Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘Blogging

Wordpress at it again: Backups and security through obscurity

leave a comment »

The stream of outrageous incompetence by WordPress continues…

For the first time in half an eternity,* I decided to download a backup of my WordPress blog. In the past, this has resulted in (most likely) a zip-file being offered for saving. Today, however, I was met with a message that a link to this zip-file would be sent to my email account… The link, in turn, was valid for a full seven days, downloadable by any arbitrary Internet user, and protected only by (what I hope was) a random sequence of characters added to the file name. This is not only highly user unfriendly—it is also a great example of idiots relying on “security through obscurity”: It is true that no-one who does not know the random part of the file name (obscurity) will be able to download the file (“security”). However, with the state of email security, a great number of hostiles** would have had the opportunity to grab the email contents and find the link. To boot, this approach opens the door for simple errors or oversights by WordPress to open an unnecessary security hole, e.g. if a list with the current such links is similarly weakly protected… Other risks might exist, e.g. that it might be easier for a family member or visitor to get hold of the email/link than access to the WordPress account.*** In contrast, with the old system, the backup was transient and protected by the normal user-account controls—and if those are breached, it does not matter how backups are handled…

*This is not as bad as it sounds: I write all posts offline, with separate backups, in the first place; there are not that many comments; and I intended to leave WordPress at some point anyhow. Correspondingly, little data would actually be lost, if something bad happened.

**Notably, not necessarily parties hostile towards the individual blogger. More likely, it would be someone hostile towards WordPress or who sees WordPress as an easy source of data. Such a hostile would then watch the outgoing traffic from the WordPress mail-servers, grab all the links it could find, and then simply download everything. And, yes, many blogs will contain contents that are not intended for public viewing, including private blogs, blogs restricted to a smaller circle, and public blogs with unpublished drafts.

***Anonymous bloggers are not necessarily known to even a closer circle and even those who are might have contents not yet suitable for viewing by others. (This need not even relate to something truly secret, which would be foolish in the extreme to put on WordPress in any manner, but could include e.g. a draft of a post dealing with an upcoming proposal, surprise party, whatnot.)

If we consider only the delay, there might be see some justification to accomodate extremely large blogs, where there is at least a possibility that the time needed* for the creation of the backup might be too large for normal in-browser interaction. However, if so, the correct solution would be to present the download only within the account it self. Indeed, even if we assume that this type of linking was acceptable (it is not), the procedure is highly suboptimal: The link should have been presented in the confirmation page, not sent per email;** the availability time should have been far shorter (a day?); and the contents should have been deleted or otherwise made unavailable upon download (if something goes wrong, the user can always create a new backup).

*I received the email almost instantaneously, implying that my backup would have had to be at least one, more likely several, orders of magnitude slower than it actually was before this concern became legitimate.

**Or the contents behind an emailed link be password protected, with the password displayed in the confirmation page; or the contents only being served after a successful WordPress login.

Advertisements

Written by michaeleriksson

September 28, 2018 at 7:36 pm

Linear texts vs. non-linear thoughts / My style of writing

with one comment

With my intense recent writing, and especially writing of longer texts, I have had plenty of opportunity to reflect upon my writing process, the quality of the results, what I might do differently now than in the past, and similar.

I am particularly interested in the problematic linearity of language, something I wrote about as early as (almost) a decade ago, in a text on the Limitations of language [1]: Language is linear; thoughts are not.

The thoughts (opinions, ideas, associations, whatnots) of the human mind form a complex network. An ideal communication would not just bring a single strand or chain of thought into the minds of the “receiver”—it would bring the entire network. Not only is this required for comprehending the totality of what the “sender” thinks, it is also required to truly understand even the single strand that might be the main point of the communication: All understanding of others is imperfect. The degree can vary considerably, but perfection cannot be reached without having the entire network of the counter-part. Notably, relying on one’s own network can lead to very considerable miscomprehension when the networks are far apart, e.g. due to changing times, different cultural backgrounds, differently evolved understanding of the topic, different emotional modes or practical contexts, …

Solving this problem is the Holy Grail of communication.

Unfortunately, it is likely to remain unsolved, at least for human communications: Not only is it unrealistic to even put into words more than a small, pertinent part of the network, but the more of the network is included, the greater the demands on the reader in terms of comprehension, ability to absorb and retain, time and patience needed, … A particular complication is the connections between the nodes of the network: In reality, a text will mostly deal with the nodes, putting most of the burden of correct interconnection with the reader—doing otherwise would lead to impossibly long texts.* Even the collected works of a great philosopher are unlikely to give a complete network—and how many have actually read, let alone retained and comprehended, such a collection? (This even discounting some trifling details like the philosopher’s opinions possibly changing between books A and B…)

*For an understanding, look into elementary combinatorics.

Looking at my own writings, I have long tried to put larger parts of my network into my texts than most others do. This partially for the above reasons, partially (admittedly) through lack of discipline, and partially because doing so helps me develop my network and to extend and revise my understanding of the issues and arguments at hand, society, myself, …—and self-improvement is the main purpose of my writings (cf. [2], [3]). I deliberately do so even at the risk of a text appearing or being unstructured, excessively long, lacking in focus, or violating some other characteristic typically considered part of quality writing.

Notably, given the right reader, “appearing” is often more appropriate than “being”: Someone who reads and thinks like I do, and who is willing to go the extra mile, will gain more from my texts as they are than from the same text written “by the book”—and will do so with little discomfort. (But I realize that only a minority of the potential readers will match this description.)

Consider e.g. what I wrote a week ago (when I did most of the thinking for the current text): On a superficial inspection, the text might look entirely haphazard; in actuality, it is not.

Notably, the general structure of the main text actually has a plan: First, an event (Bahta’s test issues) is taken, described, and expanded upon in terms of implications. Second, the event is generalized to a bigger picture (consequences of anti-doping measures on athletes) and problems of the bigger picture are described. Third, as a center and turning point, a call for change (re-evaluation of doping) is made based on the preceding. Fourth, the call is given additional motivation through a discussion of other aspects than the athletes’ situations. Fifth, some counter-arguments are discussed (partly to “declaw” them; partly to be reasonably complete). Finally, a very strong argument in favor of my call from outside sports is thrown in, to show that the benefits are not limited to sports, and to hammer home the point. (Admittedly, the placing of this final argument was less a rhetorical plan and more a problem of where to fit it.)

Here the main part of the text, when skipping the footnotes, is formed into a linear skeleton, or strand, which during my own readings* moved my mind from A to B to C … in a pleasing, structured, and target reaching manner—even be it somewhat unusually.

*I try to read and proof-read my texts several times before publication. I am aware that my experience of the text can be different from what others see, because my mind tends to work differently and because being the author can change the experience for anyone.

This strand is expanded by a number of footnotes that can be read during, alternating with, or after the reading of the strand—or they can be left out entirely, at some risk of reaching a simplistic understanding of my intentions and the details of the issue. The result is not quite a net, but goes well beyond a single strand.

A further expansion takes place as a series of excursion at the end, that either did not fit content-wise in the main text, or were simply too long to be a constructive part of the main text or the footnotes.

With the occasional intra-text and (per link) inter-text reference, as well as some combinatory ability on part of the reader, I now have a “net-ish” overall structure. This remains far from being the complete net, but it covers far more ground than the single strand does.

(Of course, the description above need only partially reflect an original plan—as my understanding, intentions, whatnot change, so can the plan. Equally, it does not necessarily reflect the order of writing: Footnotes are mostly written concurrently with the paragraph they appear in, and excursions can, in rare cases, even be written before the main text.)

Looking at the negatives of my writings, there are many things that I could do better (even in the light of my priorities). For instance, not every piece has a structure or focus that I approve of myself. Consider e.g. yesterday’s post and the sub-topic of pharmacies: This text would have been better, had I removed every single word on pharmacies. Barring that, this sub-topic should have been cut considerably—especially, being somewhat off topic. However, since pharmacies were a part of my original intention, I thought that I would just mention this and why I had chosen not to expand on the intention. Doing so, I was led to speculate on the underlying mechanisms, the topic of service reared its head—and then things got out of hand…* In terms of my main priority, this was not necessarily a bad thing, seeing that it caused me to think some things through, do a bit of reading around pharmacies, and brought me the realization that I have a surprising amount of annoyance at them (relative my comparatively few interactions); however, the published text was worse off, and I should have put this sub-topic in a separate text or even canned it entirely—not every word I write must be published.** More generally, the fact that I put in comparatively little effort in preparation regularly leaves me with pieces that do not quite fit in the whole, or a need to restructure the text as the writing proceeds.***

*A sometime danger with my approach to writing. Similarly, I have on some occasions started to write on topic A and found that the main part of the text actually dealt with other topics, because I began with a specific idea around topic A, saw it sprout a few associations, that in turn sprouted further associations, …, and most of these associations related to topic B. (Mostly, I have either moved the “official” topic of the text to B, or divided it into several smaller texts.)

**I failed to do so out of a mixture of laziness, tiredness after the already long work on the text, and a misguided feeling of “it’s a shame to waste all that effort”.

***This is contrary to many recommendations on writing, e.g. that one should start with a very clear outline (and stick to that outline) or that preparation is key. However, having more than a very rough outline would hinder me in my main priority: With these texts, it is not the goal of the journey that is important—but the journey, it self.

Another problem is the lack of more formal structure, e.g. the use of headings and sub-headings or the inclusion of e.g. a brief introduction or conclusion. Here the recent considerable increase in text length has caught me off guard, and I still proceed in a manner more suited to my pre-sabbatical texts.* As a special case, I have found that for shorter and more focused texts, a simple list/enumeration often works better than formal headings, especially when it allows a more natural textual flow; however, this can fail for longer texts, when the items of the list grow too long, or when several lists would be needed. The matter is complicated by technical restrictions and a fear of technical problems in my current markup-to-HTML-to-Wordpress setup, which make me hesitant to introduce headings before I am back on my website proper.

*I have more time to spend on writing, the process is less of a chore, and I usually have a clearer head than I do in the hours between “got back from work” and “time to sleep”. In combination with my writing approach, this has lead to an entirely unplanned change of typical length.

Obviously, this length issue could prove problematic for the type of structure discussed above too: It might be a pragmatical necessity to change approach with works of such lengths. (Or to deliberately write shorter pieces…)

Yet other problems have nothing to do with structure. For instance, I noted my own wordiness a decade ago, and things have not approved since then—for the very reason given in that text.

Excursion on the Holy Grail vs. own understanding:
Receiving a message as intended is only a part of message processing. While the goal of communication, per se, is to send and receive messages with as little loss as possible, it is not a given that understanding the sender is the best the receiver can do. In many cases, interpreting the message in the own network can be more worthwhile, especially when the receiver is (in some sense) more advanced than the sender or when sender and receiver have different priorities. (But he should then keep this in mind when e.g. criticizing the message.) For instance, if the sender presents some facts and arguments, the receiver might use them for other purposes than the sender did. Certainly, there is no obligation to accept the sender’s conclusions and recommendations: The receiver should strive to understand why the sender came to a certain conclusion and how the sender reasoned, but whether he agrees with the sender is a matter of his own reasoning, possibly under application of additional facts and arguments that might not have been present in the message.

Excursion on footnotes*:
An interesting difference in structure between my current writings and what I once wrote for my website is the use of footnotes and “informal” excursions rather than “formal” boxes with side-notes. The latter are more optically pleasing and I originally only started to use footnotes as a quick-and-dirty solution. By now, however, I actually find the new way to be superior in most regards, including being less intrusive (at a given length) and having a better possibility to anchor the footnote to a specific part of the main text. (Possible technical and formatting improvements, e.g., a switch from “starred” markers to numerical markers, notwithstanding.)

*“Paragraph note” might hit the actual use better, but might also cause more confusion than it brings clarity.

Excursion on writing vs. coding:
My approach to writing is likely unconsciously influenced by how I (often) program: I have had considerable exposure to e.g. systematic refactoring, Scrum, and test-driven development, often leading to an approach of writing code according to the current need and then constantly adapting it as requirements are incrementally specified, weaknesses are spotted, … A critical difference, however, is that the code is driven by a specific goal and my texts are more driven by the learning experience; making e.g. an excursion a waste of time and a potential source of problems in the former case, but a beneficial means of growth in the latter. I stress, however, that I do not recommend shoddy planning when it comes to coding. On the contrary, spending time thinking through the general outline of the code, what complications might ensue, what interface must be provided, what might be modularized how, etc. in advance is highly recommendable. (With the reservation that the simpler the problem and more competent the developer, less planning tends to be needed. With the right “feel” and experience, much of this is sufficiently intuitively obvious that the planning stage can be diminished.)

Written by michaeleriksson

August 5, 2018 at 12:15 am

Posted in Uncategorized

Tagged with , , , ,

A few semi-random points around my blogging and writing

leave a comment »

I have a few points relating to my blogging and writing, sometimes more generally applicable. Since not all have sufficient mass individually, I publish them as a group:

  1. When I first started my website, I had highly ambitious goals in terms of both quality of “markup” and continual improvement* of the texts themselves. Over time, the sheer amount of text has grown so large that I must consider these goals entirely unrealistic—attempting to keep them would cost far too much time, and would make writing a too boring leg-work task.

    *Largely based on my experiences as a software developer, especially with refactoring.

    Indeed, even the wish to make certain texts sufficiently high-quality for a first publication can cause severe delays—and I have often seen my self forced to draw a line and publish something three-quarters done just to avoid an eternal state of non-publication. (In cases where I felt that the importance of the topic to me, the amount of time already invested, or some other factor, made non-publication worse than sub-optimal publication.)

    Over-time, such complications have also changed my attitude towards blogging vs. running a “proper” website. While blogging is not optimal in terms of the resulting product, including the reduced ability to improve* texts, to link from an older work to a newer, and similar; it does have the advantage that it is easier to keep productivity up. A blog-like format is hard to avoid when the quantities of text grow beyond a certain point.

    *In the case of larger changes (arising e.g. through a better understanding of an issue, with a wish to expand, alter, retract, whatnot) a blogger will usually even have to resort to an entirely new post. While this too has advantages, it is more of a “necessary evil” than something positive, forcing me away from a more “book-like” result to a more “newspaper-like” one. However, I have noted that such larger changes on my website often led to problems with e.g. structuring or focus, and writing something new might sometimes have been the better idea.

  2. Partially overlapping: What I put off for the future can be delayed by months, even years, or not be done at all. It is, for instance, quite common for me to mention an “upcoming” text and not actually write it until months later—or to write a text half-way and then to leave it be for a few months.

    Indeed, despite the aforementioned goals, my website still has many articles with TODOs or obvious defects in them, because I published knowing that I could (and assuming that I would) relatively soon make corresponding updates. Some of these have been around since the first year of my website. (2009! The time of writing is 2018…) Worse: My first major attempts at writing consisted of a number of (paper) notebooks, especially based on my experiences at the now defunct company Firstgate/ClickandBuy*—the hands down worst employer I have ever had. Most of the contents of these notebooks are still only present in the very same notebooks…**

    *Due to the “defunct” part and the long time gone past, I no longer have any hesitation in mentioning its name: Those reading my website might find references to “E4” (=> my 4th employer), which is an anonymized version of the same company. (The lack of a key to understand some such names is a good example of an “obvious defect”.)

    **It is uncertain whether they will ever be published: In addition to the problem I discuss here, it is quite possible that my opinions, priorities, whatnot, have changed too much in the intervening years. This especially since parts of these writings had a cathartic character. Despite my considering these notebooks the core of my writing for a number of years, it is conceivable that I will at some point simply put them in my shredder…

  3. A special case of the first item is tagging and categorizations: As I have found over time, it is more-or-less futile to do such things manually, except on a very, very broad scale. This not just restricted to writing, but often in other areas too.

    Consider e.g. categories: If there are more than several categories, it is quite common that there is no single obvious match—implying that more than one category should be awarded, lest the readers look for something in one plausible category and miss it, because it is in another category. On the other hand, if this is done, we have the confusion that the same text (generally, “entity”) can appear in several categories. (This, in turn, might seem like a job for tags, but tags have their own problems, cf. below.) If the categories are fixed in number, there is often no really good match (implying “no category”); however, if new categories can be added to resolve this situation, then the number will tend to increase unduly, the risk of overlap is rises (because the new categories tend to have a less thought-through and ad-hoc character), and we also risk ending up with almost empty categories.

    Tags are usually* very similar to entirely ad-hoc categories, which are just thrown on various entities as seems fit, leading to complete chaos. To boot, we have questions like what degree of detail should be used, what number of tags applied, etc. Should e.g. an article on association football be tagged “association football”, “football”, and/or “soccer”? In most cases, only automatic tagging (and mechanisms with a similar purpose) make sense—to the point that I might even recommend not tagging most texts on the Internet at all, instead letting search engines and similar tools find relevant texts. I have even seen the recommendation to only use tags when the relevance of the tag is not clear to an automated tool from the text it self.**

    *Exceptions occur e.g. when the number of tags is small and/or their values are predictable. For instance, an email reader could use a few fix tags like “read”/“unread”, “urgent”, …; a version-control system could use tags indicating certain releases and other important events, and do so in unlimited numbers, as long as a consistent naming scheme is used; the window manager WMII, to which I have recently switched, uses a tagging system in lieu of “virtual desktops”, which works very well as long as the user does not do anything stupid.

    **Which obviously makes a mockery of tagging, because the most expected tags are then not set, and anyone who tries to use tags to e.g. browse contents will be lost.

    (Also see an excursion at the end.)

  4. I have grown uncertain what to call my works: When I wrote mostly for my website, I usually used “article”; and I continued that use on WordPress too for a long time. Over time, I switched to using the word “post” on WordPress, seeing that this is the standard on blogs. For a few months, I have been torn between “article” and “post”, because I intend to return to my website in the long term, likely including some type of import of my WordPress blogs, which might make “post” misleading. Recently, I have resolved this by mostly speaking of “text”, which is more neutral, avoids the risk of being misleading, and also distances me from journalists*.

    *Recurrent readers will likely have noticed that I have a very low opinion of journalists—and I do not wish to be associated with them.

  5. The “re-boot” of my website, which is one of the main reasons why I have taken a sabbatical, is likely to be one of the many things delayed, for the simple reason that there is much, including the above, that I want to think through before I start. I suspect, however, that the result will be something more like a blog* than the old website (cf. above); albeit, with better support for later changes, notably to fix minor errors, e.g. typos, with less effort than provided by WordPress.

    *But using WordPress as an alternative is not a long-term option: WordPress is and remains a lousy platform. Further, the attitude of the WordPress people towards both bloggers and readers is depressing.

  6. While virtually all my writings to date have been of a non-fictional nature, I have lately developed far-going plans for a novel.* Regardless of whether this is successful, there will be stretches of time where my other writing and website activities will be correspondingly reduced. It will also likely imply that I prolong my sabbatical considerably.

    *Do not hold your breath: Even in a best case, this will take a long time; especially since I need to develop new skills. Outside of the best case, there is no guarantee that I will manage to complete it and do so with a satisfactory quality for publication.

Excursion on how I tag on WordPress:
I try to pick five* tags with minimal thought spent**. Occasionally, I cannot actually come up with five reasonable tags; somewhat more often, more than five feel relevant. Sometimes I try to pick tags consistent with earlier works; sometimes I try to pick something I have not or only rarely used before; often I just pick the five tags most obvious to me.*** Is this much better than throwing darts? Possibly not…

*Rationale: This is something recommended to me years ago, as a compromise between too-little-too-be-noticed and so-much-that-automatic-mechanisms-think-it-is-spam. Whether this recommendation still holds, I do not know.

**Rationale: This approach of “speed tagging” attempts to make sure that I do not lose too much of any benefit that might be present, while keeping down the time potentially wasted. I am skeptical towards tagging and would rather not tag at all. However, in the days of yore, WordPress had wonderful global lists of posts grouped by tags and sorted by date (that I loved to browse myself). While these grew more user-unfriendly over time and appear to have been abolished entirely years ago, I still cling to the hope that they or some equivalent is still around or will at some point be re-instated. Certainly, some amount of tagging did make sense in the early days of my blogging due to these lists.

***(Ir)rationale: I am torn between a wish to be consistent, a hope to reach someone new in the (possibly imaginary) category listings, and the feeling of just wasting my time with tags.

Written by michaeleriksson

July 9, 2018 at 5:42 am

Posted in Uncategorized

Tagged with , , ,

EU’s General Data Protection Regulation (and Wordpress’ handling of it)

leave a comment »

Roughly a week ago, EU’s General Data Protection Regulation (GDPR) went into force, as many EU citizens have noticed in form of various emails from businesses* keeping their data, and a more global group in form of more, or more intrusive, alerts concerning use of cookies and whatnot. WordPress bloggers have probably also noticed a notification in their admin areas:

*While I will speak of “business” through-out, seeing that much of the discussion is in a commercial context, the regulation is not limited to businesses in the strictest sense, and replacing “business” with “organization” might be appropriate in some cases.

To help your site be compliant with GDPR and other laws requiring notification of tracking, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, if you or your audience is located in Europe, you need to turn it on.

Below, I will briefly* discuss the GDPR, some of points relating to the Web, and why I will not follow the demand of the WordPress message.

*This is a very wide topic and a more complete discussion would require a considerable amount of both research and analysis.

GDPR:
By and large, the GDPR is a good thing, including a much needed change of philosophy (quoting the above Wikipedia page):

Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately.

This quote alone addresses much of what troubles me with data handling, including that data security is often an afterthought and that users have to run through various settings (or even send a letter) to reduce data use. However, how much it will bring is yet to see, bearing in mind the difference between expectations on paper and their realization in real life, as well as various exceptions and softenings of the rules.

Unfortunately, this change of philosophy is also, indirectly, the source of much of the legitimate* criticism from the business world: Because existing software and procedures were built with a very different philosophy in mind, sometimes decades ago, the transition costs are enormous. On the positive side, while the costs after the transitional period** will be increased compared to the past, it will be by nowhere near as much as during the transitional period.

*As opposed to illegitimate criticism of the “you are spoiling our data party” kind. Other legitimate criticism includes unclear or delayed information from government institutions that have made it harder to implement the GDPR (see also the following footnote).

**In theory, businesses have had several years for this transitional period, implying that much of the cost should be history; however, from news reporting, it does not appear that this period has been used very well on average, implying that there likely will be an additional transition over the coming months. To boot, there are likely very many issues that will need resolution over the coming years, for reasons like later clarifications of regulation, upcoming court cases, and unforeseen practical obstacles.

At the same time, there are reasons to criticize it from a consumer point of view. For instance, the Wikipedia page also says:

Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

This* is very unfortunate, seeing that direct marketing is one of the greatest sources of abuse of data and something many consumers are more upset with than sloppy data treatment per se.** More than that: If there had been stronger and more severe restrictions on various form of marketing, especially direct marketing, much of the reasons for data use and abuse of today would disappear, and we would almost automatically have a considerable reduction.

*This section of the Wikipedia page simultaneously and confusingly deals with both B2C and B2B marketing, and I must make some reservations for the correctness of my understanding.

**Say, when they give an email address in confidence to complete one purchase and are then spammed with unsolicited and unexpected offers to perform another on a regular basis. This is grossly unethical and should by rights be illegal; however, looking at Germany, the otherwise strong laws against spam were artificially weakened by the legal fiction that someone who had once bought something could be assumed to be keen on buying more, making the unsolicited messages quasi-solicited. This is of course an incorrect reasoning on at least three counts: Firstly, very many customers buy something once and never come back (and have no interest in coming back). Secondly, those who are interested in coming back will usually want to do so on their own terms, e.g. when they see a need. Thirdly, it makes an extremely customer hostile assumption about all those who strongly dislike such messages. As an aside, ethical marketing should always work on an opt-in basis, which is not the case here.

Looking at the German Wikipedia page, which differs considerably in content, there is a very odd claim:

Den Mitgliedstaaten ist es sonst grundsätzlich nicht erlaubt, den von der Verordnung festgeschriebenen Datenschutz durch nationale Regelungen abzuschwächen oder zu verstärken.

(Gist: It is not allowed for the member states to reduce or increase [sic!] the protection offered by the regulation.)

That no reduction is allowed is very positive, but the ban on an increase seems extremely ill-advised. Barring the influence of industry lobbyism, the only plausible seeming reason is to reduce complications when consumers and/or businesses from different (EU) countries are involved. Even so, there must be a better way*, because this way there is an artificial upper limit on consumer protections. Indeed, this could be a contributing factor to the existing protection in Germany being lowered in some cases, including criteria for the consumer’s acceptance of data use**.

*What, in detail, goes beyond the scope of this post, but an obvious step would be to allow stricter rules when both parties are situated in the same country.

**“Prinzipiell sind die Anforderungen an eine wirksame Einwilligung gegenüber dem deutschen BDSG reduziert: Die Schriftform ist nicht mehr die Regel, auch eine stillschweigende Einwilligungserklärung ist nach Erwägungsgrund (32) zulässig, wenn sie eindeutig ist.”

One of the more interesting changes from the English Wikipedia page is that “A right to be forgotten was replaced by a more limited right of erasure”. This is to some degree a limitation of consumer/user/whatnot rights; however, not one that I consider a bad thing: The original “right to be forgotten” always seemed disproportional to me, looking at gains for the individual and efforts needed from others, and also carried a risk of destroying/hiding knowledge, distorting history, …

Web:
The sheer amount* of “cookie warnings” and similar poses a considerable problem to comfortable surfing. This especially since the people who surf without cookies and JavaScript are often unable to get rid of them**; while even the rest will have a number of extra clicks to perform over the course of a day. A positive thing is that it becomes obvious how many sites actually use cookies et co, for no legitimate reason: If I enter an online shop to buy something, using cookies for the shopping cart is legitimate, but why would a cookie be needed when I am passively browsing a forum? Using a search engine? Looking at a static site with no means of interaction? My hope is that the mixture of this revelation, in combination with the increased annoyance for the visitors***, will force businesses to reduce their use of such technologies to some degree for fear of losing the visitors. Then again, if a sufficient proportion of the sites give such warnings, the users will have few alternatives and might remain anyway, taking a hit in usability on the way.

*I doubt that the amount will lessen over time, except as mentioned above, seeing that an earlier increase a few years ago, likely related to the original passing of the GDPR, did not.

**Somewhat paradoxical, seeing that these are normally not affected by the data use that necessitated the cookie warning.

***The negative effects of e.g. hidden user profiling do not hurt in such an obvious manner as the warnings: A pin-prick hurts worse than clogged arteries.

In a twist, keeping these warnings from re-occurring will require some way to keep tabs on the users, most likely through cookies… This can cause paradoxical situations where the warnings increase the amount of cookies, tracking, … performed.

A further complication is that the degree of tracking, the needed content of the warnings, whatnot, will not necessarily be under the control of the individual site, possibly necessitating a vagueness that makes the warnings misleading or unhelpful. Consider e.g. a site that uses a tracking network or that allows external content (notably advertising) that can on its pull in tracking functionality. Frankly, what we need are restrictions against user tracking, profiling, …, that goes considerably further than the GDPR—not just warnings.

WordPress:
I will not comply with the notification from WordPress (cf. above):

I do not actively gather or track any user data, except what is provided through e.g. comments and subscriptions*; I do not use cookies, JavaScript, …; I have no access to data excepting fully pre-anonymized read-only access statistics provided by WordPress (and the aforementioned comments etc.) To boot, I am blogging in a private capacity, as a natural person, with no monetary interests involved, which makes it likely that the GDPR does not apply to me in the first place (in this particular context).

*And even here the “actively” is typically limited to me passively accepting e.g. a comment through the wordpress software, reading (and possibly answering) it, and then forgetting that it is there.

Should* WordPress choose to engage in such practices in a manner exceeding the reasonable minimum, this is simply not my problem, not within my control, and contrary to my preferences**. WordPress, not I, has the responsibility to inform people correspondingly—better yet, it should cease these activities. An attempt to roll the responsibility over to the bloggers is unethical and amateurish. This especially seeing that the notification contains no reason whatsoever why it would be my duty to comply. Almost certainly, there is no such reason.

*Going by the privacy notice provided together with the notification, it appears that WordPress is abusive. This includes unethical over-tracking of user data, e.g. “browser type, unique device identifiers, language preference, referring site, […], operating system, and mobile network information” as well as potentially (depending on details unknown to me) unethical over-communication to e.g. “Independent Contractors” and “Third Party Vendors”. Cf. also an older analysis of WordPress’ privacy policy—a very similar document.

**If I had the power, I would explicitly forbid them to do certain things in relation to my WordPress blog. I definitely recommend readers to surf with cookies, JavaScript, …, off to the degree realistically possible, as well as to user various forms of anonymizers, in order to minimize their exposure.

To boot, if the responsibility were to reside with the bloggers, the means of communication chosen is entirely insufficient, and WordPress would have exposed its bloggers to an unnecessary period of involuntary law violation…

I note that the restriction to Europe* is somewhat arbitrary: The ethics of data economy, respect for user privacy, etc., does not end at borders, even should the law do so. It also raises so many questions and caveats that the typical blogger will not be able to make an informed decision without consulting an independent expert. For instance, what if a non-European blogger has an European following that he is not aware of? What if he blogs while spending time within Europe? Is this different for a one-week vacation and one-year period as an exchange student? Etc. With very few exceptions, he would have to activate these notifications in a blanket manner to be on the safe side.

*Of course, the GDPR does not apply to all of Europe to begin with, again making the notification too vague and poorly thought through.

What I will do is to add an extra page, giving fair warning that WordPress might be engaging in dubious practices outside of my control.

Disclaimer:
Note that the external pages quoted are unusually likely to undergo changes over time. The quotes reflect the state of the page at the time of my visit.

Written by michaeleriksson

June 3, 2018 at 11:20 am

Finally writing again!

leave a comment »

As the subscribers and recurring readers might have noticed, I have posted at an unusually high rate lately, especially compared to the near dormancy of 2012–2015. This post actually sets a new “personal best”* for a month with 16 posts and counting—and it is admittedly gratuitous, made mostly for the purposes of getting that record out of the way.

*Which is not to say that it is the month I have written the most in: During the days when I actively worked on my website, this was not a remarkable number.

There are several reasons for this increase:

  1. I have been reading a lot of other peoples opinions lately, which always makes me itch to write.
  2. There has been a welcome slowdown in my current project and I am already “writing checks” based on having a lot of vacation in December.
  3. Writing more again has made me remember how rewarding it can be in terms of gaining a better understanding of the world or myself, clarifying and developing thoughts, re-evaluating* my opinions, etc. Most of the time, this is the reason why I write—self-improvement. If I am able to change the mind of the odd reader, show a new perspective, seed a little doubt, …, that is just the cherry on top.**

    *This is something close to my heart: Re-evaluation with an open mind and a willingness to change is at the core of intellectual development, a sine qua non. The result of the re-evaluation need not be a change of mind, but it must be undertaken with such a change as a possibility. (Indeed, the unwillingness of others to do so is directly or indirectly connected with the majority of my criticism of e.g. the PC crowd.) Incidentally, I have a post on this topic in preparation.

    **Which is a good thing at the moment, because the visitor numbers on this blog have yet to recover and I still have not gotten around to fixing my website.

I plan to go on writing, but I suspect that the post numbers will drop down a bit in the following months; and I hope that I will be able to take my ridiculously delayed* mini-sabbatical in the course of 2018, during which I will likely switch my main attention to where it belongs—my long neglected website.

*Originally planned for the autumn of 2016…

Written by michaeleriksson

November 23, 2017 at 6:59 am

Post by Email and current situation (follow-up on line length)

leave a comment »

As I wrote in an earlier post, there was problem with spurious line breaks when using “Post by Email”.

This is probably explained by emails having an old upper limitation on line length of 998 characters. This implies that WordPress is either not the one doing the breaking (but my mail client or one of the involved mail servers) or that it is doing the breaking in an acceptable manner.

For my last post, I simply inserted artificials line breaks at the last space before the 999 character of each potential line and everything appears (knock on wood) to have worked.

I suspect that it is OK to just send the email in normal formatting and that my original removal of all line breaks was unnecessary (unlike with the web interface), but have not yet had the time to test this.

Written by michaeleriksson

April 16, 2016 at 9:26 am

Posted in Uncategorized

Tagged with , ,

Post by Email and current situation (follow-up)

with one comment

So far, I have noted two problems:

Somewhere along the way, artificial line breaks are added in the middle of text, including in the middle of words. These require manual correction. The reason is not yet clear, but incompetent handling by wordpress is the main candidate. The underlying reason is likely that there is maximal line size somewhere that it is exceed because I put the entire contents in one line. The absurdity: The reason I do this, is that the ordinary WordPress interface added unwanted line breaks if I did not…

Some tags seem to be stripped out. Fortunately, the display still appears to be correct or approximately correct, but this is still weak: The original HTML should have been kept identically. (With exception for tags that must be stripped in order to fit the document in the display page.)

(See also the original post.)

Written by michaeleriksson

April 14, 2016 at 11:35 am

Posted in Uncategorized

Tagged with , ,