security and privacy

security and privacy

Warning: Facebook Privacy Settings

Many nerdy people use Facebook. Until recently, Facebook let you set the visibility of posts to “Friends” by default so only people whose friend request you had accepted could see them. This was very important for people who face stalking or harassment but wanted to keep in touch with people they knew through social media. Sometime in the past few months, Facebook changed that setting to “Friends (+)” which allows friends of friends. This roughly squares the potential audience of a post, and means that a stalker, harrasser, doxer, or identity thief just has to become Facebook friends with one of your friends to start seeing your posts! Almost anyone knows someone who accepts random Friend or Follow requests on corporate social media. If they mean “friends of friends of the people tagged” then tagging someone still doubles the number of people who can see a post. Stalkers, tabloid journalists, and other nuisances often follow their target’s contacts on social media in hopes of picking up information.

I’m not an expert on corporate social media, but the only way to limit post visibility seems to be to create a list of Friends and share with them. The option “just people whose Friend request I have accepted” seems to be gone. I can’t find any offline documentation of this change. If you use Facebook and are concerned about privacy, you should probably check your settings and think whether you want to change what you post (and especially who you tag, because tagging someone definitely makes a “Friends +” post visible to their friends). My approach to corporate social media focuses on harm reduction rather than expecting everyone to be a privacy geek. Screenshots are below the fold.

Read more

Automattic is Creepy

This peaceful presenter is in a pickle! Leaving his usual home to be photographed by PA Media, he finds himself trapped in the triple web of an invasive content delivery network! Can he escape with his shiny toy? An example of Automattic’s CDN grabbing and serving an image from a random URL from i0.wp.com/, in this case Sir David Attenborough at https://ichef.bbci.co.uk/news/976/cpsprodpb/125EA/production/_125324257_hi076596136.jpg

On 7 June I learned that Automattic automatically copies images and other uploads to their own servers at the domain http://i2.wp.com/ It does so whether or not the uploads have been shared publicly. Not only that, but it keeps doing this once you move from their hosting with the Jetpack plugin to independent hosting without it. Their pretext is that if they host the same file in many physical places, they can generate your site quicker for people in distant parts of the world, but they keep doing this even if you are no longer using the Jetpack plugin which provides this service. I was completely unaware of this while I was hosting my site with Automattic (ie. WordPress-the-company, distinct from WordPress-the-open-source-software).

Read more

Substack Transmits User Email Addresses in Plain Text

Apparently Substack encourages open discussion threads once a week or month. This has been a common way of encouraging engagement with ‘chatty’ blogs for at least a decade, whether they are hosted by Substack or Blogger or a local web host

At first I thought substack were just good self-promoters. They managed to convince people to lend them more than $80 million to launch a blog platform with 2010s aesthetics. Most blog platforms will deliver posts by RSS or email if you sign up, and paid and unpaid newsletters go back to the 19th century. Getting people with too much money to give you some is harmless, and convincing people to read and write blogs is good. But then @22@octodon.social suggested I should look at their source code and I saw something as beautiful as the tale of Emperor Norton of the United States.

Read more

Building a Website to Last in the 2020s

The site above was last updated in 1997. It still does everything it was designed to do. How many script-heavy, CMS-based websites from 2017 will still be readable in 2041?

My mental health has recovered to the point that I can work on moving the static part of my website onto its own domain name and server. That is good, because WordPress’ web interface has become even more intolerable. Automattic has other frustrating policies, like storing images on their domain not mine (so if I move the site links on other sites to the images break), and editing a customer’s site to stop them from using someone’s legal and most famous name. If you want to see how a computer scientist[1] thinks about this problem, read on!

[1] a scientist with a diploma that says CSC and a resume with “junior software developer” under work experience, at least

Read more

Some Thoughts on “The Smart Girl’s Guide to Privacy”

A snowy field with construction cranes in the distant background beyond a fence

Violet Blue, The Smart Girl’s Guide to Privacy: Practical Tips for Staying Safe Online (No Starch Press: San Francesco CA, 2015) Digita Publications

Writer and journalist Violet Blue is working on a new edition of The Smart Girl’s Guide to Privacy. So even though its a little bit late for Data Protection Day on 28 January, I think its time to dust off my review. Her book has a clear and distinct vision of its audience, and avoids the traps which most writers on security and privacy fall in to.

Read more

Cross-Post: Reddit Breaks Without Javascript

Seems functional at first, but none of the links work and that big sidebar at the left won’t go away! reddit in late April 2018 without scripts.

Sometime in mid-April 2018, Reddit joined the crowd of sites which don’t work without Javascript. Its pages do not appear blank, but none of the links work, and the start of each line in the main part of the page is covered by an almost completely empty column at the left which cannot be removed.

A number of blog hosts have joined this trend recently. Here is Confessions of a Community College Dean at https://suburbdad.blogspot.co.at/ (abandoned July 2019, his essays are still posted at https://www.insidehighered.com/blogs/confessions-community-college-dean as of January 2022- ed.)

Confessions of a Community College Dean without scripts, Note how the body text overlaps the sidebar rather than wrapping at the end of the column. Long paragraphs extend outside the browser window entirely so that only the first 100 or so characters are visible.
Read more
paypal logo
patreon logo