I had a great time this weekend editing Wikipedia at the San Francisco satellite of the Art+Feminism edit-a-thon. Check out the venue:
There were a few dozen people there, mostly new to editing, all excited to contribute some work. And we got a lot of great stuff done! I spent most of the day teaching people how to use the markup (lots of people needed additional help with the citation format) and finding information about the reclusive but increasingly popular artist Lutz Bacher. I hadn’t heard of her before, but in the course of putting together that article I became very interested. I am now trying to get my hands on an early copy of a new major book of her work to see if there’s anything I can add to her bio.
It’s always great to see people make their first few edits, and people were so excited to make a new page and all of a sudden have the thing actually be there and available online. I think that Wikipedia’s ubiquity has really had a lot of influence on that process: people have used hundreds or thousands of articles before, and now they can actually make their own, and it’s a full-fledged part of the site immediately. That’s great.
Another fun thing was talking to people about copyright. Obviously, since the event focused on artists, people wanted to include images and art from the subjects. Sometimes I feel that the case for copyright reform and a freer culture requires a lot of abstraction, but this situation was dramatic and concrete. I probably converted a number of new copyfighters that day.
The results are impressive: dozens of new articles created, dozens more cleaned up or improved, and countless new people editing Wikipedia and slowly—but surely—improving the quality of representation for all kinds of issues.
I’ve been disappointed to see a lot of journalists get a recent story about security breaches and Yahoo Mail wrong. In particular, I worry that this kind of misleading reporting will contribute to worse security practices for both the companies that users trust with their data, and the users themselves.
First, here’s what happened: Yahoo reported on its Tumblr that it had detected “a coordinated effort”—basically, an attack—by somebody trying to gain access to user accounts. Yahoo deserves some credit here for reporting that information, and also for taking the good next steps of resetting passwords of affected users and “implement[ing] additional measures to block attacks.”
This is not an attack on Yahoo. It’s the predictable result of a leak of somebody else’s database. Let’s call the origin of that database Company X. Company X’s database contains both user email addresses and passwords to log into Company X’s site. But if Company X users had the same password to log in to both their email account and Company X’s site, it’s trivial to take the leaked information and try to log into email accounts with it.
That’s what it sounds like happened in this case. Yahoo detected somebody using this leaked database to try to get into many different user accounts and proactively changed passwords to mitigate the risk for people who reuse password.
That’s where the real danger is: misunderstanding this kind of breach as the result of bad security by Yahoo, and not bad security by users. The right way to mitigate this problem is to never reuse passwords, and certainly never to reuse your email account password. Note that this entire attack fails completely if users’ Company X passwords are different from their Yahoo Mail passwords. The best way to use good and unique passwords is to use a password safe like KeePass X or LastPass and have that program generate a new one for each site.
This is good advice everywhere, but absolutely critical stop-reading-this-blog-post-and-do-it-now advice for email accounts. Email addresses are both uniquely vulnerable targets and valuable assets for attackers. A leaked database from some random site won’t include information about your credentials on other websites except your email. And compromising an email account can get an attacker master keys into other accounts. They can search for banking info, for example, and have your super-secret bank password reset with a “Forgot my password?” email reset option.
Given those heightened risks, you want your email provider to be especially vigilant. When they detect any kind of attack, you want them to take action. I worry that if the press reports this kind of sensible reaction as if it were a screw-up, it will discourage other companies from following suit.
For the first time in a long time I have started a new article on the Wikipedia. This one’s about Michael S. Rogers, Navy Vice Admiral and presumptive nominee for Director of the NSA and head of the U.S. Cyber Command. These two jobs are the one being vacated by General Keith Alexander after he retires in mid-March, and obviously it’ll be kind of a crazy time to be taking over the NSA.
I thought a long time ago that it would be harder and harder to create new Wikipedia articles as most everything is covered by the million-plus pages on the site. But of course, the list of notable things will never stop growing right alongside.
It seemed especially important that Michael S. Rogers have a page now, because he’s likely to be in the news a lot more if he actually does get the nomination, and it’s perilously easy to confuse him with Michigan Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence.1 These two men have a lot of overlap in their jobs, it’ll be interesting to see how the national security community decides to disambiguate them.
It’s also nice that there’s a public domain photograph of the guy from his Navy bio. That made the page come together and look like a real encyclopedia article quickly. I’d forgotten the feeling I get when I first make an article—I keep hoping somebody else will come along and edit and add and flesh the thing out. I guess that will happen pretty quickly if he gets nominated and confirmed.
One of the excellent things about running Copyright Week—and there were many—is that copyright activists around the world gave some top-level overviews about what is going on in their countries. Two of my favorite came from regions where copyright reform has been long promised but yet to materialize: Australia and Brazil.
The Australian Law Reform Commission (ALRC) has now delivered its final report on Copyright to the government. Current copyright exceptions have not kept pace with the digital world, and don’t adequately protect important internet-related activities such as caching or cloud computing. From a consumer perspective, sharing photos (when you don’t own the copyright) on sites such as Facebook and Tumblr is off-limits – unless you have permission from the rights-holder. Or, in a professional context, you can watch a video on YouTube, but you can’t include it in a presentation to colleagues at work, or for a conference. (Check out other examples of how Australia’s current copyright law is out of touch at the Australian Digital Alliance’s #copywrong site.)
The Attorney-General announced in December that the ALRC recommended “the introduction of a flexible fair-use exception as a defence to copyright infringement”, similar to that in place in the US.
…what is most troubling about the future ahead is that the entire copyright reform process could lose considerable momentum in 2014. A lot was already lost during 2013, considering civil society has turned its focus to Marco Civil. On top of that, the Snowden leaks and the upcoming Global Multistakeholder Meeting on the Future of Internet Governance, to be held in São Paulo, have turned copyright into a secondary concern. Privacy and surveillance seem to have taken the front stage.
It’s great to follow copyright around the world, especially as deals like the Trans-Pacific Partnership threaten to export laws from all different countries. So it’s nice to have people in these countries laying out what’s happening on the ground there.
I’m having an issue on Android where every time I type the letters D-O-N-T it corrects to “DONT” (and not “don’t”). I can’t figure out to fix that, but in my attempts I came across my personal dictionary of words I’ve added to the spellcheck. I think this list is pretty hilarious. Here it is, in its entirety:
