The EFF has a great guide on protecting your privacy. One of the things they go over is Threat Modeling. A lot of people are thinking about the NSA lately, but frankly the NSA doing NSA things can get into your phone if they really want to.

I made a quick list of the sorts of things you might feel digitally threatened by:

  • Mossad doing Mossad things (a large government actor)
  • Leaving your phone in a car and someone taking it (theft)
  • The local police trying to tap your phone to catch you selling drugs (small government actors)
  • A rival corporation wants your secrets (corp)
  • Stalkers and paparazzi (individuals)
  • A corporation building a database about you so they can sell you dog food (corporation)

There’s an almost infinite list of hypothetical people who want to get into your phone and see the pictures of the chocolate cake you ate for lunch #skipday. How do we narrow it down? Well, it seems to boil down to a few things.

  1. Is it a government that has legal options (wiretaps, search warrants) for looking into your data?
  2. Is it one person or a corporation/organization, aka, how much money do they have?
  3. Are they spying on you specifically or are they just casting a wide net?

Between those 3 options, you can pretty much identify every actor that might want to look at you.

It’s well known that index funds often perform better than more, ahem, actively managed investments. But which index fund is the most index-y of all? SPY only covers the S&P 500, which is only the 500 largest common stock companies in the US. In addition, possibly because it’s the most well known, its expense ratio is slightly higher than IVV and VOO.

The iShares Russell 3000 ETF (IWV) covers 3000 stocks with an expense ratio of 0.20%, and the Vanguard Total Stock Market ETF (VTI) covers 3796 stocks with an expense ratio of 0.05%. If you’re looking for the largest number with the smallest ratio, you could do far worse than the VTI.

Chart of all three

Like jQuery, the interface is method chaining, except when it isn’t. You can do this, for example:

d3.selectAll('p').style('color', 'blue').data('i-am-a-blue-paragraph').append('a');
d3.selectAll('p').style('color', 'blue').data('i-am-a-blue-paragraph').append('a');

but this will give you a different result:

d3.selectAll('p').append('a').style('color', 'blue').data('i-am-a-blue-paragraph');
d3.selectAll('p').append('a').style('color', 'blue').data('i-am-a-blue-paragraph');

Some methods return the original selection, but others change it. data() and style() don’t change your selection, but append() and enter() do. This wouldn’t be a problem if each method in the chain didn’t visually look exactly the same, but since they do, you just have to use your instinct to determine what a method returns (which should usually be right), and look it up when you’re not sure.

You might prefer the explicitness of something like:

var allP = d3.selectAll('p').style('color', 'blue').data('i-am-a-blue-paragraph');
var a = allP.append('a');
var allP = d3.selectAll('p').style('color', 'blue').data('i-am-a-blue-paragraph');
var a = allP.append('a');

Death by a Thousand Cuts

I was recently playing around with mail merge on Google Docs at home, because Tuesday is my skip day for work-life balance (ok, really, I don’t have a good excuse).

I used MailChimp’s mail merge, which I’ve previously used quite successfully, only to find that it wouldn’t load. The developer console gave me some random script errors, which I attributed to RequestPolicy, my Firefox cross-domain request blocker. Of course, RequestPolicy said it *wasn’t* blocking *any* requests, but I turned it off anyway and tried again. When that didn’t work, I turned off AdBlock and tried again. No more extensions that blocked requests at all. No luck.

Of course, a clean build of Chromium in incognito worked just fine.

Ad blockers, privacy extensions, and their ilk have been a sort of “compromise position” when it comes to privacy. Those of us who actually care turn them on, knowing that the vast majority of people who don’t care act as the lifeblood (or Soylent, if you wish to be provocative) of internet commerce. It allowed us to accept pretty much universal tracking of who we are and what we do, since we assumed *we* didn’t need to follow those rules.

What’s happened is not an immediate, intentional disabling of that technology, but a gradual atrophy. I recently read that AdBlock on Firefox ate up RAM, so I ended up turning it off on my phone, and getting much better performance as a result. Every single site I go to seems to want something from How do I know that Amazon can’t know what I’m doing across every single domain? Realistically? I can’t.

Remember the fable of the frogs in the pots? One frog was boiled quickly, and jumped clear to safety. The other frog was boiled slowly and croaked.

We’re the frog that stayed in the pot and built an insulating boat. And now that boat is leaking.

I’ve religiously kept my account on Facebook separate from the real world, and kept separate accounts for everything that matters, but the constant juggling I’ve used to square the circle is probably not going to work forever. And while it’s not exactly connected, I suspect that any solution that divided people into a class of digital “knows” and “know-nots” could not last forever.

Those of us who care about privacy may eventually be forced to make a choice:

a) accept the current norms in privacy

b) deal in a less technical and more political manner (that means organizing, talking to each other) with those who run the digital world

c) find some new, more financially and technically sustainable way of maintaining control over our information and who knows it.