Dan York

Just a guy in Vermont trying to connect all the dots...

Author's posts

Why I Am NOT Always Okay Being The Product (Re: Facebook and Ello)

Shel holtz productSometimes I'm okay being "the product", sometimes I'm not. I just want the choice... and to know who has access to my data.

Today Shel Holtz published a piece on his blog, "You say I'm the product of services I don't pay for? I'm fine with that.", and after first replying to Shel on Ello and then starting to do so again on Facebook... I realized I needed to just write these thoughts down in somewhere more permanent (and outside the walls of social networks). You know... go "old school" and reply blog-to-blog like we used to do before social networks...

I certainly realize that you are always paying for services in some form, either directly in money or attention (i.e. watching an ad before seeing something) or through information that can then be monetized via some other way such as ads. I also realize there are hybrid services where you are directly paying for part of the cost while advertising (potentially based on your data) is covering the rest of the cost. This has been the model for newspapers and magazines for quite some time (and pre-Internet, of course). It's the model for TV channels now (since in at least the US you are paying for cable TV and being bombarded by ads). It's the model used for a zillion different services we all use every day.

I get that.

TANSTAAFL - There Ain't No Such Thing As A Free Lunch

I get that. And much of the time I'm perfectly fine with that.

I use Gmail, for free, even though I know that Google is reading my every message and mining that for data to feed into their AdWords advertising machine. Like Shel, I use some "loyalty programs" where I know that I am getting a discount on my purchases in exchange for giving them my data.

Going Too Far?

But... I start to get worried about how that data might be used by others. For instance, Facebook's new "Atlas" advertising platform launches today (see also "Meet the new Atlas") and so now ads based on our Facebook data will be displayed on other websites we visit and also within mobile apps.

To Shel's point... maybe that's a good thing. Maybe we'll see more targeted and helpful ads that we may actually want to purchase.

But... who else is learning about what we are doing and saying inside of Facebook... and are we okay with them doing so?

Maybe I've just spent so many years in information security that I'm wary. I don't expect that advertisers outside of Facebook would learn my exact information... Facebook is far too protective of the actual data (for their OWN reasons, not out of any interest in protecting me). But there are ways that information can leak... or that aggregate information can be discovered. Our web browsers and other devices can leak a great amount of information about what we are doing and what we are seeing.

I'm not 100% okay sharing all that data with others.

I guess I don't necessarily trust Facebook to be careful with my data.

Choosing NOT To Be The Product

Shel mentions network television in his post, and certainly I, too, have seen some amazing shows that came about through the support of advertising. Similarly, I'm been a long-time fan of National Public Radio (NPR) and while it does not have "advertising", per se, it has "underwriting" which to the listener may wind up being similar (just less obnoxious).

But I have chosen to NOT participate in that process much any more. Our family doesn't have commercial TV. We are a "cord-cutter". What "TV" we watch comes at us without commercials through live streaming services. We are paying for a subscription. An impact, of course, is that we don't get some of the latest shows... nor do we get the current sports games... because those are all still ad-funded.

We made this choice in large part because we were tired of all the advertising. (And there are some philosophical reasons why I think the fact that our kids are growing up without watching commercials is a beautiful thing, but that's for a different article.) I've given up on most traditional radio, too, including NPR, opting instead to listen to podcasts in my car or use Spotify (which I pay for) or other streaming services in my home office.

Similarly, I have chosen NOT to participate in some "rewards" or "loyalty" programs offered by some stores or services. Oh, sure, I'm in various hotel and airline "frequent traveler" programs because I perceive that there are benefits. I am also in one for my local hardware store because I get a discount and I buy a significant quantity of products to where I'm okay giving up my data for a discount.

But there are other stores where I am NOT comfortable exchanging my data for a discount. Either ones I don't frequent all that often... or just ones that for whatever reason I don't trust.

I don't want to be their product.

Returning To The Topic Of Facebook and Ello

Shel concludes his post saying:

Ultimately, being “the product” doesn’t bother me, and I’m not inclined to abandon a network that works for me for a new one just because it doesn’t have ads.

He is, of course, responding to the Ello Manifesto and one reason Ello is getting a good bit of buzz.

I agree that simply "not having ads" is not a great reason to move from one network to another. And I don't expect that I will abandon Facebook... I still find it useful and enjoyable.

But I find I don't trust Facebook anymore.

Granted, I never really have trusted Facebook since I started using it back in 2007-ish... but maybe it's even more the case today. I just worry about the large-scale data mining.

THAT is a good part of why I'm continuing my explorations with Ello.

I'm looking for a place where I can share information with others - and yet feel that the privacy of my conversations and data are better respected than in other social networks.

P.S. And yes, I do realize the irony that all my Ello conversations are entirely public, which means that all of them can be picked up by that other master of data mining, Google, as well as any other data mining service... very much like all my tweets can be picked up, too. That's okay right now because I'm not yet intending to share anything on Ello that I'm not comfortable being public. But I am interested in what they may be able to do in the future to allow more private conversations.

P.S. And I also realize that I'm probably in a very small minority who care about data privacy and that the VAST majority of people out there don't even remotely care about what is done with their data...

Photo credit: Shel's blog

If you found this post interesting or useful, please consider either:

Verizon Wireless Hits 56% IPv6, T-Mobile USA 40%, AT&T 24%

The September 2014 World IPv6 Launch measurements came out last week showing continued strong growth of IPv6.  Verizon Wireless’ deployment edged up over 56%. T-Mobile USA is now over 40% IPv6.  AT&T is getting closer to hitting 25%. Telefonica del Peru crossed over the 10% milestone.  As Mat Ford wrote over on the World IPv6 Launch site:

We continue to see very encouraging growth in measured deployment across hundreds of networks both large and small.

And that is indeed the case!

Verizon Wireless IPv6 Growth in September 2014


Of course, not all the networks grew this month.  A few were basically flat and a couple registered declines, but the overall trend is certainly in the positive direction we would like to see – and this backed up by what we see from other IPv6 statistics sites, including Google’s IPv6 trend line that just went over 4.5% this weekend.

The reality is that IPv6 is being deployed globally – if you aren’t already making plans to ensure that your online content is available over IPv6 and your networks can work with IPv6, please visit our Start Here page to find resources tailored to your type of environment to help get started!

Tunisia Signs .TN And Arabic IDN TLD With DNSSEC

Tunisia FlagLast Friday Tunisia became the latest country to be able to offer people registering domains in their country-code top-level domain (ccTLD) the higher security and trust that comes with DNSSEC. On September 26, 2014, DS records appeared in the root zone of DNS for two TLDs:

People who subscribe to our weekly distribution of DNSSEC deployment maps will have seen in the email message that went out this morning a new bright green country on the northern coast of Africa:

Africa with Tunisia highlighted


The data files will also reflect the status of the Arabic internationalized domain name (IDN) .تونس  although the data files reference that as “xn--pgbs0dh”.

Now, it is important to note that while the TLDs themselves are signed with DNSSEC and have a DS record in the root zone of DNS, this does NOT necessarily mean that second-level domains under these two TLDs can sign their domains and submit the DS records to the TLD registries.  That “Operational” stage of DNSSEC deployment will hopefully come soon, but that is something the TLD registries themselves have to start doing.  Please read our 5 Stages of DNSSEC Deployment page to understand where these TLDs are in the deployment cycle.

What this does mean is that there is one fewer barrier in the way for domain registrants who want to sign their domain under either .TN or .تونس. At some point soon they will hopefully be able to follow our information about how to sign your domain and upgrade the security of their domains.

Congratulations to the Agence Tunisienne d’Internet in Tunisia for making this happen!  It’s great to see ccTLDs throughout Africa starting to add the security of DNSSEC – we look forward to seeing the whole continent appear green on our maps!

P.S. Tunisian flag image courtesy of Wikipedia.

I love it when a Monday morning starts with getting two blog posts out before 10 am! :-)

I love it when a Monday morning starts with getting two blog posts out before 10 am! :-)

FIR #775 – 9/29/14 – For Immediate Release

Chats with Chip coming to the FIR Podcast Network; Quick News: Why we remember content with images and video, Yahoo kills Yahoo, KitKat's Bendgate tweet eclipses Oreo's Super Bowl win, Sobo is Vine for audio; Ragan promo; News That Fits: Say hello to Ello, Dan York's tech report, is Apple's reputation damaged?, Media Monitoring Minute from CustomScoop, listener comments, Igloo Software promo, Michael Netzley's Asia Report, the last week on the FIR Podcast Network; music from Tab Spencer; and more.

Yesterday I wrote a piece about “The Importance of The ‘Known’ Publishing Platform And The Rise Of The Indie Web” – at the end I

Yesterday I wrote a piece about "The Importance of The 'Known' Publishing Platform And The Rise Of The Indie Web" - at the end I also had a brief commentary on the difference between Known and Ello - http://www.disruptiveconversations.com/2014/09/the-importance-of-the-known-publishing-platform-and-the-rise-of-the-indie-web.html

3 Quick Tips About Getting Started With Ello

Ello smileAs I've started playing with Ello, the new social network that many early adopters are experimenting with (and you can find me at https://ello.co/danyork), I've learned a few things that I thought I'd share in case they can help others who are getting started:


Ello allows you to do some formatting to your text using a subset of John Gruber's Markdown syntax. It's not the full Markdown syntax, but a good bit of it. You can read more at:


You can see some of my Markdown experiments in an Ello post.


You can use a wide range of emoji in your Ello posts. You may want to bookmark:


To use an emoji you just type the text in your Ello post, for example ":smile:" will give you a smile. I've seen many different emoji being used in posts.


C.C. Chapman clued me in that while Ello doesn't have a "Like" or a "+1" (yet, anyway), apparently the convention has developed that people will leave you a "bread" emoji in a reply to say they like this. So if you suddenly see comments with bread emoticons, that's what is going on. To leave one yourself, just type ":bread:" in the comments.

(And I'd love it if someone on Ello could explain how that convention came about...)
UPDATE 28 Sep 2014: @brdr on Ello says the 'bread' emoji usage originated with German Ello users and spread throughout the network.

Those are just a few of the things I've discovered in my playing around with the site. If there are other tips you've learned, please feel free to leave them here as comments... or leave them in response to the link to this post on Ello.

If you found this post interesting or useful, please consider either:

The Importance of The ‘Known’ Publishing Platform And The Rise Of The Indie Web

Known logoHow do we retain control of our content? How can we make sure what we write and create online remains online? How do we make it so that we can post our content in one place and distribute it out to social networks? And the bring the conversations that happen out on social networks back into your own site?

In a time when Facebook, Google, Apple and others seem to be intent on owning and controlling all our data and content, how do we regain control over our presence online? How do we stop being the product?

These are questions of focus for the "IndieWeb" movement that are perhaps best stated by this text on the top of indiewebcamp.com:

Your content is yours
When you post something on the web, it should belong to you, not a corporation. Too many companies have gone out of business and lost all of their users’ data. By joining the IndieWeb, your content stays yours and in your control.

You are better connected
Your articles and status messages can go to all services, not just one, allowing you to engage with everyone. Even replies and likes on other services can come back to your site so they’re all in one place.

You are in control
You can post anything you want, in any format you want, with no one monitoring you. In addition, you share simple readable links such as example.com/ideas. These links are permanent and will always work.

As well as in greater detail on the IndieWeb principles page. A key point is what is called "POSSE":

POSSE = Publish (on your) Own Site, Syndicate Elsewhere

The idea being, again, that you own your own content and then share it out to the other services where people can engage with that content.

Another way to think of this is that the IndieWeb is distributed and decentralized ... kind of like the "Web" used to be before people increasingly started using centralized platforms such as Facebook and Google's properties.

The "IndieWeb" has been around for several years now, but this month it gained some momentum with the launch of Known, a new blogging platform built on IndieWeb principles. Mathew Ingram introduced it on GigaOm with:

The Known software is available in two forms:

And yes, this is very similar to WordPress with the hosted version at WordPress.com and the standalone version at WordPress.org. (And in fact, WordPress can support many of the IndieWeb principles through various plugins.)

One of the interesting aspects is that your instance of Known can use some of the IndieWeb protocols such as Webmention to communicate with other instances of Known - as well as other sites that support the IndieWeb protocols.

The Known software is also "responsive" so that it works well on mobile devices - and the entire code base is open source so that anyone can see what it is all about and modify or extend it. On For Immediate Release (FIR) Podcast #773 I devoted most of my report to talking about Known and the Indie Web - and Shel Holtz spoke at some length about the platform, too. And both Shel and I referenced Leo Laporte's This Week in Google 266 where he had Known co-founders Ben Werdmûller and Erin Jo Richey on as guests, as well as Kevin Marks. I would encourage you to listen to them all if you are interested in further discussion.

To me this issue of owning your own content is critical. Perhaps THE most critical question in many ways to me personally.

It goes back to the question of what kind of Internet do we want?

Do we want one in which we are in control - and have control of our own data and content? Or do we want an Internet where the content we create is locked inside of corporate walled gardens? (Even if those gardens let us display it to the world... we still may not be able to easily get it out.)

I don't know if I'll honestly keep using danyork.withknown.com in the long term, or whether I'll install the Known software directly on one of my servers... or whether I'll just look at making my WordPress installations play as nicely as possible with the IndieWeb protocols.

I'm certainly going to continue to experiment for some time... I've been watching the Github repo and their issue tracker and have been quite impressed with the ongoing work of the Known team.

The key point is that wherever I post my intent is that I will not be locked in to closed proprietary systems. Known and the IndieWeb are more tools that we have in our toolbox that let us retain our freedom and control!

P.S. If you want to give Known a try, visit the withknown.com hosted platform to get started! It's free and easy to sign up.

NOTE: Given that Ello has been getting quite a buzz in the last few days (and I can also be found there: ello.co/danyork ), it is worth pointing out the difference:

  • Known is an open source, freely-available blogging/publishing platform that you can either use in a hosted version or on your own site. You can publish your own status updates, blog posts and audio content - and share those posts out to social networks. Think of it as similar to WordPress.
  • Ello is a closed source (proprietary), invite-only (right now) social network where you can follow friends and share status updates, photos, links, etc. It currently has no APIs or method to export your data. Think of it as similar to Facebook.

That's the key difference - Known is a blogging platform while Ello is a social network.

If you found this post interesting or useful, please consider either:

CloudFlare Re-affirms Goal of DNSSEC Support By End of 2014

CloudFlare logoOver on ThreatPost, Dennis Fisher wrote about “Small Signs Of Progress On DNSSEC” reporting on a presentation by CloudFlare’s Nick Sullivan at the Virus Bulletin conference in Seattle this week.  The article didn’t go deeply into DNSSEC (as our tutorial pages do) but did have this point which is key to me:

Sullivan said CloudFlare, one of the larger DNS providers in the world, plans to deploy DNSSEC on its network by the end of the year.

To no surprise, this reaffirms what CloudFlare’s John Graham-Cumming stated back in June at the ICANN 50 DNSSEC Workshop in London where he presented a set of slides that are available for download.  From what Graham-Cumming said in London, the intent was to make DNSSEC available to customers with as simple a switch as CloudFlare has done today with IPv6.

I highlight this because the content distribution networks (CDNs), of which CloudFlare is an example, are one of the major stumbling blocks for many companies to be able to sign their domains with DNSSEC.  Typically this is because of either:

1. The CDN vendor is also providing the DNS hosting for the domain (so that they can use DNS for load balancing and distribution to CDN edge servers) and would therefore be the one to do the DNSSEC signing of the zone; or

2. The CDN vendor is hosting the website via a CNAME, with the issue then that the company can sign their domain, but when DNSSEC validation hits the CNAME it has to restart, and typically the site referenced in the CNAME will not be signed because it is hosted on the CDN.

As John Graham-Cumming presented in his slides, there definitely ARE challenges related to DNSSEC-signing for CDNs and vendors providing global load balancing.  BUT… we as an industry have to figure out solutions so that we can get domains signed that are hosted by CDN vendors.

We’re thrilled that CloudFlare is again indicating that they will enable DNSSEC by the end of 2014 to provide a higher level of trust and security for their customers. We’re looking forward to seeing the nice spike in signed domains that should come from CloudFlare doing this.  And… we do hope to see the other major CDN vendors offering this soon, too!  Working together we can make the DNS part of Internet communication that much more secure!

P.S. Want to get started with DNSSEC?  Visit our Start Here page to find resources targeted for your role or type of organization.

Tracking The Shellshock BASH Vulnerability – News, Tools and Links

shellshockWith all the attention today to the Shellshock vulnerability, I need a place to keep track of it for my own purposes.  If this page or list helps anyone else, that’s great, but this is primarily a tool for me to capture what’s going on.  I intend to be updating it regularly while this is all happening.  Suggestions are of course welcome in comments.

Note that I have links here to discussion threads on Hacker News.  The comment threads are often fully of incredibly useful information.

Security Advisories

Testing Tools

News about actual exploits

News about the Shellshock vulnerability in general