as the pre-booked taxi service couldn’t find us and didn’t speak English (and Sam doesn’t hold Swedish in his repository of languages), no Ubers showing up on the app as they had the previous night, and finally finding a taxi app that would generate our location and sent a lovely driver for us. Getting to the airport, again, in time, with an uncertainty of how to part ways from this other human-shaped being who moves at high velocities, having been caught up in each other’s orbits for a short period of time, still texting threads and punctuation past gates.


And then I went back to Dar. And I realize in writing this how worn down my travel-muscle is, exhausted to the core. Less able to appreciate the beauty of a second wrecked ship on a calm sandy beach, unable to see the trying and hurt at the core of some of the people we hear speak. I am frustrated that the workshop I have been flown here to participate in has people reading verbatim from slides, that at the core of this workshop are not the people who are the most marginalized. I am brief, and I am blunt, and I do not show the same care that I expect to be shown to everyone. I become even more blunt with those who are unkind to others, a sort of brute force function into civility, and I and others know it will not work.

But some of the workshop has us figuring out hairy problems like reducing the 16-digit identifier for water points to locally useful and uniquely identifiable phrases for the database lookup table. I listen while the People Who Decide These Things think their servers won’t have the troubles other servers have. And some sections have people talking about appropriate technology and inclusion. It is productive, though differently than I’m used to.

I exchange a quiet conversation in the front of a taxi that waited for us at a restaurant, a practice which I hate, on the long journey home. The driver having not said more than a word or two at a time at first, now sharing anger about high taxes and now visible payout. The roads are paid for by other countries, the buildings, the power grid… where are his tax dollars going? We talk about schools, and his sister, and about how he has no way to speak.

We work with the Dar Taarifa team, who are unfolding and learning to push back, hours into github and strange google searches and odd places to encourage and odder places to encourage disagreement. We pause for translations, and I try to bow out so they’ll operate at full speed in Swahili, rather than moving slower so that I might understand.

Oh, also:

One of my drawings ended up all over the place:

Morgan’s research is pretty boss, and Barton did a great job writing.

It looks like I’m going to be in Kenya in parts of October and November playing games around climate change.
This post is apparently in the memory of LJ.

by bl00 at August 26, 2014 01:18 AM

August 25, 2014

David Weinberger
Have social networks replaced groups?

Maxim Weinstein responded in an email to my post about what the social structure of the Internet looked like before Facebook, making the insightful point that Facebook meets the four criteria Clay Shirky listed for social software in his 2003 keynote at eTech. Here are the four with Max’s comments appended:

1. Provide for persistent identities so that reputations can accrue. These identities can of course be pseudonyms.
2. Provide a way for members’ good work to be recognized. < "Like" buttons, sharing
3. Put in some barriers to participation so that the interactions become high-value. < have to accept friend requests
4. As the site’s scale increases, enable forking, clustering, useful fragmentation. < pages

Max goes on to note some nuances. But his comment, plus a discussion yesterday with Andrew Preater, a library technologist at the Imperial College of London, made me think how little progress we’ve in fact made in supporting groups on the Net.

For example, Clay’s post from 2003 marvels at a “broadband conversation” in which the participants communicated simultaneously by conference call, through a wiki, and through a chat, each from a different source. Since 2003, there are now services that bundle together these different modalities: Skype and Google Hangouts both let a group talk, video, chat, and share documents. (Google Docs are functionally wikis, except without the draft>compile>post process.) So, that’s progress…although there is always a loss when disparate services get tightly bundled.

What’s missing is the concept of a group. As my 2003 post said, members of a group know they’re members of a group with some persistence. Skype and Hangouts let people get together, but there are no tools there for enabling that configuration of people to persist beyond the session. Groups are important because they enable social ties to thicken, which means they’re especially useful now to mitigate the Brownian motion of sociality on the Internet.

Likewise, Facebook, Google Groups, Twitter, and the other dominant forms of “social software” (to use the term from 2003) are amazing at building social networks. At those sites you can jump into borderless networks, connecting to everyone else by some degree. That’s pretty awesome. But those sites do not have a much of a concept of a group. A group requires some form of membership, which entails some form of non-membership. Usually the membership process and the walls that that process forms are visible and explicit. This isn’t to say that groups have to have a selection committee and charge dues. A group can be widely open. But the members need to be able to say “Yeah, I’m part of that group,” even if that means only “I regularly participate in that open discussion over there.” A group is a real thing, more than the enumeration of its members. If all the members leave, we have to be able to say, “There’s no one in that group any more. Too bad.”

If the walls around the group don’t include and exclude the same people for each member, then it’s a network, not a group. Not all of your friends are my friends and vice versa. But everyone in the Chess Club is in the Chess Club. The Chess Club is a group. Your friends and my friends on Facebook are part of a social network. Not that’s there anything wrong with that.

Now, I realize in saying this I am merely expressing my Old Fartdom. “Why, in my day, there were groups and not all these little networks of people with their twittering and their facial books.” The evidence for this is the generational divide on email. Email remains my most important social software for all the reasons that The Kids have moved to Facebook: email goes to the people I choose, is slower, results in semantically sequential threads of call-and-response, and is archived. But I especially like email because mailing lists are crucial to my social and intellectual life. I have been on some for over twenty years. Most of what I know about the Internet comes from the lists I’m on. I’ve reconnected with some of my academic philosophical roots via a mailing list. Mailing lists are so important to me because they are online groups.

So it’s entirely possible, in fact it’s probable, that the Internet has not made a lot of progress supporting groups because our culture no longer values groups. We’ve gone from Bowling Alone to Twitch Bowls 300. Old-timers like me — even as we celebrate the rise of networks — should be permitted a tear to dampen our dry, furrowed skin.

by davidw at August 25, 2014 09:35 PM

Bruce Schneier
Chapter 137 of My Surreal Life

Someone wrote Sherlock-Schneier fan fiction. Not slash, thank heavens. (And no, that's not an invitation.)

by Bruce Schneier at August 25, 2014 06:04 PM

Justin Reich
Research Questions and (Better) Learning Analytics
On Tuesday, August 19 at noon EST, I'll be participating in a webinar with Audrey Watters, Andrew Sliwinsky, and Vanessa Gennarelli. We'll be wrestling with the technical and ethical challenges of using data from online learning systems to improve teaching and learning.

by Justin Reich at August 25, 2014 03:05 PM

Bruce Schneier
US Air Force is Focusing on Cyber Deception

The US Air Force is focusing on cyber deception next year:

Background: Deception is a deliberate act to conceal activity on our networks, create uncertainty and confusion against the adversary's efforts to establish situational awareness and to influence and misdirect adversary perceptions and decision processes. Military deception is defined as "those actions executed to deliberately mislead adversary decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission." Military forces have historically used techniques such as camouflage, feints, chaff, jammers, fake equipment, false messages or traffic to alter an enemy's perception of reality. Modern day military planners need a capability that goes beyond the current state-of-the-art in cyber deception to provide a system or systems that can be employed by a commander when needed to enable deception to be inserted into defensive cyber operations.

Relevance and realism are the grand technical challenges to cyber deception. The application of the proposed technology must be relevant to operational and support systems within the DoD. The DoD operates within a highly standardized environment. Any technology that significantly disrupts or increases the cost to the standard of practice will not be adopted. If the technology is adopted, the defense system must appear legitimate to the adversary trying to exploit it.

Objective: To provide cyber-deception capabilities that could be employed by commanders to provide false information, confuse, delay, or otherwise impede cyber attackers to the benefit of friendly forces. Deception mechanisms must be incorporated in such a way that they are transparent to authorized users, and must introduce minimal functional and performance impacts, in order to disrupt our adversaries and not ourselves. As such, proposed techniques must consider how challenges relating to transparency and impact will be addressed. The security of such mechanisms is also paramount, so that their power is not co-opted by attackers against us for their own purposes. These techniques are intended to be employed for defensive purposes only on networks and systems controlled by the DoD.

Advanced techniques are needed with a focus on introducing varying deception dynamics in network protocols and services which can severely impede, confound, and degrade an attacker's methods of exploitation and attack, thereby increasing the costs and limiting the benefits gained from the attack. The emphasis is on techniques that delay the attacker in the reconnaissance through weaponization stages of an attack and also aid defenses by forcing an attacker to move and act in a more observable manner. Techniques across the host and network layers or a hybrid thereof are of interest in order to provide AF cyber operations with effective, flexible, and rapid deployment options.

More discussion here.

by Bruce Schneier at August 25, 2014 04:39 AM

August 24, 2014

Harry Lewis
Rest in Peace, Father Gavin

Father Carney Gavin died on August 21, according to a brief death notice in the Boston Globe this morning. (Oddly, it's in the print edition only.)

Carney was a once familiar type that is now rare. A learned, scholarly Boston-Irish priest, warm and gregarious and well-connected in academia, to royalty, and to the Vatican, humble and funny and self-effacing, and boisterous and enthusiastic at the same time. He was always ready to lend human support to anyone, regardless of doctrinal niceties. (Peter Gomes once said to me, after Carney had carried out his offices in a kind and generous way as I suspect not every priest in today's Roman Catholic Church would have chosen to do, "Are they still letting him do that?") He served for a time as head of Harvard's Semitic Museum, and after that started the Archives for Historical Documentation, which describes Carney's mission this way: "Since 1963, Carney's research has been dedicated to understanding and preserving the cultural heritage of the Middle East while promoting peace among the region's prevalent faiths through this shared history."

He has for years been struggling to outrun a cancer, which must finally have caught up to him. I chanced across this passage from Harvard Magazine in 2001, in which he described someone else who was fighting an illness:
 "I call it an ‘odyssey,’" says Rev. Carney Gavin, Ph.D. ’73, a longtime friend of and pastor to the Mee family at St. Columbkille’s Church in Brighton. "It’s terrible and sad and frightening and filled with all kinds of encounters." Even in this age of dot-com billionaires, he adds, "There’s nobody who doesn’t question, ‘What is heroism? What is worthwhile in life?’ I cannot tell you how heroically Peter has worked to find a meaningful place for himself. It involved horrible, horrible failures and incredible obstacles."
Pretty nice description of his own past few years; he never slowed down, traveling to Europe and the Middle east constantly, bringing back vials of water from the River Jordan, lumps of frankincense, and other small gifts for his friends' children, and all the while trying to preserve the history of the Middle East. He was a good man, and I regret his passing.

Thanks to his friends at St. Columbkille's for permission to reproduce the photograph above, which was taken very recently. That's him all right, laughing to the end.

by Harry Lewis ( at August 24, 2014 05:11 PM

Getting Respect

Respect Network (@RespectConnect) is a new kind of corporate animal: a for-profit company that is also a collection of developers and other interested parties (including nonprofits) gathered around common goals and principles. Chief among the latter is OIX‘s Respect Trust Framework, which is “designed to be self-reinforcing through use of a peer-to-peer reputation system.” Every person and organization agreeing to the framework is a peer. Here are the five principles to which all members agree:

Promise We will respect each other’s digital boundaries

Every Member promises to respect the right of every other Member to control the Member Information they share within the network and the communications they receive within the network.

Permission We will negotiate with each other in good faith

As part of this promise, every Member agrees that all sharing of Member Information and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.

Protection We will protect the identity and data entrusted to us

As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of Member Information shared with that Member.

Portability We will support other Members’ freedom of movement

As part of this promise, every Member agrees that if it hosts Member Information on behalf of another Member, the right to possess, access, control, and share the hosted information, including the right to move it to another host, belongs to the hosted Member.

Proof We will reasonably cooperate for the good of all Members

As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

The Respect Network’s founding partners are working, each in their own way, to bring the Respect Trust Framework into common use. I like it as a way to scaffold up a market for VRM tools and services.

This summer Respect Network launched a world tour on which I participated as a speaker and photographer. (Disclosures: Respect Network paid my way, and The Searls Group, my consultancy, has had a number of Respect Network partners as clients. I am also on the board of Flamingo and  Customer Commons, a nonprofit. I don’t however, play favorites. I want to see everybody doing VRM succeed, and I help all of them every way I can. ) We started in London, then hit San Francisco, Sydney and Tel Aviv before heading home to the U.S. Here’s the press coverage:

In the midst of that, Respect Network also announced crowd funding of this button:


It operates on the first  promise of the Respect Trust Framework: We will respect each others’ digital boundaries. Think of it as a safe alternative to the same kind of button by Facebook.

The campaign also launched =names (“equals names”) to go with the Respect Connect button, and much else, eventually. These names are yours alone, unlike, say, your Twitter @ handle, which Twitter owns.

There is a common saying: “If you’re not paying for it, you’re the product” In respect of that, =names cost something (like domain names), though not much. Selling =names are CSPs: Cloud Service Providers. There are five so far (based, respectively, in Las Vegas, Vienna, London, New York/Jerusalem and Perth):

bosonweb-logo danube_clouds-logo paoga-logo emmett_global-logo onexus-logo

They  are substitutable. Meaning you can port your =name and data cloud from one to the other as easily as you port your phone number from one company to another. (In fact the company that does this in the background for both your =name and your phone number is Neustar, another Respect Network partner.) You can also self-host your own personal cloud. Mine =name is =Doc, and it’s managed through Danube Clouds. (I actually got it a few years back. The tech behind =names has been in the works for awhile.)

The tour was something of a shakedown cruise. Lots was learned along the way, and everybody involved is re-jiggering their products, services and plans to make the most of what they picked up. I’ll share some of my own learnings for ProjectVRM in the next post.



by Doc Searls at August 24, 2014 09:36 AM

Bruce Schneier
NSA/GCHQ/CSEC Infecting Innocent Computers Worldwide

There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent third parties.

The article actually talks about several government programs. HACIENDA is a GCHQ program to port-scan entire countries, looking for vulnerable computers to attack. According to the GCHQ slide from 2009, they've completed port scans of 27 different countries and are prepared to do more.

The point of this is to create ORBs, or Operational Relay Boxes. Basically, these are computers that sit between the attacker and the target, and are designed to obscure the true origins of an attack. Slides from the Canadian CSEC talk about how this process is being automated: "2-3 times/year, 1 day focused effort to acquire as many new ORBs as possible in as many non 5-Eyes countries as possible." They've automated this process into something codenamed LANDMARK, and together with a knowledge engine codenamed OLYMPIA, 24 people were able to identify "a list of 3000+ potential ORBs" in 5-8 hours. The presentation does not go on to say whether all of those computers were actually infected.

Slides from the UK's GCHQ also talk about ORB detection, as part of a program called MUGSHOT. It, too, is happy with the automatic process: "Initial ten fold increase in Orb identification rate over manual process." There are also NSA slides that talk about the hacking process, but there's not much new in them.

The slides never say how many of the "potential ORBs" CSEC discovers or the computers that register positive in GCHQ's "Orb identification" are actually infected, but they're all stored in a database for future use. The Canadian slides talk about how some of that information was shared with the NSA.

Increasingly, innocent computers and networks are becoming collateral damage, as countries use the Internet to conduct espionage and attacks against each other. This is an example of that. Not only do these intelligence services want an insecure Internet so they can attack each other, they want an insecure Internet so they can use innocent third parties to help facilitate their attacks.

The story contains formerly TOP SECRET documents from the US, UK, and Canada. Note that Snowden is not mentioned at all in this story. Usually, if the documents the story is based on come from Snowden, the reporters say that. In this case, the reporters have said nothing about where the documents come from. I don't know if this is an omission -- these documents sure look like the sorts of things that come from the Snowden archive -- or if there is yet another leaker.

by Bruce Schneier at August 24, 2014 05:14 AM

Disguising Exfiltrated Data

There's an interesting article on a data exfiltration technique.

What was unique about the attackers was how they disguised traffic between the malware and command-and-control servers using Google Developers and the public Domain Name System (DNS) service of Hurricane Electric, based in Fremont, Calif.

In both cases, the services were used as a kind of switching station to redirect traffic that appeared to be headed toward legitimate domains, such as,, and


The malware disguised its traffic by including forged HTTP headers of legitimate domains. FireEye identified 21 legitimate domain names used by the attackers.

In addition, the attackers signed the Kaba malware with a legitimate certificate from a group listed as the "Police Mutual Aid Association" and with an expired certificate from an organization called "MOCOMSYS INC."

In the case of Google Developers, the attackers used the service to host code that decoded the malware traffic to determine the IP address of the real destination and redirect the traffic to that location.

Google Developers, formerly called Google Code, is the search engine's website for software development tools, APIs, and documentation on working with Google developer products. Developers can also use the site to share code.

With Hurricane Electric, the attacker took advantage of the fact that its domain name servers were configured, so anyone could register for a free account with the company's hosted DNS service.

The service allowed anyone to register a DNS zone, which is a distinct, contiguous portion of the domain name space in the DNS. The registrant could then create A records for the zone and point them to any IP address.

Honestly, this looks like a government exfiltration technique, although it could be evidence that the criminals are getting even more sophisticated.

by Bruce Schneier at August 24, 2014 01:57 AM

August 23, 2014

Harry Lewis
Dolphin has closed ):
I need a nice, family-run, fish restaurant. I like Legal, but that is not what I mean. I mean a place that is not part of a standardized chain, for all the benefits that chains bring.

Over the past twenty years, three favorite haunts for fish have disappeared, places I patronized at least once a week, maybe more. At each of these places the staff, generally nice people with some kind of accent, recognized us and brought us our drinks without our having to order them.

The first was Captain's Wharf, near Coolidge Corner in Brookline; I think it is now a mammography clinic. The second was Village Fish, in south Brookline on Harvard Street; it decamped for the suburbs, and then turned itself into a BBQ joint.

And now the Dolphin, formerly at 1105 Mass Ave in Cambridge, is gone too. (Consolidated with its Natick location, says the sign on the darkened door, but gone to Mars as far as urban dwellers go.)

So the choices for fish seem to be Legal (excellent, but a bit soulless, and always about 40% more expensive than the Dolphin, though no better in the ingredients or cuisine); Skipjack's, which closed in Needham, and whose Clarendon Street location tends to be crowded with a mixture of Masters of the Universe and tourists; and lovely, big, pricey places like Oceanaire and Island Creek Oyster House. If anyone has better ideas (preferably not far from Brookline and with easy parking), I'd love to hear. (Daily Catch in Brookline remains, but it's very limited in both seating and menu options.)

I suspect that there are both ethnic and economic reasons for these changes. The Irish, who in Brookline survived on fish for generations, are now eating Thai food; at least there seems to be a Thai restaurant on every corner, and they are all cheap and good. And fish is costly enough (given the costs of keeping it fresh) that it's now a luxury item.

Very sad developments in the land of the cod. We're talking about Boston and Brookline here, not Lansing and Reno!

by Harry Lewis ( at August 23, 2014 09:43 PM

Benjamin Mako Hill
Installing GNU/Linux on a 2014 Lenovo Thinkpad X1 Carbon

I recently bought a new Lenovo X1 Carbon. It is the new second-generation, type “20A7″ laptop, based on Intel’s Haswell microarchiteture with the adaptive keyboard. It is the version released in 2014. I also ordered the Thinkpad OneLink Dock which I have returned for the OneLink Pro Dock which I have not yet received.

The system is still very new, challenging, and different, but seems to support GNU/Linux reasonably well if you are willing to run a bleeding edge version and/or patch your kernel and if you are not afraid to spend an afternoon or two tweaking things. What follows are my installation notes for Debian testing (jessie) when I installed it in early May 2014. My general impressions about the laptop as a GNU/Linux system — and overall — are at the end of this write-up.

System Description

The X1 Carbon I ordered included the 512GB SSD, the 14.0 inch WQHD (2560×1440) 260 nit touchscreen, and the maximum 8GB of memory. I believe the rest is not particularly negotiable but includes a 720p HD Camera, a 45.2Wh battery, and an Intel Dual Band Wireless 7260AC with Bluetooth 4.0.

For those that are curious Here is the output of lspci on the system:

00:00.0 Host bridge: Intel Corporation Haswell-ULT DRAM Controller (rev 0b)
00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 0b)
00:03.0 Audio device: Intel Corporation Haswell-ULT HD Audio Controller (rev 0b)
00:14.0 USB controller: Intel Corporation Lynx Point-LP USB xHCI HC (rev 04)
00:16.0 Communication controller: Intel Corporation Lynx Point-LP HECI #0 (rev 04)
00:16.3 Serial controller: Intel Corporation Lynx Point-LP HECI KT (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I218-LM (rev 04)
00:1b.0 Audio device: Intel Corporation Lynx Point-LP HD Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 6 (rev e4)
00:1c.1 PCI bridge: Intel Corporation Lynx Point-LP PCI Express Root Port 3 (rev e4)
00:1d.0 USB controller: Intel Corporation Lynx Point-LP USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Lynx Point-LP LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation Lynx Point-LP SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation Lynx Point-LP SMBus Controller (rev 04)


The BIOS firmware is non-free and proprietary as it the case with all ThinkPads and nearly all laptops. According to this thread there is a bug in the default BIOS that means that suspend to RAM is broken in GNU/Linux.

You can get updated BIOS at the Lenovo’s ThinkPad X1 Carbon (Type 20A7, 20A8) Drivers and software page by looking in the the “BIOS” section. Honestly, the easiest approach is probably to download the Windows BIOS Update utility (documentation is here) which you can use to run the BIOS update from within Windows before you install GNU/Linux.

If that’s not an option (e.g., if you’ve already installed GNU/Linux) the best method is to download the bootable CD ISO from the same page. Of course, since the X1 Carbon has no optical media, you have to find another way to boot the CD image. I struggled to get the ISO to boot from USB using the usually reliable dd method. This message suggest that the issue had to do with the El Torito wrapper:

“I had to dump the eltorito image from the ISO they provide, after that I was able to dd the resulting image to a flash drive and the bios update went well, no cdrom needed.”

I updated to version 1.13 of the BIOS which fixes the suspend/resume bug. By the time you read this, there may be newer versions that fix other things so check the Lenovo website.

Installing Debian

I installed Debian testing using the March 19, 2014 “Alpha 1″ release of the Debian Installer for Jessie (currently testing). I installed in graphical mode. With the WQHD screen, everything was extremely tiny but it worked flawlessly.

I downloaded the amd64 net install image from the normal place and installed the rest of the system using the built-in Ethernet port which required no firmware or extra drivers. I did the normal dd if=FILENAME.iso of=/dev/sdX method of getting the installer onto the a USB stick to boot. I turned off restricted boot in BIOS first. In general, the latest version of the Debian installation guide is always a good source of guidance on installing Debian.

I used the Debian installer wizard to partition and selected “Use entire disk and partition it for LVM and encrypted data” which kept the UEFI partitions around. The system installed with no errors or issues and booted up normally afterward. The grub menu is hilariously narrow on the WQHD screen.

If you want to use the built-in wireless and/or Bluetooth, you will need to install the non-free iwlwifi firmware package. It is very lame that we still have to do this to use hardware we have purchased.

What Works and Doesn’t

The following stuff works the first time I booted into the GNOME 3 desktop and logged in:

  • The WQHD 2560×1440 screen
  • The touchscreen
  • Both the TrackPoint and the touchpad
  • Built-in e1000e Ethernet using the dongle
  • The keyboard plus the “adaptive” row of F1-F12 keys.
  • External monitor using the full HDMI or mini-DisplayPort connectors
  • Audio (both speakers and microphone)
  • The camera/webcam

The following stuff works if you install non-free firmware:

  • Internal Wireless
  • Bluetooth 4.0

The following stuff works with qualifications:

  • Suspend to RAM — Works once you have updated the firmware.
  • The adaptive keyboard — The F1-F12 keys work but the “button” that theoretically lets you switch to different sets of function buttons (e.g., volume, brightness) does nothing.
  • Disabling the touchpad — There is a BIOS option to disable the touchpad. It works in Windows and does nothing at all in GNU/Linux.

I have not tried:

  • The fingerprint reader

Disabling the touchpad

As a long-term ThinkPad user, I love the TrackPoint pointing stick. If you plan on using this, the built-in touchpad is incredibly aggravating because it is very easy to brush against it while using the TrackPoint.

In BIOS, there is an option to disable the touchpad. Although this works in Windows, it does absolutely nothing in GNU/Linux. Part of the issue is that, unlike the older X1 Carbon and other ThinkPads, there are no TrackPoint buttons. Instead of buttons, there are regions at the top of the touchpad which are configured, in software, to act like buttons. If you want to be able to click, the touchpad can never be truly turned off.

This is not problem unique to the Haswell X1 Carbon and a number of people have been struggling with this issue on other Lenovo laptops. Essentially, what you need to do is configure your touchpad so that the buttons are where you want them and so that it ignores any input for the purposes of cursor movement.

There are a few ways of doing this but this answer from an question has the solution I ended up using:

Open file /etc/X11/xorg.conf.

Add a section “InputClass” with identifier “Default clickpad buttons”.

Create an option for SoftButtonAreas to values 70% 0 1 42% 36% 70% 1 42%, this is size of the right and middle button.

Enable option AreaBottomEdge and change value to 1, this will disable touchpad movement.

If everything done right, your class should looks like:

Section "InputClass"
     Identifier "Default clickpad buttons"
     MatchDriver "synaptics"
     Option "SoftButtonAreas" "70% 0 1 42% 36% 70% 1 42%"
     Option "AreaBottomEdge" "1"

Essentially, the first Option line will create a middle button that is 36% of the width and 42% of the height, and a right button that is 34% of the width and 42% of the height. The synaptics manpage (man synpatics) will give you more detail on the general way this works.

Fixing the Adaptive Keyboard

The most wild feature of the laptop is the adaptive keyboard strip. The strip is a back-lit LCD that looks almost like E Ink screen and acts as a touchscreen keyboard. The default mode gives you the F1-F12 keys. If you “press” the keys (since they aren’t buttons, you just put your finger on top of them) they act like normal F-keys. You can Ctrl-Alt-F1, etc., to switch to virtual terminals out of the box. There are four modes: “Function” (i.e., normal F-keys), Home, Web, and Chat. The last three overlap quite a bit (e.g., they all have brightness and volume). You can play with an example on the Lenovo homepage.

In Windows, switching programs will apparently change these “keys” so that an appropriate set of buttons is shown for the application you are using. You can also change these keys manually with a big “Fn” button at the far left of the adaptive keyboard strip.

As I write this this, released kernels do not support the adaptive keyboard Fn button which means you cannot use anything other than the F-keys out of the box. I believe it also means that resuming from suspend to RAM breaks these keys.

That said, Shuduo Sang from Canonical has released several versions of a patch to to the thinkpad_acpi kernel module which adds support for the Home mode. The other modes (web and chat) do not seem to be supported. The latest version of the patch is on on the Linux Kernel Mailing List and the relevant commits are:

330947b save and restore adaptive keyboard mode for suspend and,resume
3a9d20b support Thinkpad X1 Carbon 2nd generation's adaptive keyboard

Although this is not supported in Debian testing at the time of writing, a bug was filed in Debian and quickly fixed by Ben Hutchings in Debian kernel version 3.14.2-1 which is currently in sid/unstable. As a result, if you install the latest version kernel from Debian unstable (3.14.2-1 or later), the adaptive keyboard just works.

If you aren’t using Debian and if kernel you are using does not have support, you might be patching your kernel.

General Impressions

As I have described in my interview with The Setup, I have been a user of ThinkPad X-series laptops for many years. This is my sixth X-series ThinkPad.

Overall, I quite like the hardware! Once things mature a little bit, I think that this will be a great laptop for running GNU/Linux. That said, I ordered the laptop without realizing that the X1 Carbon had gone through a major revision! The keyboard was quite a suprise. I think that changing a system so radically without changing the model name/number is a very bad move on Lenovo’s part.

There are two remaining issues with the system I’m still struggling with: (1) the keyboard layout is freaky and weird, and (2) the super high resolution screen breaks many things.

The quality of the keyboard itself is great and worthy of the ThinkPad name. That said, there are two ways in which it is strange. The first is the adaptive keyboard strip. Overall, it works surprisingly well and I think it is a clever idea. My sense is that the strip is more annoying in Windows because it changes out from under you all the time. In GNU/Linux, only manual changing of modes is supported. This, in my opinion, is a feature. I do miss the real feedback you get from pressing keys but for F-keys and volume-keys that I don’t use often this isn’t too important. On the downside, I have realized several times that I had been holding down a “button” for several seconds and not noticed.

The more annoying issue with the keyboard is the way that the other keys have moved around. Getting rid of the CapsLock is wonderful! How has this taken so long? Replacing it with a split Home and End keys is nuts. I’ve remapped the Home and End to put Control back where it should be. My right Control to now Home but I still don’t have an End key. The split Backspace and Delete is not a problem for me. The tilde/apostrophe is in a very bad place. There is no Insert, Print Screen/SysRq, Scroll Lock, Pause/Break or NumLock. They are all just gone. Surprisingly, I haven’t missed any of them.

The second issue is the 2560×1440 resolution on the 14 inch screen. I use a 27 inch external monitor with the same native resolution laptop but, by my arithmetic, the pixel density on the laptop is 210 DPI instead 109 DPI on the external monitor. The result is “the scaling problem” and it’s a huge pain that seems mostly unsolved on any operating system.

Fonts and widgets that look good on the laptop look huge on my external monitor. Stuff that looks good on my external monitor looks minuscule on the laptop. I routinely move windows between my laptop screen and my large monitor. Until I find a display system that can handle this kind of scaling effectively, this requires changing font size and zooming all the time. At the moment, I’m shrinking and expanding my font size using the built in hot keys in Emacs, Gnome Terminal, and Firefox/Iceweasel. I love the high resolution screen but the current situation is crazy-making.

Finally, this setup will not get you into the Church of Emacs and it’s not about to find its way onto the FSF’s list of endorsed hardware. For one, I paid the Windows tax. Beyond that, there is the non-free BIOS and the need for non-free firmware to use the wireless and Bluetooth. This is standard for ThinkPads but it isn’t getting any easier to swallow. There are alternatives in the form of Gluglug’s X60 laptops running CoreBoot, Lemote Yeelong laptops, Bunnie Huang’s Novena and others that are better in these regards. I am very excited for these projects but, for a number of reasons, these just weren’t an option for the laptop I use for my research computing.

Update: I’ve changed he configuration option for the synaptics touchpad to match what I’m now actually doing.

by Benjamin Mako Hill at August 23, 2014 09:39 PM

Apple HealthKit and VRM

Withhealthkit-hero iOS8, Apple is releasing a pile of new capabilities for developers, such as HomeKit, CarPlay, Family Sharing and HealthKit. These don’t just bring new stuff to your iPhone and iPad. Start digging and you see a framework for personal control of one’s interactions in the world: one that moves Apple away from the norms set by Google, Yahoo, Facebook and other companies that make most of their money in the advertising business.  Explains Greg Lloyd,

Google, Yahoo and others gather correlate, analyze and use personal identity metadata including your location, search history, browsing history to monetize for their own purposes or to sell to others. I believe Apple is trying to build a counter story on security using identity and services encapsulated in devices you own. In addition to continuity, examples include OS8 MAC address randomization for WiFi localization privacy and hardware partitioned storage of iOS fingerprint data.

The italics are mine. Our devices — phones in particular — are becoming extensions of our selves: as personal as our chothes, wallets and keys. They bring new ways for us to engage with people, organizations and other things in the world. There is enormous room for growth in personal empowerment with these devices, especially if those devices are fully ours, and not the hands of advertising companies in our pockets.

Apple, one hopes, aims mainly to enhance our agency — our capacity to act with effect in the world — through our mobile devices. And they have an important advantage, beyond their gigantic size and influence: we pay them. We don’t pay Google, Facebook and Yahoo for most of what we get from them. Advertisers do.

Haydn Shaughnessy unpacks the difference in The Revolution Hidden In The Apple Health Kit :

When you do business with Google, as a consumer, you strike a deal. In return for free search you get ads and for those ads you agree to your data being collected, stored and sold on. The way Apple sees business up ahead, when you use an Apple health service, Apple manages data for you, on your terms. That is a revolution.

health_iconSo, as I’ve been digging thorugh the scant literature on Healthkit and Apple’s new Health app, I’ve looked for ways they line up with VRM principles, goals and tool requirements. Here’s what I see (√ is yes, ? is don’t know. x is no — but I don’t see any of those yet):

VRM Principles

√ Customers must enter relationships with vendors as independent actors
√ Customers must be the points of integration for their own data
√ Customers must have control of data they generate and gather. This means they must be able to share data selectively and voluntarily.
? Customers must be able to assert their own terms of engagement.
√* Customers must be free to express their demands and intentions outside of any one company’s control.

VRM Goals

√ Provide tools for individuals to manage relationships with organizations.
√ Make individuals the collection centers for their own data, so that transaction histories, health records, membership details, service contracts, and other forms of personal data are no longer scattered throughout a forest of silos.
√ Give individuals the ability to share data selectively, without disclosing more personal information than the individual allows.
√ Give individuals the ability to control how their data is used by others, and for how long. At the individual’s discretion, this may include agreements requiring others to delete the individual’s data when the relationship ends.
? Give individuals the ability to assert their own terms of service, reducing or eliminating the need for organization-written terms of service that nobody reads and everybody has to “accept” anyway.
? Give individuals means for expressing demand in the open market, outside any organizational silo, without disclosing any unnecessary personal information.
? Make individuals platforms for business by opening the market to many kinds of third party services that serve buyers as well as sellers
? Base relationship-managing tools on open standards and open APIs (application program interfaces).

VRM Tools:

√* VRM tools are personal. As with hammers, wallets, cars and mobile phones, people use them as individuals,. They are social only in secondary ways.
? VRM tools help customers express intent. These include preferences, policies, terms and means of engagement, authorizations, requests and anything else that’s possible in a free market, outside any one vendor’s silo or ranch.
√ VRM tools help customers engage. This can be with each other, or with any organization, including (and especially) its CRM system.
√ VRM tools help customers manage. This includes both their own data and systems and their relationships with other entities, and their systems.
√* VRM tools are substitutable. This means no source of VRM tools can lock users in.

That’s a wishful reading, and conditional in many ways. The *, for example, means “within Apple’s walled garden,” which may not be substitutable. Greg thinks this isn’t a problem:

…many people value a safer, more consistent, curated, and delightfully designed user experience to a toolkit… I want my personal information and keys to access heath, home, car, family information stored in a walled garden in a device I own, with gated access looking in for Apps I authorize, and freedom to search, link and use anything looking out. Apple appears to be develop its stack top down, starting from a vision of a seamless user experience that just works, giving developers the extensions they need to innovate and prosper.

As a guy who favors free software and open source, I agree to the extent that I think the best we can get at this stage is a company with the heft of an Apple stepping and doing some Right Things. If we’re lucky, we’ll get what Brian Behlendorf calls “minimum viable centralization.” And maximum personal empowerment. Eventually.

I am also made hopeful by some of the other stuff I’m seeing. For example, Haydn quotes this from @PaulMadsen of Ping Identity (both of which are old friends of VRM):

Apple is positioning its Health app as the point of aggregation for all the user’s different health data, and Health Kit the development platform to enable that integration.

In this I hear echoed (or at least validated) Joe Andrieu‘s landmark post, VRM — The User as a Point of Integration.

I also think Apple is the only company today that in a position to lead in that direction. Microsoft might have been able to do it when they dominated the desktop world, but those days are long gone. Our main devices are now mobile ones, where Apple has a huge share and great influence.

Apple is also working with Epic Systems (the largest B2B tech provider to the health care business) and the Mayo Clinic (the “first and largest integrated nonprofit medical group practice in the world”). Out of the gate this has enormous promise for bringing health care systems into alignment with the individual, and for providing foundations for real VRM+CRM connections.

Of course we’ll know a lot more once iOS 8 gets here.

Meanwhile, some questions.

  • Can data gathered in the Health app easily flowed out into one’s non-Apple personal cloud or data store, and then flowed into the health care system of the individual’s choice?
  • In more concrete terms, would a UK citizen with integrated data in her Health app be able to flow that data into her Mydex personal data store, and from there into the National Health Service?  I don’t know, but I hope Mydex, Paoga, Ctrl-Shift and other players in the UK can find out soon, if they don’t know already.
  • Likewise, for the U.S., I would like to know if data can flow, at the individual’s control, back and forth from one’s Personal data vault or one’s Bosonweb or Emmett personal cloud and one’s Apple-hosted health data cloud (or a self-hosted one connected to one’s Apple cloud. And if data can easily flow from those to doctors and other health care providers. In Personal’s case, I’d like to know if data can flow through the Fill It app, which would be a handy thing.
  • For Australia and New Zealand, I’d like to know if the same thing can be done for individuals from their MyWave, Welcomer, Geddup or Onexus personal clouds. I’d also like to know if data in the Health app can be viewed and used through, for example, Meeco‘s app. And what are the opportunities for any of those companies, plus 4th Party, Flamingo and other players, to participate in an ecosystem that has any and all of the companies just mentioned, plus Medicare (the Australian national health service, not to be confused with the American one just for persons 65+)?
  • Same questions go for Qiy in the Netherlands, CozyCloud in France, and many other VRooMy developers in other places. And what’s the play for the Respect Network, which brings consistencies to what many of the developers listed above bring to the market?

In all cases the unanswered question is whether or not your health data is locked inside Apple’s Health app. Apple says no: “With HealthKit, developers can make their apps even more useful by allowing them to access your health data, too. And you choose what you want shared. For example, you can allow the data from your blood pressure app to be automatically shared with your doctor. Or allow your nutrition app to tell your fitness apps how many calories you consume each day. When your health and fitness apps work together, they become more powerful. And you might, too.”

Sounds VRooMy to me. But we’ll see.


by Doc Searls at August 23, 2014 04:32 PM

Bruce Schneier
The Security of al Qaeda Encryption Software

The web intelligence firm Recorded Future has posted two stories about how al Qaeda is using new encryption software in response to the Snowden disclosures. NPR picked up the story a week later.

Former NSA Chief Council Stewart Baker uses this as evidence that Snowden has harmed America. Glenn Greenwald calls this "CIA talking points" and shows that al Qaeda was using encryption well before Snowden. Both quote me heavily, Baker casting me as somehow disingenuous on this topic.

Baker is conflating my stating of two cryptography truisms. The first is that cryptography is hard, and you're much better off using well-tested public algorithms than trying to roll your own. The second is that cryptographic implementation is hard, and you're much better off using well-tested open-source encryption software than you are trying to roll your own. Admittedly, they're very similar, and sometimes I'm not as precise as I should be when talking to reporters.

This is what I wrote in May:

I think this will help US intelligence efforts. Cryptography is hard, and the odds that a home-brew encryption product is better than a well-studied open-source tool is slight. Last fall, Matt Blaze said to me that he thought that the Snowden documents will usher in a new dark age of cryptography, as people abandon good algorithms and software for snake oil of their own devising. My guess is that this an example of that.

Note the phrase "good algorithms and software." My intention was to invoke both truisms in the same sentence. That paragraph is true if al Qaeda is rolling their own encryption algorithms, as Recorded Future reported in May. And it remains true if al Qaeda is using algorithms like my own Twofish and rolling their own software, as Recorded Future reported earlier this month. Everything we know about how the NSA breaks cryptography is that they attack the implementations far more successfully than the algorithms.

My guess is that in this case they don't even bother with the encryption software; they just attack the users' computers. There's nothing that screams "hack me" more than using specially designed al Qaeda encryption software. There's probably a QUANTUMINSERT attack and FOXACID exploit already set on automatic fire.

I don't want to get into an argument about whether al Qaeda is altering its security in response to the Snowden documents. Its members would be idiots if they did not, but it's also clear that they were designing their own cryptographic software long before Snowden. My guess is that the smart ones are using public tools like OTR and PGP and the paranoid dumb ones are using their own stuff, and that the split was the same both pre- and post-Snowden.

by Bruce Schneier at August 23, 2014 04:20 AM

August 22, 2014

Berkman Center front page
Berkman Buzz: August 22, 2014

The Berkman Buzz is selected weekly from the posts of Berkman Center people and projects.
To subscribe, click here.

David Weinberger reflects on the social web of 2003


The Web was social before it had social networking software. It just hadn’t yet evolved a pervasive layer of software specifically designed to help us be social.

In 2003 it was becoming clear that we needed — and were getting — a new class of application, unsurprisingly called “social software.” But what sort of sociality were we looking for? What sort could such software bestow?

From David Weinberger's piece for Medium, "The social web before social networking: a report from 2003"
About David | @dweinberger

Sara Watson explores legible data and digital literacy


I had the honor of speaking in a session about a Crash Course in Digital Literacy at The Conference in Malmö this week. It got written up in Wired UK, which provides a really good summary of my talk.

I argued that in order to develop digital literacy, we need to take the first step towards making data legible. To do so, I outlined how platforms, plugins, and personal interventions are allowing us to read the data and algorithms around us, and are teaching us how to interrogate our digital environments.

From Sara Watson's blog post, "Legible Data"
About Sara | @smwat

Quotation mark

The first public statement by one of the #Facebook emotional manipulation experiment's co-authors. #ethics
>—Christian Sandvig (@niftyc)

Justin Reich examines the privacy problems of big data


You can have anonymous data or you can have open science, but you can't have both.

That's the conclusion that several colleagues and I reach in an article now online at Queue and forthcoming in Communications of the Association of Computing Machinery.

The short version: many people have called for making science more open and transparent by sharing data and posting data openly. This allows researchers to check each other's work and to aggregate smaller datasets into larger ones. One saying that I'm fond of is: "the best use of your dataset is something that someone else will come up with." The problem is that increasingly, all of this data is about us. In education, it's about our demographics, our learning behavior, and our performance. Across the social sciences, it's about our health, our beliefs, and our social connections. Sharing and merging data adds to the risk of disclosing those data.

From Justin Reich's piece for EdTechResearcher, "Privacy, Anonymity, and Big Data in the Social Sciences"
About Justin | @bjfr

Schneier-Sherlock fanfic now exists

Quotation mark

The man's eyes darted around the room.... "By the paper cups circling your desk I further deduce that you're out of coffee, which indicates that you haven't left your office in some time ... or that your colleagues keep stealing your coffee from the kitchen. Yes, from the hastily-scrawled Post-It notes, I'd say that's it. I'd talk to Zittrain if I were you."

Schneier took a step back, taking in the man's rapid-fire deductions with an eyebrow raised. "And what is your name, sir?"

"Holmes," the man in the chair said. "Sherlock Holmes. I'd say I'm pleased to make your acquaintance, but to be quite frank, I'm terrified by your hair." He stood up, refusing Schneier's handshake. "No touching, please."

From "notlosers" on LiveJournal, as linked to from Bruce Schneier's blog post, Chapter 137 of My Surreal Life
About Bruce | @schneierblog
Photo of Benedict Cumberbatch as Sherlock by Fat Les. Licensed under CC BY 2.0 via Wikimedia Commons.

Quotation mark

Starting to list fall research asst. opportunities with our projects! List evolving here:
>—Berkman Center (@berkmancenter)

Inuit Filmmakers Are Documenting Their Traditional Way of Life in the Small Canadian Hamlet of Arviat

Quotation mark

"Just think what the next generation will be able to do...."

Those words of wisdom were shared by the late Inuit elder Mark Kalluak, who marveled at the possibilities provided by digital technologies in the hands of young people in the community of Arviat, which sits on the western shore of Hudson Bay in the Nunavut Territory in Canada. Much of Kalluak's life was devoted to passing along traditional Inuit knowledge to the next generations through the creation of educational curricula.

From Eduardo Avila's post for Global Voices, "Inuit Filmmakers Are Documenting Their Traditional Way of Life in the Small Canadian Hamlet of Arviat"
About Global Voices Online | @globalvoices

This Buzz was compiled by Rebekah Heacock.

To manage your subscription preferences, please click here.

by rheacock at August 22, 2014 08:39 PM

David Weinberger
The social Web before social networks: a report from 2003

The Web was social before it had social networking software. It just hadn’t yet evolved a pervasive layer of software specifically designed to help us be social.

In 2003 it was becoming clear that we needed — and were getting — a new class of application, unsurprisingly called “social software.” But what sort of sociality were we looking for? What sort could such software bestow?

That was the theme of Clay Shirky’s 2003 keynote at the ETech conference, the most important gathering of Web developers of its time. Clay gave a brilliant talk,“A Group Is Its Own Worst Enemy,” in which he pointed to an important dynamic of online groups. I replied to him at the same conference (“The Unspoken of Groups”). This was a year before Facebook launched. The two talks, especially Clay’s, serve as reminders of what the Internet looked like before social networks.

Here’s what for me was the take-away from these two talks:

The Web was designed to connect pages. People, being people, quickly created ways for groups to form. But there was no infrastructure for connecting those groups, and your participation in one group did nothing to connect you to your participation in another group. By 2003 it was becoming obvious (well, to people like Clay) that while the Internet made it insanely easy to form a group, we needed help — built into the software, but based on non-technological understanding of human sociality — sustaining groups, especially now that everything was scaling beyond imagination.

So this was a moment when groups were increasingly important to the Web, but they were failing to scale in two directions: (1) a social group that gets too big loses the intimacy that gives it its value; and (2) there was a proliferation of groups but they were essential disconnected from every other group.

Social software was the topic of the day because it tried to address the first problem by providing better tools. But not much was addressing the second problem, for that is truly an infrastructural issue. Tim Berners-Lee’s invention of the Web let the global aggregation of online documents scale by creating an open protocol for linking them. Mark Zuckerberg addressed the issue of groups scaling by creating a private company, with deep consequences for how we are together online.

Clay’s 2003 analysis of the situation is awesome. What he (and I, of course) did not predict was that a single company would achieve the position of de facto social infrastructure.

When Clay gave his talk, “social software” was all the rage, as he acknowledges in his very first line. He defines it uncontroversially as “software that supports group interaction.” The fact that social software needed a definition already tells you something about the state of the Net back then. As Clay said, the idea of social software was “rather radical” because “Prior to the Internet, the last technology that had any real effect on the way people sat down and talked together was the table,” and even the Internet so far was not doing a great job supporting sociality at the group level.

He points out that designers of social software are always surprised by what people do with their software, but thinks there are some patterns worth attending to. So he divides his talk into three parts: (1) pre-Internet research that explains why groups tend to become their own worst enemy; (2) the “revolution in social software” that makes this worth thinking about; and (3) “about a half dozen things…that I think are core to any software that supports larger, long-lived groups.”

Part 1 uses the research of W.R. Bion from his 1961 book, Experiences in Groups that leads him, and Clay, to conclude that because groups have a tendency to sandbag “their sophisticated goals with…basic urges,” groups need explicit formulations of acceptable behaviors. “Constitutions are a necessary component of large, long-lived, heterogenous groups.”

Part 2 asks: if this has been going on for a long time, why is it so important now? “I can’t tell you precisely why, but observationally there is a revolution in social software going on. The number of people writing tools to support or enhance group collaboration or communication is astonishing.”

The Web was getting very very big by 2003 and Clay points says that “we blew past” the “interesting scale of small groups.” Conversation doesn’t scale.

“We’ve gotten weblogs and wikis, and I think, even more importantly, we’re getting platform stuff. We’re getting RSS. We’re getting shared Flash objects. We’re getting ways to quickly build on top of some infrastructure we can take for granted, that lets us try new things very rapidly.”

Why did it take so long to get weblogs? The tech was ready from the day we had Mosaic, Clay says. “I don’t know. It just takes a while for people to get used to these ideas.” But now (2003) we’re fully into the fully social web. [The social nature of the Web was also a main theme of The Cluetrain Manifesto in 2000.]

What did this look like in 2003, beyond blogs and wikis? Clay gives an extended, anecdotal example. He was on a conference all with Joi Ito, Peter Kaminski, and a few others. Without planning to, the group started using various modalities simultaneously. Someone opened a chat window, and “the interrupt logic” got moved there. Pete opened a wiki and posted its URL into the chat. The conversation proceeded along several technological and social forms simultaneously. Of course this is completely unremarkable now. But that’s the point. It was unusual enough that Clay had to carefully describe it to a room full of the world’s leading web developers. It was a portent of the future:

This is a broadband conference call, but it isn’t a giant thing. It’s just three little pieces of software laid next to each other and held together with a little bit of social glue. This is an incredibly powerful pattern. It’s different from: Let’s take the Lotus juggernaut and add a web front-end.

Most important, he says, access is becoming ubiquitous. Not uniformly, of course. But it’s a pattern. (Clay’s book Here Comes Everybody expands on this.)

In Part 3, he asks: “‘What is required to make a large, long-lived online group successful?’ and I think I can now answer with some confidence: ‘It depends.’ I’m hoping to flesh that answer out a little bit in the next ten years.” He suggests we look for the pieces of social software that work, given that “The normal experience of social software is failure.” He suggests that if you’re designing social software, you should accept three things:

  1. You can’t separate the social from the technical.
  2. Groups need a core that watches out for the well-being of the group itself.
  3. That core “has rights that trump individual rights in some situations.” (In this section, Clay refers to Wikipedia as “the Wikipedia.” Old timer!)

Then there are four things social software creators ought to design for:

  1. Provide for persistent identities so that reputations can accrue. These identities can of course be pseudonyms.
  2. Provide a way for members’ good work to be recognized.
  3. Put in some barriers to participation so that the interactions become high-value.
  4. As the site’s scale increases, enable forking, clustering, useful fragmentation.

Clay ends the talk by reminding us that: “The users are there for one another. They may be there on hardware and software paid for by you, but the users are there for one another.”

This is what “social software” looked like in 2003 before online sociality was largely captured by a single entity. It is also what brilliance sounds like.

I gave an informal talk later at that same conference. I spoke extemporaneously and then wrote up what I should have said. My overall point was that one reason we keep making the mistake that Clay points to is that groups rely so heavily on unspoken norms. Making those norms explicit, as in a group constitution, can actually do violence to the group — not knife fights among the members, but damage to the groupiness of the group.

I said that I had two premises: (1) groups are really, really important to the Net; and (2) “The Net is really bad at supporting groups.”

It’s great for letting groups form, but there are no services built in for helping groups succeed. There’s no agreed-upon structure for representing groups. And if groups are so important, why can’t I even see what groups I’m in? I have no idea what they all are, much less can I manage my participation in them. Each of the groups I’m in is treated as separate from every other.

I used Friendster as my example “because it’s new and appealing.” (Friendster was an early social networking site, kids. It’s now a gaming site.) Friendster suffers from having to ask us to make explicit the implicit stuff that actually matters to friendships, including writing a profile describing yourself and having to accept or reject a “friend me” request. “I’m not suggesting that Friendster made a poor design decision. I’m suggesting that there is no good design decision to be made here.” Making things explicit often does violence to them.

That helps explains why we keep making the mistake Clay points to. Writing a constitution requires a group to make explicit decisions that often break the groups apart. Worse, I suggest, groups can’t really write a constitution “until they’ve already entangled themselves in thick, messy, ambiguous, open-ended relationships,” for “without that thicket of tangles, the group doesn’t know itself well enough to write a constitution.”

I suggest that there’s hope in social software if it is considered to be emergent, rather than relying on users making explicit decisions about their sociality. I suggested two ways it can be considered emergent: “First, it enables social groups to emerge. It goes not from implicit to explicit, but from potential to actual.” Second, social software should enable “the social network’s shape to emerge,” rather than requiring upfront (or, worse, topdown) provisioning of groups. I suggest a platform view, much like Clay’s.

I, too, ask why social software was a buzzword in 2003. In part because the consultants needed a new topic, and in part because entrepreneurs needed a new field. But perhaps more important (I suggested), recent experience had taught us to trust that we could engage in bottom-up sociality without vandals ripping it all to part. This came on the heels of companies realizing that the first-generation topdown social software (e.g., Lotus Notes) was stifling as much sociality and creativity as it was enabling. But our experience with blogs and wikis over the prior few years had been very encouraging:

Five years ago, it was obvious beyond question that groups need to be pre-structured if the team is to “hit the ground running.” Now, we have learned — perhaps — that many groups organize themselves best by letting the right structure emerge over time.

I end on a larger, vaguer, and wrong-er point: “Could we at last be turning from the great lie of the Age of Computers, that the world is binary?” Could we be coming to accept that the “world is ambiguous, with every thought, perception and feeling just a surface of an unspoken depth?”


by davidw at August 22, 2014 06:54 PM

Bruce Schneier
Friday Squid Blogging: Te Papa Museum Gets a Second Colossal Squid

That's two more than I have. They're hoping it's a male.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at August 22, 2014 05:18 PM

Automatic Scanning for Highly Stressed Individuals

This borders on ridiculous:

Chinese scientists are developing a mini-camera to scan crowds for highly stressed individuals, offering law-enforcement officers a potential tool to spot would-be suicide bombers.


"They all looked and behaved as ordinary people but their level of mental stress must have been extremely high before they launched their attacks. Our technology can detect such people, so law enforcement officers can take precautions and prevent these tragedies," Chen said.

Officers looking through the device at a crowd would see a mental "stress bar" above each person's head, and the suspects highlighted with a red face.

The researchers said they were able to use the technology to tell the difference between high-blood oxygen levels produced by stress rather than just physical exertion.

I'm not optimistic about this technology.

by Bruce Schneier at August 22, 2014 11:23 AM

August 21, 2014

Bruce Schneier
QUANTUM Technology Sold by Cyberweapons Arms Manufacturers

Last October, I broke the story about the NSA's top secret program to inject packets into the Internet backbone: QUANTUM. Specifically, I wrote about how QUANTUMINSERT injects packets into existing Internet connections to redirect a user to an NSA web server codenamed FOXACID to infect the user's computer. Since then, we've learned a lot more about how QUANTUM works, and general details of many other QUANTUM programs.

These techniques make use of the NSA's privileged position on the Internet backbone. It has TURMOIL computers directly monitoring the Internet infrastructure at providers in the US and around the world, and a system called TURBINE that allows it to perform real-time packet injection into the backbone. Still, there's nothing about QUANTUM that anyone else with similar access can't do. There's a hacker tool called AirPwn that basically performs a QUANTUMINSERT attack on computers on a wireless network.

A new report from Citizen Lab shows that cyberweapons arms manufacturers are selling this type of technology to governments around the world: the US DoD contractor CloudShield Technologies, Italy's Hacking Team, and Germany's and the UK's Gamma International. These programs intercept web connections to sites like Microsoft and Google -- YouTube is specially mentioned -- and inject malware into users' computers.

Turkmenistan paid a Swiss company, Dreamlab Technologies -- somehow related to the cyberweapons arms manufacturer Gamma International -- just under $1M for this capability. Dreamlab also installed the software in Oman. We don't know what other countries have this capability, but the companies here routinely sell hacking software to totalitarian countries around the world.

There's some more information in this Washington Post article, and this essay on the Intercept.

In talking about the NSA's capabilities, I have repeatedly said that today's secret NSA programs are tomorrow's PhD dissertations and the next day's hacker tools. This is exactly what we're seeing here. By developing these technologies instead of helping defend against them, the NSA -- and GCHQ and CSEC -- are contributing to the ongoing insecurity of the Internet.

Related: here is an open letter from Citizen Lab's Ron Diebert to Hacking Team about the nature of Citizen Lab's research and the misleading defense of Hacking Team's products.

by Bruce Schneier at August 21, 2014 11:22 PM

Harry Lewis
Minerva and Plutarch
The Atlantic has a good piece about the Minerva Project, AKA Minerva U. I contributed a few thoughts:
“Like other things that are going on now in higher ed, Minerva brings us back to first principles,” says Harry R. Lewis, a computer-science professor who was the dean of Harvard’s undergraduate college from 1995 to 2003. What, he asks, does it mean to be educated? Perhaps the process of education is a profound one, involving all sorts of leaps in maturity that do not show up on a Kosslyn-style test of pedagogical efficiency. “I’m sure there’s a market for people who want to be more efficiently educated,” Lewis says. “But how do you improve the efficiency of growing up?” 
He warns that online-education innovations tend to be oversold. “They seem to want to re-create the School of Athens in every little hamlet on the prairie—and maybe they’ll do that,” he told me. “But part of the process of education happens not just through good pedagogy but by having students in places where they see the scholars working and plying their trades.”
He calls the “hydraulic metaphor” of education—the idea that the main task of education is to increase the flow of knowledge into the student—an “old fallacy.” As Lewis explains, “Plutarch said the mind is not a vessel to be filled but a fire to be lit. Part of my worry about these Internet start-ups is that it’s not clear they’ll be any good at the fire-lighting part.”
Steve Kosslyn is a good guy and I wish him well with his efforts. I am skeptical that Minerva is the real solution to any real problem. But it is a serious effort backed by serious money, so let a thousand flowers bloom; this one may find a small ecological niche in which it can become a perennial of limited range.

by Harry Lewis ( at August 21, 2014 08:48 PM

August 20, 2014

Amanda Palmer
TA DA! THE ART OF ASKING has a COVER. (warning: contains NSFW behind-the-scenes nakedness)

hola dears

greetings from the woods. i’ll get to the bizarre story of what i’m doing in the woods for the next few months after i deal with book madness.
gimme a couple days. i’m also overflowing with fucking email and work having not been behind my desk properly for OH ABOUT SIX MONTHS and the pile-up is exxxtreme.

but fuck it all my book is fucking DONE and it’s really good and i am still in some weird spinning postpartum book haze where i float between feeling relieved and happy and totally empty inside. i asked a friend of mine who writes REAL books about this feeling and he said: yes, that’s why i can’t stop writing books. so books are crack, basically. that’s nice to know. i cannot imagine trying to write another book at the moment. i’d rather get slammed in the face repeatedly by a two-by-four. maybe that’s the fog talking. who knows.

HERE IS THE COVER. i think it’s beautiful.

how did the cover come to be? long story long…i did a photo shoot a few months ago in new york (i tweeted from it, here it was):

…but even though some of the images were good, they weren’t great. while i was on the last leg of marathon-book-editing in san diego, i tried to think of who i knew in the area who would be down for a last minute shoot, and called allan amato. i knew him from doing photos like THIS (with only a few seconds before taking the stage at kevin smith’s smodcastle):

…or this one of me and himself:

he’s good. right?

i had the idea in my head that i could get a bunch of people/volunteers to show up at the shoot and paint or marker the book title onto my back, and that could somehow produce a great crowd-sourced looking book cover.

i phoned allan up, told him my idea, and it turned out that he was coincidentally throwing a PAINTING PARTY at his loft in LA a few days later.

NO SHIT, i said.

and thus our plan was born. allan was working on making exquisite corpse artworks using a ton of painter/comic friends of his, including dear david mack, for a kickstarter that CLOSES in just a few hours later TODAY, actually. as of writing this, it’s fully funded to the tune of $76k, with 756 backers.

we merged our concepts and his painting-party morphed into an amanda-painting party as well, with all of the artists (david, stephanie, jim, miho, soey, jon, satine, jason, christine, jim, and zac) taking a crack at lettering my body with the title. while they were all incredible, the one that wound up being used was by jason shawn alexander…it was the money shot fo shiz…

and a cover was born.

if you’re wondering about how all the rest of them looked, DO NOT DESPAIR. i think allan and i are going to cook up some revealing of the awesomeness of the other paint-jobs and maybe even (gasp) release some alt-copies of The Art of Asking with various covers. all depends what’s possible.

i still don’t have a date for when you guys will be able to order the signed book, but the PRE-ORDER of the unsigned book is ON:

BARNES & NOBLE (hardcover/NOOKbook/audiobook)
BOOKS-A-MILLION (hardcover/audiobook)
ITUNES (currently iBook only)

you can also use INDIEBOUND to find an indie bookstore near you (ones with book-books and e-books and audiobooks and surely other such types of books i am forgetting)!!! (and since people often ask, indiebound is in the UK now too, but i can’t attest to how helpful that version will be)

i’ll be saying a lot more about the pre-ordering of the book over the next few weeks and trying to keep you all in the loop. if you’re not onnit, please join the email list and stay tuned.

and here’s some shots of the painting party at allan’s…


if you are shooting a book cover


david mack lettering/sketches…

MY LIFE IS TERRIBLE (various states of getting drawed on…)

hair and make-up…

roman dirge, creator of lenore the cute little deal girl, throat-lettering…


the post-painting come-down…after i scrawled all over a photo of neil…

everybody (all the artists) and that’s allan with the thing sticking into his cheek :)

the end (for now).




by admin at August 20, 2014 02:00 PM

Harry Lewis
My Dialog with Deresiewicz
The Chronicle of Higher Education is featuring a back and forth between me and Bill Deresiewicz, author of Excellent Sheep and several derivative articles that have appeared in various fora recently. Bill is right that there is a lot on which we agree, but we seem to be looking at the same animal and seeing different things sometimes. The dialog has three plies in each direction; the Chronicle reproduces it just as we emailed back and forth to each other, with some links inserted.

A lot of reviews have been appearing, most not very thoughtful. I'd just like to add two points that we didn't cover in our exchange.

One expands what I said in a previous blog post, about how Deresiewicz's remedies, when they are addressed to real problems, are not at all well thought through. The writing has all the hallmarks of the work of a man who has never run anything, so has never had to balance opposing values and considerations. He is prone to sweeping, sometimes reckless prescriptions, voiced in very specific terms, which are not translatable into actual action plans and which start to unravel as soon as the surface is scratched. I mentioned before that the appealing idea of not cooperating with US News is silly. Not that I love US News, and of course it is outrageous when institutions let that tail wag their dogs. But what does he really mean? Not cooperate with any rating or ranking agency, including the federal government's if one comes to pass? Not give data to anyone about your institution, out of fear that a some kind of score would be extracted from it? Refuse to cooperate with US News  but give your data to its competitors? Have a board of censors that would decide which publications are honorable enough to give your data to, and somehow enjoin others from referencing it?

Another prescription Deresiewicz makes is this: Colleges "should refuse to be impressed by any experience or opportunity that was enabled by parental wealth." Again a fine impulse, and not news. If your father is president of a pharmaceutical firm and your research is done under the direction of its chief chemist, it would be foolish not to wonder who really did the work. But where does "wealth" begin? Does paying for test prep, or simply for an academic tutor, because your local school is awful, count as such an experience or opportunity? What if your parents aren't wealthy, but have made some sacrifice to compensate for the inadequacies of the school system? What if your family buys a house in a district with a good high school, is that an opportunity due to parental wealth. so your improved academic performance should be discounted? What if your family took out huge mortgages to make that possible? The various prescriptions for change seem to me operationally problematic, or dependent on the much larger social changes called for near the end of the book, such as making all high schools in America equally good. Another fine idea. How to do it in a federation of proudly autonomous states is another question.

The book is full of wild swings. Penn and Princeton are anti-intellectual; this is mentioned offhandedly as a matter of common knowledge. We are all so inbred we are soon going to grow tails. (Sorry, I don't have the chapter and verse of those two, so I may slightly be misstating them.) It's obviously not a scholarly work, but it's so shallow, so devoid of any acknowledgment of reasonable counterarguments to his theses or action plans, that it's really just not a very good book. Lacking, I should say, in those qualities of critical thinking that the author says the liberal arts are supposed to give us.

But there is one passage that makes me wonder whether Deresiewicz is even a person of good character. It's when he launches an attack on Amy Chua's Battle Hymn of the Tiger Mom. It's fine to attack Chua and her book; that's fair game. But at the end he goes after her daughter too.
As for her own children, the fact that one has gotten into Harvard now is not a validation of her methods. It is a condemnation of Harvard's, and of the system as a whole. Of course her daughter got into Harvard: that is exactly the kind of printing the system rewards. That's exactly what is wrong with it.
Whatever anyone thinks of tiger mom, it's only in North Korea that we take down children for the sins of their parents. I assume he doesn't actually know the daughter, but is dismissing her qualifications for admission wholesale on the basis of a stereotype he has drawn of her. (I don't know her either.) In the liberal societies for which Deresiewicz pleads, we don't do that to people. As a matter of professional ethics in academia, we don't attack students publicly. Ever. That is simply unethical. I am surprised no one else has pointed that out.

by Harry Lewis ( at August 20, 2014 02:13 AM

August 19, 2014

Bruce Schneier
New Snowden Interview in Wired

There's a new article on Edward Snowden in Wired. It's written by longtime NSA watcher James Bamford, who interviewed Snowden in Moscow.

There's lots of interesting stuff in the article, but I want to highlight two new revelations. One is that the NSA was responsible for a 2012 Internet blackout in Syria:

One day an intelligence officer told him that TAO­ -- a division of NSA hackers­ -- had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead -- rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet -- although the public didn't know that the US government was responsible....

Inside the TAO operations center, the panicked government hackers had what Snowden calls an "oh shit" moment. They raced to remotely repair the router, desperate to cover their tracks and prevent the Syrians from discovering the sophisticated infiltration software used to access the network. But because the router was bricked, they were powerless to fix the problem.

Fortunately for the NSA, the Syrians were apparently more focused on restoring the nation’s Internet than on tracking down the cause of the outage. Back at TAO's operations center, the tension was broken with a joke that contained more than a little truth: "If we get caught, we can always point the finger at Israel."

Other articles on Syria.

The other is something called MONSTERMIND, which is an automatic strike-back system for cyberattacks.

The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country -- a "kill" in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement.

A bunch more articles and stories on MONSTERMIND.

And there's this 2011 photo of Snowden and former NSA Director Michael Hayden.

by Bruce Schneier at August 19, 2014 07:56 PM

August 18, 2014

Bruce Schneier
Eavesdropping by Visual Vibrations

Researchers are able to recover sound through soundproof glass by recording the vibrations of a plastic bag.

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant.

This isn't a new idea. I remember military security policies requiring people to close the window blinds to prevent someone from shining a laser on the window and recovering the sound from the vibrations. But both the camera and processing technologies are getting better.

News story.

by Bruce Schneier at August 18, 2014 07:37 PM

metaLAB (at) Harvard
Raining Bricks—A Color Grading Experiment

metaLAB has been partaking in a Summer of Color this year, which has brought a different color-related topic before the group each week for a discussion followed by a short period of collaborative making and tinkering.

In looking at color’s relationship to the digital world, we examined the history and progression of black and white to film color processes and then to digital compression of color and processes of color grading. These last two items we explored through looking specifically at the capabilities of the Blackmagic Cinema Camera in our equipment arsenal.

One strength of the Blackmagic is its ability to capture 13-stops of dynamic range, with the choice between film Log and video REC709. Working with the film Log option, we shot sample footage, which, out of the camera appears muddy, muting saturation in favor of wider dynamic range information.

We then took this footage and bringing it into Final Cut X, did basic adjustments, reestablishing some contrast by raising the highlights, and lowering the shadows and also punching the saturation. Following on this, we also played with adjustment of color temperature to try and create a shift from a sunny day  to a rainstorm and back to a sunny day. The use of legos and brightly-colored umbrella was to make the color shifts more visibly apparent.

Subsequent color-grading tests will be done as part of the post-production process on our upcoming film, Cold Storage, which we anticipate for fall release.

by Cristoforo Magliozzi at August 18, 2014 07:21 PM

Sara M. Watson
Legible Data

[Edited 8/20 to add my talk crib notes and video below.]

I had the honor of speaking in a session about a Crash Course in Digital Literacy at The Conference in Malmö this week. It got written up in Wired UK, which provides a really good summary of my talk.

I argued that in order to develop digital literacy, we need to take the first step towards making data legible. To do so, I outlined how platforms, plugins, and personal interventions are allowing us to read the data and algorithms around us, and are teaching us how to interrogate our digital environments. 

The session was intended to be practical and grounded in applied tools, so I put together a brief list of resources for those listening in and interested in following up. My crib notes and the video are below.  Also, it's totally worth checking out my fellow session presenters Ingrid Burrington on the infrastructure of the internet (with gifs!) and Mattan Griffel on learning to code. There's also a joint Q&A from our session. And there were a lot of other great talks throughout the conference that are archived and worth checking out.

I've had a great time at The Conference, and I'm so thankful for the invitation and to the conference organizers and wonderful people I've met in Malmö this week. And I'm so impressed with how quickly their team got this slick video up. They are machines!


Google Ads Settings

Facebook to Let Users Alter Their Ad Profiles

Making Ads Better and Giving People More Control Over the Ads They See

Acxiom, About The Data

Mapping, and Sharing, the Consumer Genome

Acxiom Lets Consumers See Data It Collects




I Liked Everything I Saw on Facebook for Two Days. Here’s What It Did to Me

How Companies Learn Your Secrets

Theorizing Big Data (Janet Vertesi)

How One Woman Hid Her Pregnancy From Big Data

We Can Code It! Why computer literacy is the key to winning the 21st century.


We’re here to talk about digital literacy today, which is really about developing skills for reading and interpreting the digital world around us. Increasingly, our lives are made up of data, and processed by algorithms. Sensors and computing cycles are turning our activities and behaviors into data.

The most basic unit of the digital is rendered as ones and zeroes; it’s how computers read data. But it usually not human legible. The way we encounter most of the algorithms and data in our everyday lives tends to be obscured.

The idea behind this session, digital literacy, implies a certain kind of comprehension. But what is digital literacy if the data is hidden? Does anyone in the here recognize what this says?

Translated from binary, these ones and zeros turn into the most fundamental elements of human literacy—the alphabet. But I had to run them through a processor to make them human-legible. Maybe a few of you recognized the binary, but even those who code don’t spend a lot of time parsing ones and zeros so close to the metal.

People often say “I have nothing to hide.” But I’m afraid that’s only because we’re not familiar enough with the ways data is being used around us. Technology is digitally codifying our behaviors for those who have the power to collect and process the data, often leaving us in the dark outside the black box.

In order to work towards digital literacy, I argue that the data needs to be clear enough for us to read, first. We need to learn our digital ABC’s before we can move on to words and phrases and complex stories. Only then can we work on developing new digital literacies to understand what the data is telling us, and how others see us.

So today, I’m going to walk through how internet platforms, browser plugins, and individual people are making data and algorithms more legible for human readability.

As this is session is intended to be practical and grounded, I’ve put together a bunch of resources and links, which are listed above.


The places with the greatest consolidation of our data also have the most power over our digital experiences. Some of them have begun to acknowledge their responsibility to consumers by introducing new transparency tools. Google, Facebook, and even data brokers like Acxiom have recently developed dashboards that reflect back to us the data they have collected about our behaviors and interests.

Google offers a detailed list of all the things it thinks we might be interested based on our search and browser history. We can take a look by going to the Google Ads Setting page in our profile. 

When I looked at my own profile recently, I saw Google thought I was interested in home furnishings, and I opted to removed it from my profile. Of course keeping track of these settings is time consuming for the average user, but at least Google offers an opportunity to explore what our accumulated online habits say about us.

This summer, Facebook introduced a new interactive feature that allows us click on any ad in our feed. I have the option to tell Facebook that I don’t want to see a particular ad. And more importantly, it also gives me a new explanation about the profile information that the ad might be based on. In this example, an ad for home theater equipment is targeted to people who express interest in television shows on Facebook.

Facebook is taking important steps to draw a direct line between the type of ads we see and the personal data on which they are based. But Facebook reminds us that this is only “one of the reasons” we see an ad. This explanation risks oversimplifying the complexity that goes into displaying any given ad.

Acxiom is one of the largest data brokers in the world, aggregating information from online behaviors, surveys, and even public records. They have responded to consumer protection concerns about their powerful database by developing a personal portal view into our data profiles. shows us everything from household purchasing history, to education, to inferred marital status. When I looked at my own profile, for some reason they associated me with my parent’s driving registration records, so they thought I might be interested in purchasing a truck soon. I have the opportunity to correct that data point through the portal.

But doesn't tell me anything about how Acxiom classifies me when it bundles me with other consumers to sell me to potential advertisers. I don't know how that truck detail affects my consumer segmentation. And I certainly don't get to see how Acxiom's data broker customers intend to use my data. There's no link into the larger ecosystem to follow where my data trail ends up.

Each of these internet platforms for data has taken important steps towards becoming more transparent and making data at least partially legible to consumers. But in each of these cases, the data they provide offers only a partial view. We get to see what the data is, but not necessarily how it’s being used. 

We are also confronted with a catch 22. We're invited to correct for faulty assumptions and correlations by changing our profiles, and updating our details to more relevantly reflect our intentions. But that also requires offering up more data to these companies. So before I am convinced of doing that, I think we need more assurances about how the data is being used. I want to be able to follow the impacts of those alterations.


Going beyond what internet companies tell us about our profiles, some developers and researchers have started to build simple tools and interfaces to make data more legible. Sometimes, all it takes is to install a plugin to the browser, or grant API access to an application to make hidden data visible to us. These are some of the best tools we have as users to begin to see our data in the same way that companies, third parties, and governments might see our data.

After the Snowden revelations introduced us all to the concept of metadata, we started to wonder how much meaning could be uncovered from information about our communications habits. A group of MIT researchers released their tool, Immersion, which taps into our email metadata from Gmail and a few other providers. Interactive visualizations allow us to examine our network and personal timeline.

When I explored my own history, Immersion resurfaced a network of old roommates, and I was reminded of the history of important relationships as I moved cities and changed jobs. Seeing so much personal narrative in the interactive experience makes it all the more clear how meaningful this metadata might be to someone else.

Each time we visit a website, cookies are dropped in our browser that report back our activity to advertisers and other data broker networks. Ghostery is a browser plugin that shows us just how many third parties are listening in as a website loads. In this example, cookies from seven different companies were dropped just by visiting the front page of the New York Times. This plugin takes what’s hidden behind the browser and makes it visible. Ghostery allows us to start questioning the business practices of these companies like ScoreCard and WebTrends. Every time a page loads, we are made more conscious of the broader data ecosystem.

These cookies follow us everywhere we go on the web, and they are part of a larger network. Collusion is another browser plugin that displays the connections between the websites and the third parties listening in. By mapping out the network, we get to see where the data about our behaviors intersect and possibly influence each other.

With each of these plugins, I have to trust that their creators won’t misuse my data after I grant them access. We may learn from making our data legible in new ways, but it also introduces a new point of exposure of our digital activities.


We don’t always need special tools like plugins to begin to experiment with our digital environments. We can start by manipulating the inputs and watching the outputs of our data. I think of these personal database interventions. These are small scale experiments that expose the seams of the algorithm. At the more advanced end of the spectrum, some researchers and journalists are pulling stunts with their personal data, and in the process they teach us how to critically interrogate the system for ourselves.

Are we human readable, or machine-readable? Most of our friends know who we are on Facebook. So it’s easy to play with sneaky ways to throw advertisers off my scent by introducing false information into my digital profiles. Think of it as a digital version of the game of two truths and a lie. I have seen friends declare themselves the opposite sex, visit random sites that don’t match their hobbies, or plant humorous interests in their profiles to see how these planted data points affect their feed or ads. It is easier to catch the things that trickle down from a little data lie because it grabs our attention more than things that subtly match our more authentic history and behavior. Still, it's hard to know where the harms might be in playing with our data profiles like this. 

Mat Honan, a writer for Wired, recently took his Facebook experimentation a step further. He wanted to see what would happen if he liked literally everything that came through his Facebook feed for 48 hours. He wrote, “After checking in and liking a bunch of stuff over the course of an hour, there were no human beings in my feed anymore.” When his friends started to message, worried that his account had been hacked, he also discovered the network impacts of his activity on his friends’ feeds. Honan’s experiment essentially broke the algorithm, rendering Facebook almost unusable. This scale of intervention isn’t practical for most; it was a stunt. But we can all play with being more conscious of what we choose to like and don’t like to see how it affects our own feeds.

Knowing how important key life events are to advertisers, Janet Vertesi wanted to see if she could successfully hide her pregnancy from from the internet. In a talk at Theorizing the Web this spring, she detailed her efforts to mask any behavior that suggested the coming big change in her life, using everything from Tor to mask her browsing history, to paying cash for gift cards to avoid using her credit cards. She describes this project as an infrastructural inversion. It’s another extreme case, but it shows us just how far we might have to go to address the extent of our digital exposure.

From platforms, plugins, and personal data interventions, we are just beginning to scratch the surface. This serves as a brief introduction to the tools and techniques we have available to us to make data legible. Platforms are starting to change their posture towards us and taking our concerns seriously. Plugins are starting to help us explore the hidden ecosystem of data. And even at a small scale, we’re individually beginning to intervene in our own digital profiles and experiences, and learning about the systems along the way.


We are learning to become fluent in digital. Legibility is the first step towards clearly seeing the data and algorithms. We can start to build our vocabulary, sounding out the letters and phrases as we go. But the goal of learning to read isn’t enough.

Eventually we will need to develop even more advanced skills of interpretation. We can only comprehension and understand once we develop these more advanced skills to interpret the text of our digital lives.


Moving on from reading, we can learn the form by trying to write, too. Learning to code is a step towards claiming control over the imbalance of power in the dynamic with data. Some of us here will develop these skills in statistics, mapping networks, and manipulating APIs (and I believe Mattan will be talking more about that later this session.) 

Just because we can read all read doesn’t mean that we’re all cut out to write the next great digital novel. We won’t all learn to read binary, and we may not all need to learn javascript or python either. But we can develop our skills in computational thinking. As a recent Mother Jones piece argues: “The greatest contribution the young programmers bring isn't the software they write. It's the way they think.” 

Computational thinking empowers us to interrogate the data and algorithms that govern our lives. By poking and prodding data inputs and outputs, we are learning to reverse engineer these systems, or at the very least we’re practicing how to form hypotheses that speculate how data is being used. The more possible theories that we explore, the closer we get to holding others accountable for the uses of our data.


I want to leave you all with a few priorities we can focus on to get us closer to developing critical digital literacy.

First, we need to demand more of the digital platforms that manage our data. We have to keep asking Facebook, Google, and everyone else to provide the tools to tweak our personalized feeds and experiment with our own digital experiences. Right now they are offering us only a meager vocabulary list to learn from. We need them to put the pieces of our data story together to form a narrative.

And we still need more tools to help inform our choices about our digital engagement. Designers and engineers in the audience, I encourage you all to find new ways of incorporating digital legibility and literacy into the things that you build. Open up the black box and allow your users to play with features and filters. Make the causal connections more clear. If you have the coding skills, build tools that empower others to intervene and interpret our own data, as well.

And as individuals, we can all become a little more curious. Think critically about how that next click might influence our future experience. Question the underlying premise of the default settings, and the business models that they support. We don’t have to take everything for granted; we can develop digital literacy just by being curious.

Thank you!

by Sara M. Watson at August 18, 2014 06:46 PM

A Snapshot of Homelessness: Finding the Richer, Truer Story

Don Schonenbeck (photo by Clay Scott)

If I met Don Schonenbeck on the street, I’d probably step right past him. I’d walk by never understanding why he’s chosen to wander west coast highways — how a series of painful deaths thrust him toward alcohol and into depression. That’s why I appreciate stories like the one producer Clay Scott made about Don. (You should take five minutes right now and listen to it.)

When we workshopped it in our Second Ear program, I pushed Clay to go back to Don and dig up some tape we could use to restructure the piece. What Clay found when he went looking for Don wasn’t what we’d hoped, but it completely changed the nature of the story. It’s a lesson in how powerful revisiting a story can be. If you follow a person or a topic over time, the story will be richer — and truer.

Clay will explain in a moment. But first, a taste of what we talked about.

  • Narrative structure. Hooking the listener, clarifying chronology, and pacing emotional peaks.
  • Asking why, and then asking it again. People respond to death differently. That’s what makes death so interesting. Get to the bottom of what’s really going on.
  • Leading with sound. Start with the ambi, and don’t identify it right away.
  • Give emotion to the acts, use narration for the facts. Hey, it rhymes. But what I mean is that you can summarize a sequence of events, but only your subject’s voice can lend real emotion. So don’t overextend acts to explain boring info. Just keep the gems.
  • Recognizing the weird. When Don said he wanted to put himself in situations he could neither predict nor control, he was subverting a lot of human instinct. That’s something I want to hear more about in a raw, honest way.

Your turn. Take a listen to the “Before” and “After.” What differences do you hear?



Here’s Clay:

Producer Clay Scott

Producer Clay Scott

I’m used to working alone, so it was an incredible treat to have Erika Lantz and Genevieve Sponsler lend their astute ears to “I Ain’t Leavin My Road Dog,” a profile of Don, a homeless Montana man.  

I thought the original story (which aired back in January in my series “Mountain West Voices”) was pretty good. Listeners found it powerful and moving. People told me they appreciated hearing the type of voice they don’t often get a chance to hear.

In particular, my audience seemed to like the symmetry of the story: A man endures unimaginable tragedy, falls into a depression, and wanders the back roads of America for 20 years before deciding to settle down. When we leave him, he is working on a grant to help him open a small business. It’s almost a Hollywood ending, and it was very satisfying. In fact, the other two profiles I’ve done of homeless people in recent months had similar happy endings.  

But when Erika and Genevieve asked me to follow up with Don to add more depth to the story, I found that he had fallen off the wagon, and that he’d been kicked out of the shelter where he was staying. So much for the happy ending! I spent a few days looking for him, before learning that he had been seen walking out of town along the highway.  

After consulting with the Second Ear team, we decided that I still had a story, and agreed that I should add a sort of post script or epilogue to the original piece.

In the end, I think the re-worked piece turned out to be much more powerful than the original. Instead of the happy ending (appealing though it was) we have a story that is much more reflective of the reality of homelessness: a story about how easy it is to lose your moorings, and, having lost them, how incredibly hard it can be to find your way again.

A few additional notes: I didn’t mean to imply that we left the original story intact, and simply tacked on a postscript. Like the top notch radio brains they are, Erika and Genevieve were able improve the flow and pacing of the story significantly with a few deft and subtle changes: switching these two acts, bringing up the ambi a couple beats earlier here, tightening this track, lengthening this fade, etc. All in all, a wonderful experience to work with the Second Ear team.

[You can submit a story to Second Ear during the first five days of every month. Follow #SecondEar on Twitter to hear the latest and share your thoughts.]

The post A Snapshot of Homelessness: Finding the Richer, Truer Story appeared first on Public Radio Exchange.

by Erika Lantz at August 18, 2014 05:59 PM

Justin Reich
Privacy, Anonymity, and Big Data in the Social Sciences
A recent article suggests that open science may be irreconcilable with anonymous data, requiring a reconsideration of how we protect privacy in educational data.

by Justin Reich at August 18, 2014 01:46 AM

August 17, 2014

Bruce Schneier
Friday Squid Blogging: Squid Proteins and the Brain-Computer Interface

There's a protein in squid that might be useful in getting biological circuits to talk to computer circuits.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

by Bruce Schneier at August 17, 2014 07:43 PM

David Weinberger
fadeOut, fadeIn jQuery-style

Time for another in my series of occasional posts over-explaining simple programming tasks that took me longer to figure out than they should have.

Let’s say you’re writing a bit of JavaScript and want to fade the text of a component out, change the text, and fade it in. Assume you’re using jQuery to handle the fades. Assume that the component has an ID of “fader” and you want its initial text of “First” to be replaced by the text “Second.” Ok?

Here’s the simple HTML:

<div id="fader">First</div>

With jQuery, you fade an element out by first selecting the particular element. which you can do by putting its ID in quotes and prefixing it with a #: $("#fader"). Then you tell that element what method you want to execute, which in this case is the jQuery “fadeOut” command, with a duration expressed in microsecondsmilliseconds. Put ‘em together and you get the simple-but-powerful jQuery statement: $("#fader").fadeOut(500);. Likewise for the fadeIn command.

If you’re me, the first thing you’ll try will be:


function fadeMe(){









Click here to give it a try on the following sample text:


That’s not right. At least in my browser (Chrome). Instead of fading out “First” and fading in “Second,” the word “Second” fades out and then in. Presumably that’s because Javascript isn’t waiting for jQuery to complete the fadeout before moving to the instruction to substitute “Second” for “First” as the element’s text.

So here’s a way that works. (Note that I’m not saying it’s the best or right way. If it’s worse than that, if it’s actually the wrong way, please leave a comment and I’ll link to it at the top of his post. Thanks!)


function fadeMe(){


$(“#fader”).fadeOut(500, function(){









Click here to to try it on the text below:


The difference is that the second way adds a function to the jQuery’s fadeOut command that is invoked only after the fadeOut is completed. That function changes the text of the element and fades it in.

(Click here to reset both examples.)

(PS: I created the tables for the code by pasting it in here.)

by davidw at August 17, 2014 01:46 PM

August 16, 2014

Amanda Palmer
“dead poets society” TONIGHT in hudson, nyc, brooklyn, and wherever you can have one!!

ask and ye shall receive.
my friends from the UK, secret cinema, showed “dead poets society” all over their part of the world last night, and tonight, they are coming over here for three screenings they’ve helped coordinate throughout NY state.

a few photos from last night (attended by over 3,000 people across 7 venues, in aid of the mental health charity Mind)…

neil and i are teaming up last minute with Melissa auf der Maur and her amazing basilica hudson event space to present the film close to midnight. ALSO: we need 10 male actors to join us there in hudson for it…if you’re interested and can definitely come, please email eftihiast[AT]gmail[DOT]com ASAP for additional info.

…there are two NYC-area locations, as well.

i know this is short notice, but please come pay homage to robin williams in style.
suggested donation for the events is $10, with all proceeds going to NAMI (the National Alliance on Mental Illness).

(after a screening of “pitch perfect” at SSSP’s Front/Row Cinema)
One Seaport Plaza
199 Water Street
New York, NY 10038

(with an introduction by neil and i)
110 S Front Street
Hudson, NY 12534

VIDEOLOGY (Williamsburg) at 12am
308 Bedford Ave
Brooklyn, New York 11211

and of course, you can host your own screening wherever you are. invite friends. coordinate here in the blog comments or on facebook if you can. use the hashtag #DeadPoetsNY (as well as the aforementioned #OCaptainMyCaptain and secret cinema’s #SeizeTheDay).

RSVP, share, and find out more at secret cinema’s facebook. please tell your friends and loved ones and join us in person or in spirit.


by admin at August 16, 2014 07:18 PM

David Weinberger
Reason #554 we need gigabit Internet connections

Despite the claims of some — and unfortunately some of these some run the companies that provide the US with Internet access — there are n reasons why we need truly high-speed, high-capacity Internet access, where n = everything we haven’t invented yet.

For example…

If we had truly high-speed, high-capacity Internet access, protesters in Ferguson might have each worn a GoPro video camera, or even just all pressed “Record” on their smartphones, and those of us not in Ferguson could have dialed among them to see what’s happening. In fact, it’s pretty likely someone would have written an app that treats co-located video streams as a single source to be made sense of, giving us fish-eye, fly-eye perspectives anywhere we want to focus: a panopticon for social good.

by davidw at August 16, 2014 04:06 PM

Dan Gillmor - Guardian
Fergusons citizen journalists revealed the value of an undeniable video | Dan Gillmor

Until the police stops treating communities as war zones and people as enemy combatants, keep your phone handy

In Ferguson, Missouri this week, the public has turned the notion of see something, say something back on the state, via a digital tool of enormous power: online pictures and video. Their efforts which began days before reporters descended when Twitter user @TheePharaoh posted pictures immediately after a police officer killed an unarmed black teenager, Michael Brown have helped bring international attention to both Browns death and law enforcements disproportionate response to the ensuing protests.

Antonio French, an alderman in nearby St Louis, spent days posting to Twitter pictures and a series of videos of the demonstrations and police actions that he captured on his mobile phone and was reportedly arrested and then released on Wednesday evening. He is a citizen journalist of the best kind: a credible witness who has helped inform the wider public about a critical matter. Can anyone plausibly doubt that he and the two professional journalists who were briefly taken into custody after police demanded they stop recording were targeted because they were documenting law enforcement actions?

Continue reading...

by Dan Gillmor at August 16, 2014 01:35 PM

Bruce Schneier
Irrational Fear of Risks Against Our Children

There's a horrible story of a South Carolina mother arrested for letting her 9-year-old daughter play alone at a park while she was at work. The article linked to another article about a woman convicted of "contributing to the delinquency of a minor" for leaving her 4-year-old son in the car for a few minutes. That article contains some excellent commentary by the very sensible Free Range Kids blogger Lenore Skenazy:

"Listen," she said at one point. "Let's put aside for the moment that by far, the most dangerous thing you did to your child that day was put him in a car and drive someplace with him. About 300 children are injured in traffic accidents every day -- and about two die. That’s a real risk. So if you truly wanted to protect your kid, you'd never drive anywhere with him. But let’s put that aside. So you take him, and you get to the store where you need to run in for a minute and you’re faced with a decision. Now, people will say you committed a crime because you put your kid 'at risk.' But the truth is, there’s some risk to either decision you make.” She stopped at this point to emphasize, as she does in much of her analysis, how shockingly rare the abduction or injury of children in non-moving, non-overheated vehicles really is. For example, she insists that statistically speaking, it would likely take 750,000 years for a child left alone in a public space to be snatched by a stranger. "So there is some risk to leaving your kid in a car," she argues. It might not be statistically meaningful but it’s not nonexistent. The problem is,"she goes on, "there's some risk to every choice you make. So, say you take the kid inside with you. There’s some risk you'll both be hit by a crazy driver in the parking lot. There’s some risk someone in the store will go on a shooting spree and shoot your kid. There’s some risk he'll slip on the ice on the sidewalk outside the store and fracture his skull. There’s some risk no matter what you do. So why is one choice illegal and one is OK? Could it be because the one choice inconveniences you, makes your life a little harder, makes parenting a little harder, gives you a little less time or energy than you would have otherwise had?"

Later on in the conversation, Skenazy boils it down to this. "There’s been this huge cultural shift. We now live in a society where most people believe a child can not be out of your sight for one second, where people think children need constant, total adult supervision. This shift is not rooted in fact. It’s not rooted in any true change. It’s imaginary. It’s rooted in irrational fear."

Skenazy has some choice words about the South Carolina story as well:

But, "What if a man would've come and snatched her?" said a woman interviewed by the TV station.

To which I must ask: In broad daylight? In a crowded park? Just because something happened on Law & Order doesn't mean it's happening all the time in real life. Make "what if?" thinking the basis for an arrest and the cops can collar anyone. "You let your son play in the front yard? What if a man drove up and kidnapped him?" "You let your daughter sleep in her own room? What if a man climbed through the window?" etc.

These fears pop into our brains so easily, they seem almost real. But they're not. Our crime rate today is back to what it was when gas was 29 cents a gallon, according to The Christian Science Monitor. It may feel like kids are in constant danger, but they are as safe (if not safer) than we were when our parents let us enjoy the summer outside, on our own, without fear of being arrested.


by Bruce Schneier at August 16, 2014 08:53 AM

August 15, 2014

Berkman Center front page
Berkman Buzz: August 15, 2014

The Berkman Buzz is selected weekly from the posts of Berkman Center people and projects.
To subscribe, click here.

Zeynep Tufecki explains why #Ferguson is a net neutrality issue


Ferguson is about many things, starting first with race and policing in America.

But it’s also about internet, net neutrality and algorithmic filtering.

It’s a clear example of why “saving the Internet”, as it often phrased, is not an abstract issue of concern only to nerds, Silicon Valley bosses, and few NGOs. It’s why “algorithmic filtering” is not a vague concern.

It’s a clear example why net neutrality is a human rights issue; a free speech issue; and an issue of the voiceless being heard, on their own terms.

From Zeynep Tufekci's piece for Medium, "What Happens to #Ferguson Affects Ferguson: Net Neutrality, Algorithmic Filtering and Ferguson"
About Zeynep | @zeynep

Willow Brugh reflects on expressions, understanding, and accessibility


We have such an investment in the written word in our world right now. And it’s beautiful. Uses different parts of the brain at the same time, allows for storage of thought to be passed down and through and re-examined and loved through time. I love the written word.

But I am also dyslexic. I love books, but I hate reading – I feel like an idiot. I have to read each sentence twice (at least), at the same pace that I’d read aloud. I still don’t always understand what I’m reading – not the concept, mind you, simply the written words which are used to express it. I know the deep knowledge represented on each page, and yet I dredge through it like a 7 year old, frustrated by the time it takes to get through the simplest components. Still. At 30.

From Willow Brugh's blog post, "Expressions and Understanding"
About Willow | @willowbl00

Quotation mark

Brilliant account of how #Ferguson crisis would look through the lens of our typical international news report
>—Judith Donath (@judithd)

Ethan Zuckerman examines the "Internet's original sin"


At the end of the day, the business model that got us funded was advertising. The model that got us acquired was analyzing users’ personal homepages so we could better target ads to them. Along the way, we ended up creating one of the most hated tools in the advertiser’s toolkit: the pop-up ad. It was a way to associate an ad with a user’s page without putting it directly on the page, which advertisers worried would imply an association between their brand and the page’s content. Specifically, we came up with it when a major car company freaked out that they’d bought a banner ad on a page that celebrated anal sex. I wrote the code to launch the window and run an ad in it. I’m sorry. Our intentions were good.

From Ethan Zuckerman's piece for The Atlantic, "The Internet's Original Sin"
About Ethan | @ethanz

Harvard Magazine reviews Judith Donath's new book, The Social Machine: Designs for Living Online

Quotation mark

People socialize online more than ever: posting photos on Instagram, job-hunting on LinkedIn, joking about politics on Twitter, and sharing reviews of everything from hotels to running shoes. Judith Donath, a fellow at Harvard’s Berkman Center for Internet and Society, argues against using real names for most of these Internet interactions and relying instead on pseudonyms.

A made-up handle is essential to maintain privacy and manage one’s online identity, she says. Her new book, The Social Machine: Designs for Living Online (MIT Press, 2014), also contends that well-managed pseudonyms can strengthen online communities, an idea that contradicts the conventional wisdom that fake names bring out the worst in people, allowing “trolls” to bully others or post hateful, destructive comments without consequences. Real names, such thinking goes, keep online conversations civil.

From Erin O'Donnell's piece for Harvard Magazine, "Can Pseudonyms Make Better Online Citizens?"
About Judith | @judithd

Quotation mark

Hope that you can join us for a tweet chat about my upcoming book - Aug 20 at 1pm ET #SASMchat
>—Rey Junco (@reyjunco)

In the Fight Against Russia, Ukraine Flirts with Kremlinesque Internet Censorship

Quotation mark

A new draft law in Ukraine threatened to empower the government to shut down media outlets and block websites in the name of national security. The law, which passed its first reading in parliament yesterday, has exasperated local journalists, civil society figures, and the international community. The outrage grew so loud that today deputies agreed to remove and soften most of the censorship measures, but proposed moving some of them to existing media laws to achieve some measure of control over dissenting media outlets.

From Tetyana Lokot's post for Global Voices, "In the Fight Against Russia, Ukraine Flirts with Kremlinesque Internet Censorship"
About Global Voices Online | @globalvoices

This Buzz was compiled by Rebekah Heacock.

To manage your subscription preferences, please click here.

by rheacock at August 15, 2014 10:03 PM

Bruce Schneier
The US Intelligence Community has a Third Leaker

Ever since the Intercept published this story about the US government's Terrorist Screening Database, the press has been writing about a "second leaker":

The Intercept article focuses on the growth in U.S. government databases of known or suspected terrorist names during the Obama administration.

The article cites documents prepared by the National Counterterrorism Center dated August 2013, which is after Snowden left the United States to avoid criminal charges.

Greenwald has suggested there was another leaker. In July, he said on Twitter "it seems clear at this point" that there was another.

Everyone's miscounting. This is the third leaker:

  • Leaker #1: Edward Snowden.

  • Leaker #2: The person who is passing secrets to Jake Appelbaum, Laura Poitras and others in Germany: the Angela Merkel surveillance story, the TAO catalog, the X-KEYSCORE rules. My guess is that this is either an NSA employee or contractor working in Germany, or someone from German intelligence who has access to NSA documents. Snowden has said that he is not the source for the Merkel story, and Greenwald has confirmed that the Snowden documents are not the source for the X-KEYSCORE rules. I have also heard privately that the NSA knows that this is a second leaker.

  • Leaker #3: This new leaker, with access to a different stream of information (the NCTC is not the NSA), whom the Intercept calls "a source in the intelligence community."

Harvard Law School professor Yochai Benkler has written an excellent law-review article on the need for a whistleblower defense. And there's this excellent article by David Pozen on why government leaks are, in general, a good thing.

by Bruce Schneier at August 15, 2014 09:31 PM

Security as Interface Guarantees

This is a smart and interesting blog post:

I prefer to think of security as a class of interface guarantee. In particular, security guarantees are a kind of correctness guarantee. At every interface of every kind ­ user interface, programming language syntax and semantics, in-process APIs, kernel APIs, RPC and network protocols, ceremonies ­-- explicit and implicit design guarantees (promises, contracts) are in place, and determine the degree of “security” (however defined) the system can possibly achieve.

Design guarantees might or might not actually hold in the implementation ­-- software tends to have bugs, after all. Callers and callees can sometimes (but not always) defend themselves against untrustworthy callees and callers (respectively) in various ways that depend on the circumstances and on the nature of caller and callee. In this sense an interface is an attack surface --­ but properly constructed, it can also be a defense surface.


But also it’s an attempt to re-frame security engineering in a way that allows us to imagine more and better solutions to security problems. For example, when you frame your interface as an attack surface, you find yourself ever-so-slightly in a panic mode, and focus on how to make the surface as small as possible. Inevitably, this tends to lead to cat-and-mouseism and poor usability, seeming to reinforce the false dichotomy. If the panic is acute, it can even lead to nonsensical and undefendable interfaces, and a proliferation of false boundaries (as we saw with Windows UAC).

If instead we frame an interface as a defense surface, we are in a mindset that allows us to treat the interface as a shield: built for defense, testable, tested, covering the body; but also light-weight enough to carry and use effectively. It might seem like a semantic game; but in my experience, thinking of a boundary as a place to build a point of strength rather than thinking of it as something that must inevitably fall to attack leads to solutions that in fact withstand attack better while also functioning better for friendly callers.

I also liked the link at the end.

by Bruce Schneier at August 15, 2014 06:28 PM

David Weinberger
From Berkman: Zeynep and Ethanz on the Web We Want

This week there were two out-of-the-park posts by Berkman folk: Ethan Zuckerman on advertising as the Net’s original sin, and Zeynep Tufecki on the power of the open Internet as demonstrated by coverage of the riots in Ferguson. Each provides a view on whether the Net is a failed promise. Each is brilliant and brilliantly written.

Zeynep on Ferguson

Zeynep, who has written with wisdom and insight on the role of social media in the Turkish protests (e.g., here and here), looks at how Twitter brought the Ferguson police riots onto the national agenda and how well Twitter “covered” them. But those events didn’t make a dent in Facebook’s presentation of news. Why? she asks.

Twitter is an open platform where anyone can post whatever they want. It therefore reflects our interests — although no medium is a mere reflection. FB, on the other hand, uses algorithms to determine what it thinks our interests are … except that its algorithms are actually tuned to get us to click more so that FB can show us more ads. (Zeynep made that point about an early and errant draft of my commentary on the FB mood experiment. Thanks, Zeynep!) She uses this to make an important point about the Net’s value as a medium the agenda of which is not set by commercial interests. She talks about this as “Net Neutrality,” extending it from its usual application to the access providers (Comcast, Verizon and their small handful of buddies) to those providing important platforms such as Facebook.

She concludes (but please read it all!):

How the internet is run, governed and filtered is a human rights issue.

And despite a lot of dismal developments, this fight is far from over, and its enemy is cynicism and dismissal of this reality.

Don’t let anyone tell you otherwise.

What happens to #Ferguson affects what happens to Ferguson.

Yup yup yup. This post is required reading for all of the cynics who would impress us with their wake-up-and-smell-the-shitty-coffee pessimism.

Ethan on Ads

Ethan cites a talk by Maciej Ceglowski for the insight that “we’ve ended up with surveillance as the default, if not sole, internet business model.” Says Ethan,

I have come to believe that advertising is the original sin of the web. The fallen state of our Internet is a direct, if unintentional, consequence of choosing advertising as the default model to support online content and services.

Since Internet ads are more effective as a business model than as an actual business, companies are driven ever more frantically to gather customer data in order to hold out the hope of making their ads more effective. And there went out privacy. (This is a very rough paraphrase of Ethan’s argument.)

Ethan pays more than lip service to the benefits — promised and delivered — of the ad-supported Web. But he points to four rather devastating drawbacks, include the distortions caused by algorithmic filtering that Zeynep warns us about. Then he discusses what we can do about it.

I’m not going to try to summarize any further. You need to read this piece. And you will enjoy it. For example, betcha can’t guess who wrote the code for the world’s first pop-up ads. Answer:   Ethan  .

Also recommended: Jeff Jarvis’ response and Mathew Ingram’s response to both. I myself have little hope that advertising can be made significantly better, where “better” means being unreservedly in the interests of “consumers” and sufficiently valuable to the advertisers. I’m of course not confident about this, and maybe tomorrow someone will come up with the solution, but my thinking is based on the assumption that the open Web is always going to be a better way for us to discover what we care about because the native building material of the Web is in fact what we find mutually interesting.


Read both these articles. They are important contributions to understanding the Web We Want.

by davidw at August 15, 2014 03:20 PM

August 14, 2014

Sara M. Watson
Mindful Data Podcast, part 2

Here's part two with the folks at Mindful Cyborgs. We talk census data, soft data and hard data, active versus passive tracking, raising awareness with tracking, the questions behind questions about data and tracking, and more... They've also got a lot of links to resources I mention throughout the podcast on their page here.

by Sara M. Watson at August 14, 2014 03:30 PM

August 13, 2014

Bruce Schneier
Over a Billion Passwords Stolen?

I've been doing way too many media interviews over this weird New York Times story that a Russian criminal gang has stolen over 1.2 billion passwords.

As expected, the hype is pretty high over this. But from the beginning, the story didn't make sense to me. There are obvious details missing: are the passwords in plaintext or encrypted, what sites are they for, how did they end up with a single criminal gang? The Milwaukee company that pushed this story, Hold Security, isn't a company that I had ever heard of before. (I was with Howard Schmidt when I first heard this story. He lives in Wisconsin, and he had never heard of the company before, either.) The New York Times writes that "a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic," but we're not given any details. This felt more like a PR story from the company than anything real.

Yesterday, Forbes wrote that Hold Security is charging people $120 to tell them if they're in the stolen-password database:

"In addition to continuous monitoring, we will also check to see if your company has been a victim of the latest CyberVor breach," says the site's description of the service using its pet name for the most recent breach. "The service starts from as low as 120$/month and comes with a 2-week money back guarantee, unless we provide any data right away."

Shortly after Wall Street Journal reporter Danny Yadron linked to the page on Twitter and asked questions about it, the firm replaced the description of the service with a "coming soon" message.

Holden says by email that the service will actually be $10/month and $120/year. "We are charging this symbolical fee to recover our expense to verify the domain or website ownership," he says by email. "While we do not anticipate any fraud, we need to be cognizant of its potential. The other thing to consider, the cost that our company must undertake to proactively reach out to a company to identify the right individual(s) to inform of a breach, prove to them that we are the 'good guys'. Believe it or not, it is a hard and often thankless task."

This story is getting squirrelier and squirrelier. Yes, security companies love to hype the threat to sell their products and services. But this goes further: single-handedly trying to create a panic, and then profiting off that panic.

I don't know how much of this story is true, but what I was saying to reporters over the past two days is that it's evidence of how secure the Internet actually is. We're not seeing massive fraud or theft. We're not seeing massive account hijacking. A gang of Russian hackers has 1.2 billion passwords -- they've probably had most of them for a year or more -- and everything is still working normally. This sort of thing is pretty much universally true. You probably have a credit card in your wallet right now whose number has been stolen. There are zero-day vulnerabilities being discovered right now that can be used to hack your computer. Security is terrible everywhere, and it it's all okay. This is a weird paradox that we're used to by now.

Oh, and if you want to change your passwords, here's my advice.

EDITED TO ADD (8/7): Brian Krebs vouches for Hold Security. On the other hand, it had no web presence until this story hit. Despite Krebs, I'm skeptical.

EDITED TO ADD (8/7): Here's an article about Hold Security from February with suspiciously similar numbers.

EDITED TO ADD (8/9): Another skeptical take.

by Bruce Schneier at August 13, 2014 07:57 PM

Amanda Palmer
O’ Captain! My Captain!

We don’t read and write poetry because it’s cute. We read and write poetry because we are members of the human race. And the human race is filled with passion. And medicine, law, business, engineering, these are noble pursuits and necessary to sustain life. But poetry, beauty, romance, love, these are what we stay alive for. To quote from Whitman, ”O me! O life!…of the questions of these recurring; of the endless trains of the faithless..…of cities filled with the foolish; what good amid these, O me, O life?” Answer. That you are here – that life exists, and identity; that the powerful play goes on and you may contribute a verse. That the powerful play goes on and you may contribute a verse. What will your verse be?

“Thank you for playing Mr. Dalton. I stand upon my desk to remind myself that we must constantly look at things in a different way.”

thank you, robin. we are standing here for you.


you’ve got a desk. you know what to do.

by admin at August 13, 2014 04:58 PM

Feeds In This Planet