POF first to respond to my GDPR request

Plenty of Fish

I mentioned how I emailed a load of dating sites for my data and then some… Under GDPR. So far I’ve been bounced around a little but POF is the first positive email I gotten so far…

PlentyofFish (“POF”) has received your recent request for a copy of the personal data we hold about you.

For your protection and the protection of all of our users, we cannot release any personal data without first obtaining proof of identity.

In order for us to verify your identity, we kindly ask you to:

1. Respond to this email from the email address associated with your POF account and provide us the username of your POF account.

2. In your response to this email, please include a copy of a government-issued ID document such as your passport or driving license. Also, we ask you to please cover up any personal information other than your name, photo and date of birth from the document as that is the only information we need.

We may require further verification of your identity, for example, if the materials you provide us do not establish your identity as being linked to the account in question.

Please note that if you previously closed your account, your data may be unavailable for extraction as we proceed to its deletion or anonymization in accordance with our privacy policy. Even if data is still available for extraction, there is some information we cannot release to you including information that would likely reveal personal information about other users. Those notably include messages you received on POF, which are not provided out of concern for the privacy of the senders.

Best,

POF Privacy Team

Well I guess they are being careful at least but will be interested to see what other questions they ask me.

Still wondering when the rest will get in touch?

Data portability and GDPR, been waiting a long time for this

EU GDPR 2018

One of the things I always wanted but never couldn’t see how it would happen without the good will of companies. Was real data portability of my own data.

Google, Facebook and others do provide a data dump but I found it really interesting to see the difference in my Facebook dump/zip/archive. I request it every year or when something changes. This year I did one while Facebook struggled to deal with the impact of Cambridge Analytica and the new GDPR changes.

In 2017 my zip was 31.4 MB (31,425,658 bytes)
In 2018 my zip was 171.3 MB (171,267,617 bytes)

Unlike previously FB included ALL the media in the messages I’ve exchanged with friends. All those gifs and videos friends have shared are now in the dump. I find it interesting they were not included previously. Which always raises the question of ownership. Something we (dataportability group) talked a lot.

I’m so looking forward to similar with other services… Although I’m still unsure if you can legally create services which use the data exports to import or not. It should be possible, as its your data.

Having already crafted a email to send to OKCupid, POF, Bumble, Tinder and some other dating sites similar to when the journalist requested every bit of data they had on her. Its set to send on May 25th which is the day when GDPR comes into effect aka tomorrow!

Thanks to Ubergill for much improving the email I originally drafted…

I’m looking forward to the replies!

Dear {service}

I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am still concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information.

I would like you to be aware at the outset, that I expect a reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the Information Commissioner’s Office.

Please advise as to the following:

  1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.
  2. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, or voice or other media that you may store.
  3. Additionally, please advise me in which countries my personal data is stored, or accessible from. In case you make use of cloud services to store or process my data, please include the countries in which the servers are located where my data are or were (in the past 12 months) stored.
  4. Please provide me with a copy of, or access to, my personal data that you have or are processing.
  5. Please provide me with a detailed account of the specific uses that you have made, are making, or will be making of my personal data.
  6. Please provide a list of all third parties with whom you have (or may have) shared my personal data.
  7. If you cannot identify with certainty the specific third parties to whom you have disclosed my personal data, please provide a list of third parties to whom you may have disclosed my personal data.
  8. Please also identify which jurisdictions that you have identified in 1(b) above that these third parties with whom you have or may have shared my personal data, from which these third parties have stored or can access my personal data. Please also provide insight in the legal grounds for transferring my personal data to these jurisdictions. Where you have done so, or are doing so, on the basis of appropriate safeguards, please provide a copy.
  9. Additionally, I would like to know what safeguards have been put in place in relation to these third parties that you have identified in relation to the transfer of my personal data.
  10.  Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.
  11. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14of the GDPR.
  12. If you are making automated decisions about me, including profiling, whether or not on the basis of Article 22 of the GDPR, please provide me with information concerning the basis for the logic in making such automated decisions, and the significance and consequences of such processing.
  13.  I would like to know whether or not my personal data has been disclosed inadvertently by your company in the past, or as a result of a security or privacy breach.
  14. If so, please advise as to the following details of each and any such breach:
  15. a general description of what occurred;
  16. the date and time of the breach (or the best possible estimate);

iii. the date and time the breach was discovered;

  1. the source of the breach (either your own organisation, or a third party to whom you have transferred my personal data);
  2. details of my personal data that was disclosed;
  3. your company’s assessment of the risk of harm to myself, as a result of the breach;

vii. a description of the measures taken or that will be taken to prevent further unauthorised access to my personal data;

viii. contact information so that I can obtain more information and assistance in relation to such a breach, and

  1. information and advice on what I can do to protect myself against any harms, including identity theft and fraud.
  2. If you are not able to state with any certainty whether such an exposure has taken place, through the use of appropriate technologies, please advise what mitigating steps you have taken, such as
  3. Encryption of my personal data;
  4. Data minimisation strategies; or,

iii. Anonymisation or pseudonymisation;

  1. Any other means
  2. I would like to know your information policies and standards that you follow in relation to the safeguarding of my personal data, such as whether you adhere to ISO27001for information security, and more particularly, your practices in relation to the following:
  3. Please inform me whether you have backed up my personal data to tape, disk or other media, and where it is stored and how it is secured, including what steps you have taken to protect my personal data from loss or theft, and whether this includes encryption.
  4. Please also advise whether you have in place any technology which allows you with reasonable certainty to know whether or not my personal data has been disclosed, including but not limited to the following:
  5. Intrusion detection systems;
  6. Firewall technologies;

iii. Access and identity management technologies;

  1. Database audit and/or security tools; or,
  2. Behavioural analysis tools, log analysis tools, or audit tools;
  3.  In regards to employees and contractors, please advise as to the following:
  4. What technologies or business procedures do you have to ensure that individuals within your organisation will be monitored to ensure that they do not deliberately or inadvertently disclose personal data outside your company, through e-mail, web-mail or instant messaging, or otherwise.
  5. Have you had had any circumstances in which employees or contractors have been dismissed, and/or been charged under criminal laws for accessing my personal data inappropriately, or if you are unable to determine this, of any customers, in the past twelve months.
  6. Please advise as to what training and awareness measures you have taken in order to ensure that employees and contractors are accessing and processing my personal data in conformity with the General Data Protection Regulation.

Thank you,

Ian

We present the Living room of the future…

living room of the future flyer

I’ve been working on the living room of the future and write about it quite a few other places including the BBC R&D blog.

Its part of the reason for the radio silence recently, but honestly the team of 3 universities and 2 arts organisations have been hard at work to create the live demonstrator of the living room of the future.

living room of the future

I won’t lie, its bloody exciting not only for the experience but what it enables and stands for. I highly recommend taking part in the research if you are able to come to Liverpool from Thursday 3rd – 8th May.

Of course I don’t want to reveal too much and although its hard to do much of a spoiler as its about a shared experience. Our twitter bot is doing a good job showing the inners of what going on if you are wondering.

There has been a question for a while which people always ask. Why the living room? To which I answer sensitive place, common private area for discussions, there are existing social hierarchies at play in the space and its place for small audiences. Its also a complex space which I’ve seen talked about a lot recently.

BD3-34 - Pilsen St bedsit with armchair

I found Millennials don’t need living rooms, piece from the Independent fascinating.

A prominent architect has argued millennials do not need living rooms and their housing prospects would be greatly improved if size regulations were overhauled.

Patrik Schumacher, who took over as head of Zaha Hadid Architects after the legendary founder died in early 2016, said “hotel room-sized” studio flats were ideal for young people who led busy lives.

In a paper published by the Adam Smith Institute, he suggested size rules should be reviewed to increase the number of studio flats available to those on lower incomes.

While a 25-square-metre flat is the minimum in Japan, in the UK the minimum is 37 square metres for a one-bed.

Although reading through the piece, it sounds like a land grab to change the regulation and fit even more property in smaller spaces. There is a slight point that the price of property is super high and this could help (IF) prices don’t increase they are currently.

Polly Neate, CEO of housing charity Shelter, hit back at the architect’s remarks. “Tiny homes don’t necessarily mean cheaper homes, and at Shelter we know that having a decent place to live is vital for people’s well-being. So compromising on space and quality isn’t going to do anyone any favours,” she told The Independent.

“Homes in the UK are not expensive because they are too large, they are too expensive because our housing market is broken. When big developers realise they can squeeze, for example, 20 tiny homes on the same patch of land that once fit just ten then the price of land will rise to reflect this.

“The solution to the housing crisis is not to build ever smaller homes but to bring down the price of land and build the type of genuinely affordable homes that people actually want to live in.”

My thoughts went back and forth while reading but I wondered if the living space is squeezed what will disappear? Maybe the living room or kitchen will be first to go, looking at Japanese flats for example.

There was a choice in building the living room of the future, that it should be big or small? What was it it and what wasn’t. We decided on small to reflect the trend on smaller shared spaces and the need for the 3rd space.

Looking at the other side of the living room project, it was also fascinating to read about the UK’s first smarthome with Apple home kit baked in. The obviously scares the life out of me but every buyer of smart homes should read the house which spied on me and also the follow up which explains how it worked.

The house which spied on me

In December, I converted my one-bedroom apartment in San Francisco into a “smart home.” I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid’s toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Its super revealing and a very good long read. It speaks volumes about the different data which flows around our homes and spaces like the living room.

So what you waiting for, get yourself a ticket now!

Remember what Zuckerberg said about its trusted users?

Mark Zuckerberg is “deluded” by his own faith in Facebook’s ability to be a force for good in the world.

I have so many pieces saved in my wallabag archive about the faccebook/cambridge analytica data issues (it is not a breach!). As I read, more information comes to light.

But I am always reminded of what Zuckerberg said about its trusted users… and it sums up so much.

Dumb fucks…

The thing about the statement is although it might be throw away in nature it speaks volumes about the way Zuckerberg thinks about Facebook users. It also interesting to think how Facebook is makes users feel that way, taking the power and control out of their hands. The reactions to the reveals have been so-so like when Edward Snowdon revealed the mass surveillance of millions of citizens around the world.

But its super clear, no matter how powerless we all feel, its super important to not lose sight that these giant companies have weaponised data, algorithms and psychology against us all. Running from one service to another isn’t so helpful in the long run.

We need to be more conscious about our decisions physically, mentally and virtually or be the dumb fucks Zuckerberg talked about.

Quantifying my attention across devices

Rescue Time in Jan 2018My frustration with tracking my smartphone use, the apps permissions and data use; drove me back to rescue time.

I decided it’s time to combine the time I spend on different devices together in a sensible way. Previously I had used rescue time even with the bulk collection of personal data a worry. But a long time ago there was no sensible rescue time tracker/scrobbler for Linux. I remember trying the early betas and not being impressed at all.

So coming back years later I was happy to see a scrobbler on every platform including android and Linux. Not even a tgz but a deb package which is easy as pie on Ubuntu. After installing it and recovering my old account; I was up and going quickly. It doesn’t use much resources on android or Linux and sits quietly in the background.

The breakdown is impressive and making changes to the categories makes things very interesting. For example here’s Monday time (bear in mind I was ill in the morning but you can see once I was awake, I was off and running)

RescueTime - Categories 10 jan

I also have Hamster time data which I can combine if I like to really understand and drill down.

My hamstertime data for 8th JanIt might seem like overkill but as most of this is automated, theres little I need to do.

What does your circadian rhythm say?

It’s always been clear that sleep is a big deal and more and more research is coming out to show the massive effect sleep can have in our lives. Especially at critical times of our development.

I have been tracking (quantifying) my sleeping solidly for about 3-5 years and its surprising to see the effect of the things like different alcohol drink, cheese, coffee, milk and chocolate. I also been to many events, with the last one being Cafe Sci: Myth and Science of Sleep. I generally track my dreams now, which is quite different from previously when I use to track them with a lot more detail.

Tracking sleep can seem a but of nonsense; I mean leaving your phone on your bed while you sleep or using a wristband device to collect data can seem poor for data collection. However with some calibration and a few months data, it becomes clear through the patterns whats good quality and bad quality sleep; oppose to the length of sleep. The key being the cycles of sleep… Light sleep into REM into deep sleep into light sleep and over again.

Sleep as Android data

Here is me sleeping in a hotel for 5hrs 49mins after drinking cocktails in London during the week of Mozfest. You can see the alcohol puts me into deep sleep quickly but it takes a while for my body to get back into its normal sleep pattern. I also had a done a lot of walking that day.

graph_detail_20171019_1.11

This clearly shows although I had 7hrs 21mins of sleep when I woke up, I felt like crap. To be fair I had red wine, and was on cold meds to get rid of my long lingering cold. Once again I was in a hotel, this time in Sarajevo. No coffee this time.

graph_detail_20171119_1.30

This is from todays sleep, even with a few scoops of ice cream and coffee, I slept extremely well and woke up feeling pretty fresh and ready to take on the world.

I use Sleep as Android with my Pebble watch. I do sync everything to Google Fit, Google Drive and Dropbox to make a personal back up for myself.

Ultimately I would clearly say I have learned so much by looking at the patterns, especially over a longer period of time.

Urban legend says facebook is listening

8409207368_b4acce604e_c_d

There so much talk about Facebook and other west coast megacorps (the 5 stacks) listening in on our conversations. To be fair its part of the reason why I don’t like Whatsapp who own and can do what ever they like to the metadata of your conversations. It’s all become a bit of an urban legend, but to be fair the megacorps are doing an incredibly bad job explaining how things are happening (little to no transparency, but to be fair it’s not fitting with their business model).

Even a recent episode of Reply All tackled this field – #109 Is Facebook spying on you.

You can look & listen to the rising concern the public have around their privacy; and the increasing number of stories. I you can’t help but think maybe there is a change coming? Or at least I’d like to think so… but its clear there is a lack of understanding of data by the general public.

For example

“One of the things that Facebook can do is if you like something, it can advertise that thing to your friends. So the brother-in-law obviously signaled to Facebook that he was into white supremacy somehow, and Charles’ friend was liking a lot of the guy’s posts, and they were friends on Facebook, so Facebook was like, “Alright, well, why don’t I advertise this white supremacist stuff to you.”

If you actually read the Facebook EULA, it actually says this but certainly not in such clear human readable words (its been a long while since I skimmed the FB eula, so may have changed – but doubt it). In my own experience, it’s also very hard for people to envision scenarios where the links matter, hence it may not be the actual data but the links between the data which suddenly make people worry and care; the data taken out of context. Most have no idea how many categories of data Facebook alone are sorting us all into.

This is hard to show and demonstrate without going; without going all black mirror or someones eyes glazing over. In my experience when talking about data most people shrug and say things like, “nothing to hide.”

Glass room recipt

During Mozfest this year I got the chance to walk around the Glass Room on Charing Cross Road, with the people at the ingenious bar giving out data detox kits. The kits are interesting because it’s aimed at a mass audience and the advice although simple is generally useful. I also found some of the installations good, especially the one where you are swiping through your facebook timeline (it was twitter for me) and 2 mins later, given a printed receipt of your work. (Funny enough, it felt like a lot longer than 2mins but then again, its not really the thing I do regularlly)

We certainly need more of this!

Hopefully more of these public interjections will start to move the discussion on from urban legends to a proper informed discussion about ethical data use. I believe FB and others are capitalising on the general public ignorance and its got to stop.

Whats that? Peer pressure?

Whatsapp on a phone

I recently came back from mobile roaming in Sarajevo; its been a while since I’ve been to a county where data roaming wasn’t as straight forward as its become. Even doing the standard replying to the automatic text didn’t work. (Although this isn’t about roaming data, although I have a long history when it comes to international roaming data).

It was kinda weird the assumption that everyone would be on Whatsapp. I understand the limitations of text messages and the greed of the mobile operators in the past around MMS and EMS, has crippled its use. Especially at 50p per message when internationally roaming on EE.

My colleagues ask over and over again, why am I not on Whatsapp? To be fair many others have asked the same question. So here’s some of my reasons.

  1. I simply don’t trust Facebook (owners of Whatsapp); I removed FB from my mobile devices and only put the lite version of messenger with all its permissions removed (inlcuding contact access)
  2. I read the Whatsapp End User Licence Agreement, a few years ago and then didn’t  agree with the terms especially around who they share the metadata with. I assume its changed but I don’t see a compelling reason to do it again.
  3. I don’t trust Whatsapp’s security implentation of Signals end to end message encryption; and is it all mute if Whatsapp is sharing the metadata anyway?
  4. This isn’t just because its FB; I don’t use Googe Allo either. I use certain systems for certain things. I get for most people Whatsapp is their ICQ but the benefit isn’t enough to make me use it.
  5. I don’t like the net neutrality issue, with certain mobile operators giving it priority over other services.

End of the day, everyone needs to make their own decision based on real information; not on social & peer pressure. Happy for you to be on Whatsapp but I won’t be joining you.

Data portability in online dating sooner than they think?

Dating Apps make money from attention & personal data

I have written a few times about disruption in online dating, heck its something which will be discussed at Mozilla Festival this year (tickets are available now).

But interestingly the EU’s General Data Protection Regulation may get in there ahead of any setup/network disruption. In the Guardian I saw a piece called Getting your data out of Tinder is really hard – but it shouldn’t be.

Its all about getting data back from Tinder (which remember is part of IAC/Match group)

…Duportail eventually got some of the rest of her data, but only on a voluntary basis, and only after she identified herself as a journalist. Her non-journalist friends who followed suit never got responses to similar requests.

Finally armed with the 800 pages she had clawed back from Tinder, Duportail wrote a story reflecting on her own relationship with her data, and the myopic view Tinder had of her love life. I feel her story helps bridge the chasm between those with information stored in the database and the architects behind it, providing much needed neutral common ground to democratically discuss power distributions in the digital economy.

Given the popularity of her story, and my overflowing inbox, I would say many agree. And indeed, you should expect more similar stories to be unearthed in the future because of the upcoming General Data Protection Regulation (GDPR). From May 2018, the new European-level regulation will come into force, claiming wider applicability – including on US-based companies, such as Tinder, processing the personal data of Europeans – and harmonising data protection and enforcement by “levelling up” protections for all European residents.

I know there is a lot of push back from the big American internet corps, but this is coming and the there is no way they can wriggle out of it?

…beyond the much older right of access, the true revolution of GDPR will come in the form of a new right for all European citizens: the right to portability.

It seems like such a small thing but actually it has the potential to be extremely disruptive. Heck its one of the things I wanted back in early 2011. Imagine all those new services which could act like brokers and enable choice! It could be standard to have the ability to export and import rich data sets like Attention profile markup language (APML).

I just wish we were staying in Europe, although the UK has agreed to take GDPR, thankfully! There was no way, if they were left on their own, this would ever come about; like it looks like it might.

Oh Plex, why oh why?

https://www.flickr.com/photos/cubicgarden/4303608740/

I know the picture above isn’t Plex but rather XBMC/KODI but this shot sums up how I feel about Plex right now.

I have been using Plex server quite a bit and decided that I would snap up a lifetime PlexPlus pass a while ago. So I was pretty peed when they updated their policy around data collection. From Plex’s Highlights of what is changing:

Upcoming features and services involving third-party and ad-supported content will require Plex to collect and, in some cases, share information about the third-party content you are streaming. For clarity, third-party content is content that we deliver or stream to you that is not contained in your personal media library.

Ok thats annoying for me but not too much of pain as I don’t really use the Plex addons/plugins. I know others are more upset about this.

In order to understand the usage across the Plex ecosystem and how we need to improve, Plex will continue to collect usage statistics, such as device type, duration, bit rate, media format, resolution, and media type (music, photos, videos, etc.). We will no longer allow the option to opt out of this statistics collection. Again, we will not collect any information that identifies libraries, files, file names, and/or the specific content stored on your privately hosted Plex Media Servers. The only exception to this is when, and only to the extent, you use Plex with third-party services such as Sonos, Alexa, webhooks, and Last.fm.

We will no longer allow (including paid lifetime!) users to opt-out! Also usually when you get something like this, its anonymous data collection. I know later its makes it sound like anonymous but it never actually says this. I still need to read through the privacy policy in full again. But this feels like it might break a EU data law and for sure the ones coming soon. (Plex is based in Delware & Switzerland)

To be fair I’ve had a task to try out Emby for a long while, but this begs the question of what happens to my Plex pass and why don’t Plex share collected data with us? Luckily plex data portability isn’t such a pain. Also its another reason why most of my media consumption is through Kodi not Plex.

BBC Newsnight on Cambridge Analytica

https://www.youtube.com/watch?v=k6Vn45Xt3y8

Was Britain’s EU referendum hijacked by the American alt-right using a technique known as psychographics? Gabriel Gatehouse from BBC Newsnight reports on the data analytics firm Cambridge Analytica.

I’ve said so much stuff about this already but frankly “Overzealous PR?” is total laughable crap! I actually laughed quite a lot when I heard this. Its very clear they were involved (to one degree or not) and like a kid with their finger in the cookie jar, they got caught.

Welcomed back to the Quantified Self

Quantified Self 2017

Everytime I go to the Quantified Self conference (2013 & 2014), I walk away with something more than I was expecting. Its been 3 years since I was last at the conference and a lot has happened in that tme. The Quantified Self has shifted from the heydays of super stardom on the front of wired magazine; to everywhere and nowhere. By nowhere, I mean its not really talked about because its actually everywhere. The amount of people with some kind of app or device which they are actively tracking something is so huge. This also raises the question of Self-Tracking vs. Self-Surveillance (which Jana Beck actually covered in her breakout session); are most people self-tracking or is some other entity surveying them? There’s also a debate about how enabling they really are for most people who received a Fitbit for a present.

Garry Wolf raised the topic of what is the quantified self at the start of the first day in the opening talk. Lots of people answered the question from their point of view and it was good to hear the diversity of answers and people building on the previous one.

When back with Gary, he concluded the conversation with a final thought on the subject…

“Everyday science through examination of yourself”

Gary also noted it’s been 10 years since the first conference and threw out 10 interesting points over the last 10 years, plenty to think about; including a Michael Polanyi quote and a request for people to take part in a live experiment around smartphone use. The results were revealed at the end of the day and were quite a shock. I personally only looked at my phone twice over the first day. But as I explained I have my tablet and laptop. It was interesting to hear I wasn’t the only one to have different apps on their different devices. This lead nicely into a group discussion about smartphone use.

Its so easy to feel the fear of missing out (FOMO) at the Quantified Self conference, as there is on average 8-9 things happening in parallel. You really have to pick and if its not for you, move on. Its very much the BarCamp rule of two feet.

Like the rule of two feet, here’s my highlights of the conference.

Session 1: Show & Tells

Quantified Self 2017

I missed the first one by Jana Beck on tracking crying but I got in to see Aaron Parecki kicked off the ignite talks; he later did a session which I’ll dig into the details of with data portability and data ethics in mind. The big things for me was the micropub plugs. I’m going to simplify micropub by saying its like ifttt but open, decentralised and a W3C standard supported by the indieweb community. That was the point when I thought I need to check this out in detail because it reminded me of the media pipeline thoughts I had a long long time ago.

Ahnjili ZhuParris gave a ignite talk which was all about her quantifying her psychedelic experiences. Yes you heard right…She quantified her drugs use to improve her trips! Truly shows how diverse the things track can be. It was captivating to say the least.

Session 2: Self-Tracking vs. Self-Surveillance

This breakout session run by Jana Beck and was full of interesting points. Of course Hasan Elahi was brought up and the group tried to understand the difference between tracking & surveillance. It seemed to boil down to judgment from which entity? Both have issues including the illusion of perfection which can drive self-tracking; and of course the issues of external surveillance are very well know.

This is where I first met the open university who are working on a project called monetize.me. I also bumped into Kley Reynolds who I’ve been thinking about since 2013, when I heard him talk about using QS data to create a fingerprint for data & identity.

Session 3: Connecting Self-Tracking Data to Home Assistants

In this session I helped a out with another person as the speaker couldn’t make it due to flight problems. Myself and Jacqueline took over the session hoping someone would come with some more experience in using home assistants to track something. I had some experience with Amazon Alexia & Google Home but not for quantified/tracking. I could see how it might be possible with something like ifttt but not directly.

We didn’t have to wait long till some knowledgeable people stepped in and a discussion kicked off. I kept going back to the fact these devices are in group/family spaces. Somewhere along the line, Jacqueline & me started thinking about how you could use these devices to bring together a family and nudge them to eat more healthy through dinner time checkins. I feel theres a unpolished gem somewhere there.

Session 4: Using Your Data to Influence Your Environment

Quantified Self 2017

I ran this session and I knew with a brief skim through object media and perceptive media, Questions and thoughts would come from a very data literate crowd. I wasn’t wrong.

Lost of thoughts about the role of public in a media landscape which can be changed and modified. There was a lot of discussion about why and the true benefits of using personal data in storytelling. In retrospect I should have shown parts of my interview back in 2013: We research how personal data and storytelling can be combined.

Points were made about customization vs personalization; people felt that was a big difference and could be the cause for some backlash. There was also a feeling that they would want to know how much things are customized and why if interested. Also there was a sense negotiation was a key aspect in this all, something we are exploring with the Databox project. There was a sense you could try it with little data shared then decide to ramp it up later to see what difference it made to what you saw first time.

A interesting fact was mentioned that fruit machines can be skinned in as quick as 20seconds. This was mentioned when talking about customization of the reality around you. Which led to Minority Report discussions.

It was a positive discussion but lots of worries about how to tell stories with enough richness/depth to work with the diversity of personal data that may be shared or used.

End of the first day

There was lots of discussions following the smartphone experiment at the start of the day. A small list of good ways to stop being distracted by your smartphone started to emerge.

I used Quality Time and as said previously clocked up 2 checks and only 20secs of actual screen time. Some people ran into multiple hours.

Quantified Self 2017

This crossed with Aaron’s list deserves a blog of its own really… (coming soon – honestly!)

More than optimization (day 2)

Quantified Self 2017

The over optimization intrigued me on paper as there is always a dark sense of over quantification in the hope of perfection? I hadn’t really thought how it could be used in team sports to create personalize routines for each rugby team member instead of applying a routine to the team broad brush; it makes perfect sense right?

Session 5: Making money from your own data with Monetize.me

After meeting Monetize.me in the second session, I went along to a dedicated session. I think the plan for the session went slightly out the window but it was fruitful and it all came down to data negotiation. I did talk about the databox project and wondered how they hadn’t come across each other?

There was a lot of questions about how much is data actually worth? I pointed at Jennifer Moore and her position as the first personal limited company. I also mentioned how fresh/realtime is the data.

Of course this all lead to questions asking if you could treat all data the same? What about data discrimination and finally what are the business models which can emerge and what needs to change for it to be?

I also learned about Bitwalking which generates a crypto-currancy from the amount you walk.

Session 6: How to plan for data access with choosing a QS tool

Quantified Self 2017

I mentioned Aaron Parecki’s ignite talk earlier, and there was plenty more depth in his workshop. Aaron started out explaining the process he’s gone through with quantifying himself. He talked about the pain of data portability through broken devices and closed services. This all lead him to a checklist he uses.

  • How much effort is required?
  • How does it Sync?
  • What is the sustainability of the service/product?
  • What is the data portability options?
  • Whats the competition like?

Each point had a bunch of issues under them for example in how does it sync; breaks down to questions about centralized servers vs direct sync to a local computer/device. Sustainability was focused on business models of the likes of Apple, Google, Fitbit, Jawbone, etc. All very different and it all depends on the user which once they are comfortable they are with it (if everything is made transparent, and the user can make a real informed choice!). I talked about Gadgetbridge in connection with effort and syncing.

Hopefully Aaron will make his slides public (but this needs some more thought!)

Session 7: Self-Tracking for the Good of the World

With my public service hat on, I went along to Justin’s session. We explored some of the issues with the internet and I did say, we should be looking at the work Mozilla are doing around the internet health report, but we focused on other things.

One of those things was the packages; packages being things which are a mix of hardware, software and service. This was intriguing to me and got me thinking about opinionated software.

We talked about the public benefit of quantified health but there was a large conversation about how you compare data when the different black box devices can’t agree on a step actually is. This was when someone suggested some governance and that the Quantified Self site has a large number of devices/services/packages reviewed. Maybe there should be some kind of ranking system and clear indicator of different aspects of that thing (you could use Aaron Parecki’s indicators) . You can imagine the QS community making it clear what devices are to be avoided and best practices.

I tweeted Gary to say its time the Quantified Self got political.

Session 8: Quantified Self meetups

I drifted around a few sessions but settled on a session about the meetups, as the Manchester Quantified Self meetup stalled a little while ago. Last time I was at the conference I was inspired to setup a QS meetup. I’m still inspired to run the meetup but it was great to hear from those new and old to the meetups.

Sharing stories and hearing from Steven who is well known in Quantified Self circles was very useful. There was lots of questions about the choice of the format, use of meetup, etc. Steven pretty much said the Quantified Self will support any changes the organizers make. That would include format, event, description, etc changes.

Like Gary said at the start of the first day, things are always changing and they are flexible to these.

With this in mind, I have kicked off another Manchester Quantified Self with a different format.

The wrap ups

Quantified Self 2017

The last keynote talks were fascinating and centered around circular/cyclical time. The picture of the complexity of patterns summed up so much of it.

The people

The best thing about Quantified Self conference is the people, they are so amazing. No edge, just open and all so geeky. No matter where we were it was great conversations which spilled out from the many sessions I didn’t get a chance to attend.

Quantified Self 2017

On the first evening we started at the Casa balcony bar then had dinner at the Café-restaurant De Ysbreeker and ended up Canvas again. Love that place and its so weird seeing it become this incredible place now from the squat it use to be.

On the second night, we headed out in search of cocktails (theres a story behind this, which I never actually posted till now). We almost ended up at Prik and Blue boy which will make 3 people laugh. This time we ended up in a Amsterdam festival and then a speakeasy place called Door 74. Being a geeky quantifiers, we decided to hack friendship by trying the 36 questions in a group.

We didn’t get far, but I actually think it worked…

Quantified Self 2017

Another great time at the Quantified Self… So much learned so much to think and act on. If I have anything to do with it, I’ll be back next year for sure. Massive thanks to everyone who I bumped into over the 2 full days. It was emotional, fun and exciting all at the same time. Special thanks to the newbies who I spent a lot of time with.

Quantified Self 2017

Back at the Quantified Self conference in June

Quantified Self 2011

I’m back at the Quantified self conference and it’s been a few years since due to scheduling and other conflicts. It’s actually been a while since I talked about the Quantified self mainly because I feel it’s so mainstream now, few people even know what it is, although they use things like Strava, fitbits, etc.

The line up for the Quantified self confidence is looking very good and there’s plenty of good sessions for almost every palette and I’ll be heading up this session while at the conference.

Using Your Data To Influence Your Environment

With home automation tools, it is now possible for your personal data to influence your environment. Soon, your personal data could be used to influence how a movie is shown to you! Let’s talk about the implications and ethics of data being used this way.

Its basically centered around the notion our presence effects the world around us. Directly linking Perceptive media and the Quantified self together. Of course I’m hoping to tease out some of the complexity of data ethics with people who full understand this and have skin in the game as such.

I’m also looking to report back on this conference and restart the manchester quantified self group which went quiet a while ago.

​Cambridge analytica: The Rise of the Weaponized AI Propaganda

cambridgeanalytica

I’ve been studying this area for a long while; when I talk about perceptive media people always ask how this would work for news?  I mean manipulate of feelings and what you see, can be used for good and obviously for very bad! Dare I say those words… Fake news?

Its always given me a slightly unsure feeling to be fair but there is a lot I see which gives me that feeling. In my heart of hearts, I kinda wish it wasn’t possible but wishing it so, won’t make it so.

It was Si lumb who first connected me with the facts behind the theory of what a system like perceptive media could be ultimately capable of. Its funny because many people laughed when I first talked about working with perceptiv whose mobile app under pinned the data source for visual perceptive media; I mean how can it build a profile about who I was in minutes from my music collection?

I was skeptical of course but the question always lingered. With enough data in a short time frame, could you know enough about someone to gage their general personality? And of course change the media they are consuming to reflect, reject or even nudge?

According to what I’ve read and seen in the following pieces about Cambridge analytics, the answer is yes! I included some key quotes I found interesting

The Rise of the Weaponized AI Propaganda Machine

Remarkably reliable deductions could be drawn from simple online actions. For example, men who “liked” the cosmetics brand MAC were slightly more likely to be gay; one of the best indicators for heterosexuality was “liking” Wu-Tang Clan. Followers of Lady Gaga were most probably extroverts, while those who “liked” philosophy tended to be introverts. While each piece of such information is too weak to produce a reliable prediction, when tens, hundreds, or thousands of individual data points are combined, the resulting predictions become really accurate.
Kosinski and his team tirelessly refined their models. In 2012, Kosinski proved that on the basis of an average of 68 Facebook “likes” by a user, it was possible to predict their skin color (with 95 percent accuracy), their sexual orientation (88 percent accuracy), and their affiliation to the Democratic or Republican party (85 percent). But it didn’t stop there. Intelligence, religious affiliation, as well as alcohol, cigarette and drug use, could all be determined. From the data it was even possible to deduce whether deduce whether someone’s parents were divorced.

Some insight into the connection between Dr. Michal Kosinski and Cambridge Analytica

Any company can aggregate and purchase big data, but Cambridge Analytica has developed a model to translate that data into a personality profile used to predict, then ultimately change your behavior. That model itself was developed by paying a Cambridge psychology professor to copy the groundbreaking original research of his colleague through questionable methods that violated Amazon’s Terms of Service. Based on its origins, Cambridge Analytica appears ready to capture and buy whatever data it needs to accomplish its ends.

In 2013, Dr. Michal Kosinski, then a PhD. candidate at the University of Cambridge’s Psychometrics Center, released a groundbreaking study announcing a new model he and his colleagues had spent years developing. By correlating subjects’ Facebook Likes with their OCEAN scores

What they did with that rich data. Dark postings!

Dark posts were also used to depress voter turnout among key groups of democratic voters. “In this election, dark posts were used to try to suppress the African-American vote,” wrote journalist and Open Society fellow McKenzie Funk in a New York Times editorial. “According to Bloomberg, the Trump campaign sent ads reminding certain selected black voters of Hillary Clinton’s infamous ‘super predator’ line. It targeted Miami’s Little Haiti neighborhood with messages about the Clinton Foundation’s troubles in Haiti after the 2010 earthquake.’”

Because dark posts are only visible to the targeted users, there’s no way for anyone outside of Analytica or the Trump campaign to track the content of these ads. In this case, there was no SEC oversight, no public scrutiny of Trump’s attack ads. Just the rapid-eye-movement of millions of individual users scanning their Facebook feeds.

In the weeks leading up to a final vote, a campaign could launch a $10–100 million dark post campaign targeting just a few million voters in swing districts and no one would know. This may be where future ‘black-swan’ election upsets are born.

“These companies,” Moore says, “have found a way of transgressing 150 years of legislation that we’ve developed to make elections fair and open.”

The Data That Turned the World Upside Down

When it was announced in June 2016 that Trump had hired Cambridge Analytica, the establishment in Washington just turned up their noses. Foreign dudes in tailor-made suits who don’t understand the country and its people? Seriously?

“It is my privilege to speak to you today about the power of Big Data and psychographics in the electoral process.” The logo of Cambridge Analytica— a brain composed of network nodes, like a map, appears behind Alexander Nix. “Only 18 months ago, Senator Cruz was one of the less popular candidates,” explains the blonde man in a cut-glass British accent, which puts Americans on edge the same way that a standard German accent can unsettle Swiss people. “Less than 40 percent of the population had heard of him,” another slide says. Cambridge Analytica had become involved in the US election campaign almost two years earlier, initially as a consultant for Republicans Ben Carson and Ted Cruz. Cruz—and later Trump—was funded primarily by the secretive US software billionaire Robert Mercer who, along with his daughter Rebekah, is reported to be the largest investor in Cambridge Analytica.

Revealed: how US billionaire helped to back Brexit

The US billionaire who helped bankroll Donald Trump’s campaign for the presidency played a key role in the campaign for Britain to leave the EU, the Observer has learned.

It has emerged that Robert Mercer, a hedge-fund billionaire, who helped to finance the Trump campaign and who was revealed this weekend as one of the owners of the rightwing Breitbart News Network, is a long-time friend of Nigel Farage. He directed his data analytics firm to provide expert advice to the Leave campaign on how to target swing voters via Facebook – a donation of services that was not declared to the electoral commission.

Cambridge Analytica, an offshoot of a British company, SCL Group, which has 25 years’ experience in military disinformation campaigns and “election management”, claims to use cutting-edge technology to build intimate psychometric profiles of voters to find and target their emotional triggers. Trump’s team paid the firm more than $6m (£4.8m) to target swing voters, and it has now emerged that Mercer also introduced the firm – in which he has a major stake – to Farage.

Some more detail as we know from the other posts previously

Until now, however, it was not known that Mercer had explicitly tried to influence the outcome of the referendum. Drawing on Cambridge Analytica’s advice, Leave.eu built up a huge database of supporters creating detailed profiles of their lives through open-source data it harvested via Facebook. The campaign then sent thousands of different versions of advertisements to people depending on what it had learned of their personalities.

A leading expert on the impact of technology on elections called the relevation “extremely disturbing and quite sinister”. Martin Moore, of King’s College London, said that “undisclosed support-in-kind is extremely troubling. It undermines the whole basis of our electoral system, that we should have a level playing field”.

But details of how people were being targeted with this technology raised more serious questions, he said. “We have no idea what people were being shown or not, which makes it frankly sinister. Maybe it wasn’t, but we have no way of knowing. There is no possibility of public scrutiny. I find this extremely worrying and disturbing.”

There is so much to say about all this and frankly its easy to be angry. But like Perceptive Media, it started off out of the academic sector. Someone took the idea and twisted it for no good. Is that a reason why we shouldn’t proceed forward with such research? I don’t think so…

Zoosk data breach? Or something else?

Sell the data?

I recently got a message from you’ve been pwned, suggesting that its likely some of my personal data has been leaked via dating site Zoosk.

In approximately 2011, an alleged breach of the dating website Zoosk began circulating. Comprised of almost 53 million records, the data contained email addresses and plain text passwords. However, during extensive verification in May 2016 no evidence could be found that the data was indeed sourced from the dating service. This breach has consequently been flagged as fabricated; it’s highly unlikely the data was sourced from Zoosk.

I had a idea what fabricated meant, but I had a little read…

What is a “fabricated” breach?

Some breaches may be flagged as “fabricated”. In these cases, it is highly unlikely that the breach contains legitimate data sourced from the alleged site but it may still be sold or traded under the auspices of legitimacy. Often these incidents are comprised of data aggregated from other locations (or may be entirely fabricated), yet still contain actual email addresses of unbeknownst to the account holder. Fabricated breaches are still included in the system because regardless of their legitimacy, they still contain personal information about individuals who want to understand their exposure on the web. Further background on unverified breaches can be found in the blog post titled Introducing “fabricated” breaches to Have I been pwned.

Sold or traded!

People laughed ages ago about the idea of selling user data but lets say dating site z had lost a lot of the market due to new players in the space. They needed to stay a float, prove to their investors they are still profitable? User data would be a useful resource for revenue… Of course this is illegal but you would cover your tracks… right! Make it look like “hackers!”

The example Tony Hunt uses is Justdate.com as a example

There’s a whole other discussion to be had about what causes a bundle of data to be fabricated and called a breach in the first place. Attempts to monetise the data by selling the alleged breach, extortion of the company involved or just simple big-noting by individuals seeking notoriety are all feasible explanations for many of the fabricated breaches I see. For now, the important thing is that if your data is circulating in one of these dumps, there’s now a way to know about it.

To be clear I’m not saying Zoosk is doing this, but someone is certainly pointing the finger.