oda: zombie face on a blue-violet plane (personal)
2011-09-11 10:08 pm

Not Much, Really

What I have been up to:

Not a lot.... Health issues, mostly, have had me at basic day to day. Which isn't bad, really, but it means I haven't had a lot of cognitive surplus. I want to be doing more, but pushing it won't help, so I am not.

Because it's mostly busywork and hence can be done as a bear of very little brain, I've done a major cleaning of my Facebook account, because I am still using it (for now) to keep in touch with family, but I don't think their privacy is going to get any better either. So: fixed a lot of settings there, and deleted all of the fluff from my Wall, likes and things, and tried to zap everything that my name points to in public. Ruthlessly deleted anything I'd posted that no one had touched. While none of it is earth shattering in the least, I am not really fond of having a bunch of "I like pie" trivia under my full legal name.

I am not hardcore enough to do some of the things described in danah boyd's post on how "Real Names" Policies Are an Abuse of Power like deactivating my account when I'm not actively logged in, or scrubbing everything off my wall even if other people have commented, or scrubbing my comments off other people's posts. That feels like it's going too far.

Not sure how I feel about Google+ right now. It's a marathon, not a sprint. And hard to think clearly about when I'm on a bad part of my particular health curve.

I would like to be able to think of social networks as only fun and only about the people, and not about the enormous amount of work it takes to have a modicum of privacy, because it wasn't designed in from the beginning. The privacy issue is enormous, and bigger than these sites, and it's going to quietly (and not so quietly) hurt people and a lot of people don't even realize it yet.

I wish it were easier to get my family over here, where I actually feel comfortable, welcome, and included. I like the community on Diaspora, a lot, but still have concerns about the privacy. I like the vibe and community on Subjot. It's short-form and fully-public now but will including private later, and it has delicious topics, just like I wanted baked into Google+. Oh yes, that's another thing I'm trying out, Subjot, but it's been so low-key and easy that I find it's very natural. Though now I tend to reach for it instead of twitter. Longer form than twitter with topics and real comments and a restful UI? Yes, please. I was only going to look but I thought I'd just post one thing and there I still am; I like it a lot.

I've also switched to DuckDuckGo, which is hardly even-minded of me as I didn't try the other alternatives, but I tried it, liked it well enough, liked some features very much indeed, and stopped. Even just switching search engines is a pretty big change for me right now.

The amount of rambling I am doing is probably some indication of why I haven't been posting anything structured lately.
oda: droid icon on blue-violet field (android)
2011-08-27 05:04 pm

Project Google Guinea Pig

My husband has agreed to be a guinea pig!

What does this entail?

Well, he got a GMail account when we got our Android phones a few months ago. He's been using it just for GMail, Android Market, and Docs access. He has fewer apps than I do, and no Google+ posting history, so in short he has less to lose, though losing access to his Android Market purchase history can cost us some real world money. He is worried, having already grown fond of his phone, but resigned to his fate.

He is going to sign up for every Google service we can think of, and do some minimal amount of user activity where meaningful, to have a basic state of being an active Google user on all of them. We will document what that looks like.

Then he will downgrade his Google Profile and see what happens, and screenshot the results. Of particular interest, of course, is what happens to his phone.

This of course happens as we have time and energy, and he is undergoing a Work Crunch™ right now, so it will occur in the usual slothlike question. If anyone is faster than us and wants to try this themselves, please post your results! They might actually end up varying, based on prior evidence. Please don't try this if you've spent a lot of money on Android phone apps and weren't intending to leave anyhow, as it could possibly lose you access to your apps.

Since Google is giving inconsistent information about what exactly is attached to Profiles, let's do a black box test and find out. If anyone has experiences which differ, then we will know that it's probably another bug and can raise that issue with even more urgency -- and perhaps even hope for data recovery on any improperly affected users.

(Mirrored to Google+)
oda: droid icon on blue-violet field (android)
2011-08-27 01:13 am

Leave Your Apps Behind on Your Way out the Door

For everyone who is voluntarily doing a takeout, but wants to keep their Android phone: talk to your app vendors first and see if you can have them switched to a new GMail account, or you will lose your paid-for apps forever. If you are in your grace period on a suspension, requesting a review can get you shut down long before your grace period ends.

It's not warned about anywhere on the data liberation page, but one item of data you cannot liberate is your ownership of any Android apps you've bought.

"Data liberation? What data liberation? Where? Oh.... you’ll graciously allow me to have content I actually created, but not the things I bought and paid for; silly me, here I thought you actually MEANT it. (You’d think I would have learned by now, eh?)" -- Bonnie L. Nadri

Google Checkout does not liberate personal info either.

At least, my name and address remain welded to Google Checkout, even if I delete the credit card. I can't do squat with those fields if there isn't a valid credit card attached. If I add the credit card it auths it then and there to make sure it all matches and won't let me change the address to something that doesn't match and then delete the card.

<extra sarcasm> The place where I most want to see flaky privacy behavior and only a partial removal of personal information is the one attached to not just my wallet name, but my wallet contents. </extra sarcasm>

Current status on my own Android apps:

App vendors have gotten back to me. One didn't get the possibility of losing access to the account so tried to be helpful by trying to tell me to use it as a secondary account. I think they will probably let me move the apps to another account if I lose access, though. But I am not sure if I can go Amazon with them; I need to check and see if they're in the Amazon store. (An app move might not work as well if I've already lost access.) Another vendor has offered me the choice of Amazon or a fresh Google account, which is a fair pick. I don't think there are any independently authed app stores, more's the pity.

Because of the lack of ability to move apps between accounts, this must be done ad hoc for each app vendor, and they are basically doing it out of their kindness of their hearts if they do it at all; nothing is making them do it other than good customer service and decency. So it's heartwarming to see them be accommodating here, and I want to recognize that they are going above and beyond. (In this case it's the makers of Ultimate Todo List and iSyncr.)


Check purchased apps against Amazon store. Dither a while about which I want. I am going to have to do a full migration either way.

Pros of Amazon: Google doesn't get a cut. I won't get cut off from Amazon for using whatever name I feel like. They will probably get better in response to complaints.

Cons of Amazon: Reputed to treat devs worse than Google does. Requires network connection to use any Amazon apps at all (nng). Slower review process so it can take much longer for updates to trickle through. I am going to have to have a Google account for some functions anyhow. Store is limited in selection and hard to search and people game the reviews even more than Google Market. (Kind of a surprise because their physical stuff shop is fine.)

(Mirrored to Google+)
oda: diaspora* icon (stylized asterisk) on a blue-violet field (diaspora)
2011-08-26 03:41 am

Pondering Diaspora's Security

I really love Diaspora, but I have some significant reservations about recommending it to any users who are concerned about the privacy or integrity of their data. I would be thrilled if I were confident enough in it to be able to recommend Diaspora freely. However, I do not yet know enough about its internal structure to feel that I can do it in good faith.

Right now Google+ is having a great many privacy issues and is suspending users right and left in the #nymwars, which means that there are many people looking around for a new home. Diaspora is a strong contender. It's got great basic functionality and a clean UI that Google+ seems to have cribbed from. The privacy model on Diaspora is also great. It's the security that I'm worried about. Users need to know that their data can't be read by anyone they haven't authenticated to read it, and that it can't be deleted or modified by anyone but themselves.

Personally, I also love Dreamwidth, but I know that some people want the ease of commenting that Diaspora has, where all of the comments are kept in a stream, unlike Dreamwidth's more post-centric model. So I want to have somewhere to send people who want that instead, or who want to be able to run their own servers.

We're almost a year out from the Security Lessons Learned From The Diaspora Launch. How is the software doing now, security-wise?

When I go look at The Official Diaspora Wiki there is an empty red link pointing to Security Architecture Proposal. This is not exactly comforting. When is the Security Architecture Proposal due to be posted?

I know that the problems exposed in the review have since been patched, but is Diaspora moving forward in a way that avoids new problems? Has anyone examined the inter-server protocols for security flaws? Where would I go to look for more information on this? I'm not a coder, so I can't simply read the code, but I can usually follow higher level reviews done by coders or architects, and I would love to see a newer security review if such exists.

In my experience, security is immensely easier to maintain if it is built into software from the ground up. This is from the perspective of a system administrator, not a developer, but I have always found it easier to maintain software that started out with the intention of being secure. One example is sendmail vs. postfix. Sendmail started out very permissive, and as abusers figured out how to manipulate it, it became more secure in response. However it has always been troublesome to maintain and more likely to need patching, because that security wasn't part of its core design. Postfix was designed for security from the ground up, and is much less difficult to maintain.

Another issue that was exposed in the early code review was the lack of a design document or commented code. Again, I am not a coder, but I know that documentation is the heart's blood of any team project, and absolutely critical for being able to maintain code. Where is Diaspora as far as documentation goes?

(Mirrored to Google+) (Mirrored to Diaspora)
oda: Chrome tab with a sad face on blue-violet field field (sadchrome)
2011-08-13 10:18 pm

Mostly Procrastination and a Little Research

The Bad News: Another crash day so not a ton of progress, though I got the weekly chores done at least. This is probably where my weekly 'still life with farmers market' would be going if I felt like I was actually welcomed by this service. I was planning to keep doing posts-as-usual, but sadly it feels a little like a farce to continue so I will probably be posting even more boring single issue stuff and less of the rest. It is not as if pictures of what I eat or digressions about my dog are super amazing content anyhow, but while I'm waiting for the next hammer to fall I just don't feel comfortable with it anymore. I will continue documenting my slow dawdle away from disentangling my life from this particular cloud giant.

The Good News: I'm still feeling very engaged with people here, though, and love to read what they post. The gaming community here in general is thriving and beautiful. So I still hope the horse will sing, though that hope seems more silly with each new development. I'm a ways from gone unless I get suspended, so I'll try to grab people's twitter/blogs/etc. on my way out. Feel free to post them here! I have an RSS reader and am on Dreamwidth and Twitter, though the latter in a not very active sense.

Email and Docs Research: I've done some reading up on Zoho and didn't see any egregious wails and lamentations in response to my basic searches for reviews, so I will be trying them out when I get more spoons. They also offer web mail and it is supposed to be very solid. I'm trying to decide between that and a solution that offers me a local store that I then can index. I don't actually know of any good desktop/unix based mail indexing solutions, though. Another solution is that I am planning on going to a different provider soon and they will offer email as well, so I could use them as my back/mirror/archive. Email is actually the least of my problems since I host my own, but Zoho offers Docs replacement as well. Heck, depending on their setup I may be able to do some things I wasn't able to do with Sites.

Phone: I keep staring balefully at it and not wanting to start untangling it. It's enough of a hairball that I am procrastinating. I think the solution is to try to pry my apps out of the marketplace and deal individually with their vendors. I don't have that many paid apps. Or find an alternate marketplace of some repute. I'm not happy with Amazon Marketplace though I like them for other services, so not sure what good alternatives are. Another alternative if I can't find a good marketplace is to try to get the app vendors to re-auth my apps onto a new Google account. Except I'm pretty sure they're all going to force real names all the way through at some point, so I'd prefer having them tied to Google as little as possible. While I don't mind a vendor knowing my full name (they're getting my credit card, after all) I do object to my full name popping up on reviews. Static pseudonym is fine.

Wiki Ruminations: I've also used wikidot which in its paid/ad-free form is pretty sweet. It's pretty ad-infested in its free form, but it's a good general purpose wiki and I don't have to keep patching it or removing spammers, which is the general issue with self-hosted wikis. I can host static content in theory (in practice I probably haven't edited a static webpage since 2006, so while it is up there it isn't getting maintained) but running wikis has historically annoyed me, so having that hosted seems plausible as long as I can export it at will. More research, probably. I won't really miss Sites, as it is is Not Quite A Wiki and lacks some features that I keep really wanting.

Mirrored from Google+
oda: monochromatic field of blue-violet (Default)
2011-08-13 01:35 am

Criticism and Commentary (a small subset)

"Google can not continue with a policy that is so arbitrary that people's real names are rejected, and people's "known as" names are approved one time, and then rejected the next time they are challenged. Nobody wants to invest in a social network which may arbitrarily ban them at any moment."
+Kee Hinckley on the inconsistencies of how the common name policy is enforced.

Video: Is Google+ Killing Anonymity?
+Doug "Krikket" Krick posts EFF's +Eva Galperin's interview on Russia Today.

satiricalbite posts a video "Satire: An Interview with the Folks Behind Google+" -- I find it kind of hard to see the satire in this one, because it's basically what Google is saying. I can't remember who shared this one with me, sorry!

"2007 study says removing anonymity increased hostile interactions by four times that of pseudonymous online discussion."
from +Jay Blanc's post

"Google thinks the freedom of expression is most important value to uphold on the internet. ... We concluded in the end that it is impossible to provide benefits to internet users while observing this country's law because the law does not fall in line with Google's principles."
-- Rachel Whetstone, vice president of Global Communications & Public Affairs at Google, Freedom of Expression on the Internet.
from +Brandon Blackmoor's post on how Google resisted South Korea's real names policy

+Rainyday Superstar, active Buzz user and Trusted Beta Tester, was invited to test Google+ and has had her entire Buzz history vaporized as well as everything else Profiles-dependant. She can't roll back to her pre-test state. If she wants to un-brick her phone she will have to do a factory restore and give it a new account, losing any apps she has purchased through the Marketplace.

"Until Facebook came along, there was hardly anywhere on the public Internet where you had to operate with your real name."
-- +Jeff Iverson

Mirrored to Google+
oda: monochromatic field of blue-violet (Default)
2011-08-12 07:00 am

Non-Progress Progress

Punted on much of yesterday; health is acting up, so no real progress on data liberation other than to do a bit of research. Android liberation in particular is reminding me of how much fun it is to deal with Monsanto; the more I look, the more of a tangle it seems to be. Here, have some links!

Alternatives to the Google monoculture
"Monocultures are unhealthy, whether it’s a crop or an informational system, and privacy is a fundamental necessity to democratic institutions. The Internet is arguably one of the most democratic places ever to have existed, but tracking users – not to mention forcing them to use a government-accepted name – threatens that." -- Leaf and Steel

"They knew exactly what they were getting into, and chose to do it anyway. The stalling, avoidance of the issues, and all-too-rare weasel-worded statements are exactly what I would expect from Vic and the rest of G+ management based on their behaviour pre-launch" -- +K Robert in a comment highlighted by +Collette Lynner

Own Your Own Identity
"But all of these proprietary networks that want to own and hold in your content are reversing much of the web’s progress in some other areas, such as the durability and quality of online identity." -- Marco Arment

Mirrored from Google+
oda: Chrome tab with a sad face on blue-violet field field (degoogle)
2011-08-10 02:18 am

De-Googlefication Step 1.1

Mirrored from Google+.

Mostly I ran around in slow circles like a sloth who couldn't find a tree today. I also fiddled with my circles a bit and discovered to my dismay that +Alis D. had turned into an email-only link. Did she delete or was she suspended? Seems rude to send an invite to find out, either way. I'm not sure if mentioning her here will email her or not. Intentional departures, too, as I crawl away slowly. (+David Leung, +Brandon Blackmoor, you will be missed, but as I am working on prying myself off in my own way I can hardly blame you.)

Dreamwidth: Have created an account to host bloggish stuff. Am still getting it set up. My guess is that this represents the most solid combination of policy, circles, and accessibility -- plus it features threaded comments and real moderation.

I'm not very satisfied with Diaspora -- their privacy hearts are definitely in the right place, but I am not convinced that they know how to write secure code. However if anyone wants to play with their alpha I can now provide invites.

And then I got distracted by the dog. Squeaka squeak squeak!
oda: Chrome tab with a sad face on blue-violet field field (degoogle)
2011-08-09 11:41 am


I thought it would be useful to have a presence here as I retreat from Google+.

(De-Googlefication; see original link for comments and elaboration.)

Taking the recent policy changes as the closest thing to a declaration of intent we seem likely to get, Project Googlefy which I had started prior to my testing of Google+ is now starting a 180 into Project De-Googlefy.

Why? Because as a prior Buzz/Picasa user affected by the fiat policy change, I am dissatisfied by a company that feels that it can make major changes to pre-established user privacy simply by introducing a new service. I would rather be more firmly divested in case they turn those policy changes loose on Gmail, and I'm generally very slow at making changes so need to get started now so I can pick at it in my slothlike fashion and don't end up falling off my comfortable tree-branch if it gets sawn off by future changes that I simply no longer trust Google to refrain from.

Yes, the horse can learn how to sing. But I am not holding my breath waiting for it to do so. As long as some groups of people receive disproportionate harassment and/or outright violence merely for being a member of that group, I am not interested in having a lot of my services tied up with a company that has clearly exhibited it simply does not understand privacy, or that it values privacy less than it values the appearance of conformity. (Especially as I am personally a member of at least one of those groups.)

So, step one: identify services.

  • Gmail: Been using it as a searchable archive/backup to my primary mail, an HTML mail reader (since I am text-only on my primary), a way to skim attachments, etc. I've already identified a potential alternative. There will be not inconsiderable pain in migrating an older archive like mine, given that the tools for migration are throttled down to moving only a few hundred messages at a time (IIRC; hopefully I'm wrong in that and I can let it run unattended.)

  • Docs: Collaboration with others, online spreadsheets. This has been a pretty good solution so far, and only improving as they add features, but I've already identified some alternatives. I don't have a huge store of docs, though some are rather crucial to our workflow, so this ought to be easy to migrate once I find a new home. Version controlled cloud storage could also be a solution here.

  • Android: Well, if I want to use the Android market (and to be honest, Amazon's market is a highly inferior alternative) I have to have a Google account. I guess I need to take a harder look at other smartphone OSes for future phone upgrades? Also I am a lot less excited than I was a month ago about having an Android tablet if apps on it can go suddenly defunct based on a random policy change. I might end up having to hold my nose and go Apple, who is at least predictable in its bad policies, or wait until there's another alternative. I'd been holding off on buying a tablet anyhow until the hardware improved, so this is not a priority. Luckily we are not locked into plans on our android phones, so the cost of switching phones is not excessive if that later becomes necessary. There also may be ways around the android market, by buying directly? Not sure; I haven't done a ton of research here yet.

  • Sites: Honestly I have found the site building software to be inferior to other solutions I've tried, though lower maintenance. I won't miss it very much. It might still be a pain to transition off. I'm glad I stopped adding data into that set when I started testing G+, because it's less to have to remove later.

  • Reader: Surely there is a cloud synced RSS reader solution out there somewhere. I just need to research it. Worst case I can probably run something out of cloud storage of some sort.= Calendar: See Reader.

  • Picasa: Had some sharing options that were pretty unique (or at least not readily available on Flickr), but I probably just need to look harder to replicate them. Will miss the ease of synchronization with a local store, but there might be desktop software out there that syncs readily with other solutions.

  • Google+: There may not be a decent substitute yet, but I can cope. I'll stay on while I document my progress at de-googlefying at the very least, and might stay on past that in the same way as I use facebook: exclusively to keep contact with a few people who are only there, and with my own data sequestered/segmented. Still thinking about where to draw the line on this one.

  • Chrome: This one is a sadness as Chrome puts up with my tab abuse and wimpy out of date desktop far better than Firefox does. Might hang onto this one to the bitter end, hoping Firefox solves some of its issues before I make the leap. Might decide it's all right to hang onto stuff that doesn't require any PII.

  • Search: Left off the original post, and it's important. Also: Ads (which I don't use but other people do) and Groups.