Tag: privacy

How to start a data privacy conversation in your city – a bulletpoint guide

This guide forms the end documentation for my recent Mozilla Open Leaders project which culminated in launching a regular data privacy email for Birmingham, UK. If you want to do this in your city or region, I hope it will be useful info to get you started. And if you have any follow-up questions as you go, email me at observedcity@pm.me and I'll do my best to answer and update the guide.

NOTE: You don't necessarily have to follow all the steps below but I really do recommend starting with an Open Canvas as a way to unpack the ideas in your head into something more practical and workable.

Image: (CC) Michael Coghlan/Flickr

Short term (research & development)

  • Fill out an Open Canvas outlining your aims for the project, the problem you are aiming to solve, the needs and resources, and target users and contributors. Here is an example showing the open canvas for ObservedCity
  • Content calendar – compile list of events and online activities in your area (data privacy, data research, art, tech, activism). Place events under each month on a calendar doc; extract interesting people and organisations for potential contacts. Subscribe to newsletters that are relevant to your project.
  • Contacts/network list – find everyone you should connect with in your area who are working with data/privacy in some way or run relevant events: university researchers and academics, privacy activists, digital artists, curators and galleries, a local Open Rights Group, Meetup.com groups, Chamber of Commerce, local government initiatives helping businesses with big data, 'smart city' groups, police and neighbourhood alerts, potential contributors, hacker groups, coding clubs, local Mozilla Campuses, tech drinks and meetups, open data groups, relevant social enterprise startups, ImpactHub, collectives and coops, event organisers.
  • Research email providers – how will you distribute your email? I looked Mailchimp and Tinyletter's pros and cons. I chose Tinyletter for a more personal curated feel and an easy introduction to email setup; I may move to Mailchimp if I change the tone or go in a new direction with the content.
  • Decide on the title of your newsletter – does it need to work across other platforms, such as a website or social media? If so, check the name is available for use in these environments. Look for a name that suggests the content, eg, Observed.City suggests surveillance, privacy and that I'm looking at what is happening in my city. Try to choose a memorable and engaging name – maybe avoid the word 'data' as this can make for a dull word that turns people off subscribing. If you want to keep it hyperlocal, add the name of your area or city into the title of the newsletter; if you want to potentially reach a wider audience, this may be limiting. Sometimes you don't know what your project is going to be until you start – it's ok to change the name later; the important thing is to start!
  • Decide on regularity – this will depend on your resource/time but you could do a shorter email weekly, a medium email monthly, or even quarterly. I'm aiming for every 3-4 weeks and trying to keep it shorter
  • Expertise, experience and mentors – if you don't know how to start a newsletter or how to build a community of subscribers, find and talk to people who have done it. For example, I took the editor of IChooseBirmingham listings email (17,000 weekly subscribers) for coffee and learnt more in an hour than I ever could have learned online (thankyou Tom!). You may even be able to find a mentor of whom you can ask questions as you go along. Meeting people in real life both helps build community and gets experienced people on board with your project.

Medium term (set up, soft launch)

  • Consider setting up a new email account if you want to keep your newsletter project separate from your personal/business email. I used Protonmail and the name of the project: observedcity@pm.me – unfortunately this caused some delivery issues in Tinyletter as Protonmail is very tight on its privacy and was triggering spam alerts, so I had to change it to an alternative email that did work.
  • Set up a newsletter account with your chosen service – go through all the account settings and fill in any blanks.
  • Set up related accounts, eg, a Twitter, Facebook page and website for your project – these may form your future discussion/comment/feedback areas and somewhere to upload blog content. You can keep it basic for now but it still takes some time to set up, to write the about/bios, add links to your project, upload a picture or logo, and cross-link between these different sites.
  • Decide on the format of email and content to include – what kind of things do you want to write, what does your target audience want to know, how will you make it engaging and easy to read, do you need images, do you want to have an informal conversation tone or a more professional corporate style, what do you like in the newsletters you receive, what makes you open these?
  • If working open (as I did on this project), create your Github repo or shared Google doc, and start to document your project – what it is about, how people can contribute, how the work is licenced, issues you need to resolve, etc. Here is the ObservedCity repo so you can see and fork/duplicate the content.
  • Start to build community – both users and contributors – start to connect and follow your contacts list through social media channels, subscribe to their newsletters, network at events, tell people about your project, email people directly if you think they will be interested, consider arranging a coffee meet with potential contributors.
  • Logo/header – basic design – there's a lot you can do with editing software, such as Preview and Photoshop, to get a look/feel for your newsletter's title. You can also source Creative Commons images for use in your headers/banners, for example, I used a great free image from Pixabay in return for buying the photographer a virtual coffee.
  • START! Do a first draft so you can visualise what your newsletter will look like and how much time it takes to create it. Send yourself a test email. Get a friend to read it over with their fresh eyes. Amend, check links work and finalise. At this point, if you like what you've done – why not send it out and start to get feedback and subscribers? You could also do a soft launch where you send it to a small group of people – friends/family – to get their feedback. Getting the perfect newsletter takes time – months and years even to build up a community of readers. Don't get too bogged down in the set-up phase – you can iterate and improve as you go.
  • Note: I have a background in publishing so I have a basic understanding of media law around issues such as copyright, plagiarism and defamation (libel), and data protection. I recommend you read up on these and your country's laws around publishing in order to protect yourself.

Long term (launch and beyond)

  • Update and monitor Github repo – submit project and requests for help to hackathons: the Global Sprint, Hacktoberfest, etc.
  • Logo/header – outsource design for a more professional look (try posting this request as an issue for open working during #mozsprint or other hackfests – that's how I got logo suggestions/design help).
  • Populate online content areas – ideas for content, attend and review events, seek editorial contributors, ask for help via social media, create original content.
  • Refine/improve launch email – ask for feedback and iterate.
  • Remember to thank your contributors!
  • Community building / outreach work – how can you get your newsletter to interested people and reach different communities in your city? Consider adding a guest section and asking for different voices and perspectives.
  • Scale – sign up for similar newsletters in other cities, start to connect as a network. Talk to local media, offer a help feature on data privacy.
  • Sustainability/governance – find guest editors and proofreaders, check resource/times, regularity of email.

Launching Observed City and learning to work open with Mozilla

Click to view (opens in new tab) – my short demo starts at 3 mins 20.

I'm very proud to say that I've just graduated as a Mozilla Open Leader. In a nutshell this means that I've spent the past 14 weeks learning how to work openly and inclusively as part of a cohort of 20 projects from around the world. The next round of Mozilla Open Leaders will be opening in June and I highly recommend applying if your project fits the criteria. Here's why…

For me, some of the best things about the programme were working with an experienced mentor (mine was a radio astronomer from Jodrell Bank!), dedicated access to experts in topics ranging from cybersecurity to community building, and being in online breakout rooms with other project leaders from North America, Europe, Asia and Africa.

There's really something quite humbling and amazing about getting feedback on your Github Readme page from a professor in Addis Ababa or an activist in Hungary.

Of course, it also provided much-needed forward momentum and weekly mentoring deadlines to bring my idea to fruition (background and how it all started here).

To that end, I'm pleased to say that Observed.City – a new data privacy newsletter for Birmingham, UK – is now up and running. If you're based in Birmingham or the wider West Midlands, working with data in some way as an academic, artist or activist, or just want to know more about data privacy and how to stay safe online, please subscribe here.

Observed.City soft-launched in March 2018, in the week of the Facebook/Cambridge Analytica scandal, just as the issue of mass data collection was propelled into the mainstream. It comes out every three to four weeks and highlights a small number of data stories and privacy issues of individual-local-national-global interest, as well as listing relevant events happening in the city.

I'm now working on Issue 4 and already have several contributors, as well as a guest section so that I can bring different people, experiences and voices into the mix.

Want to get a copy? Here is the sign-up link.

Want to contribute? Here is the project repository, which tells you all about the project in the ReadMe file and lists open Issues where I'm looking for help. Or you can email me about the guest slot or with any local event details at observedcity@pm.me.

The project also launched at Mozilla's Global Sprint hackathon/helpathon in early May, where people from around the world were invited to contribute to the project in a number of ways. As a result, I now have a logo design and am in the process of turning the experience in a more general how-to guide for kickstarting the data privacy conversation in other cities. Update: it is here!

Ultimately the aim is to keep working openly and perhaps start to pass the project on in a few months to other interested writers and editors who can help it develop in new ways. That should keep it interesting.

Tor's two sides, Amazon's offline surveillance and how to obfuscate

Interesting links I've read this week:

The dilemma of the dark web: protecting neo-Nazis and dissidents alike (Guardian, 23/8/17)

"Perhaps the most important use of Tor, for many of its users, is simply allowing access to the open web in a protected and private manner. The system works by bouncing a request through at least three relays, with each only knowing the positions next to it in the chain: the entry node knows who is asking for a connection, but not where for; the exit node knows what the connection is to but not who wants it; and the middle node only knows to connect the other two."

Silicon Valley siphons our data like oil. But the deepest drilling has just begun (Guardian, 23/7/17)

"For Silicon Valley, however, anything less than total knowledge of its users represents lost revenue. Any unmonitored moment is a missed opportunity.

Amazon is going to show the industry how to monitor more moments: by making corporate surveillance as deeply embedded in our physical environment as it is in our virtual one. Silicon Valley already earns vast sums of money from watching what we do online. Soon it’ll earn even more money from watching what we do offline.

It’s easy to picture how this will work, because the technology already exists. Late last year, Amazon built a “smart” grocery store in Seattle. You don’t have to wait in a checkout line to buy something – you just grab it and walk out of the store. Sensors detect what items you pick up, and you’re charged when you leave."

How to obfuscate (Nautilus, Issue 49, 29/6/17)

"The solution TrackMeNot offers is not to hide users’ queries from search engines (an impractical method, in view of the need for query satisfaction), but to obfuscate by automatically generating queries from a “seed list” of terms. Initially culled from RSS feeds, these terms evolve so that different users develop different seed lists.

… The activities of individuals are masked by those of many ghosts, making the pattern harder to discern so that it becomes much more difficult to say of any query that it was a product of human intention rather than an automatic output of TrackMeNot. In this way, TrackMeNot extends the role of obfuscation, in some situations, to include plausible deniability."