Shallow Thoughts : tags : privacy
Akkana's Musings on Open Source Computing, Science, and Nature.
Mon, 01 Oct 2012
I wrote, some time ago, about making
as an alternative to shredding sensitive paper material that also
helps keep you warm in winter.
We recently got pulled in to help with disposing of quite a large cache
of sensitive paper, and have discovered a much faster method than the
"let sit and stir occasionally" technique.
The trick is to use hot water, ideally with a little soap added.
Hot soapy water breaks down the paper quite quickly; the soap helps
it break down, and may also help the paper stick together better
as it dries.
Stir the mess around a bit, and in as little as a few hours you can
fish up handfuls of paper goosh them into nice compact tennis balls.
(Though if you can let it sit overnight, so much the better.)
Try to squeeze out as much water as you can,
and keep the balls reasonably small, so they'll dry quickly.
Ours have been ranging from tennis ball sized to softball sized.
Then put the fireballs out in the sun to dry. We have them on a tarp
in the backyard. If anyone visits, tell them it's an art project.
They feel fairly dry on the outside after a day or two, but of course
the insides are still wet -- I'd let them sit for at least several weeks
before throwing them into the fireplace. Don't want to smoke up
the house! Fortunately, with temperatures in the nineties, I don't
think we'll be needing the fireplace terribly soon.
Do check first whether your bucket's in reasonable shape. The first bucket
we tried turned out to be brittle, and the bottom exploded a bit after
putting the paper in. Oops! Brittle Bottom Syndrome seems to be a
common fate of buckets that sit out in the backyard for too long.
But at least this photo shows the state of the paper after a short
time sitting in the soapy water. I don't think anybody's going to be
reading names or credit card numbers off any of these documents,
whether or not they're gooshed into a ball.
We're accumulating so many fireballs that I'm hoping to try burning a
pyramid of them some time this winter.
[ 14:55 Oct 01, 2012
More misc |
permalink to this entry |
Tue, 13 Sep 2011
What do you do about all that mail -- junk and otherwise -- with
incriminating information on it? You know, the stuff with your name
and bank account numbers and such that you don't want an identity
thief to get? If you toss them in the recycling (or, worse, the trash),
who knows what might happen to them between here and the recycling plant?
Some people buy a shredder -- an electric lump of a thing that sits in
a corner and turns paper into streamers. I guess it sounds kinda fun,
but it costs money, uses electricity and takes up space. Or you can
take all the assorted bits of paper and burn them in the fireplace
or barbecue, but that's kind of a hassle and it makes a lot of ash
A few years ago, Dave came up with what we think is a better idea:
we make the paper into condensed paper fire-bricks, which we then burn
the fireplace. They burn much cleaner and more slowly than those
bits of paper, and they're fun to make. Here's how.
First, you collect a lot of paper -- we keep a separate wastebasket where
we crumple all the papers (no need to shred them).
When you have enough to start a batch, put the papers in a bucket
or other container, and fill with enough water that the paper is covered.
Let that sit for a while -- a week or two -- stirring occasionally
(maybe twice a day). Ideally, you want the paper to break down to a
soup in which you can't read any of the incriminating text.
But if you get impatient, you can move on to the next step little
early as long as all everything has gotten soft and the paper is
starting to break up.
Once everything's soft and soupy, you want a mold of whatever shape you
want your eventual brick to be. Cardboard ice cream containers
(pictured here) work nicely, or you can use a bowl, a small bucket,
Transfer the wet mush into your mold, squeezing out as much excess
water as you can. The drier you can get it, the less time it will take
to cure. Pack it into your mold as tightly as you can (understanding
that if you're using a cardboard ice cream container, it can't take
much packing of wet stuff).
Put the mold in a sunny place in the hard to dry, if possible.
You can speed the process along by using a mold that lets excess water
drain, or by compressing the mush every so often (once or twice a day)
and letting any water run out. Early on, we put weights on top to
keep the mush compressed, but it doesn't seem to make that much difference.
When it seems quite dry, remove it from the mold. (This mold is an old
microwave popcorn making bowl that cracked, so it's no longer good
for making popcorn.)
Early on, we thought it might be interesting to pack in some other
flammable material, like bits of wood and nutshells left over from
That gives you a lumpy breccia (the lower brick in the picture)
that doesn't burn very consistently, because it's full of holes.
Not a good idea, as it turned out.
The upper brick in the photo is what you get if you let your soup
dissolve for a long time and don't add any lumpy stuff to it: a
nice smooth brick of pressed paperboard. It's okay to add a bit
of small soft stuff like dryer lint. But skip the nutshells --
those can go in the compost bin or yard waste container.
Your final brick, removed from the mold, should be a nice homogeneous
piece of paperboard. It's still fairly light and not very dense ...
but it burns smoothly and cleanly, and doesn't send sparks up the
chimmney like those original bits of paper would have.
Save on heating bills? Well, if you make paper bricks all summer, by
winter time you'll probably have saved up enough to burn for ...
maybe an hour or two. No, this isn't going to heat your home.
Still, it's an amusing, inexpensive and electricity-free way of
disposing of that pesky printed privacy-pilfering paper that plagues us all.
[ 09:43 Sep 13, 2011
More misc |
permalink to this entry |
Fri, 27 May 2011
I'm just now finding time to write up some of my notes from
PII: Privacy, Identity and Innovation
PII was a fabulous conference, fascinating and well run.
It was amazing to be in a room with so many people who actually
care about these issues.
There were two days of speakers and panels, most of them in the same
room, which surprised me: usually conferences have multiple tracks to
give you lots of choices. But I ended up being glad for the single track.
Almost all of the speakers and panels were interesting, including some
I might not have chosen on my own. I had my
laptop along with some projects I figured I'd work on during the boring
sessions -- but that never happened. I didn't even get time during
lunch or breaks -- too many fascinating people to talk to in the hallways.
Then Saturday was "Privacy Camp", a less formal "unconference" full
of round-table discussions about some of the issues raised during
the regular conference. Conversations were lively and informative.
Usually after a conference I have a couple of suggestions for improvement.
For PII I really can't come up with anything. The website
was very informative (they even had detailed parking information),
everything ran pretty close to on time, rooms were easy to find,
they had an A/V crew recording everything, and wow, that Thursday lunch.
Plus: Best. Badgeholders. Ever. Great job, PII organizers!
And I couldn't help but notice the gender balance:
a third of the speakers were women,
and by my rough count-of-nearby-tables, women were close to 40% of the
attendees. At a tech conference! That's about double most conferences.
Most of the women I talked to were entrepreneurs, many with a history
of successful startups already, plus some researchers and a few developers.
The opening talk was worth getting up early for: Julia Angwin, the
journalist who wrote the Wall Street Journal's excellent "What they
know" articles, discussing the research that led to to the series
and what they've learned from it.
Later, once the panel discussions got started,
the biggest takeaway from the conference was a question mentioned early on:
"Were users surprised? When were they surprised?"
Sometimes companies say they care about privacy, but haven't thought
much about user expectations.
Asking yourself this question is a great test of how well you're
really protecting user privacy.
Privacy statements don't work
One of the panels I wouldn't have chosen that was unexpectedly
interesting discussed web site privacy statements.
First, M. Ryan Calo of the Stanford privacy center presented a study
on user behavior with regard to privacy statements.
They tried several different types, on websites of very different designs,
to see what worked best for users.
The upshot? "We couldn't test how well various privacy statements worked,
because no users clicked on them. Zero."
Then Aleecia McDonald of Mozilla presented a study where
they tried structuring privacy statements in different ways
to make the information clearer to users. How can you improve on the
"natural-language" policy you see on most websites, consisting of
several pages of dense obfuscated text? They tried hierarchies
where they showed the basics and let users click through to the details;
interactive pages where you could expand and contract sections or mouse
over a category to see more;
colored tables, cute icons, the works. They found that most of the seemingly
easier formats were actually worse than the long natural-language
expositions no one reads.
If you make the page interactive, users won't expand
the sections and won't find the important mouseovers.
If you make sub-pages, users won't click through.
If you use icons, users won't know what they mean.
But too often, they'll end up thinking they understand,
making assumptions about the details that don't match what's really in
the policy. So most simplified, "user-friendly" policies are actually
worse than a dense wall of text.
The only style that tested slightly better than natural-language policies
was the "Nutrition label" style, where they presented several aspects of
privacy with ratings for how good or bad the site was.
I felt sorry for the two panelists after Ryan and Aleecia, who were
there to show off their cool hierarchical privacy statement page designs.
They'd obviously put a lot of work into trying to make their policies
clearer ... but we'd just been convincingly shown how ineffective such
policies really are.
How to be stupid much faster
One panel discussed big data collection, and some of the ways
data can be misused. Someone (Beth Givens?) related a story of a family
arrested for marijuana growing after their power company's algorithms
flagged them as suspicious for their heavy late-night use of power.
Turns out they just had two teenagers who liked to stay up late
playing video games.
Terence Craig, in my favorite quote from the conference, quipped:
"It used to be that it took weeks to accumulate that data.
Now you can be stupid much faster."
I enjoyed a workshop given by Brian Kennish of Disconnect and Calvin
Pappas of SelectOut about their projects. Disconnect arose from a
chrome browser extension, Facebook Disconnect, to block Facebook
tracking from widgets on third-party sites. SelectOut also arose from
a chrome extension, making it easy for users to opt out of all the major
advertising networks at once. The workshop turned into a lively
discussion of opt-out versus do-not-track solutions, and what
future directions might be.
In another workshop, Martin Ortlieb described a Google study comparing
attitudes toward privacy of people in several countries. Someone in the
audience asked a question about data being collected and held by
government agencies versus private companies. Martin commented that
attitudes in the study tended toward
"I'd rather companies have my data, because then the government might
regulate how it's used.
If the government has it, no company's going to regulate it."
Someone mentioned that Mozilla didn't seem to be taking "Do not track"
very seriously, hiding it in the Advanced preferences tab, not under
Privacy where you'd expect it. Why? Later we heard that Mozilla is
listening to those concerns, and Firefox 5 will move Do Not Track to
the Privacy tab.
Esther Dyson: "Personal data can be traded; reputation can't.
Reputation is not a currency." She was responding to someone who
described a business model involving trading reputation points.
M. Ryan Calo:
The government doesn't need a warrant to access your webmail if it's
older than 6 months, something most webmail users don't realize.
Finally, Raman Khanna observed:
kids get tattoos, then when they're older they pay a lot
more for laser removal services.
There will be data services like that. "You were stupid
when you were in college, and you put all this info online.
We'll clean it up for you."
A good insight, and it reminded me of the old threat they used to give
us in school (do they still say this to kids?)
"This is going on your permanent record."
Nobody was ever sure what this permanent record was or why anyone would
want to look at it. I wonder if mine still exists somewhere?
[ 10:32 May 27, 2011
More conferences |
permalink to this entry |
Tue, 05 Aug 2008
The tech press is in a buzz about the new search company,
Cuil (pronounced "cool").
Most people don't like it much, but are using it as an excuse
to rhapsodize about Google and why they took such
a commanding lead in the search market, PageRank and huge
data centers and all those other good things Google has.
Not to run down PageRank or other Google inventions -- Google
does an excellent job at search these days (sometimes spam-SEO sites
get ahead of them, but so far they've always caught up) -- but that's
not how I remember it. Google's victory over other search engines
was a lot simpler and more basic than that. What did they bring?
Most of you have probably forgotten it since we take Google so for
granted now, but back in the bad old days when search engines were
just getting started, they all did it the wrong way. If you searched
red fish, pretty much all the early search engines would
give you all the pages that had either red or fish
anywhere in them. The more words you added, the less likely you
were to find anything that was remotely related to what you wanted.
Google was the first search engine that realized the simple fact
(obvious to all of us who were out there actually doing
searches) that what people want when they search for multiple words
is only the pages that have all the words -- the pages that
have both red and fish. It was the search
engine where it actually made sense to search for more than one word,
the first where you could realistically narrow down your search to
something fairly specific.
Even today, most site searches don't do this right. Try searching for
several keywords on your local college's web site, or on a retail site
that doesn't license Google (or Yahoo or other major search engine)
Logical and. The killer boolean for search engines.
(I should mention that Dave, when he heard this, shook his
head. "No. Google took over because it was the first engine that just
gave you simple text that you could read, without spinning blinking
images and tons of other crap cluttering up the page."
He has a point -- that was certainly
another big improvement Google brought, which hardly anybody else
seems to have realized even now. Commercial sites get more and more
nobody notices that Google, the industry leader, eschews all that crap
and sticks with simplicity. I don't agree that's why they won, but
it would be an excellent reason to stick with Google even if their search
results weren't the best.)
So what about Cuil? I finally got around to trying it this morning,
starting with a little "vanity google" for my name.
The results were fairly reasonable, though oddly slanted toward
TAC, a local astronomy group
in which I was fairly active around ten years ago
(three hits out of the first ten are TAC!)
Dave then started typing colors into Cuil to see what he would get,
and found some disturbing results. He has Firefox' cookie preference
set to "Ask me before setting a cookie" -- and it looks like Cuil loads
pages in the background, setting cookies galore for sites you haven't
ever seen or even asked to see. For every search term he thought of,
Cuil popped up a cookie request dialog while he was still typing.
blu wanted to set a cookie for bluefish.something.
gre wanted to set a cookie for www.gre.ac.uk.
yel wanted to set a cookie for www.myyellow.com.
pra wanted to set a cookie for www.pvamu.edu.
Pretty creepy, especially when combined with Cuil's propensity
(noted by every review I've seen so far, and it's true here too)
for including porn and spam sites. We only noticed this because he
happened to have the "Ask me" pref set. Most people wouldn't even know.
Use Cuil and you may end up with a lot of cookies set from sites
you've never even seen, sites you wouldn't want to be associated
with. Better hope no investigators come crawling through your
browser profile any time soon.
[ 10:10 Aug 05, 2008
More tech |
permalink to this entry |