Categories
Technology Thoughts

Privacy Nutrition Labels for the Top Apps of 2020

With the release of iOS and iPadOS 14.3, all app updates in the App Store are now required to include Privacy Details, or “nutrition labels”.

App Privacy Labels

At a high level, there are three categories of nutrition label:

  • Data Used to Track You
    • “May be used to track you across apps and websites owned by other companies”
  • Data Linked to You
    • “May be collected and linked to your identity”
  • Data Not Linked to You
    • “May be collected but it is not linked to your identity”

Within each category, there is additional info split into types of data collected and ways data is used.

Types of data an app can collect includes:

  • contact info
  • health & fitness
  • financial info
  • location
  • sensitive info
  • contacts
  • user content
  • browsing history
  • search history
  • identifiers
  • purchases
  • usage data
  • diagnostics
  • other data

Ways data is used include:

  • third-party advertising
  • developer’s advertising or marketing
  • analytics
  • product personalization
  • app functionality
  • other purposes
App Privacy See Details The developer, Zoom, indicated that the app's privacy practices may include handling of data as described below. For more information, see the developer's privacy policy. Data Linked to You The following data may be collected and linked to your identity: Location o Contact Info User Content Identifiers Usage Data Diagnostics Privacy practices may vary, for example, based on the features you use or your age. Learn More
Zoom Privacy Details – apps.apple.com

Putting it all together, when looking at an app in the store, like Zoom for example, you can see the app collects your location, contact info, user content, identifiers, usage data, and diagnostics and links the data to you. If this data was in the “not linked to you” category, the data would still be collected, but done so anonymously.

The top level information tells you what data the app collects, but to see how the data is used, you need to select the “See Details” link at the top right of the App Privacy section.

From the expanded view, you can see that Zoom collects data for advertising & marketing, analytics, and general app functionality. This may look like a lot, but Zoom’s data use is comparatively short. Details for Facebook’s data use scroll for days.

And the distinction between data collection and data use is important. For example, an app may collect your location and use it to tell you the weather nearby. Granting permission to location would make sense if you are downloading a weather app. But an app may also collect your location and use it to tell ad providers all the places you go. In this case, giving access to your location would be sketchy if you were downloading a calculator app.

There is also an inherent level of trust associated with Apple’s new model for privacy details, as for app developers:

“You’re responsible for keeping your responses accurate and up to date.”

This means, to apply these new privacy labels, app developers must self report their data use when submitting updates to the app store. Apple does not read through all the code or monitor network traffic to automatically create an app’s privacy details. 

Apps can change their behavior with any update, but developers are required to update on their own. App reviewers do not flag when the privacy details need an update.

So while the longevity and robustness of the new privacy nutrition labels remains to be seen, we can take a look at how the most popular apps of 2020 report their privacy nutrition details.

Top 2020 Apps

If you have updated to iOS 14.3, it’s interesting to flip through some of the apps you use to see how they report their data collection and use. Although, it’s not exactly easy to compare two apps.

Since Apple recently unveiled the top games and apps of 2020, you can look at all the privacy nutrition label details in search of trends from the apps everyone are using.

So I did. And compiled the Privacy Nutrition Label Data for the Top Apps of 2020.

This starts off with general info regarding what data is collected, then looks at how specific apps and games report data use, and finally lists insights and questions from the investigation. (All the spreadsheets and data are included at the end).

Nutrition Label Data

General statistics
  • 80 total apps
    • 20 free apps
    • 20 paid apps
    • 20 free games
    • 20 paid games
  • 51 updated to report privacy data
    • 32 apps
    • 19 games
  • Top collected data types across all three categories
    • identifiers (70)
    • usage data (70)
    • diagnostics (59)
    • purchases (46)
    • location (42)
    • user content (36)
    • contact info (35)
    • other data (21)
    • search history (16)
    • contacts (14)
    • financial info (12)
    • browsing history (11)
    • sensitive info (7)
    • health and fitness (6)
  • Top collected data types (used to track you)
    • identifiers (27)
    • usage data (23)
    • purchases (12)
    • contact info (10)
    • diagnostics (10)
    • location (10)
    • other data (8)
    • user content (4)
    • browsing history (3)
    • contacts (1)
    • financial info (1)
    • health and fitness (1)
    • search history (1)
    • sensitive info (1)
  • Top collected data types (linked to you)
    • usage data (30)
    • identifiers (28)
    • diagnostics (26)
    • user content (24)
    • purchases (23)
    • location (22)
    • contact info (22)
    • search history (13)
    • contacts (12)
    • other data (11)
    • financial info (10)
    • browsing history (7)
    • health and fitness (4)
    • sensitive info (4)
  • Top collected data types (not linked to you)
    • diagnostics (23)
    • usage data (17)
    • identifiers (15)
    • purchases (11)
    • location (10)
    • user content (8)
    • contact info (3)
    • sensitive info (2)
    • search history (2)
    • other data (2)
    • health and fitness (1)
    • financial info (1)
    • contacts (1)
    • browsing history (1)
By Apps and Games
  • Most types of data collection (17)
    • Facebook
    • Instagram
    • Spotify
    • Twitter
  • No data collection (* these are all paid apps/games)
    • HotSchedules
    • AutoSleep Track Sleep on Watch
    • Shadowrocket
    • EpocCam Webcamera for Computer
    • Arcadia – Arcade Watch Games
  • Only collects data not linked to you
    • Widgetsmith
    • Among Us!
  • Most data types used to track you
    • Twitter (7)
    • Subway Surfers (6)
    • Spotify (5)
Free vs Paid
  • Average types of data collected (overall)
    • Free (10.5)
    • Paid (3.6)
  • Median types of data collected (overall)
    • Free (10)
    • Paid (4)
  • Average types of data (used to track you)
    • Free (2.9)
    • Paid (0.3)
  • Average types of data (linked to you)
    • Free (6.3)
    • Paid (1.1)
  • Average types of data (not linked to you)
    • Free (1.3)
    • Paid (2.2)

Insights and Questions

Many of these points stem from the descriptions of Types of data and Data use sections of Apple’s privacy details page.

Free apps
On Apple’s categories:
  • “Identifiers” is a vague name, but it’s related to device and user IDs. These types of IDs are often static and used to link your information across apps and services
  • “User content” from apps not creating user content is interesting (Disney Plus and Netflix). Guessing these are related to the “Customer Support” category.
    • And how does an app have “User Content” not linked to you?
  • “Purchases” is not included by Netflix (as you can’t subscribe in the app)
On companies:
  • Google hasn’t updated info for any of their apps yet
  • Widgetsmith was a breakout iOS 14 app of the year. It only collects anonymous purchase and diagnostic data.
  • WhatsApp is Facebook’s least offensive app.
  • What is Spotify doing with browsing history?
  • Twitter is doing a lot of tracking
On trends:
  • “Data linked to you” is largest category and shows most first party data use
    • “Data used to track you” is “owned by other companies”
  • Companies should move usage data and diagnostics collection from “linked” to “not linked” categories
    • Free games do a somewhat better job collecting anonymous data (but also use the same data types to track you)
  • Top free apps do less data sharing (tracking) than expected

Overall, rules are new, so companies are still getting used to the categories. Guessing they’ve over-reported as it is easier to move to a more private usage category. Companies may interpret rules differently (Twitter vs Facebook vs TikTok, why so different?)

Free games
Paid apps
  • Top paid apps do less tracking and data collection overall
    • Also have most non-updated apps in the top 2020 list
  • “Data Not Collected” is a tag (took going through a lot of apps to find that out…)
App Privacy The developer, HotSchedules, indicated that the app's privacy practices may include handling of data as described below. For more information, see the developer's privacy policy. Data Not Collected The developer does not collect any data from this app. Privacy practices may vary, for example, based on the features you use or your age. Learn More
Paid games
  • Very few top games have updated
  • Seems Facebook SDK could require Identifiers, location, usage data, diagnostics
Overall
  • Apple, what’s up with the random ordering of data types? Seems to be consistent by count, but not across all apps
  • Health and fitness apps were not very popular this year
  • How do changes to data collection and use get reported? Is there a notification added to the nutrition label?

Wrap up

Probably can do a lot more analysis on all this data, but it’s the holidays and everyone is asking me why I’m working. So I’ll leave it at that. As more apps update with their privacy nutrition details, we can expect to learn more about about how the apps we use use our data, and how Apple’s new system changes with time.

Charts and Graphs

Here is all the raw data if you want to compare: Top 2020 Apps – Privacy Summary

☃️ 🛷 ❄️

Categories
News Feed

Tour de France

There is only one more stage in the 2020 Tour de France, but there’s still time to catch up on the action before the final leg.

Here’s how to get up to speed on this year’s race, the sport, and the history of the tour:

Watch or read to learn the rules of the race, what the green, polka dot & white jerseys mean, and why the overall winner may not win a single stage of the race.

Stage info including distances, elevation, and routes, can be found on the Tour de France website (spoilers if you’re catching up, each stage shows the winner).

You can follow many of the riders on Strava, and realize how much faster they are than you.

Watch extended race highlights (without spoilers in the video preview) on the NBC Sports YouTube channel. The 20 to 30 minute recaps make for a riveting daily tv series. Plus, Phil Liggett is a legend, and his commentary with Bob Roll will make you consider watching each stage in full. 

The Tour de France channel also has race highlights, but they include the stage winner in the video title and thumbnail, so it ruins the fun of not knowing who wins before watching.

The history of the race, and its most renown scandal, is well told through the ESPN 30 for 30 documentary, LANCE. While the Tour de France is exhilarating to watch, there is always a hint of controversy lingering in the background, and this doc helps explain that feeling of uneasiness.

(If you sign up for ESPN+, also be sure to watch O.J.: Made in America)

Other random TDF trivia include the cost of bikes in the tour, the exertion to ride at world record pace, riders’ power output on a bike, and the amount of food riders eat to stay fueled.

🚲

Categories
Thoughts

The Music Mentality

Music connects you with others, lifts your spirits, and inspires. Recently, listening to music inspired me to try making music. There is still so much to learn, but I’ve been able to make decent progress despite a quarantine and the obstacles it has presented, by seeking knowledge passed along by musicians online. To continue connecting, I figured I should pass along all I’ve learned so far.

Finding inspiration

When you listen to music, you’re never alone

The title of this article keeps popping into my head during all the quarantining and social distancing brought about by the Covid-19 pandemic. I forgot what the article was even about, but the words are a reminder for me whenever I’m not having a great day, that music can bring people together, even when we’re apart.

You put the headphones on, you’re listening to music, but the music’s still part of the larger social world

Jay Schulkin

Another idea that sticks with me comes from Oak Felder. If you haven’t heard of Oak (I hadn’t before this deep dive into music production), he’s a producer for many popular artists including Nicki Minaj, Alessia Cara, Kelly Clarkson, and John Legend but in this case, the line comes from a video of him talking about the production of the song Sorry, Not Sorry, by Demi Lovato.

Oak says,

A song is a conduit of emotion from one person to another, but in order to accurately depict this emotion, it has to be a snapshot of a moment.

Oak Felder

More succinctly, “A song is a snapshot of a moment.”

And Covid-times are providing quite the moment to snapshot.

Early on we got songs like Level of Concern from Twenty One Pilots talking about an initial uncertainty of the situation, and Quarantine Casanova from Chromeo making light of it. Glass Animals made Quarantine Covers and later, AJR released Bummerland.

But a general theme was musicians wanting to play music. 

Martin Garrix played on an assortment of roofs and boats around Amsterdam, Machine Gun Kelly played virtually with Travis Barker and later for aliens, Post Malone played Nirvana, David Guetta played to Miami, Steve Aoki played in a foam pit, and the Preservation Hall Jazz Band played Keep Your Head Up.

It’s easy to see that music isn’t quite the same this year. No shows to play, but plenty of thoughts and emotions to share about trying to figure things out.

I used go to a ton of concerts back when they still happened. I love the energy of the music, the atmosphere of the venue, and the creativity of musicians.

Quick aside. You should be proud of what you like and the things you do. It’s the creativity and uniqueness that makes you, you. Don’t be ashamed of being out of the ordinary or mainstream. Be both. You can contain multitudes.

I love music because I love to see what people create. And this applied to people in all creative professions. I am always amazed by the songs, movies, shows, and books people make. But you don’t have to be a Grammy winning record producer to pursue your interests.

Learning to play

I realized a couple years ago that after countless hours of listening to music and going to concerts, it would be fun to try to make music of my own.

And the good news, I learned, is some of the award winners will walk you through their process for creating their industry recognized art. So yeah, you don’t have a to be a pro, but you can still learn from them.

When you listen to music, you’re never alone. When you make music, you find out if you have schizophrenia.

If music is part of the larger social world, I wanted to be part of the conversation (but had to figure out what I wanted to say).

I have some musical background. I played piano briefly as a child, but didn’t stick with it. I tried guitar but never could progress beyond basic chords. I did play trombone in jazz and concert band throughout high school and middle school. I think picking up bass would have translated better instead of guitar. 

I began my musical restart in Winter 2018. I couldn’t read treble and had all but forgotten bass clef. And I couldn’t play piano, but I wanted to be able to.

Since then, I’ve said playing piano is my winter activity because Seattle summers are so amazing. Through quarantine and social distancing I have played more than usual and uploaded 15 songs to Soundcloud, but it’s still tough to sit inside when the weather is so nice. With recent weather making the city look like a scene from Mad Max, staying in has me reflecting on making and listening to music again.

Here’s how I started learning piano and music production.

To set some expectations, my goal is to learn piano, but also understand musical concepts in order to produce songs. I’m also no where near experienced enough to teach people how to do either, so I’ll just pass along the ways I’ve learned how to do things. There are tons of resources out there! These are just a few.

The first book I worked through was the Alfred Adult Course. I made it through the first and part of the second. The Alfred books were great for piano basics, but did not get enough into the theory. I also found I wasn’t very interested in the songs so I wound up going online for music I wanted to play. 

I later picked up the Compete Piano Player which I would recommend over the Alfred books. 

There are tons of digital resources for piano music, but I found that for piano scores both Musescore and Music Notes to be the most reliable and easiest to just open on a tablet and play from the piano music stand. And generally, if you search for “(song I want to play) piano score”, these two sites will be top results. 

With sheet music on stand, I immediately realized I needed to get better at reading the notes. The Music Tutor app is free with ads, and provides a game-ified way to learn notes from the bass and treble clefs tailored to your level of experience. I like it so much that I purchased the option to remove ads. Support those developers!

Beyond just the notes, to better understand key signatures and chords, the Piano Keyboard Guide website is invaluable. Again, it will probably be the first result if you search for “key of (key I’m playing) piano”, but you can always go there directly. This site has diagrams to show the notes in each key and lists chord progressions which is really helpful when coming up with the background for new songs.

With the basics covered I was itching to start moving into music production, but I recognized I had a lot to learn about theory. I also realized, in retrospect, that I was not playing my solos in high school jazz band correctly at all. I should have looked up the notes in key signatures back then. Whoops!

It was about this time that I came across Bill Hilton’s YouTube channel. I learn well by watching people, and watching Bill play while he talked through his lessons jump started my progress. Not only is he inspirational to watch (he’s quite talented), but he is also a great teacher. Bill has a wide range of videos from basics to more advanced topics and he explains each concept in ways any level of piano player could grasp.

Bill also has a book called How to Really Play Piano which has the same detailed information in a well explained format. Plus it’s nice to have something tangible to read. 

Bill’s book is the one I was looking for from the beginning, it only took a while to find. The lessons satisfied my desire to take the basics of playing piano and translate that understanding into learning the structure of writing music.

Granted, I am still terrible at playing piano, reading notes, and writing music, but one of my favorite things to do now is pick a random key, figure out a chord progression, then improvise on top of the chords. It’s this type of informal playing that often leads me to making new songs. 

Learning to produce

I did say you can learn from Grammy winners, right?

Turns out, if you go to the list of 2020 Grammy winners and scroll down to the “Best Arrangement” winners, you’ll find Jacob Collier, who has kindly recorded a nearly two hour breakdown of his Logic session for his, Grammy winning, All Night Long arrangement. And wow, is he talented. Collier says he put together the initial track in one night after procrastinating for weeks.

Logic, (Logic Pro X) by the way, is Apple’s music production software that allows music producers to input sounds, midi, instruments, and vocals, edit all the inputs together, and create a song. Ableton Live is another popular production software.

I was initially using a trial of Ableton, but I decided to switch to Logic after seeing it’s what Grammy winners use 😜.

Non-Grammy winners (but maybe future Grammy winners?) use Logic too, and there are tons of people on YouTube uploading tutorials and making songs using the software. Although, it really doesn’t matter what software people are using in YouTube videos, you can still learn the concepts of music production from someone using Ableton.

One of my favorite music producers on YouTube is Ocean. He uploads multiple times a week, and shows how to create a simple melody then turn it into a full song. 

This brings us back to Oak Felder and his breakdown of the production for Sorry, Not Sorry. Similar to Collier’s breakdown video, Oak pulls up the Logic track for the song and talks through each part of the arrangement, step by step. From the main loop to Demi Lovato’s vocals, Oak shows how each component is edited together into the final song.

These behinds the scenes videos show that musicians put a tremendous amount of thought and effort into getting their songs just right.

Putting in effort and a drive for perfection is best exemplified by Billie Eilish and Finneas talking about making their song, Bad Guy. (Finneas also has another video talking about producing additional songs). The duo makes music in their cramped childhood home, and take great pride in the meticulous details of their music production.

It’s interesting to see how people use different techniques. If you watch the Sorry, Not Sorry and Bad Guy videos, they both touch on the concept of doubling vocals (creating multiple versions of the same vocal track). Oak says he takes Demi’s original vocal track and auto-pitches it up/down to layer harmonies in exact alignment, while Billie and Finneas say they have a rule against pitch shifting, instead opting to painstakingly record each vocal layer separately. But no one knows about it.

Learning to listen

Going into this music creation experiment, I thought that pop songs sounded so easy to make. I learned that coming up with a beat or melody in music is like coming up with a great start-up idea. They’re pretty easy to think of, but execution requires a lot of dedication, learning, and refinement.

I also discovered you don’t need to be able to play like a concert pianist to be able to make songs. You don’t even need to have a piano. Production software like Ableton and Logic Pro X let you “write” the music without any instruments. All you need is a little inspiration and desire to create something new.

A quote that comes to mind from back in my overly philosophical days goes like this:

The more you try emulate others and fail, the more you define yourself.

Me?

Another interpretation I found looking back in my journals is,

Find a someone you admire. Use what you like about them to bring out more of that in you. Use what you don’t like to stay away from those qualities.

A pop psychologist

There is so much to learn from music. The genre and lyrics can impact your emotions, and the production is an artform.

In a similar way that listening to good music can be transportive, playing and creating music, is engrossing and addicting. You can make what you think sounds good. There is a compounding effect. You don’t want to stop.

Outro

Through Covid-times, getting outside to go biking was my daily dose of serotonin. With the Seattle smoke, I’ve nearly lost my mind being inside for days in a row. So to change things up, I’ve now spent an entire afternoon and evening listening to all the music in this post while writing it. The process really has lifted my spirits. And to me, it proves the points: a song is a snapshot of the moment and when listening to music, you are never alone. 

Since this has all been about creating, listening, reflecting, and how music affects your mental state, I’ll leave you with the latest Demi Lovato song (she took my Emojion design for the album cover) and a playlist for solo dance parties (and writing blogs).

Coda

Guess this is a good time to plug my Soundcloud  😉

Keep listening 🎧

Categories
Thoughts

This Is Phishing

Password managers can help you identify when you’re on the site you want, or might be somewhere you do not intend. By comparing the url of the site you’re on, to the urls saved in the password manager, the password manager can indirectly alert you to a suspicious situation.

Here’s an example. In the Robinhood app (which registers on iOS as Robinhood.com), you are prompted for a Wells Fargo account and password.

This sure looks a lot like Wells Fargo, but the password manager (Dashlane) tells you it detected that you’re actually entering this information on Robinhood.com.

If you ever find yourself in a situation where your password manager credentials don’t match or don’t autocomplete on a site where you expect they should, it should set off all sorts of alarms in your head.

This is not the login page for the site you think you’re on.

So then why does Robinhood make it seem like you are entering your information on Well Fargo?

In this case, the app is not trying to steal your bank information (or so they say), instead, it’s trying to help you log in quickly, so you can get back to using the app as soon as possible.

Robinhood, like many other financial apps, uses a service called Plaid (owned by Visa) to sign in to your bank accounts. Plaid touts itself as “The easiest way for users to connect their financial accounts to an app”. Incidentally it’s also the easiest way to condition people to fall for phishing schemes.

“Secure and private”, or “encrypted transfers and no access by Robinhood”, boils down to you trusting Plaid with your financial account information.

Is using Plaid any worse than sending your bank account and routing numbers? Well, at least you can change your password easily enough after giving your old one to Plaid. Changing a bank account is a bit more cumbersome.

Just be aware, the same tricks Plaid is using to make you think you’re logging into your bank can be used by more nefarious actors. And if you’re not using a password manager to help you recognize these tricks, you just might fall for one.

Stay safe. Wash your hands. Wear a mask. And use a password manager 🧼

Categories
Thoughts

Internet Safety Tips

A distancing duck avoids being phished

Lots of weird things just happened at once.

It’s always important to be cognizant of what and who you interact with online, but phishing is way up right now, so be extra careful with emails, links, and articles sent to you that you didn’t initiate or request. And while email phishing is often a main focus for scams, there are additional methods to be aware of and keep in mind. Reseller and rental sites like eBay, Craigslist and Airbnb present similar opportunities for scams, however these scams are crafted differently since you are often the one initiating the contact with an unverified third party (instead of the other way around).

So weirdness, here’s what happened

Over the course of the afternoon, 5 phishy things happened to three different groups of people I know.

  1. Three people in the same family individually received notices that a PayPal, credit card, and Instagram account were hacked.
  2. A friend got an email that someone signed into their Instagram on a new device.
  3. Another fiend stumbled across a Craigslist apartment rental phishing scheme. (The exact one covered in this report. Word for word, save for a change in company name and a different person in nearly identical photos)

This very coincidental timing, but it’s a good opportunity for an internet safety refresher!

Safety tips & reminders:

I shared these with family and friends after all this weirdness, but will aggregate them here.

1. When in doubt, go to the actual site

If you get an email from PayPal (or your bank or Instagram) about an account issue, go to the PayPal website yourself to check out the notification. Don’t click on any links sent to you. You can hover over links to see where they really go, but even then, it can be easy to miss smaII deta1ls.

paypa1

So to be safe, go to PayPal using the app, by searching for PayPal (trusting the wisdom of the search engine crowd), or by manually going to https://www.paypal.com.

Better yet once your are on the PayPal.com that you know is the actual PayPal.com, add it to your favorites and use your own personal trusted bookmark to get back to the real PayPal every time. This way you don’t make a mistake later by mistyping the url and ending somewhere you don’t expect. (And yes, I’m purposefully not linking to PayPal from here. Go build that muscle)

This tip applies to phone calls too!

Summary: It’s your best bet to search for the site/article/etc or go directly to the url if you have it saved somewhere.

2. Use a password manager

You can visit every site you go to as carefully as possible, but if you reuse passwords, one security breach can cause issues across your accounts.

A password manager creates strong, unique passwords for every one of your accounts and securely keeps track of them all for you. You only need to remember your master password to unlock the account.

Some good options are LastPass, Dashlane, and 1Password.

They can also help you more easily change passwords if one is stolen or part of a data breach. You can check to see if your accounts have been part of a data breach using Have I Been Pwned (just don’t enter your current passwords).

Password managers can be difficult to transition to at first, as you need to manually change passwords one at a time, but if you use a password manager solely to keep track of new accounts, you can quickly start to see the benefit.

Read this exhaustive post to learn more before you set up a password manager. A quote:

Password managers are programs that remember passwords for you, along with the email address or other user identifier you use for each account. They make it easier to use strong passwords: those that are sufficiently random, long, and different for every one of your accounts. They also make it easier to lose all your passwords at once, or for attackers to steal all your passwords in one instant.

Summary: See above quote, but you should probably be using one of these.

3. Set up two factor authentication (2FA)

After setting up strong passwords, you can go a step further to safeguard that even if one of your account credentials is compromised, you are still in control of signing into the account.

Two factor authentication satisfies the “something you know, something you have” paradigm for online security (or the first two parts of multi-factor authentication). You know your password and have either a code or USB key or app to verify you are you. If your password is compromised, the second factor of authentication ensures someone with just your password cannot log in.

Needing a second factor can cause problems, however, if you (who is in reality, is you) loses the second factor of authentication. Then you can be locked out just as if you were an attacker.

Also, if multiple people use the same account, two factor authentication can be difficult. With 2FA enabled someone may try to log into an account and the 2FA code can be sent so someone else (which also happened to my family today).

Read this other equally exhaustive post to learn more before you set up 2FA.

Summary: Two factor auth can help keep your accounts secure, but comes with some extra challenges.

4. Keep third party communication within app and website services

This one is related to staying safe when reaching out to others you don’t know online. Talking to strangers! 😱

Whenever possible, keep communication within the app or website service you are using. If buying on eBay, communicate on eBay. If renting on Airbnb, use their chat functionality. Let the site intermediate communication. Don’t share your email or phone number to talk with a third party seller or host outside of the service. Major sites like eBay and Airbnb have measures in place to help you stay safe (and allow you to provide evidence in case of an issue), but only if you leverage their tools.

Be extra cognizant on Craigslist where direct email communication is the standard! I’ll put this Anatomy of a rental phishing scam post here again as a reminder to read it. A quote:

The first red flag was “So we’ll keep our communication to email if that’s ok with you”.

This tip also applied to articles you read or videos you watch. If you aren’t sure of the source, don’t trust, verify 🙃

Summary: There are more signs of a scam than only asking for your bank account and credit card information.

5. Bonus Tip: Use Zoom on your phone or browser

If you use Zoom, you should know that Google banned it’s employees from using the desktop app, and suggests to use mobile or web.

Employees who have been using Zoom to stay in touch with family and friends can continue to do so through a web browser or via mobile

Google’s guidance is to uninstall and block the app completely (maybe because they prefer everyone to use Hangouts 🤷‍♂️). In any case, if you’re interested, here’s how you can uninstall the desktop version on Mac and PC.

A legitimate reason behind allowing mobile and web, but blocking desktop, stems from the fact that mobile and web platforms have security and containment measures in place that limit sites and apps from accessing your underlying device. Whereas apps installed from the internet can do whatever they want after you type in your computer account password to allow higher level device access.

To continue using Zoom on a desktop, here’s Zoom’s support article on how to join a call using your web browser. The link is a bit hidden (and misleading), but it looks like this:

zoom

Summary: Use your phone to show off your Zoom backgrounds

 

That’s all for now

Stay safe. Wash your hands. Wear a mask. Don’t touch your face or click on links in your email 🧼

Categories
Thoughts Travel

Learnings From My First Conference Talk

This past Tuesday I gave my first conference talk at View Source in Amsterdam! It was an awesome experience at an amazing venue in a rainy city where people from all corners of the web came together to discuss many of the challenges, opportunities, and learnings for browsers, web development and the overall landscape of the internet.

I work on creating experiences to help people stay safe and have greater privacy online, so it was enlightening to hear from such a wide range of topics about the web. I’m always impressed by the depth of understanding and passion people have about their subjects of work, and the speakers and attendees at View Source carried an overwhelming amount of inspiration.

Just to name a few, gaming, entertainment, monetization, accessibility, connectivity, and rethinking digital utopianism were all covered. I love hearing about what people are working on. It shows how there is so much to think about and is a humbling reminder that my work is a small piece of a vibrant community.

I was fortunate to attend the conference with a group of us from the Microsoft Edge team. It was a great team bonding experience to get to know others from different parts of the team who I don’t normally work with. While it’s not always possible, I would highly recommend going to conferences with folks from your team. It’s great to have others with a similar frame of reference to talk about new ideas and to be more connected when you get back to work.

My colleague Lillian Kravitz and I spoke about the privacy principles we’ve developed for Edge. Melanie Richards gave a talk about the simple and actionable steps to help make your site accessible to everyone by considering of various contrast and theme settings, and others on the team held “conversation corner” discussions about web compatibility and more. The talks were recorded, and I’ll post a link here when it’s available. (Here it is! And me tweeting about the talk.)

A main theme of our privacy talk was listening, learning, and trying to gain a fresh perspective on a topic we thought we were familiar with. I know I am not at all familiar with giving talks on a big stage, but the aspect of learning something new and having a different perspective on presenting my work still felt as fitting to the process of giving the talk as it did to the contents of the talk itself.

I can come back to more about the talk when the recording is posted, but for now, while the experience is still fresh in my mind, I wanted to reflect on the things I learned, what went well, and what I could improve for next time. Because, yes, giving a talk is exhilarating and this one will not be my last.

IMG_9365

Preparing

Our talk was second to last on the last day of the conference. It’s tough having a time slot late in the day on a later day of a conference (this post and comments came to mind when I learned of our time). You almost need to leave something small to clean up and keep working on during the conference because if you show up on day 1 ready to go, you’ll have to keep your excitement and preparedness high for quite a while.

It would be great to be at peak preparation the night before the talk, but even then, we ended up waiting 8 hours the day of as our talk was at 5pm and the events started at 9am. At breakfast the morning of, excitement needs to be reserved because adrenaline could give out well before the talk. I likened the situation to an athlete or musician where a game or performance is late at night (worth looking more into how they manage energy). You need you energy and focus to be up at an hour different than your normal operating schedule.

Which leads to another interesting aspect of this conference. Traveling to a different time zone can be debilitating for the first few days. Especially when it’s many hours different than you’re used to (And seemingly more-so when going east around the globe?).

I am not one to take naps normally, but when your schedule is turned upside down, naps can be your friend.

Luckily the hotel was nearby the conference theater, so it was easy to go back to sleep. I was conflicted because I wanted to listen to all the talks, but I knew if I wanted to have the energy for my talk, I’d need sleep a bit before we were up.

My pre-talk routine (but maybe not a routine because I only did it once), was check the slides early in the morning before the first talk, listen to the first few talks, go for a nap, head back for lunch, listen to more talks (three hours before ours), regroup for a bit just before getting mic’ed up, the go on stage. Seemed fine. I think the whole process would have been easier in my normal time zone, but this helped manage energy and focus well enough.

The talk

It’s impossible to even scratch the surface of all you need to know going into something you’ve never done before. You have to put yourself out there and figure things out as you go.

There’s a lot of “tribal speaker knowledge” I learned from this first talk. Questions I hadn’t considered asking because they didn’t even come to mind before, and issues I could have mitigated had I known a bit more about the process. All good takeaways though. Makes me want to try again soon to test out my new perspective.

First, I think I was a little too reliant on my slide notes. I wanted to be sure to hit the speaking points we planned, but the talk felt less conversational as a result. The story we were going for lent itself to a more prescription presentation style, as we were sharing a process others might be able to apply, but I enjoyed the more casual and friendly sounding style of some other presenters that was more akin to giving a well thought out answer to a question rather than reading a speech.

Awareness of my over reliance on notes cropped up when, under some unforeseen circumstances, a few of my notes got cut off from the presenter screen. Without the expected cue, I stumbled a bit to keep with the flow I’d practiced when leading from an idea on one slide to the next. This was unfortunate because we checked the presenter screens before the talk, I just missed the few slides that had issues.

But when things don’t go according to plan, you’ve got to improvise! You can’t do a dance and walk off stage. You have to keep going!

Second was a simple problem of struggling with the clicker having issues advancing slides. At one point I thought I was ahead of where I was only to realize I missed a slide. (Sorry folks, that one image transition really made the talk 🙃).

After the talk when we went backstage to the “green room” talking about how it went, in an eye opening detail to me, another presenter mentioned that before his talk he asked the AV team where to point the clicker. I hadn’t even considered doing that. I figured the thing would just work (and I really think it just should), but for such a simple, yet crucial piece of presentation consistency, it was important to understand. This was some tribal knowledge that one who had given talks might know from variance of venues and presentation setups, but for me, it had not even crossed my mind.

Overall though, I think we did well. We connected ideas from other talks in the conference about privacy, collaboration, and the future of the web, and presented our customer focus as a way to reframe thinking about developing experiences. We realized there is always more to learn, and listening to feedback to spur continuous improvement was a common theme encompassing our time at the conference.

So yeah, that was the talk. Lots to think about for next time, but mostly minor tweaks to smooth out delivery. It was a great start to what I am look forward to as the beginning of many more to come. I definitely have areas to improve, and am anxiously awaiting the recordings to come out to kick myself over all the little things I didn’t get quite right. But I’m not going to hark on the mistakes. I’m going to learn from them to make my next talk even better. Can’t wait.

Touristing

Oh, and I mentioned the talk was in Amsterdam!? How about a quick travel update to round out the trip.

Side note, I think the concept of being a tourist and trying to avoid touristy things is funny. Why try so hard? Just go, enjoy the culture, and have a good time!

Side side note, a couple weeks ago at an organized bike ride in Seattle, which I would consider a very local thing to do, I met a couple who traveled from Missouri (I think it was Missouri, can’t remember exactly) who were visiting specifically to do the bike ride. No idea how they found out about it, but I was amazed at their ability to be local tourists. Pretty cool.

Anyway, I really like Amsterdam. The bikes, canals, frites, stroopwaffles, and tiny red cars all come together into a bustling culture. People are friendly, even if I often misunderstand what’s said under a Dutch accent (a taxi driver asked me how long I had to wait for the ride, and I answered I would be returning to the US. Thought he asked where I was heading… Sorry!).

Amsterdam is the first country outside of USA and Canada I’ve now been to twice, and I would definitely go again. Here are some photos from the rainier and sunnier parts of quickly playing tourist while on a trip for work.

Categories
Fun Review Thoughts

Learning to Row

Well this post has been sitting as a draft since the end of last summer. I started classes again, so now seems like a good time go over notes from last time!

On learning a new skill

It’s almost commonplace in Seattle, for people to have read or remembered the story of The Boys in the Boat. The book tells the history of the University of Washington rowing team that competed in the Berlin Olympics in 1936. It captures the feel of the sport through the teamwork, bonds, and drive of those on the UW crew, but also recounts what life what like in Seattle years ago.

Continue reading “Learning to Row”
Categories
Thoughts

Flash Seats Usability, Security, and Privacy

The Quora Conundrum

Quora reported a data breach earlier this month and the company outlined the stolen data, what they are doing, and what you can do in an email to those affected:

The following information of yours may have been compromised:

  • Account and user information, e.g. name, email, IP, user ID, encrypted password, user account settings, personalization data
  • Public actions and content including drafts, e.g. questions, answers, comments, blog posts, upvotes
  • Data imported from linked networks when authorized by you, e.g. contacts, demographic information, interests, access tokens (now invalidated)
Continue reading “Flash Seats Usability, Security, and Privacy”
Categories
News Feed

Facebook Privacy Report from The New York Times

As Facebook is upending the journalism industry, the New York Times is continues their campaign of exposing Facebook’s questionable data use.

Summary from The Download via the MIT Technology Review

https://www.technologyreview.com/the-download/612642/facebook-gave-more-than-150-companies-special-access-to-your-data/

Continue reading “Facebook Privacy Report from The New York Times”

Categories
News Feed

Google transferred ownership of Duck.com to DuckDuckGo

This made quite the ruffle today when Google transferred the domain duck.com to the privacy focused search engine DuckDuckGo.

Google’s ownership of Duck.com was previously a source of frustration for DuckDuckGo, when it would redirect users to Google’s rival homepage instead of DuckDuckGo. Google kindly tried to clear up this confusion in July by adding a DuckDuckGo link to the page. Visiting Duck.com now redirects users straight to DuckDuckGo.

via The Verge

The best part is the previous page for duck.com

Continue reading “Google transferred ownership of Duck.com to DuckDuckGo”
Categories
News Feed

Location Data Privacy in Apps

The New York Times released a report (with some fancy graphics) detailing location data use by apps for advertising, outside the main purpose of the app. Only 10 apps were covered in depth, but the findings reveal how some advertising companies aggregate location data from apps.

Continue reading “Location Data Privacy in Apps”