Do you lie enough? You probably need to lie more often!
When filling out online forms that is.

Since the GDPR, the EU data protection rules, came into effect last year, many companies struggled with getting their online forms compliant. Some don’t really try, others think they’ve done it well but really haven’t, and a tiny minority actually really adapted their order flows and forms to adjust for the GDPR. (Although GDPR mostly aren’t new rules, btw, it’s just that non-compliance costs a lot more).

Since not all forms are fully compliant, I routinely fill in false information. If they don’t limit their data collection, I will take the responsibility on myself to create as much noise in their data as is prudent.

Yesterday I ordered something from an on-line retailer. The form that asked for where to send my order didn’t indicate which fields were mandatory, but clearly contained fields that weren’t GDPR compliant if they were.

I filled out only the things needed to complete the transaction, which is the delivery address, and an e-mail address or phone number to keep me informed of the process. They also asked for my birthday (we’ll send you a birthday greeting!), which at least wasn’t mandatory, and shouldn’t really be asked for such a frivolous reason.

Turns out the name (first and last name fields) of the addressee was mandatory. Not entirely unexpected, to ensure the right person at the address provided receives the package. This was after payment, and meant for the fulfilment partner. So they don’t really need a mandatory field for first name, nor a proper last name, as long as the receiver knows for who a package is.

I opted for the initials A.V.G. (the Dutch abbreviation for GDPR). And a last name that was incorrectly spelled. Previously I filled out a mandatory department name in my company as ‘Read the GDPR this form sucks‘.

20191003_100823

We probably all need to lie way more when filling out forms. Here’s the recipe.

For each field in a form

  • If it is not mandatory don’t fill it out. They are trying to get more data about you voluntarily. Unless you perceive a clear need for yourself (e.g. you want them to SMS you when the delivery van is 30 minutes away)
  • If it is mandatory, ask yourself how needed it truly is
    • if it concerns contractual aspects, your real name etc is needed. So you can rely on it later concerning warranty, tax purposes etc.
    • if there is no perceivable need, then lie, obfuscate or provide info that when read by a human is a reminder they should change their forms. “read the GDPR”… etc.

Elizabeth Renieris’ Hackylawyer blog is a very read worthy blog I’ve recently come across and added to my feedreader. This article takes the core principles of the EU GDPR and compares them to how this might play out in blockchain usage, or not. A good reference list for conversations I am bound to end up in with clients.

Read Forget erasure: why blockchain is really incompatible with GDPR by Elizabeth RenierisElizabeth Renieris (Hackylawyer)

The [post] is not meant as a commentary on the suitability of blockchain or GDPR, taking either in isolation. Rather, it is meant as an assessment of blockchain against the GDPR’s core principles. In this way, it is intended to provide a higher-level entry point into the conversation about the compatibility (or incompatibility) of blockchain and the GDPR, as well as a tool for reconsidering bold, an often unfounded, compliance claims.

Fifteen years ago today Elmine Wijnia published a paper “Understanding Weblogs: a Communicative Perspective” (PDF) for the BlogTalk conference based on her master thesis. In it she discusses weblogs as a communications medium and compares their role and potential a.o. with Habermas’ philosophical work on communications (Habermas’ work on this predates the web). I have a ‘on this day in….’ widget in my sidebar, and it showed me I had blogged about it back then.

From my posting then, I feel much is still the same, and much is still as key as then in bringing online expression and interaction forward.

In my view Elmine’s work does something very important, which is to firmly place weblogs in communications, and not put the fact that it’s technology-based first.

Having just organised an IndieWebCamp where technology is very much front and center, while I find we struggle to get broader involvement, this is a very pertinent reminder.

It describes what we actually do, in stead of which tools we use to do it.

This is a core element in my thinking about technology in general, unchanged in all these years. It is about what people do and can do. The agency that technology provides.

She positioned weblogs as a new medium because it combines three information patterns in itself, that previously stood on their own (e.g. in separate digital tools): consultation, registration, and conversation.

In part it feels like silo’s such as FB and Twitter break that combination of multiple patterns again, after weblogs joined them, and from which these silos themselves in turn emerged. The ‘back to the blog‘ urge I’ve felt and lived here in the past two years, is an expression of seeking the richness that the combination provides. My involvement in IndieWeb which tries to strengthen the ties between those patterns by adding new functionality to our blogging tools is also explained by it.

Because it allows better communication. Which is what matters. As Kicks Condor phrased it when he reflected on my information strategies

It is very focused on just being a human who is attempting to communicate with other humans—that’s it really.

Elmine and Habermas still point us in that direction. We can do better in this, and we should do better in this.

IWC Amsterdam day 2 focused on doing. We started with a round of idea pitches that the dozen people present intended to work on, as well as listing things people could assist with.

IndieWebCamp Day 2All work ideas on a ‘windows wiki’

Then we all worked in different constellations until lunch, which we enjoyed at Hannekes Boom. Lunch, just like yesterday, took a bit more time as conversations were animated. We got back to work later than planned therefore and moved our time for demo’s correspondingly. Demo”s were live streamed, with Frank joining us remotely. With a final group picture we closed Indiewebcamp Amsterdam.

Lunch Day 2During lunch

On the train home I am jotting down notes for future editions.

Find the local others
First of all, while we did have more local, meaning Netherlands based participants than last time, we didn’t get any tangible interest from the networks Frank and I have access to. Without the interest of the wider international Indieweb community and holding the event in conjunction with two similarly themed international conferences the event would not have been a success (We had just over 20 people on day 1).
Though for the Utrecht event last spring it might have been because we announced it relatively late, this was definitely not the case for the Amsterdam event. This I feel at least partly comes from not being clear enough in explaining the intent and purpose of Indieweb. That is most likely why three of us dutchies worked on Dutch language texts to draw more people in. E.g. by avoiding jargon until you’re sure the reader gets what you’re saying.

A better on-ramp for new participants
Organising an indiewebcamp is fun and not particularly difficult if you have done small informal events like barcamp before. I think we do need to become better at catering to all levels of proficiency so we can be more inviting to those we think we want to include, especially locally. Perhaps by having a few preset intro sessions as a track you can announce, in contrast to the otherwise unconference approach.

Eventbrite not fit for this purpose
Both for the IndieWebCamp Utrecht and for this Amsterdam edition I used Eventbrite for registrations. This I will not do again. First it feels like a clash with the IndieWeb spirit, and there are IndieWeb ways for this available. More importantly it leads to fake and spam registrations, as well as a higher percentage no-shows. Where for a more formal or bigger event, Eventbrite can be really useful (I’ve used it for organising international conferences with up to 350 participants), for small informal ones like this the promotion Eventbrite itself gives to a listed event through their own channels only creates unwanted noise. Meet-up might be more useful in comparison even, as that is based of building up a group of people, and then host events for them. That fits the model of seeking to create a wider active audience for IndieWeb much better.

Setting a rhythm
I think for next year doing two events is again a good option. We will need to work harder though to get a more local crowd. Having our IndieWeb colleagues from abroad visit us is great, and most welcome (to both ensure connection to the wider community as well as for the enormous experience and technological knowledge they bring with them), but not enough to sustain doing these events. Having two in a year may seem contradictory to this, but it likely can serve to set a more observable rhythm. A drumbeat that can draw in more people, and can mean someone not able to join one event may be motivated to commit to the next one if it’s already on the horizon. I think Frank and I would do well to fix dates early for both events and announce them both at the same time.

Ability to live stream
Being able to stream the sessions is a key element of IndieWeb events, but we’ve now depended both times on existing experience and gear from outside. In Utrecht Rosemary brought everything we needed from Vienna and set it up for us. In Amsterdam she volunteered to do it again but ultimately couldn’t make it. If not for Aaron also participating, we would have gone without live streaming as he happened to have the gear for two simultaneous streams with him.

Have a third organiser
Due to family circumstances the Utrecht edition was mostly done by Frank, and this Amsterdam edition mostly by me. Not a problem, and I felt fine doing it throughout, simply because I’ve done loads of these type of events. Yet, being able to hand-off things to each other makes for a smoother experience all around, especially facilitating during the event itself. Frank and I need to bring a third co-organiser on board I think to be able to set the pace of doing two events next year, and avoid that most of the work falls to just one of us. Again, not because it can’t be done, or was an issue, it really wasn’t, but it is a continuity risk, and it’s more fun together.

Frank during his demoFrank on-screen doing a remote demo of his work today

On my way to Amsterdam for day two of IndieWebCamp, that I’m co-hosting with Frank. Today’s focus will be on doing, based on the conversations and ideas we had yesterday. I’ve published a few pics on Flickr.

IndieWebCamp Lunch
The IndieWebCamp Amsterdam bunch at lunch

I have three ideas I might work on

  • Writing some Dutch language intro’s and explainers about IndieWeb, following up on the session about making it easier for people to engage with IndieWeb options
  • Figuring out how to flip the presentation of a quote/snippet and my remarks in my RSS feed (in a posting it is [my remarks] [snippet I’m discussing], in the feed it is [snippet] [my remarks]. This makes my content disappear from e.g. Micro.blog that presents my feed
  • Enable Webmention and Brid.gy on my company’s website, so we can directly tweet from posting something on the site, as well as receive interaction back to the site.

The first is I think the most important. The second is about figuring out how WordPress creates my RSS feed, and which plugins influence it. Likely takes a lot of time and frustration outside the scope of a day. The third seems the easiest, given my experience doing the same on other WordPress installs. So I’ll start with the first, and use the third as fall back plan.

Elizabeth Renieris and Dazza Greenwood give different words to my previously expressed concerns about the narrative frame of personal ownership of data and selling it as a tool to counteract the data krakens like Facebook. The key difference is in tying it to different regulatory frameworks, and when each of those comes into play. Property law versus human rights law.

I feel the human rights angle also will serve us better in coming to terms with the geopolitical character of data (and one that the EU is baking into its geopolitical proposition concerning data). In the final paragraph they point to the ‘basic social compact’ that needs explicit support. That I connect to my notion of how so much personal data is also more like communal data, not immediately created or left by me as an individual, but the traces I leave acting in public. At Techfestival Aza Raskin pointed to fiduciary roles for those holding data on those publicly left personal data traces, and Martin von Haller mentioned how those personal data traces also can serve communal purposes and create communal value, placing it in yet another legal setting (that of weighing privacy versus public interest)

Read Do we really want to “sell” ourselves? The risks of a property law paradigm for personal data ownership. (Medium)

….viewing this data as property that is capable of being bought, sold, and owned by others is in large part how we ended up with a broken internet funded by advertising — or the “ad tech model” of the Internet. A property law-based, ownership model of our data risks extending this broken ad tech model of the Internet to all other facets of our digital identity and digital lives expressed through data. While new technology solutions are emerging to address the use of our data online, the threat is not solved with technology alone. Rather, it is time for our attitudes and legal frameworks to catch up. The basic social compact should be explicitly supported and reflected by our business models, legal frameworks and technology architectures, not silently eroded and replaced by them.