Keybase: Reinventing PGP For the 21st Century?

Let’s face it, PGP is pretty old school. It’s like pocket-protechor old-school. I’ve personally taken several runs at trying to get PGP up and running. The problem has always been: once I get PGP working, there’s nobody to send encrypted email to. PGP just has never had enough scale to get even close to mainstream. Enter keybase, which is trying to revolutionize the way people use and think about PGP with a friendly web site and integration into services such as Twitter, reddit and github. I finally cajoled an invite out of a friend today and have been giving it a whirl.

My first impression is that Keybase does not entirely solve the problem of making public-key encrypted email work better. For one: if you want to incorporate PGP email into Apple Mail, you still have to download and install GPG tools, and the command line keybase tools (which require Node and NPM). And though there is some integration between the GPG tools and the Keybase tools, it’s fiddly and requires lots of command line usage (e.g. to make sure people you “track” on the Keybase web site also have their public keys imported into your GPG keychain so you can send them encrypted emails from within Apple Mail. AND you have to use GPG tools to manually add additional email addresses into your key, if you generated the key with Keybase. So that’s a pretty high bar if you want seamless PGP email from the desktop. I haven’t even tried to get it running on any of my mobile devices yet – which will definitely mean moving to a new email client (or just not being able to access encrypted emails on mobile, which is not ideal). There’s a lot of work going on to remedy these issues if the github issue threads are any indication.

What Keybase does allow you to verify PGP signatures without physically validating fingerprints in person, though proofs you add to your social networks.

Anyway, I now have some keybase invites. If you would like one, please message me in some way and have a look yourself.

Tagged with: ,

Mixed Feelings About the UK Government #Cyberstreetwise Campaign

Tube Ad for Cyberstreetwise campaign

Watch out for spammy emails! Or mimes!

So the UK government seems to have launched a new public awareness campaign dubbed #cyberstreetwise  (evidenced by posters in the Tube I spotted this weekend). The campaign’s web site is : Bonus points for a https URL. Negative points for choosing a “.com” domain instead of a more appropriate “” or even “.uk” domain.

So first of all, I was confused initially about who was supporting it. The logos at the bottom left panel include HM Government but also the more recognizable Facebook and Twitter logos (without explanation) which seems (to me) to mean “this is being sponsored by the government, Twitter and Facebook” or possibly “this is a government initiative with sponsorship provided by Twitter and Facebook.” In fact, reading the web site, it appears that neither Twitter nor Facebook have any formal role, so the presence of their logos is somewhat mystifying. I Suppose they just mean “we are on Twitter and Facebook” but honestly, these days who isn’t? [Side note: what is up with random Facebook and Twitter logos on things?  See my Twitter update on this topic that seemed to “go viral” earlier today.]

But putting this to the side for a second, I really don’t know what to make of this campaign. On the one hand, it’s exactly the kind of public awareness campaign thatI feel is needed. People need to start getting more aware of the the web basics, especially around privacy, e-safety, scams. use of strong passwords, installation of updates and use of security software. So yes. Great. But the information provided doesn’t seem to cover a lot of the key basics that I would think need to be covered. For example, under “privacy” i find no mention of private browsing modes or when you might want to use them, and no discussion of tracking on the web.

Tube Ad for Cyberstreetwise campaign

Download all updates at all time, cyber-citizen!

Under “keeping your child safe online” I see “Parental controls are available through your internet provider.” but no mention of Apple’s built in parental controls. More importantly, the text on this screen looks like a placeholder. As I’m leafing through their site, I’m asking “where is the actual content?” It feels like this could be a good use for wizards or possibly a cartoon. Also this campaign seems to be aimed both at businesses and families, and those are two different groups with different needs – so that’s weird. Finally some of the advice is a little questionable. For example: always download updates. Yes, but: sometimes phishing scams can masquerade as software updates as a vector to get malware into your computer. I know that’s a difficult message to package into a Tube advert, but it feels like the messaging could be better thought through. “Sign up to security software provided by your bank, such as Trusteer Rapport.” No. No, no, no. Judging from my experience with the software my own bank was trying to push me, I don’t think this is good advice – at all. Rather, how about educating people about how they can click on the padlock icon in their browser to verify the provenance of that certificate.

So I haven’t done a rigorous analysis of the whole campaign, but I’m of two minds about what I’ve seen so far. On the one hand: yes, it’s needed and yes, some good info. On the other hand some of the info provided makes me suspicious about its provenance and whether or not it has all been fact-checked by actual domain experts.

What do you think? Leave a comment here or on my Google+ post.

Tagged with: ,

HTML5 is done, but two groups still wrestle over Web’s future – CNET

#HTML5  goes to "Rec." Definitely worth celebrating. But also, Web Standards are messy. This CNET article by +Stephen Shankland really does a good job of peeling that back. Bonus points for featuring a #w3cmeme .


The World Wide Web Consortium finishes an update to this seminal Internet technology, but with two organizations in charge of the same Web standard, charting the Web’s future is a mess.

“Anonabox”: One-Stop-Shop for Internet Privacy?

According to The Verge, the “Anonabox” Kickstarter is Trying to be a One-Stop-Shop for Internet Privacy.

So the hacker in me loves the idea of this, but actually I think it’s probably over-kill (and an over-promise) for most people’s web privacy needs.

First of all, if you want to surf the Web through the Tor network you just have to download an install the Tor browser bundle ( – also see this Guardian article from last year: . This application download actually pairs a heavily customized (with additional anonymity-enhancing features) Firefox browser with the Tor networking software. But even that is overkill for most casual “private browsing.” If you are just trying to search privately (for example, for medical-related topics that you don’t want showing up in your ads the next time you search the web) then the private browsing modes that now come as standard with modern browsers (Chrome calls it “incognito”) are perfectly fine. What these modes don’t protect you from is your network provider (ISP) snooping browsing. Tor does encrypt your network traffic (to the Tor service) but it comes with major downsides such as slowness. Because of the way Tor works, routing your traffic around the Internet until it finally pops out onto the public Net at an “exit node”, your traffic will also appear as if it’s coming from another country than the one you live in. So for example if you live in the UK you will find BBC iPlayer will not work through Tor. Also if you run all your traffic through Tor but don’t use private browsing modes, or Tor’s special browser build, then you are still exposing yourself to tracking through cookies, fingerprinting and other techniques.

But if you do use TorBrowser it also blocks certain technologies such as Flash player, so it’s a trade off.

Basically people need to gauge how much privacy they need in a given situation and employ the right tool for the job. Unfortunately it doesn’t look to me like anyone is working to drive general public awareness of Web privacy these days, which is a shame.

Tagged with: , ,

Yosemite Hand-off and tel: URIs

Just playing around with the new “hand off” (I guess this falls under) feature in IOS8 / Yosemite. If you have a phone number in a web page suitably marked up as <a href=”tel:…”>link</a> and visit that page with Safari, clicking on the link will automatically send you to the FaceTime calling application which will start calling the number from your (i)phone with the audio piped through your Mac. Very neat trick!

Tagged with: , ,

How to create your own URL shortener

This article from The Next Web is a good write-up of different options available for creating your own URL shortener. I’m a big fan of short URLs, but I think one of the draw-backs can be that they create a more “brittle” web – that is, if the URL shortner service (such as you use goes out of business then all the URLs you’ve shortened and shared through various means become useless. Conversely, sites such as the NY Times and BBC have created their own short URL mechanism, on top of a domain they own ( and respectively), to facilitate sharing. This allows those organizations to keep the short URLs they mint active as long as the organization (and the Internet) continues to exist (which is about as much as you can hope for). Making it easier to host your own domain name shortening service and to own your own short URLs can only be a good thing. But URL owners still need to remember that once a URL (short or otherwise) is out there in the wild it needs to be maintained, even if a site’s structure changes. CF “cool URIs don’t change”:

Tagged with:

Fun with the Nest Smoke Alarm

Picture of the Nest App showing "smoke" alert.

For reference: this is what you DON’T want to see on your phone.

So I get a notification on my phone today that my (relatively newly installed) Nest Protect smoke alarm is going off and there is “smoke in the hallway.” This happens to be the day we have a cleaner in in the morning and nobody else is in the house. Going into the app, I saw that the alarm had been “hushed” (presumably by the cleaner) so I immediately suspected that house was not, in fact, burning down. Got in touch with the cleaner and she reported that there was no smoke but that the alarm kept going off. Luckily I was able to come home and check out the situation. Indeed, when I came home the alarm was freaking out and the air was completely clear. I took the unit outside just to be sure and it still kept going off. I turned the unit off and then on again (channeling the IT Crowd) and still the alarm was going off. So I called customer service. I found the customer service number buried on their web site (and also a US number with no dialing prefix so I had to know how to dial it – not ideal for a UK customer). Once I got through to an agent, they were super-helpful (even though it was the middle of the night for them), took me through a check-list and swiftly arranged for a replacement unit to be sent out to me. I’m still not sure whether the unit was faulty or if it was something the cleaner unintentionally did that set it off (e.g. a cleaning product that somehow damaged the sensor?) In any case, I’ll install the replacement unit and see how it goes from there. Stellar customer service notwithstanding, I am a bit concerned.

Tagged with: ,


I am starting to really love +Quartz! Here is a news provider that is reporting on stuff I'm interested in, as a fantastic well-designed (responsive, #html5 ) Web site with innovative features such as infinite scrolling, links to their sources, provides easy to copy short-links to all their articles, comments and annotations on individual paragraphs… They are really pushing the Web platform as a for #journalism in an interesting direction. My wish list includes better support for off-line capabilities, push notifications on platforms that support them, more video, deeper social integration (see what people are saying on Twitter/etc.. right now about this article), better performance on mobile browsers and on the editorial side more in-depth analysis. #blogthis

Quartz is a digitally native news outlet for the new global economy.

Can More Things “Just Work” in 2014?

One of my main hopes for 2014 is that things should start working better. In many ways, I feel that both iOS and Android have taken a step backward in achieving this ideal this year.

One notable example I ran into was in trying to get photos off of my wife’s Samsung Galaxy (Android) phone and into iPhoto on the Mac. Intuitively, it should just work. You should be able to plug a Samsung phone into the Mac via a USB cable and iPhoto should just start importing the photos. This is how it would work if you plugged in a Samsung (or any other brand) camera. When I took to Twitter with this issue I was told by some Googlers (“Oh – it’s easy! Just download Android File Transfer for Mac!”). Riiight. That’s kind of missing the point. There already is a perfectly good way of doing this – a way that “just works.” The introduction of a new step, or series of steps, or new pieces of software, move us away from that ideal. How exactly are regular people supposed to use this stuff? How would I, as a non-technical user, know that I am supposed to download this special application, which is not mentioned anywhere on the phone’s interface? If the answer is “you just have to download XYZ application and install it, then go through an extra set of procedures whenever you want to get photos off of your phone into iPhoto (which is the Mac application that most people use to manage photos, since it ships with every Mac), then I think we’ve lost sight of something. And what is this in service of, anyway? Possibly to lock the user in to a specific ecosystem? In this example, both Samsung and Google have provided different pieces of software for me to get my photos off the phone, so the user is caught between two competing ecosystems.

Again, this is only one example of what I feel is a trend away from plug-and-play and intuitive usability.

Another example of this move away from intuitive UI has been the numerous issues with IOS 7. I tweeted about my email accounts disappearing, which seemed to be happening to some others as well. Some of the other issues I’ve encountered include:

  • the “false screens” that greet you when you launch an app. I’m sure someone at Apple thought this would be a good idea: let’s show the user the last screen they were looking at when the app is initializing. Except it’s not a good idea. It’s a terrible idea. Because that screen is invariably not the screen that will present itself when the app finally does initialize. This is especially frustrating when the “false” screen is the one you want (e.g. the album you want to listen to in the Music app) but once the app finally starts you are presented with some other screen. And on top of all that, the false screen many times is not what you were previously looking at, but some other random screen from the app, causing more confusion (and potentially leading to privacy issues). Disturbingly this approach seems to be migrating to OS X Mavericks as well;

  • magical gestures that “you just need to know” (e.g. swipe left) in order to accomplish anything (like file a message away). These existed on IOS6 but they’ve gotten worse on IOS7 because it’s much easier to trigger some behavior accidentally (e.g. going back a page in the browser);

  • in the Mail app, you can no longer search by sender or subject (I guess I was the only one using this? You could argue this is a power user function but honestly I think most email users probably find themselves occasionally needing to search by sender – and these can be very important time-critical issues like “what is my record locator code for the flight I am trying to check in to, with a line of people behind me?”);

  • the “now playing” icon in the music player is a cute little “eq” animation – cute except that 1. it doesn’t match the music and 2. that is not a universally understood indicator of “now playing” in the same way that an arrow is 3. it’s a return to skeuomorphism which I thought we were trying to get away from?

  • the wifi connection manager has become borderline unusable – it seems not to attempt to connect unless you are using the browser (connected apps don’t trigger it?), provides no visual indication of connection, etc.. These issues are especially crippling when traveling on London’s Tube, when you are able to connect in stations but not between them (and you have no cellular signal);

  • when you are off-line, you still get multiple modal dialog boxes in the Mail app informing you of this (especially if you have multiple email accounts, where it seems determined to inform you separately for each account instead of simply saying “hey – you’re off-line” – or what about using a non-modal indication of some kind since these dialog boxes actually serve zero purpose;

  • Another browser UI issue: on iPad, Safari can’t go full screen and never gets rid of its tab bar even when there is only one tab open, so you are wasting a ton of (precious) screen real-estate on browser chrome. (Also pushing me to use Chrome (capital-C) more and more.)

  • AirPrint has stopped working without explanation – it worked fine with my HP printer pre-IOS7 but now no-go.

Apple’s differentiator is intuitive UI so this trend is especially disturbing for Apple stockholders such as myself. Is it possible that Steve Jobs was solely holding back this tidal wave of bad user interface design?

What about the Web? Popular Web sites and applications have not been immune from the move away from intuitive UI in the name of ecosystem lock-in. Examples include YouTube’s replacement of its comment system with Google+ (part of Google’s general move towards making everything revolve around Google+). More generally, the Web has had a big issue with off-line use that has come into sharp focus in 2013 as more and more Web usage is happening from mobile devices. This has led to very poor user experience for Web sites and applications on mobile – with some notable exceptions such as the Financial Times. This is not an apps. vs web post but the Web needs better underlying plumbing for off-line use in order to fix these issues and enable good mobile web experience. Efforts such as “service worker” are showing a possible way forward – hopefully we’ll see this migrate into mainstream browsers and then into high-use Web applications soon. Performance and access to device capabilities (APIs) are two other areas where the Web has come up short this year. While these are not things that have “gotten worse” in 2013, the rise in the use of the Web from mobile devices by mainstream users has underscored these issues. The other disturbing trend I see on the Web is technologies and “standards” being unevenly supported across browsers and platforms – fragmentation – and the tendency for browser makers to tout new or experimental features to developers even when these features are not available on other browsers. Examples include WebRTC (on Chrome and Firefox but not on Safari or IE) and Apple’s push API (only on Safari on OSX Mavericks but presumably rolling out to IOS Safari soon). This leads to bad user experience of the form of “best viewed in XYZ browser” which harkens back (not in a good way) to to the early days of the Web. Of course, experimentation on new features and technology is how the Web moves forward, but I’m hoping to see a reverse of this trend in 2014 and a return to the promise that the Web  should work across platforms and across browsers.

I am not a UX professional and I don’t pretend to be one. But, much like pornography, I know bad UI when I see it. And I hope I see less of it in 2014. Thanks to my good friend Scott Hughes for his helpful advice on this post.

Tagged with:

Facebook’s Price Hike (and How to Opt Out)

Facebook LogoThis was originally posted to Facebook – now I am posting a summary post here, as it relates to a previous post I’ve made on this same issue on the G+ service (“Shared Endoresements”):

As reported in the NYT over the weekend, it seems like Facebook is about to expand the use of personal “likes” and endorsements on ads it shows to other users. If you “like” something, your image could appear next to an advertiser’s message if one of your friends sees that ad – and now they are planning to extend this practice to ads placed on sites outside of the Facebook site itself. As far as I can tell, you can opt out of this by visiting your Facebook settings, clicking on “Ads” on the left-hand navigation bar and clicking “Edit” to set the setting to “no-one” for both “Third Party Sites” and “Ads and Friends.” Personally I have chosen to opt out as I am not comfortable with my image being displayed along side of an advertiser’s message just because I happen to have “liked” a company or product in the past. I’m also not happy with the lack of communication about this new service from Facebook to its users. Google have rolled this out as well on Google+ as “Shared Endorsements” and I’ve also opted out of that – but at least they offered some clear instructions on how to opt out. For this, I’ve got to read about it in The New York Times? (

The subtext here about teens being more susceptible to social ads is a bit disturbing. What Google and Facebook are doing is taking control of how your image (your face) is used by them online, starting with kids because their personal privacy walls are lower. They want the “new normal” to be that your face is used by them to promote advertisers products and services, with no quid pro quo for you other than that you get to continue to use their service. As I wrote about on Google+ (, this is effectively a price hike for users. You give more (of your data and your rights to how your own image is used) and you get the same service in return. Thanks but no thanks.

My original post on Facebook is here:

Tagged with: ,