heather

A Very Useful Article About Online Passwords

A Very Useful Article About Online Passwords

Is there anything more likely to make a non-techie yawn than a lecture about passwords? “Make them hard!” “Don’t put them on sticky notes!” “Change your passwords like you change your underwear!” So much lecturing when people just want to get into their online accounts! Well, guess what, my friends. That advice is actually pretty outdated. Let’s talk about real-world, up-to-date dos and dont’s for passwords!

Passwords: So Last Decade

Quite a bit of the old advice out there is either based on old technical limitations or a lack of understanding about how people actually think. For example, requiring frequent password changes—this is NOT necessary.

Passwords Are Not Underwear

According to the National Institute of Standards and Technology (NIST)—the US government department that provides some of the most well-recognized, current advice on digital identity—websites that require users to reset their passwords every few weeks or months are just causing people to use (and reuse) easily cracked passwords. Should users change their passwords after a breach? Yes, definitely. Should they change their passwords every month? No. The way NIST puts it, “Users tend to choose weaker memorized secrets when they know that they will have to change them in the near future.” So, yeah, requiring frequent changes does not have the effect people think it should.

Hard for a Computer, Not for a Human

Did you ever see someone stuck with a password like “$*&fas09iur3jfsk#” that they created because of requirements to use letters, numbers, and certain other characters? Yes, that’s a fine password if a site allows for it, but you know what else really works? “My cowlick speaks batteries.” Or “My cat paw no tail!” Those are passphrases, and a nice long passphrase is actually better for most people than a random character generator. (The smart folks at NIST said that, too.) Just make sure the passphrase isn’t actually a grammatical sentence and you’re golden.

Reality of Recording

It’s been a long-standing tradition to mock people who write their passwords on sticky notes and put them on their computers. But that said, if I had to choose between a person who is more comfortable with writing their passwords in a little black book they keep in a drawer at home near their computer or someone that uses a single password for all their accounts because technology is hard, then by all means! Bring out the book! This really boils down to a question of what risk are you trying to manage—someone physically breaking into your house and stealing your passwords, or someone hacking accounts online. 

The Brave New Password World

If frequent password changes, gobbley-gook passwords, and physically recording passwords somewhere is the old guidance, is there anything new? Why yes, yes there is! Well, relatively new. Let’s start with my personal favorite, multifactor authentication.

Multifactor or Second Factor Authentication (MFA or 2FA)

If a website or service is doing The Right Thing, then just asking you for your password isn’t going to be enough to get you in. It should also ask you for another piece of information, either a one-time code it sends you, a scan of your fingerprint, or even a code from an authenticator app like Google Authenticator or Authy. This is called either second-factor authentication or multifactor authentication (2FA is a subset of MFA; there are Super Top Secret Secure sites out there that will require a third or even fourth factor. Multiple factors are a thing.)  

There’s a really good reason for requiring at least one additional factor.

Let’s say that your username and password were hacked. If the hacker has that, and MFA wasn’t enabled, then they can just waltz in and do whatever they want. If it’s your banking password, then there goes your money as they transfer it away. If it’s your language learning app, there goes your progress as they delete your account. And so on.

But if MFA has been enabled, then even with the password, the hacker is kinda stuck. There is a short-lived piece of information they don’t have, and that’s a way harder nut to crack. Can it be done? Yes, there are techniques that will help a hacker work around MFA security. But that has to be very targeted to an individual; wide-scale account compromises become way harder.

Screening Your Own Passwords

The moment has come. It’s time to set a password. For some reason, you aren’t using a passphrase (probably because outdated sites are limiting the number of characters you can use for your password. Bad site! Bad! No biscuit!) You might want to just do a quick check that you aren’t using one of the really super common passwords out there. 

Wait, you’re not a hacker! How are you supposed to know what other people’s passwords are? As it turns out, lots of people tend to use the same passwords. There are websites dedicated to sharing the top 10, 20, or even top 100 common passwords out there on the Internet. Even baby hackers can pick up that list and have a decent chance at hacking into a bunch of accounts. It won’t take but a moment for you to do a quick scan of those lists to see if the password you set your heart on (don’t say ‘qwerty,’ don’t say ‘qwerty’) is on the short list of common passwords out there.

Password Managers

Password managers are MY FAVORITE THING, at least when it comes to basic Internet security hygiene. This is the electronic version of the Little Black Password Book mentioned earlier. Even with the use of passphrases and MFA, it’s still a really good idea to use different passwords for different sites. The thing is, that really adds up! One study out there says that the average person these days has around 100 passwords to worry about. That’s just too many to remember.

Some mobile devices have a built-in password manager. Some web browsers do, too. The trick is to find a password manager that actually lets you work across platforms and devices. Probably the top-rated one out there right now is LastPass (which has both a free and a premium version), and 1Password (which is entirely subscription-based, and is rated pretty highly, too). 

One bonus to a good password manager is that they’ll actually do the password screening described earlier for you.

The Future of Passwords

If you talk to people who actually work in the digital identity and cybersecurity space, they will tell you how much they want passwords to just not be a ‘thing’ anymore. The good news is that there is a LOT of work underway to make that dream a reality. One particular effort coming out of the FIDO Alliance really looks brilliant. In that brave new world, a user can unlock the security by “swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.”

Technology is constantly evolving. The guidance you may have learned when you first started surfing the web is probably out of date. For that matter, the guidance you learn today might eventually become obsolete thanks to efforts like FIDO making passwords entirely a thing of the past. Keep your eyes open!

Posted by heather in Data Security, Mosh Pit, 0 comments
A Call Made Round the World…And More On Internet Resiliency

A Call Made Round the World…And More On Internet Resiliency

If you look at a map of the world, you see lines around cities, states, and countries that mark the boundaries of those regions. Those lines seem so tidy when looking at a map of the world. Of course, that assumes you’re looking at a well-surveyed area with a stable political infrastructure. 

The Internet is nowhere near that tidy; its boundaries are not well defined. Maps of the Internet don’t look like anything in the physical world. There’s an interesting map based on all known websites and where their domains are registered as of  2011 called The Internet map. There’s a super-fun map called The Map of the Internet that maps out the World Wide Web and gives you a sense of scale. Heck, you can go to Vox and look at “40 maps that explain the Internet,” but none of those map out the Internet itself. When it comes right down to it, there is no single authoritative map of the Internet.

Why is it this way, and why does it matter? Read on!

Why the Internet is Resilient

Did you know the Internet started as a US military defense project? Think about the mindset that would result in: any military would want a computer system to stand up to anything and everything. It would need to be resilient if some pieces went offline. It would need to allow lots of different types of computers to talk to each other any time, day or night. Think of those requirements as the DNA of the Internet. Technical implementations build from there.

But wait, if the Internet started as a military project, how did the rest of us get to use it??? That kind of exchange, from government to private sector and back, is pretty common. That’s a post for another time.

Back to the Internet. The way things work, it’s a lot like a postal letter. Someone writes a letter and it includes the address of where it’s trying to go. And at every step, the delivery system asks, “what’s the best next step from here?” These systems are always chatting with each other, sharing the best path to get from anywhere to everywhere. If one path goes down because a computer broke, that’s ok, because the systems will tell each other a new way to get there. And that happens fast. And it is one part of what makes the Internet so resilient. There is always a path forward.

A while back, I videoconferenced with my mother in Chicago from a hotel in Taipei. I opened an app, clicked on her face, let it ring a few times, and voilá, there she was. WOW, seriously, how cool is it that within a second, the computer I was on in Taipei figured out how to get to my mom’s computer in Chicago? We were nearly 7500 miles apart. I was on a hotel network in Taiwan. She was on a mobile network in Chicago. I opened my app, which itself has the addresses of the computer used by that video service. The network I was on said, ‘ahHA! You’re trying to get way over there! Let’s start routing you through lots of different countries, under the ocean, or maybe into space via satellite.’ 

It is possible for a local region or country to cut itself off from the rest of the Internet, but to do it, it has to get into that delivery system and take its information out of the network. Then any system trying to get there from here won’t know how to do that anymore. (It’s obviously a bit more complicated than that, especially when you throw satellites into the mix, but you get the idea.)

Controlling (Mis)Information

The Internet is resilient, which means it can route information around many different kinds of interruptions like broken computers or weird human error. Yay! That means that cat videos can be available day and night! Well, true, but not everyone is a fan of this level of resiliency, and there are reasons for that. 

The thing about technology is that technology itself is neutral. It’s like a bunch of bricks—you can build houses or you can vandalize windows. It’s not the brick that’s an issue, it’s how the brick is used. But if you’re in a situation where people are using bricks to break things, then you almost certainly want to do something to prevent that. One of those preventative measures is likely to be controlling access to the bricks. Same goes for technology like the Internet—if you use it to harm, someone is going to want to prevent that by controlling what gets posted.

Now more than ever, we are seeing people and their governments demand ways to prevent the spread of information they don’t like on the Internet. From addressing “fake news” that attempts to skew democratic elections to reactions to cyberwarfare, controlling information is considered by many to be necessary for a safe society.

Some governments go so far as to demand restrictions between the Internet within their country and everyone else. This has been top of the news when it comes to Russia, but Russia is just the latest example. China has its Great Firewall, which had its start in 1997. Several other countries in Asia and Africa censor the Internet to various extents. In the US, free speech laws prevent much government censorship, which has many people turning to the social media platforms themselves and demanding action, either to restrict content or to stop restricting content, depending on their point of view.

Why Does This Matter?

Identity Flash Mob is a passion project led by two women who want people to have a better understanding of how the Internet works and why it really matters to know more about it. So, if you take away anything from this article, it should be two things:

  1. The Internet is incredibly resilient, but it’s not invincible. While individuals will always be able to build connectivity to the Internet (if they have the technical know-how and access to satellite networks) that’s not the case for most everyone. Governments may well be able to control big chunks of it, and through that, they control the information people have access to.

Which leads to the second thing:

  1. Not everyone sees the same thing on the Internet. What seems obvious to you based on what you’re reading in the news or social media might not be obvious to others who are not seeing the same thing. 

The resiliency of the Internet that lets me call my mom from halfway around the world is an incredible thing. Hopefully, we’ll still keep in mind all the good things that resilience as a foundational principle allows us in today’s online society.

Posted by heather in Data Security, Mosh Pit, 0 comments
Playing the “Yet Another Vulnerability” Game

Playing the “Yet Another Vulnerability” Game

Last month, technology news was all about Apple’s “OMG Patch Right Now Or Hacker’s Can Mess With Your Stuff!” (You saw the news about that, right? Like our short and sweet Twitter thread, or one of the longer articles about it.) Anyway, right before Apple’s moment, it was all about some new issues with infec

One day, technology news is all about Apple’s “OMG Patch Right Now Or Hacker’s Can Mess With Your Stuff!” Another day, it’s more “Chrome Zero-Day Vulnerability! ACK!” Or even “Cyberwar is going to impact us all!” 

Who else is exhausted?

It just gets too hard to be worried about All. The. Things. All. The. Time. Computers are just going to break again tomorrow, right? Yes, but let’s make it fun and do something about it! Even if it’s just a chore like … grocery shopping. Besides, in life, there’s always SOMETHING, right?

Verse 1: Managing Your Devices is like Grocery Shopping

If you want to eat, you have to do your chores. For most of us, that means going to the grocery store. Every week. It’s just one of those things you have to do as an adult. And as the world goes increasingly digital, managing your devices—keeping them patched, upgrading so you keep getting those security patches, and making sure access to your devices is controlled—is necessary. 

So let’s talk about how to make it easy! With grocery shopping, it’s all about the list. With device management, ok, it’s a little bit more complicated. (What did you expect? 😉) But we’re on top of this with you! Identity Flash Mob has the choreography to teach you what steps to follow. 

Verse 2: There are Tricks To Doing It Well

What you can do in five minutes: 

  • Unless you have a REALLY GOOD reason not to (like, your employer controls what you can do with your device) then do a quick web search on how to make sure that your apps and your operating systems update automatically. (Like this page for Apple devices, or this one for Android, or this one for Microsoft.)
  • For bonus points, go ahead and do a quick manual check before you go to bed so you know if you need to leave your device on a charger so it can update while you sleep.

What you can do in thirty minutes:

  • Not only do your apps and operating systems need to be secured; you also need to make sure your passwords are secure. We have lots of guidance coming up in one of our Patreon pages, but here’s a sneak preview: go to your phone’s password management settings and see if it gives you any warnings about your passwords. If it does, you have your next item to check off your list: change that password.

What you can do to feed your inner geek:

  • Install anti-virus software. Which is considered best practice by all, but it is also kind of tricky to do, and it doesn’t prevent every security vulnerability from impacting your digital world. But! If nothing else, it can let you know if something is changing on your device that you didn’t expect, and you’ll probably get newsletters that tell you when something crazy is going on in the digital world that you need to worry about. 

Verse 3: Play to Win the Vulnerability Game

Avocados have a season. So does security support. It would be too easy to say “All devices end security support after this very specific number of years” because of course different vendors have different schedules. You can, however, be on top of this by preparing to replace your device every few years and upgrading your systems as needed. If your device is so old it can no longer accept a new operating system update, that’s what’s known as a Subtle Clue (kind of like how dropping an anvil on your foot is a Little Painful) that you waited too long. 

Coda (wrap up)

There will be another important vulnerability announced next week. And the week after. And the week after that, too. I don’t know what they will be, but they will absolutely happen. And just like how you have to get food in your house, you get to be in control of making sure you have secure devices in your house. Don’t be afraid to learn a little more and DO a little more to secure your digital world. Your online shopping, gaming, and socializing will thank you for it later.

If you got through this blog post and are STILL scratching your head, we’d love to hear from you. Feel free to leave a comment below or send us a message right here on LinkedIn! We’re committed to empowering EVERYBODY to understand how to navigate this digital world of ours. 

(Originally published in October 2021; updated for April 2022)

Photo by Matthew Henry on Unsplash

Posted by heather in Mosh Pit, 0 comments
Artificial Intelligence, Machine Learning, and Women: Broken But Not Hopeless

Artificial Intelligence, Machine Learning, and Women: Broken But Not Hopeless

March is Women’s History Month in the United States. March 8 is International Women’s Day. March has been a great time for an overwhelming number of #womenintech posts and memes!

IFM is run by two women who, between them, have over 50 years of experience in tech, but we don’t really want to focus on tooting our own ♀ horn. Instead, we want to examine some important aspects of technology that particularly (but not exclusively!) impact people who identify as female. Earlier this month, we wrote about digital personas and how they influence what you see (and what people learn about you) online. In this post, we’re going to take a different look at how a pair of specific and immensely powerful technologies influence all humans, but with particular implications for women and minorities, online: Artificial Intelligence (AI) and Machine Learning (ML).

AI and ML

But first, what are AI and ML? AI is short for artificial intelligence. It’s another way of saying “super-smart algorithms.” If I asked you to look at two sets of data that describe two personas, you will be able to compare them in your head and draw conclusions. (That’s because you are a smart human, and that kind of analysis is literally what humans have been designed to do over eons of evolution.) However, if I took 3 million of those personas and put them in front of you and asked for real-time analysis… Yeah, not so much. That’s what computers are for! And that is where AI shines. AI can index and analyze all that data at lightning speeds and then make decisions, based on the options in their code, as to what to do next.  

But AI by its lonesome has limitations. If it finds some personas that don’t match anything in its algorithm, then we have a game of “stump the chump” with a computer. Which is fun, granted, but people spending Big Money on Big Data generally aren’t amused. That’s where Machine Learning comes in. Machine Learning takes the options in the code ‘under advisement’ and instead looks at the data that doesn’t match and says “awesomesauce! Let’s just adapt this code a bit, shall we?”

It sounds like magic, but honestly, it’s just really complicated decision trees. Does the data fit in A? No? Then go to B. Does it fit in B? Yes! Great, go to B+1. Say that 10 million times fast. 

AI, ML, and Other People – the Downsides

With the sheer amount of data online, we wouldn’t have a particularly functioning Internet if it weren’t for the ongoing evolution of AI and ML. Think about it: how can search engines do their thing? How do big web commerce sites know to offer me particular recommendations? How do voice-recognition systems recognize so many different voices and accents? How can systems do facial recognition with so many faces out there?

AI and ML are absolutely critical, no two ways about it, but they share a particular problem: AI and ML and all their children start with a human. Statistically speaking, that human is probably male. Someone(s) had to write that code, and in writing that code, they cannot help but introduce some bias into the system they are designing. For example, an audit by Harvard University showed that facial-recognition algorithms consistently had the lowest accuracy for dark-skinned women and the highest accuracy for light-skinned men.   In an ideal world, the developer is a member of a highly diverse team where biases are quickly identified and dealt with in the code before anything goes live. I like that world. I want to live there. 

Unfortunately, that’s not the world we currently live in. I can point to a gazillion articles that say women and minorities are not well represented in tech (keeping the focus on AI and ML, I really like this article from Wired). If biases aren’t dealt with in the development phase, we are going to see all sorts of problems. In fact, we DO see all sorts of problems, in healthcare, in criminal justice, in hiring systems… the list goes on. I can even point to how the algorithm can drive individuals towards extremist views

Mitigating the Bias in AI/ML

All that sounds pretty dire. Is the value of having speedy search engines enough to justify the societal costs of biased AI? That’s the question, isn’t it. If there was no way to address bias in AI and ML systems, then I’d probably say no, it’s not worth it. But, if it all worked as designed… Medical treatments could happen at the very earliest moments where interventions would be most useful. People could get the support they need before they make life choices that will get them arrested. Hiring systems would actually be neutral and fair, and not solely dependent on human judgment (still a little dependent, though). Heck, AI could even start generating its own datasets!

It’s not like we don’t know that bias in these systems is a problem. There is quite a bit of literature out there on how to handle it, too. Do a web search on “how to prevent bias in AI”. I personally can’t decide which article to read first: the one that promises three ways, four ways, six ways, or seven ways to reduce or mitigate bias in AI systems. And this is just the popular content out there. Going to a site like Google Scholar will net you properly researched studies from real data scientists on the topic. 

Even the Organisation for Economic Cooperation and Development (more commonly known as the OECD; think high-powered, treaty-based, international organization) has guidance for how AI should be designed. No one is required to follow those guidelines, but they’re a good place to start. Microsoft, a company that does quite a bit with AI, has some pretty extensive guidelines and governance as well. So there is hope and some established guidelines out there. 

What it Means for You

So, what does this mean for women (and everyone else)? Well, since I’m not Queen of the Universe (if I were, I would wave my magic wand and get equal representation in the fields of automation, AI/ML, and all of tech for that matter) I’ll just say: be aware this is a thing. Know that the data you put into the system, be it a streaming service, search engine, or social media site, will automatically influence what you’re going to see in ways that might be really hard to stop. You (or your doctor) are going to be shown curated material based on what the supersmart algorithm and its buddy, machine learning, think you want (or need) to see. Maybe it’s right, maybe it’s wrong, but what you’re being shown is only a small slice of the information pie, and it’s based on what a computer thinks you want to see. Your medical care provider might not even realize that they are also relying on AI to help them be more efficient in how they handle patients, and that information might be right (or not) as well. 

Just because the computer told you so, doesn’t mean it will always be correct. Feel free to question what you’re seeing, or feel free to feed it more data so that music selection on your streaming service is exactly what you want. 

Posted by heather, 0 comments
The Metaverse: A Parallel Dimension

The Metaverse: A Parallel Dimension

A few weeks ago, my mother, a lovely woman who really loves cruise ships and social media, called and asked: “So, what is this metaverse thing?” 

Is there a single media site that isn’t talking about the wonder, glory, and confusion that is the metaverse? Companies like Meta (aka, Facebook) are putting BILLIONS of dollars into their interpretation of it. Alphabet (parent company of Google) is, too. Across the board, there’s a lot of money floating into an idea that hasn’t truly been defined yet.

The best definition I have for you? 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

Ultimately, the idea of the metaverse isn’t about a NEW technology or platform, though that might end up being part of it. It’s about how people interact with the digital world we already know.

The idea of blurring the boundaries between the virtual and the physical isn’t new. Second Life is a multimedia platform that has lived this idea since well before “metaverse” was used as a word outside of science fiction (it was first mentioned in the sci-fi novel Snow Crash in the early 90s!). The problem Second Life had when it started back in 2003, though, was that the technology wasn’t available to support the vision. 

But, that was nearly 20 years ago. Twenty years ago, when Apple was just launching the iTunes store. Google hadn’t started trading on the stock market (that didn’t happen until 2004). Facebook wasn’t even a thing. AND, most critically for this conversation, the fastest broadband Internet speeds in 2003 were around 500 kilobits per second (kbs) for downloads, as compared to 1000 megabits per second (Mbps) today. (Just to throw in some math, 1 megabit equals 1000 kilobits. So, yeah, Internet speeds are sooooooooo much faster today!)

For people who have access to the Internet today (and remember, a third of the world does not fall in that category), this metaverse thing has a lot of potential. Some of that potential is fantastic: experience new cultures, see the world from new perspectives, try on jeans at home without having to wait for them to physically arrive, yay! 

The metaverse is almost like a parallel dimension—it blurs the lines between the physical world that you and I know and the virtual world…like artificial reality and cryptocurrency. 

But what about the fact that there will be greater difficulty in protecting personal privacy and more opportunities for cyberbullying, adding to the digital divide? Either way, the potential for both good and bad is there, and all it needs is people to take the idea and run with it, defining the details as they go.

If I were Queen of the Universe (which I’m not, but I’ve got my tiara ready), the big companies that are trying to win the race to BE the source of the metaverse would focus instead on HOW to make their metaverse ‘neighborhood’ interact with other metaverse hosts. Which may sound simple, but if you’ve ever played a computer game with online stores, imagine trying to use Game A’s credits in Game B’s store. At least today, that’s just not going to work. Could it in the future? Sure. It happened with the Internet. Email flows whether you’re using Outlook or Gmail or AOL. Websites can be viewed from completely unrelated browsers; with some exceptions, you can surf the web whether you’re using Safari, Chrome, Firefox, Brave, Opera. So, can new protocols be developed that would allow metaverse functionality to work across platforms? Absolutely. We’re just not there yet. 

So, what is the metaverse? It’s an idea, currently being explored by lots of different people and organizations, to blend the digital world with the physical world. The idea as it stands today is pretty far ahead of what’s currently possible. We’re a lot closer, though, than we were twenty years ago.

Photo by julien Tromeur on Unsplash

Posted by heather in Web3, Mosh Pit, 0 comments
So, About Those NFTs…

So, About Those NFTs…

NFTs, or Non-Fungible Tokens, are almost as popular to talk about as cryptocurrency these days! But where crypto has at least some analogy to the physical world (it’s all about the forms money can take), NFTs are an entirely different kettle of (virtual) fish. NFTs are about establishing a virtual asset that is unique in and of itself and has no interchangeable equivalent.

Coming back to one of my favorite resources, Investopedia, they say:

“Non-fungible tokens or NFTs are cryptographic assets on a blockchain with unique identification codes and metadata that distinguish them from each other. Unlike cryptocurrencies, they cannot be traded or exchanged at equivalency. This differs from fungible tokens like cryptocurrencies, which are identical to each other and, therefore, can be used as a medium for commercial transactions.”

A great definition, but that’s only if you know what “cryptographic asset,” “blockchain,” “fungible,” and “cryptocurrencies” mean. Let’s start there.

  • Cryptographic asset: A digitally expressed piece of information that uses cryptography such that it cannot be copied or duplicated
  • Blockchain: A technology in many ways like a database that has pieces of itself distributed across the internet that cryptocurrencies use to support their claim of being uber-secure and highly resistant to fraud.
  • Fungible: This basically means mutually interchangeable with another item. A dollar bill is a fungible asset—any one modern dollar bill (or bitcoin) is completely interchangeable with another modern dollar bill (or bitcoin).
  • Cryptocurrency: See more about this in our previous blog post. We describe crypto “as defined by Investopedia … is “a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend.”

Back to what that means for an NFT: an NFT is a unique digital record for an object. You can buy or sell the NFT, but you can’t make duplicates of it, nor can you change it. And if you do buy or sell it, the original record gets a note that the exchange happened. Every future exchange adds another note, thus keeping the full record of everything that’s happened to that unique digital record.

The technology that enables this is called a blockchain, which as described above is a very special kind of technology that has no single, centralized “home” where all the data is ultimately stored. Blockchains are (often) decentralized, and everyone who engages with that blockchain is part of the process to validate the addition of any new information (or block) to the chain.

Now let’s talk a bit more about what you can do with an NFT. One popular use case is that of artists. Artists create things, but once their thing is sold (and sometimes even before that), they lose all control over that asset. If the asset is resold, the original artist usually doesn’t see any commission. An NFT can serve as a receipt that makes sure that every future transaction gives the artist some additional compensation for their creation. This is a potential game-changer for artists, but it’s not perfect. Here’s where we touch on some of the biggest misunderstandings in the NFT world:

The NFT is the receipt. It is not necessarily the actual item. Someone can create an NFT for a digital or physical object; that does not necessarily give the purchaser the right to have and hold that object. They may just have some percentage of the object or, in more nefarious situations, they may have been sold something the creator of the NFT has no right to actually sell. And for digital objects, assigning the object an NFT does not mean that all copies of that object are magically associated with that NFT.

Think of it this way. You have a photo on your phone that you received fantastic feedback on from your friends when you posted it to Instagram. You decide you want to make it into an NFT so you can sell it. You can do that … but all those copies already out there, which are visually indistinguishable from the original, are not protected. Don’t confuse an NFT with copyright!

That said, you may still have questions. After all, SURELY something that has net a person $3 million US dollars (way to go, Jack Dorsey of Twitter) must be something big! Right? Well, to be honest, I can’t explain that. The problem content creators like artists have when it comes to being fairly compensated for what they do is a problem. And if the world were a fair and reasonable place where NFTs would magically make the assets the NFT provides a receipt for somehow different (like different in appearance, or different in how people might see them online) then maybe this would justify the NFT craze.

The NFT is the receipt. It is not necessarily the actual item. Someone can create an NFT for a digital or physical object; that does not necessarily give the purchaser the right to have and hold that object.

Alas, the world is not a fair and reasonable place. Today’s use of NFTs often enters into the realm of the absurd. What many people are hoping for, however, is that NFTs will provide a powerful mechanism in the world of Web 3 to encourage more content creation with fair and enforceable concepts of ownership and compensation. 

If you’d like to watch a particularly entertaining skit on NFTs, Saturday Night Live recorded a fun session on it. If, however, you’ve got time and want a really deep dive into a skeptic’s view of NFTs, there’s a two-hour video on YouTube for you. Still, never let it be said that there aren’t some really strong voices out there in favor of NFTs: read about Animoca’s success in the NFT economy.

And if what you’d really like to do is to start investing now, well, as ya like. You might want to talk to your financial advisor.

Photo by Shubham Dhage on Unsplash

Posted by heather in Web3, Line Dancing

Cryptocurrency: Creepy…Or Awesome?

Crypto. Blockchain. Digital Currency. Bitcoin. From the front page of the New York Times to Reddit posts, lots of terms are floating around that most people know have _something_ to do with money and tech, but they aren’t quite sure of the details. And, given the host of ads that ran in this year’s Super Bowl, people are bound to become even more crypto-curious.

If you are one of them, this article is for you. We’ll start with a list of some of the more common words used in the media, and then talk about what this all actually means for the world today.

  • Crypto used to be (and still is in some circles) short for cryptography, the study of making communications between two parties absolutely secure (there’s usually a lot of math involved). But these days, crypto is almost always about cryptocurrency.
  • Cryptocurrency, as defined by Investopedia (great resource if you’re not already familiar with it), is “a digital or virtual currency that is secured by cryptography, which makes it nearly impossible to counterfeit or double-spend.”
  • Digital Currency, coming back again to Investopedia, is “a form of currency that is available only in digital or electronic form. It is also called digital money, electronic money, electronic currency, or cybercash.” Some organizations in this space insist that there is a difference between digital currency and cryptocurrency, saying the former has national backing in the same way that governments back the euro, the dollar, the peso, and so on. They see the latter as outside any government backing, so you’re on your own if you invest in the cryptocurrency space.
  • Bitcoin is one expression of cryptocurrency, and is currently the one with the biggest market share in the crypto space. 
  • Ethereum is another big name you might hear, and it is a cryptocurrency like Bitcoin, holding quite a bit of the market share itself.
  • Blockchain is not a cryptocurrency. It is a technology like a database is a technology, though in this case it is a technology that cryptocurrencies use to support their claim of being uber-secure and highly resistant to fraud.

So now you have some basic terms, and for the sake of this article, I’m going to hold that  “cryptocurrency” includes digital currency backed by governments and cryptocurrency backed by anyone else.

Cryptocurrency is definitely a concept that’s making waves in the world, and more than with just the geeky crowd. There are entire countries getting involved in this space and making it a financial reality to be reckoned with. n an individual level, popular financial management companies like Betterment and Personal Capital are offering cryptocurrency options as part of their investment portfolios. Crypto is _everywhere_.  

OK, fine, but is it really REAL? I mean, how real can it be if it isn’t a physical asset, and it isn’t backed by gold, silver, or a government’s promise? Well, let me ask you a different question: Why do you believe the piece of paper in your (physical) wallet has value? Probably because when enough people believe in the value of crypto, the perception becomes a reality. When people stop believing in it, you have something like a bank run, and if you get enough of those, you can entirely trash a nation’s (or even a world’s) economy (there’s some interesting research regarding bank runs and the Great Depression, if you’re interested in some ‘light’ reading on economic theory—ha!).

Ironically enough, cryptocurrency started to take off as a popular topic of discussion around 2017, as the first big ‘bubble’ formed and then burst. Bitcoin dropped 65% of its value in 2018 to about $3500 per bitcoin, and everyone was talking about it. Enough people talked about it that they (apparently) got very excited about buying these new, speculative thingies while they were on “sale” due to the crash. Now Bitcoin is back up to being worth about $44,340. It’s an amazing rollercoaster of speculation.

As with all market speculations, you’re going to find people who believe Very Strongly in the thing they are buying. You’re also going to find people who believe Equally Strongly that it’s a scam. And, you know what? They’re both going to be right. Cryptocurrency has value as long as people believe that it does. Enough people currently believe this is the future of the finance industry that they’ve convinced governments to ride the wave, providing further apparent legitimacy to the idea. And, like every market-driven enterprise, the value will go up and down in cycles—it is no more a “sure thing” for investment than gold. (Example: Do a search on “can never go wrong buying gold” and you’ll find as many articles suggesting “never do it” as you will articles about how great of an idea it is to buy gold.) If you’d really like to geek out on the technology behind cryptocurrency and how some people argue that it’s better than humans at determining monetary policy, this article in Wired might be for you. 

Finally, just a note, this article is to offer you a quick reference for the key terms you’ll see in articles about the crypto space. It is not financial advice; your acceptance of risk in your investments is all up to you. But as with everything covered by IFM, we hope you’ll find our information helpful in making informed decisions!

Photo by Jp Valery on Unsplash

Posted by heather in Web3, Line Dancing, 0 comments
Web3 – It’s About Disruption

Web3 – It’s About Disruption

To understand Web 3, it helps if you’ve read Malcolm Gladwell’s The Tipping Point: How Little Things Can Make A Big Difference. Not because that book has anything to do with the web, but more because it gets into market disruption and why it happens. In a nutshell, innovation gets things started, then adoption happens … and happens … and happens … until it is just a BFD and there isn’t room to innovate anymore, and so people decide “I can do this simpler/better/faster!”  They abandon the big, stable thing in order to get back to innovation. And then the innovation is successful, and adoption happens … and happens … You get the idea. 

Web 3 is like that. It’s a reaction to the fact that Web 2.0 is this thing driven by a few successful, ginormous platforms, leaving little room for out-of-the-box innovation. The market is pretty darn stable compared to where it was even a decade ago. And there are people out there who desperately want to innovate. It’s cool and fun, after all. And maybe, if they innovate well enough, their ideas will grow and grow and grow, and they will be wildly successful and everyone will throw money at them. 

There’s nothing wrong with a desire to innovate and to break a market apart to support new ideas and technologies. The main challenge with understanding Web 3, though, is that the marketing of what it means to be Web 3 doesn’t match the reality of what people want or can be expected to do. So let’s take a step back and look at what the web was initially, what it is today, and what Web 3 promoters say it’s going to be.

In the beginning, there were a few computers networked together, starting the Internet. It looked a lot like this:

(Source: nasa.gov)

Just a couple of computers, connected to a couple of other computers, mostly with black screens and green text. The thing that became the Internet (the Arpanet) started in 1969, and it looked a lot like that for a while. When the World Wide Web kicked off in 1993, it was based on that model where people were in charge of their own computers and everyone was able to share content everywhere. This is called a “decentralized” environment. No one in charge, cats and dogs living together, it was glorious anarchy. OK, maybe not anarchy. But there really wasn’t anyone particularly “in charge” leaving a greenfield ready and waiting for innovative ideas to happen. 

Here’s the thing, though. My mom does not want to do all the stuff on a computer that’s needed for it to share content like that. She’s not going to run server software (and make sure it’s patched). She’s not going to set up a dashboard so she can clearly see and manage who has been allowed the different bits of information about her.  But that’s ok! Innovation happens, and suddenly there are companies willing to make it easy. To do the value-add of hosting a computer for you. Heck, they’ll do EVERYTHING for you, so all you have to do is throw money at them, upload your cat photos, and you’re good to go! There used to be a lot of those companies, but a few became really, really successful. And a trend towards fewer, bigger companies is centralization and that’s at the heart of Web 2.0.

So if a decentralized model was Web 1, and centralized was Web 2, then what’s left for Web 3? Well, here’s where it gets a little complicated. 

The promise of Web 3 as made by the people motivated to make it a thing is the promise of decentralization. It’s power to the people! Innovation in everything from finance to personal records to digital identity! People will be able to take control of their own online experiences in ways that haven’t been done before thanks to new technologies like blockchains. Think of it as a reaction against “you’re not the consumer, you’re the product” as companies sell information about you to other companies, leaving you with advertisements and them with money. If you have ultimate control over your own information, then the world can only be a safer, more personally profitable place.

Doesn’t that sound lovely?

Now step back from the lovely picture and think for a minute about what that actually requires. Let’s start with the “you control all the information about you” (like your name, your phone number, your email address, your age, your location, your preference for cats instead of dogs, your sexual orientation, your political orientation, and so on and so on and so on) and therefore who gets to see it. That means you need to keep on top of that information, sometimes making sure it’s verified by a third-party (e.g., a government agency). You need to respond to every request for that information by companies that are offering you stuff. You not only have power, you have _responsibility_.

Let’s be honest, that gets really tedious. It gets worse if part of the power means running stuff on your own computer, which, back in Web 1, used to be pretty easy. It’s not like computers went anywhere. They were these big things that plugged into the wall 24/7. Now, ‘running stuff on your computer’ could mean your phone, or your tablet, or your laptop, or your desktop, or even your watch. 

And here’s where innovation tends to strike. There are people out there who, for a small (or medium, or large) fee, would be more than happy to make this easier for you. To build a platform that would take care of lots of the details for you so you could get back to your cat photos. At first, there will be lots of little platforms, all trying to differentiate themselves with various value-add features to the underlying technology to improve their own adoption. And adoption will happen … and happen … and happen… until the most adopted wins, innovation is stifled, and how on earth did we get back to this part of the cycle again? What you’ll have is some strange combination of centralized platforms supporting decentralized technologies, combining the best and worst of Web 1 and Web 2.

Since we’re at that point in the cycle where we have really big, successful players AND a really solid attempt at disruption by lots of innovative little players, this is a space that’s filled more with hype and ideals than solid services and market definition. It’s different from the same point in the cycle that was the difference between Web 1 and Web 2 because there are so many more people online today and computers are capable of so much more. People like my mom have expectations about what her user experience is going to be like online, and not a whole lot of patience with technical details. There are people who are ‘born digital’ that are more comfortable with technology and yet have an expectation that much of the hard work of offering online services will just be … taken care of. So, yeah. It’s not the same world as the first major shift in the nature of the web. It’s a world where literally everything is promised, and anything can happen, but the thoughtful human will take a moment and really think about the implications of the hype before they dive in.

If you’d like to dive a little deeper into thoughts on Web3, you might find Fabio Manganiello’s blog post “Web 3.0 and the undeliverable promise of decentralization” and Moxie Rosenfeld’s (more commonly known as Moxie Marlinspike) “My first impressions of web3” interesting, though a bit more technical. 

Posted by heather in Web3, Mosh Pit, 0 comments
But How Did They Know? How Ad-Tracking Actually Works

But How Did They Know? How Ad-Tracking Actually Works

Now you’re probably thinking, “how on earth did all those sites know about my interests like that? And what else is using that information about me as I surf the web?” 

Friends, here’s what you—and your online identity—need to know.

It involves (among other things) cookies, decorations, and auctions.

First, let’s talk about cookies! …

Not all cookies are bad—nothing is ever quite that simple in the world of technology. They also make things like logging into a site work so that you don’t have to login again… and again… and again… every time you go to a different part of that site.

What can you do about this? Every web browser has a place in their preferences that lets you turn off cookies. If you like, you can do that, but be warned. You’re paying for your privacy by giving up some of the whizbang features on the web. You will have sites that say “we won’t work if you don’t feed us cookies!!!” 

Ah, cookie crumbs: They’ll let a tracker follow you everywhere, but they’ll also make logging in a lot easier.

Verse 2: Making Web Addresses Attractive… for Advertisers

OK, so maybe you have put your browser on a diet and are willing to pay the price of privacy. Lots of people who really don’t want that kind of tracking to happen do that. But cookies aren’t the only way to track a user. There is also something called “link decoration.” This lets a site learn what brought you to them. Was it an email campaign? A content aggregator like Pocket?

Here’s what link decoration looks like: 

So, that link tells the Seattle Times that I visited their site because I followed a link from their Morning Brief email list, and that I am an active subscriber. They’ll be able to tick their own marketing box to say “Yep, looks like email campaigns work with this one! Let’s do more of those!”

Just like cookies, though, link decoration is used for more than just tracking. It has important, legitimate uses for some pretty common authentication services, too. But wait, there’s more! This feature is also used for lots of search functionality.

Link decoration: It’s about letting the websites know what worked to get you in the door so they can do more of that, but it’s for stuff you need, too.

Verse 3: The Advertising Auctioneer

And now to blow your mind a little bit, let’s look just a bit into how specific ads from specific companies are put in front of you. This is the magic of something called Real-Time Bidding! This only works because the Internet is blindingly fast for most, especially compared to the days of old-school dial-up connections. The activity goes like this: 

  1. You visit a website. 
  2. The website has a space on it for an ad. 
  3. That space includes a piece of code that says “go to this ad exchange network, and take information about this website AND information about the user (either via cookies, or any uniquely identifying information about their web browser and how it’s configured) AND the physical location of the user ‘cause their phone knows that and send it all to the ad exchange.” 
  4. The ad exchange has a list of advertisers who have preloaded information on what they’re willing to pay to promote their ad based on specific criteria about the website, the user, and even who the user is physically close to. 
  5. The ad exchanger immediately figures out who wins the auction and returns the winning ad to be embedded in the website. 

All this takes milliseconds

Real-time bidding: the Internet is fast enough to stream movies… and to sell targeted ads in real time.

Coda (wrap up)

Here’s the thing. I don’t know about you, but I personally don’t care if the advertisements I see on the web relate to things I might actually be interested in. I’d rather see ads about cats than I would about diapers, for instance. (I really hope I don’t start seeing ads about diapers for cats now.) However, I do very much care if my information is used to target me for hacker attempts or political manipulation. The techniques used by legitimate advertisers to target ads are exactly the same as other groups might use for more nefarious purposes. The technology can’t tell the difference. So, because I care more about the possibility of bad actors than I do whether I see diapers for cats, I’m going to care a lot about how to protect my privacy on the web. 

If you’re reading this and vigorously nodding your head, here’s how to take back control of your online privacy. 

  1. Look at the configuration settings for all the web browsers you use and really think about the privacy and security options.
  2. Think twice about clicking on a link in an email. Instead, go ahead and type in the direct web address instead of letting a link take you there.
  3. Use a private or incognito window when you can so it clears out any cookies or history at the end of the day when you close the browser window. (And close that browser window Every. Single. Day.)

Photo by JESHOOTS.COM on Unsplash

Posted by heather in Surveillance, Line Dancing
Wait, You Mean Digital Identity is an Entire Industry?

Wait, You Mean Digital Identity is an Entire Industry?

So there I am, enjoying my first neighborhood barbeque in YEARS, chatting with one of my neighbors about what it is I do.

Me: “I work with people and organizations developing standards for how to use digital identity.”

Them: “I have no idea what that means.”

Me: …

Hmmm. Now if that wasn’t a trigger to try and educate this poor soul who was just trying to enjoy a veggie burger and a beer, I don’t know what is! Because digital identity is an AWESOME field. Seriously, an understanding of digital identity opens doors to careers in… just about everything: gaming, education, health care, government, commerce, enterprise, research… The list goes on forever.

But I totally get why they answered that way. 

Digital identity may be part of everything online, but so are a lot of other technical bits and pieces that make the Internet function. After all, there are only so many hours in the day to learn ALL. THE. THINGS. Still, digital identity has the unique characteristic of being about YOU. So not only is this a career field with limitless possibilities for you, it’s also important for you to know what happens with data about you when surfing the web.

So, let’s take a quick look at a few ways that digital identity impacts different industry sectors, and most importantly, how digital identity impacts you. 

Digital Identity and… Research

The expansion of the universe aside—even though that’s still hotly debated by scientists—there is no such thing as limitless growth. Whether you’re considering the question of how to continue to sustain life on Earth, how to sustain the needs of a business, or how to sustain your own lifestyle, you have to understand what types of resources you have and what resources you’re spending. And that understanding requires data. Lots and lots of data.

Here’s the thing about data, though. Who should have access to it? At a personal level, you probably don’t want everyone to have access to your financial information and budget, but you probably do want people to know what pronouns you prefer. You don’t want *everyone* to have access everything, but you do want *some people* to have access to some things. And you need to be able to specify who gets access to what.

Congratulations, you’ve now entered the realm of digital identity

Digital Identity and… Education

OK, so let’s switch over to education. The educational sector is about students, faculty, and staff. It’s about parents, school boards, and support groups. It’s about teaching and learning specific things, but it’s also about students needing access to online learning materials. Even if your school doesn’t support remote learning, though, you may still need access to online books and journals that your school has paid for you to have access to.

Or, let’s get fancy again! Maybe you need to switch schools, or you’ve applied to college. You and your current school need to transfer your transcripts digitally. That means there needs to be systems that identify who is a student at a given school. They need to also identify who is a teacher. Perhaps the school needs to create accounts for someone to pay the bills. Different types of people need to be identified so they can be offered only as much access as they need, and nothing more.

Oh look. You’re back in the realm of digital identity—knowing who’s who, and using that to decide who should have access to online information.

Digital Identity and… Commerce

But wait, there’s more! Even if you’re done with school, don’t have a budget to speak of, and you aren’t a scientist to worry about big data sets, you probably still buy things online. And it’s really disturbing if someone else accesses whatever accounts you have and buys things with your information. To make it worse, now the bad guys stole data about you, created new accounts with new online services that look legit, but mess with your credit score or spend your money.

Or, let’s look at it another way. In the United States alone, several organizations that study this kind of thing suggest that nearly $900 BILLION was spent online in 2020 alone (Google it, you’ll see). This is what’s called a lucrative field and EVERYONE wants a piece of that pie. They want to target information so it has the most impact on you, because that impact means you spend money with them, or you support their cause, or you follow them to a website equivalent of a back alley where they can steal your information. Protecting against fraud is crazy important, and managing digital identity is a critical piece of that.

Geez… does this realm of digital identity ever end?!

Wrap up

OK, so at this point you’ve probably got the idea. If there is any question of needing to control or restrict online access to ANYTHING, then you’re talking about a site, service, or industry that depends on digital identity. To break that down even further, if you have to login, there is something on the other side that’s handling digital identity. Once you understand that, you can think a bit more about what that means for your personal identity, and it also gives you a target to build a career that spans everything.

Posted by heather in Mosh Pit, 0 comments