My Top 20 Posts In 2015

blue_star_backdrop-300x199Each year, I do a wrap-up of my favorite posts. In the past, I picked the ones that were most popular, based on whatever metrics were available to me.  But this year, I decided to ignore analytics, because my Ashley Madison posts and even ones about bad TV shows did better than some of the pieces I thought people should be reading.

And even though I find how-to posts personally informative, I didn’t include the servicey pieces about disabling Flash selectively and selecting stronger passwords and taking steps towards online security and privacy, about teaching your folks how to use 2FA and a Yubikey and getting them on Signal, being a good online citizen in the wake of a tragedy, and even what very bright people would recommend for bridging the gap between UX and security. This year I even wrote and a digital hygiene course for Trollbusters which included a list of people finder and data brokers linked to by Feminist Frequency, and I’ve been writing weekly security news roundup posts for WIRED, some of which have garnered quite a bit of traffic (thanks in part to Reddit). But for the list, I wanted to focus on posts of mine that were either somewhat adversarial or particularly research-intensive, that had some investigative element, or were just too cool not to share.


Wickr’s Time Feed (Not Quite Steganography)

For ReadWrite, I wrote about Wickr’s feature which lets people share photos on Facebook. I got to dig into the parts of the app’s marketing copy that I found misleading, and was interviewed briefly on This Week In Tech News  about the app.


Stopping a Smart TV From Eavesdropping On You Could Be a Felony

For Slate, I wrote about how disabling Samsung’s creepy smart TV could be a felony under these really awful DMCA laws you may have heard about when the two issues bubbled up in the media around the same time. I spoke with Software Freedom Conservancy president Bradley Kuhn and Electronic Frontier Foundation activist Parker Higgins for the piece, which was rehashed by Washington Times and multiple other websites.


Whisper Says It Doesn’t Track Your Exact Location—But It Still Could

As the Guardian was walking back accurate claims about Whisper–presumably for legal reasons–I spoke with Nate Cardozo, a staff attorney on the Electronic Frontier Foundation’s digital civil liberties team, about how the app collects enough info to pinpoint user locations, though it says it doesn’t use it.

Meet Canary Watch, A Way To Disclose Gag Orders Without Disclosing Them

I wrote about this clever asymmetric warfare against the surveillance state. This post received some criticism for making it seem like I didn’t like the concept, which was unintentional—I just am a bit skeptical. Oh, and I got to interview the ACLU’s Christopher Soghoian and Calyx Institute founder Nick Merrill, who was one of the first Americans to legally resist a gag order related to a national security data request. (More on that later.)


Perkins Coie’s Web Copy Reveals Its Client,, Was Under FTC Investigation

I picked this post because it was based on documents I got from the FTC using a Freedom of Information Act request, following a lead from a tweet. It was also killed by two separate publications before Motherboard picked it up. Their legal team wrote the headline, which is “Online Marketing Leads to Inadvertent Revelations.” I’m not sure how well this piece did traffic-wise, but I think it effectively warns law firms against overzealous marketing copy. Sam Glover at the Lawyerist linked to it, too. It’s about ethics in law firms’ online marketing copy.

Ruling May Stop Willy-Nilly Gadget Searches at US Borders

I spoke with Nathan Freed Wessler, a staff attorney with ACLU’s Speech, Privacy, and Technology Project, about a new ruling which signaled a better direction for search guidelines at the border, at least as far as the 4th Amendment and laptops and mobile devices are concerned. The piece was reprinted in Slate, mentioned on Security Weekly, and Naked Security linked to it as well.


Report: Government Surveillance Planes Spotted Over Baltimore Protests

This piece was about the FBI surveillance planes flown over the city of Baltimore in late April and early May in the aftermath of the Baltimore protests in response to the death of Freddie Gray in police custody. A lot more has come to light since then, but I spoke with ACLU staff attorney Nathan Freed Wessler about the issue, as originally reported in the Washington Post.

Metadata Doesn’t Lie: Is That Why Governments Are Withholding It?

I wrote about web engineer, public records researcher and policy nerd Tony Webster’s lawsuit against the city of Bloomington after it refused to release a large amount of data–including metadata–in response to his public records request on information related to the Black Lives Matter protest in the Mall of America. This post was reprinted in TECHdotMN, quoted in the Democrat and Chronicle,  and linked to by the Bill of Rights Defense Committee and in CJ Ciaramella’s weekly FOIA Rundown newsletter.

Facebook Is Now Pushing For Stronger Encryption

I spoke with privacy and security researcher Runa Sandvik and security adviser Per Thorsheim about Facebook’s embracing of PGP.

Website Owners Deserve the Right to Stay Anonymous

I wrote about iCANN’s proposal to eliminate anonymity for commercial website owners. Thankfully, the idea of prohibiting businesses from shielding information such as addresses from public view was ultimately scrapped.


A Peek Inside Mr. Robot’s Toolbox

This piece for Wired, in which I looked at the tech tools used on the best hacking show on the planet, was probably my favorite of the year. Interviewing show creator Sam Esmail and technical adviser Michael Bazzell was a real treat. The post made TechMeme, and earned a backlink from a post on The Atlantic,  which was syndicated on Yahoo! Tech.

When It Comes To Encryption, Our Policy Makers Could Learn A Thing Or Two From Thomas Jefferson

I like this piece because I had to go to the library and inspect microfiche for it, and because I got to interview network security researcher Ethan Heilman, but I got the idea from a software engineer I met at DEF CON.


Awkward! How One Woman’s Tinder Dates Popped Up As Professional Suggestions On LinkedIn

Could swiping left get you fired? I interviewed a woman who found all sorts of information about her Tinder contacts, who had used pseudonyms, when she received “People You May Know” suggestions from LinkedIn—you know, since LinkedIn solicits phone numbers from its users and pulls data from users’ phones. Although media pundits often go after Twitter and Facebook quite aggressively for privacy violations and poor UX, it seems that LinkedIn sometimes gets a pass for bad practices in the media, though it’s hard to tell whether that’s because it gives journalists (myself included) special perks for attending boring media trainings or because of the company’s hair-trigger PR team, but chinks in the armor are showing.

Donald Trump’s Deleted 9/11 Tweet Shows The Need For The Politwoops Service Twitter Killed

This Forbes post managed to draw attention both to Donald Trump’s deleted tweet and to a service that recorded tweets deleted by politicians en masse. I spoke with two policy analysts at Access Now. Slate and Silicon Beat both linked back to it. In late October, Twitter’s CEO mentioned Politwoops by name and promised to improve relationships with transparency organizations, but as far as I know, Politwoops still does not have access to Twitter’s API.

Anti-virus Software Could Make You Less Secure Because Vendors Are Ignoring Security Best Practices

Just a little bit of piggy-backing on Thomas Fox-Brewster’s reporting and research by security engineer Tavis Ormandy, a member of Google’s Project Zero vulnerability research team.


Mr. Robot uses ProtonMail–But It’s Got A Couple of Problems…

This piece is a deep dive on ProtonMail’s security and who should be using it. The best part of researching this piece was sending about 575 zillion emails to technologist and all-out rockstar Micah Lee about 575 zillion emails. I also spoke with technologist Joseph Bonneau, lawyers Victor Vital and Alex Abdo, and ProtonMail’s CEO, and did a bit of research on some email applications (namely, Lavabit and Hushmail) since people learned the hard way that they weren’t as pristine as previously believed.

Why You’re Rejected For Security Clearances

This post was based on a talk by security pro Kevin Tyers at the BSides Las Vegas conference. It discusses the many factors that go into a security clearance decision, based on 15 years worth of adjudication data. I like this piece because it gives a bit of a historical snapshot on industry decisions.

Filing Public Records Requests: A Quick and Dirty Guide

I’m pretty lucky in that I have a lot of people to turn to when I struggle with FOIA records requests. Jason Leopold, Michael Morisy, Dave Maass, and others have assisted me when I’ve had questions. But I tried to lay out all of the basics in one place in this post for the Freelancer, and I hope it’s useful to other reporters.

37 Whistleblowers You Can Follow on Twitter

Not including @Snowden—with him it’s 38.


Court Lifts NSL Gag Order on FBI Warrantless Surveillance 11 Years After It Was Issued

This is about a National Security Letter accompanied by a gag order served to then-ISP owner Nicholas Merrill, and what information the FBI was actually seeking.

If you just scrolled to the bottom because you aren’t at all interested in online privacy and security, you may want to check out my top 12 off-topic posts for the year.

I want to get posts like this delivered to my inbox.

16 Painful Truths About Freelancing

I'll_Cry_If_I_Want_ToToday is my six year freelance anniversary. For the past couple of years, I’ve paused to offer a reflection of sorts. Two years ago, I wrote about 20 things I learned the hard way. Last year I wrote about avoiding the trap of focusing on pay at the risk of quality, integrity, or personal goals.

Although this past year has been incredible in many ways, and I wouldn’t trade my job for the world, I’d be lying if I didn’t say that a lot of things about freelancing that just plain suck.

We all know about the great things: interviewing amazing people, writing posts that expose corruption or highlight the best of human nature, making an impact in the world, having a flexible schedule, and making good money doing work you love. But aside from minor quibbles, there’s a whole underbelly of hard stuff people don’t often talk about.

The only way around is through, but since it’s my party and I’ll cry (and swear) if I want to, I decided not to sugarcoat any of the hard but instead to sing it from the rooftops. So here’s a glimpse of some of the suck that you’ll want to be aware of before diving headfirst into freelancing, or ones you might relate to if you’ve been freelancing for a while.

Being a journalist won’t magically give you access.

For every person who will only talk to you (or a small handful of reporters), there’ll be a few who’ll dodge your calls or pretend they’re out of town or pull a no-show or turn off their porch lights just so you’ll think they are not home.

And then there are the people at conferences who will make a beeline towards you or anyone else with a media badge loudly proclaim that they don’t talk to the media, even if you didn’t try to talk to them at all. (Pro tip: taking cabs from your hotel/crash pad to the conference rather than getting on a shuttle or bus is expensive, but sometimes worth it for sanity’s sake.)

Sadly, the people you really want to talk to may not feel the same way, and the people who really want to talk to you are usually PR people who you don’t want to talk to at all, creating some sort of weird media love triangle. Or something.

Speaking of PR people…

You’ll get so inundated with PR pitches that you’ll want to scream. Screaming won’t help. Neither does responding, because most won’t take no for an answer, so now you have three pitches and six follow-ups to delete instead of just one pitch and six follow-ups. I try to deal with this by using SaneBox and setting up filters and having multiple email addresses and funneling pitches through Muck Rack, but you can still hear muffled screams coming from my general vicinity.

People will be dismissive and distrustful.

Most people (sources, editors, you name it) will ignore your calls and emails.You’ll get a great story but your source will back out at the last second before an interview and give it to another writer instead. You would’ve told it better, but the world will never know… Someone will listen to terrible advice on some podcast and decide to only do interviews over email…which will kill your interview. You’ll build trust but as soon as you can get one source there’ll be one you can’t get who you’ll want even more because human nature. The best solution is to find an editor with great contacts (good luck with that!) or to pick up Buddhism and renounce desire.

People will blame you for things outside of your control.

People will do interviews with you and break their own university’s conflict of interest policy (unbeknownst to you) and blame you when they get in trouble. That guy you know who gives workshops to journalists but seems to despise them probably didn’t find errors in the article you wrote so instead decided he’ll publicly share his opinions of a headline you didn’t write. Editors will introduce errors into your work, leaving you to choose between throwing them under the bus and protecting your professional reputation. More often than not, they’ll completely ignore your urgent emails about adding a correction…

Editors will kill or neuter your best stories.

You’ll have amazing editors that make your work shine, and you’ll fire all the sucky editors, but some of the amazing ones will sometimes do sucky things. You’ll write about NGOs working on human trafficking issues in Thailand and your editor will sit on the story for months and then kill it because she decided the person she asked you to interview, the person who gave up her life and moved across the world, “isn’t compelling enough.” And since you actually cared deeply about the piece, getting paid for unpublished work won’t be any consolation.

When a PR flack complains about an entirely accurate story, that editor who you thought had your back will lose his backboon and capitulate to insane demands quicker than you can say “conflict of interest.” There’ll be very little you can do. Freelancers are expendable, after all.

Editors will even ask you to send questions in advance when interviewing administration officials so that the state, with all of its resources, has all the time in the world to properly spin their answers. Up next: no blog post needed, just an Instagram photo of the government’s talking points… no wonder media folks are worried about robots taking their jobs.

You’ll fuck up.

Your editors will ask you to cover topics you don’t know on tight deadlines. You’ll fact check as much as you can and get things wrong sometimes anyway because you’ve got a blind spot and won’t double-check stuff you think you know. You’ll have to write corrections (or worse, send an editor corrections and be summarily ignored) and it’ll suck. They say fighters are only as good as their last fight. Writers are only as good as their most error-riddled post. I’ve seen entire industries turn on journalists with 15, 20+ years of experience because of a single error they immediately corrected. The sad part about fucking up is that it’s not always easy to learn from your mistake, because you can build resistance to these tactics and find new ways to fuck up that you haven’t accounted for in your new time-consuming strategy.

You’ll waste a lot of time because you’ll think you may have fucked up, when you hadn’t.

You’ll get vague criticism and go down the Google rabbit hole and then realize that there is debate within an industry on the way a term is used, but the way you picked is the more accepted one. +1 for wasting time realizing that you were pretty much right all along, I guess. If only you could bill for those hours.

Your worst posts will do the best.

The dumb post you dashed off on no sleep, fueled by sugar and caffeine, will get tons and tons of traffic because of a gimmicky headline and reference to porn or pop culture (that you may not have even written). The smart post about internet kill switches will go almost entirely unread.

You’ll want to blame this on site readers, but even in your own social networks, a cute new profile pic will be far more popular than that column you spent 15 hours on. You know some people are reading because they’re whining about something or other in all caps in the comments, but you’ll pretend they are bots because the possibility that they are representative of your readers is too depressing for words.

Everything will be unfair.

The writer who has no command of spelling or grammar and isn’t great at factual accuracy either will somehow start writing for glossy mags you can’t break into. Writers at the same sites you write for will scoop you (no wonder they wouldn’t share contacts when the editor asked). You’ll turn down countless trips and dinners and events and beers because of a stringent conflict of interest policy, and then your assigning editor will write about that same free trip you declined. Your favorite sources will think you’re batshit insane because you insist on buying your own drink, leading to so many awkward moments that you’ll want to switch to copywriting, where the perks flow freely.

But it’s not just COI that’s at stake. Your colleagues will get basic factual information wrong, casually dox people for page views, or find other creative ways to destroy people’s lives, and nobody will bat an eye. Your heroes will follow them (and not you) on social media and publicize their other work (and not yours).

Of course nobody will know own about all the (similar…not to mention lucrative) stories you turned down for ethical reasons. Nobody gives a shit about your ethics. Nobody will even notice your ethics. Nobody sees the stories you can’t publish because they might be inaccurate or because a source backs out or because publishing would be problematic for various reasons.

Oh yeah, and that person you’re ghostwriting for will get invited to speak about the post you wrote on a radio show with your favorite actor of all time who he’s never even heard of. It’s the freelance version of someone repeating your idea in a meeting, except you agreed to ghost, so you can only blame yourself.

You’ll get opportunities you can’t take.

Because who is going to cover your hotel and airfare to give that unpaid keynote or host that unpaid panel? Per diem? What were you thinking? You’re not even on staff.

Not to mention all the stories you lost because a site said yes and then changed their mind before a contract was signed, but after you could still pitch the time-sensitive idea to the other sites that originally expressed interest.

You will realize that freelancing is incredibly lonely.

I’m a huge extrovert, and though I have no trouble finding events to attend and making friends, there’s something about working with a group of people toward a common goal that I miss. Long gone are the days of work parties or happy hours. As a freelancer, I’m lucky if I can get more than a few sentences in an email from an editor. I have a handful of freelancer friends and we support each other and work through work drama, share leads, and take turns listening to each other vent. I go to cafes and co-working spaces and work parties. Even still, but most of the day is filled with dead silence. Add to that the fact that you typically have to email everyone multiple times to even get a response and even the most stable, well-adjusted freelancer might start to feel radioactive.

You’ll get limited feedback, and the feedback will probably make you feel shitty most of the time.

Since your editors don’t really give you feedback, you’ll instead be rewarded with…reading the comments, peaking at responses on Reddit or social media, and dealing with emails. The nicer feedback won’t tell you how to improve, and the other ones won’t be constructive either. Even if you go above and beyond and spend hours fact-checking the accuracy of claims until you’re proud as hell of a finished product, someone you actually like and respect at your favorite non-profit will tell you she wasn’t a fan because it didn’t include some favorite pet peeves & she didn’t like the order of suggestions given. You won’t make corrections since there’s nothing to correct, but this comment will probably cancel out all of the positive feedback you actually did get. But typically all you can hope for is that sigh of relief when nobody comments at all (or they just argue with each other).

No good deed will go unpunished.

Your future pay will hinge on that post you over-delivered on because you cared about the subject, but your sweat and tears won’t be reflected in the page views. You’ll stick up for other writers an editor is screwing over, and learn months later about how they retaliated—in a way that has negative career repercussions.

Continuing ed is a motherfucker.

As a freelancer, nobody is really invested in your long-term career except for you, so you have to be your own freelance hero. For me that means taking lots and lots of online classes or learning new things. I’ve set out to learn everything from programming languages to visual design to cryptography. Unfortunately, the courses are either easy/boring or pretty frickin’ hard and I don’t have the same level of support that someone working with other people at the same publication would have. (No afterhours study groups for me!) Nor is it obvious what will be useful a month or a year or five years from now. I have never believed in certainty anyway, but the support systems and group learning situations that non-freelance positions can bring have their own benefits.

You won’t even know what metrics editors are judging you by.

Sure, you can check, but you probably won’t have access to page view data or know how your work stacks up. And since nobody talks to you about it, you can’t offer feedback about all the reasons a post may have done well (or not). Because a lot of the time it’s the topic, or the image, or the SEO keywords used, or the headline. But metrics are a whole ‘nother ball game for obsessives, where no number will ever live up to your own expectations.

The good feelings don’t last.

Even if you write a dream post for a dream site, the buzz will only last a few hours to a few days. After the initial thrill, you’ll get depressed about how you’ll never be able to repeat the feat, or find some way to discount the experience. And if your goal is to make an impact on the world, there may not even be a good metric you can use to judge whether you’re doing that.

So what’s the verdict?

I’m not trying to talk people out of freelancing. I’m just pointing out that it’s not a bowl of cherries. Chances are that if you quit your job and start freelancing, you won’t be able to interview everyone you write, even if you work for Bigshot Magazine. That people will often be upset at you for reasons outside of your control. That editors won’t always improve your work and will sometimes destroy it (or worse, capitulate to brands or governments). You won’t always get things right. People maybe think you’re wrong even if you do get things right. The amount of energy you put into a post, or the gravity of the topic, is not what will get you traffic. Hard work won’t always pay off. Having high standards will make things harder for you, not easier. You won’t be getting a lot of feedback or even talking to editors for more than a few minutes. You’ll be lonely. You’ll probably cry a lot. And you won’t appreciate your own success as much as you should.

But this isn’t the end of the story.

I’ve been busy brainstorming ways to move past this, which may start with working fewer hours and coming up with new goals/metrics that are meaningful to me, and balancing heavy-hitting work with stuff that’s less exhausting, including a bit of brand work I’m doing. Here’s hoping next year I’ll have a more positive outlook to share.

I want to get posts like this delivered to my inbox.

Stuff I Wrote: November 2015

Writing Fountain pen

November’s coming to a close, so it’s time for my roundup of posts published this month. As always, I divided them by category and included short summaries so you’ll know if you want to click on the headline to read the full story in each link posted.

If you celebrate, I hope you had a fabulous Thanksgiving, surrounded by family and friends and maybe even got offline for a little bit. I’ll be back early next month to celebrate my freelance-versary, as well as the annual year-in-review posts and a list of the most popular posts of the year. Phoenix freelancers may be interested in Freelance Spark on December 2nd, where we’ll discuss cultivating successful client relationships in person.

For now, here’s a roundup of 13 posts I wrote for November for WIRED, Forbes, Dice, the Performance Menu, and Sherdog.

Privacy and Security

  • Security News This Week: 9 out of 10 Websites Leak Your Data to Third Parties (WIRED) This column also discusses the Pentagon outsourcing coding to Russia, Iran hacking Obama administration officials, data retention proposals (and over a decade of MI5 spying that came to light) in the UK, Mozilla’s new tracking prevention tool, ProtonMail getting hit with DDoS attacks and its ill-fated ransom payment, and ad blocking circumvention tool PageFair’s malware.
  • Security News This Week: Someone’s Cutting Fiber Optic Cables in the Bay Area (WIRED) I also wrote about how Yik Yak isn’t really anonymous and therefore is not a “safe space” for making racist threats, Europe’s coordinated raids against an Iranian cyberspy group called Rocket Kitten, Vizio’s SmartTVs selling viewing data to advertisers, Comcast resetting passwords, the fact that the nation’s biggest wiretap program might be illegal, and how military officials are lagging behind in updating their Android phones.
  • Security News This Week: The Manhattan DA Wants Backdoors for Smartphones (WIRED) This column also includes information on how the NSA found ways to continue email surveillance after “ending” it, Bangladesh blocking messaging services, Anonymous and GhostSec battling ISIS (sort of), the potential of ransomware hitting medical devices, malware found on Starwoods’ payment system, a vuln found pre-loaded on police body cameras, Blackberry being totally cool with government encryption backdoors, and more.

Hacking in Pop Culture

Job Hunting

Health & Wellness


  • Beating the Odds: UFC 193 (Sherdog) I wrote about Holly Holm and Ronda Rousey, and the other upsets that took place on November 15.
I want to get posts like this delivered to my inbox.

Stuff I Wrote: October 2015

oopsHappy November! It’s actually finally nice enough for a bike ride here in Phoenix, and I just had a marvelous Halloween (even though I almost got eaten by a wolf!) This month I have a nice roundup of posts for you as well as a blog I was quoted in. As always, I’ve divided it up by category as best as possible.

But before I get started with that, here’s an event annoucement: Those of you in Phoenix should definitely come out to Freelance Spark this Wednesday, where we will be discussing how to build an inspired business at 6PM at Co+Hoots. Get your free tickets here: We will also be meeting on December 2nd to discuss how to cultivate successful client relationships. Even if you’re not in Phoenix, there may be a Spark in a city near you, so go to for the details.

I have a whopping 22 posts to share this month, and hopefully you’ll find something you like! I’m always open to suggestions and pitches (especially if they’re not from PR folks), so please feel free to get in touch. Details for how to do that are here:

But yeah. Dem posts.

Writing Fountain pen

Online Security

For Freelancers

Weekly Security News Roundups

Each of these has links and short summaries of seven to 10 news stories for each respective week, so read ’em all to keep up-to-date. They’re posted each Saturday.


A Primer On Herbalism Part 2: Herbal Preparations (Performance Menu)  (paywall) This is the second in a three-part series about herbal medicine.

TUF Recap Episode 4 and Episode 5 (The Sports Post) I was writing recaps of the Ultimate Fighter for a little while–here are a couple of them.

I want to get posts like this delivered to my inbox.

Stuff I Wrote: September 2015

Writing Fountain penHappy autumn! Here in Phoenix we are thankful that the temperature is finally dipping down into the double digits, and getting ready for the beautiful fall and winter temperatures (as opposed to the intolerable summer heat). Anyway, I have a huge batch of stories for you to peruse this month. Enjoy!

Online Privacy and Security

Tech News

Security News This Week

This weekly column for WIRED runs down security news each week that WIRED didn’t cover in depth, but deserves your attention nonetheless…

Your Career

Health and Fitness


I want to get posts like this delivered to my inbox.

Stuff I Wrote: August 2015

Writing Fountain penIt’s been a really busy month for posts, so here’s a round-up of all of ’em.

A Peek Inside Mr. Robot’s Toolbox (WIRED) Just in time for the season finale. I spoke with show creator and executive producer Sam Esmail and tech consultant Michael Bazzell and did a heck of a lot of research on ten tech tools used on the show. Faraday cage not included. (P.S. This post hit Techmeme.) (P.P.S. My husband came up with that excellent title.)

When It Comes To Encryption, Our Police Makers Could Learn A Thing Or Two From Thomas Jefferson (Forbes) I actually went to the library and broke out the microfiche while researching this puppy. I also got to quote Ethan Heilman, which was cool.

So You Found Your Name (Or Your Executive’s) In The Ashley Madison Data Dump. Now What Do You Do? (Forbes) I spoke with a crisis management consultant, a security adviser, and even a relationship coach for answers on this hairy topic.

That Fired Facebook Intern Explains The ‘Marauders Map’ Extension That Cost Him His Gig (Forbes) I got both sides of this debacle.

Tell Us Which Companies Crushed It In Response to Security or Privacy Issues This Year (Forbes)

Watch Out For Phishing Scams Like These (Forbes)

Security News

Security News This Week: Oh Good, The Weaponized Police Drones Are Here! (WIRED) I also wrote about GitHub getting DDoS’ed, Oakland cops’ new retention guidelines for license plate data, Baltimore cops tracking cellphones, AT&T injecting ads on HTTP traffic through airport Wi-Fi, and India shutting off mobile internet for 63 million people.

Security News This Week: Police Use Mobile Cell Phone Trackers to Avoid Court Orders (WIRED) I also wrote about mobile supercookies, a secret email Ed Snowden sent NSA, the IRS hack, and some Google news.

Security News This Week: US Admits It Uses Predictions, Not Data, to Blacklist Flyers (WIRED) I also wrote about an Android bug, a security flaw Volkswagen kept hidden for years, spies in China reading U.S. officials’ private emails, a software engineer harvesting Facebook user data using cell phone numbers, attackers hijacking Cisco networking gear, Lenovo injecting its software into clean installs, and government requests for Twitter user data skyrocketing.

Security News This Week: The Pentagon Got Hacked While You Were at Def Con (WIRED) I also wrote about a Firefox exploit found in the wild, a court ruling against warrantless release of cell phone location data, and about tearing down cyberwalls, whatever they are.


We’ve got you covered if you’re looking for a job in tech: Finding Software Jobs When You’re Over 50 (Dice), Hacking Job Interviews (Dice), and 5 Big Interview Mistakes To Avoid (Dice) have some words of wisdom from people who are a lot smarter than me.

I want to get posts like this delivered to my inbox.

Stuff I Wrote: July 2015

Writing Fountain penIt’s been quite a prolific month of writing for me, so I’ve divided it into more sections than usual. I’m also thinking of sending this out weekly instead of monthly, and will be surveying RSS subscribers to see if you’d prefer a weekly (or biweekly) newsletter to this. But for now, here are links to 17 articles or posts I wrote for WIRED, Forbes, Experience Life, Made Man, the Freelancer, and the Sports Post in/for July.

Security News This Week

This is a weekly roundup of security news I write for WIRED; each headline is just one story of seven to 10 that I link to and summarize.

Your VPN Probably Isn’t Private (7/2) (WIRED) Also XKEYSCORE, NSA spying, WaPo encryption, and some new malware named after your favorite cartoon characters.

The Crypto Wars Ain’t Over (7/11) (WIRED) From Dutch spying to German spying to more U.S. spying, the crypto wars ain’t over. Plus spoofing in Chrome, financially-motivated hackers, cyber war games, and more.

Laura Poitras Is Suing the Government (7/18) (WIRED) An emergency UK spy bill deemed unlawful, an ACLU lawsuit, issues with RC4 ciphers, a Java 8 exploit, a Hacking Team client feeling the sting, and an identity thief getting 13 years in the slammer.

Anonymous Says It Hacked the Census Bureau (7/25) (WIRED) The U.S. Treasury intelligence service is vulnerable to hackers, Facebook can’t challenge search warrants, it may be easier to sue over data breeches, Microsoft says goodbye to revenge porn, Malaysia censorship, Pakistan spying, and more.

Online Security

The Five Online Security Measures You’re Probably Doing Wrong (Forbes) Google compared security tips made by experts and non-experts, and I spoke with the amazing Micah Lee to make sense out of them.

Security Made Simple–In Photos: Five Online Security Measures You’re Probably Doing Wrong (Forbes) A slideshow with five action steps for securitizing your shit; kind of a simplified version of the post above.

What You Can Learn From the Ashley Madison Hack (Even If You Don’t Want to Cheat on Your Spouse) (Forbes) Some strategies for online security when visiting sites you maybe don’t want people to know you’re on, with tips from Fred Jennings (who is not your lawyer) and Jessy Irwin.

Why Did A Security Form Mysteriously Ditch a ‘Privacy’ Product? (Forbes) A bit of speculation on ProxyHam.

Not Ready To Disable Flash? Try Click-To-Play Instead (Forbes) I spoke with technologist Garrett Robinson on ways to protect yourself from Adobe Flash’s rotating door of 0days without breaking everything or ruining your internet experience.

For Social Engineering Scams, The Best Security Patch Is Education (Forbes) A story about losing my ID while I was traveling in California…

Why You Shouldn’t Freak Out Over Windows 10’s WiFi Sense Password-Sharing Feature (Forbes) I explain why WiFi Sense isn’t the worst idea in the world.


Fitness Fix: Preventing Shin Splints (Experience Life) Some great exercises from Francesca Conte.

Expert Answers on Exercising With Your Dog (Experience Life) Dawn Celapino talks about how to include your dog in your workouts.

Expert Answers On Why Your Face Turns Red When You Exercise (Experience Life) A dermatologist explains it all.


Should Writers Respond to Comments on their Articles? (The Freelancer) I spoke with Lorenzo Franceschi-Bicchierai, Cyrus Farivar, Monica Guzzman and Maryn McKenna on whether journalists should read and respond to comments.


This Wedding Photographer Also Shoots The Most Amazing Storm Pics You’ve Ever Seen (Made Man) A really fun slideshow with some of Mike Olbinski’s best stormchasing photos.


Jessamyn Duke and Shayna Baszler’s Gnarly Street Fight (The Sports Post) This exclusive story explains what happened in the parking lot hours after a seminar…

I want to get posts like this delivered to my inbox.

A Very Personal Ad For Project Co-Conspirators

two friends kittens dancing and speaking isolated on white background

After a five-and-a-half year hiatus, I wrote a Very Personal Ad last month, in which I was looking for a new desert home. It worked so well that I thought I’d try it again. Invented by Havi Brooks, Very Personal Ads are a way to practice getting better at asking for things and getting clarity about our desires by asking for what we want. Sometimes the things happen, and sometimes they don’t, but the point is to learn about our relationship with the thing we want.

Wish #1: A Podcast Collaborator

I’ve been running an intermittent podcast called The Elephant in the Room, in which I pick a theme and an amazing guest and pepper them with the questions everyone else has but is too afraid to ask. (Or sometimes I just ramble a lot and they say smart things.) I’d love to find someone to work with on this project. Ideally this person would be into the parts I’m not as focused on, like audio editing, but I’m open to a co-host as well. I only want to do one episode a month, or so.

I want it to be someone who would really benefit, personally or professionally, from helping me work on this project and who would be really excited about it. Part of me feels like I should be hiring somebody, but I want a collaborator, not an employee. I want it to be someone with strong opinions who’s not afraid to share them, but who I would work with well together.  We do need to have some shared interests, obvs.

Wish #2: A Top Secret Game Project Collaborator

I’m working on an educational game that people interested in privacy and security for activists, journalists, etc. would be really excited about, and I’d love to work on the gaming part with someone else who can help me hash out the nitty gritty details and is as excited about the project as I am. It would ideally be someone who’s really analytical but also grew up reading comics and playing AD+D. It’d be someone who would help me build on my ideas rather than tearing them down.

Ways This Could Work

I could meet someone who’s interested in one of these projects through an event or at a cafe or coworking space. I could meet them online. Maybe the right people are reading this. Maybe they’ll be introduced to me by someone reading this. Maybe it’s someone I know already.

My Commitment

I commit to being really open to potential people to work with, and to sharing credit, and to putting a lot of love into the project. To drop my own ego and be open to critical feedback. These really are labors of love and not for profit, so my commitment is to their overall excellence, despite the amount of time they take.

Progress Report

We have signed a lease for a new place to live in a safe area with a good vibe. It’s got a washer/dryer (so we’re giving away ours!), is pet friendly, has parking and central air, is in our price range, has a patio, and recycling, and a pool, and is near a cafe I like, and they’re letting us move in a day early–so it’s got pretty much all we wanted. It’s a relief to get to stop looking.

I want to get posts like this delivered to my inbox.

Feminism has a racism problem (and so do I)

800px-Ostrich,_mouth_openDisclaimer: This post addresses privilege, racism, gender politics, and other issues. It’s based primarily on my own experience, and I didn’t attempt to cover all potential scenarios and angles. I’m sure I left a lot of valid points out, and am hoping people who see my own blind spots will contribute to the conversation with their own writing if they feel moved to.

There’s this sentiment in many feminist circles that if someone feels uncomfortable, it’s likely due to some type of gender discrimination. And often, that’s true. Women for so long have had to deal not only with harassment and sexism, but with other people telling them it’s in their own head.

This is why feminist women’s groups can be so gratifying. Finally you can have the “am I crazy, or is this person being creepy?” discussion with people who support you. We’ve passed around copies of Amanda Hess’ post on “grey rape” and had nuanced, thoughtful discussions, sharing our own experiences without feeling the need to dredge up old memories or justify our clothing, our body language, or our existence. In a world where many of us find ourselves constantly put on the defensive, it’s refreshing.

But this isn’t just about validation. Plenty of women’s circles and groups I’ve been in have spent an inordinate amount of time trying to convince women that yes, the specific manifestation of non-consensual sex they’d described is rape, and no, it wasn’t their fault. That yes, their employer was harassing them and no, smiling didn’t make it okay or magically shift responsibility from the perpetrator to the target. That they’re not terrible people for reporting it or for not reporting it. That they can get help and things can get better.

I’ve wiped the tears of a woman who was drugged and raped but thought it was her own fault because she’d smoked pot earlier in the day. I’ve  made tea for a teenager who thought she led her stalker on and felt bad getting a restraining order because she thought it’d be too mean; this was someone she cared about.

Those justifications seem ridiculous to us but didn’t to those people at the time until they got a reality check from supportive friends. The combination of societal victim-blaming and high degrees of shame and guilt associated with sexual violence create a potent cocktail of self-blame, and as I’ve hopefully demonstrated, meeting with a group of like-minded women can be helpful for recalibrating one’s perception of reality. It can also be incredibly gratifying to be surrounded by people who aren’t trying to discredit your emotions and in fact view your experience through the lens of systemic inequality. Part of yelling and screaming that something wasn’t our fault is because a tiny part of us might believe that maybe it was. Fragmentary recall and difficultly making sense of what happened, among other things, can do that to a person.

But there’s a dark side to this, too, and it has to do with privilege. Almost every feminist group or women’s group I’ve been in has skewed predominantly white and predominantly financially privileged, and I think this really colors the dialogue and what we get from the groups in a way that may not be immediately obvious.

There’s this pervasive feeling in feminist circles that anytime someone feels uncomfortable, she’s being harassed. And there’s a tendency to erase white-on-white harassment from history. But feeling uncomfortable, no how you slice it, doesn’t necessarily mean you’re being harassed. A very lonely male friend of mine once sent me an email that initially, instinctively made me feel uncomfortable. After giving it some thought I realized that not only were they not, in my estimation, doing anything creepy, that if anyone was contributing to an unfair power dynamic, it was me.

At some point embracing feminist rhetoric can extend beyond finding a group of supportive people who trust your stories as you tell them instead of invalidating them, which is problematic in and of itself. It can lean women towards a warped view of the world in which one views anything that makes her feel uncomfortable as harassment, and even fixates solely on gender issues while ignoring all other forms of systemic inequality.

What does this look like? It looks like Abby Dawson, a white Kennesaw State University academic advisor, telling black student Kevin Bruce that waiting quietly until an adviser was available was harassment. I, of course, don’t have a mirror into Dawson’s soul…but if someone equates feeling uncomfortable with being harassed, this is what it looks like. And I think it’s worth acknowledging the possibility of white feminist women thinking that they are being “harassed” because they are uncomfortable… and that they’re uncomfortable because they are racist.

But enough about Dawson. Let’s talk about me.

I was walking to a restaurant for an evening of bachelorette party festivities when some rando started yelling something or other at me. This is always an uncomfortable situation, but his funny and charming friend told him to stop, which made it all better. Right?

I mean, who the hell is anyone to yell things at me on the street? Getting all dressed up for a night on the town with my girls–an incredibly rare occurrence, I might add–isn’t an invitation to street harassment. The guy’s friend stepping in fit seamlessly into the “best party ever OMG!” narrative I was trying to create, and I could tell you all about why my very classy non-trashy bachelorette party was better than everyone else’s. I shared the video widely, and then forgot about it.

Until #BlackLivesMatter entered public consciousness, drawing attention to the death of unarmed black men by police officers…something that has been happening for decades but has suddenly gotten a lot more media play because there was video so it was harder to sweep under the rug or accuse people of lying.

The man in my video told his friend that harassing people was never worth it because the consequence could be a violent reaction by the state. I suppose one could argue that institutionalized violence in response to street harassment is unlikely since catcalling is pervasive and it’s not like we’re all calling the cops or waiting around for them to show up, anyway.

But it’s pretty damn hypocritical of me to say that rape jokes aren’t funny but police beating the shit out of black men? Oh, that’s hysterical.

I would like to stop street harassment in part because of the implicit threat of violence. But I don’t think that a heightened threat of violence towards harassers would stop this cycle.

In addition to a long history of police brutality that disproportionately affects people of color, there’s a long history of black men dealing with organized racism and excessive violence for committing the crime of flirting with white women. Perhaps you’ve heard of Emmett Louis Till, a 14-year old black teenager who was murdered in Mississippi after allegedly flirting with a white grocery store clerk. The woman’s husband and his half-brother beat Till, gouged out one of his eyes, shot him in the head and threw his body in a river. A grand jury declined to indict the men who did this. Justice was not served. Till was a human being and his life mattered.

Rewriting this narrative so that the female grocery store clerk is a victim of sexual harassment and Till is not a victim would be sickening. Rewriting a narrative so that I’m a victim of catcalling while ignoring police harassment of people of color is kind of missing the point.

Some guy pointing out that his friend could get tear gassed and arrested for harassing a white woman isn’t really funny in that historical context, is it?
I could come up with a convincing excuses for my own self-absorption: feeling a wee bit narcissistic on the day of one’s bachelorette party is hardly inexcusable, right? In reality, I am constantly coming face to face with ways that I manifest my own privilege without even being aware of it—often fighting tooth and nail to defend what I think is mine when it slowly dawns on me that I was once again stuck in my head and ignoring the systemic inequality around me. I like to think I want to confront the ways I contribute to systemic inequality, but I’d be lying if I pretended this is a smooth and seamless transition. In reality, time and again I’ll find myself fighting it kicking and screaming.

So what’s my point? My point is that we need to unpack and deconstruct our own narratives of harassment, or at least acknowledge the possibility in our own minds that we’re not always victims.

I felt so powerless as a kid that it was hugely surprising to me to realize that actions I took had an effect on others–and not always a positive one. Reflection is crucial.

At some point we have to stop blaming our own self-absorption—I have to stop blaming MY own self-absorption, that is—on gaslighting and fear culture and a history of abuse, on patriarchy or rape culture or societal norms that oppress women. We as white women should acknowledge that we have an enormous amount of privilege and take special care to not create narratives that discount intersectionalism and the experience of others.

And we need to find the strength and reflection to analyze our own victim narratives with the same level of fervor and commitment that we use to unpack violence towards women and the many ways it manifests.

Because it really isn’t just about us.


I want to get posts like this delivered to my inbox.

Stuff I Wrote: June 2015

Writing Fountain penHere is a collection of links for posts I wrote this past month for WIRED, TakePart, Slate, Experience Life, Performance Menu, ReadWrite, and Dice this month!

Border Politics

Public Records Requests




I want to get posts like this delivered to my inbox.