Each year, I do a wrap-up of my favorite posts. In the past, I picked the ones that were most popular, based on whatever metrics were available to me. But this year, I decided to ignore analytics, because my Ashley Madison posts and even ones about bad TV shows did better than some of the pieces I thought people should be reading.
And even though I find how-to posts personally informative, I didn’t include the servicey pieces about disabling Flash selectively and selecting stronger passwords and taking steps towards online security and privacy, about teaching your folks how to use 2FA and a Yubikey and getting them on Signal, being a good online citizen in the wake of a tragedy, and even what very bright people would recommend for bridging the gap between UX and security. This year I even wrote and a digital hygiene course for Trollbusters which included a list of people finder and data brokers linked to by Feminist Frequency, and I’ve been writing weekly security news roundup posts for WIRED, some of which have garnered quite a bit of traffic (thanks in part to Reddit). But for the list, I wanted to focus on posts of mine that were either somewhat adversarial or particularly research-intensive, that had some investigative element, or were just too cool not to share.
For ReadWrite, I wrote about Wickr’s feature which lets people share photos on Facebook. I got to dig into the parts of the app’s marketing copy that I found misleading, and was interviewed briefly on This Week In Tech News about the app.
For Slate, I wrote about how disabling Samsung’s creepy smart TV could be a felony under these really awful DMCA laws you may have heard about when the two issues bubbled up in the media around the same time. I spoke with Software Freedom Conservancy president Bradley Kuhn and Electronic Frontier Foundation activist Parker Higgins for the piece, which was rehashed by Washington Times and multiple other websites.
As the Guardian was walking back accurate claims about Whisper–presumably for legal reasons–I spoke with Nate Cardozo, a staff attorney on the Electronic Frontier Foundation’s digital civil liberties team, about how the app collects enough info to pinpoint user locations, though it says it doesn’t use it.
I wrote about this clever asymmetric warfare against the surveillance state. This post received some criticism for making it seem like I didn’t like the concept, which was unintentional—I just am a bit skeptical. Oh, and I got to interview the ACLU’s Christopher Soghoian and Calyx Institute founder Nick Merrill, who was one of the first Americans to legally resist a gag order related to a national security data request. (More on that later.)
I picked this post because it was based on documents I got from the FTC using a Freedom of Information Act request, following a lead from a tweet. It was also killed by two separate publications before Motherboard picked it up. Their legal team wrote the headline, which is “Online Marketing Leads to Inadvertent Revelations.” I’m not sure how well this piece did traffic-wise, but I think it effectively warns law firms against overzealous marketing copy. Sam Glover at the Lawyerist linked to it, too. It’s about ethics in law firms’ online marketing copy.
I spoke with Nathan Freed Wessler, a staff attorney with ACLU’s Speech, Privacy, and Technology Project, about a new ruling which signaled a better direction for search guidelines at the border, at least as far as the 4th Amendment and laptops and mobile devices are concerned. The piece was reprinted in Slate, mentioned on Security Weekly, and Naked Security linked to it as well.
This piece was about the FBI surveillance planes flown over the city of Baltimore in late April and early May in the aftermath of the Baltimore protests in response to the death of Freddie Gray in police custody. A lot more has come to light since then, but I spoke with ACLU staff attorney Nathan Freed Wessler about the issue, as originally reported in the Washington Post.
I wrote about web engineer, public records researcher and policy nerd Tony Webster’s lawsuit against the city of Bloomington after it refused to release a large amount of data–including metadata–in response to his public records request on information related to the Black Lives Matter protest in the Mall of America. This post was reprinted in TECHdotMN, quoted in the Democrat and Chronicle, and linked to by the Bill of Rights Defense Committee and in CJ Ciaramella’s weekly FOIA Rundown newsletter.
I spoke with privacy and security researcher Runa Sandvik and security adviser Per Thorsheim about Facebook’s embracing of PGP.
I wrote about iCANN’s proposal to eliminate anonymity for commercial website owners. Thankfully, the idea of prohibiting businesses from shielding information such as addresses from public view was ultimately scrapped.
This piece for Wired, in which I looked at the tech tools used on the best hacking show on the planet, was probably my favorite of the year. Interviewing show creator Sam Esmail and technical adviser Michael Bazzell was a real treat. The post made TechMeme, and earned a backlink from a post on The Atlantic, which was syndicated on Yahoo! Tech.
I like this piece because I had to go to the library and inspect microfiche for it, and because I got to interview network security researcher Ethan Heilman, but I got the idea from a software engineer I met at DEF CON.
Could swiping left get you fired? I interviewed a woman who found all sorts of information about her Tinder contacts, who had used pseudonyms, when she received “People You May Know” suggestions from LinkedIn—you know, since LinkedIn solicits phone numbers from its users and pulls data from users’ phones. Although media pundits often go after Twitter and Facebook quite aggressively for privacy violations and poor UX, it seems that LinkedIn sometimes gets a pass for bad practices in the media, though it’s hard to tell whether that’s because it gives journalists (myself included) special perks for attending boring media trainings or because of the company’s hair-trigger PR team, but chinks in the armor are showing.
This Forbes post managed to draw attention both to Donald Trump’s deleted tweet and to a service that recorded tweets deleted by politicians en masse. I spoke with two policy analysts at Access Now. Slate and Silicon Beat both linked back to it. In late October, Twitter’s CEO mentioned Politwoops by name and promised to improve relationships with transparency organizations, but as far as I know, Politwoops still does not have access to Twitter’s API.
Just a little bit of piggy-backing on Thomas Fox-Brewster’s reporting and research by security engineer Tavis Ormandy, a member of Google’s Project Zero vulnerability research team.
This piece is a deep dive on ProtonMail’s security and who should be using it. The best part of researching this piece was sending about 575 zillion emails to technologist and all-out rockstar Micah Lee about 575 zillion emails. I also spoke with technologist Joseph Bonneau, lawyers Victor Vital and Alex Abdo, and ProtonMail’s CEO, and did a bit of research on some email applications (namely, Lavabit and Hushmail) since people learned the hard way that they weren’t as pristine as previously believed.
This post was based on a talk by security pro Kevin Tyers at the BSides Las Vegas conference. It discusses the many factors that go into a security clearance decision, based on 15 years worth of adjudication data. I like this piece because it gives a bit of a historical snapshot on industry decisions.
I’m pretty lucky in that I have a lot of people to turn to when I struggle with FOIA records requests. Jason Leopold, Michael Morisy, Dave Maass, and others have assisted me when I’ve had questions. But I tried to lay out all of the basics in one place in this post for the Freelancer, and I hope it’s useful to other reporters.
Not including @Snowden—with him it’s 38.
This is about a National Security Letter accompanied by a gag order served to then-ISP owner Nicholas Merrill, and what information the FBI was actually seeking.
If you just scrolled to the bottom because you aren’t at all interested in online privacy and security, you may want to check out my top 12 off-topic posts for the year.