Jimmy Jenkins and I started a podcast covering Friday news dumps so they don’t get buried.
In our first episode, we spoke with Rachael Tackett about draft legislation that could impact how foreign governments gain access to data stored in the U.S. We also looked at recently declassified documents showing links between Saudi officials and 9/11.
Make sure to listen, and please help spread the word.
June has been a busy month! Below please find a roundup of posts I wrote that were published this month, including my first-ever posts for The Kernel (Daily Dot) and Ars Technica.
That’s it for now. Catch you next month!
This month, I taught a MidWeek MindTweak at CoHoots on securing small businesses, which was a really fun session with a great audience. I also held my final Phoenix Freelance Spark event, and you can read all about why I stepped down if you’re interested. Next month I’ll be at the IRE conference in New Orleans–drop me a line if you’ll be there, too. Here’s to escaping Phoenix’s summer heat for… other cities’ summer heat!
It’s always hard for me to do a roundup of my posts for the month when I know I have some really good posts on the first of June, but I do have nine posts for you to check out.
On Lockpicking, Sexism, And Your Tech Conference’s Code of Conduct (Or Lack Thereof) (Forbes)
There are no easy answers for sexism and sexual harassment at hacker conferences or tech events, but there are a few ways to minimize incidents and handle them when they arise. (Oh yeah, and nobody at the lockpicking village wants to hear your creepy handcuff jokes.)
How To Run A Gym Without Being A Classist Asshole (Performance Menu) (paywall, $5.99)
Don’t be that douchebag telling people who literally can’t afford a gym membership that they’re lying and will never get results, and other tips.
Reporter Plays Softball With Hardass (Medium)
This was my recap of the Society for Professional Journalists’ regional conference, in which Arizona Republic columnist E.J. Montini and the controversial Sheriff Joe Arpaio engaged in a keynote “interview” that not only more closely resembled amateur comedy hour, but was entirely devoid of substance. SPJ advocates for fearless journalism, believe it or not… I’d be embarrassed.
Complaining to HR Without Blowback (Dice Insights)
Complaining to HR should be your last resort, but if it’s your only option, these are some things to keep in mind.
3 BAD Food Combinations to Avoid and 6 Good Ones (LiveStrong)
I spoke with three nutrition experts to find out which food combining combos you should really avoid and some that can help optimize your health.
Security News You Might Have Missed: Criminal Risk Assessment Software is Racially Biased (Forbes)
Also, a security researcher was raided by FBI after pointing out a vulnerability in a dental database, anti-choice groups use smartphone surveillance to target “abortion-minded women,” an Israeli startup claims its tech can determine whether a person is a terrorist based on facial analysis, Chicago police use secret information to determine shooting perpetrators, Canary Watch sunseted, and more. Oh, and it’s time to change your Reddit and MySpace passwords.
Security News You Might Have Missed: I Don’t Know Why You Say Allo, I Say Goodbye (Forbes)
Google’s new messaging app will offer end-to-end encryption, but not by default. Apple makes it harder for feds to unlock devices. LinkedIn finally resets passwords for users whose accounts were apparently compromised back in 2012. (Oops!) The Intercept releases the NSA’s juicy, top secret internal newsletters. And a new report takes a look at media use of the whistleblower platform SecureDrop.
Security News You Might Have Missed: If Math Is Outlawed, Only Outlaws Will Do Math (Forbes)
Alleged British hacker wins court battle over encryption keys, Twitter bars Dataminr from sending alerts to intelligence agencies, federal agents planted hidden mics and videos at a courthouse, Senate contemplates reauthorizing the NSA’s controversial 702 surveillance, a government spy truck poses as a Google Street View car, and more.
Security News You Might Have Missed: Brazil Blocks WhatsApp, Stingray Parallel Construction, More (Forbes)
A roundup of security news this week, including Brazil’s short-lived WhatsApp shutdown, Maryland cops relying on Stingray tech for petty theft, parallel construction in Stingray use in Oklahoma City, Rule 41 changes to increase mass surveillance, and passwords being sold on the dark web.
Tips and comments are welcome at yael@yaelwrites.com (I do use PGP). I’m on Twitter@yaelwrites and on Jabber and Tor Messenger at yael@jabber.calyxinstitute.org. Additional ways to contact me securely are here: https://yaelwrites.com/contact/.
Last month, I stepped down as an organizer of the Phoenix chapter of Freelance Spark. (Organizers in other cities stepped down as well.) I started volunteering with Freelancers Union in January 2015, holding my first event in February at GangPlank in Chandler. Soon, videographer Ita Udo-Ema joined me as a co-organizer, before I went solo in order to move the event to CoHoots in downtown Phoenix on October 2015 in hopes of drawing a larger crowd. Our June meeting would’ve been tomorrow (Wednesday) so I wanted to give an explanation.
From the beginning of my volunteer stint, I noticed two things. First, it became immediately apparent that the Freelancers Union staff (which doesn’t include many former or current freelancers) wanted to basically run the show with very little feedback from volunteers—even going so far as to provide “scripts” in each month’s material for us to read aloud, often to promote their own health insurance offerings or initiatives. And second, I noticed that this non-profit, whose goal is (supposedly) to help freelancers thrive and grow, was instead invested in how much additional work it could get from volunteers. What more could chapter leaders be doing? Early on, I remember leaving a Google Hangout for this very reason. It was exhausting.
At one point, Spark wanted to reprint one of my blog posts, and asked me for a photograph. When I asked for specs, they sent me a laundry list that would be more appropriate for a paid graphic designer or photographer to receive from a client: body turned towards camera, high resolution (non blurry/grainy), landscape orientation (not square), negative space–the more the merrier–around your entire silhouette (except for the bottom, no part of you touches the edge of the photo), minimum resolution: 72 dpi, minimum dimensions: 700 px tall, 900px wide, at least 300KB,” it read in part. Of course, they forgot to add a link to the original post until I wrote back in with a reminder. Priorities, amirite?
Freelance Spark seems to cater to fledgling freelancers, rather than established professionals, focusing its campaigns on things like legislation in New York (which wouldn’t affect many members) and a laundry list of unpaid invoices by its members that it’s titled “the world’s longest invoice” (in spite of the fact that pointing to plight of unpaid freelance work doesn’t exactly help the profession, or how it’s perceived by others). But it wasn’t lost on even the greenest attendees that the curriculum provided was of increasingly poor quality. Perhaps as a byproduct of material that wasn’t applicable to most of the people in the room, attendance to meetings dwindled. Even when many people RSVPed for events, only few would show up, and I got used to recycling unused material at the end of the night month after month. On multiple occasions, our gathering had just one or two attendees. I found myself wondering whether it was worth it, but discussing it with the Freelancers Union powers that be was pointless, as they provided little feedback or assistance.
Some of these issues came to a head in our Slack channel when a Freelancers Union staffer decided that we would all be charging for events going forward to prevent no-shows. Not all organizers were thrilled with the idea of asking members to pay for events we were hosting as volunteers, in space generously provided free of charge, but we were never even asked.
In response to growing conversation and actual feedback from its unpaid volunteers, Freelancers Union leaders decide to shut down the discussion and send out a survey. In response to my concerns with Freelance Spark meetups, I was sent an email and asked to hop on the phone with two organizers so that we could discuss my tone.
I had already been planning to resign because I didn’t feel like my volunteer work was making a positive impact, because the material seemed meaningless, and because–after months of this–I didn’t envision a possibility for change. But I was waiting for a scheduled happy hour (as a way to say thanks to our hosts) and for a session on security for small businesses, which I was asked to help develop curriculum for. Prior to being asked to create written material, I was asked to be on a panel (which never happened). As I was surveying chapter leaders for information to cover (something, incidentally, that Spark hadn’t really ever done when designing curriculum), a Freelancers Union organizer asked me to tack on information on IP and copyright, which is not only problematic for multiple reasons, but also out of scope. After agreeing to multiple requests to help with this session, I was then asked to hop on the phone to essentially repitch the idea. Later, the scheduled talk was quietly removed from the calendar.
How many freelancers haven’t had this problem? Someone asks you to do something, then when you agree, asks you to explain how you’re qualified and essentially pitch it to them? It’s annoying when it’s paying work, and honestly a little bit insulting for unpaid work. Freelancers Union relies on unpaid volunteers, and apparently views our time as expendable. I’m not sure how it distinguishes between “promoting the interests of independent workers” and promoting its own interests through the unused and unacknowledged (let alone unpaid) labor of independent workers, which is how I knew it was time to say goodbye.
After a year and a half of being dismissive of concerns, it’s hard to say whether Freelancers Union will be able to rebuild trust with its cadre of volunteers, or demonstrate that its staffers are familiar with freelancing and care about the needs of independent workers (beyond soliciting unpaid labor and trying to sell insurance). Running a successful remote group of volunteers isn’t easy even when it’s done properly, and I can’t even imagine how hard it would be when done wrong.
I did make some great connections through Spark, so not all was lost. And information wants to be free. In addition to teaching multiple workshops on online privacy and security for small businesses at my coworking space, and cohosting several events at another coworking space and the downtown library, I’ve already started organizing informal meetups for networking and troubleshooting sessions without forced curriculum, and without being asked to push a dismissive and out-of-touch organization’s agenda. Here’s to mutual assistance and the spirit of d.i.y., which drew a lot of us to freelancing in the first place.
America’s toughest sheriff struggles with real media questions. (photo: Gage Skidmore)
Last Saturday, I attended the Society of Professional Journalists (SPJ) Western Regional Conference. The theme was “a thirst for news,” and keynote was a one-on-one interview with Maricopa County Sheriff Joe Arpaio conducted by Arizona Republic columnist E.J. Montini.
SPJ’s tagline is “improving and protecting journalism since 1909.” The organization is perhaps best known for its code of ethics, voluntarily embraced by journalists aspiring to hold themselves to high standards of integrity in their work. Having a sheriff–any sheriff–as a keynote speaker seems somewhat unusual. In contrast, other regions chose ESPN Films and Original Content VP and award-winning documentarian John Dahl, Washington Post reporter T. Rees Shapiro, Louisville Public Media executive editor Stephen George, University of Southern California Annenberg School for Communication and Journalism professor Robert Hernandez, and Times-Picayune/NOLA.com environmental reporter and Pulitzer winner Mark Schleifstein.
But SPJ advocates for fearless journalism. “Seek the truth and report it,” its code of ethics advises, as well as the admonition to “be vigilant and courageous about holding those with power accountable” and to “give voice to the voiceless.” Surely a keynote interview conducted by a journalist in front of an audience of journalists would include something resembling journalism? That’s what I came to the conference expecting, but not what the keynote delivered.
Not only did Montini and Arpaio engage in an “interview” that more closely resembled amateur comedy hour, it was entirely devoid of substance. It began with Arpaio laughing about sending Montini anchovy pizzas–which, incidentally, doesn’t seem like a practice SPJ would recommend–its code of ethics advises journalists to “refuse gifts, favors, fees, free travel and special treatment.”
Montini repeatedly minimized the impact of Arpaoi’s policies, referring to them as “stunts” and trivializing his history of misconduct with comments like “you had this Justice Department stuff for a long time” before changing the subject. Arpaio, who once had a SWAT team set the house of an innocent man on fire, made dumb jokes about being Elvis in Las Vegas. Arpaio, whose staff mishandled or neglected ~400 sex crimes between ’05 and ’07, joked about how having a female chain gang was an example of equal opportunity. Arpaio, “America’s toughest sheriff,” waxed poetic about the good old days when he could buy reporters a cup of coffee and have an off-the-record conversation. Apparently doesn’t think being lobbed a series of inane softball questions at a regional conference for an organization dedicated to seeking the truth was good enough.
On April 3rd, Vice News journalist Tess Owens wrote a lengthy post about the mistreatment of mentally ill prisoners in Maricopa County, and, Owens wrote, “Arpaio and his staff did not respond to multiple phone calls and written requests for comment.” It’s too bad that a journalist who had him on stage in front of an audience with “a thirst for news” decided that hard-hitting questions were not appropriate for an audience of journalists.
After all, why would journalists possibly be interested in Arpaio’s unlawful enforcement of immigration laws, racial profiling, unlawful traffic stops, failure to investigate sex crimes, or election law violations? Why would they care about how cases involving him or his office have cost taxpayers upwards of $142 million in settlements, court awards, and legal expenses. Why would they care about Arpaio’s misuse of funds allocated for inmate services, when they could talk about Elvis and anchovy pizza instead?
It’s was the setting. Arpaio was a guest. For news stories, he should get grilled. This was more of a conversation. https://t.co/qjLc3RoESY
— E.J. Montini (@ejmontini) April 30, 2016
I've asked what you'd call REAL questions of him for 20+ years, and will continue to do so. This wasn't the venue. https://t.co/kooUNRfbBb
— E.J. Montini (@ejmontini) April 30, 2016
“I’d like to leave some time open for you to ask questions as well, and when you do, make sure to raise your hand, and one of the sheriff’s security guards will come up and tase you,” Montini joked at one point. It’s not funny. Mere hours after the Justice Department released its findings that the Maricopa County Sheriff’s Office has a pervasive culture of discriminatory bias against Latinos, reaching the highest levels of the agency, one of Arpaio’s detention officers used a taser on Latino veteran Ernest “Marty” Atencio, who stopped breathing after he was stripped naked, severely beaten, and left alone in a “safe cell.” Atencio died days after the injury. Atencio was just one victim of Arpaio’s Maricopa County Jails.
It's almost a comedy routine. @ejmontini chat w/ @RealSheriffJoe #spjwest pic.twitter.com/GYYKZcIpRK
— Dustin Gardiner (@dustingardiner) April 30, 2016
You can see the “joke” in the video linked in Gardiner’s tweet above.
Although there were some real questions from audience members, including my own, Montini didn’t press Arpaio when he evaded questions, even helping him save face by pretending Arpaio wasn’t involved in ACLU’s lawsuit over the jails he oversees.
Question from @yaelwrites: How do you justify treatment of mentally ill prisoners? How do you sleep at night? #spjwest
— Maria Polletta (@mpolletta) April 30, 2016
.@RealSheriffJoe: I'm not responsible for mental-health services in my jail and shouldn't be. That's Dept of Corrections.
— Maria Polletta (@mpolletta) April 30, 2016
It’s hardly a surprise when a corrupt politician shamelessly shucks responsibility for his own misconduct. And perhaps a spineless reporter helping a corrupt politician save face for diplomacy’s sake isn’t much of a surprise, either. But it damn well should be.
It’s been a busy month for events! After attending RightsCon in San Francisco, I co-organized and participated in two CryptoParties here in Phoenix, one at Mod and one at the Burton-Barr Public Library. Missed them? Follow @cryptopartyphx on Twitter, and check out David Huerta’s slides on when ads stare back, Will Bradley’s Prezi on encrypted messaging, and my slides on basic operational security. (Jeremy Leung was our fourth presenter.) You can also check out my Mid-Week MindTweak at Co+Hoots on May 25th at 12:30 to get food truck food and learn some ways to keep your business secure.
Freelancers attending the Society for Professional Journalists Western Regional Conference in Phoenix this Saturday can catch me at the freelancer’s survival hack panel moderated by KJZZ reporter Carrie Jung, where I’ll be answering questions alongside fellow freelancers Jimmy Magahern and Maritza Felix. And, as always, Freelance Spark is the first Wednesday of the month.
As far as posts this month, I do have seven to share.
Tips and comments are welcome at yael@yaelwrites.com (I do use PGP). I’m on Twitter @yaelwrites and on Jabber and Tor Messenger at yael@jabber.calyxinstitute.org. Additional ways to contact me securely are here: https://yaelwrites.com/contact/.
Happy April! As always, here’s my roundup of posts I wrote last month… I also updated my portfolio, so check it out at https://yaelgrauer.contently.com/ if you are so inclined.
5 Free Alternatives to Freelance Must-Have Tools (The Freelancer) Save cash on project management, email marketing, photo editing, word processing and accounting tools.
Getting Into a Competitive Boot Camp (Dice Insights) Some tips from folks at Hackbright Academy, Code Builders, and Startup Institute.
Jumping into User Experience (UX) Design (Dice Insights) Some tips from UX designers on making the transition.
Security News You Might Have Missed: Apple vs the FBI (Forbes) After a flurry of legal briefs and the beginning of a media showdown, Apple and the FBI were set to square off in a trial to determine whether Apple would be required to write, sign, and deliver new software code to allow government access to data that may or may not be on a phone belonging to one of the San Bernardino shooters. I put together a roundup of some recent news and analysis for context on the upcoming trial, which was ultimately canceled.
FBI Files Motion To Postpone Tomorrow’s Showdown With Apple (Forbes) A day before its scheduled showdown with Apple, the Justice Department moved to postpone a court hearing on whether Apple should be forced to help the government break into a deceased San Bernardino shooter’s iPhone
FCC Slapped Verizon With A $1.35M Fine, But Supercookies Remain A Problem Around The World (Forbes) Unique Identifier Headers remain a problem internationally, but the FCC could drive reforms going forward, and other companies could follow suit.
FCC Privacy Rules Would Close Loophole for Supercookies (Forbes) Federal Communications Commission chairman Tom Wheeler proposed new privacy regulations that would require broadband Internet access service providers to obtain customer consent before collecting and using their data. The proposal will be voted on by the commission on March 31st.
Beef Up Your Security By Revoking Unnecessary Third-Party Permissions (Forbes) Is your Twitter account posting or direct messaging out spam? Getting inundated (or inadvertently sending) game requests on Facebook? Here’s what to do…
Less than 24 hours before its planned showdown with Apple, the FBI moved to vacate March 22nd’s hearing. The request was granted.
“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case,” the filing read in part. Government attorneys proposed filing a status report with the court by April 5th, 2016.
The hearing was meant to determine whether the government can use the All Writs Act to compel Apple to create a new vulnerability in its software, sign it, and deliver it to an iPhone belonging to a deceased San Bernardino shooter, so that investigators can peek inside the phone (in spite of the fact that it likely doesn’t even have anything of value on it). This came on the heels of a federal magistrate judge in Brooklyn ruling that the government does not have the authority to compel Apple to unlock an iPhone using the All Writs Act.
The news was first reported on Politico.
In February, I wrote about securing photos, how to prevent getting hacked mid-air, and a whole lot more. As always, I’ve rounded up everything I had published for the month, but the posts are divided by publications rather than by topic.
How Not To Get “Hacked” Mid-Air USA Today columnist Steven Petrow recently wrote a post about a stranger on an airplane who claimed to have hacked into his email account. Here are five steps to take to avoid sharing his fate.
How To Secure Your iPhone Photographs. What to do to secure your images if you’re worried about device theft or loss, or about images being subpoenaed or confiscated.
Strong Crypto Is Widely Available Outside The US, So Restrictions Are Unlikely To Thwart Terrorism. US restrictions on unbreakable crypto are far less likely to thwart terrorists and criminals they will negatively impact US companies’ bottom line and the safety and security of everyday internet users.
This Heartwave-Sensing Wristband Unlocks Your Laptop–But Some Say It Falls Short. The Nymi Band promises continuous authentication based on electrocardiogram data–but it doesn’t eliminate passwords, has a password override, and can be configured to work without ECG information at all.
Apple Vs. FBI Roundup: All The News And Analysis You May Have Missed. Things have been heating up between Apple and the FBI. If you’re looking for detailed legal or technical explanations–or even just some basic overviews–here’s a roundup of news stories and analyses to refer to.
Sadly, these are my final three WIRED security news roundup columns.
Security News This Week: The White House Bans Its Own Security Researcher. Also, why the government can’t claim it is “going dark,” a legislator working on an anti-swatting bill was swatted, and more.
Security This Week: Employers Are Paying Data Firms to Predict Your Health Risks. Also, sensitive student data was released to a non-profit, a data intelligence company gathered intel on caucus workers, a union in Philly deployed a surveillance drone to help its workers, and more.
Security News This Week: The Government Wants to Listen In on Your Smart Home. Also, a way to get academic papers for free, leaked police contracts destroy civilian complaints and keep disciplinary records secret, NYPD’s stingray use, and more.
Your Workplace Transition Survival Guide. What to pay attention to when moving from enterprise to a startup, or vice versa.
Tips For Negotiating Equity. Great if you’re planning on joining a startup.
Jumping Into Project Management. Self-explanatory.
Jumping Into Product Management. Also self-explanatory.
In January, I wrote about administrative backdoors, shitty passwords, and a whole lot more. As always, I’ve rounded up everything I had published for the month, this time divided by publications rather than by topic.
A note for Forbes readers (or non-readers, as the case may be): Unfortunately, Forbes is blocking ad blockers, and I’ve been getting a lot of comments from folks who’d like to read these posts but don’t want to put themselves at risk of malware. There are certain ad blockers that still seem to work (like uBlock Origin), and Tor is always an option, but if you really want to read something and can’t access it, feel free to email me–the terms of my contract allow me to share my own work privately or repurpose it after it’s published.
That’s it for now! I’ll see you next month.
