phiffer.org

Dan Phiffer Dan Phiffer builds websites, makes art, and teaches in NYC

Do not let the bastards grind you downtoe.prx.org

I was recently on my friend Benjamen Walker‘s podcast Theory of Everything, talking about digital security.

MP3 download

Related posts

Link

Multi-factor authentication for busy people

Multi-factor authentication (aka “two-factor,” or “two-step,” or 2FA) is a really great way to protect yourself (and anyone you’ve ever emailed). There are excellent and detailed guides out there, but the sheer amount of information about how to do things properly can be daunting for someone who has other important things to get done. I’m not saying don’t read all the nuanced details about security, just don’t put off setting it up right now if it seems too complicated.

If you do nothing else to protect your privacy, do this. (If you do two things, start using a password manager.)

You should set up multi-factor authentication on every account that offers it, but because each of those accounts all have a “password reset email” feature, securing your email account is extra important. If you use Gmail, it’s really easy, and you should literally stop and do this right now if you haven’t already. (I use FastMail as my email service provider, and they also support multi-factor authentication.)

Enable it!
Enable it!
  1. Go to myaccount.google.com and click “Sign-in & security”
  2. Scroll to the box that includes the “2-Step Verification” button and click on it
  3. Follow the steps to confirm your phone number (gotcha: it’s easy to confuse the “from” phone number with the code you need to type in)
  4. Click the “Turn on” link to activate the telephone-based confirmation step
  5. Print the backup security codes and stash them somewhere safe (in case future-you loses a phone)
Turn On 2-step verification
Turn On 2-step verification

What happens next? From now on you will need your phone to sign in with your Google account. This can be inconvenient, but it will make your account much harder to hack.

Do you use an email client like Mail.app? Did that email client stop working suddenly? You may need to configure your mail client to use App Passwords. If you changed the mail client to use the App Password and it still doesn’t work, try deleting the account and setting it up from scratch. I know all of this feels like a big hassle right now, but it’s mostly something you can set up and forget about.

Extra-credit (do this later if you don’t have time right now)

There is an known attack on SMS- or phone call-based multi-factor authentication where an adversary can trick your cell phone provider into assigning your phone number to a different phone (this falls into the category of hacking called social engineering). This tactic has been used on high profile activists, so you should consider taking one additional step to improve your security.

Setup an Authenticator app
Setup an Authenticator app
  1. Install the Google Authenticator app or Authy
  2. Go back to that 2-Step Verification page and scroll down to the “Set up alternative second step” section
  3. Click on the “Setup” link for Authenticator App
  4. Open the app you just installed on your phone and take a photo of the QR code
  5. Your phone will show a code and a countdown timer, type that code into the web form

Well done, you did it! Or maybe you got stuck? Please get in touch and let me know what gave you trouble. And then get back to all of your amazing work.

Surveillance and inaction

NYPD skywatch tower
Photo: Life under occupation by Barry Hoggard

I am awash in thoughts and feelings this week. Donald J. Trump will very likely be our next President. This fact has already emboldened hate groups, leaving us to contemplate what the next four years could mean—especially for friends who will likely become targets of bigotry.

Should we go outside and protest? Should we turn inward and lean on our support networks? Do we start thinking about the 2018 midterms? Yes. Yes to all of it. If you need time away from this divisive election, you’ll be welcome to join us when you’re ready. I completely understand, especially if you worked on a 2016 political campaign.

For my part, I am regrouping, considering how I can do more, do better. Some friends have asked me about strategies for resisting surveillance. Digital privacy will become even more important in the coming years, and we should all collectively get better at protecting ourselves.

A very short answer is: switch your texting over to Signal, use a password manager. Start today.

Keep in mind that surveillance is for controlling your behavior. If you’ve ever said “but I have nothing to hide,” now is a good time to consider whether you intend to keep it that way. If you do choose to toe that line—maybe you want to wait and see if a President Trump keeps to his campaign promises—take a moment to consider how pervasive surveillance and the threat of anticipated consequences may be blinding you from a civic responsibility to resist.

I’d like to write more about this in the coming weeks, but for starters here are some links that might be helpful. Stay safe out there.

If you are wondering how precisely to get involved, please don’t hesitate to contact me. I am figuring that out myself and would welcome your ideas.

The first day of Twitter

If you used Twitter today, you’ve probably heard it’s the social network’s 10th birthday. I used their API to recreate what Twitter’s first day looked like, by plugging in a sequence of ID numbers starting at number 20.

I’m curious what happened to those first 19 tweets, and some other subsequent missing ID numbers (e.g., 24, 27, 28). Were they deleted? If so, why? Also notable: missing tweet ID 105 returns “Sorry, you are not authorized to see this status.” instead of the usual “No status found with that ID.”

And then it was day two.

Scott Carrier in Lesboshomebrave.squarespace.com

Here’s another podcast episode that’s helpful for countering the mindless demagoguery that seems to dominate American political discussions about the plight of refugees. Scott Carrier has continued his journey to the island of Lesbos to interview refugees. Give it a listen.

Download MP3

Refugees as they arrive on the beach, having crossed the Aegean Sea in rubber rafts.
Refugees as they arrive on the beach, having crossed the Aegean Sea in rubber rafts.

See also: On the Border of Greece and Macedonia

Link

The story of #RenunciaYagimletmedia.com

The most recent episode of Reply All is a fantastic antidote to recent developments in U.S. politics.

Download MP3

I challenge you to listen to this and feel cynical about politics and activism!

Link

Couchsurfing steals photosspeedbird.wordpress.com

Consider these happy users of couchsurfing.com, the old school zero-cost precursor to Airbnb.

Aww, they watched Thai soap operas together!
Aww, they watched Thai soap operas together!

From Adam Greenfield:

A few years ago, I would have had to wonder whether these images did in fact represent happy Couchsurfers; now, of course, we have Google Image Search. It only took me a few seconds’ clicking around to confirm what I had suspected — or actually, something even more troubling.

It’s not merely that are these not at all images of actual Couchsurfers; in itself, that might readily enough be forgiven. It’s that the images appear to have been downloaded, altered and used in a commercial context without their creators’ knowledge or consent — in one case, in fact, in direct contravention of the (very generous) terms of the license under which they were offered. Here, let’s take a look:

– The image labeled “Jason” is one of photographer David Weir’s 100 Strangers, originally labeled with a copyright notice;

– “Dang” is a crop of commercial photographer Anthony Mongiello’s headshot of actor Stanley Wong

This is not a huge deal, of course, but I’ve had my photos used this way, and it does irk me a bit. And I got curious, so I searched for the background image of Venice, Italy (why didn’t they use Bangkok?), and it looks like a legit stock photo.

I also contacted each of the photographers mentioned in Adam’s post, just to confirm that their work hadn’t been licensed from them somehow. So far I’ve heard back from Anthony Mongiello, and he was surprised to learn his photo was being used this way. It’s probably safe to assume the other “user” portraits are also stolen.

I was going to add a “see also” link at the bottom here, to Khoi Vinh and Matt Jacobs’s rights-cleared collection of user photos, but interestingly they’ve discontinued it:

We built Facebox in 2013 to make life easier for UI designers who needed quick access to high quality, royalty-free images of real people. In the time since, it’s been a blast to see Facebox photos show up all over the Internet.

Out of respect for our models, who were very generous with their likenesses, we’ve decided to discontinue sales of Facebox, before they get overexposed.

Perhaps the classless move by the Couchsurfing designers has been balanced out just a bit from Khoi and Matt’s thoughtful gesture.

Link

Top 25 News Photos of 2015www.theatlantic.com

From Alan Taylor’s In Focus, this year’s top news photos.

A wounded Syrian girl stands in a makeshift hospital in the rebel-held area of Douma, east of Syria’s capital of Damascus, following shelling and air raids by Syrian government forces on August 22, 2015. At least 20 civilians were killed, and another 200 wounded or trapped in Douma, a monitoring group said, just six days after regime airstrikes killed more than 100 people and sparked international condemnation of one of the bloodiest government attacks in Syria's war. (Abd Doumany / AFP / Getty)
A wounded Syrian girl stands in a makeshift hospital in the rebel-held area of Douma, east of Syria’s capital of Damascus, following shelling and air raids by Syrian government forces on August 22, 2015. At least 20 civilians were killed, and another 200 wounded or trapped in Douma, a monitoring group said, just six days after regime airstrikes killed more than 100 people and sparked international condemnation of one of the bloodiest government attacks in Syria’s war. (Abd Doumany / AFP / Getty)

See also the three part 2014 year in photos: part 1, part 2, part 3.

Link via Jason Kottke

Three weeks, 2,000 lives lostwww.nytimes.com

From Nicholas Kristof’s op-ed in the New York Times:

For three weeks American politicians have been fulminating about the peril posed by Syrian refugees, even though in the last dozen years no refugee in America has killed a single person in a terror attack.

In the same three weeks as this hysteria about refugees, guns have claimed 2,000 lives in America. The terror attacks in San Bernardino, Calif., and at the Planned Parenthood clinic in Colorado Springs were the most dramatic, but there’s an unrelenting average of 92 gun deaths every day in America, including suicides, murders and accidents.

See also: Friday’s front-page editorial, “End the Gun Epidemic in America,” the first since 1920. Also: The Guardian’s visualization of mass shootings.

Link

Pluto Flyoverwww.youtube.com

Sometimes, on weeks with lots of bad news, it’s nice to stop and think about how we sent a space probe to Pluto.

Video

This animation, made with the LORRI (Long Range Reconnaissance Imager) images, begins with a low-altitude look at the informally named Norgay Montes, flies northward over the boundary between informally named Sputnik Planum and Cthulhu Regio, turns, and drifts slowly east.

Wait, Cthulhu Regio? From Wikipedia:

NASA initially referred to it as the Whale in reference to its overall shape. By 14 July 2015, the provisional name “Cthulhu” was being used by the New Horizons team. It was named after the fictional deity from the works of H. P. Lovecraft and others.

See also: another longer flyover animation of Pluto, and some new photos just released yesterday.

Link

How to look at the Chan Zuckerberg Initiativemedium.com

Anil Dash wrote a very coherent critique of Mark Zuckerberg and Priscilla Chan’s initiative to use their wealth for good.

I do believe that Mark and Priscilla want to have a meaningful positive impact on the world, and I am unapologetically enthusiastic about the fact they’re articulating that vision in a way that will lead others. I am also grievously concerned about the greatest threat to those intentions: The culture of Silicon Valley. Many of the loudest, most prominent voices within the tech industry, people who have Zuckerberg’s ear, are already thoughtlessly describing smart critique of the Initiative as “hating”, absurdly dismissing legitimate concerns as jealousy.

Here’s the truth: No matter how good their intentions, the net result of most such efforts has typically been neutral at best, and can sometimes be deeply destructive. The most valuable path may well be to simply invest this enormous pool of resources in the people and institutions that are already doing this work (including, yes, public institutions funded by tax dollars) and trust that they know their domains better than someone who’s already got a pretty demanding day job.

As Anil said on Twitter, “the best thing they could do is listen to critics.”

See also: Zuckerberg: give your stocks to Facebook users, and from NY Times Dealbook, How Mark Zuckerberg’s Altruism Helps Himself

Link

Yesterday’s unprinted edition of The Hinduwww.thehindu.com

Unprinted front page of the December 2, 2015 issue of The Hindu
Unprinted front page of the December 2, 2015 issue of The Hindu

Yesterday, for the first time in 137 years of operation, while world leaders meet in Paris for COP21, The Hindu did not go to print because of heavy flooding.

Consequent to the heavy rain, print editions of The Hindu dated December 2, 2015, in Chennai, Vellore, Puducherry and Tirupati have been cancelled after taking into consideration the safety of those in the distribution network.

The Indian daily newspaper, with a circulation just above that of the New York Times, did not print yesterday’s Chennai edition, but uploaded PDFs from the issue to their website.

Link via Democracy Now

Zuckerberg: give your stocks to Facebook usersamericamagazine.org

You may have heard Mark Zuckerberg, founder of Facebook, has promised to donate 99% of his stock in the company “to charity.” (It’s unclear what “charity” means precisely at this point, but one might want to look in the direction of Newark.)

Here is an interesting suggestion from Nathan Schneider, published today in America Magazine:

First, the stock could go back to the Facebook users who made it valuable in the first place. As I have noted here before, Facebook’s business model depends on gathering, mining and selling the personal information that its users post on the platform. That includes our networks of relationships, our photos, our worries, our milestones, our passions and our preferences. It’s barely understood what exactly Facebook knows about us and how, except that it’s a lot. This is part of what has made Mr. Zuckerberg so controversial, and rightly so; early on, he referred to his users as “dumb” (followed by a word even more insulting) for trusting him with such data. What if, rather than papering over that controversy, he could resolve it at the root?

Consider what it would mean if a substantial portion of Facebook stock were held in a trust that acts on behalf of the platform’s users. (This is a model I’m borrowing from the employee-owned John Lewis Partnership in the United Kingdom, explained in Marjorie Kelly’s extraordinary book Owning Our Future.) Users could then vote on what positions the trust should hold at shareholder meetings, and it could distribute dividends based on the stock’s value back to users, or reinvest them by buying more ownership in the company. The trust, therefore, would have a dual incentive: to protect user interests and privacy in Facebook’s business model, and to ensure that the company remains solvent.

The other suggestion, to sell the stocks and distribute the proceeds to every person alive, is also noteworthy, effectively saying: “Do you really know better what to do with all that money than the collective wisdom of everyone on Earth combined?”

Link via Caroline

Helpful talk tips!posts.postlight.com

Paul Ford recently shared some of his speaking tips on the Postlight blog.

I’m finding that it’s very important to just get up there and talk a little bit, make some dumb jokes, let people get used to you existing. A lot of times I talk about the status of the talk (“this is a new talk and I’ll be glad to hear what you think”).

I’m noticing that this style of presenting is very adaptable; when you’re in a small room you can turn it into a conversation and bring in the audience; when you’re speaking to hundreds of people, and engagement is not possible, you can just keep plowing ahead but it’s still like you’re just having a fun chat instead of holding forth. You can even do a kind of professorial “Oh! Right!” as if the deck was surprising you, and both you and the audience were just seeing this information for the first time together and you were merely riffing.

I highly recommend that you try to find some way to go see Paul give a talk.

Link

New York After Renttoe.prx.org

The latest episode of Theory of Everything is a recut version of April’s New York After rent series. Listen to the whole thing in one 70 minute post prop f director’s cut episode.

In the future startups will enable us to rent out our memories, feelings, and dreams, the same way we now rent out our extra bedrooms and the stuff in our closets. In the future every flight of fancy eventually will be commodified.

Download MP3

Link