{"description": null, "feed_url": "https://linklocker.co/blog/feeds/feed.json", "author": {"url": null, "name": "Jarrod Whaley", "avatar": null}, "items": [{"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-12-27 00:48", "url": "https://linklocker.co/blog/2022-12-27-0048.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-12-27-0048.html", "date_published": "2022-12-27T00:48:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\n
We made some DNS changes earlier this evening that were causing some issues. We're in the process of rolling those back, and everything should be working again shortly. Sorry for any inconvenience.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "NEW: Customizable Interface", "url": "https://linklocker.co/blog/new-customizable-interface.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/new-customizable-interface.html", "date_published": "2022-12-18T15:44:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI'm pleased to announce that a number of new customization features have gone live on the site as of this afternoon. We've added a new Settings pane where you can adjust the way that your links are displayed: you can toggle between a few different overall display modes, and you have the option of showing / hiding various bits on each link's metadata (like its tags, its category, its \"starred\" status, and so on). There are a couple of other long overdue additions, like the ability to set all of your links to open in a new tab / window.
\nOver time we expect to expand the number of settings which are offered, as needs arise and as input from customers comes in.
\nSpeaking of which, these changes were informed to a large degree by direct feedback and requests from users like you. So don't hesitate to contact us with your ideas, or to report any issues you might spot in using the service.
\nThanks for using LinkLocker, and we hope to hear from you soon.
\n", "tags": ["Feature", "Launch"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-12-10 18:17", "url": "https://linklocker.co/blog/2022-12-10-1817.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-12-10-1817.html", "date_published": "2022-12-10T18:17:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nWe'll be releasing a number of cool & useful features next weekend. Stay tuned for more details.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-06-19 22:49", "url": "https://linklocker.co/blog/2022-06-19-2249.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-06-19-2249.html", "date_published": "2022-06-19T22:49:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe system upgrades mentioned here have been completed, and all aspects of the service have been restored. Please let us know if you spot any issues.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Planned Downtime This Weekend", "url": "https://linklocker.co/blog/planned-downtime-this-weekend-for-infrastructure-upgrade.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/planned-downtime-this-weekend-for-infrastructure-upgrade.html", "date_published": "2022-06-17T16:50:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLinkLocker.co will see some planned downtime this Sunday evening, June 19th, from 10:00 PM until perhaps mindnight Pacific Daylight Time. During that period, I'll be performing some maintenance upgrades which will make the service briefly inaccessible. Reliability may or may not be spotty initially during that time window, so please remain patient as we make these updates.
\n", "tags": ["Release"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "New: Links Now Auto-Refresh", "url": "https://linklocker.co/blog/new-links-now-auto-refresh.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/new-links-now-auto-refresh.html", "date_published": "2022-04-28T17:51:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nEver since the service launched nearly six years ago, I have wanted to update the behavior on pages that display saved links so that the content will automatically refresh itself. Finally that feature is now live, as of this afternoon. Your content will now update itself every minute or so, and will do so immediately any time you switch back to a tab where LinkLocker is already loaded. Good stuff.
\nWill be on the lookout for bugs here, as this is a pretty substantial change. As always, please report any issues you happen to see and we'll do what we can to sort them out.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "New: Progressive Web App", "url": "https://linklocker.co/blog/new-progressive-web-app.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/new-progressive-web-app.html", "date_published": "2022-04-17T15:11:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLinkLocker is now a Progressive Web App (PWA), and it can be installed on both mobile and desktop devices. The easiest way to install on a laptop or other dekstop computer is simply to visit the site in Chrome, and follow the prompt to install from there. The exact sequence varies a little from one mobile platform to the next, but here's the basic gist.
\nWhile we still hope to make some fully featured native apps available, the new PWA functionality will somewhat bridge the gap between where we are now and where we want to go. Give it a try and let us know what you think.
\n", "tags": ["Release"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-04-17 02:51", "url": "https://linklocker.co/blog/2022-04-17-0251.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-04-17-0251.html", "date_published": "2022-04-17T02:51:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLots of infrastructure upgrades and updates going on at the moment. There are some small hiccups here and there, now and then. Bear with us.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Accessibility Improved Sitewide", "url": "https://linklocker.co/blog/accessibility-improved-sitewide.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/accessibility-improved-sitewide.html", "date_published": "2022-04-10T02:02:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI've recently done a deep dive on general accessibility across the entire site. While there are likely still plenty of issues to be found, I'm happy to say that I've been able to address every a11y issue that automated scanners like Deque's Axe tools are able to detect. While no substitute for in-depth manual testing (which I will continue working on over time), addressing all issues reported through automated scanning puts us in a great position from today forward.
\nIf you find or experience any accessibility issues on LinkLocker, please don't hesitate to let us know.
\n", "tags": ["Release"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-03-03 23:44", "url": "https://linklocker.co/blog/2022-03-03-2344.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-03-03-2344.html", "date_published": "2022-03-03T23:44:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThere was a brief period of downtime, but services have been restored.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Please Report Issues", "url": "https://linklocker.co/blog/please-report-issues.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/please-report-issues.html", "date_published": "2022-02-28T20:17:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI have added a new form through which you can make us aware of any bugs or issues you happen to see while using the site. Issues reported from that form will now be added directly to our issue tracking system.
\nPlease do note that since data submitted here will be sent to us via a third party (so we can keep track of submitted issues using a software tool developed by a third-party vendor) entries to this form are not quite as private as other data you might submit on LinkLocker. Use of an email address when reporting an issue is entirely optional, so your submissions will remain anonymous to us if you wish them to be. However do keep in mind the above caveat with respect to this data being shared with us through the servers of a software vendor.
\n", "tags": ["Feature", "Reliability", "Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Textual Interfaces Are Better", "url": "https://linklocker.co/blog/textual-interfaces-are-better.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/textual-interfaces-are-better.html", "date_published": "2022-02-22T18:49:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nMost UI elements today are accessed as icons to be tapped or clicked upon, and I wonder if that's really the best idea we have. Nearly every UI concept can be boiled down to a word or two, and if not, logic can branch from there the way our own human language can. Text is just better in a lot of ways--our eyes just pass it to our brains faster. It's more accessible output in every sense of those words.
\n", "tags": ["User Experience"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2022-02-20 19:01", "url": "https://linklocker.co/blog/2022-02-20-1901.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2022-02-20-1901.html", "date_published": "2022-02-20T19:01:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI am looking into updating the Safari extension to work with current versions of Safari and MacOS. The path forward wasn't clear for a while there, but hopefully I'll have some good news on this topic soon.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Bulk Deletion", "url": "https://linklocker.co/blog/bulk-deletion.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/bulk-deletion.html", "date_published": "2022-01-17T22:16:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI've long wanted to add a way to delete links in bulk, and I finally got around to adding that feature today. See the \"BULK DELETE\" button at the upper right on any page that lists a set of links.
\nI'm hoping to add more bulk editing functionality in the future. Stay tuned.
\n", "tags": ["Feature", "Release"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Current Safari Extension Won't Work in Safari 13", "url": "https://linklocker.co/blog/current-safari-extension-wont-work-in-safari-13.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/current-safari-extension-wont-work-in-safari-13.html", "date_published": "2019-08-29T13:17:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nSafari 13 will be released soon; it will be bundled with MacOS 10.15 Catalina next month, and available via software update on older versions of MacOS. Safari 13 brings changes in the way that extensions work, and these changes will mean that our own Safari extension will no longer work.
\nWe are working on a new extension that will be built to work with MacOS 10.15 and beyond, but due to the scope of the changes required in order to support new versions of Safari, it is unclear when our new extension will be ready for release. In the interim, if you find yourself without a working LinkLocker extension on Safari 13, we recommend using our bookmarklet instead. It works just as well as the extension, but without directly tying into the browser's UI.
\n", "tags": ["Reliability"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2019-07-31 14:24", "url": "https://linklocker.co/blog/2019-07-31-1424.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2019-07-31-1424.html", "date_published": "2019-07-31T14:24:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nBetween the story of Apple's admission that humans are listening to Siri queries and Amazon's collusion with local police departments in providing extrajudicial surveillance capabilities in exchange for government-run marketing campaigns...it's never been more apparent: putting an always-on recording device in your home is a bad idea.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "It's Time to Get Angry About Facebook", "url": "https://linklocker.co/blog/its-time-to-get-angry-about-facebook.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/its-time-to-get-angry-about-facebook.html", "date_published": "2019-05-07T17:06:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIt's been a very busy couple of months, and I haven't really been able to weigh in on the seemingly daily deluge of privacy scandals swirling around Facebook lately. You'd have to be living under a really, really heavy rock not to have heard about any of this, and you'd have to have rocks inside your head not to wonder why so very little is actually being done.
\nWhy aren't we more mad? Probably because the effects of privacy breaches tend to feel abstract and far away--though you might feel a bit differently when somebody steals your house. Or, just as likely, you might feel that there is nothing you can do to a giant corporation.
\nThe thing is, it's definitely within our power to change the way Facebook operates--all we need to do is to decide we're fed up. In the United States, we actually do have a long and storied history of forcing companies to behave in a socially responsible manner. In 1911, a couple of capitalist penny-pinchers let 146 of their employees die in a horrible fire as a result of their vile indifference to basic human needs. People got mad, and there were repercussions. We also decided at some point that it would be nice if somebody made sure that food was relatively safe to eat before some leech callously makes a profit on it, and we decided that exploiting the labor and lives of children is maybe kind of a bad thing.
\nThese changes, and many others, were all effected when Americans like you and me got sick of letting businesses hurt them for profit. We can do it again.
\nFacebook is awful, and they just aren't going to do better on their own. It's clear that no amount of bad press will convince them to clean up their act. Massive fines are nothing to them. The only thing that can stop them is regulation--the same remedy to which we have turned time and time again, whenever profit motive has supplanted basic decency.
\nGet angry. Call your congressperson.
\nDon't bother calling your senator. The current U.S. Senate wouldn't lift a finger to help you if you were on fire and screaming in the Capital's rotunda.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2019-03-23 17:12", "url": "https://linklocker.co/blog/2019-03-23-1712.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2019-03-23-1712.html", "date_published": "2019-03-23T17:12:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nSorry about the recent downtime--just routine maintenance that became complicated unexpectedly. We're back up and running.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2019-03-18 11:59", "url": "https://linklocker.co/blog/2019-03-18-1159.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2019-03-18-1159.html", "date_published": "2019-03-18T11:59:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nWe have received a few acquisition offers lately. LinkLocker is not for sale, and it never will be.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "FCC Considers Giving Telcos Even More 911 Location Data (To Sell)", "url": "https://linklocker.co/blog/fcc-considers-giving-telcos-even-more-911-location-data-to-sell.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/fcc-considers-giving-telcos-even-more-911-location-data-to-sell.html", "date_published": "2019-03-14T14:09:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nCynical former Verizon employee and FCC chairman Ajit Pai is proposing more detailed location data to be sent with 911 calls, and--brace yourself for a shocker--the proposal includes zero mentions of user privacy. The so-called \"Z-axis\" data that would be added to 911 calls would transmit vertical location to emergency services, potentially helping them know, for example, what floor of a building a caller is on.
\nGiven the fact that U.S. cellular providers have recently been under (an insufficient amount of) scrutiny for selling 911 location data to third parties, it would seem that any addition of further sensitive data should rightly be paired with some consideration of privacy issues. This FCC couldn't possibly care less about your privacy.
\nJon Brodkin, for Ars Technica:
\n\n\nWe asked Pai's office yesterday to explain why the current version of the proposal doesn't address privacy and security as well as whether the FCC plans any specific privacy rules for Z-axis data. We also asked about the status of the FCC's investigation into carriers selling location data. We'll update this story if we get a response.
\n
Sure, Jon. Go ahead and hold your breath on that one.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2019-01-11 12:11", "url": "https://linklocker.co/blog/2019-01-11-1211.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2019-01-11-1211.html", "date_published": "2019-01-11T12:11:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe telcos are \"sorry\" and will \"stop\" selling your location to random creeps, again. No, for real this time, they swear! Seriously, no fooling, this time they mean it.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Your Cellular Provider Is Selling Your Location (Again!)", "url": "https://linklocker.co/blog/your-cellular-provider-is-selling-your-location-again.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/your-cellular-provider-is-selling-your-location-again.html", "date_published": "2019-01-09T13:15:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nRemember last year when that story came out about how all of the major US cell networks are reporting user location data to shady third parties? Remember how all of the telcos posted contrite messages about how they would never, ever share user location data with random third-party companies ever again? Well, surprise: they were lying.
\nJoseph Cox, for Motherboard:
\n\n\nNervously, I gave a bounty hunter a phone number. He had offered to geolocate a phone for me, using a shady, overlooked service intended not for the cops, but for private individuals and businesses. Armed with just the number and a few hundred dollars, he said he could find the current location of most phones in the United States.
\n
This situation is flatly unacceptable. T-Mobile, Sprint, and AT&T were all contacted for the above-linked Motherboard piece, and each of them expressed a lot of bullshit, to be frank, about how sorry they are--and about how this is not supposed to happen based on their terms of service, etc. But that kind of bullshit just isn't going to cut it. User data--and the way it is handled by corporations--needs to be heavily regulated. Full stop.
\nWrite your Congressperson.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Personal Data Privacy Legislation Introduced in U.S. Senate", "url": "https://linklocker.co/blog/personal-data-privacy-legislation-introduced-in-us-senate.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/personal-data-privacy-legislation-introduced-in-us-senate.html", "date_published": "2018-12-13T13:27:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "The office of Hawaii senator Brian Schatz announced the introduction of a broad national data privacy bill in the U.S. Senate, following California's lead:
\n\n\nToday, U.S. Senator Brian Schatz [...] led a group of 15 senators in introducing new legislation to protect people's personal data online. The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users' data.
\n
I'll reserve judgment on the actual implementation of the proposed law for now, until I can read it and get a better sense of what is being put forth--but it appears on first glance to be somewhat like Europe's GDPR law, and it appears that the EFF wants to offer its input to senator Schatz. These are reasons to be reasonably hopeful that we'll end up with a workable bill by the end of the legislative process.
\nBut will Trump sign it? Will he still be the person who signs bills by the time this one lands on the big desk in the Oval Office?
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Twitter Carefully Deliberates the Merits of the Obvious", "url": "https://linklocker.co/blog/twitter-carefully-deliberates-the-merits-of-the-obvious.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/twitter-carefully-deliberates-the-merits-of-the-obvious.html", "date_published": "2018-11-12T14:37:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "Jack Dorsey reveals Twitter's huge new plans:
\n\n\nFor the first time since the end of 2016, Twitter CEO Jack Dorsey shed some light on the company\u2019s thoughts about building an edit button for tweets. Speaking at an event in India\u2019s capital of New Delhi, he said that the company has to carefully consider use cases for the edit button before making it a reality \u2013 and it could potentially be tooled to help fix typos.
\n
Dorsey might also consider formulating a sane business model in which Twitter's users are also its customers. Or, perhaps, he might consider making Twitter less of a haven for abusive, murder-threatening trolls. He might, conceivably, consider methods via which to prevent the use of his platform by hostile governments as a massive, global propaganda outlet.
\nBut sure, Jack: please carefully consider the most boneheadedly obvious feature that text-based software might include. Please carefully do so for a decade while the world burns--in no small part resulting from the service you built.
\nBaby steps.
\n", "tags": ["Commentary"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-11-05 18:16", "url": "https://linklocker.co/blog/2018-11-05-1816.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-11-05-1816.html", "date_published": "2018-11-05T18:16:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIf you live in the United States, please go vote tomorrow. Everything depends on it.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-10-28 17:56", "url": "https://linklocker.co/blog/2018-10-28-1756.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-10-28-1756.html", "date_published": "2018-10-28T17:56:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nPrivacy is a key component of liberty.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-10-26 13:08", "url": "https://linklocker.co/blog/2018-10-26-1308.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-10-26-1308.html", "date_published": "2018-10-26T13:08:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nWhy am I not shocked to see the phrases \"Google smart city\" and \"privacy nightmare\" in the same headline?
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Apple CEO Calls for Sweeping U.S. Privacy Legislation", "url": "https://linklocker.co/blog/apple-ceo-calls-for-sweeping-us-privacy-legislation.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/apple-ceo-calls-for-sweeping-us-privacy-legislation.html", "date_published": "2018-10-24T15:22:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nFrom Tim Cook's remarks at the International Conference of Data Protection and Privacy Commissioners this morning:
\n\n\n[...] We see vividly--painfully--how technology can harm rather than help. Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies. Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false.
\nThis crisis is real. It is not imagined, or exaggerated, or \"crazy.\" And those of us who believe in technology's potential for good must not shrink from this moment.
\n
He goes on to assert in strong terms that privacy is a human right, which is a position we are all going to have to fight for in the coming years.
\nThese are scary times indeed, but I do see one tiny, positive sign: that with each passing day, it seems we are getting farther away from the sad notion that people who are concerned about privacy are just kooks wearing homemade metal hats. We will never be able to make progress while the very idea of progress itself is vilified and mocked. While it would be preferable if these remarks were those of some fictional competent political leader, it can't be denied that Apple has a great deal of influence on individuals' data privacy simply because of their massive imprint on the digital world. It's great to see these sentiments coming from a position of (some) power.
\nAs a footnote, I'll mention that former Facebook CISO Alex Stamos has called out Apple's willingness to work with the Chinese government and honor their repressive data-handling policies. I'm a bit torn on how I feel about whether Tim Cook is being a hypocrite or not when it comes to China. Obeying a law does not necessarily imply moral approval of that law. I am a staunch pacifist, but I do recognize that I have to pay my taxes, thereby directly funding countless violent horrors.
\nIt would be a greater world, of course, if massive corporations operated based entirely on moral goals rather than financial ones, but that's not the world we live in. Would it be better for Chinese citizens if phones made by Huawei or ZTE were the only ones avilable?
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-10-23 16:52", "url": "https://linklocker.co/blog/2018-10-23-1652.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-10-23-1652.html", "date_published": "2018-10-23T16:52:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nSecurity Affairs reports that Signal's desktop application puts the message decryption key on your computer's disk in plain text. This is a strangely negligent practice for an organization which is so widely praised for its security practices.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-10-23 13:04", "url": "https://linklocker.co/blog/2018-10-23-1304.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-10-23-1304.html", "date_published": "2018-10-23T13:04:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIf you haven't yet downloaded the information Apple has collected about you, I highly recommend doing so. It turns out that in my case, they had harvested even less data about me than I'd thought they would.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Things We Don't Do: Remember You Forever", "url": "https://linklocker.co/blog/things-we-dont-do-remember-you-forever.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/things-we-dont-do-remember-you-forever.html", "date_published": "2018-10-18T16:15:00-07:00", "content_text": null, "banner_image": null, "summary": "It isn't always immediately obvious what a tech company might be doing with your data. Because LinkLocker is designed to appeal to exactly the sort of people who might be uncomfortable with dumping their information into a black box and simply hoping for the best, we want to be as open as possible about what happens to the data you put into your LinkLocker account. To that end, we're publishing this series of articles tagged \"Things We Don't Do,\" in which I discuss many of the Web's questionable practices and explain why we do not engage in those practices. In this post, I'd like to talk about the fact that LinkLocker does not hold onto your data in perpetuity. When you ask us to forget something, that's exactly what we do.
", "content_html": "\n\nIt isn't always immediately obvious what a tech company might be doing with your data. Because LinkLocker is designed to appeal to exactly the sort of people who might be uncomfortable with dumping their information into a black box and simply hoping for the best, we want to be as open as possible about what happens to the data you put into your LinkLocker account. To that end, we're publishing this series of articles tagged \"Things We Don't Do,\" in which I discuss many of the Web's questionable practices and explain why we do not engage in those practices. In this post, I'd like to talk about the fact that LinkLocker does not hold onto your data in perpetuity. When you ask us to forget something, that's exactly what we do.
\nIn the vast majority of cases when you delete a post or some other piece of data on a Web site, the data isn't actually deleted at all. From your perspective the data may no longer be accessible, even though it remains on the server. This fact is probably somewhat surprising to many users, but it is so commonplace online that you might as well assume that all sites are behaving this way.
\nIt should be pointed out that there are in fact some practical benefits to this arrangement--chief among them is the fact that data can be recovered if you change your mind. There are also quite a few downsides: this data may continue to be used by the Web service in question to build a marketing profile about you, or to feed some machine learning algorithm. Further, any data on a server may eventually be exfiltrated by an attacker.
\nWe don't think that the ability to recover deleted data is worth all of the risks involved. When you delete one of your bookmarks on LinkLocker, it is instantly and permanently removed from the database. While those links would remain in database backups (for more about our backup policies, see below) for a short while, they will be deleted entirely--forever--as soon as the oldest backup containing them ages out.
\nMany sites on the Internet are so concerned about retaining users that they will hold onto your account data for years after you close your accounts with them. Facebook, for example, claims to delete your account after a grace period, but the reality of the situation is that they do retain some data about you forever. Do you really trust Facebook to hold onto information about you without abusing it in some way?
\nWhile Facebook may retain the precise measurements of your shoes from 1994 even when you cancel your account, LinkLocker forgets all about you when you leave. When you cancel your LinkLocker subscription, we do hang onto your account for 30 days in case you either decide to come back, or else to export your data to JSON for use elsewhere. After that 30-day period, however, every single solitary trace of your account is deleted forever: there's nothing at all in the database, and there are no longer any logs which reference you or your account. It's exactly as if you had never signed up.
\nLook, we're not insane: we do keep backups. We aren't going to risk losing everyone's data if lightning strikes the datacenter or something. While there's a clear need to back up user data, we do also want to make sure that our backups aren't counteracting the steps we've taken above. For that reason, our nightly database backups are deleted after one week; at any given time, our backups are seven days old at the very most.
\nDo you know how old Facebook's backups are? No. Nobody does.
\nOne quick note on security, while we're on the subject: our backups are fully locked down with strong crypto. The encryption takes place on our servers before the backup data is sent to a remote storage volume for safe keeping over its brief 7-day lifespan.
\nWe firmly believe that your data belongs to you. If you want us to keep it for you, we will. If you want us to get rid of it, we will do that too. And we mean we will really get rid of it.
\nThe Web is kind of a cesspool these days, and we know how hard it is to trust anyone online. LinkLocker is built on a model that requires trust, and we know we will need to earn that trust over the long haul. We don't want to be all shady like other services are. There are some things--like holding onto info about you forever and ever--that we simply don't do.
\n", "tags": ["Things We Don't Do"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-10-16 12:50", "url": "https://linklocker.co/blog/2018-10-16-1250.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-10-16-1250.html", "date_published": "2018-10-16T12:50:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nAnomali Labs reports that 35 million voter records have been found for sale on a Dark Web marketplace. The data include both personal information and voting histories. Possible outcomes include identity theft and large-scale electoral fraud.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-09-29 20:55", "url": "https://linklocker.co/blog/2018-09-29-2055.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-09-29-2055.html", "date_published": "2018-09-29T20:55:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "A caf\u00e9 in Rhode Island is bringing the info economy to the offline world. Patrons pay for their coffee with personal info, which the caf\u00e9 sells to marketers. Why do we want free coffee badly enough that we feel OK about creepy ads in our faces around the clock?
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Your Life Insurance Company Wants to Keep Tabs on You Via Your Watch", "url": "https://linklocker.co/blog/your-life-insurance-company-wants-to-keep-tabs-on-you-via-your-watch.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/your-life-insurance-company-wants-to-keep-tabs-on-you-via-your-watch.html", "date_published": "2018-09-20T16:30:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nA Canadian-owned life insurance company wants to track your health data and base your life insurance premiums on it:
\n\n\nJohn Hancock, one of the oldest and largest North American life insurers, will stop underwriting traditional life insurance and instead sell only interactive policies that track fitness and health data through wearable devices and smartphones, the company said on Wednesday.
\n
There are lots of caveats to their actual approach given the highly regulated nature of the insurance industry, which may make this sort of situation sound a lot less alarming initially. I think it's safe to say that the industry will be headed much farther in this direction as time progresses, however, given the proliferation of health-tracking devices, connected cars, and so on. It doesn't take much thinking to imagine that massive tracking of your behavior might eventually lead to us all to some very scary places in the future.
\nPlease think long and hard about every transaction you make which involves giving up your personal data. An agreement you sign today for a chance at a cheaper product might cost you a lot more than just money in the long run.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-09-11 16:54", "url": "https://linklocker.co/blog/2018-09-11-1654.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-09-11-1654.html", "date_published": "2018-09-11T16:54:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nFeedbin has decided to enable a number of privacy settings by default. It's really great to see other services starting to view privacy as a feature that their customers will want.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Black Hat Badge Attack Reveals Attendees' PII", "url": "https://linklocker.co/blog/black-hat-badge-attack-reveals-attendees-pii.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/black-hat-badge-attack-reveals-attendees-pii.html", "date_published": "2018-08-22T15:53:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIn a brief blog post full of informative screenshots, a Colorado security researcher known as NinjaStyle details how easily he was able to figure out how to pull personal information belonging to attendees of this year's Black Hat security conference. His snooping reveals that personally identifiable information for every attendee of the conference could be gathered in as little as six hours from an API used in collating marketing data via scans of attendee's conference badges. NinjaStyle found that he could pull his own information by supplying his badge number to the API, and then realized that he could simply submit the full range of possible badge numbers by brute force.
\nAttacks like this one demonstrate how seemingly benign objects like a conference badge can reveal a surprising amount of information about their possessors. Such attacks also underline the very real fact the world around us is teeming with untold numbers of easily exploitable troves of personal data--many of which we will never know about.
\nBe careful out there.
\n", "tags": ["Breach"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-08-13 18:16", "url": "https://linklocker.co/blog/2018-08-13-1816.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-08-13-1816.html", "date_published": "2018-08-13T18:16:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nHotel security at Caesar's Palace decided, in the wake of the Mandalay Bay massacre, that it was a good idea to conduct unannounced, random searches of guest rooms during DEF CON this weekend. Welcome to your Corporate Police State.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-08-11 14:22", "url": "https://linklocker.co/blog/2018-08-11-1422.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-08-11-1422.html", "date_published": "2018-08-11T14:22:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nNow you're being surveilled in meatspace, too.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "As California Goes, So Goes the Nation", "url": "https://linklocker.co/blog/as-california-goes-so-goes-the-nation.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/as-california-goes-so-goes-the-nation.html", "date_published": "2018-08-10T14:01:00-07:00", "content_text": null, "banner_image": null, "summary": "The EFF points out that California's Consumer Privacy Act won't become law for 18 months, and that advocates have that amount of time to lobby for improvements to it. I agree completely with their list of suggestions...
", "content_html": "\n\nThe EFF points out that California's Consumer Privacy Act won't become law for 18 months, and that advocates have that amount of time to lobby for improvements to it. I agree completely with their list of suggestions:
\n\n\n\n\n
\n- The Act allows businesses to charge a higher price to users who exercise their privacy rights.
\n- The Act does not provide users the power to bring violators to court, with the exception of a narrow set of businesses if there are data breaches.
\n- For data collection, the Act does not require user consent.
\n- For data sale, while the Act does require user consent, adults have only opt-out rights, and not more-protective opt-in rights.
\n- The Act\u2019s right-to-know should be more granular, extending not just to general categories of sources and recipients of personal data, but also to the specific sources and recipients. Also, the right-to-know should be tailored to avoid news gathering.
\n
Much of the above squares directly with the EU's GDPR legislation, which itself has a number of faults--but it seems most complaints about GDPR focus on the ways in which they will necessarily inject a lot of uncertainty into the operation of online businesses. I don't think many people can look at a list like the one above and tell you with a straight face that there is anything wrong with any of these ideas.
\nThough it is flawed, the California law remains a very heartening reflection of the fact that people seem to be waking up--slowly but surely--to the idea that it is worth it for all of us to care about individual privacy. While it would obviously be better if the cowardly turds inside the U.S. Capitol building wanted to do something about these issues, I'll take a flawed approach from Sacramento--for now--as a sign that other jurisdictions will also step up to the plate.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-08-09 14:33", "url": "https://linklocker.co/blog/2018-08-09-1433.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-08-09-1433.html", "date_published": "2018-08-09T14:33:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIBM researchers are presenting an AI-based malware approach at Black Hat. I would be very surprised if there aren't actual instances of \"smart\" malware like this already propagating in the wild.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Things We Don't Do: Excessive Logging", "url": "https://linklocker.co/blog/things-we-dont-do-excessive-logging.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/things-we-dont-do-excessive-logging.html", "date_published": "2018-07-26T14:04:00-07:00", "content_text": null, "banner_image": null, "summary": "It's no secret that we're firm believers in the idea that our users' data is theirs alone, and that it should be kept private. Part of our overall privacy maintenance strategy is simply to avoid doing a lot of the really gross and/or stupid things tech companies typically do in order to show you ads, or to track your behavior for their own \"learnings,\" etc. Because these sorts of things aren't always immediately obvious, we think it's important to spell out explicitly what it is we aren't doing. To that end, I'll be publishing a series of posts tagged \"Things We Don't Do.\" For this first installment, I'd like to talk about our logging policies. Most services store a reference to everything you do, even when they don't have a good reason to do so. We store as little info about you as possible.
", "content_html": "\n\nIt's no secret that we're firm believers in the idea that our users' data is theirs alone, and that it should be kept private. Part of our overall privacy maintenance strategy is simply to avoid doing a lot of the really gross and/or stupid things tech companies typically do in order to show you ads, or to track your behavior for their own \"learnings,\" etc. Because these sorts of things aren't always immediately obvious, we think it's important to spell out explicitly what it is we aren't doing. To that end, I'll be publishing a series of posts tagged \"Things We Don't Do.\" For this first installment, I'd like to talk about our logging policies. Most services store a reference to everything you do, even when they don't have a good reason to do so. We store as little info about you as possible.
\nWhenever you send a request to a Web server, that Web server has an opportunity to write down some data about your visit: your IP address, the browser you use, the time of your request, and the site that referred you are all common bits of data that are recorded in server access logs. Typically, the IP address is the only bit of data that is specific to you, but in combination with the other pieces of data in these logs, a lot can be inferred about who you are. These inferences are often used by other sites for all manner of unsavory purposes.
\nHow we're different: While most sites may hang onto this data for months--or even indefinitely--we delete all access logs within 5 days of their creation. If you visited our site more than 5 days ago, we have no record of it. We also anonymize IP addresses before a log entry is created, making it far more difficult to correlate a log entry with a specific user. One drawback (for us) is that we have far less data to work with when we are looking at visitor / usage stats. We're willing to be a bit more in the dark than we might be if it means less data about you is at risk.
\nVery commonly, a service will store data about your usage habits in a database entry which is correlated with your user account. They may record the time of your most recent visit, personally identifiable information (PII) such as your name or phone number, and any number of other things. If you've ever given any kind of info whatsover to most Web services, you can bet this info is in their database forever--or at least until some attacker gains access to the database.
\nHow we're different: The only PII we have in our database is an email address for each user, which we use solely for account management purposes (sending you a receipt, confirming a change of password, etc.) That is all we know about you personally--and if you give us a throw-away one-off address, as more than half of our users do, we don't really know anything about you personally at all.
\nWe do keep a record of the last time at which any piece of your content data (i.e. your bookmarks) was altered. This is useful for syncing your data via our API, for example: a client application can thus compare its own last update with the one recorded on our server. In practice, it works like this: if you edit the tags on a link, we write down the time you made that change. If you then change that link's category, we replace the record of your previous edit with the time you changed the category. In other words, there is no huge record of every time you did some thing on the site: we only know the last time you did something, and we don't know what that something actually was. The time data is correlated to your account within the database only, so there is no direct connection to your IP address or anything of that sort.
\nWe don't have anything else about you or your usage of the site in our database. Period. And what's more, if you cancel your account, we delete everything we do know about you after a 30-day window (to ensure your account will still work if you change your mind). It all gets deleted, forever.
\nMany sites which accept payments will store your payment info on their servers, thus allowing you to keep your payment info on file with them. This data gets stolen all the time, as it's obviously an attractive target.
\nHow we're different: We have zero payment-related info in our database. None. It is all stored by our Level 1 PCI-compliant payments processor, Braintree. In turn, they know nothing at all about you. They do not store your name, address, or phone number: just a credit card number, the expiration, and the CVV code. We send them a scrambled ID number that we use to connect their data with your account, so they don't even know the ID of your user account in our database. We haven't yet imagined a setup that keeps your data more cleanly separated from potentially identifying payment info, but if we ever think of one we'll implement it!
\nWe have worked very hard to ensure that we are retaining as little data about you personally as is possible in order to operate a useful service, and on an ongoing basis we will continue working to pare down the data we do store. Eventually, we'd like to know nothing about you at all.
\nThe good news is that we don't need to know all that much. We think most sites could stand to keep a lot less customer data, but we can't really help that. Maybe they'll learn (hopefully not the hard way) someday.
\n", "tags": ["Things We Don't Do"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-07-23 21:32", "url": "https://linklocker.co/blog/2018-07-23-2132.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-07-23-2132.html", "date_published": "2018-07-23T21:32:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThere's a nascent boom for privacy lawyers and other sharks in the face of new legislation like GDPR. A change of business model to one which respects consumer privacy might be cheaper than infinite litigation--but we can't have that!
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Venmo Just Wants to Help You Share Experiences, Man", "url": "https://linklocker.co/blog/venmo-just-wants-to-help-you-share-experiences-man.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/venmo-just-wants-to-help-you-share-experiences-man.html", "date_published": "2018-07-23T14:10:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIt's quite entertaining to watch Venmo try to explain away the default behavior of their app, which broadcasts users' transaction info publicly. The unnamed PayPal spokesbot cited in that story claims the service was \"designed for sharing experiences,\" which is a delightful wad of claptrap devised in order to spin the fact that they must want to publish this data about your finances in an attempt to attract new users.
\nEverything in Silicon Valley may \"need\" to be a disgusting \"growth hack\" in order to keep the VC Overlords happy, but treating financial transaction data like any other form of user-generated content is a new low.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Instapaper (and Your Data) Are Changing Hands Again", "url": "https://linklocker.co/blog/instapaper-and-your-data-are-changing-hands-again.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/instapaper-and-your-data-are-changing-hands-again.html", "date_published": "2018-07-16T13:32:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nInstapaper has announced that it's going independent (again!):
\n\n\nWe want to emphasize that not much is changing for the Instapaper product outside the new ownership. The product will continue to be built and maintained by the same people who\u2019ve been working on Instapaper for the past five years. We plan to continue offering a robust service that focuses on readers and the reading experience for the foreseeable future.
\n
It's great that they're going indie again, and it's especially good to see that it will be run by the same team from which Pinterest bought it in 2016. However, one does tend to wonder why Pinterest wanted to buy Instapaper two years ago and now they want to dump it. There's no reason to expect, necessarily, that they are making this move because Instapaper is a bad business for Pinterest. It seems fairly obvious that one explanation might be that Pinterest got the data (including user data) they wanted, and now that they have what they were actually after, they don\u2019t care about the product enough to invest anything in it.
\nGranted this is conjecture, but the fact that we don\u2019t know what they are doing with customer data is the whole point. As I've argued before, When services are sold, users\u2019 data is at risk of being manipulated in ways that users can\u2019t have predicted. Be very careful when a thing you use changes hands.
\nAt this point I'd like to remind you that we are 100% committed to operating LinkLocker for the long haul, and that we will never sell your data, because we don't try to claim that we own it in the first place.
\nDid I mention that we can import your Instapaper data?
\n", "tags": ["Reliability", "Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-07-05 17:23", "url": "https://linklocker.co/blog/2018-07-05-1723.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-07-05-1723.html", "date_published": "2018-07-05T17:23:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI've just added a new page which details LinkLocker's feature set. We've gotten a lot of feedback suggesting that prospective users want more info about how the service works, and I think this new page will answer a lot of questions. Glad to have this in place.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-28 16:55", "url": "https://linklocker.co/blog/2018-06-28-1655.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-28-1655.html", "date_published": "2018-06-28T16:55:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nAnother win for our collective privacy: the California legislature is sending a landmark privacy law to Jerry Brown's desk. Sounds kind of like a miniature, California-specific GDPR. The devil may lie in the details, but this would seem on the surface to be a positive step.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Why We Ask for a Payment Method at Signup", "url": "https://linklocker.co/blog/why-we-ask-for-a-payment-method-at-signup.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/why-we-ask-for-a-payment-method-at-signup.html", "date_published": "2018-06-28T16:17:00-07:00", "content_text": null, "banner_image": null, "summary": "One of the questions we are most frequently asked is why payment information is required in order to begin our free three-day trial. It's a great question, and I thought a brief explanation of our thinking might be helpful.
", "content_html": "\n\nOne of the questions we are most frequently asked is why payment information is required in order to begin our free three-day trial. It's a great question, and I thought a brief explanation of our thinking might be helpful.
\nWe see the fact that payment info is needed before the trial begins as a security feature. This little hurdle prevents a massive amount of abuse that would be thrown at the service if registration were wide-open to the Internet. Most sites on the Web are more interested in user acquisition than they are in the security of existing user data, and that's why we have all come to expect free access to software. We think it is irresponsible to leave a server wide open when it holds user data. While taking the correct stance means there's a mild misalignment with broad expectations as to how things are supposed to work, we see that as a fair trade-off.
\nThe above being said, it's worth reiterating that it is entirely a free trial. It's quite easy to close your account before your payment method is charged, and when you do so all traces of data pertaining to you\u2014including your payment info\u2014are completely erased. All it costs is a minute to fumble around with an extra step when you sign up.
\nIf you've been on the fence because of the need to input payment info when you sign up, consider giving us a try. You can leave at any time during the first three days, and it won't cost you a dime. If you decide to stick around, your data will be made a little bit safer due to the fact that we've laid down a little speedbump for would-be attackers.
\n", "tags": ["Policies"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-22 11:19", "url": "https://linklocker.co/blog/2018-06-22-1119.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-22-1119.html", "date_published": "2018-06-22T11:19:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe Supreme Court has ruled that law enforcement agencies must obtain a warrant in order to access a target's cellular location data. Now let's require warrants for all types of digital data. Baby steps.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "RELEASE: version 2.0 (Categories & Importer Improvements)", "url": "https://linklocker.co/blog/release-version-2-0-categories-and-importer-improvements.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/release-version-2-0-categories-and-importer-improvements.html", "date_published": "2018-06-17T18:39:00-07:00", "content_text": null, "banner_image": null, "summary": "It took a bit longer than I'd hoped, but today I'm happy to announce that LinkLocker 2.0 is live! This release brings the following features and improvements...
", "content_html": "\n\nIt took a bit longer than I'd hoped, but today I'm happy to announce that LinkLocker 2.0 is live! This release brings the following features and improvements:
\nThese improvements make LinkLocker that much more useful, and we're glad to have finally been able to make them available.
\nThe launch went relatively smoothly\u2014though as you may have noticed, there were a couple of minor hiccups. We are also actively tracking a couple of minor bugs that slipped past our pre-launch review, and we'll be working to fix those bugs as possible over the next few days.
\nIf you happen to see any strange or unwelcome behavior while using the site\u2014over the next week or so in particular\u2014please do not hesitate to drop us a line and let us know about the issue you're seeing.
\nThanks everyone, and we hope you like LinkLocker 2.0.
\n", "tags": ["Release"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-17 14:37", "url": "https://linklocker.co/blog/2018-06-17-1437.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-17-1437.html", "date_published": "2018-06-17T14:37:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\n2.0 is live! Everything seems to be working, but there will probably be a few bugs here and there. If you find any, let us know!
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-13 16:31", "url": "https://linklocker.co/blog/2018-06-13-1631.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-13-1631.html", "date_published": "2018-06-13T16:31:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nWe will be able to support import from Chrome and Safari when 2.0 launches, in addition to the already planned support for Firefox and Xmarks. At this point we can more or less handle just about any kind of export file you can throw at us.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker 2.0 Update & Short Downtime Event on Sunday", "url": "https://linklocker.co/blog/site-update-and-short-downtime-event-on-sunday.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/site-update-and-short-downtime-event-on-sunday.html", "date_published": "2018-06-11T10:26:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI am making the final preparations to launch LinkLocker 2.0 this Sunday afternoon. The site and service will see a (hopefully) brief period of scheduled downtime beginning at around 20:30 UTC (that's 1:30 PM here in the Pacific time zone) on Sunday, June 17. This downtime is by nature a planned event, and services will be restored as quickly as possible.
\nLinkLocker 2.0 is the biggest update the service has yet seen. It brings hierarchical categorization of links, Firefox and Xmarks import support, and a new collection of Help & Support documents. These features are among the most regularly requested by our users, and we are excited to be able to share them with you soon. Check in with us Sunday afternoon and see how it all works.
\nI want to thank all of our customers for their support over the past 18 months. We love you.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-08 11:03", "url": "https://linklocker.co/blog/2018-06-08-1103.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-08-1103.html", "date_published": "2018-06-08T11:03:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nBy the way, Apple has deprecated developer-signed Safari extensions in MacOS Mojave, so before Fall I'll have to build a new Safari extension. I am annoyed at the extra work, but this move is designed to keep (other!) extensions from tracking you, so it's hard to complain.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-06-08 10:58", "url": "https://linklocker.co/blog/2018-06-08-1058.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-06-08-1058.html", "date_published": "2018-06-08T10:58:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI am (finally!) almost done with the categorization features, and the Xmarks / Firefox importer along with them. I had hoped this update would be ready quite a while ago, but we're getting there. I expect to roll out the update within the next week. For real this time!
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Ambulance-chasing Lawyers Now Chasing You into the Emergency Room", "url": "https://linklocker.co/blog/ambulance-chasing-lawyers-now-chasing-you-into-the-emergency-room.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/ambulance-chasing-lawyers-now-chasing-you-into-the-emergency-room.html", "date_published": "2018-05-29T13:06:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLaw firms specializing in personal injury cases are targeting ads at people sitting in emergency rooms, and there's probably very little you can do about it. If you want to keep information about your health private, use an ad blocker, and avoid ad-funded apps & services.
\nIn fact, please just go ahead and do those things anyway. Someday you'll be very glad you did.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-05-10 17:10", "url": "https://linklocker.co/blog/2018-05-10-1710.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-05-10-1710.html", "date_published": "2018-05-10T17:10:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nSorry about the delay on support for categories, and for the Xmarks / Firefox importer. This project has turned out to be a lot more involved than I had anticipated. Mozilla's ancient and weird export format is very difficult to work with. Stay tuned.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-04-30 10:46", "url": "https://linklocker.co/blog/2018-04-30-1046.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-04-30-1046.html", "date_published": "2018-04-30T10:46:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIt's taking a bit longer than I expected to build the hierarchical categorization features, and thus also the Xmarks importer. It's looking unlikely that the release will come before Xmarks shuts down. Hang onto your export file just a bit longer; we're getting there.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-04-23 19:02", "url": "https://linklocker.co/blog/2018-04-23-1902.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-04-23-1902.html", "date_published": "2018-04-23T19:02:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nWork on the categorization features is coming along. Hang in there, Xmarks users! And do go ahead and prepare your data export file now, before LogMeIn shuts Xmarks down forever on 5/1.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Working on Xmarks Import (And Something Else)", "url": "https://linklocker.co/blog/working-on-xmarks-import-and-something-else.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/working-on-xmarks-import-and-something-else.html", "date_published": "2018-04-21T18:15:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI did manage to get access to an Xmarks account, and I am going to try to get Xmarks import ready in time for that service's demise on May 1. In order to ensure that Xmarks users will find their data can be organized in a way they expect, I will also need to add a new feature to LinkLocker itself: a means of organizing links into categories. Adding a hierarchical categorization structure is probably good idea generally, and this situation with Xmarks provides a good opportunity to build it.
\nThe question is whether I can meet the deadline set by Xmarks' shutdown on May 1. I'll give it a go.
\n", "tags": ["Reliability", "Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Xmarks Is Dying; Help Me Build an Importer", "url": "https://linklocker.co/blog/xmarks-is-dying-help-me-build-an-importer.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/xmarks-is-dying-help-me-build-an-importer.html", "date_published": "2018-04-03T11:34:00-07:00", "content_text": null, "banner_image": null, "summary": "Another venerable bookmarking service has bitten the dust. Xmarks will shut down at the end of April 2018, according to LogMeIn\u2014which acquired LastPass in 2015, which had in turn acquired Xmarks in 2010. Who could have guessed that a company bought by a company that was bought by another company might someday go away?
", "content_html": "\n\nWant a free lifetime LinkLocker subscription? Read on to find out how you can get one.
\n\nAnother venerable bookmarking service has bitten the dust. Xmarks will shut down at the end of April 2018, according to LogMeIn\u2014which acquired LastPass in 2015, which had in turn acquired Xmarks in 2010. Who could have guessed that a company bought by a company that was bought by another company might someday go away?1
\nWe would love to welcome Xmarks users into the LinkLocker fold, but unfortunately LogMeIn has made it very hard for us to build an importer for exported Xmarks data. There is no documentation of the export format online anywhere, from what I can tell. What's more, they have disabled new signups...so I can't create a new account, add some data, and then export it in an effort to see how the data is structured. Disabling signups at this point is kind of a dick move for a lot of reasons, but perhaps chief among them is that it makes it harder for their users to take their own data with them to a new bookmarking service. If other services can't get a feel for their export format, exported user data is at best locked away uselessly in some kind of ugly HTML file or something. Bad form, LogMeIn. Very bad form.
\nIf I can't get a look at Xmarks' data formatting, I won't be able to support importing it. The only workaround I can imagine would be for some giving soul to send me a sample file of some kind\u2014preferably one that has been pared of any sensitive data you wouldn't want me looking at.
\nThe first person who sends me an Xmarks export file that I can use for reference purposes will receive a free lifetime subscription to LinkLocker. Just drop me a line on the contact page, and I'll let you know where to send it.
\nLet's give Xmarks users a new home.
\nUpdate: I have found an Xmarks export file, and I'm working on an importer. Thanks to everyone who sent (or offered to send) export files!
\n\n\n\n\n\nKidding aside, this is exactly what you can expect when a service you use is acquired. As a reminder, LinkLocker will never be sold to some random third party, because we believe that your data is not ours to sell. Period. ↩
\nIt has come to our attention that Xmarks is shutting down at the end of April, and we're looking into the possibility of building a means by which to import Xmarks data into LinkLocker. Stay tuned.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-03-26 16:34", "url": "https://linklocker.co/blog/2018-03-26-1634.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-03-26-1634.html", "date_published": "2018-03-26T16:34:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nPlease note that there will be a brief period of downtime on March 28, sometime between 19:00 and 20:00 UTC. This downtime is, once again, scheduled for security updates.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-03-11 14:41", "url": "https://linklocker.co/blog/2018-03-11-1441.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-03-11-1441.html", "date_published": "2018-03-11T14:41:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nApologies for the brief downtime, which was a side effect of some security updates to our servers. All services are running again as of this post.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-03-02 17:06", "url": "https://linklocker.co/blog/2018-03-02-1706.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-03-02-1706.html", "date_published": "2018-03-02T17:06:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nEquifax has a new CIO. Surprisingly, somebody held that position before this guy.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-03-01 13:07", "url": "https://linklocker.co/blog/2018-03-01-1307.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-03-01-1307.html", "date_published": "2018-03-01T13:07:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nSo, maybe it's not a good idea to put Internet-connected microphones everywhere?
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-02-28 20:30", "url": "https://linklocker.co/blog/2018-02-28-2030.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-02-28-2030.html", "date_published": "2018-02-28T20:30:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThis Workflow workflow (still hate that there's no better way to say that) is a great way easily to clip content to your LinkLocker account on iOS until the app is ready. It's coming!
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-02-27 17:33", "url": "https://linklocker.co/blog/2018-02-27-1733.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-02-27-1733.html", "date_published": "2018-02-27T17:33:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nShould companies have to comply with U.S. search warrants when the requested data is stored overseas? This seems like an obvious \"no\" to me, but let's see what the Supreme Court says.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "WhatsApp Co-Founder Funds New Signal Foundation", "url": "https://linklocker.co/blog/whatsapp-co-founder-funds-new-signal-foundation.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/whatsapp-co-founder-funds-new-signal-foundation.html", "date_published": "2018-02-23T11:12:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe news about the new Signal Foundation is encouraging, provided that new stakeholders like Acton (and presumably others) don't get it in their heads to screw things up in the usual Silicon Valley way of screwing good things up. Moxie Marlinspike remains at the helm, and I trust him to keep Signal from becoming another ad-driven sinkhole of VC grossness. Also, the fact that this new entity is a non-profit ought to keep the incentives of all involved relatively pure.
\nIt will be exciting to see if/how the Signal clients currently available will improve, given the sudden influx of resources.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Addressing the Spectre and Meltdown Exploits", "url": "https://linklocker.co/blog/addressing-the-spectre-and-meltdown-exploits.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/addressing-the-spectre-and-meltdown-exploits.html", "date_published": "2018-01-18T12:14:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nYou may have noticed a few short stretches of downtime recently. These are planned events, as we are working to apply patches and mitigations in response to those nasty Spectre and Meltdown exploits you may have heard about in the news over the past couple of weeks. There is of course no sign of any intrusion related to these attack vectors, be we are taking proactive steps to ensure that we are as prepared for attacks of these sorts as we possibly can be. Rest assured that we are on the case, and that any downtime you may experience will be very brief.
\n", "tags": ["Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-01-16 14:02", "url": "https://linklocker.co/blog/2018-01-16-1402.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-01-16-1402.html", "date_published": "2018-01-16T14:02:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nOur servers will be unreachable for a short time this afternoon due to planned maintenance. The downtime should be brief, and we'll be back online as soon as possible. UPDATE: We are back online. As you were.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2018-01-04 12:52", "url": "https://linklocker.co/blog/2018-01-04-1252.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2018-01-04-1252.html", "date_published": "2018-01-04T12:52:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIt might be a bad idea to provide multiple Internet-facing interfaces to appliances that are capable of destoying your home. Just saying.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2017-12-17 12:13", "url": "https://linklocker.co/blog/2017-12-17-1213.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2017-12-17-1213.html", "date_published": "2017-12-17T12:13:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nMy loose plan is to have the LinkLocker iOS app ready for release by April 1. Don't quote me on that.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2017-12-14 13:59", "url": "https://linklocker.co/blog/2017-12-14-1359.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2017-12-14-1359.html", "date_published": "2017-12-14T13:59:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nDan Goodin reports on what appears to be the latest state-sponsored attack on critical infrastructure. It isn't hard to imagine just how bad attacks of this sort are going to get.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2017-12-12 10:51", "url": "https://linklocker.co/blog/2017-12-12-1051.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2017-12-12-1051.html", "date_published": "2017-12-12T10:51:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nMozilla's Privacy Not Included gift guide provides all sorts of information about the ways in which various popular holiday gift items can spy on you.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/linklocker.html", "name": "LinkLocker", "avatar": null}, "title": "2017-12-08 17:18", "url": "https://linklocker.co/blog/2017-12-08-1718.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/2017-12-08-1718.html", "date_published": "2017-12-08T17:18:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLinkLocker now has a microblog! Follow us on Micro.blog, or subscribe to the microposts feed.
", "tags": null, "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Uber Did (Another) Bad, Bad Thing", "url": "https://linklocker.co/blog/uber-did-another-bad-bad-thing.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/uber-did-another-bad-bad-thing.html", "date_published": "2017-11-22T14:13:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThis week on Badly Handled Data Breach Theater, it's Uber in the hotseat. New CEO Dara Khosrowshahi, who seems to have inherited from Noted Dirtbag Travis Kalanick the business equivalent of a flaming used diaper, reveals (ta-da!) in a solemn blog post that personal information belonging to 57 million Uber customers was stolen in 2016 by \"two individuals outside the company.\" Stolen data includes names, email addresses, and mobile phone numbers. Oh, and also: they knew this a year ago and never bothered to tell anybody about it. Whoopsie Daisy!
\nKhosrowshahi, who is admittedly new to the CEO chair and doesn't really deserve any opprobrium for the cover-up of this breach, poses a very good question in the aforelinked blog post:
\n\n\nYou may be asking why we are just talking about this now, a year later. I had the same question, so I immediately asked for a thorough investigation of what happened and how we handled it.
\n
Yes Dara, we may be asking that question indeed, and we might be punctuating it with a hearty \"WTF!?\"
\nOperators of online services: please learn from this idiocy. If somebody haxx0rz
you and pwns
your box, at least have the basic decency to tell the victims of your negligence that their data has been stolen.
Traveling is usually a nerve-wracking experience, and it becomes even more so when you stop to think about all of the various ways in which your privacy is either compromised or at risk while you're en route from one city to another. That airport WiFi looks pretty attractive until you realize that any rando can be sitting in the terminal running a honeypot network called \"Free Airprot WiFi\" [sic] on his laptop, ready to scrape your data (or to completely pwn you) the second you jump on. TSA would just love to see what you've been up to on Facebook, particularly if you're headed to Bahrain. That USB charging station? Who know where that thing has been? The whole thing is a mess, but there are few things you can do to avoid these issues.
", "content_html": "\n\nTraveling is usually a nerve-wracking experience, and it becomes even more so when you stop to think about all of the various ways in which your privacy is either compromised or at risk while you're en route from one city to another. That airport WiFi looks pretty attractive until you realize that any rando can be sitting in the terminal running a honeypot network called \"Free Airprot WiFi\" [sic] on his laptop, ready to scrape your data (or to completely pwn you) the second you jump on. TSA would just love to see what you've been up to on Facebook, particularly if you're headed to Bahrain. That USB charging station? Who know where that thing has been? The whole thing is a mess, but there are few things you can do to avoid these issues.
\n\nBy the way, I agree, I hate \"listicles.\" This post just kind of works best in a \"Here Are 3 Ways You Can Blah-Blah-Blah\" format, so we'll just have to deal with it.
\nI know it sounds like a lot of pain to run your own VPN when there are plenty of available commercial options, but just trust me, it's not that hard if you use the right tools. Whatever you do, stay away from commercial VPN's, even if they claim not to keep logs. How do you know they aren't keeping logs? How do you know they aren't actually run by spooks? You don't know. Just stay away.
\nI've written about Algo VPN before, so I won't dig into the details too deeply; if you want to know more, here's my previous post. Suffice it to say that Algo is dead-easy to deploy on any of the major cloud providers' VPSes (or EC2 instances, if you're into that kind of kinky stuff), and that you have complete control over it. If you trust yourself, you can trust Algo not to log your traffic or to do anything gross. The source code is completely open to all for review, and it has gotten a thumbs-up by many of the big names in the security industry.
\nOne of the best things about Algo VPN's is that they are disposable. When you travel, you can spin up a new one in 5-10 minutes, and then use it safely on all your devices no matter how sketchy or public the WiFi networks you encounter might be. Then just tear it down when you get home. Poof, all gone.
\nThere's probably no time I need a charging port more than when I'm at the airport, and yet there's no way I'm going to plug my iPhone blindly into one of those public stations in the terminal, or even one of the ports that are starting to appear on some planes. Remember, these things are in public places: there is no telling who has tampered with them, or what kind of creepy ad / tracking \"experience\" Delta or United wants to \"provide.\"
\nThere are several ways to avoid this sort of thing: for example you can always just bring your own powerbank. I have a couple myself, but the biggest drawback to them is that they also need to be charged before you leave home. Another idea is to use a small adapter known as a \"USB condom.\" Yeah, I know. Let me explain. The USB standard allows for transfer of both power and data, and the data transfer aspect is what makes public ports unsafe. A USB condom works, basically, by removing the two data transfer pins, leaving only the power pins behind\u2014so there's no data connection happening at all.
\nI personally recommend this little unit made by a British company called PortaPow. In addition to protecting you from unwanted data transfer, it also has another cool feature: it increases the charging amperage of most USB ports, so your device charges faster than it would otherwise. For these two reasons, I find this product ideal for travel purposes. I love it so much, I even sell it (full disclosure: that's a link to my listing above), because I think everyone should have one of these things. It's a really great thing to have on the end of your charging cable when you head to the airport.
\nMost of the time it's easy enough to get through security without issue, though it's incredibly annoying that we still have to take off our shoes sixteen years after one solitary nimrod tried to make a dumb shoe bomb. You never know when TSA might want to get a little up close and personal, however, and if your devices are unprotected, they can force you to cough up whatever data might be on them. An even bigger risk for most of us is simply losing a laptop or a phone, which is not at all impossible to do when you're running across a huge airport in a hurry. You don't want any random Joe to pick up your phone and start reading your texts, right?
\nLuckily, both Android phones and iPhones are set up to encrypt their data without too much fuss. iPhones tend to be a lot harder to crack into, but Android's encryption can do the job well enough to protect you in most instances. Just make sure you use a really strong passcode, consisting of 10 or more alphanumeric characters. You're not using a short series of digits, right? If you are, stop that.
\nIf you use biometric auth like Apple's Touch ID, do be aware that the police and other government representatives can force you to decrypt your data with your thumb. So make sure to turn off Touch ID entirely before you leave home, and then turn it back on when you get to where you're going. If you get into line at the airport and realize you've forgotten to do this, an iPhone running iOS 11 has you covered: hit the power button 5 times quickly, and the phone will enter \"panic mode,\" in which Touch ID is disabled (among other things). It's a great way to lock your phone up nice and tight right at the last minute.
\nIn the case of a laptop, make sure to use full disc encryption (like FileVault on a MacBook), and to ensure that your machine has been fully shut down before you go through security. For lots of dumb legal reasons, the police can't make you decrypt your files by typing your password. Once again, if you have a newer MacBook Pro with a Touch ID sensor, be sure to disable that method of auth before you travel.
\nTraveling poses a lot of risks, but if you're careful you can alleviate or ameliorate a lot of the common issues. Just be careful about what you're doing, and prepare a little bit ahead of time.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "The Cell Phone Location-tracking Case Before the Supreme Court Might Be a Big Deal", "url": "https://linklocker.co/blog/the-cell-phone-location-tracking-case-before-the-supreme-court-might-be-a-big-deal.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/the-cell-phone-location-tracking-case-before-the-supreme-court-might-be-a-big-deal.html", "date_published": "2017-09-25T09:40:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nI began donating to the ACLU last November 9, and I remain happy with that decision. They are currently bringing the Carpenter v. U.S. case to the Supreme Court, and the way this case turns out could have a major impact on the privacy of all Americans who have cellular phones1. At issue, roughly speaking, is the fact that U.S. government\u2014as well as state and local law enforcement agencies\u2014are currently able to access the location data generated by your cellular phone anytime they want, without a warrant. ACLU explains the situation thusly:
\n\n\nEvery time a cellphone makes or receives a call or text message or accesses a wireless data connection \u2014 as when it automatically checks for emails or social media messages \u2014 the phone company logs and retains a record of the phone\u2019s location based on the cell tower and cellular antenna the phone was connected to. The volume and precision of that location data has increased over time, and today, cellphone location data can paint a detailed picture of where we go over the course of days, weeks, and months. The question in this case is whether the Fourth Amendment protects that data by requiring police to get a search warrant from a judge before requesting it from the phone company.
\n
The fact that the Fourth Amendment to the U.S. Constitution is widely seen not to apply to our digital lives is nothing less than a travesty, and the sooner this mistake is corrected, we will have taken a major step toward living up to our own clearly stated ideals. If you are concerned at all about your privacy, keep your eye on this case\u2014and consider sending the ACLU a few bucks to keep cases like this one in progress.
\n\n\n\n\nIn case you haven't heard, one of the dopiest screwups in tech history stumbled stupidly into the news yesterday. Andy Rubin's new hardware startup, Essential, has massively borked what should be a relatively simple order fulfillment process in shipping their new smartphone. What happened is just so unimaginably wrong in so many ways. There simply are not enough facepalm memes in the world to express the magnitude of imbecility on display in this debacle. Let's walk through what happened. Perhaps other companies can learn from these mistakes. For the love of all that is dear, please learn from this.
\nFirst, Essential began sending out emails to pre-order customers to notify them that their phones would begin shipping. At this early point in our tale, we will\u2014already\u2014be turning away from sanity, and we will begin a loopy crazywalk through the Land of WTF: many of these customers were asked to confirm their identities by emailing the company photographs of their driver's licenses.
\nI am now pausing for emphasis.
\nWhy in God's Hot Green Hell would an e-commerce operation even need to confirm identity with a driver's license in the first place? Even more perplexing (to those of us with central nervous systems): they asked for ID's over email. They didn't request that this highly sensitive personal data be sent via a decently configured, TLS-encrypted browser session. They asked for it via email.
\nI am now pausing for emphasis once again. Just ponder the vast stupidity of the above for a moment. Close your eyes. Clear your mind. Savor the stupidity of it all. Revel in it.
\nOK, open your eyes again.
\nThere is no scenario I can imagine in which a retailer would need to verify identity in this fashion. Credit card processors do not ask for this information. It simply makes literally zero sense.
\nAre you ready for some more stupid hijinx? Get a load of this: due to a misconfigured instance of the popular ticket-tracking system Zendesk, when customers began dutifully emailing photos of their driver's licenses to Essential, the photos were sent to at least 70 other customers who were on the same list.
\nI just can't go on. But I will.
\nAt first, many in the press and on social media began to assume that all of the above was a phishing scheme. Perhaps some clever attacker had compromised Essential's systems and had gathered the email addresses of their customers. Perhaps this theoretical attacker sent emails to those customers asking for ID photos, which could then be used in identity theft schemes. It's plausible enough, and it would explain the scenario very neatly. What a relief, the Sane Ones told themselves. Just a phishing scheme.
\nExcept it wasn't. Examination of the email headers seemed to indicate that the messages came from Essential-controlled servers. And then, Andy Rubin fessed up to it all:
\n\n\nYesterday, we made an error in our customer care function that resulted in personal information from approximately 70 customers being shared with a small group of other customers. We have disabled the misconfigured account and have taken steps internally to add safeguards against this happening again in the future.
\n
Oh, good. They took steps! Nothing else in their operation is dripping with Liquid Crazy. Nope, nosiree. Everything else is totally smart, not stupid at all. Nothing further to see here. Rubin continues:
\n\n\nWe sincerely apologize for our error and will be offering the impacted customers one year of LifeLock.
\n
Andy, that should just fix everything. Credit monitoring: what a relief.
\n", "tags": ["Privacy", "Breach"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "A Note on Data Retention, Privacy, and Current Events", "url": "https://linklocker.co/blog/a-note-on-data-retention-privacy-and-current-events.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/a-note-on-data-retention-privacy-and-current-events.html", "date_published": "2017-08-17T12:59:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIf you haven't yet heard, the Department of Justice has served a search warrant to hosting provider Dreamhost, in which they demand a massive amount of data about disruptj20.org\u2014a site which helped organize protestors against the President's inauguration in January. These sorts of requests are not at all uncommon, but in this case the DOJ wants info about the site's visitors. What info? Pretty much all info. If you visited that site for any reason, the DOJ wants to know.
\nFor its part, Dreamhost is doing its best to resist these demands.
\n\n\nChris Ghazarian, [Dreamhost's] General Counsel, has taken issue with this particular search warrant for being a highly untargeted demand that chills free association and the right of free speech afforded by the Constitution.
\n
Indeed it is, and good for Dreamhost. I am afraid we will be seeing a dramatic increase in this kind of overreach on the part of our current Department of Justice and the President it serves. What remains to be seen is whether these sorts of legal requests will hold up in the courts, and indeed, how many other hosting companies and cloud providers will play along with such requests. Many providers may do so without our ever hearing about it.
\nA site admin's best defense against this sort of fishing expedition is, of course, to retain as little user data as is necessary for the proper functioning of the service provided to those users. If there is no (or very little) data to provide, then by definition no (or very little) data can be provided.
\nAs a reminder, LinkLocker stores no personal information about its users, other than the email addresses they use to log in1. Further, our policy is currently to delete the Web server's access logs on a rolling five-day basis. We therefore have zero data on who may or may not have visited the site more than five days previous to any given day.
\nIn the interest of disclosure, it is as of this writing unclear whether our hosting provider retains any data on our visitors. We do not believe that they even can do so, but we cannot at present say so with absolute certainty. We have contacted them for clarity on this point, and once we have an answer one way or another we will update both this post and our privacy page with details.
\nUpdate, August 18, 2017: Our hosting provider has confirmed that they do not have a means of logging traffic or other data pertaining to visitors and/or users of our site.
\n\n\n\n\nThese email addresses may, of course, be throwaway addresses. Users are free to provide any email address they like, provided they can check that address at least once during the registration process. ↩
\nYesterday afternoon I found myself in the position of needing to call a national bank on the telephone in response to what turned out be a false fraud warning placed on my credit card account. Everything about the incident\u2014from the fraud warning itself right up through the way the bank sought to resolve the problem\u2014points to a systemic failure on the part of a huge and well-known financial institution to understand some of the most basic tenets of information security. These misapprehensions seem to be common everywhere, and not particular to the institution responsible for the story I'm about to tell. Of primary concern is the issue of trust\u2014or in this case, rather, the lack thereof. Trust in an information security context is a two-way street, and this fact is (or should be) one of the chief goals in the design of any system which even pretends to aim at security. Unfortunately, the way security is handled over the telephone by banks and other institutions is fundamentally flawed in that there's no real reason for either a consumer or a banking institution to have any trust whatsoever in the person on the other end of the call. Furthermore, a lot of the \"security\" measures employed by banks aren't just terrible at proving identity\u2014they are also potential vectors for leaking consumer information to malicious parties.
\nOne way to arrive at the point I'd like to make is to look at online communication with a bank as an example of a somewhat more competently designed system. When you visit a Web page (like one on your bank's site) over an encrypted TLS connection, it's generally a good idea to ensure that you are actually receiving a page from the bank in question before you enter your personal information into forms. You can view the site's certificate in order to help you confirm that the page is legitimate, or you can trust your browser to warn you if something looks amiss. For its part, the bank will usually trust that you are who you claim you are after you respond successfully to a series of challenges: you must supply a correct password, perhaps correctly enter a two-factor auth code, and so on. In this scenario, you trust that you are in fact contacting your bank, and you bank trusts that you are in fact who you claim to be. It's far from a perfect system, but for the most part it works well enough.
\nUnfortunately, phone calls with banks don't adhere to this simple system of two-way trust, and that leads me to my story.
\nYesterday I went to buy a couple of bagels at a neighborhood store. When the clerk attempted to run my card, it was rejected on three occasions. I grumbled a bit and took out another card, and the transaction finally completed successfully. Suddenly, my phone began to ring, with the call coming from a number I did not recognize. I refrained from answering the call as I always do when I have no idea who is calling me (I'm neither insane nor a masochist), took my bagels, and walked home. When I checked my voicemail, I learned that the bank which had issued the rejected card had attempted to call me because something had triggered their Fraud Protection System\u2122. Uh oh.
\nSomehow my purchase of roughly $10 in a store near my home\u2014a store which I visit quite regularly, and at which I had used this card previously\u2014had triggered a fraud alert (let's set aside the incredible dumbness of their fraud detection algorithm for the purposes of this post). My account had been frozen, the voicemail drone informed me, and in order to reinstate my account I would need to call Fraud Prevention Services\u2122 at the number specified.
\nBut how was I know for sure that this call was coming from the bank? There was no way to identify with certainty that the call was not coming from a random attacker; spoofing a phone number is laughably easy for one thing, and for another a clever attacker might reasonably assume that I would simply trust the call on its face, call the number, and spill all sorts of personal information in a panicked attempt to regain access to my money. Knowing all of this, I did not call the number given to me in the voicemail, but instead called the number printed on the back of the card. This is a safer bet than calling some random number in a voicemail, so despite a lingering feeling of unease I went for it.
\nThe bank would help me sort this issue out right away, the nice lady on the line said. She just needed to ask me some questions: What is my phone number? Where am I employed? What are the last four digits of my account number? ...and so on. The answers to these questions, I was told, would allow them to confirm my identity. There are many, many issues with the assumptions the bank is making here; below are some the issues which occurred to me instantly, without even having to put much thought into it:
\nThe list could go on and on from there.
\nYou may at this point think I'm just being paranoid, and to a large extent you're right. It's highly unlikely that any of the above scenarios would be perpetrated on a random member of the public. It's true, however, that much of the above might pretty easily be perpetrated on you at any time, and so you should be very careful when calling a number you believe belongs to a bank, a utility, a government agency, etc.
\nOn the institutional side, I think the case is clear for the need to find some better means of authenticating users. Some kind of two-factor auth method might be workable and convenient enough, at least as an optional method for paranoid people like me to turn to. Additionally, someone really ought to think of a way for the bank to confirm to the customer that it's in fact the desired bank on the line, and not a malicious attacker working with a call center in India to perform a massive phone-phishing scam. This is a trickier problem, and it's not immediately clear to me how it might be addressed. If trust is key in any secure system, however, it has to go in both directions. Banks would do well to remember that when their customers get ripped off, it is often the banks themselves who are left holding the (emptied) bag.
\n", "tags": ["Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker API Now in Public Beta", "url": "https://linklocker.co/blog/linklocker-api-now-in-public-beta.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-api-now-in-public-beta.html", "date_published": "2017-06-14T08:44:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nToday we're releasing a public beta of the LinkLocker API. Authentication is handled by a straightforward and standard OAuth 2 implementation. All of the endpoints return easily parsable JSON, covering the full gamut of the service's features.
\nWe believe the API is pretty stable at this point, but please do proceed with caution and lots of testing if you decide to start building some kind of public-facing app. If you should encounter any trouble along the way, please let us know!
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Pinboard Buys Delicious: Selling User Data Is Kinda Gross", "url": "https://linklocker.co/blog/pinboard-buys-delicious-selling-user-data-is-kinda-gross.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/pinboard-buys-delicious-selling-user-data-is-kinda-gross.html", "date_published": "2017-06-01T12:46:00-07:00", "content_text": null, "banner_image": null, "summary": "Pinboard developer Maciej Ceg\u0142owski has announced that he has purchased bookmarking stalwart Del.icio.us for what amounts to a song. In a post on the Pinboard blog, Maciej explains that he plans on shuttering the service forever about two weeks from today, on June 15. The idea is to move the site into a read-only state at that time; current users will from then on be unable to create new bookmarks. Maciej helpfully suggests that these users give Pinboard a try, which is a fair enough suggestion for an acquirer to make.
", "content_html": "\n\nPinboard developer Maciej Ceg\u0142owski has announced that he has purchased bookmarking stalwart Del.icio.us for what amounts to a song. In a post on the Pinboard blog, Maciej explains that he plans on shuttering Del.icio.us forever about two weeks from today, on June 15. The idea is to move the site into a read-only state at that time; current users will from then on be unable to create new bookmarks. Maciej helpfully suggests that these users give Pinboard a try, which is a fair enough suggestion for an acquirer to make.
\nWeb sites get sold sometimes, and they can certainly go away. It just happens, and everybody knows it when they create an account on a new site. Right?
\nIt may be a common occurence, but the commonplace nature of this sort of sale doesn't make parts of it any more palatable to someone who uses Del.icio.us every day (assuming a few such people do exist). Maciej is making the right call in keeping it easy for users to export their data or to transport it over to Pinboard easily--nobody is going to be left high and dry, really. And frankly, his decision to keep the site live indefinitely as a historical record is admirable, especially given the fact that it won't be generating revenue. It's a great gesture, in that this data would have most certainly disappeared completely eventually under any other owner's care.
\nBut at the end of the day, doesn't buying and selling user data feel kind of gross? And though Maciej is doing so in what's probably the best way possible, isn't it still kind of a bad thing to buy a site that people are using and shutter it immediately? This sale shows us that even in the best of circumstances, it sucks when a tool that people are using is sold out from under them.
\nThat's why I will never sell LinkLocker, under any circumstances. Because selling your data--even to a relatively benevolent buyer--would make me feel gross.
\nI'm sure many of you don't believe me when I say this. Just watch and see.
\n", "tags": ["Reliability", "Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Now With JSON Feed", "url": "https://linklocker.co/blog/now-with-json-feed.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/now-with-json-feed.html", "date_published": "2017-05-22T13:29:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLast week Manton Reece and Brent Simmons released a project called JSON Feed, news of which quickly made its way around the part of the Internet populated mainly by software developers. It's a new standard for content syndication on the Web--like RSS, but cleaner. It's a cool idea: XML (on which both RSS and Atom are based) isn't just ugly, it's also really irritating to parse. While it's a new spec and nobody's sure it will ever catch on in the mainstream of Web publishing, it seems like it's a reasonable guess at what might be the way forward in a world where the open Web needs defenders. In an effort to get behind that idea publicly (and also just because I think it's cool), I decided I'd add a JSON feed to this blog, available here.
\nInitially, I thought it might be a fun weekend side project to write my own feed generator for Pelican, and I was all set to do so. Then I discovered that Ryan M at ryanmo.co had already published a json_feed
Pelican plugin on GitHub, so I just grabbed his code and went to town. No need to reinvent the wheel.
Algo, a project by Trail of Bits, is a VPN that you host yourself on a VPS of your own choosing. Self-hosted VPN's can be complicated to set up, but Algo is pretty easy: just download the files to your local machine, register for an account (if you don't have one already) at Amazon Web Services, Digital Ocean, or Google App Engine, and then run three commands in the terminal. That's pretty much it. In about 10 minutes, you have an easy, secure IPSec VPN.
", "content_html": "\n\nAlgo, a project by Trail of Bits, is a VPN that you host yourself on a VPS of your own choosing. Self-hosted VPN's can be complicated to set up, but Algo is pretty easy: just download the files to your local machine, register for an account (if you don't have one already) at Amazon Web Services, Digital Ocean, or Google App Engine, and then run three commands in the terminal. That's pretty much it. In about 10 minutes, you have an easy, secure IPSec VPN.
\nAlgo will even output .mobileconfig
profiles for your Apple devices, which makes it easy to connect to your VPN on your Mac or iPhone. No client software is needed, and you can configure the profiles to force your connection to use the VPN whenever possible.
The project isn't quite at a 1.0 release yet, so there are a few kinks and rough spots. Thankfully, the contributors are quite active on the project's GitHub Issues page. If you run into a bug, chances are they'll push a fix for it relatively quickly after you report it.
\nOne standout feature of Algo when compared to paid VPN services is the fact that you can easily spin up a \"disposable\" VPN anytime you like, and then tear it down fifteen minutes later. Since cloud hosting is so cheap, you can effectively rent a VPN by the hour, on demand.
\nAs I've noted elsewhere, use of a VPN is not a fullproof approach to privacy, and it isn't for everyone even when you can trust your provider. Algo removes some of the trust issues (although it's worthwhile to remember that your cloud provider might be subpoenaed too), and it uses much better crypto than most paid providers do. If a VPN is useful to you, you can hardly go wrong with Algo.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Amazon Echo Look Puts A Networked Camera In Your Bathroom", "url": "https://linklocker.co/blog/amazon-echo-look-puts-a-networked-camera-in-your-bathroom.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/amazon-echo-look-puts-a-networked-camera-in-your-bathroom.html", "date_published": "2017-04-27T07:59:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nAs you've doubtless heard by now, Amazon announced yesterday that it is bringing to market a new Echo device called \"Look.\" As you might have gathered given the name, this in-home \"assistant\" comes with an Internet-connected camera (oh, goody!):
\n\n\nWith Echo Look, you can take full-length photos of your daily look using just your voice. The built-in LED lighting and depth-sensing camera let you blur the background to make your outfits pop, giving you clean, shareable photos. Get a live view in the Echo Look app or ask Alexa to take a short video so you can see yourself from every angle. View recommendations based on your daily look and use Style Check for a second opinion on what looks best. And, because Alexa is built in the cloud, she\u2019s always getting smarter\u2014and so will Echo Look.
\n
Ahem.
\nLets's leave aside the question of why anyone would want a dedicated camera in the closet that takes voice-activated photos of their outfits. People want all kinds of ludicrous things, and I suppose we each have a prerogative to do whatever we want with our time and our money. I mean, WTF, but more power to you, I guess.
\nLet's look at the only slightly invisible downsides of a product like this. It's a fixed camera in your home, marketed as a thing to put in the space where you are most often naked, connected to the Internet over the surely under-secured home networks of regular non-technically minded people, that also has a microphone on it.
\nImagine a Dr. Evil or a Vladimir Putin or a Jeff Sessions designing an ideal device for oppression through surveillance. Imagine the silliest dystopia ever put forth in a 25-cent drugstore novel. Now imagine the promulgators of the above scenarios laughing at Amazon Echo Look for being too obvious and on-the-nose.
\nI suppose people will trade anything at all for an appeal to their vanity.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Bloomberg Is Wrong About Trump Being Right About Privacy", "url": "https://linklocker.co/blog/bloomberg-is-wrong-about-trump-being-right-about-privacy.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/bloomberg-is-wrong-about-trump-being-right-about-privacy.html", "date_published": "2017-04-19T08:41:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nIn a bit of epic trolling, Bloomberg's editorial board published a piece1 this week praising Trump and Congress for their efforts to continue permitting ISP's to sell your personal browsing data for a profit. The specious arguments drip with willful stupidity from the first sentence, and the piece just gets more dumb as it goes on:
\n\n\nOn one issue, at least, President Donald Trump has united the country: More than 70 percent of the public -- across political parties -- oppose a bill he signed that rolls back rules protecting online privacy. Unfortunately, it's an issue on which Trump and the Republican Congress happen to be mostly right.
\n
One might argue that in a democracy, the will of the people determines what is right...but OK, sure, whatever. The overall gist of this tragically wrong hot take seems to be the following:
\nNone of this holds up to even a brief moment of logical examination, unless you happen to be a lobbyist for Comcast.
\nWhile a federal regulation requiring that a consumer consent before her data is sold for somebody else's profit might hurt Comcast's bottom line (boo-hoo), practices which are repugnant are not made less repugnant when someone profits from them.
\nThe fact that some companies are already peeping while we go about our business does not, as even a three-year-old should understand, give other companies the same right automatically. An adult is arguing that bad things are OK if other people are already doing bad things? Seriously?
\nI honestly (and obviously) do think many customers will pay for a service that honors their privacy. Paying a premium for privacy on top of a fee paid for a monopolistic utility is another thing entirely. I don't think referring to such a premium as a ransom is a stretch at all. Bloomberg's editorial board is nuts.
\n\n\n\n\nI hesitate to link to the article because I don't think anyone deserves to benefit from the page view--so if you click through, make sure your ad blocker is activated. ↩
\nIn the wake of Congress' recent vote to reverse FCC rules that would require ISP's to obtain customers' permission before selling their browsing histories to marketers, concerned consumers have been searching for some way to prevent their providers from having a complete record of their browsing habits. VPN services seem to be the most often recommended solution, but as security researcher Brian Krebs explains, finding a trustworthy VPN is key\u2014otherwise you might just be handing your browsing history to yet another third party, who may or may not have your best interests in mind. The complexity of setting up a safe VPN is probably beyond what most consumers are comfortable with, and the risks and security challenges are not well-understood by most. It stands to reason that well-meaning privacy advocates would propose alternative solutions.
\nOne such alternative which seems to be making the rounds is the idea that ISP's can be fooled by dumping a massive amount of \"fake\" traffic into their logs. Scripts like Steve Smith's \"ISP Data Pollution\" are cropping up left and right, as are browser plugins like Noiszy. These solutions propose to add noise to the data your ISP collects on your habits by sending HTTP requests to a large number of \"randomly\" selected domains. This idea seems effective at first glance, and indeed it may work to some degree. Unfortunately, there are a number of problems with this approach as well, including the fact that there are multiple ways for your habits to be tracked. Your search provider (if it isn't DuckDuckGo) will still have records of your searches, to provide one such example. Beyond that, ISP's will probably find ways to sort through your history and weed out the fake requests anyway.
\nAs with everything involving privacy online, there is no magic button you can press that will just make everything OK. A varied approach is necessary: use SSL/TLS-encrypted services whenever remotely possible, use a VPN if you are sure you can trust them with your traffic, pollute your history with false requests if it makes you feel better, etc. Most importantly: do your homework. When you are signing up for a new service, look into its security and privacy policies very carefully, and make sure the team behind the service is doing its part to keep your data safe.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Senate Votes To Allow ISP's To Sell Your Data", "url": "https://linklocker.co/blog/senate-votes-to-allow-isps-to-sell-your-data.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/senate-votes-to-allow-isps-to-sell-your-data.html", "date_published": "2017-03-24T14:49:00-07:00", "content_text": null, "banner_image": null, "summary": "The U.S. Senate voted yesterday to roll back FCC protections enacted this past October which would prevent your broadband ISP from selling your browsing history to advertisers. This news may have slipped through the cracks in all the hubbub over the health care bill, but it's a troubling vote in its own right and it deserves your attention if you are concerned about privacy.
", "content_html": "\n\nThe U.S. Senate voted yesterday to roll back FCC protections enacted this past October which would prevent your broadband ISP from selling your browsing history to advertisers. This news may have slipped through the cracks in all the hubbub over the health care bill, but it's a troubling vote in its own right and it deserves your attention if you are concerned about privacy.
\nEssentially, the vote (which is still pending a vote in the House as of this writing) eliminates regulations which would require service providers to obtain your permission before selling your data to advertisers. Comcast and Cox, among others, will now be able to put together extensive profiles about you and your interests and sell them to the highest bidder. It's disgusting.
\nThere are many other issues to be concerned about right now, but in spite of all that I think a call to your congressperson about this is entirely a good idea.
\n", "tags": ["Privacy"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Maybe It's Time to Ditch Let's Encrypt?", "url": "https://linklocker.co/blog/maybe-it's-time-to-ditch-lets-encrypt.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/maybe-it's-time-to-ditch-lets-encrypt.html", "date_published": "2017-03-22T09:55:00-07:00", "content_text": null, "banner_image": null, "summary": "As I've discussed before, this site uses an SSL certificate from Let's Encrypt. Overall I believe they are doing the world a great service by offering certificates for free, but some recent events may be demonstrating a grave problem with their approach\u2014and maybe even with the broader approach taken by implementations of SSL in general. To wit, the recent talk of 14,000 fake-PayPal phishing sites using valid SSL certificates from Let's Encrypt has brought to the forefront what is to my mind one of the potentially fatal flaws in the way we handle encrypted traffic over the Web: the fact that encryption and trust have somehow gotten lumped together as a single monolithic thing in the eyes of most consumers. If a site has a green lock, it's \"safe,\" and that's all there is to it. Unfortunately, that's just not a great way to look at the Web.
", "content_html": "\n\nAs I've discussed before, this site uses an SSL certificate from Let's Encrypt. Overall I believe they are doing the world a great service by offering certificates for free, but some recent events may be demonstrating a grave problem with their approach\u2014and maybe even with the broader approach taken by implementations of SSL in general. To wit, the recent talk of 14,000 fake-PayPal phishing sites using valid SSL certificates from Let's Encrypt has brought to the forefront what is to my mind one of the potentially fatal flaws in the way we handle encrypted traffic over the Web: the fact that encryption and trust have somehow gotten lumped together as a single monolithic thing in the eyes of most consumers. If a site has a green lock, it's \"safe,\" and that's all there is to it. Unfortunately, binary representations are just not a great way to look at complex systems like the Web.
\nA malicious actor can send you encrypted packets until the cows come home, and yet present himself as PayPal or Bank of America via a misleading URL. On the other hand, a certificate might just as easily be doing its job of proving the identity of a host machine even if the TLS encryption settings are weaker than gas-station coffee. It just seems obvious that a single icon with two states (red lock / green lock) is not a good way of indicating the complicated interplay between encryption and identity that SSL certificates attempt to address.
\nIt seems reasonable to call for Let's Encrypt to do more to ensure a cert is not being issued to a clearly fraudulent domain (like one that's using \"paypal.com\" in its URLs). It also seems somewhat reasonable to hope that browser developers will begin to rethink the overly simplistic, unnecessarily binary colored-lock scheme which tries to serve as a catch-all for indicating a secure connection.
\nIt pains me to say this, because I think in the aggregate, we're all better off if most traffic on the Web is encrypted\u2014and free certificates are the only way that's ever going to happen. However, unless Let's Encrypt addresses the phishing potential inherent in their approach, I will have to have a good, long think about whether or not their certificates are a good fit for what we are hoping to build with LinkLocker.
\n", "tags": ["Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Get a Discount & Give a Discount with the LinkLocker Referral Program", "url": "https://linklocker.co/blog/get-a-discount-and-give-a-discount-with-the-linklocker-referral-program.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/get-a-discount-and-give-a-discount-with-the-linklocker-referral-program.html", "date_published": "2017-02-16T11:13:00-08:00", "content_text": null, "banner_image": null, "summary": "Our users are the best. To thank you all, today we are instituting a great new way to give your friends a discount toward a new subscription while also getting a discount for yourselves. Any time a new user signs up after visiting the site with your special referral link (which can be found on your new referrals page), both you and your referred user will get a credit for one month's subscription fee added to your accounts.
", "content_html": "\n\nOur users are the best. To thank you all, today we are instituting a great new way to give your friends a discount toward a new subscription while also getting a discount for yourselves. Any time a new user signs up after visiting the site with your special referral link (which can be found on your new referrals page), both you and your referred user will get a credit for one month's subscription fee added to your accounts.
\nJust copy your link and share it on social media, include it in blog posts, or send it to friends and family members. Whenever somebody signs up, you both get a free month. To get started, just head to your referrals page, grab your link, and share away.
\nThere is one limitation: initially, you are allotted 6 discounts to pass along to your friends, meaning you can earn up to 6 months of credit toward your subscription. These 6 months of discounted service would be in addition to a discount applied if you yourself have signed up using someone else's referral link...so in that case, the maximum number of monthly credits would be 7. We may or may not increase the allotted number of discounts at some point down the road. You can check the availability of additional credits at any time on your referrals page.
\nWe hope this will make LinkLocker a bit more fun to use, and we hope it will help the service be of more use to more people. Feel free to share your thoughts with us. We like hearing from you.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Quickly Search Your LinkLocker Account With Alfred 3 and Drafts", "url": "https://linklocker.co/blog/quickly-search-your-linklocker-account-with-alfred-3-and-drafts.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/quickly-search-your-linklocker-account-with-alfred-3-and-drafts.html", "date_published": "2017-02-04T13:23:00-08:00", "content_text": null, "banner_image": null, "summary": "Bookmarks are a lot more useful when they can be found almost instantaneously, in nearly any context. Opening up a Web page and typing a search string will slow you down, and can distract you from what you're working on. Luckily this problem is easy to solve, since our search can be launched with a simple URL. To that end I've put together a couple of useful techniques for quickly searching through my personal LinkLocker account on both my Mac and on iOS\u2014using a custom search for Alfred, and a custom Drafts action, respectively.
", "content_html": "\n\nBookmarks are a lot more useful when they can be found almost instantaneously, in nearly any context. Opening up a Web page and typing a search string will slow you down, and can distract you from what you're working on. Luckily this problem is easy to solve, since our search can be launched with a simple URL. To that end I've put together a couple of useful techniques for quickly searching through my personal LinkLocker account on both my Mac and on iOS\u2014using a custom search for Alfred, and a custom Drafts action, respectively.
\nAlfred 3 is a really handy utility for Mac which allows you to control nearly all aspects of your Mac with your keyboard. The number of things you can do with Alfred is staggering, and I won't bore you with a long laundry list. The Custom Web Search feature allows you to set up your own custom search engines in Alfred, which can be fired with just a couple of keystrokes. Once you've installed it, the LinkLocker custom search will let you search your account in seconds. Just launch Alfred using whatever keystrokes you've chosen (the default is \u2325 + SPACEBAR
, but you can change it to whatever you want), type ll
and a SPACE
, then type the string you want to search for, and hit ENTER
. For example, if you activate Alfred and type ll food
, your default browser will open to LinkLocker search results for \"food.\". This is absolutely the quickest way to find your bookmarks on a Mac. To try it out in your copy of Alfred, just install the custom search below:
LinkLocker Custom Search for Alfred
\nQuickly finding your links is maybe even more important on iOS, and thankfully it's easy with a custom action for Drafts. Like Alfred, Drafts does a lot of things, and it can be customized extensively for the way you like to work. These customizations allow you to perform predefined actions on snippets of text, and using one of these actions we can quickly launch a LinkLocker search for the text you've entered in Drafts. Just launch Drafts and type your search string, and then run the Search LinkLocker action. This will launch Safari and go right to your search results. To try it, just install the action from the Drafts Action Directory:
\nDrafts Action: Search LinkLocker
\nThe search workflows above are handy if you're an Alfred and/or Drafts user, but you can also easily set up your own custom search actions in your productivity tool of choice with a simple URL. Just base your custom integration on this URL pattern:
\nhttps://linklocker.co/search?query=[[YOUR SEARCH STRING HERE]]
These methods of quickly finding content will make your links a lot easier to get to, and they really help make using LinkLocker a much more seamless experience. Give them a try and you'll see what I mean.
\nAnd if you should happen to make a cool integration or workflow for some other app or service using the above info, please tell us about it on Twitter!
\n", "tags": ["Tips"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Import Your Diigo Data", "url": "https://linklocker.co/blog/import-your-diigo-data.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/import-your-diigo-data.html", "date_published": "2017-01-26T08:48:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nDiigo imports are now possible, using their CSV export option. Go to our importer and give it a try.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "New Features: Read Later & Pocket Import", "url": "https://linklocker.co/blog/new-features-read-later-and-pocket-import.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/new-features-read-later-and-pocket-import.html", "date_published": "2017-01-17T07:51:00-08:00", "content_text": null, "banner_image": null, "summary": "Since our launch last month, the two most common requests have been for a \"Read Later\" feature and for the ability to import content from Pocket. We're happy to say that both of those features are live as of today.
", "content_html": "\n\nSince our launch last month, the two most common requests have been for a \"Read Later\" feature and for the ability to import content from Pocket. We're happy to say that both of those features are live as of today.
\nThe Read Later feature allows you to mark any of your links for later reading, either when creating or when editing the link in question (a new checkbox on the clipper / editor allows for this). When a link is so marked, it will show up in your list with a red link instead of the usual green, and the box surrounding it will be light yellow. This will help you visually distinguish your to-be-read links from the rest of your content. In addition, a new Read List page will display all of your links which are marked to be read. We think this is a great new feature and we're using it extensively ourselves. Give it a try!
\nAs promised you can also now import your Pocket data on our Import page; just upload your Pocket export file and we'll do the rest. By the way, as a bonus, our importer now pulls read / unread status from all of the supported import formats, and properly records their Read Later status.
\nWe want to thank our customers for giving us a try, and for sharing such great feedback. If there's some feature or behavior you'd like to see, don't hesitate at all to contact us. We're listening!
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "These User-Requested Features Are Coming Soon", "url": "https://linklocker.co/blog/these-user-requested-features-are-coming-soon.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/these-user-requested-features-are-coming-soon.html", "date_published": "2017-01-01T10:06:00-08:00", "content_text": null, "banner_image": null, "summary": "Based on conversations with customers since our launch a few weeks ago, it seems that the following features are the most immediately in demand.
", "content_html": "\n\nBased on conversations with customers since our launch a few weeks ago, it seems that the following features are the most immediately in demand. We will be implementing these in roughly this order as the new year gets underway:
\nI hesitate to offer a timeline, but it's safe to say that the scale on which these things will be added is probably best measured in weeks, as opposed to months or days.
\nThanks for all the feedback you've sent us so far. We are listening! Please feel more than welcome to send your ideas and suggestions to us.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Why I Signed The NeverAgain.tech Pledge", "url": "https://linklocker.co/blog/why-i-signed-the-neveragain-tech-pledge.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/why-i-signed-the-neveragain-tech-pledge.html", "date_published": "2016-12-19T08:35:00-08:00", "content_text": null, "banner_image": null, "summary": "neveragain.tech is a pledge signed by employees of tech companies who are concerned about the immigration policies of the incoming presidential administration. The signatories of the pledge are committing themselves to honor safe and sane data retention practices, and generally not to take part in facilitating the creation of databases used for identifying individuals for targeting by the US government on grounds of race, religion, or national provenance. As of the moment I'm writing this, 2,288 tech employees have signed on. I have also signed it. Since I'm the managing partner of the LLC that runs LinkLocker, it's safe to say that our company as a whole has committed to these precepts and practices.
", "content_html": "\n\nneveragain.tech is a pledge signed by employees of tech companies who are concerned about the immigration policies of the incoming presidential administration. The signatories of the pledge are committing themselves to honor safe and sane data retention practices, and generally not to take part in facilitating the creation of databases used for identifying individuals for targeting by the US government on grounds of race, religion, or national provenance. As of the moment I'm writing this, 2,288 tech employees have signed on. I have also signed it. Since I'm the managing partner of the LLC that runs LinkLocker, it's safe to say that our company as a whole has committed to these precepts and practices.
\nThe pledge may at first seem a token gesture, or a facile form of pseudo-protest\u2014but I believe it is important that we all keep a watchful eye on the way these issues are playing out, and I believe it's important to get on the record as saying that neither I nor LinkLocker will assist in gathering the sort of data that might facilitate mass deportations and / or the stifling of dissent.
\nSo there you have it. I'm on the record.
\n", "tags": ["Privacy", "Policies"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "How Much Is A Little Privacy Worth?", "url": "https://linklocker.co/blog/how-much-is-a-little-privacy-worth.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/how-much-is-a-little-privacy-worth.html", "date_published": "2016-12-14T10:24:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThere has never been a more perfect time to start being proactive about privacy than this moment, right now, at the end of 2016. The surveillance state is out of control\u2014and it's currently being overseen by a relatively sane administration. Just think about how a Trump presidency might want to put to use the vast troves of personal data about you and your interests. A number of thoughts come to mind, and there isn't a pretty one in the bunch.
\nAnd it goes even further. A staggering 1.6 billion private records were leaked in 2016, and that's just from the breaches we actually know about. It's quite safe to say that many, many more records than that were leaked or stolen this year. Almost certainly, somewhere, some amount of your data has been made public, or has been stolen in order to be put to use toward who-knows-what end.
\nThe clowns are running the clown asylum, and we just elected Bozo to be their leader.
\nIt seems many of us have decided that a few tradeoffs are OK; we'll take a free service in exchange for a little data about our children and our religious beliefs. What's the harm? This strikes me as an exceedingly insane bargain, especially given the first two paragraphs above. Would you accept free plumbing services so long as the plumber is allowed to peek through your underwear drawer? Would you like to trade a photo of your junk for a sandwich (sit down, Anthony Weiner)? How do you know the plumber won't walk away with a pair of those undies? What happens to the junk photo three days from now when your sandwich is long gone?
\nThese may sound like intentionally extreme examples, but if you think about the kinds of data we routinely put online, you'll see my examples aren't so silly after all. Why are online services any different from this kind of stuff? What's so wrong with paying $1 for something you like?
\nThings don't really need to be this way. It's easy to imagine an Internet where you pay a very few bucks in exchange for use of a service with the knowledge that nothing personal about you will be stashed and / or stolen from the servers in question. It would seem that all of the above leads us to a perfect time to launch a service like ours, and that's what we're doing today.
\nWe don't store anything about you except an email address (and hell, type \"bozo476@clowncollege.balls\" into the email field for all I care, so long as you can log into it at least once and confirm the address is yours). There's nothing about you to be leaked or stolen. And we're funded by subscriptions, so we have no reason to try and find things about you to sell.
\nJust go sign up. Thanks for reading.
\n", "tags": ["Privacy", "Security", "Launch"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker Launches Next Week", "url": "https://linklocker.co/blog/linklocker-launches-next-week.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-launches-next-week.html", "date_published": "2016-12-05T12:40:00-08:00", "content_text": null, "banner_image": null, "summary": "I'm very excited to announce that we are launching the site officially next week (I'm going to keep the exact date under my hat just a little while longer, in case some disastrous bug or server explosion should cause an unexpected delay). I am very excited about this. And that is an understatement.
", "content_html": "\n\nI'm very excited to announce that we are launching the site officially next week (I'm going to keep the exact date under my hat just a little while longer, in case some disastrous bug or server explosion should cause an unexpected delay). I am very excited about this. And that is an understatement.
\nAlong with the above, we're also announcing our pricing and subscription plans. It's too early to sign up for these just yet, but feel free to check them out.
\nOK, now I just have to finish flipping all of the switches and typing all of the things. More details coming next week.
\n", "tags": ["Launch"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker Safari Extension Available", "url": "https://linklocker.co/blog/linklocker-safari-extension-available.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-safari-extension-available.html", "date_published": "2016-11-29T13:51:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe Safari Extension is now available for installation. We hope it will be listed on the Safari Extensions Gallery at some point, but their submissions and approval process is something of a black box. Who knows?
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "RELEASE: version 0.5 (Beta)", "url": "https://linklocker.co/blog/release-version-0.5-beta.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/release-version-0.5-beta.html", "date_published": "2016-11-20T20:05:00-08:00", "content_text": null, "banner_image": null, "summary": "This release implements a different & more secure method for exporting user data, and fixes a critical account management bug. More info below the fold.
", "content_html": "\n\nThis release includes:
\nThanks to everyone helping us test the site. If you'd like to help, please request an invitation.
\n", "tags": ["Beta"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "RELEASE: version 0.4 (Beta)", "url": "https://linklocker.co/blog/release-version-0.4-beta.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/release-version-0.4-beta.html", "date_published": "2016-11-16T13:18:00-08:00", "content_text": null, "banner_image": null, "summary": "This release introduces autosuggestions for tagging, and fixes a few minor issues; more info below the fold.
", "content_html": "\n\nThis release includes:
\nThanks to all of the testers. If you'd like to test the app, please feel welcome to request an invitation. But hurry, because the beta ends soon!
\n", "tags": ["Beta"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker Firefox Extension Available", "url": "https://linklocker.co/blog/linklocker-firefox-extension-available.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-firefox-extension-available.html", "date_published": "2016-11-11T17:14:00-08:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe Firefox extension is now available on addons.mozilla.org.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker Chrome Extension Available", "url": "https://linklocker.co/blog/linklocker-chrome-extension-available.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-chrome-extension-available.html", "date_published": "2016-11-02T15:49:00-07:00", "content_text": null, "banner_image": null, "summary": "The official LinkLocker Chrome Extension is now available on the Chrome Web Store. Browser extensions will be the best way to add content to your LinkLocker account going forward; they are more secure than the bookmarklet in a number of ways, they can be easily updated, etc.
", "content_html": "\n\nThe official LinkLocker Chrome Extension is now available on the Chrome Web Store. Browser extensions will be the best way to add content to your LinkLocker account going forward; they are more secure than the bookmarklet in a number of ways, they can be easily updated, etc. All of our current beta testers who use Chrome are encouraged to install the extension right away.
\nIf you're using Firefox or Safari don't feel left out; extensions for those other platforms will be coming very soon.
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "RELEASE: version 0.3 (Beta)", "url": "https://linklocker.co/blog/release-version-0.3-beta.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/release-version-0.3-beta.html", "date_published": "2016-10-26T18:24:00-07:00", "content_text": null, "banner_image": null, "summary": "This is a small release which fixes a number of bugs and UX issues; more info below the fold.
", "content_html": "\n\nThis is a small release which fixes a number of bugs and UX issues, including:
\nThanks to all of the testers who have been providing input and feedback. If you aren't among them, please feel welcome to request an invitation.
\n", "tags": ["Beta"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Roadmap To Launch Day", "url": "https://linklocker.co/blog/roadmap-to-launch-day.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/roadmap-to-launch-day.html", "date_published": "2016-10-25T14:28:00-07:00", "content_text": null, "banner_image": null, "summary": "We've been in beta for about 6 weeks or so now, and we've received a lot of great feedback from our beta users. It's unclear what our exact launch day will turn out to be, but we are getting closer all the time, and we think a date sometime this side of New Year's might be a reasonable enough guess. Time for an update on what's coming next, then, I suppose.
", "content_html": "\n\nWe've been in beta for about 6 weeks or so now, and we've received a lot of great feedback from our beta users. It's unclear what our exact launch day will turn out to be, but we are getting closer all the time, and we think a date sometime this side of New Year's might be a reasonable enough guess. Time for an update on what's coming next, then, I suppose.
\nAlong the way I'll also try and address any and all bugs, and who knows...maybe a small feature or two will be added in along the way. This ought to keep me busy enough until we go live, though, and should provide a pretty solid 1.0 of the service.
\nOK, back to work...
\n", "tags": ["Beta"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Obtaining Let's Encrypt Certificates Without Sudo", "url": "https://linklocker.co/blog/obtaining-lets-encrypt-certificates-without-sudo.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/obtaining-lets-encrypt-certificates-without-sudo.html", "date_published": "2016-10-14T13:16:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nLinkLocker uses a certificate provided by Let's Encrypt to enable TLS 1.2 encryption over https
. Let's Encrypt is a not-for-profit initiative to spread the use of encrypted transfer to as much of the Web as possible. Their certificates provide verification that a site is what it says it is, and allow for fully encrypted data transfer between two parties (in LinkLocker's case, this means between our server and your computer). These certificates have in the past been costly to obtain, thus greatly dampening the growth of encrypted transfer on the Internet. The certificates provided by Let's Encrypt are completely free, which is a great way to help make TLS the norm. The standard Let's Encrypt Certbot will even update your certificate automatically every few months. Unfortunately, you need to grant root privileges to their script. There are some potentially scary security implications to this, so I looked for and found another way: a set of Python scripts by Daniel Roesler called Let's Encrypt Without Sudo.
LEWS (as I'll call it) allows you to generate the necessary files, including the encryption keys and the certificate signed by Let's Encrypt, right on your local machine. You can then upload them to your server, and bam, you've enabled https. Note that you do need to run a temporary BaseHTTPServer
on the remote machine in order to verify that the server is yours, but you are issuing a single Python shell command, which you can read and approve before you enter it. At no point in the process do you need to let a third-party script run with persistent root permissions on your server, which I see as a pretty clean win.
As with all things leading to more security, there is admittedly a trade-off with respect to convenience. Using this method requires manual renewal of the certificate every three months. It's not too terribly time-consuming or difficult a process, but it is something you need to remember to do. I find that the need to ensure manually that a new cert is installed provides a great opportunity to audit the server's TLS configuration, and to improve / harden it on a regularly recurring basis. For this reason and for the peace of mind I get in not granting root to Certbot, I believe the trade-off is well worth it in the end.
\n", "tags": ["Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Import Bookmarks From Pinboard And Instapaper", "url": "https://linklocker.co/blog/import-bookmarks-from-pinboard-and-instapaper.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/import-bookmarks-from-pinboard-and-instapaper.html", "date_published": "2016-10-06T17:09:00-07:00", "content_text": null, "banner_image": null, "summary": "If you're a Pinboard or Instapaper user, you can export your links and other data from those services and then easily import them into your LinkLocker account. Adding all your existing links is a great way to put the site through its paces if you're a beta user\u2014in which case we love you. It's also a great way to go all in on LinkLocker and leave those other services behind...in which case we really love you. Just head to the import page if you're a TL;DR type, or read on if you'd like to know more about how this works.
", "content_html": "\n\nIf you're a Pinboard or Instapaper user, you can export your links and other data from those services and then easily import them into your LinkLocker account. Adding all your existing links is a great way to put the site through its paces if you're a beta user\u2014in which case we love you. It's also a great way to go all in on LinkLocker and leave those other services behind...in which case we really love you. Just head to the import page if you're a TL;DR type, or read on if you'd like to know more about how this works.
\nOur importer will currently only accept Pinboard's JSON-formatted export files, and Instapaper's HTML exports. In the future, I imagine other services will be added, and we may support other data formats as well.
\nBefore you can do the import, you'll need to grab the export file from the service in question. There are links on our import page to the areas on the other sites where data export can be initiated.
\nOnce you have the file on your system (and all of this even works on iOS devices now, if you are using iCloud, Dropbox, or some other cloud service as a document provider), simply head over to the importer, select your file using the big purple \"Choose\" button, and then upload it with the other button. If everything works, your data should appear in your account within a few minutes.
\nNota bene: as of this writing the site is very much in beta. While we have tested this feature a lot, it's entirely possible that you will encounter a problem of some kind. If this turns out to be the case, contact us and let us know!
\n", "tags": ["Feature"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "Data Storage & Backup Procedures", "url": "https://linklocker.co/blog/data-storage-backup-procedures.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/data-storage-backup-procedures.html", "date_published": "2016-09-20T17:38:00-07:00", "content_text": null, "banner_image": null, "summary": "I just want to make a couple of quick assurances about data storage, with respect to both security and to redundancy...
", "content_html": "\n\nI just want to make a couple of quick assurances about data storage, with respect to both security and to redundancy:
\nThe biggest reason why I decided to make LinkLocker is that none of the bookmarking / content hoarding services on the market are really taking their users' privacy seriously. In many ways, privacy is often an afterthought even in the very best case scenarios when it comes to online services, and after several years of wondering when we'd start to see products that were truly concerned about protecting customers and their data, I was really feeling pretty frustrated with the state of things on the Web. If you want anything done, you'd better do it yourself\u2014and so I started to do just that when I began working on this project.
\nThe decision to make a bookmarking service in particular was made for a different, but related reason: putting hyperlinks away for later is probably one of the most fundamental behaviors of Internet users, and yet well-managed bookmarking products don't seem to be as prevalent as one might expect. A lot of this behavior seems to have been subsumed by our desire to dump everything we think and feel onto social media.
\nEvery squinty selfie snapped in the hallway leading to the bowling alley restrooms must be globally disseminated! The Pontiff Himself might be checking out my sweet Spotify playlist of obscure classic dubstep tracks performed by an orchestra of kazoos!
\nI mean, I certainly hope he's checking it out. Why won't he notice me?
\nIn all seriousness though, maybe the responsibility for stashing content away for later use is in fact not best handled by a company who sells more advertisements every time you Megapoke your FriendyPals. Maybe it's fine not to broadcast everything you read, after all.
\nI'm feeling pretty fatigued with the whole notion of living my life permanently in public, and I decided to make a bet on the idea that I might not be alone in that feeling. With all of the above in mind (especially my angst about the Pope's feelings), I decided there might very well be a terrific market opportunity for an online service that does a few rather simple things:
\nThese goals seem to me at once both worthwhile and imminently attainable. While keeping anything private on the Internet is a giant task, I believe it is possible to do a pretty good job of it if you simply decide to care enough to try. I can't promise that everything will go flawlessly along the way, but I can promise that I deeply care about privacy issues, and that I deeply care about doing whatever I can do on an ongoing basis to get closer and closer to the ideal of keeping your data in a completely bulletproof container.
\nI think that there are probably enough people in the world who believe in the above things enough to sustain a service like LinkLocker for a long time. It may take a long time to find out whether the bet I am making will pay off, but there is no better time than the present to get started and to see what happens. So let's just get started.
\n", "tags": ["Privacy", "Security"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "RELEASE: version 0.2.2 (Beta)", "url": "https://linklocker.co/blog/release-version-0.2.2-beta.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/release-version-0.2.2-beta.html", "date_published": "2016-09-14T00:19:00-07:00", "content_text": null, "banner_image": null, "summary": "The first beta invitations are out! We'll be starting with a very small pool of testers, and slowly scaling up from there over the next couple of months. It's really nice to see LinkLocker start to make its way out into the world.
", "content_html": "\n\nThe first beta invitations are out! We'll be starting with a very small pool of testers, and slowly scaling up from there over the next couple of months. It's really nice to see LinkLocker start to make its way out into the world.
\nThanks to everyone who has volunteered to help out with the beta so far. If you aren't yet among them, you're welcome to request an invitation to become a tester.
\n", "tags": ["Beta"], "external_url": null}, {"author": {"url": "https://linklocker.co/blog/author/jarrod-whaley.html", "name": "Jarrod Whaley", "avatar": null}, "title": "LinkLocker Beta Roughly One Week Away", "url": "https://linklocker.co/blog/linklocker-beta-roughly-one-week-away.html", "image": null, "date_modified": null, "id": "https://linklocker.co/blog/linklocker-beta-roughly-one-week-away.html", "date_published": "2016-08-29T21:42:00-07:00", "content_text": null, "banner_image": null, "summary": null, "content_html": "\n\nThe LinkLocker beta will begin, hopefully, within a few days. Technically this might better be described as an alpha, but with all things LinkLocker I reserve the right to make up my own names for things.
\nI want to thank everyone who has volunteered so far to help me work out the kinks. If you're signed up to be a tester, I'll soon be sending you a link at which you can create an account. I expect that this process will begin on Labor Day, or possibly shortly thereafter. Things are progressing more or less on schedule, but one never knows how these things will go.
\nIf you don't receive your invitation link at the same time as other testers, don't be alarmed. I'll be rolling out the invite links on a gradual basis, so I can make sure that the server isn't going to explode in a horrible green fire from the new traffic. New test accounts will slowly be added over time over the course of a couple of months, with the site (hopefully) launching officially this Fall.
\nIf you would like to be a tester and you haven't done so already, please feel free to request a beta invitation.
\nLet's do this.
\n", "tags": ["Beta"], "external_url": null}], "title": "LinkLocker Blog", "favicon": null, "home_page_url": "https://linklocker.co/blog", "version": "https://jsonfeed.org/version/1", "user_comment": null}