"Strong Passwords Can't Save Us"

Mat Honan, responding to the New York Times:

Yes, you are quite vulnerable to being hacked, and no matter what The New York Times tells you, passwords aren’t the solution; they are the very problem. The idea that you can devise passwords to keep hackers away is quaint and preposterous. It is an outdated, old-fashioned notion akin to protecting a city with a wall.

Following his awful hacking incident several months ago, Mat Honan has become the object of repeated journalistic scare tactics regarding online security. Harking upon tales of his loss of control and the importance of longer passwords, these articles all tend to overlook the contemporary problems facing online security as opposed to antiquated sentiments from the mid-nineties.

In his response, Honan highlights the true facts of online security. That is, there is simply no cure for hacking, aside from relying upon your own self-control to only use the most secure services.

Hacking and identity theft are, indeed, very serious problems. But perpetuating aging stereotypes about password length is going to do little to actually educate the public at large. In reality, the key is to simply be cautious in your usage of the Internet. Just as you wouldn't willfully share your personal information with strangers in an unfamiliar area of town, you mustn't do the same online.

Perhaps that sounds like an ill-fitting solution, but, sadly, until there is a drastic overhaul and rethinking of digital security, it's one of the only solutions we have.

Regarding the Facebook Privacy Notice


Early this week, I noticed an influx of Facebook privacy notices posted by friends on the social network. Sporting some lengthy legal jargon and blatant ignorance unseen since the day of late-nineties email chains, the notice is clearly utterly meaningless. Fortunately, Mat Honan has done everyone a favor and proven such an assumption as fact:

This is the online equivalent of wearing a “no fat chicks” t-shirt, and is just as enforceable. You might as well post a status update that Facebook owes you a gazillion dollars and a bigger penis for all the good it will do.

Your interactions with Facebook are governed by an agreement you previously made, that both parties entered into—even if you didn’t read it. When you signed up with Facebook, you agreed to its terms of service. If you’ve been there for a while, you’ve even agreed to new terms as they’ve been updated over the years. That doesn’t change because Facebook is a public company, and it doesn’t change because you post some dumb crap on your timeline. It changes when Facebook offers new terms, and you accept them either by explicit agreement or your continued presence there.


Path Deletes Uploaded User Data, Takes Accountability For Mistake

Following this morning's call from Mike Arrington for Path to delete its controversially collected user data, Path has just done just that. Maintaining the general theme of accountability, Dave Morin, Path CEO, has written an apologetic post on the social network's official blog. Morin writes:

We made a mistake. Over the last couple of days users brought to light an issue concerning how we handle your personal information on Path, specifically the transmission and storage of your phone contacts.

[...] We believe you should have control when it comes to sharing your personal information. We also believe that actions speak louder than words. So, as a clear signal of our commitment to your privacy, we’ve deleted the entire collection of user uploaded contact information from our servers. Your trust matters to us and we want you to feel completely in control of your information on Path.

Admirable, to say the least.

"Hey Path, Just Nuke All the Data"

Following yesterday's revelation that Path has been storing user address books without express permission, there has been general uproar over the perceived privacy breach.

After a back and forth in the comments on the original article, Dave Morin, Path CEO, announced that a somewhat corrected version of the app is awaiting approval in the iOS App Store and that the latest Android version has opt-in capability for address book uploads. Admirably accepting external input (from the likes of Matt Gemmell), Path has generally taken positive steps toward rectifying the problem. 

Going further, Mike Arrington, an investor in Path, writes:

Path should just state that they’re nuking all collected address book data for all users right now. Remove it from their servers entirely.

It definitely sends the right message to users – you can trust this company with your data. They’ve apologized and they were already in the process of fixing the issue. It seems like the perfect last piece is to remove all that data from their servers. And I doubt it’ll take them all that much time to collect the data all over again, this time with user permission.

Seems like the right thing to do.

As an aside, what's funny to me is the sheer panic that follows the inevitable privacy breaches stemming from social network usage. Considering the fact that users signed up for a service designed for sociability and the sharing of private information, it's fairly amusing to watch as the collective consciousness devolves into rage and sanctimonious derision of social media following a borderline routine privacy intrusion. While I've certainly gone on the record against Google's motives with Search+, I tend to stay purposefully silent when it comes to the latest privacy uproar over Facebook and the like.

Simply put, your private information facilitates the existence of most social networks and, just like you, the creators of said networks are fallible human beings. There are inevitably going to be lapses and flaws and any belief to the contrary is unequivocally misguided. But with Path, Dave Morin has taken steps to address the problem quickly and effectively, and that says a lot. Perhaps, as Arrington suggests, Path could go further to correct the situation but, aside from that, the situation has been handled relatively impressively, in my eyes.

While I'm not an avid user of the service, it's certainly comforting to witness such a level of accountability from the CEO of a rapidly growing social network. The constructive conversation between Morin and Matt Gemmell in the comments characterizes the type of measured composure that should constitute the correction of a flaw. The hyperbole elsewhere is unwelcome.

I certainly don't condone the misleading use of private data but, at the same time, the apparent surprise that a social network took a privacy-related misstep is laughable. If you want to keep your private data private, don't use a social network. The solution is painfully simple.

"Adding a Custom DuckDuckGo Search Bar to Your Site"

Having rebuilt Ben Brooks' search functionality to use DuckDuckGo in favor of Google, Pat Dryburgh has shared his method on his personal blog. The implementation looks relatively straightforward, making it that much easier for people to try out DuckDuckGo.

Following my personal migration away from Google last week, I can report that I'm a largely satisfied convert. The !bang functionality is wonderful, and although search is a little slow, DuckDuckGo's privacy policy is difficult to beat. I'll report back in the coming weeks with some more detailed thoughts.

If you haven't tried DuckDuckGo out yet, like I said last week, give it a week or two. It's a worthwhile cause.