Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘WordPress

EU’s General Data Protection Regulation (and WordPress’ handling of it)

leave a comment »

Roughly a week ago, EU’s General Data Protection Regulation (GDPR) went into force, as many EU citizens have noticed in form of various emails from businesses* keeping their data, and a more global group in form of more, or more intrusive, alerts concerning use of cookies and whatnot. WordPress bloggers have probably also noticed a notification in their admin areas:

*While I will speak of “business” through-out, seeing that much of the discussion is in a commercial context, the regulation is not limited to businesses in the strictest sense, and replacing “business” with “organization” might be appropriate in some cases.

To help your site be compliant with GDPR and other laws requiring notification of tracking, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, if you or your audience is located in Europe, you need to turn it on.

Below, I will briefly* discuss the GDPR, some of points relating to the Web, and why I will not follow the demand of the WordPress message.

*This is a very wide topic and a more complete discussion would require a considerable amount of both research and analysis.

GDPR:
By and large, the GDPR is a good thing, including a much needed change of philosophy (quoting the above Wikipedia page):

Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately.

This quote alone addresses much of what troubles me with data handling, including that data security is often an afterthought and that users have to run through various settings (or even send a letter) to reduce data use. However, how much it will bring is yet to see, bearing in mind the difference between expectations on paper and their realization in real life, as well as various exceptions and softenings of the rules.

Unfortunately, this change of philosophy is also, indirectly, the source of much of the legitimate* criticism from the business world: Because existing software and procedures were built with a very different philosophy in mind, sometimes decades ago, the transition costs are enormous. On the positive side, while the costs after the transitional period** will be increased compared to the past, it will be by nowhere near as much as during the transitional period.

*As opposed to illegitimate criticism of the “you are spoiling our data party” kind. Other legitimate criticism includes unclear or delayed information from government institutions that have made it harder to implement the GDPR (see also the following footnote).

**In theory, businesses have had several years for this transitional period, implying that much of the cost should be history; however, from news reporting, it does not appear that this period has been used very well on average, implying that there likely will be an additional transition over the coming months. To boot, there are likely very many issues that will need resolution over the coming years, for reasons like later clarifications of regulation, upcoming court cases, and unforeseen practical obstacles.

At the same time, there are reasons to criticize it from a consumer point of view. For instance, the Wikipedia page also says:

Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

This* is very unfortunate, seeing that direct marketing is one of the greatest sources of abuse of data and something many consumers are more upset with than sloppy data treatment per se.** More than that: If there had been stronger and more severe restrictions on various form of marketing, especially direct marketing, much of the reasons for data use and abuse of today would disappear, and we would almost automatically have a considerable reduction.

*This section of the Wikipedia page simultaneously and confusingly deals with both B2C and B2B marketing, and I must make some reservations for the correctness of my understanding.

**Say, when they give an email address in confidence to complete one purchase and are then spammed with unsolicited and unexpected offers to perform another on a regular basis. This is grossly unethical and should by rights be illegal; however, looking at Germany, the otherwise strong laws against spam were artificially weakened by the legal fiction that someone who had once bought something could be assumed to be keen on buying more, making the unsolicited messages quasi-solicited. This is of course an incorrect reasoning on at least three counts: Firstly, very many customers buy something once and never come back (and have no interest in coming back). Secondly, those who are interested in coming back will usually want to do so on their own terms, e.g. when they see a need. Thirdly, it makes an extremely customer hostile assumption about all those who strongly dislike such messages. As an aside, ethical marketing should always work on an opt-in basis, which is not the case here.

Looking at the German Wikipedia page, which differs considerably in content, there is a very odd claim:

Den Mitgliedstaaten ist es sonst grundsätzlich nicht erlaubt, den von der Verordnung festgeschriebenen Datenschutz durch nationale Regelungen abzuschwächen oder zu verstärken.

(Gist: It is not allowed for the member states to reduce or increase [sic!] the protection offered by the regulation.)

That no reduction is allowed is very positive, but the ban on an increase seems extremely ill-advised. Barring the influence of industry lobbyism, the only plausible seeming reason is to reduce complications when consumers and/or businesses from different (EU) countries are involved. Even so, there must be a better way*, because this way there is an artificial upper limit on consumer protections. Indeed, this could be a contributing factor to the existing protection in Germany being lowered in some cases, including criteria for the consumer’s acceptance of data use**.

*What, in detail, goes beyond the scope of this post, but an obvious step would be to allow stricter rules when both parties are situated in the same country.

**“Prinzipiell sind die Anforderungen an eine wirksame Einwilligung gegenüber dem deutschen BDSG reduziert: Die Schriftform ist nicht mehr die Regel, auch eine stillschweigende Einwilligungserklärung ist nach Erwägungsgrund (32) zulässig, wenn sie eindeutig ist.”

One of the more interesting changes from the English Wikipedia page is that “A right to be forgotten was replaced by a more limited right of erasure”. This is to some degree a limitation of consumer/user/whatnot rights; however, not one that I consider a bad thing: The original “right to be forgotten” always seemed disproportional to me, looking at gains for the individual and efforts needed from others, and also carried a risk of destroying/hiding knowledge, distorting history, …

Web:
The sheer amount* of “cookie warnings” and similar poses a considerable problem to comfortable surfing. This especially since the people who surf without cookies and JavaScript are often unable to get rid of them**; while even the rest will have a number of extra clicks to perform over the course of a day. A positive thing is that it becomes obvious how many sites actually use cookies et co, for no legitimate reason: If I enter an online shop to buy something, using cookies for the shopping cart is legitimate, but why would a cookie be needed when I am passively browsing a forum? Using a search engine? Looking at a static site with no means of interaction? My hope is that the mixture of this revelation, in combination with the increased annoyance for the visitors***, will force businesses to reduce their use of such technologies to some degree for fear of losing the visitors. Then again, if a sufficient proportion of the sites give such warnings, the users will have few alternatives and might remain anyway, taking a hit in usability on the way.

*I doubt that the amount will lessen over time, except as mentioned above, seeing that an earlier increase a few years ago, likely related to the original passing of the GDPR, did not.

**Somewhat paradoxical, seeing that these are normally not affected by the data use that necessitated the cookie warning.

***The negative effects of e.g. hidden user profiling do not hurt in such an obvious manner as the warnings: A pin-prick hurts worse than clogged arteries.

In a twist, keeping these warnings from re-occurring will require some way to keep tabs on the users, most likely through cookies… This can cause paradoxical situations where the warnings increase the amount of cookies, tracking, … performed.

A further complication is that the degree of tracking, the needed content of the warnings, whatnot, will not necessarily be under the control of the individual site, possibly necessitating a vagueness that makes the warnings misleading or unhelpful. Consider e.g. a site that uses a tracking network or that allows external content (notably advertising) that can on its pull in tracking functionality. Frankly, what we need are restrictions against user tracking, profiling, …, that goes considerably further than the GDPR—not just warnings.

WordPress:
I will not comply with the notification from WordPress (cf. above):

I do not actively gather or track any user data, except what is provided through e.g. comments and subscriptions*; I do not use cookies, JavaScript, …; I have no access to data excepting fully pre-anonymized read-only access statistics provided by WordPress (and the aforementioned comments etc.) To boot, I am blogging in a private capacity, as a natural person, with no monetary interests involved, which makes it likely that the GDPR does not apply to me in the first place (in this particular context).

*And even here the “actively” is typically limited to me passively accepting e.g. a comment through the wordpress software, reading (and possibly answering) it, and then forgetting that it is there.

Should* WordPress choose to engage in such practices in a manner exceeding the reasonable minimum, this is simply not my problem, not within my control, and contrary to my preferences**. WordPress, not I, has the responsibility to inform people correspondingly—better yet, it should cease these activities. An attempt to roll the responsibility over to the bloggers is unethical and amateurish. This especially seeing that the notification contains no reason whatsoever why it would be my duty to comply. Almost certainly, there is no such reason.

*Going by the privacy notice provided together with the notification, it appears that WordPress is abusive. This includes unethical over-tracking of user data, e.g. “browser type, unique device identifiers, language preference, referring site, […], operating system, and mobile network information” as well as potentially (depending on details unknown to me) unethical over-communication to e.g. “Independent Contractors” and “Third Party Vendors”. Cf. also an older analysis of WordPress’ privacy policy—a very similar document.

**If I had the power, I would explicitly forbid them to do certain things in relation to my WordPress blog. I definitely recommend readers to surf with cookies, JavaScript, …, off to the degree realistically possible, as well as to user various forms of anonymizers, in order to minimize their exposure.

To boot, if the responsibility were to reside with the bloggers, the means of communication chosen is entirely insufficient, and WordPress would have exposed its bloggers to an unnecessary period of involuntary law violation…

I note that the restriction to Europe* is somewhat arbitrary: The ethics of data economy, respect for user privacy, etc., does not end at borders, even should the law do so. It also raises so many questions and caveats that the typical blogger will not be able to make an informed decision without consulting an independent expert. For instance, what if a non-European blogger has an European following that he is not aware of? What if he blogs while spending time within Europe? Is this different for a one-week vacation and one-year period as an exchange student? Etc. With very few exceptions, he would have to activate these notifications in a blanket manner to be on the safe side.

*Of course, the GDPR does not apply to all of Europe to begin with, again making the notification too vague and poorly thought through.

What I will do is to add an extra page, giving fair warning that WordPress might be engaging in dubious practices outside of my control.

Disclaimer:
Note that the external pages quoted are unusually likely to undergo changes over time. The quotes reflect the state of the page at the time of my visit.

Advertisements

Written by michaeleriksson

June 3, 2018 at 11:20 am

A review of the new WordPress/Automattic Privacy Policy

with 2 comments

A few days ago, I received an email that WordPress (more correctly, Automattic) was changing its Privacy Policy*. Fearing the worst, in the light of the unconscionable behavior of e.g. Facebook, I decided to review it. The results were depressing, although I have not investigated what was already present and what has changed for the worse: While it is not as bad as what Facebook does, it still leaves the user with minimal protections and reliant on WordPress/Automattic not engaging in abuse.

*I use initial caps for consistency with the (spurious) use in the analyzed text.

Below I will quote some selected parts (in the original order) and offer some analysis*:

*The policy can be found under https://automattic.com/privacy at the moment; however, these contents can naturally change over time. The policy is under the Creative Commons Sharealike 4.0 License, making re-use unproblematic; however, I see my use as covered under “Fair Use” and similar principles, and do not “copy-left” this post under that license. Some change of formatting and typography might have taken place.

This is our updated Privacy Policy going into effect on January 3, 2018.

(Provided for identification purposes only.)

Your privacy is critically important to us. At Automattic, we have a few fundamental principles:

We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
We store personal information for only as long as we have a reason to keep it.
We aim to make it as simple as possible for you to control what information on your website is shared publicly (or kept private), indexed by search engines, and permanently deleted.
We help protect you from overreaching government demands for your personal information.
We aim for full transparency on how we gather, use, and share your personal information.

A very promising start and a laudable attitude, provided that they actually adhere to it. Now, I raise no accusation concerning the actual use, here or below, for the simple reason that I do not know what actually happens with the data. However, in the continuation Automattic gives it self far-going rights that are not compatible with these principles, which raises considerable doubt as to the adherence—if they do not use these far-going rights, why collect them? Even without such rights, there is considerable reason to be cautious: Words are cheap and all-too-many websites abuse customer data in an inexcusable manner. The strength of a Privacy Policy, or e.g. a set of laws, must not be measured under the assumption of good intent and high competence.

Throughout this Privacy Policy we’ll refer to our website, mobile applications and other products and services collectively as “Services.”

(Given for interpretation only.)

Please note that this Privacy Policy does not apply to any of our products or services that have a separate privacy policy.

This is largely understandable, but it is opens a large opportunity for abuse, through simply smuggling in a more specific and less acceptable Privacy Policy while hoping that the users consider themselves under the general Privacy Policy. Even deliberate abuse aside, it makes it harder for the users to know what rules apply for any given service. (Giving a universal rule for how to handle this is impossible, seeing that there is virtually no limit to the constellations to consider; however, a basic guide-line would be to keep the general everywhere and to amend it as needed for the specific service under adherence to the “fundamental principles” stated above.)

We only collect information about you if we have a reason to do so—for example, to provide our Services, to communicate with you, or to make our Services better.

Looks good, but is an almost empty promise: “to make our Services better” alone is enough of an excuse for many service providers to gather any and all data they can get their hands on. At the same time, “to communicate with you”, in my personal experience, is usually code for “to spam you”.

We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources.

These items are all too vague. For instance, does “you provide” include just what is entered in (in my case) the WordPress account or can it include data gathered from email communications? The “automatically through operating our services” is to some degree unavoidable, but can at the same time be abused in absurd ways, e.g. to build irrelevant and unethical profiles, including e.g. sleeping habits. The part about “outside sources” opens a limitless room for abuse. Combine these three claims, and we are not far from Facebook.

In the continuation the Privacy Policy provides a number of examples of what data can be collected and how. If these examples were exhaustive, it would alleviate the risk of abuse somewhat—but they are not. There are also enough examples remaining that range from slightly dubious to highly problematic.

Consider e.g.:

  1. Content Information: Depending on the Services you use, you may also provide us with information about you in the draft and published content for your website. For example, if you write a blog post that includes biographic information about you, we will have that information, and so will anyone with access to the Internet, if you choose to publish the post publicly.

    Depending on what is intended this is either trivial or harmless—or a sign that there is intention to make automatic evaluations. This might be OK for the actually published* content, but hardly for drafts. Indeed, even if they do have the technical ability to access drafts, they should be ethically or even legally forbidden from doing so**. Note that drafts can contain things that are simply not intended to reach third-parties, be it at all or at the current time. (Consider e.g. a whistle-blower intending to get out of harms way and then to publish a series of posts; or a homosexual having already written a draft with a “coming out” statement, which is waiting for a known-to-disapprove grand-parent to pass away.) Also note that even non-malicious access can increase the risk of inadvertently leaking information to other third parties, e.g. through a security hole or a lack of care***.

    *However, even here there should be some type of restriction, equivalent at least to the restrictions websites can state (but not enforce) through the Robots exclusion standard.

    **Except to the degree that an access is in the immediate service of the user, e.g. to allow him to edit the draft. (A general problem with the analyzed text is that it does not clearly differ between widely separate purposes, e.g. access and storage by the user through the service vs. access by the service provider independent of the user. This limits the analysis somewhat.)

    ***There have e.g. been a number of occurrences of confidential data being accidentally uploaded to servers freely accessible on the Internet without authentication and encryption. (Or possibly servers being accidentally made accessible post-upload—the result is the same.)

  2. Credentials: Depending on the Services you use, you may provide us with credentials for your website (like SSH, FTP, and SFTP username and password). For example, Jetpack and VaultPress users may provide us with these credentials in order to use our one-click restore feature if there is a problem with their site, or to allow us to troubleshoot problems on their site more quickly.

    With reservations for rare special cases, is is a horrifyingly bad idea to hand out such data to third-parties. Requiring such data, including providing services that require such data, is unethical; a user who complies is negligent.

  3. Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services—for example, when you create or make changes to your website on WordPress.com.

    The extent of data collected is too large, violating the principle of parsimony in data collection and bringing no or little legitimate benefit. Even browser information is highly dubious, seeing that a good site should work equally well with any browser; operating system is simply non of their business (and a correctly configured browser should hide such information anyway). Parts can be outright illegal in some countries*.

    *For instance, saving a non-anonymized IP address in Germany.

  4. Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and users perform on a site—in other words, who did what, when and to what thing on a site (e.g., [WordPress.com username] deleted “” at [time/date]). We also collect information about what happens when you use our Services (e.g., page views, support document searches at en.support.wordpress.com, button clicks) along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.

    Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.

    Similar objections apply: Parts can be acceptable; others are definitely not so.

  5. Stored Information: We may access information stored on your mobile device via our mobile app. […]

    This is utterly and entirely unacceptable and grossly unethical. I do not use mobile apps (hardly mobile devices, for that matter), but if I did, this would be an immediate call for me to purge my devices of any and all apps underlying this Privacy Policy. I urge the readers to do the same.

  6. Information from Cookies & Other Technologies: [simplistic descriptions of cookies et al.] Automattic uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand e-mail campaign effectiveness and to deliver targeted ads. […]

    The use it self is highly disputable; email campaigns (aka spam) are unethical; targeted* ads at best ethically dubious and requiring unethical profile building.

    *In today’s Internet, the use of advertising in general might be called into question: The excesses of amount and intrusion have reached a point where an ad blocker and/or a blanket ban on images/Flash/JavaScript/whatnot per browser setting is a necessity. When it comes to advertising-driven “free” content, I apply the German phrase “Geschenkt ist noch zu teuer”—“Too expensive, even when gifted”.

  7. We may also get information about you from other sources. For example, if you create or log into your WordPress.com account through another service (like Google) or if you connect your website or account to a social media service (like Twitter) through our Publicize feature, we will receive information from that service (such as your username, basic profile information, and friends list) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available.

    This is another unethical, Facebook-style, idiocy. The disclaimer about “The information we receive depends on which services you authorize and any options that are available.” might be OK if sufficient options are available and presented to the users in a reasonable manner (and/or default to “no sharing”)—but will they be? Worse, these controls are with yet another party, and now the user has to trust several parties to be both honest and competent… I urge all readers to turn any such settings off and to never engage in such “cross-site” activities. (I use a whole separate computer account for WordPress, e.g.)

  8. We may also get information from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.

    Doubly unethical: Firstly, this implies that individuals who have had no opportunity to read and accept/decline this Privacy Policy are affected by it. Secondly, the intended use at best amounts to ethically dubious advertising—at worst to outright spam.

A following section on (alleged) use is mostly OK, but contains:

To communicate with you about offers and promotions offered by Automattic and others we think will be of interest to you, solicit your feedback, or keep you up to date on Automattic and our products; and To personalize your experience using our Services, provide content recommendations and serve relevant advertisements.

The first amounts to spam; the second is again in the area of ethically dubious advertising. To boot, looking at WordPress (and almost any other service or software tool I have ever used), automatic personalization has no place and does/would do more harm than good: By all means, provide new options and ways of doing things—but let the user be in complete control of the choice whether to use them.

The following section on information sharing is, again, mostly OK, even if some of the talk of third-parties is on the vague side*; however, it contains at least two problematic items:

*The applicable use cases are reasonable and the third parties are required to adhere to the same rules as Automattic, but there is uncomfortably much room for third-party involvement. Note that the more parties are involved, the greater the risk that data are maliciously used, carelessly exposed to the public, or stolen through a security hole.

Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.

The given example is OK, as is, likely, aggregation in general; however, the “reasonably de-identified” is not: This allows handing out data in a per-user manner, and what is considered de-identified by Automattic need not actually be so. It is, in fact, very hard to remove the possibility to track back a non-trivial amount of data to a single individual. (I have no references at my hand, but I point more generally to discussions around the Germany census of 2011 for more information.) To illustrate the problems (without necessarily saying that this scenario would occur with Automattic) assume that I was blogging anonymously and had never made much mention of personal details, except that I was Swedish. Combine this with an IP address coming from Wuppertal, Germany, and this alone could be enough to nail me down. At any rate, there would be no more than a handful of potential candidates, and just one or two pieces of additional data would be enough to clear the others. So, OK, my being Swedish makes me more vulnerable than a German, but, critically, not by much: This amounts to a game of “twenty questions” and where two questions was enough above, a German posting from Germany might have been identified with, possibly, another five to ten*… Correspondingly, non-trivial amounts of non-aggregated data simply should not be exposed to third-parties.

*Consider the rapid reductions of the set of candidates that can occur through knowing not only place of residence but place of birth, alma mater, a previous employer, …

Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.

Such requests can contain information not suited for publication (and it would be insane to trust customer support with such decisions), and it is an unambiguous ethical duty to either collect a specific agreement for any individual such publication or to paraphrase and anonymize the text and other data to such a degree that no problems can occur*. To boot, there is a risk of outright abuse, e.g. in that someone writes a scathing complaint in anger or feigned** anger (which would be very understandable with WordPress), and that this complaint is then republished out-of-context by the service provider for revenge purposes.

*This is also recommendable because the original text can contain much that is irrelevant to the core issue and other users are helped by a corresponding filtering.

**I repeat my recommendation to take a hard line against incompetent support staff and uncooperative businesses, and to use increasingly harsher language during escalations so that it actually registers that customer dissatisfaction cannot just be shrugged off.

Various other items:

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so.

Specifically WordPress is known to be highly problematic from a security point of view—and to large parts for reasons that code be avoided were Automattic doing a better job. This includes a better thought-through interface with greater consistency and less useless features, less reliance on JavaScript*, and, obviously, better code. Words are cheap.

*While JavaScript is always dangerous to some degree, it can become very highly problematic when third-party content is present, even in such a trivial situation like browsing ones own blog and encountering hostile or misprogrammed comments or ads.

To enhance the security of your account, we encourage you to enable our advanced security settings, like Two Step Authentication.

In many cases, such statements contain an implicit “and if you do not, we will assume that any breach was your fault and wash our hands”. (Whether this applies to Automattic, I simply do not know; however, I note that this, and a few other statements, are not part of anything that reasonably could be called “policy”, leaving the suspicion that the true purpose is not to state policy but e.g. to reduce or shift legal culpability.)

At this time, Automattic does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using Automattic’s websites, with the drawback that certain features of Automattic’s websites may not function properly without the aid of cookies.

Not respecting “do not track” is weak for a service provider with so large resources. Making a complex service without cookies can be hard, but it is usually possible, and some of the uses on at least WordPress are of negative value. For instance, when I try to confirm a comment subscription not made with my WordPress account, using the provided link, WordPress steps in, matches it with my WordPress session, and refuses the confirmation, claiming that it does not know the email address used for the subscription—thereby forcing me to use another browser for such confirmations. Utterly, utterly idiotic and amateurish.

Automattic encourages visitors to frequently check this page for any changes to its Privacy Policy.

Unacceptable: People have better things to do than over and over again visiting any Privacy Policy, T & C, whatnot, that any of the multitude of online services provide. It is Automattic’s job to gather consent for any and all changes. Anything else is ridiculous and unrealistic. (But, unfortunately, this follows a current destructive trend of various businesses doing their darnedest to make consent to various conditions more-or-less automatic and actual access to said conditions as hard as possible. This even outside the Internet, where I have e.g. received notifications from banks that amount to “Our conditions have changed. The conditions are available in our offices. If you do not object to the changes by X, this is considered consent.”—utterly unconscionable, especially since the changes normally would have fit in the notification message at virtually no additional cost.)

Written by michaeleriksson

December 20, 2017 at 8:49 am

Posted in Uncategorized

Tagged with , , , ,

Post by Email and current situation (follow-up on line length)

leave a comment »

As I wrote in an earlier post, there was problem with spurious line breaks when using “Post by Email”.

This is probably explained by emails having an old upper limitation on line length of 998 characters. This implies that WordPress is either not the one doing the breaking (but my mail client or one of the involved mail servers) or that it is doing the breaking in an acceptable manner.

For my last post, I simply inserted artificials line breaks at the last space before the 999 character of each potential line and everything appears (knock on wood) to have worked.

I suspect that it is OK to just send the email in normal formatting and that my original removal of all line breaks was unnecessary (unlike with the web interface), but have not yet had the time to test this.

Written by michaeleriksson

April 16, 2016 at 9:26 am

Posted in Uncategorized

Tagged with , ,

Post by Email and current situation (follow-up)

with one comment

So far, I have noted two problems:

Somewhere along the way, artificial line breaks are added in the middle of text, including in the middle of words. These require manual correction. The reason is not yet clear, but incompetent handling by wordpress is the main candidate. The underlying reason is likely that there is maximal line size somewhere that it is exceed because I put the entire contents in one line. The absurdity: The reason I do this, is that the ordinary WordPress interface added unwanted line breaks if I did not…

Some tags seem to be stripped out. Fortunately, the display still appears to be correct or approximately correct, but this is still weak: The original HTML should have been kept identically. (With exception for tags that must be stripped in order to fit the document in the display page.)

(See also the original post.)

Written by michaeleriksson

April 14, 2016 at 11:35 am

Posted in Uncategorized

Tagged with , ,

Post by Email and current situation

with one comment

Over the last few months, I have several times started to write something, been three quarters through, and not put in the finishing touches because I have lacked the means of publishing:

On the one hand, publishing at my website proper would have taken considerable extra work, because I have yet to set up what I need (including various programs and the repository of writings and code) after my old laptop died last autumn. Worse, I have yet to straighten out various changes made during my absence from the Internet a few years back (cf. some older posts) and the website, unlike WordPress, is NOT published piece by piece but as a certain set of current entries in a version control system.

On the other, publishing at this blog has a) been extremely frustrating through the user hostile interface of WordPress and b) has hitherto relied on the same code as my website for generation of the HTML I publish.

In this way, technology has become an accidental obstacle where it was intended as a helper, while my wish to do things in the optimal way (i.e. using my website and/or the corresponding tools) has resulted in my doing nothing. Perfect IS the proverbial enemy of good.

To break out of this, I have made some experiments with a feature “Post by Email” provided by WordPress, which allows me to by-pass the user-hostile interface and, as the name implies, post by sending an email. The current post is the first official publication using this method (subscribers have likely seen a few test posts). This comes with a few caveats, however:

  1. There may be things that go wrong here and there. Especially, I fear that I might have to make manual tweaks post-publication for at least the first few posts (subscribers beware). Rumor has it that “Post by Email” often mangles HTML code.
  2. To resolve the issue of HTML generation and reliance on my website tools, I have decided to (for the time being!) drop all the fancy possibilities I had and use a sed command to generate a very basic HTML document.
  3. There is an additional security risk, because anyone who figures out the right email address could publish on this blog too and the risk that the address becomes known to a third party is considerably larger than for a password. In addition, a brute-force attack would likely be able to find the address for plenty of blogs, even though it would be hard to attack a specific blog in that manner. (The low security of this feature is the reason why I have never tried it until now.) Most likely, there will never be an intruder, but beware that it could happen, and do give me the benefit of the doubt, should some out-of-the-ordinary contents appear.

I do not think that I will suddenly become as prolific as I once was, because other reasons that deter me from writing remain, including a want of time and being fed up with human stupidity. However, currently on vacation, I hope to publish at least two lengthier pieces in the next few days: A discussion of why I feel that we have a crisis of democracy (that I am currently working on) and a review of the latest Star Wars movie (that I started around New Year’s, but am only finishing up now).

As for my main website, I hope to take a few months off for a mini-sabbatical in the autumn and (among many other things I plan to do) straighten the situation out.

Written by michaeleriksson

April 13, 2016 at 9:47 am

Posted in Uncategorized

Tagged with , ,

The continuing idiocies of WordPress

leave a comment »

The incredible idiocies and incompetence of WordPress is another thing I have repeatedly written about.

Today takes the cake, however: Attempting to write the preceding post, I am met with a pop-up that I need to click away about enabling “distraction free writing”—I was not distracted until WordPress distracted me with this idiotic pop-up!

In addition, there were a number of other distracting moving aspects of the edit page.

Frankly, I am not certain why I bother with this useless platform even at my current irregular intervals—and I sure as hell do not understand what the designers of WordPress are thinking!

Written by michaeleriksson

August 8, 2015 at 11:24 pm

Posted in Uncategorized

Tagged with , ,

The repetitiveness of the Blogosphere

leave a comment »

For a little more than a year, I have been very active in the Blogosphere, not only keeping my own blog, but spending hours reading or commenting on other peoples blogs. Indeed, I spent much more time reading than writing. Or at least that is how it used to be…

As time has passed, I have found myself reading less and less, and even needing to remind myself to write. To some degree, this goes back to the general satiety that comes with any activity done for long enough. However, there is another issue: Repetitiveness.

When I first started reading, I truly appreciated the many different views on various topics, the new angles and perspectives, other ways of thinking, being exposed to entirely new topics, … By now, the amount of “newness” has shrunk considerably. Not only because I have covered a lot of ground already, but because the various blogs tend to say more or less the same things about more or less the same issues (even if divided into several camps). Reading the same thing for the fifth time is more of a chore than a pleasure and writing the same comment for the fifth time is even worse.

Without the drive/hope for new insights, my reading has switched from following interesting tags to using the top-100 lists for blog entries. This with the dual idea of these having a higher on-average quality and being more suitable for driving traffic to my own blog through comments. The former is a two-edged sword for the German and Swedish listings, because the blogs found are more-or-less the same on every visit, leading to even greater repetitiveness. Further, the choice is made by popularity, not quality, which means both that there are a number of duds to be found and that true originality of thought is further reduced by the selective pressure of the masses. The English version is near useless: After subtracting all the lol cats, online magazines, hyper-commercial low-quality entries, and similar, there is but a handful out of the hundred worth bothering with. (Lest there be any misunderstanding: I am a great fan of various humour sources on the Internet, lol cats included. However, when I want humour, I visit the sites directly—their presence with multiple entries each on the top-100 list amounts to pollution.)

Lately, being unusually short on time due to work, I have tried to at least visit the “Freshly Pressed” blogs—but the amount of worth-while reading there is close to nil: Photos, recipes, re-hashings of trite ideas, … For that matter, it can be disputed whether there is any benefit in leaving one additional comment to the dozens or hundreds already present. The value added link-wise is likely larger on a “regular” post—and the probability of new insight through a productive discussion is far higher.

Written by michaeleriksson

May 1, 2011 at 5:08 pm