Half-Elf on Tech

Thoughts From a Professional Lesbian

Tag: freedom

  • Don’t Tread On Me

    Don’t Tread On Me

    Even the non techs have been hearing about Do Not Track lately. The basic idea is that letting advertisers track you is annoying, frustrating, and something a lot of us just don’t want, but moreover, we don’t want random websites doing the same thing! Imagine if you went into Starbucks, and they followed you around to everywhere else you went that day? Starbucks.com could do that, and I personally find it invasive.(I’m not the only one. My friend Remkus goes even further than I do.)

    This is, in part, what that stupid EU law was trying to tackle.

    There are a lot of ways to block that sort of tracking, but the latest way is to use Do Not Track (DNT). Turning on DNT on your browser puts an extra header in your web page requests that says “Don’t track my behavior!” Now, the only real downside is that both your browser and the site you’re on have to agree to these rules for it to work, but with Microsoft in the mix, turning DNT on by default for Windows 8, I think we’re on the right track.
    If you go to IE’s testdrive of DNT you can see the status of your current browser, and all others.

    Interstingly Chrome doesn’t have this yet, and when it does, it will default to track. Safari does that too. It’s weird for me to be saying ‘Microsoft has it right’ but I suspect it comes down to how advertising works. Microsoft really doesn’t need to advertise except to improve their image. Everyone knows Microsoft, and they know Office, IE, and Windows. Apple’s still a small percentage, and Google was a techy thing for so long, I think that’s why their first social network failed. Because Microsoft has such a percentage of non-tech users (i.e. everyone) and because of their bad rep, the best thing they can do to improve everything is start protecting the users more.

    Of course, we all know that being tracked is a function of being online, or even in a store. Physical stores have often watched where people linger to figure out how to better arrange stores, and they ask for your zipcode when you show to understand who buys what. This is all a part of marketing. Of course the problem with online is that the more I search for something, the more I see it in my ads (Google). Why is this a problem? Let’s say I research a MiFi device, find the one I want, and buy it. For the next four months, I got ads for MiFis.

    I should explain, while I have no problem with people tracking me for analytics (I rely on them myself, can’t understand your visitors without data), its what they’re doing with that data that pisses me off. Getting my info to make a better product for me is great. Getting my info to sell to people is not. And that’s why I’m for do-not-track. Or at least ‘Ask to track.’ It goes back to the store. If I go to Office Depot, they ask me for my zipcode or phone, and I can decline. They use that to track me, and if I don’t want them to know that I drove 80 miles to get something, I don’t have to tell them. Online, I should have that same option.

    Sadly, the steam behind Do Not Track is running out. Ten months after everyone agreed this needed to happen, nothing’s happened and that’s problematic. Why did we all go dark over SOPA? Because, at some level, we all believed that the Internet is changing things for the better. And yet, we all promised to have Do Not Track up by the end of 2012, and that sure didn’t happen. Then again, we’re merrily Thelma and Lousie’ing right off a fiscal cliff too, so this really isn’t a surprise.

    I’m actually against ad-blocking software, and yet we’re at the point where I’ve installed it on Chrome, and I’m starting to block people. Oh, I run the other way with this. I only block certain sites (generally I’ve taken to blocking ones that have annoying ‘overlay’ ads) because, again, I get that people need these metrics to make things work, and I too make money off ads.

    In fact, this is yet another reason I use Project Wonderful for my ads. They have a very simple policy:

    Specific tracking of user interactions that don’t involve clicks is not allowed, including view-through tracking, key-modifier tracking, and mouse-location tracking.

    So please, allow ads on my sites. I promise I don’t track you with ads. I do have Google and Jetpack tracking your visits, but that’s just for me to measure how things work on the site, and I will never sell or otherwise use your personal information for my own gain.

  • Social Throttling

    Social Throttling

    Lately we’ve all seen the ads on Facebook ‘Promote this post and have it seen by a wider audience!’ And many of us pish-posh it, because the people who liked us will see our posts, and who needs it. Right? Wrong. Not even 25% of the people who like you, or your page, will ever see your posts if you don’t promote them. What they call ‘organic’ reach is highly limited, especially with their new timelines. The way in which they filter the new timeline is going to make this even harder.

    A lot of people I know had no idea that Facebook limits who can see your posts. When you start combining this with Google’s encrypting of search terms, the easy valuation of your SEO is creeping swiftly into overly complicated. A lot of A/B testing relies on this information and now that it’s being taken away, we’re back to the age old metrics of grabbing people off the street and asking them which sock is whiter.(Of course with on-line prompts to fill out those Q&As, we’ve already hurt ourselves. We’ve all trained ourselves to ignore those ad-like things that get between us and content. But that’s another post.)

    Facebook Ad
    Facebook Ad Example
    Twitter has had ‘promoted‘ tweets for a while, which is probably why they get so tetchy about the other Twitter apps. The concept is that you pay and more people see your tweets. Not a bad model, really, though most of us just roll our eyes and ignore them. Still, all your tweets are just as popular and shared with people who follow you.

    Not so, Facebook. For a long time, Facebook did something kind of similar. Your sidebar has “sponsored” posts, which are just plain ads. If you have a Page, you can pay to sponsor your posts, similar to Twitter, and push your brand. But here’s where Facebook’s a shit-bird: Edgerank.

    The concept is like Pagerank from Google. The more popular, and active, your page/post are, the more they’re worth. But that doesn’t make sense for people, since my brother’s edgerank may be low, but I still want to see all his posts. Supposedly Edgerank doesn’t affect this, but I’m not so sure, given how many ‘important’ Facebook messages I miss. This probably stands out more to be since I don’t visit the site with any regularity. If I have a blog post (like this one) that I push to Facebook via Wordpress, I may go back to see if people commented there. That’s really the only time I notice what’s in my timeline, and while I do quick scan it, it’s filled with cruft.

    What happens on the Death Star stays on the Death Star.
    What happens on the Death Star stays on the Death Star.
    If you’re on Facebook all the time, you’d never notice. If you got Facebook emails, you’d never notice. I don’t meet either of those requirements. If I use Facebook, I use it. If I don’t, I don’t want a hundred emails cluttering up my space, and this is a problem. See, if I don’t participate actively, by clicking like (something I rarely do), then I cause your edgerank to drop and fewer people to see your posts, so fewer of us click like and thus it sucks. They aren’t wrong with their algorithm, as Facebook is a work based on connections. A likes B likes C who shares A with D. That’s how things get around.(If you’re interested in the math, Dan Zarrella did the math and Harvard reblogged it.)

    With that in mind, if you’re trying to improve your ranking for your product, Ari Herzog has a suggestion: Concentrate on interactions. If you have some regular people who leave comments, talk with them. They’ll be more inclined to share and retweet your posts, which gets you better ranking. Remember, we’re working under the assumption that everyone wants to get noticed more for business, and while SEO is not a zero-sum game, there are winners and losers. Concentrating too much on the media aspect of social media is a quick way to lose.

    For the rest of us who just want to communicate with our friends and family, you’re better off getting a blog that emails them directly. At least then the only fear you have is the spam filters. But of course, that falls into the argument of why you should own your own content anyway, and is a post for another day.

  • Stolen GPL

    Stolen GPL

    I made a polarizing comment on Twitter back in November, which was perfectly plain to me, but apparently not everyone else.

    “GPL means that you can fork, but it doesn’t mean you can steal, and you know damn well what theft is.”

    I should have said ‘doesn’t mean you should steal, and you know damn well what that is’ but the point is close enough. Forking in GPL is not only okay, it’s encouraged. Many of us get our starts forking and improving plugins. But there’s a difference between that and stealing someone’s work and presenting it as our own. That’s stealing, plain and simple. If you fork, you attribute. I have a plugin that started as a fork and ended up 100% re-written in a totally different way, but I still credit my original inspiration.

    Why?

    Because of the community.

    Look, per GPL, taking someone’s plugin is not stealing it, in so far as taking the code goes. You have the right to distribute someone else’s code. And I don’t even think that taking someone’s copyright protected work is actually theft. What I do think is that is taking someone else’s work with questionable motives, and rebranding it as your own, is stealing.

    Here’s the GNU’s take on Copyright ‘Theft’:

    Copyright apologists often use words like “stolen” and “theft” to refer to copyright infringement. This is spin, but they would like you to take it for objective truth.

    Under the US legal system, copyright infringement is not theft. Laws about theft are not applicable to copyright infringement. The copyright apologists are making an appeal to authority—and misrepresenting what authority says.

    Unauthorized copying is forbidden by copyright law in many circumstances (not all!), but being forbidden doesn’t make it wrong. In general, laws don’t define right and wrong. Laws, at their best, attempt to implement justice. If the laws (the implementation) don’t fit our ideas of right and wrong (the spec), the laws are what should change.

    I agree with their explanation, and think it’s valid, in so far as it goes.

    Where it breaks down is the motive, as I mentioned before. If I buy a plugin or theme to use, I’ve bought it for the intended purpose. If I buy it to fork, I’ve bought it for another intended purses. If I buy it to sell as my own, now I’ve walked into asshole territory. Per the GPL, this isn’t theft and it isn’t stealing (again, forking is okay). But when you look at it dead on, you’ve taken someone else’s work, with the intent to profit from their work, without any attribution or credit or compensation.

    In any other situation, that would be, clearly, stealing.

    Theft is taking someone else’s property without permissions and with the intent to deprive the rightful owner of it. Obviously we’re not depriving the owner of the product when it comes to software, but we are intended to deprive them of the profits of their software, by circumventing their established ‘sales’ procedure. This works the other way, too. If I take someone’s free theme/plugin and sell it, I’m stealing from them as well. However. In both cases, if I’m not selling the product, but selling my support of it, I’m not stealing anything.

    Stealing is presenting someone else’s works as your own, among other definitions, and taking without right or permission. When it comes to GPL, you have both right and permission to take, that is unquestioned. But again, once you start presenting this as your own, you’ve walked into asshole territory. You didn’t do the work, you didn’t write the code, and you didn’t do anything except copy/paste. That’s not coding. You’re being dishonest, and I feel you’re stealing.

    It’s morally ambiguous and sticky for me to just say ‘this is stealing’ which is why I have to come back to the intent and motive. Am I doing this for altruistic reasons? Did the developer take a walk and abandon their work, and I’m simply keeping it alive? Did the developer reject my patch so I forked it? Or am I doing this because I resent them charging $85 for a plugin when WordPress is free? If it’s that last one, then I’m a thief, because my motive is to stick it to the other guy.

    Separating ‘stealing’ and ‘theft’ is like undoing a Gordian knot. You can do it, but it starts bumping into all sorts of crazy semantics. That’s why, most of the time, we don’t bother. I have a very strong opinion on the subject of code-theft, and always have. I feel that the only way to keep the GPL going is to not only do what’s right, but mean it, and being a good steward of the community, be it WP or Drupal or even Expression Engine, means you have to do what’s right.

    The right thing is to thank the guy who came first. Even an ‘Inspired by a snide comment by Ipstenu’ is being a good steward. You’ve encouraged me to do more by taking the time to recognize my effort. With that encouragement, I’ll go on to do more. It’s positive reinforcement at it’s best.

  • Encrypted Search Terms

    Encrypted Search Terms

    A recent stats viewing, with search terms high-lighted.I haven’t seen a lot of people kvetching about this, which surprises me.

    If you like to look at JetPack’s stats and happen to giggle over your search terms, you may have noticed encrypted_search_terms showing up. Your search terms are what other people use in order to find you. So for example, someone found my blog by typing “forever alone” (which doesn’t make any sense to me, but okay).

    About a year ago, Google made search more secure, by letting you search via https. If you’re logged in to Google anything, you will be searching via https, which means no one knows what you searched for. Jetpack sees it as ‘encrypted search terms’ and Google Analytics sees it as ‘not provided.’ This is all great for the user, and the tin-foil hat me loves it! Except that now all we users see is encrypted search terms, instead of anything of value.

    As the number of people who use Google whatevers grows, the value for my search terms is going to plummet. In fact, taking a look at things, my ‘not provided’ numbers have doubled. It used to be that maybe 1% of searches showed up like this. I was around 13% for an average month in January, and now I’m looking at 30%. I am losing the ability to see what search terms are good for my site, and this makes it hard to manage my SEO.

    Oh. SEO. I hate you.

    I laud Google for doing this and at the same time decry them. Yes, having users protected while they search is awesome, it means my data is safe and it’s less easy for people to mess with me. As a user, I think this is good. As a website guru, I wince a lot. Without the feedback of users’ search terms, it’s very hard to know what does and doesn’t work. And the worst part is the majority of your users don’t even know they’re doing this. They know they’ve signed in to Google email, and they’ve signed in to Google+, and that’s it. They don’t know the ramifications.

    I don’t pretend to be an SEO expert, but what I do claim is to have common sense, and to valiantly fight against the will to be stupid. It’s pretty obvious to me that encrypting my results rips out my ability to, for free and with no cost to my users, be able to determine what works and what doesn’t on the fly. Many times, when I tweak a site, I follow the stats and see what pages are hit more often, by whom, and when. Now there are work arounds to loosing that immediate feedback, but when you think about it, almost all involve you having to pester your users.

    A/B testing is the least intrusive way about it, but for a lot of people, it’s complicated to do on a small, simple website. The basic idea is to ‘draw’ users to two different versions of the same site, and see which one gets more traffic. Max A/B is a good WordPress plugin for that. That said, your users may notice that the site one of them sees isn’t the same as another, and it means you have to up-keep two versions for a while.

    Google Is WatchingGoogle, naturally, isn’t very consistent here. They generate their live traffic information via your cellphones. Whenever an Android user opts into location tracking, Google constantly monitors their location. If a whole mess of users are slowing down on the 405, guess what? Traffic. Now, arguably your data is ‘safe in their hands’, but that’s impossible to prove. If you haven’t yet, read Cory Doctorow’s “With A Little Help”, especially the story “Scroogled.”

    Basically what Google’s saying is ‘You can’t use their data, but we can. Trust us.’ Nothing makes me start to trust someone less.

  • Owning My Data

    Owning My Data

    This post is dedicated to Aaron Jorbin, who donated to help me get to WCSF. Aaron knows that haters gone hate and never lets that stop him. Also: We’ll always have schwarma.

    BricksThere is a reason people call me a Tin Foil Hat. First, I do have a small tinfoil square in my hat (as a joke) but also I have a ‘thing’ about owning my own data, which in turn has surprisingly helped my ‘SEO’ and ‘brand’ over the years.

    While I often cross post links to my content on other sites like Twitter, Tumblr, Facebook, Livejournal and Google, my content primarily lives on my sites. I link back and share some content, but the content is mine and it lives with me on my sites that I pay for, maintain, and support. I really like to be in charge of my data and how it behaves. That’s why I crafted my own mailing list from WordPress and RSS2email, why I use Yourls, and pretty much why the only data I ever outsource is analytics, even though I could use my own.

    Analytics is funny. I have a lot of tools on my server, but frankly they suck. If someone open sourced GA and I could install it on my server, I’d probably use that. I’ve used all the locally installed Analytics tools, and just never really been fond of the interface. Right now, I have GA on my sites and it’s actually the only Google interface I use, save ‘Webmasters’ which is just there in case I get blacklisted.

    You see, I don’t trust Google. I don’t like how they, like Facebook, take all your data. I don’t like their ads which screwed me over big time last year, and I switched to Project Wonderful. I make less money, but I get to approve my ads. Google Ads hit me hard when I said I didn’t want any religious ads on my site. Suddenly my profit went from $60-100 a month to $10-20(For what it’s worth, I make the same money now on Project Wonderful and feel better about the ads.). The point of this is, the larger a company gets, the more funny rules and regulations they end up following. If you read Jane Well’s ‘A Tale of Two Brothers’ and how it relates to construction and development, basically Google started as Brother , and are now Brother . There’s a time and a place for both brothers, sometimes in the same project. And with each brother, you have a comfort level. Some people love flying by the seat of their pants. Others prefer to have a plan. Some of us just want to wear a hat. This comes into play, for me, when I consider my personal data and content.

    One of the schools of thought is that social media is for being social, and your website is for complex, static, content. There is a lot of line blurring these days that didn’t exist back when we just posted on our blogs and replied to comments. Now we can leave comments, or tweet, or share, or a hundred other ways to push our information out there. We have options on how to communicate with our readers. How many of us end up responding to comments on Facebook and Twitter, as well as our blogs? It’s nearly at a point of information overload, and we don’t know where to post this content. There’s clearly a need to balance out your brand promotion and your brand. Will you be diluting your brand by posting all over the place? How do you drive the readers back to your site, engage them, and keep them coming back for more?

    This is where you need to own your data.

    Obviously it’s a good thing to post to Twitter and Facebook and Google+. These are avenues to connect with people, but you need to follow up on them. Recently I had an odd experience with hotels, where a handful tweeted me, asked for contact info to help me with ‘deals’ and never followed up, except for one, who did email me, and got me a great rate, $40 off their normal ‘low’ rate. Guess which hotel I’ll be using? What made this odder was that they said I could get better rates at their website than at places like Kayak or Orbitz. We all know the pain of a hotel is finding one and comparing prices, right? Travelocity and Orbitz said $167, Kayak said $199. I ended up getting $167 but through the company’s website directly. They cleverly both played the system (getting two of the three sites to show accurate prices) and offering the same deal on theirs. By owning their data and content, and letting these other sites feed into their site, they’ve won. They communicated, they contacted, and they put up accurate information that led me back to their site where, indeed, they made a sale (and the likelihood for a repeat visitor).

    Owning your data is controlling your presence. It’s not just remembering not to post that awesome information in just one place, it’s knowing how to ensure that your face is seen, the content is shared, and in no way does it misrepresent you. That last one is why I like to use my own short URLs, and why I dislike Facebook and Google. Think about the advertising on Facebook and Google (and now Twitter). You don’t get to say ‘Never show people ads for things I find reprehensible or scammy.’

    Weather.com Ads
    Weather.com Ads
    Personally I think the world would be better if every company said ‘No more get rich quick ads, or ‘With this one secret tip…’ or outright scams.’ Weather.com is notorious for this. Looking at the ad I screencapped, you can see things that no one in their right mind would click on. And yet these things clearly ‘sell’ or Weather.com would have scrapped them years ago. They feel the trade off between ugly, scammy ads and free content is fair, so they show the ads.

    There are times when not owning your data is alright, but generally those run towards sharing your social media and any analytics. I mentioned analytics before. It’s not just that I don’t like any of the tools I could install on my server, it’s that Google does it better. There are multiple layers I can peel through, and if you’re an analytic junkie, that’s what you want to use.

    Any time you come to a place where you have to decide between owning your own data and letting someone else be the master of your domain, I strongly lean towards self-ownership.

  • The Dangers of Being Uneducated

    The Dangers of Being Uneducated

    This post is dedicated to Rachel Baker, who donated to help me get to WCSF. In lieu of Coke (and a sincere promise of no heckling), thank you, Rachel.

    Like many of these posts, it started with a tweet.

    Just six months ago, a WordPress plugin named RePress, hosted by all4xs, came on the scene. This is hosted at WordPress.org, see WordPress Plugin – RePress, and at the time it showed up, I was seriously worried about it.

    The plugin itself is made of awesome. It’s a proxy service, so if you happen to live in a place where freedom of speech is an unknown quality, you can use your site to serve up pages from other domains and read them, even if they’re blocked. Essentially, instead of going directly to wikipedia.org, you go to yourdomain.com/wikipedia.org, and the content from Wikipedia is requested by your server, not your local IP, so if your ISP is blocking the content, you can still see it. If you’re visual, it’s like this:

    How RePress Works

    This relies on two important pieces to work, however. First, whereever your site is hosted has to have access to where you’re trying to get (that is, if my webhost blocked Wikipedia, this won’t work). Second, you need to know what you’re doing.

    It’s that second point that worries me to no end.

    Look, I firmly believe in freedom of information. Once something has been invented, people are going to figure it out, so giving it to the world to improve upon it is sensible. Patents are just a weird concept to me. To say ‘I invented a thing, and no one else can invent the same thing, and you can only use the thing as I’ve made it!’ just blows my mind. We need to crowdsource our intelligence, share, and improve. It’s the only way to evolve.

    But that’s besides the point. The point is I worry like you don’t know about people being uneducated as to what this plugin does. Regardless of if it’s a good idea or not, it’s a dangerous thing because it has a great deal of power.

    The Pirate BayI have a slightly selfish reason for worrying about it. I work for a company where using a proxy to get to websites they’ve blocked is grounds for being fired. I’m not the only person who has this concern. The worst part about this is if I went to a site that used a proxy, without telling me, I could get ‘caught’ and fired. Oh sure, I could argue ‘I didn’t know!’ but the fact remains that my job is in jeopardy. This is part of why I hate short-links I can’t trace back. A proxy being ‘right’ or ‘wrong’ doesn’t matter, what matters is the contract I signed that says I will not circumvent the office firewall knowingly. Now I have to be even more careful with every link I click, but the uneducated who don’t know anything about this are at a huge risk.

    As Otto would say, we worry about the evil people, the ones who use this proxy to send you to virus infected sites, or places they could hack you. I really don’t worry about them very much. Evil is evil, and people are always going to be malicious. They know what these plugins do and how to use them, so again, my fear is for the uneducated who don’t understand. The people who still open those attachments from usps.com are the people who will be hurt by this. The rest of us will just deal with ‘You work on computers? Mine’s acting funny, can you look at it?’

    My main fear is for the people who don’t really understand how the plugin is dangerous to have on their own site. RePress, in order to prove that their plugin worked, hosted a proxy to The Pirate Bay, a popular torrent site. Near the end of June, BREIN told them to remove the proxy to The Pirate Bay. BREIN, to those of you who are wondering who they are, is the RIAA of the Netherlands. Essentially they’re a Dutch anti-piracy group, and they think that the proxy service to Pirate Bay is breaking the law. It may be. Greenhost, the hosting company behind RePress, and their webhost, is in the Netherlands, and it does fall under that law.(It’s nearly impossible to keep up with all this, but Wikipedia has a nice list of everyone who’s blocking The Pirate Bay, and their status. That’s a real Wikipedia link. In the US, so far only Facebook and Microsoft will edit your links to The Pirate Bay, and only on their services.) As of July 9th, all4xs/Greenhost lost the argument. A court order came in and now there is no more hosting on their site.

    It’s important to understand this Court order only impacts the proxies at Greenhost. There is no action against the plugin itself, and none at any other website using it.

    So why does it worry me?

    Screaming UserI do a lot of forum support, and I can easily envision people getting cease-and-desist orders from the Courts, telling them to remove their proxies. I can see webhosts shutting down sites because they don’t want to deal with the hassle, or because their servers happen to be located in a country where the site being proxied is blocked. And without any effort at all, I can see the users, who don’t understand the risk they’re getting into by running this proxy, screaming their heads off and blaming WordPress because they are uneducated. They’re not stupid, and they’re not evil, they just don’t see the big picture.

    It’s like when I had little sympathy for Blogetery, when it was shut down in June of 2010. They were running an open, unchecked, Multisite, and allowed anyone in the world to make a site, and didn’t monitor their users. Thus, after multiple copyvio issues, and now a terrorism claim, Blogetery’s webhost decided enough was enough and shut them down, impacting around 14,000 people (give or take, I wasn’t able to get the number of splogs on that site sorted out). The point there is that Blogetery screwed up by not taking care of their site. It’s your responsibility to do that, and the less people know about what they’re doing, the more likely they are to screw up.

    I’d be a lot happier if RePress’s plugin page explained the risks. Until they do, I give you my own:

    RePress will let your server to act as a proxy to any website you chose, allowing visitors who would be otherwise blocked by their country or ISP to visit those sites. Please investigate the laws of your country, as well as those of your webhosting company, to ensure you are not violating them. Also remember to review the terms of use for your webhost, and do not provide proxy service to any site (or type of site) that you aren’t permitted to host yourself. If your hosting company doesn’t permit porn, don’t proxy a porn site. While this plugin makes every effort to prevent cross-site scripting, you are expected to monitor the sites you proxy and be aware of their intention. Remember: If you put it on your server, you are responsible for what it does.

    (If RePress wants to copy that and use it as is, or edit it, they have my permission to do so. And they don’t even need to credit me if they don’t want to.)