Things I learned from working a primary election

After more than 15 years of writing about voting-machine security, I finally got some hands-on experience in the field–by waking up at 4 a.m. and working a 16-hour day.

I’d had the idea in my head for a while, thanks to frequent reminders from such election-security experts as Georgetown Law’s Matt Blaze that the best way to learn how elections work is to work one yourself. And I finally realized in January that I’d be in town for the March 3 Democratic primary and, as a self-employed type, could take the whole day off.

I applied at Arlington’s site by filling out a short form, and about two hours later got a confirmation of my appointment as an election officer. (My wife works for Arlington’s Department of Technology Services but has no role in election administration.) A training class Feb. 11 outlined the basics of the work and sent me home with a thick binder of documentation–yes, I actually read it–and on March 3, I woke up two minutes before my 4 a.m. alarm.

After packing myself a lunch and snacks, as if I were going to grade school, and powering through some cereal, I arrived at my assigned polling place just before the instructed start time of 5 a.m. I left a little before 9 p.m. Here are the big things I learned over those 16 hours:

  • Yes, having people fill out paper ballots and scan them in works. I saw 500-plus voters do that while I tended the scanner in the morning, and none had the machine reject their ballot. There was confusion over which way to insert that ballot, but the scanner accommodated that by reading them whether they were inserted upside down, right-side up, forwards or backwards. (I wish more machines were that tolerant of human variances in input.) And at the end of the day, we had a box full of ballots that will be kept for a year.
  • The technology overall appeared to be of higher quality than the grotesquely insecure, Windows-based Winvote touchscreen machines on which I voted for too many years. This scanner was an offline model running a build of Linux, while the poll-book apps ran on a set of iPads.
  • The “vote fraud” rationale for imposing photo ID requirements is not only fraudulent, but photo IDs themselves are overrated. The state allows a really broad selection of public- and private-sector IDs—unavoidable unless you want to make it obvious that you’re restricting the franchise to older and wealthier voters—and our instructions required us to be liberal in accepting those. I didn’t see or hear of anybody getting rejected for an ID mismatch. (The one surprise was how many people showed up with passports; I quickly grew to appreciate their larger color photos over the tiny black-and-white thumbnails on drivers’ licenses.)
  • Asking people to state their name and address, then matching that against voter-registration records, does work. That also happens to be how voter check-in used to work in Virginia before Republicans in the General Assembly shoved through the photo-ID requirement that’s now been reversed by the new Democratic majority in Richmond.
  • You know who really loves high turnout? Election officers who otherwise have some pretty dull hours in mid-morning and then mid-afternoon. At one point, the person in charge of the ballot scanner busied himself by arranging stickers into a bitmapped outline of Virginia, then added a layer of stickers on top of that to represent I-95 and I-66. Fortunately, precinct 44 blew away past primary-turnout records with a total of 1,046 in-person votes.
  • The attention to detail I saw was almost liturgical. Every hour, the precinct chief did a count of voters checked in and votes cast to ensure the numbers matched; every record was done in at least duplicate; every piece of paper was signed by at least two election officers, and the overall SOR (statement of results) bore the signatures of all eight of us. We closed out the night by putting documents and records in specified, numbered envelopes, each locked with a numbered zip-tie lock; each number was recorded on a piece of paper on the outside of each envelope that was itself signed by two election officers.
  • Serving as an election officer isn’t physically demanding work, but it does make for a long day. We did have coffee delivered, but it didn’t arrive until 9 a.m., and nobody had time for dinner during the rush to close out things after the polls closed.
  • It’s also not the most lucrative work ever. My paycheck arrived Friday: $175, amounting to an hourly wage of $10.94. The value of seeing the attention paid to make democracy work and then watching more than a thousand people show up to exercise their rights: priceless.

Updated 3/23/2020 to fix some formatting glitches.

Here’s how much Facebook was tracking me around the rest of the Web

Facebook finally fulfilled one of Mark Zuckerberg’s campaign promises this week–a promise dating back to May of 2018.

That’s when Facebook’s CEO said the company would roll out a “Clear History” feature that would let its users erase Facebook records of their activity at other sites and apps as gathered by the social network’s Like and Share buttons and other plug-ins.

(If it took you a long time to realize the extent of that tracking, I can’t blame you. Instead, I can blame me: The post I did for the Washington Post when my old shop integrated a batch of Facebook components to its site didn’t spell out this risk.)

Twenty months after Zuck’s announcement, this feature, renamed “Off Facebook Activity”, finally arrived for U.S. users on Tuesday. I promptly set aside that day’s tasks to check it out firsthand.

The good news, such as it was: Only 74 apps and sites had been providing Facebook info about my activity there. And most of them (disclosure: including such current and past clients as USA Today, Fast Company, The Points Guy and the Columbia Journalism Review) had only coughed up isolated data points.

The bad news: The Yelp, Eventbrite, AnyDo, and Duolingo apps had all coughed up more than 20 records of my interactions there, as had the sites of Home Depot and Safeway owner Albertson’s.

To judge from the responses I got from readers of my Facebook when I asked them how many sites and apps showed up in their own Off-Facebook Activity listings, I’m practically living a cloistered life. Most comments cited three-digit numbers, two close to four digits: 232, 356, 395, 862, and 974. One thing most of these users seemed to have in common: using Google’s Chrome as a default browser instead of Apple’s Safari or Mozilla Firefox, both of which automatically block tracking by social networks on other pages. The former is the default on my desktop, while the latter has that place on my laptop.

I’ve now cleared my history and turned off future Off-Facebook Activity–at the possible cost of no longer having WordPress.com publish new posts automatically to my Facebook page. I can probably live with that.

Google told me to put this blog on a diet

The screen real estate around these words should look a little neater now–not much thanks to my own editing instincts. Instead, I needed a scolding from Google.

That came from its PageSpeed Insights tool, a page you can use to check the performance of your own site or any other. It’s been around for years, but I didn’t think to use it until after I finally connected this site to Google’s Search Console webmaster tool last May (yes, even though I’ve been blogging here since 2011 and am supposed to be a professional tech journalist) and saw a prompt to try PageSpeed Insights in my results.

The results were not flattering: a mobile performance score of 47 out of 100, with desktop performance better but still subpar at 89. Scrolling down revealed a variety of flaws in this blog, some that I could correct with the limited tools of a free WordPress.com account and some that I could not.

I started with the first obviously fixable thing, image sizes. Google suggested that I convert such frequently-downloaded elements as the background image to “next-gen formats” like WebP or JPEG 2000. But instead of switching to files that Apple’s Safari browser can’t display, I opened the original photo for the background (a view of the Blue Ridge from a bike century ride in 2006) in my Mac’s GraphicConverter app and exported it with a lower image-quality setting that cut its size by a third at no visible cost.

That did not impress PageSpeed–my mobile score actually dropped to 44–so I moved on to the third-party code that Google reported had been getting in the way of my own content. It listed Facebook as a major offender, accounting for 207 milliseconds of delay. Removing the Facebook widget that you formerly saw in the right-hand sidebar boosted my mobile score to 53, with the desktop score essentially unchanged at 87.

(PageSpeed Insights scores fluctuate up and down with each test, so don’t get bent out of shape if yours drops by five for no apparent reason, at least not until you run the test again.)

Then I removed the Facebook and Twitter share buttons and elected to toss all of the share buttons except the tool to e-mail a link to the page. That edged the mobile score up to 58 and pushed the desktop score up to 96.

This pruning got me to look again at all the ads you see around here–and think about how low-rent so many of them are. I turned off the three “additional ad placement” options that had been salting each post with extra banners. That may cut into my ad revenue, but it’s already so thin I’d rather that my professional presence online not look quite so janky.

Having spun myself up fully into Marie Kondo mode, I returned to the sidebar and removed the Twitter widget (PageSpeed Insights had blamed Twitter code for 119 ms of delay) and some non-interactive links that only cluttered that part of the page.

The results of all this effort as calculated by PageSpeed Insights just now: scores of 76 on mobile and 99 on desktop. I hope you notice this blog loading a little quicker–and I trust you appreciate how this exercise has also rid my blog of Facebook’s tracking.

Six updates in, iPadOS still needs work

It hasn’t even been two months since Apple shipped iPadOS, but in that time the tablet offshoot of iOS 13 has seen six maintenance updates–from iPadOS 13.1.1 to 13.2.3.

That plethora of patches has squashed some obvious bugs, like the ones that made Dock shortcuts to recently-opened non-Apple apps inert. They have not, however, cured other trying aspects of iPadOS:

• The new QuickPath gesture-typing option is, for some reason, confined to the floating keyboard you can invoke, not the standard-sized one. Has nobody at Apple tried using Google’s Gboard?

• The new multiple-windows option for an app is buried beneath a long-press of a Dock icon–sufficiently hidden that I did not realize that feature existed until reading Ars Technica’s iPadOS review.

• I appreciate Apple’s attempts to make me aware when apps request my location in the background, but after being nagged 10 times about my choice to let the Dark Sky weather app check my coordinates in the background, I’d appreciate having an option to the effect of “I know what I’m doing and you can stop asking about this.”

• Seeing which apps have updates or have been recently updated takes more steps than in iOS 12–presumably, so that Apple could use that spot at the bottom of the App Store app to promote its Apple Arcade subscription gaming service.

• The process of moving app icons around feels even more maddening than before, especially if I happen to drop an app inside a folder by mistake. Meanwhile, the OS still affords no relief from its inflexible app grid; I can’t leave a row or a column blank as negative space to set off particular icons.

• AirDrop remains as enabling of anonymous harassment as ever.

• I still see display glitches like the charming overlap of portrait and landscape screen modes shown in the screengrab above.

It’s not that I regret installing iPadOS–some of the new features, like the privacy-preserving Sign in with Apple option, are only starting to reveal their promise. Others, such as the Sidecar Mac screen-mirroring option, require newer hardware than the aging iMac on which I’m typing this. But seeing these obscure, illogical or insensitive bits of user experience, I can’t help thinking of all the times I’ve taken a whack at Windows for the same sort of design stumbles.

I’m (still) sorry about the schlock ads here

Yesterday’s announcement of a merger of Taboola and Outbrain–the dreadful duo responsible for those horrible “around the Web” galleries of clickbait ads tarting up many of your favorite news sites–provided yet another reminder of how fundamentally schlocky programmatic ads can get online.

But so did a look at this blog.

When WordPress.com launched WordAds in 2012, the company touted a more tasteful advertising system that bloggers here could be proud of. The reality in the seven years since has been less impressive.

The WordAds program features some respectable, name-brand advertisers like Airbnb and Audible, to name two firms seen here tonight. But it’s also accepted too much tacky crap–including some of the same medically-unsound trash that litters Taboola and Outbrain “chumboxes”–while struggling to block scams like the “forced-redirect” ad in the screenshot at right.

Over the last year, I’ve also been increasingly bothered by the way these ads rely on tracking your activity across the Web. I know that many of you avoid that surveillance by using browsers like Safari or Firefox with tracking-protection features, but I’d just as soon not be part of the privacy problem. Alas, WordPress has yet to offer bloggers the option of running ads that only target context (as in, the posts they accompany), not perceived user behavior as determined by various programmatic systems.

I do make money off these ads, but slowly. Most months, my advertising income here doesn’t exceed $10, and I can’t withdraw any of the proceeds until they exceed $100. I had thought that I’d see one of those paydays last month–but August’s addition to my ad income left me 28 cents shy of that C-note threshold.

So in practice, my major return on WordAds is the opportunity to have my face periodically shoved into the muck of online marketing. That’s worth something, I guess.

Android 10 first impressions: location, location, no you can’t have my location

A dozen days after installing Android 10 on my Pixel 3a, this operating-system update’s major accomplishment has been helping me to chain down a bunch of my apps.

That’s good! The location-privacy improvements in Android 10–starting with the ability to deny an application access to your location when it’s not running in the foreground–more than justify the roughly seven minutes I spent installing this release.

I expected that after seeing Google’s introduction of Android 10, then named Android Q, at Google I/O this May.

But I didn’t know then that Android would actively warn me when individual apps checked my whereabouts when I wasn’t running them, in the form of “[App name] got your location in the background” notifications inviting me to take the background-location keys from that app.

I was already planning on limiting most of the apps on my phone to foreground location access only, but these reminders have sped up that process and helped spotlight the more obvious offenders. (Facebook Messenger, go sit in the corner.) This is an excellent case of Google borrowing from Apple.

There’s much more that’s new in Android 10–if you’re curious and have an hour or so free, Ron Amadeo’s novella-length review at Ars Technica exceeds 2,000 words on the first of nine pages–but its other changes have made less of a difference in my daily use.

• The battery, WiFi and signal-strength icons are now simple outlines, and when swiped down the notifications area shows your remaining battery life in human language instead of a percentage: “1 day, 2 hr.” Less attractive: The text of notifications doesn’t appear in Android’s usual Roboto font, which bugs me to no end.

• The array of icons in the share sheet no longer painstakingly paint their way onto the screen. And the one I employ most often–the copy-to-clipboard icon–always appears first and at the top right of this list.

• The switch to gesture navigation (for instance, swiping up to see all open apps) hasn’t been as confusing as I’d feared… because Android 10 didn’t touch my previous “2-button navigation” system setting, which keeps the back and home buttons one swipe away. I guess I should try the new routine now.

• I still think dark mode is an overrated concept, having had that as my everyday screen environment on too many DOS PCs, but I get that it can be less distracting at night. And on phones with OLED screens, dark modes also extend battery life. So now that dark theme is a supported Android feature–hint, edit your Quick Settings sheet to add a “Dark theme” tile–I would like to see more apps support it. Starting with Google’s own Gmail.

Finally, I have to note that my phone has yet to crash or experience any impaired battery life since updating it to Android 10. I hope I didn’t just jinx this update by writing the preceding sentence.

 

Bookmarks for a Web privacy tune-up

I talked at length about privacy when I spoke this morning at the Washington Apple Pi user group’s general meeting–but I realized halfway through that I was keeping too much documentation to myself. As in, I hadn’t remembered to put together a set of links for the privacy settings I discussed.

That’s where this post comes in.

Ad preferences: If you don’t want giant Web platforms to target you with ads based on your browsing history–or if you want to correct some inaccurate targeting–these settings will let you do that.

  • At Amazon, selecting “Do Not Personalize Ads from Amazon for this Internet Browser” will stop the retailer from retargeting you across the Web with reminders of things you searched for. But you’ll have to remember to adjust this in every browser in which you shop at Amazon.
  • Facebook provides more control, allowing you to set “Ads based on data from partners” and “Ads based on your activity on Facebook Company Products that you see elsewhere” to “Not allowed.” You can also see what interests Facebook thinks you have and check which advertisers and businesses have targeted you on the social network with their own uploaded contact lists.
  • At Google, you can see what interests the Web giant has discerned in you and opt out of its ad personalization; taking that step will reward you with the image of the sleeping robot shown above.

Tracking protection: If you use Apple’s Safari, you’re already protected from ad networks’ attempts to follow you around the Web to build a model of your interests. New installs of Mozilla Firefox include a comparable level of default tracking protection, as I wrote at USA Today two weeks ago, but you may need to change these settings yourself. Select “Content Blocking” from the menu, click “Custom” and set it to block trackers “Only in Private Windows” and block only cookies identified as “Third-party trackers.”

You may also want to install the Facebook Container extension to shut down Facebook’s attempts to track you on other sites, although I’m not totally clear on what this adds over the newest tracking protection.

Limit Google’s memory: While Google’s ability to remind you of where you’ve been can be useful, that doesn’t mean it should have unrestricted access to that information. Fortunately, you can now set Google to automatically erase your Web and app activity after three or 18 months. You can also take advantage of the lesser-known of option of setting a sync passphrase for your copies of Google Chrome that will encrypt your browsing history, leaving Google unable to use that data in building a profile of your interests.