Why I don’t and (probably) won’t use an ad blocker

It will cost me a few hundred dollars to try iOS 9’s new support for ad-blocking tools, courtesy of that feature not working on my vintage iPad mini. (Thanks for not documenting that and other incompatibilities, Apple.) But even after I upgrade to an iPad mini 4, I probably still won’t treat myself to an ad-reduced mobile Web by paying for such popular content blockers as Crystal or Purify.

IiOS 9 ad blockers mentioned the reasons why in a comment on my Yahoo Tech post Tuesday, but the answer deserves a little more space.

It’s not about a sense of professional loyalty, although I would feel more than a little dirty undercutting the advertising revenue that helps news sites pay me and my friends in the business.

(Ars Technica founder Ken Fisher made that argument well in this March 2010 post.)

This is more a case of me trying to keep a little of the common touch online. In general, I stick with default settings so I will experience the same issues as the average Web user (also, I’m lazy). I will depart from defaults to keep my devices secure–that’s why Flash isn’t on this laptop–but installing extra apps to get a cleaner Web experience gets me too far from that ideal.

In particular, relying on ad blocking invites me to recommend sites without realizing their annoyance factor. If a site’s going to throw a sign-up-for-our-newsletter dialog before you can read every story, I don’t want to learn about that behavior afterwards from grumpy readers.

(My occasional client PCMag.com often presents that kind of newsletter dialog. And yet I gladly refer people there, because their journalists do good work. See, it’s complicated!)

I also need to know if my regular clients are getting obnoxious with the ads–remember, I was at the Post when an overload of ads and social-media widgets began to bog down everybody’s reading–on the chance that my complaint to management improves matters. You’ll tell me about that kind of problem, right?

What posting a Facebook Offer taught me about Facebook’s privacy rules

Some months ago, a PR person for Gogo handed me a few freebies I probably couldn’t use: three free passes for that company’s inflight WiFi service. (Ethics aside, almost all of my transcon flights are on planes that don’t employ its connectivity, while on shorter flights Gogo’s unintentional free access to Google apps suffices.) Many weeks later, I finally remembered that I could try giving the passes to readers with the Offers function on my Facebook page.

Gogo WiFi passesIt seemed simple enough: You create a special post on your page with the image and brief description of your choice, you set an expiration date and limit how many people can claim the deal, and you watch the audience love roll in.

But I didn’t realize, by virtue of not reading the documentation before, that readers would have to take an extra step to collect this freebie. The lucky winners got an e-mail with this instruction: “To use the offer, visit Rob Pegoraro and show this email.”

As the page owner, meanwhile, I only got a notification that the offer had been claimed–without a hint of who had won it. As Facebook’s help explains: “To protect the privacy of the individuals who claimed your offer, you will not be able to see any of their personal information.” They’d have to get back to me somehow.

I wasn’t planning on any face-to-face interaction, but I didn’t get much of the digital sort either. One longtime reader left a comment saying he’d redeemed the offer–I took him at his word and e-mailed one of the three Gogo alphanumeric codes–and nobody else responded, even after I posted comments imploring them to e-mail me.

That’s bad in the sense that I have some readers wondering why they never received the free inflight WiFi they sought. But it’s good in the sense that Facebook seems to have defaulted to privacy at the expense of marketing convenience.

That, in turn, matches up with such Page limits as my not being able to send messages to fans unless they’ve sent me one first. So if you were holding off on Liking my page because you didn’t want your name in lights–go ahead, since even I probably won’t know unless I spend a lot of time scrolling through Graph Search results for “people who like Rob Pegoraro.”

(Whoever can see your profile will, however, see your new Like. If they already mock you for your taste in tech news, you might want to hold off on the appreciation.)

In the meantime, I have two Gogo passes left. Let’s do this instead: E-mail me about how you’ll make great use of them, and the first two people to send a persuasive story will have the codes in their inboxes soon after.

It’s 2015, and I still use RSS (and sometimes even bookmarks)

A couple of weeks ago, I belatedly decided that it was time to catch up on my RSS reading–and try to stay caught up on my Web feeds instead of once again letting the unread-articles count ascend to four-digit altitudes.

RSS Twitter Google Now iconsAfter a couple of days of reacquainting myself with using various RSS apps to read the latest posts at my designated favorite sites, I had another overdue realization: Much as Winston Churchill said of democracy, RSS remains the worst way to keep up with what’s new on the Web, except for all the others.

“Really Simple Syndication,” a standard through which sites can automatically notify an RSS client about each new post, is old-in-Web-years and unfashionable. But it retains a few core advantages over its alleged replacements. One is control: my RSS feed only shows the sites I’ve added, not somebody else’s idea of what I should know. Another is what I’ll call a tolerance of time: A site that only posts an update a week is less likely to get lost when it occupies its own folder in the defined space of my RSS feed.

The third, maybe most important feature: Nobody owns RSS. When Google shut down Google Reader, I could export my subscriptions and move them to any other RSS host. I went with Feedly and have since been contentedly using that site’s free iOS and Android apps and the third-party Mac program ReadKit ($6.99 then, now $9.99).

I know many people now employ Twitter as their news feed, but I can’t make that work. I love Twitter as a social space, but in practice it’s been a miserable way to get the news. That’s not the fault of the service or its interface, but because it’s full of humans who often get excited about the same things that are really important to them in particular. The result: constant outbreaks of banter about inconsequential-to-normal-people developments like the addition of custom emoji to a chat-room app.

Twitter does help me learn about things happening outside of my usual reading habits, alerts me to breaking news hours faster than RSS and provides an incredibly useful way to talk to readers and hear from them. And yet the more I lean on Twitter as a communications channel, the worse it functions as a news mechanism.

(Facebook… oh, God, no. The News Feed filter I need there most would screen out all updates sharing outside content, so I’d only see things written, photographed or recorded by friends instead of an endless stream of links to content posted in the hope that it will go viral.)

Google Now’s cards for “Research topics,” “Stories to read,” and “New content available” can serve as an RSS substitute in some contexts. Unlike RSS, they’re not stuck with your last settings change and instead adjust to reflect where Google sees your attention wandering and where readers have clicked at the sites you visit. And unlike Twitter, these cards don’t get overrun with me-too content.

But relying on Google Now puts me further in Google’s embraces, and I think I give that company enough business already. (I’m quasi-dreading seeing cards about “RSS” and “Google Now” showing up in Google Now, based on my searches for this post.) It’s also a proprietary and closed system, unlike RSS.

I do appreciate Now as a tool to help me decide what sites deserve a spot in my RSS feed–and, by virtue of Feedly’s recent integration with Google Now, as a way to spotlight popular topics in my RSS that merit reading before others.

Safari favorites headingAs I was going over this reevaluation of my info-grazing habits, I realized that I haven’t even gotten out of the habit of using bookmarks in my browsers. Yes, bookmarks! They remain a major part of my experience of Safari and the mobile version of Chrome–thought not, for whatever reason, the desktop edition.

Mine are embarrassingly untended, littered with lapsed memberships and defunct sites. But they also let me get to favorite sites by muscle memory and without excessive reliance on auto-complete (less helpful for going straight to a particular page on a site) and search (like I said, Google gets enough of my time already).

And my bookmarks would work better if there weren’t so many of them. I really should edit them today… right after I see if my signature file needs new ASCII art.

Cert-ifiable: How my Mac didn’t trust a new secure site from the Feds

For about three minutes on Monday, I thought I’d uncovered a gigantic security flaw in a new government site set up to push other .gov sites towards secure browsing: When I tried visiting The HTTPS-Only Standard, my iMac’s copy of Safari reported that it couldn’t verify that site’s identity and its copy of Chrome said my connection wasn’t private.

https.cio.gov cert errorBut when you think you’ve uncovered an obvious error in a site that’s been out for over a week, it’s usually your own setup at fault. And within minutes of my tweeting about those warnings, I got a reply from the guy who configured the site saying he couldn’t reproduce the problem.

After some quick testing on this computer, my MacBook Air, my iPad and my phone (during which I silently congratulated myself for editing some accusatory sarcasm out of that tweet before posting it), I realized this fault was confined to Safari and Chrome on my two Macs. Every other browser, including Firefox on my iMac, got through to that HTTPS-Only site normally.

Further Twitter conversations pointed me to each Mac’s store of saved site certificates, accessible in the Keychain Access app. For Safari and Chrome to encrypt a connection to that government site, OS X needed to match its digital certificate against a sort of master key, a “root certificate” stored in the system.

old Comodo certificate(For a better description of how the mathematical magic of encrypted browsing happens, consult my friend Glenn Fleishman’s 2011 explainer for the Economist.)

Both Macs had an old copy of Comodo Group’s root certificate, one not listed on Apple’s inventory of trusted root certs. I tried deleting that certificate, figuring it probably wouldn’t make things worse–and that was all it took for the HTTPS-Only site to work as advertised and for one or two other sites to stop coughing up security warnings.

With my encrypted browsing back to normal, I’m left to wonder how my system keychains got tangled up like that. Any theories? Before you ask: Yes, I’ve done a full scan with the ClamXav malware scanner and haven’t found any issues.

A grab-bag of #GamerGate responses

Tuesday was a busier day than usual for me on Twitter. Yahoo Tech ran my column decrying the vicious and creepy harassment of a few women in or connected to the gaming industry by what I called a “nutcase fringe” of “GamerGate”–and, more important, Twitter’s failure to take some basic steps to make itself less harassment-friendly–and my Twitter notifications promptly blew up.

Twitter analytics for GamerGate weekThe GamerGaters who showed up there–and in the post’s comments thread and on my Facebook page–were not amused. I spent most of the morning replying to those tweets but then had to turn my attention back to work. So for anybody who’s been waiting for a reply–or would like one exceeding 140 characters–here are my responses to the most common comments on my column.

Why didn’t you write about the doxxing and harassment of GamerGate supporters?

That’s the fairest point I’ve seen made. But this was a column about the history of harassment on Twitter–which has seen women take by far the worst abuse, as I noted in my mentions of Kathy Sierra and Adria Richards’ ordeals–and the service’s ineffectual response to it. I could have and should have written it months ago; the attacks on GamerGate opponents represent just another chapter in the story of a part of online culture that needs to die.

Plus, I have seen no credible evidence that harassment of GamerGate supporters has been as prolonged and vicious as that of Zoe Quinn, Brianna Wu, Anita Sarkeesian and other female critics of GamerGate.

(To anybody who’s been hit with death threats on Twitter, I’m sorry. Nobody should be subjected to that crap for speaking their mind. To those sending those threats: What the hell is wrong with you?)

This is about journalism ethics.

Those of you saying this, I believe you. But I also don’t get where you’re coming from. The massive influence AAA game publishers have over the gaming media and the willingness of some writers to suck up to them have been a glaring issue since the 1990s–back when I was writing and editing game reviews at the Post myself–and now you’re up in arms over a game nobody had heard of, Quinn’s Depression Quest, getting a little publicity? You’re saying the real sickness in gaming media, the reason to grab the pitchforks and torches, is the relationships some indie developers have with individual writers?

Oh, and the chat logs showing this meme was cooked up by a bunch of 4chan trolls using sockpuppet Twitter accounts display little concern about journalism ethics.

(Note also that the GamerGate outcry over the phony allegation that sleeping with a game writer got Quinn a favorable review of Depression Quest has led to the game getting about a billion times more mentions than it would have received otherwise.)

Twitter notifications on watchWe just want the politics taken out of game journalism.

Not everything has to be political. But if you take gaming seriously as a creative endeavor–a goal I remember most game-industry types supporting back in the ’90s–it’s delusional and incoherent to declare it exempt from any political scrutiny.

If you don’t appreciate Sarkeesian’s feminist critique of games, you can read somebody else’s–most reviews don’t put games in any social or political context, same as many write-ups of music, movies and books. Or write your own.

We’re tired of SJWs imposing their agenda on the gaming industry.

That’s “SJW,” as in “Social Justice Warrior.” Beyond the silliness of that supposed insult (me, I think it’s good to care whether an industry marginalizes people who could make it better), the idea that feminists are in a position to order around the game industry or any other segment of the technology sector is laughable.

The subtext of some of these objections, that the gaming industry does not need to change, troubles me much more. Historically, the majority culture in America telling a minority culture “can’t you just pipe down and let us keep things the way they are?” has led to some darker chapters in our country’s history.

There is a history of unjustly blaming video games for real-world violence, but that complaint hasn’t been brought up much by GamerGaters. And now that a threat of a school shooting led Sarkeesian to cancel a planned appearance at Utah State University–campus police told her they couldn’t check attendees for weapons under the state’s open concealed-carry laws–it would be awkward to bring up that.

(The game industry hasn’t done itself a favor by shying away from that argument, as game designer Daniel Greenberg—a friend and, years ago, one of my better freelance contributors—argues in this post at The Atlantic.)

The publicity over these attacks is unwarranted; those women should have just ignored the trolls.

The accounts of people who have been hit with repeated, graphic threats of rape and death indicate no such thing is possible. Not having had to endure such a thing, I’m inclined to believe those who have.

Another thought: It would have been an interesting experiment to publish my column under a female byline and a woman’s photo.

You’re advocating for censorship.

If you can’t tell the difference between governments arresting people for their speech and a corporation deciding on the rules of its own social network, you’re an idiot.

We’re not misogynists. We value diversity and welcome women, and there’s no evidence GamerGate is behind any of the attacks.

I believe you when you say that. But a non-trivial proportion of the pro-GamerGate testimony I’ve seen has exhibited sexism of varying levels of toxicity, from saying Quinn reached “the top” (as if she’s now EA) “on her back” to calling complaints about GamerGate “stupid feminist BS.”

And some of the most public supporters of GamerGate are outright cretins, from actor Adam Baldwin (who earlier wondered if President Obama wanted to bring Ebola to America) to writer and professional jerk Milo Yiannopoulos (last year, his mockery of complaints about female underrepresentation at tech conferences ran under the headline “Put a sock in it, you dickless wonders”).

And all the way at the nutcase fringe, you have the creeps on 8chan plotting these attacks. This is the problem with calling a hashtag a movement: How do you kick people out of GamerGate when they say they support it too?

As for people who actually make games, an increasing number of them don’t want anything to do with this mess.

We’re tired of being demeaned and stereotyped in the media.

I get it: You don’t appreciate stories like Leigh Alexander’s “‘Gamers are over” post at Gamasutra questioning whether there is a “gamer” identity and whether it has anything redeeming to offer. But having spent most of the last decade reading about the demise of my own occupation, I have to say: If you want to call yourself an oppressed class, get in line.

Meanwhile, what has GamerGate itself done to the image of gamers? Does the rest of the world think you’re a saner lot with a more secure grasp on reality now? Do they think you’re a more pleasant bunch to hang out with? I will bet that they don’t. And that GamerGate will wind up as one of the most counterproductive attempts at a PR campaign since the Iraqi Information Minister.

A modest proposal: How Google can weigh “right to be forgotten” requests

I took part in a panel discussion of the European Union’s “right to be forgotten” privacy directive earlier today, and it didn’t take long for the conversation to turn to one of the thornier aspects of that rule: How is any one company, even one with the resources of Google, going to adjudicate all of those requests?

Google RtbF searchThat’s turned out to be a much bigger problem than I’d feared when I covered this issue in a Yahoo Tech column in May. At the end of July, Google reported that it had received more than 91,000 requests from EU citizens asking to have particular links not shown in response to searches for their names. And many were sketchy in a way that wasn’t immediately obvious:

… we may not become aware of relevant context that would speak in favour of preserving the accessibility of a search result. An example would be a request to remove an old article about a person being convicted of a number of crimes in their teenage years, which omits that the old article has its relevance renewed due to a recent article about that person being convicted for similar crimes as an adult. Or a requester may not disclose a role they play in public life, for which their previous reported activities or political positions are highly relevant.

At the panel, I suggested there was only one fair way to resolve this, and I’ll expand on it here.

It’s clear that Google will have to research each “RtbF” request carefully to see if it falls under the EU’s exceptions for people in public life or whose activities would otherwise involve the public’s right to know. The history of search-engine abuse shows you can’t count on everybody to act ethically about their image online–and when that kind of manipulation goes uncaught by unscrupulous individuals, innocent people suffer.

But that’s not enough. Lest Google inadvertently hide material from somebody about to launch a business or a political campaign, it would be wise to check for evidence of any upcoming ventures into the public sphere by an individual. The history of “RtbF” abuse so far leaves little other choice.

EU citizens, in turn, deserve a timely response to their right-to-be-forgotten queries. The simplest way to do that for a company with Google’s search traffic and computing capabilities would be to do some advance work: It could merge its own records with other sources to determine which EU citizens clearly qualify as being in public life, which ones rank as private citizens and which ones seem likely to cross that threshold either way. To avoid unduly burdening smaller search sites also subject to the “right to be forgotten” directive, Google could allow them access to these records as well.

And so Google would come to protect the privacy of EU citizens by maintaining a massive database about them.

An extreme solution for a problem that can be solved by easier, simpler means in the real world? Yes, that’s my point.

PGP and me

If you’ve received an e-mail from me in the past week or so, you may have noticed something extra in the message’s headers: an indication that it was digitally signed with my Pretty Good Privacy key.

GPGTools iconAs yet, no recipient has asked about that, much less complimented my digital hygiene or sent a reply encrypted with my PGP public key. Which is pretty much what I expected: The last time I had a PGP setup in operation, I had to ask Post readers to send me an encrypted message before I got any.

A few weeks later, my inbox once again featured only un-encrypted e-mail.

Then some fumbled corporate transitions and the switch to OS X left the open-source MacGPG as the most appealing option on my Mac–and a slow and slowing pace of updates left it an increasingly awkward fit. Without ever consciously deciding to give up on e-mail encryption, I gave up.

(I should have felt guiltier than I did when I offered a Post colleague a tutorial on crypto that I didn’t bother to operate on my own machine. On that note, if you have a key for robp@washpost.com or rob@twp.com in your own PGP keychain, please delete it.)

I finally returned to the fold two weeks ago, when I ducked into a “crypto party” tutorial at the Computers, Freedom & Privacy conference. Jon Camfield of Internews explained that things had gotten a lot better and pointed me to a newer, far more elegant open-source implementation called GPGTools. I downloaded it, installed it, and within minutes had a new set of public and private keys plugged into my copy of Mail (no need to copy and paste a message into a separate decryption app as I did in MacGPG), with my public key uploaded to a keyserver for anybody else to use to encrypt mail to me.

My key ID is 03EE085A, my key fingerprint is FD67 6114 46E8 6105 27C3 DD92 673F F960 03EE 085A, and the key itself is after the jump. Do I expect to get a flood of encrypted messages after this post? Not really. But if somebody does want to speak to me with that level of privacy, they now have an option I should have provided all along, and that’s what counts.

Continue reading