Thoughts Amid 2020

Well, here we are, midway through 2020 – a year I did not expect to be writing about, but 2020 has turned out to be the year that keeps on giving – but in a bad way.

I used to think the Internet was the greatest invention of mankind – that it would erase barriers to communication, bring people together, and spread knowledge to all.

I was wrong.

What I’ve seen instead is that new barriers to communication have been erected, people have been driven apart (or brought together, but only in hate), and instead of knowledge, propaganda, messages of hate, and outright lies have been spread instead. Even the very idea of “truth” has become questioned, as we doubt (or are told to doubt) the sources of information.

Technology was supposed to be the triumph of mankind – something that would eliminate barriers and advance us all towards a better future, a tool we could use against the forces of death, disease, and disaster to protect ourselves, extend our lives, and make us all happier. But instead we have turned that tool against ourselves, selfishly withholding it from some under a misguided thought that sharing it would somehow diminish our own share.

Sometimes I wonder if we invented the Internet too soon – that we, both as individuals and as a society, were not ready, not advanced enough, grown enough, wise enough to handle the power that it gave us.

Pandora’s box is open though, and there’s no way to undo what has been released into the world. All we can do is either fight one another to hide under the lid, or use what remains – hope – and go fight the demons of our own doing.

What’s been done cannot be undone, but we can stop it from going further. And unless we want to spend the rest of our lives cowering in fear of the monsters we created and released, we must stop it.

A (Renewed) Case for Encryption

I kind of hoped that this NSA/PRISM/wholesale government surveillance business would re-energize people into actually getting back into using encryption – but sadly it doesn’t seem that way. Content encryption – as opposed to just endpoint encryption, like SSL – is important, and especially so in light of this kind of wholesale government surveillance.

gpg encryptionI kind of hoped that this NSA/PRISM/wholesale government surveillance business would re-energize people into actually getting back into using encryption, and perhaps even trying to solve the problem of getting more people to actually use it.

One of the big problems with encryption – for example, email encryption using public key cryptography (PGP or GnuPG) – has been just getting enough people to start using it. With the way public key encryption works, you need to use encryption, AND the person you’re sending it to needs to use encryption, too.

In addition, there’s also the further complication of signing one another’s keys and assigning trust levels and so on… it’s just a bit too complicated and technical for your average user.

However, it doesn’t have to be complicated, and given what we’ve learned recently, it seems to me it really shouldn’t be – and that it is in all of our best interests to make it be as simple and easy as possible.

People have been harping on about the importance of encryption for ages, but widespread adoption has mostly been limited to SSL (for webmail & other web apps & services). This sort of encryption prevents a 3rd party from intercepting your communication with Google or Microsoft or Facebook or your bank or whatever, but none of that matters if your data is just going to be handed over to the government by the company on the other end anyway!

SSL encrypts your connection and your data during transmission, but the actual contents of your data are unencrypted at either end, and vulnerable to interception. It’s a good first step, but it isn’t enough – not anymore.

passwordOn the other hand, actually encrypting the contents of your communications – the email, the files, etc. – means that even if they are stored on a server (as your email is, for example), they are still encrypted – and most importantly, the server doesn’t have the decryption key –  only the recipient does.

What this would means in practice is that it would prevent the wholesale collection of data.  If the government wanted the contents of someone’s communications, they would need to go after that individual; they wouldn’t be able to just pull it out of a big database.

Since going after an individual takes effort and requires a subpoena or at least a court order of some sort, there’s protection built-in. Plus, now the government’s attempts to access your data would be limited in scope to one person at a time, and they can’t be done in secret – or, at least, they’d be less secretive.

The government may still collect other data about you, of course – encryption is not a cure-all. It may still collect “metadata” about you – times and dates and such – but at least the content of your data remains secure until specifically subpoenaed.

As a side note, the NSA has repeatedly said that this is what it does anyway, as part of an attempt to justify why we shouldn’t be worried about this – but because everything the NSA does is secret, we have no way to be sure that this is actually the case. All we have to go on is the NSA saying “trust us, we won’t read your email without a court order (that you aren’t allowed to see).” Doesn’t exactly inspire a lot of trust, now does it? Especially given the track record we’re dealing with.

Perhaps if our government had a long & strong history of being trustworthy, of being transparent with its behavior, of standing up for individual rights and privacy, and severely limiting the collection and access of people’s data to only what is explicitly needed for specific cases and actions, this whole wholesale surveillance thing wouldn’t be such an issue.

But sadly, this is not the case – our government has shown, again and again, that it cannot be trusted in this regard, and that when given the opportunity, it will make a grab for as much power as it possibly can get.

Given the recent revelations on exactly how much power (and, by extension, data) our government has grabbed as of late, making actual content encryption available, widespread, and easy to use seems like an absolute no-brainer.

Icons courtesy of the Crystal Icon Set.

10 Years of WordPress

wp10logoWow, has it really been 10 years?

Yes, it has – officially 10 years ago, on May 27th, 2003, WordPress was released.

As part of the WordPress 10th Anniversary Blogging Project, I figured I would  I’d share some of my memories of using WordPress over the years.

Back in 2003, when WordPress was first released:

  • I was still using Windows 2000 on my home computer (I did use XP at work – cutting edge at the time!)
  • We were only on the 2nd Matrix movie, “The Matrix Reloaded”
  • I was still using the “Mozilla Suite,” the descendent of “Netscape Communicator.” (It wasn’t until next year that it was split into Firefox & Thunderbird)
  • We had just lost the Space Shuttle Columbia a few months prior
  • The iPod was only on its 3rd iteration, and the iPhone was still a distant dream
  • Slim flip-phone cell phones were all the rage
  • The Concorde made its last commercial flight

I didn’t start using WordPress myself until a little bit after its release – until around December 1st, 2005, in fact.

When I started using WordPress in 2005:

  • We were just starting to lament that schools were switching to using Java (the horror!) to teach programming
  • I still had a CRT TV in my living room (and on my computer – though I had just gotten an LCD display at work, and I’d soon get one at home as well)
  • Digital Rights Management came into the spotlight with the discovery of Sony’s rootkit that silently installed when you inserted a music (!!) CD in your computer.
  • This was the year I took down my old hand-coded personal site (which was old, dated, and not really very good) in favor of this blog.
  • And, of course, 2005 is the year I unexpectedly found myself living with my two wonderful rabbits

In all that time, I’ve switched WordPress themes more times than I can count – and upgraded and installed numerous useful (and sometimes silly) plugins.

Still, it’s amazing to see how far WordPress has come. It’s been a great 10 years, and I’m looking forward to 10 more!

Happy 10th birthday, WordPress!

Still Blogging

There’s a reason I don’t use services like Tumblr (or LiveJournal, or Blogger, or any of a dozen other similar “free” services) and instead still post things here on my own blog – and that is: I own this blog, but I don’t own Tumblr*.

Now, this may not – scratch that, this will not apply to everyone, but for me, my words are my “product,” so to speak. They are the thing I spend time creating, and they are important to me – important enough that I would not want them to be lost.

Whenever I’m trying to decide whether to use some new web-based service (at least, the “free” ones), I ask myself, “if this service disappeared tomorrow, would it be a huge loss for me?” If the answer is “yes,” then I either won’t use the service, or I will only post low-importance things there (or I’ll duplicate the content elsewhere).

Naturally, there are some “free” services that I trust sufficiently to get over the “what if it disappeared” hurdle – things like Gmail, to name one example. (Though that doesn’t stop me from keeping a local, cached backup copy, just in case!)

Anyway, these are just some of my thoughts – and of course everyone else’s criteria will differ from mine. But it’s worth thinking about before you commit to creating a lot of content with whatever the next “cool” new web service is!

* This goes for any paid service, really. If I pay for it, I generally expect not to be left in the cold. With a free service, you can’t really expect anything.

Unsubscribe me NOW, Damnit!

If there’s one thing that really annoys me, it’s crappy methods of unsubscribing from email newsletters and mailing lists that end with “it may take up to 10 days to process your request.”

If there’s one thing that really annoys me, it’s crappy methods of unsubscribing from email newsletters and the like. You’ve probably seen it before – you get some email from a company you’ve bought something from in the past, or maybe a website’s newsletter that you signed up for. It’s not spam, but you decide that you don’t really want these sorts of emails anymore, so you click the “Unsubscribe” link down at the bottom.

And then you’re greeted with something like this (emphasis mine):

Thanks for unsubscribing.
It may take up to 10 days to process your request.

Ten days? TEN DAYS?!? Seriously?

While the exact number of days may vary, the point is that you aren’t unsubscribed yet, even though you clicked the link to unsubscribe.

What’s worse is that sometimes the company or website will send you another email during that processing period!

Personally, whenever I see something like this it tends to send me into a sort of rage, where I vow never to do business with this company/organization/website ever again. Because really, saying that it’s going to take days (however many it may be) to do what should be instantaneous is just a giant middle finger to whomever is on the receiving end of the original email.

I could understand delays in processing an unsubscribe request back in the dark ages of the Internet – maybe even as recently as 5 years ago – when email mailing lists were cultivated manually, but honestly in this day and age there is absolutely no excuse for not automatically honoring an unsubscribe request immediately after a link is clicked.

I have to imagine that all of these “unsubscribe processing delay” messages come from old or home-grown email systems, because all the modern email marketing systems I know of will honor unsubscribe requests immediately.

When someone clicks an “unsubscribe” link (and I’m talking about a true “unsubscribe me from everything” link, not just a “stop receiving offers” or “stop sending me the monthly newsletter” type links), that person’s email address should be immediately marked as “DO NOT CONTACT” and no more bulk-type emails should ever be sent to that person’s address until they do something to opt-in to receiving them again.

In other words, when I click the “unsubscribe” link in your email, I expect you to unsubscribe me NOW, not 3 or 5 or 10 days later. Immediate unsubscribing may not be legally required (e.g., by the CAN SPAM Act), but I’d like to think it is morally required – it’s just common courtesy.