Here’s my Web-services budget

The annual exercise of adding up my business expenses so I can plug those totals into my taxes gave me an excuse to do an extra and overdue round of math: calculating how much I spend a year on various Web services to do my job.

The result turned out to be higher than I thought–even though I left out such non-interactive services as this domain-name registration ($25 for two years) and having it mapped to this blog ($13 a year). But in looking over these costs, I’m also not sure I could do much about them.

Google One

Yes, I pay Google for my e-mail–the work account hosted there overran its 15 gigabytes of free storage a few years ago. I now pay $19.99 a year for 100 GB. That’s a reasonable price, especially compared to the $1.99 monthly rate I was first offered, and that I took too long to drop in favor of the newer, cheaper yearly plan.

Microsoft Office 365

Getting a Windows laptop let me to opting for Microsoft’s cloud-storage service, mainly as a cheap backup and synchronization option. The $69.99 annual cost also lets me put Microsoft Office on one computer, but I’ve been using the free, open-source LibreOffice suite for so long, I have yet to install Office on my HP. Oops.

Evernote Premium

This is my second-longest-running subscription–I’ve been paying for the premium version of my note-taking app since 2015. Over that time, the cost has increased from $45 to $69.99. That’s made me think about dropping this and switching to Microsoft’s OneNote. But even though Microsoft owns LinkedIn, it’s Evernote that not only scans business cards but checks LinkedIn to fill in contact info for each person.

Flickr Pro

I’ve been paying for extra storage at this photo-sharing site since late 2011–back when the free version of Flickr offered a punitively-limited storage quota. This cost, too, has increased from $44.95 for two years to $49.99 a year. But now that Yahoo has sold the site to the photography hub SmugMug, the free tier once again requires serious compromises. And $50 a year doesn’t seem that bad, not when I’m supporting an indie-Web property instead of giving still more time to Facebook or Google.

Private Internet Access

I signed up for this virtual-private-network service two years ago at a discounted rate of $59.95 for two years, courtesy of a deal offered at Techdirt. Absent that discount, I’d pay $69.95, so I will reassess my options when this runs out in a few months. Not paying for a VPN service, however, is not an option; how else am I supposed to keep up on American news when I’m in Europe?

LastPass Premium

I decided to pay for the full-feature version of this password manager last year, and I’m already reconsidering that. Three reasons why: The free version of LastPass remains great, the premium version implements U2F two-step verification in a particularly inflexible way, and the company announced last month that the cost of Premium will increase from $24 a year to $36.

Combined and with multi-year costs annualized, all of these services added up to $258.96 last year. I suspect this total compares favorably to what we spend on news and entertainment subscriptions–but that’s not math I care to do right now.

Advertisements

Weekly output: Data Privacy Day, PBS digital strategy, trust in traditional media, Huawei charges, Trump’s DoJ on Facebook, VPN reality check

This week featured a personal record of sorts: three stories published in a day, each at a different outlet and one at a first-time client.

1/28/2019: Big tech firms still don’t care about your privacy, The Washington Post

I wrote most of this essay about the fauxliday that is “Data Privacy Day” in an hour or two on Friday of the previous week.

1/28/2019: PBS’ most-of-the-above digital-video strategy, FierceVideo

This piece started with my researching streaming-TV options for a relative and discovering that none included the local PBS station. Fortunately, it ended with Boston’s WGBH telling me that it expects to be one or two “over the top” video services by this fall.

1/28/2019: New study finds trust in traditional media (mostly) transcends partisanship, Columbia Journalism Review

This is my first byline at CJR. This publication offering an exceptionally author-friendly contract encourages me to make sure that it’s not the last.

1/29/2019: Huawei allegations, Al Araby

i made a quick appearance on this Qatar-based news channel, overdubbed live into Arabic, to recap two new rounds of federal charges against the Chinese telecom-hardware giant.

2/1/2019: Why Trump’s DOJ doesn’t want to break up Facebook, Yahoo Finance

I wrote up assistant attorney general Makan Delrahim’s talk at the State of the Net conference Tuesday, outlining why he seems uninterested in revisiting the Department of Justice’s approvals for Facebook’s acquisitions of Instagram and WhatsApp.

2/1/2019: Why VPNs won’t always keep you safe online, Yahoo Finance

The immediate motivation for writing this reality-check reassessment of virtual-private-network services came from a comment a reader left on Monday’s Washington Post story, but I’ve had the idea floating around my head for a while.

Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Another part of the world where I need to use a VPN

I spent last week in London with my family–yes, actual vacation-esque time! It was great, except for when I was trying to keep up with news from back home.

My first stay across the Atlantic since the European Union’s General Data Protection Regulation went into force May 25 brought home the unpleasant reality of some U.S. sites’ continued struggles with this privacy law. And instead of experiencing this only briefly in a Virtual Private Network session on my iPad, I got a full-time dose of it.

The biggest problem is sites such as the Chicago Tribune and the Los Angeles Times that have blocked all European access instead of providing the privacy controls required by the GDPR.

That’s not the fault of the GDPR–its provisions were set two years ago–but is the fault of Tronc, the long-mismanaged news firm formerly known as Tribune Publishing. Tronc could afford to pay $15 million to former chairman Michael Ferro after he quit facing charges of sexual abuse but apparently couldn’t afford to hire any GDPR-qualified developers. I hope the LAT can fix that now that Tronc has sold the paper, but it may be a while before I can link to any Tribune stories without annoying European readers.

With my client USA Today, the issue isn’t as bad: It provides EU readers with a stripped-down, ad- and tracking-free version of the site, which you can see at right in the screenshot above. What’s not to like about such a fast, simple version? Well, I can’t see comments on my own columns, and simply searching for stories requires switching to Google… by which I mean, Bing, since right-clicking a Google search result doesn’t let you copy the target address, and clicking through to a Google result will yield an EU-specific USAT address.

The simplest fix for these and other GDPR-compliance glitches was to fire up Private Internet Access on my laptop and connect to one of that VPN service’s U.S. locations–yes, as if I were in China. It seems a violation of the Web’s founding principles to have to teleport my browser to another continent for a task as simple as reading the news, but here we are.

Bandwidth battles in China

SHANGHAI–Crowded gadget trade shows like CES and Mobile World Congress usually entail connectivity complaints. But when you put the gadget show in China, you level up the complexity, thanks to the need to run a Virtual Private Network app to preserve access to U.S. sites blocked by China’s Internet filters.

In theory–and in every PR pitch from a VPN service advertising itself as the surefire way to stop your ISP from tracking your online activity–that should add no difficulty to getting online. You connect, the VPN app automatically sets up an encrypted link to the VPN firm’s servers, and then you browse as usual.

PIA VPN exit-server menu

The reality that I’ve seen at CES Asia this week while using the Private Internet Access Windows and Android apps has been a good deal less elegant.

  • Often, the PIA app will connect automatically to the best available server (don’t be like me by wasting selecting a particular U.S. server when the app usually gets this right) to provide a usable link to the outside world. But it’s never clear how long that link will stay up; you don’t want to start a long VoIP call or Skype conference in this situation.
  • On other occasions, the app has gotten stuck negotiating the VPN connection–and occasionally then falls into a loop in which it waits increasingly longer to retry the setup. Telling it to restart that process works sometimes; in others, I’ve had to quit the app. For whatever reason, this has been more of a problem on my laptop than on my phone.
  • The WiFi itself has been exceedingly spotty whether I’ve used my hotel WiFi, the Skyroam Solis international-roaming hotspot I took (a review loaner that I really, really need to send back), the press-room WiFi or, worst of all, the show-floor WiFi. Each time one of those connections drop, the VPN app has to negotiate a new connection.

If you were going to say “you’re using the wrong VPN app”: Maybe I am! I signed up for PIA last year when the excellent digital-policy-news site Techdirt offered a discounted two-year subscription; since then, my client Wirecutter has endorsed a competing service, IVPN (although I can’t reach that site at the moment). Since I don’t have any other trips to China coming up, I will wait to reassess things when my current subscription runs out next April.

Also, it’s not just me; my friend and former Yahoo Tech colleague Dan Tynan has been running into the same wonkiness.

To compound the weirdness, I’ve also found that some connectivity here seems to route around the Great Firewall without VPN help. That was true of the press-room WiFi Thursday, for instance, and I’ve also had other journalists attending CES Asia report that having a U.S. phone roam here–free on Sprint and T-Mobile, a surcharge on AT&T or Verizon–yielded an unfettered connection.

At the same time, using a VPN connection occasionally left the CES Asia site unreachable. I have no idea why that is so.

What I do know is that I’ll very much appreciate being able to break out my laptop somewhere over the Pacific in a few hours and pay for an unblocked connection–then land in a country where that’s the default condition.

Weekly output: Internet-provider privacy (x2), net neutrality, online privacy advice

I spent the first two days of the week commuting to Reston (by Metro and then Bikeshare) for a fascinating conference on drone policy issues. That hasn’t yielded a story yet, but it should soon.

3/28/2017: Congress votes to roll back internet privacy protection, Yahoo Finance

The speed with which Congress moved to dispatch pending FCC regulations that would have stopped Internet providers from selling your browsing history to advertisers without your upfront permission is remarkable, considering how our legislators can’t be bothered to fix actual tech-policy problems that have persisted for decades. It’s also remarkable how blind many people in Washington are to the immense unpopularity of this move.

I’m told this post got a spot on the Yahoo home page, which may explain the 2,796 comments it’s drawn. Would anybody like to summarize them for me?

3/29/2017: Internet providers and privacy, WTOP

The news station interviewed me about this issue. I was supposed to do the interview live, but after I got bumped for breaking news, they recorded me for later airing. How did I sound?

3/31/2017: Trump is going after the open internet next, Yahoo Finance

I have to admit that I missed White House press secretary Sean Spicer using part of his Thursday briefing to denounce the idea of the FCC classifying Internet providers as “common carriers,” which he compared to them being treated “much like a hotel.” That would be because I’ve never made a habit of watching White House press briefings live; it’s a little concerning to see alerts about them splashed atop the Post’s home page.

4/2/2017: Take these 5 steps to help protect your privacy online, USA Today

This story benefited from some fortuitous timing. When I wrote it, USAT’s site had not yet switched on encryption, and so the copy I filed had to note its absence. I asked my editor if she’d heard anything about a move to secure the connection between the site and a reader’s browser. She made some inquiries and learned that this upgrade would go into effect Sunday, my column’s usual publication day.

Weekly output: MLB regional blackouts, Sprint and T-Mobile “unlimited” plans (x2), Tech Night Owl

This week brought the unusual experience of a story getting taken down a few hours after its appearance. The post in question covered the regional blackouts that prevent MLB.tv subscribers from watching their home team online and my use of an alternative domain-name service called Unlocator.com to work around them. I’ve expressed my annoyance at the fan-hostile nature of regional blackouts before, but this story was my first to document how to defeat them… and Yahoo Finance’s editor-in-chief thought it went too far in telling people just how to break the rules, so he decided to take it down.

Facebook share of Yahoo Finance postBefore you ask, I don’t know what Major League Baseball thinks of the story, as I haven’t heard anything from anybody there since the background conversation I had with a publicist Monday afternoon in which I recounted my Unlocator use. I do know that I’m nowhere near the first person to write a how-to about beating blackouts–see, for example, this April piece from the Los Angeles Times’ Chris Erskine. I’m going to chalk this up to my not reading my client correctly.

8/19/2016: T-Mobile and Sprint’s new unlimited plans aren’t exactly unlimited, Yahoo Finance

As part of August’s stubborn refusal to act like the slow news month it’s supposed to be, Sprint and T-Mobile each introduced new, cheaper “unlimited” data plans that each contain significant limits (like an absence of usable tethering at T-Mo). Most subscribers should avoid these offers, but many may find them tempting because their own phones make it difficult to track how much data they use.

8/20/2016: August 20, 2016 — Rob Pegoraro and Jeff Gamet, Tech Night Owl

I talked with host Gene Steinberg about those new price plans, the state of municipal broadband, and Windows 10’s first anniversary. I would have sounded less positive about Win 10 had I known before the recording of this podcast that the Windows 10 Anniversary Update broke many third-party webcams.

8/21/2016: Unlimited plans at Sprint, T-Mobile have limited appeal, USA Today

My editors at USAT wanted me to compare these two new offerings to the unlimited-data deals they replaced and to the other plans available at each carrier. Sprint’s all-you-can-browse deal came out of this exercise looking a good deal better than T-Mobile’s.