Data-portability and the data transfer project?

data transfer project

Its over 14 years since the dataportability project was founded by a bunch of well meaning people including myself. It was a challenging time with vendor lock, walled gardens and social guilt trips; to be honest little changed till very recently with GDPR.

Data export was good but user controlled data transfer is something special and one of the dreams of the data portability project. Service to service; not because there was a special agreement setup between the services but because you choose to move of your own freewill; makes so much sense.

This why I was kind of sceptical of the Google data transfer project. But on deeper look its pretty good.

In 2007, a small group of engineers in our Chicago office formed the Data Liberation Front, a team that believed consumers should have better tools to put their data where they want, when they want, and even move it to a different service. This idea, called “data portability,” gives people greater control of their information, and pushes us to develop great products because we know they can pack up and leave at any time.

In 2011, we launched Takeout, a new way for Google users to download or transfer a copy of the data they store or create in a variety of industry-standard formats. Since then, we’ve continued to invest in Takeout—we now call it Download Your Data—and today, our users can download a machine-readable copy of the data they have stored in 50+ Google products, with more on the way.

Now, we’re taking our commitment to portability a step further. In tandem with Microsoft, Twitter, and Facebook we’re announcing the Data Transfer Project, an open source initiative dedicated to developing tools that will enable consumers to transfer their data directly from one service to another, without needing to download and re-upload it. Download Your Data users can already do this; they can transfer their information directly to their Dropbox, Box, MS OneDrive, and Google Drive accounts today. With this project, the development of which we mentioned in our blog post about preparations for the GDPR, we’re looking forward to working with companies across the industry to bring this type of functionality to individuals across the web.

All sounds great and the code is open source on Github for anyone to try out. The paper is worth reading too.

However! The devil is in the data or rather the lack of it. As the EFF point out theres no tracking data exchange, the real crown jewels. The transfer tool is good but if the services don’t even share the data, then whats the point?

GDPR dating information update

Hackers movie

With GDPR I send out emails to OKCupid, Plenty of Fish, Tinder and others. So far I’ve only gotten responses from POF and OkCupid. Which means Tinder and others have about a day or so to get back to me with everything before I can start to throw down some fire.

Before I headed on holiday, I got a message from POF then OKcupid a day later, saying they need the request from the email which is on the account. Fair enough, so I forwarded each email to that email address and replied all to myself and to them but from that email account address.

A few days later I got emails, first from POF and then OKCupid.

You have recently requested a copy of your PlentyofFish (“POF”) personal data, and we’re happy to report that we have now verified your identity.

We are attaching a copy of your personal data contained in or associated with your POF account.  The password to access the personal data will be sent in a separate email.

By downloading this data, you consent to the extraction of your data from POF, and assume all risk and liability for such downloaded data. We encourage you to keep it secure and take precautions when storing or sharing it.

The information contained in this archive may vary depending on the way you have used POF. In general, this information includes content and photos you have provided us, whether directly or through your social media accounts, messages you have sent and other data you would expect to see from a social media service like POF.

Please note that there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.

Sincerely,

POF Privacy Team

Then similar from OKcupid, which makes sense being the same company really.

Dear Mr. Forrester:

You have recently requested a copy of your OkCupid personal data, and we’re happy to report that we have now verified your identity.

We are attaching a copy of your personal data contained in or associated with your OkCupid account. The password to access the personal data will be sent in a separate email.

By downloading this data, you consent to the extraction of your data from OkCupid, and assume all risk and liability for such downloaded data. We encourage you to keep it secure and take precautions when storing or sharing it.

The information contained in this archive may vary depending on the way you have used OkCupid. In general, this information includes content and photos you have provided us, whether directly or through your social media accounts, messages you have sent and other data you would expect to see from a social media service like OkCupid.

Please note that there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on OkCupid, which are not provided out of concern for the privacy of the senders.

Sincerely,

OkCupid Privacy Team

So on my train journey from Stockholm to Copenhagen, I had a look inside the Zip files shared with me. Quite different, I’d be interesting to see what others will do.

  • Forrester, I – POF Records.zip
    • UserData.json | 6.2 kb
    • UserData.pdf | 40.5 kb
    • Profile_7.jpg | 30.1 kb
    • Profile_6.jpg | 25.0 kb
    • Profile_5.jpg | 17.4 kb
    • Profile_4.jpg | 18.8 kb
    • Profile_3.jpg | 26.6 kb
    • Profile_2.jpg | 11.7 kb
    • Profile_1.jpg | 30.7 kb
  • OkCupid_Records_-Forrester__I.zip
    • Ian Forrester_JSN.txt | 3.8 mb
    • Ian Forrester_html.html | 6.6mb

As you can see quite different, interestingly no photos in the OKCupid data dump, even the ones I shared as part of my profile. In POF the PDF is a copy of the Json file, which is silly really.

So the Json files are the most interesting parts…

Plenty of Fish

.POF don’t have much interesting data, basically a copy of my profile data in Json including Firstvisit, FirstvisitA, etc to FirstvisitE complete with my ip address. I also can confirm I started my profile on 2012-01-25.

Then there is my BasicSearchData and AdvancedSearchData  which includes the usual stuff and when I LastSearch ‘ed and from which IP address.

Nothing else… no messages

OkCupid

OkCupid has a ton more useful information in its Json. Some interesting parts; I have logged into OKCupid a total of 24157 times! My status is Active? My job is Technology?  The geolocation_history is pretty spot on and the login_history goes from July 2007 to current year, complete with IP and time.

The messages is really interesting! They decided to share one of the messages, so only the ones you send rather what you received. As the messages are not like emails, you don’t get the quoted reply, just the sent message. Each item includes who from (me) and time/date. There are some which are obviously a instant massager conversation which look odd reading them now. In those ones, theres also fields for peer, peer_joined, time and type. Its also clear where changes have happened for example when you use to be able to add some formatting to the message and you use to have subject lines.

Some which stick out include, Allergic to smoking?, insomnia, ENTP and where next, The Future somewhat answered, So lazy you’ve only done 40 something questions, Dyslexia is an advantage, But would you lie in return? No bad jokes, gotland and further a field, Ok obvious question, etc.

Next comes the photos (My photos, no one elses)

"caption": "OkCupid's removal of visitors is so transparent, I don't know why they bothered to lie to us all?", 
"photo": "https://k1.okccdn.com/php/load_okc_image.php/images/6623162030294614734", 
"status": "Album Picture Active", 
"uploaded": "2017-08-08 19:16:20"

Of course the images are publicly available via the url, so I could pull them all down with a quick wget/curl. Not sure what to make about this idea of making them public. Security through obscurity anyone?

Stop screwing with OKCupid
As long as you can see the picture above, OKCupid is making my profile pictures public

Now the images strings seems to be random but don’t think this is a good idea at all! Wondering how it sits with GDPR too, also wondering if they will remove them after a period of time. Hence if the image a above is broken, then you know what happened.

Then we are on to the purchases section. It details when I once tried A-list subscription and when I cancelled it. How I paid (paypal), how much, address, date, etc… Its funny reading about when I cancelled it…

"comments": "userid = 7367007913453081320 was downgraded to amateur", 
"transaction": "lost subscription",

The big question I always had was the question data. Don’t worry they are all there! For example here’s just one of mine.

{
"answer_choices": {
"1": "Yes", 
"2": "No"
}, 
"prompt": "Are you racist?", 
"question_id": 7847, 
"user_acceptable_answers": [
"No"
], 
"user_answer": "No", 
"user_answered_publicly": "no", 
"user_importance": "mandatory"
},

After all those questions, theres a bunch of stuff about user_devices I’ve used to log into OkCupid over the years going right back. Stuff about preferences for searches, etc.

Going to need some time to digest everything but the OKCupid data dump is full of interesting things. I might convert the lot to XML just to make it easier for me to over view.

OKcupid responds to my GDPR request

OkCupid no Match protest

I mentioned how I emailed a load of dating sites for my data and then some… Under GDPR. So far I’ve got something form POF but OKcupid finally got back to me, after finally making it to supportconsole@okcupid.com.

Hello,

OkCupid has received your recent request for a copy of the personal data we hold about you.

For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.

In order for us to verify your identity, we kindly ask you to:

1. Respond to this email from the email address associated with your OkCupid account and provide us the username of your OkCupid account.

2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.

We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.

Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on OkCupid, which are not provided out of concern for the privacy of the senders.

Best,

OkCupid Privacy Team

Pretty much the same as the POF reply.

POF first to respond to my GDPR request

Plenty of Fish

I mentioned how I emailed a load of dating sites for my data and then some… Under GDPR. So far I’ve been bounced around a little but POF is the first positive email I gotten so far…

PlentyofFish (“POF”) has received your recent request for a copy of the personal data we hold about you.

For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.

In order for us to verify your identity, we kindly ask you to:

1. Respond to this email from the email address associated with your POF account and provide us the username of your POF account.

2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.

We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.

Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.

Best,

POF Privacy Team

Well I guess they are being careful at least but will be interested to see what other questions they ask me.

Still wondering when the rest will get in touch?

Data portability and GDPR, been waiting a long time for this

EU GDPR 2018

One of the things I always wanted but never couldn’t see how it would happen without the good will of companies. Was real data portability of my own data.

Google, Facebook and others do provide a data dump but I found it really interesting to see the difference in my Facebook dump/zip/archive. I request it every year or when something changes. This year I did one while Facebook struggled to deal with the impact of Cambridge Analytica and the new GDPR changes.

In 2017 my zip was 31.4 MB (31,425,658 bytes)
In 2018 my zip was 171.3 MB (171,267,617 bytes)

Unlike previously FB included ALL the media in the messages I’ve exchanged with friends. All those gifs and videos friends have shared are now in the dump. I find it interesting they were not included previously. Which always raises the question of ownership. Something we (dataportability group) talked a lot.

I’m so looking forward to similar with other services… Although I’m still unsure if you can legally create services which use the data exports to import or not. It should be possible, as its your data.

Having already crafted a email to send to OKCupid, POF, Bumble, Tinder and some other dating sites similar to when the journalist requested every bit of data they had on her. Its set to send on May 25th which is the day when GDPR comes into effect aka tomorrow!

Thanks to Ubergill for much improving the email I originally drafted…

I’m looking forward to the replies!

Dear {service}

I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am still concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information.

I would like you to be aware at the outset, that I expect a reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioner’s Office.

Please advise as to the following:

  1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.
  2. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, or voice or other media that you may store.
  3. Additionally, please advise me in which countries my personal data is stored, or accessible from. In case you make use of cloud services to store or process my data, please include the countries in which the servers are located where my data are or were (in the past 12 months) stored.
  4. Please provide me with a copy of, or access to, my personal data that you have or are processing.
  5. Please provide me with a detailed account of the specific uses that you have made, are making, or will be making of my personal data.
  6. Please provide a list of all third parties with whom you have (or may have) shared my personal data.
  7. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal data, please provide a list of third parties to whom you may have disclosed my personal data.
  8. Please also identify which jurisdictions that you have identified in 1(b) above that these third parties with whom you have or may have shared my personal data, from which these third parties have stored or can access my personal data. Please also provide insight in the legal grounds for transferring my personal data to these jurisdictions. Where you have done so, or are doing so, on the basis of appropriate safeguards, please provide a copy.
  9. Additionally, I would like to know what safeguards have been put in place in relation to these third parties that you have identified in relation to the transfer of my personal data.
  10.  Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.
  11. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14of the GDPR.
  12. If you are making automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please provide me with information concerning the basis for the logic in making such automated decisions, and the significance and consequences of such processing.
  13.  I would like to know whether or not my personal data has been disclosed inadvertently by your company in the past, or as a result of a security or privacy breach.
  14. If so, please advise as to the following details of each and any such breach:
  15. a general description of what occurred;
  16. the date and time of the breach (or the best possible estimate);

iii. the date and time the breach was discovered;

  1. the source of the breach (either your own organisation, or a third party to whom you have transferred my personal data);
  2. details of my personal data that was disclosed;
  3. your company’s assessment of the risk of harm to myself, as a result of the breach;

vii. a description of the measures taken or that will be taken to prevent further unauthorised access to my personal data;

viii. contact information so that I can obtain more information and assistance in relation to such a breach, and

  1. information and advice on what I can do to protect myself against any harms, including identity theft and fraud.
  2. If you are not able to state with any certainty whether such an exposure has taken place, through the use of appropriate technologies, please advise what mitigating steps you have taken, such as
  3. Encryption of my personal data;
  4. Data minimisation strategies; or,

iii. Anonymisation or pseudonymisation;

  1. Any other means
  2. I would like to know your information policies and standards that you follow in relation to the safeguarding of my personal data, such as whether you adhere to ISO27001for information security, and more particularly, your practices in relation to the following:
  3. Please inform me whether you have backed up my personal data to tape, disk or other media, and where it is stored and how it is secured, including what steps you have taken to protect my personal data from loss or theft, and whether this includes encryption.
  4. Please also advise whether you have in place any technology which allows you with reasonable certainty to know whether or not my personal data has been disclosed, including but not limited to the following:
  5. Intrusion detection systems;
  6. Firewall technologies;

iii. Access and identity management technologies;

  1. Database audit and/or security tools; or,
  2. Behavioural analysis tools, log analysis tools, or audit tools;
  3.  In regards to employees and contractors, please advise as to the following:
  4. What technologies or business procedures do you have to ensure that individuals within your organisation will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail, web-mail or instant messaging, or otherwise.
  5. Have you had had any circumstances in which employees or contractors have been dismissed, and/or been charged under criminal laws for accessing my personal data inappropriately, or if you are unable to determine this, of any customers, in the past twelve months.
  6. Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation.

Thank you,

Ian

We present the Living room of the future…

living room of the future flyer

I’ve been working on the living room of the future and write about it quite a few other places including the BBC R&D blog.

Its part of the reason for the radio silence recently, but honestly the team of 3 universities and 2 arts organisations have been hard at work to create the live demonstrator of the living room of the future.

living room of the future

I won’t lie, its bloody exciting not only for the experience but what it enables and stands for. I highly recommend taking part in the research if you are able to come to Liverpool from Thursday 3rd – 8th May.

Of course I don’t want to reveal too much and although its hard to do much of a spoiler as its about a shared experience. Our twitter bot is doing a good job showing the inners of what going on if you are wondering.

There has been a question for a while which people always ask. Why the living room? To which I answer sensitive place, common private area for discussions, there are existing social hierarchies at play in the space and its place for small audiences. Its also a complex space which I’ve seen talked about a lot recently.

BD3-34 - Pilsen St bedsit with armchair

I found Millennials don’t need living rooms, piece from the Independent fascinating.

A prominent architect has argued millennials do not need living rooms and their housing prospects would be greatly improved if size regulations were overhauled.

Patrik Schumacher, who took over as head of Zaha Hadid Architects after the legendary founder died in early 2016, said “hotel room-sized” studio flats were ideal for young people who led busy lives.

In a paper published by the Adam Smith Institute, he suggested size rules should be reviewed to increase the number of studio flats available to those on lower incomes.

While a 25-square-metre flat is the minimum in Japan, in the UK the minimum is 37 square metres for a one-bed.

Although reading through the piece, it sounds like a land grab to change the regulation and fit even more property in smaller spaces. There is a slight point that the price of property is super high and this could help (IF) prices don’t increase they are currently.

Polly Neate, CEO of housing charity Shelter, hit back at the architect’s remarks. “Tiny homes don’t necessarily mean cheaper homes, and at Shelter we know that having a decent place to live is vital for people’s well-being. So compromising on space and quality isn’t going to do anyone any favours,” she told The Independent.

“Homes in the UK are not expensive because they are too large, they are too expensive because our housing market is broken. When big developers realise they can squeeze, for example, 20 tiny homes on the same patch of land that once fit just ten then the price of land will rise to reflect this.

“The solution to the housing crisis is not to build ever smaller homes but to bring down the price of land and build the type of genuinely affordable homes that people actually want to live in.”

My thoughts went back and forth while reading but I wondered if the living space is squeezed what will disappear? Maybe the living room or kitchen will be first to go, looking at Japanese flats for example.

There was a choice in building the living room of the future, that it should be big or small? What was it it and what wasn’t. We decided on small to reflect the trend on smaller shared spaces and the need for the 3rd space.

Looking at the other side of the living room project, it was also fascinating to read about the UK’s first smarthome with Apple home kit baked in. The obviously scares the life out of me but every buyer of smart homes should read the house which spied on me and also the follow up which explains how it worked.

The house which spied on me

In December, I converted my one-bedroom apartment in San Francisco into a “smart home.” I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid’s toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Its super revealing and a very good long read. It speaks volumes about the different data which flows around our homes and spaces like the living room.

So what you waiting for, get yourself a ticket now!

Remember what Zuckerberg said about its trusted users?

Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I have so many pieces saved in my wallabag archive about the faccebook/cambridge analytica data issues (it is not a breach!). As I read, more information comes to light.

But I am always reminded of what Zuckerberg said about its trusted users… and it sums up so much.

Dumb fucks…

The thing about the statement is although it might be throw away in nature it speaks volumes about the way Zuckerberg thinks about Facebook users. It also interesting to think how Facebook is makes users feel that way, taking the power and control out of their hands. The reactions to the reveals have been so-so like when Edward Snowdon revealed the mass surveillance of millions of citizens around the world.

But its super clear, no matter how powerless we all feel, its super important to not lose sight that these giant companies have weaponised data, algorithms and psychology against us all. Running from one service to another isn’t so helpful in the long run.

We need to be more conscious about our decisions physically, mentally and virtually or be the dumb fucks Zuckerberg talked about.

Quantifying my attention across devices

Rescue Time in Jan 2018My frustration with tracking my smartphone use, the apps permissions and data use; drove me back to rescue time.

I decided it’s time to combine the time I spend on different devices together in a sensible way. Previously I had used rescue time even with the bulk collection of personal data a worry. But a long time ago there was no sensible rescue time tracker/scrobbler for Linux. I remember trying the early betas and not being impressed at all.

So coming back years later I was happy to see a scrobbler on every platform including android and Linux. Not even a tgz but a deb package which is easy as pie on Ubuntu. After installing it and recovering my old account; I was up and going quickly. It doesn’t use much resources on android or Linux and sits quietly in the background.

The breakdown is impressive and making changes to the categories makes things very interesting. For example here’s Monday time (bear in mind I was ill in the morning but you can see once I was awake, I was off and running)

RescueTime - Categories 10 jan

I also have Hamster time data which I can combine if I like to really understand and drill down.

My hamstertime data for 8th JanIt might seem like overkill but as most of this is automated, theres little I need to do.

What does your circadian rhythm say?

It’s always been clear that sleep is a big deal and more and more research is coming out to show the massive effect sleep can have in our lives. Especially at critical times of our development.

I have been tracking (quantifying) my sleeping solidly for about 3-5 years and its surprising to see the effect of the things like different alcohol drink, cheese, coffee, milk and chocolate. I also been to many events, with the last one being Cafe Sci: Myth and Science of Sleep. I generally track my dreams now, which is quite different from previously when I use to track them with a lot more detail.

Tracking sleep can seem a but of nonsense; I mean leaving your phone on your bed while you sleep or using a wristband device to collect data can seem poor for data collection. However with some calibration and a few months data, it becomes clear through the patterns whats good quality and bad quality sleep; oppose to the length of sleep. The key being the cycles of sleep… Light sleep into REM into deep sleep into light sleep and over again.

Sleep as Android data

Here is me sleeping in a hotel for 5hrs 49mins after drinking cocktails in London during the week of Mozfest. You can see the alcohol puts me into deep sleep quickly but it takes a while for my body to get back into its normal sleep pattern. I also had a done a lot of walking that day.

graph_detail_20171019_1.11

This clearly shows although I had 7hrs 21mins of sleep when I woke up, I felt like crap. To be fair I had red wine, and was on cold meds to get rid of my long lingering cold. Once again I was in a hotel, this time in Sarajevo. No coffee this time.

graph_detail_20171119_1.30

This is from todays sleep, even with a few scoops of ice cream and coffee, I slept extremely well and woke up feeling pretty fresh and ready to take on the world.

I use Sleep as Android with my Pebble watch. I do sync everything to Google Fit, Google Drive and Dropbox to make a personal back up for myself.

Ultimately I would clearly say I have learned so much by looking at the patterns, especially over a longer period of time.

Urban legend says facebook is listening

8409207368_b4acce604e_c_d

There so much talk about Facebook and other west coast megacorps (the 5 stacks) listening in on our conversations. To be fair its part of the reason why I don’t like Whatsapp who own and can do what ever they like to the metadata of your conversations. It’s all become a bit of an urban legend, but to be fair the megacorps are doing an incredibly bad job explaining how things are happening (little to no transparency, but to be fair it’s not fitting with their business model).

Even a recent episode of Reply All tackled this field – #109 Is Facebook spying on you.

You can look & listen to the rising concern the public have around their privacy; and the increasing number of stories. I you can’t help but think maybe there is a change coming? Or at least I’d like to think so… but its clear there is a lack of understanding of data by the general public.

For example

“One of the things that Facebook can do is if you like something, it can advertise that thing to your friends. So the brother-in-law obviously signaled to Facebook that he was into white supremacy somehow, and Charles’ friend was liking a lot of the guy’s posts, and they were friends on Facebook, so Facebook was like, “Alright, well, why don’t I advertise this white supremacist stuff to you.”

If you actually read the Facebook EULA, it actually says this but certainly not in such clear human readable words (its been a long while since I skimmed the FB eula, so may have changed – but doubt it). In my own experience, it’s also very hard for people to envision scenarios where the links matter, hence it may not be the actual data but the links between the data which suddenly make people worry and care; the data taken out of context. Most have no idea how many categories of data Facebook alone are sorting us all into.

This is hard to show and demonstrate without going; without going all black mirror or someones eyes glazing over. In my experience when talking about data most people shrug and say things like, “nothing to hide.”

Glass room recipt

During Mozfest this year I got the chance to walk around the Glass Room on Charing Cross Road, with the people at the ingenious bar giving out data detox kits. The kits are interesting because it’s aimed at a mass audience and the advice although simple is generally useful. I also found some of the installations good, especially the one where you are swiping through your facebook timeline (it was twitter for me) and 2 mins later, given a printed receipt of your work. (Funny enough, it felt like a lot longer than 2mins but then again, its not really the thing I do regularlly)

We certainly need more of this!

Hopefully more of these public interjections will start to move the discussion on from urban legends to a proper informed discussion about ethical data use. I believe FB and others are capitalising on the general public ignorance and its got to stop.

Whats that? Peer pressure?

Whatsapp on a phone

I recently came back from mobile roaming in Sarajevo; its been a while since I’ve been to a county where data roaming wasn’t as straight forward as its become. Even doing the standard replying to the automatic text didn’t work. (Although this isn’t about roaming data, although I have a long history when it comes to international roaming data).

It was kinda weird the assumption that everyone would be on Whatsapp. I understand the limitations of text messages and the greed of the mobile operators in the past around MMS and EMS, has crippled its use. Especially at 50p per message when internationally roaming on EE.

My colleagues ask over and over again, why am I not on Whatsapp? To be fair many others have asked the same question. So here’s some of my reasons.

  1. I simply don’t trust Facebook (owners of Whatsapp); I removed FB from my mobile devices and only put the lite version of messenger with all its permissions removed (inlcuding contact access)
  2. I read the Whatsapp End User Licence Agreement, a few years ago and then didn’t  agree with the terms especially around who they share the metadata with. I assume its changed but I don’t see a compelling reason to do it again.
  3. I don’t trust Whatsapp’s security implentation of Signals end to end message encryption; and is it all mute if Whatsapp is sharing the metadata anyway?
  4. This isn’t just because its FB; I don’t use Googe Allo either. I use certain systems for certain things. I get for most people Whatsapp is their ICQ but the benefit isn’t enough to make me use it.
  5. I don’t like the net neutrality issue, with certain mobile operators giving it priority over other services.

End of the day, everyone needs to make their own decision based on real information; not on social & peer pressure. Happy for you to be on Whatsapp but I won’t be joining you.

Data portability in online dating sooner than they think?

Dating Apps make money from attention & personal data

I have written a few times about disruption in online dating, heck its something which will be discussed at Mozilla Festival this year (tickets are available now).

But interestingly the EU’s General Data Protection Regulation may get in there ahead of any setup/network disruption. In the Guardian I saw a piece called Getting your data out of Tinder is really hard – but it shouldn’t be.

Its all about getting data back from Tinder (which remember is part of IAC/Match group)

…Duportail eventually got some of the rest of her data, but only on a voluntary basis, and only after she identified herself as a journalist. Her non-journalist friends who followed suit never got responses to similar requests.

Finally armed with the 800 pages she had clawed back from Tinder, Duportail wrote a story reflecting on her own relationship with her data, and the myopic view Tinder had of her love life. I feel her story helps bridge the chasm between those with information stored in the database and the architects behind it, providing much needed neutral common ground to democratically discuss power distributions in the digital economy.

Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.

I know there is a lot of push back from the big American internet corps, but this is coming and the there is no way they can wriggle out of it?

…beyond the much older right of access, the true revolution of GDPR will come in the form of a new right for all European citizens: the right to portability.

It seems like such a small thing but actually it has the potential to be extremely disruptive. Heck its one of the things I wanted back in early 2011. Imagine all those new services which could act like brokers and enable choice! It could be standard to have the ability to export and import rich data sets like Attention profile markup language (APML).

I just wish we were staying in Europe, although the UK has agreed to take GDPR, thankfully! There was no way, if they were left on their own, this would ever come about; like it looks like it might.

Oh Plex, why oh why?

XBMC media centre

I know the picture above isn’t Plex but rather XBMC/KODI but this shot sums up how I feel about Plex right now.

I have been using Plex server quite a bit and decided that I would snap up a lifetime PlexPlus pass a while ago. So I was pretty peed when they updated their policy around data collection. From Plex’s Highlights of what is changing:

Upcoming features and services involving third-party and ad-supported content will require Plex to collect and, in some cases, share information about the third-party content you are streaming. For clarity, third-party content is content that we deliver or stream to you that is not contained in your personal media library.

Ok thats annoying for me but not too much of pain as I don’t really use the Plex addons/plugins. I know others are more upset about this.

In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm.

We will no longer allow (including paid lifetime!) users to opt-out! Also usually when you get something like this, its anonymous data collection. I know later its makes it sound like anonymous but it never actually says this. I still need to read through the privacy policy in full again. But this feels like it might break a EU data law and for sure the ones coming soon. (Plex is based in Delware & Switzerland)

To be fair I’ve had a task to try out Emby for a long while, but this begs the question of what happens to my Plex pass and why don’t Plex share collected data with us? Luckily plex data portability isn’t such a pain. Also its another reason why most of my media consumption is through Kodi not Plex.

BBC Newsnight on Cambridge Analytica

Was Britain’s EU referendum hijacked by the American alt-right using a technique known as psychographics? Gabriel Gatehouse from BBC Newsnight reports on the data analytics firm Cambridge Analytica.

I’ve said so much stuff about this already but frankly “Overzealous PR?” is total laughable crap! I actually laughed quite a lot when I heard this. Its very clear they were involved (to one degree or not) and like a kid with their finger in the cookie jar, they got caught.

Welcomed back to the Quantified Self

Quantified Self 2017

Everytime I go to the Quantified Self conference (2013 & 2014), I walk away with something more than I was expecting. Its been 3 years since I was last at the conference and a lot has happened in that tme. The Quantified Self has shifted from the heydays of super stardom on the front of wired magazine; to everywhere and nowhere. By nowhere, I mean its not really talked about because its actually everywhere. The amount of people with some kind of app or device which they are actively tracking something is so huge. This also raises the question of Self-Tracking vs. Self-Surveillance (which Jana Beck actually covered in her breakout session); are most people self-tracking or is some other entity surveying them? There’s also a debate about how enabling they really are for most people who received a Fitbit for a present.

Garry Wolf raised the topic of what is the quantified self at the start of the first day in the opening talk. Lots of people answered the question from their point of view and it was good to hear the diversity of answers and people building on the previous one.

When back with Gary, he concluded the conversation with a final thought on the subject…

“Everyday science through examination of yourself”

Gary also noted it’s been 10 years since the first conference and threw out 10 interesting points over the last 10 years, plenty to think about; including a Michael Polanyi quote and a request for people to take part in a live experiment around smartphone use. The results were revealed at the end of the day and were quite a shock. I personally only looked at my phone twice over the first day. But as I explained I have my tablet and laptop. It was interesting to hear I wasn’t the only one to have different apps on their different devices. This lead nicely into a group discussion about smartphone use.

Its so easy to feel the fear of missing out (FOMO) at the Quantified Self conference, as there is on average 8-9 things happening in parallel. You really have to pick and if its not for you, move on. Its very much the BarCamp rule of two feet.

Like the rule of two feet, here’s my highlights of the conference.

Session 1: Show & Tells

Quantified Self 2017

I missed the first one by Jana Beck on tracking crying but I got in to see Aaron Parecki kicked off the ignite talks; he later did a session which I’ll dig into the details of with data portability and data ethics in mind. The big things for me was the micropub plugs. I’m going to simplify micropub by saying its like ifttt but open, decentralised and a W3C standard supported by the indieweb community. That was the point when I thought I need to check this out in detail because it reminded me of the media pipeline thoughts I had a long long time ago.

Ahnjili ZhuParris gave a ignite talk which was all about her quantifying her psychedelic experiences. Yes you heard right…She quantified her drugs use to improve her trips! Truly shows how diverse the things track can be. It was captivating to say the least.

Session 2: Self-Tracking vs. Self-Surveillance

This breakout session run by Jana Beck and was full of interesting points. Of course Hasan Elahi was brought up and the group tried to understand the difference between tracking & surveillance. It seemed to boil down to judgment from which entity? Both have issues including the illusion of perfection which can drive self-tracking; and of course the issues of external surveillance are very well know.

This is where I first met the open university who are working on a project called monetize.me. I also bumped into Kley Reynolds who I’ve been thinking about since 2013, when I heard him talk about using QS data to create a fingerprint for data & identity.

Session 3: Connecting Self-Tracking Data to Home Assistants

In this session I helped a out with another person as the speaker couldn’t make it due to flight problems. Myself and Jacqueline took over the session hoping someone would come with some more experience in using home assistants to track something. I had some experience with Amazon Alexia & Google Home but not for quantified/tracking. I could see how it might be possible with something like ifttt but not directly.

We didn’t have to wait long till some knowledgeable people stepped in and a discussion kicked off. I kept going back to the fact these devices are in group/family spaces. Somewhere along the line, Jacqueline & me started thinking about how you could use these devices to bring together a family and nudge them to eat more healthy through dinner time checkins. I feel theres a unpolished gem somewhere there.

Session 4: Using Your Data to Influence Your Environment

Quantified Self 2017

I ran this session and I knew with a brief skim through object media and perceptive media, Questions and thoughts would come from a very data literate crowd. I wasn’t wrong.

Lost of thoughts about the role of public in a media landscape which can be changed and modified. There was a lot of discussion about why and the true benefits of using personal data in storytelling. In retrospect I should have shown parts of my interview back in 2013: We research how personal data and storytelling can be combined.

Points were made about customization vs personalization; people felt that was a big difference and could be the cause for some backlash. There was also a feeling that they would want to know how much things are customized and why if interested. Also there was a sense negotiation was a key aspect in this all, something we are exploring with the Databox project. There was a sense you could try it with little data shared then decide to ramp it up later to see what difference it made to what you saw first time.

A interesting fact was mentioned that fruit machines can be skinned in as quick as 20seconds. This was mentioned when talking about customization of the reality around you. Which led to Minority Report discussions.

It was a positive discussion but lots of worries about how to tell stories with enough richness/depth to work with the diversity of personal data that may be shared or used.

End of the first day

There was lots of discussions following the smartphone experiment at the start of the day. A small list of good ways to stop being distracted by your smartphone started to emerge.

I used Quality Time and as said previously clocked up 2 checks and only 20secs of actual screen time. Some people ran into multiple hours.

Quantified Self 2017

This crossed with Aaron’s list deserves a blog of its own really… (coming soon – honestly!)

More than optimization (day 2)

Quantified Self 2017

The over optimization intrigued me on paper as there is always a dark sense of over quantification in the hope of perfection? I hadn’t really thought how it could be used in team sports to create personalize routines for each rugby team member instead of applying a routine to the team broad brush; it makes perfect sense right?

Session 5: Making money from your own data with Monetize.me

After meeting Monetize.me in the second session, I went along to a dedicated session. I think the plan for the session went slightly out the window but it was fruitful and it all came down to data negotiation. I did talk about the databox project and wondered how they hadn’t come across each other?

There was a lot of questions about how much is data actually worth? I pointed at Jennifer Moore and her position as the first personal limited company. I also mentioned how fresh/realtime is the data.

Of course this all lead to questions asking if you could treat all data the same? What about data discrimination and finally what are the business models which can emerge and what needs to change for it to be?

I also learned about Bitwalking which generates a crypto-currancy from the amount you walk.

Session 6: How to plan for data access with choosing a QS tool

Quantified Self 2017

I mentioned Aaron Parecki’s ignite talk earlier, and there was plenty more depth in his workshop. Aaron started out explaining the process he’s gone through with quantifying himself. He talked about the pain of data portability through broken devices and closed services. This all lead him to a checklist he uses.

  • How much effort is required?
  • How does it Sync?
  • What is the sustainability of the service/product?
  • What is the data portability options?
  • Whats the competition like?

Each point had a bunch of issues under them for example in how does it sync; breaks down to questions about centralized servers vs direct sync to a local computer/device. Sustainability was focused on business models of the likes of Apple, Google, Fitbit, Jawbone, etc. All very different and it all depends on the user which once they are comfortable they are with it (if everything is made transparent, and the user can make a real informed choice!). I talked about Gadgetbridge in connection with effort and syncing.

Hopefully Aaron will make his slides public (but this needs some more thought!)

Session 7: Self-Tracking for the Good of the World

With my public service hat on, I went along to Justin’s session. We explored some of the issues with the internet and I did say, we should be looking at the work Mozilla are doing around the internet health report, but we focused on other things.

One of those things was the packages; packages being things which are a mix of hardware, software and service. This was intriguing to me and got me thinking about opinionated software.

We talked about the public benefit of quantified health but there was a large conversation about how you compare data when the different black box devices can’t agree on a step actually is. This was when someone suggested some governance and that the Quantified Self site has a large number of devices/services/packages reviewed. Maybe there should be some kind of ranking system and clear indicator of different aspects of that thing (you could use Aaron Parecki’s indicators) . You can imagine the QS community making it clear what devices are to be avoided and best practices.

I tweeted Gary to say its time the Quantified Self got political.

Session 8: Quantified Self meetups

I drifted around a few sessions but settled on a session about the meetups, as the Manchester Quantified Self meetup stalled a little while ago. Last time I was at the conference I was inspired to setup a QS meetup. I’m still inspired to run the meetup but it was great to hear from those new and old to the meetups.

Sharing stories and hearing from Steven who is well known in Quantified Self circles was very useful. There was lots of questions about the choice of the format, use of meetup, etc. Steven pretty much said the Quantified Self will support any changes the organizers make. That would include format, event, description, etc changes.

Like Gary said at the start of the first day, things are always changing and they are flexible to these.

With this in mind, I have kicked off another Manchester Quantified Self with a different format.

The wrap ups

Quantified Self 2017

The last keynote talks were fascinating and centered around circular/cyclical time. The picture of the complexity of patterns summed up so much of it.

The people

The best thing about Quantified Self conference is the people, they are so amazing. No edge, just open and all so geeky. No matter where we were it was great conversations which spilled out from the many sessions I didn’t get a chance to attend.

Quantified Self 2017

On the first evening we started at the Casa balcony bar then had dinner at the Café-restaurant De Ysbreeker and ended up Canvas again. Love that place and its so weird seeing it become this incredible place now from the squat it use to be.

On the second night, we headed out in search of cocktails (theres a story behind this, which I never actually posted till now). We almost ended up at Prik and Blue boy which will make 3 people laugh. This time we ended up in a Amsterdam festival and then a speakeasy place called Door 74. Being a geeky quantifiers, we decided to hack friendship by trying the 36 questions in a group.

We didn’t get far, but I actually think it worked…

Quantified Self 2017

Another great time at the Quantified Self… So much learned so much to think and act on. If I have anything to do with it, I’ll be back next year for sure. Massive thanks to everyone who I bumped into over the 2 full days. It was emotional, fun and exciting all at the same time. Special thanks to the newbies who I spent a lot of time with.

Quantified Self 2017