Many nerdy people use Facebook. Until recently, Facebook let you set the visibility of posts to “Friends” by default so only people whose friend request you had accepted could see them. This was very important for people who face stalking or harassment but wanted to keep in touch with people they knew through social media. Sometime in the past few months, Facebook changed that setting to “Friends (+)” which allows friends of friends. This roughly squares the potential audience of a post, and means that a stalker, harrasser, doxer, or identity thief just has to become Facebook friends with one of your friends to start seeing your posts! Almost anyone knows someone who accepts random Friend or Follow requests on corporate social media. If they mean “friends of friends of the people tagged” then tagging someone still doubles the number of people who can see a post. Stalkers, tabloid journalists, and other nuisances often follow their target’s contacts on social media in hopes of picking up information.
I’m not an expert on corporate social media, but the only way to limit post visibility seems to be to create a list of Friends and share with them. The option “just people whose Friend request I have accepted” seems to be gone. I can’t find any offline documentation of this change. If you use Facebook and are concerned about privacy, you should probably check your settings and think whether you want to change what you post (and especially who you tag, because tagging someone definitely makes a “Friends +” post visible to their friends). My approach to corporate social media focuses on harm reduction rather than expecting everyone to be a privacy geek. Screenshots are below the fold.
On 7 June I learned that Automattic automatically copies images and other uploads to their own servers at the domain http://i2.wp.com/ It does so whether or not the uploads have been shared publicly. Not only that, but it keeps doing this once you move from their hosting with the Jetpack plugin to independent hosting without it. Their pretext is that if they host the same file in many physical places, they can generate your site quicker for people in distant parts of the world, but they keep doing this even if you are no longer using the Jetpack plugin which provides this service. I was completely unaware of this while I was hosting my site with Automattic (ie. WordPress-the-company, distinct from WordPress-the-open-source-software).
At first I thought substack were just good self-promoters. They managed to convince people to lend them more than $80 million to launch a blog platform with 2010s aesthetics. Most blog platforms will deliver posts by RSS or email if you sign up, and paid and unpaid newsletters go back to the 19th century. Getting people with too much money to give you some is harmless, and convincing people to read and write blogs is good. But then @22@octodon.social suggested I should look at their source code and I saw something as beautiful as the tale of Emperor Norton of the United States.
My mental health has recovered to the point that I can work on moving the static part of my website onto its own domain name and server. That is good, because WordPress’ web interface has become even more intolerable. Automattic has other frustrating policies, like storing images on their domain not mine (so if I move the site links on other sites to the images break), and editing a customer’s site to stop them from using someone’s legal and most famous name. If you want to see how a computer scientist[1] thinks about this problem, read on!
[1] a scientist with a diploma that says CSC and a resume with “junior software developer” under work experience, at least
Violet Blue, The Smart Girl’s Guide to Privacy: Practical Tips for Staying Safe Online (No Starch Press: San Francesco CA, 2015) Digita Publications
Writer and journalist Violet Blue is working on a new edition of The Smart Girl’s Guide to Privacy. So even though its a little bit late for Data Protection Day on 28 January, I think its time to dust off my review. Her book has a clear and distinct vision of its audience, and avoids the traps which most writers on security and privacy fall in to.
Sometime in mid-April 2018, Reddit joined the crowd of sites which don’t work without Javascript. Its pages do not appear blank, but none of the links work, and the start of each line in the main part of the page is covered by an almost completely empty column at the left which cannot be removed.