

In this issue:

Pop-up Glass Room comes to Brum

Terms of service as art

Password managers

Datafication and the people

Reads: Snowden five years on, IoT surveillance, China's internet model, Data for Black Lives, post-GDPR, 'woke washing' and more

Data for Black Lives, post-GDPR, 'woke washing' and more Recommendations: tips from Brummies

PGP/GPG – guest post on sending encrypted emails

Summer events list



Hey! If you enjoy this newsletter, others might, too. Please do forward it on or share the sign-up link: ObservedCity newsletter .



++



Hello



The big news is that I'll be running a Glass Room Experience and Data Detox Bar at Stirchley Library on Saturday 4 August – it's the continuation of last year's volunteering at The Glass Room London , which saw 20,000 people come in through the doors. If you're in South Brum, come and find out more from informational and interactive exhibits on internet giants such as Facebook, Google and Microsoft, and pick up an 8-day Data Detox Kit (see main image). I and others from the Birmingham Open Rights Group will be on hand to answer questions about how to protect your data from prying eyes. More on this next issue!



Events/recommendations: For digital or data-related events, send a few details, date, times, location and a link. For tips and recommendations just ping me a link and why you're recommending it.

Guest posts: I'd love to hear your thoughts and experiences around data privacy or the digital society in general – j ust send a few details before writing. Submissions should be 500 words or less and can link to your project or you can be anon if your prefer.



Mail me at: .

++

ART: I agree (but that doesn't mean I agree...)



See the

++

CHANGE ONE THING: Consider a password manager



A more universal option is to use a password manager which allows you to use more complicated passwords without having to remember them.



This is something I put off for years but I've now been using a password manager since 2017 and the set-up was pretty quick and easy. The big plus of a password manager if that it remembers all your passwords and that it uses the strongest encryption maths to fight of attacks; in return all that is required is to remember one long master passphrase of your choosing.



What's surprised me are the additional extras, for example, the ability to store other information securely in the master vault, and the fact that there is no need to bookmark login pages - I can just click and fill in the information. No more typing usernames and passwords as it's all done in one smooth action.



There are potential risks. You can read some of the pros and cons on the UK National Cyber Security Centre's blog



The first step is to figure out which password manager suits you – storing logins locally or in the cloud, pricing and user experience, for example – but there are options out there that cover most needs.



Perhaps start your research with a recent comparison/review site such as



++

INSIGHT: How are people reacting to datafication? Krisis . It is an open-access and peer-reviewed journal for contemporary philosophy and has put out a special issue on data activism



Read Krisis'



++ Grassroots activism is one resistance-based response to the increasing data collection in our society – and pretty much the reason for launching Observed City . There's politics in them there data... so for those who like a chunky read, check out this online journal from. There are a number of essays exploring grassroots activism and the perspective of citizens when it comes to how data is reshaping our world. Thanks to @PeteAshton for sharing this one.Read Krisis' special edition on Data Activism ++ Big data breaches like are a good reminder to sort out weak passwords that put your online security and identity at risk. One way to check if an account you own has been breached is to put your email into Have I Been Pwned? and change the password on those accounts.A more universal option is to use a password manager which allows you to use more complicated passwords without having to remember them.This is something I put off for years but I've now been using a password manager since 2017 and the set-up was pretty quick and easy. The big plus of a password manager if that it remembers all your passwords and that it uses the strongest encryption maths to fight of attacks; in return all that is required is to remember one long master passphrase of your choosing.What's surprised me are the additional extras, for example, the ability to store other information securely in the master vault, and the fact that there is no need to bookmark login pages - I can just click and fill in the information. No more typing usernames and passwords as it's all done in one smooth action.There are potential risks. You can read some of the pros and cons on the UK National Cyber Security Centre's blog here . But, to me, the risks of using a password manager are much lower than when I was using my old weak passwords.The first step is to figure out which password manager suits you – storing logins locally or in the cloud, pricing and user experience, for example – but there are options out there that cover most needs.Perhaps start your research with a recent comparison/review site such as this one or this one ++ Just about every website post-GDPR seems to be popping up a consent box to tick before you can access the content. But just how long are those terms of service that you rarely read before clicking 'I agree'? Artist Dima Yarovinsky has printed out the ‘terms of service’ of the likes of Facebook, Snapchat, Instagram and Tinder on standard A4 rolls in order to visualise "how small and helpless users are against large corporations". (Hat-tip to Birmingham's @editorialgirl for the recommendation.)See the colourful results here in full. To feature your event or thoughts in a future issue of the OC, here's what to do...For digital or data-related events, send a few details, date, times, location and a link. For tips and recommendations just ping me a link and why you're recommending it.I'd love to hear your thoughts and experiences around data privacy or the digital society in general – jsend a few details before writing.Mail me at: Observedcity@pm.me



READ THESE: Bookmarks



++



RECOMMENDED: Tips from Brummies





I keep getting links via the to replace phone boxes , and are likely to start appearing in Birmingham. They offer digital advertising space, free wifi, calls and phone charging. Who wouldn't like that? But there are



Obfuscation is one tactic to combat data capture. I think it was @PeteAshton recommending a look at Looki – the first mobile app to obfuscate your phone's often over-exuberant data collection by "sending fictional sensor and usage data to your other apps to immitate physical and digital actions. You can relax on your couch, while your running app believes you are in the park for a 10k." Try it out maybe?



Other tactics involve encryption and better security practices. Another on email security (see guest post below)... This week the Electronic Frontier Foundation (EFF) launched to improve the security of the email ecosystem . If you're wondering why email security is so hard to achieve, read on...



One last, quick, light-hearted reco from me:



++ A friend (Daz Wright at Inside Outcomes ) has launched Datatools Sandwell to give groups and organisations in Sandwell impartial advice on how to best manage information and data. You can use the site to help you think about how you work with data. It's also got sample data protection policies and consent statements for you to use.I keep getting links via the Birmingham Open Rights Group on BT's new inLink boxes – these are being rolled out in London and other cities to, and are likely to start appearing in Birmingham. They offer digital advertising space, free wifi, calls and phone charging. Who wouldn't like that? But there are major concerns about privacy and surveillance . The Ham & High reports BT as saying there is “no active surveillance of calls” (whatever that means) but that, on request, it will give retrospective data about calls to police. Meanwhile in-built cameras (not switched on – at present) could bring corporate surveillance and facial recognition capture to our streets. And who is behind these alluringly convenient and free kiosks? Follow the money back and it leads to Sidewalk Labs, a company owned by Google’s parent Alphabet. Oh! No need to worry then...Other tactics involve encryption and better security practices. Another Jez Higgins pointer(see guest post below)... This week the Electronic Frontier Foundation (EFF) launched STARTTLS Everywhere . If you're wondering why email security is so hard to achieve, read on...One last, quick, light-hearted reco from me: Interrogating Zuck – A bad lip reading . It's up to 9m views so you know it's gonna be good.++



MUSING: Sending encrypted emails





“The problems you had were, very largely, a problem of tooling. PGP has been around for nearly 30 years, and GPG (which is, in reality, what everyone actually uses) has been around for nearly 20. Its operation and application are well known and well understood. The standards for incorporating public key encryption into email messages have been in development since some time around 2002 or 2003.



“There really is no reason why a desktop email client shouldn't have simple, straightforward encryption and secure signatures built in.



“There are very few desktop email clients, and none of the widely used ones, that do this as part of their standard install. Until relatively recently, some widely deployed email clients couldn't even display signed emails properly, let along validate the signature. This is a piss-poor state of affairs, and perhaps indicative of an industry view of email as a ‘corporate productivity tool’ rather than as a ‘personal communication channel’.



“Probably the best install-and-go experience is



Do you have something to say about data privacy or the digital world, email me at Observedcity@pm.me



++ In the last issue, I wrote about the hassle of sending an encrypted email using PGP (Pretty Good Privacy) or rather OpenPGP email encryption tools. I had this response from Jez Higgins , a programmer friend who knows about these things about why there are problems and his recommendation. I’m posting it here for others interested in PGP/GPG.“The problems you had were, very largely, a problem of tooling. PGP has been around for nearly 30 years, and GPG (which is, in reality, what everyone actually uses) has been around for nearly 20. Its operation and application are well known and well understood. The standards for incorporating public key encryption into email messages have been in development since some time around 2002 or 2003.“There really is no reason why a desktop email client shouldn't have simple, straightforward encryption and secure signatures built in.“There are very few desktop email clients, and none of the widely used ones, that do this as part of their standard install. Until relatively recently, some widely deployed email clients couldn't even display signed emails properly, let along validate the signature. This is a piss-poor state of affairs, and perhaps indicative of an industry view of email as a ‘corporate productivity tool’ rather than as a ‘personal communication channel’.“Probably the best install-and-go experience is Thunderbird (which will happily talk to your current IMAP email accounts) with the Enigmail plugin to use your existing GPG key (which means it's install and go then install a bit more and go). I've used it for years, and it's what I'd recommend. Even if you're not interested in PGP encrypted email, which is fine although you should be interested in signed email, Thunderbird is an excellent email client in any event, and worth your consideration.”++



BIRMINGHAM DATA EVENTS: Summer 2018

CONNECT