And that's great – but you should be careful that you don't end up using a logical fallacy to help you make your point.

What is a Logical Fallacy?

A logical fallacy is an error in reasoning that makes your argument less effective and convincing. And you want to be able to spot these fallacies in other people's arguments (and your own) so you can call them out or fix your own strategy.

There are two major types of logical fallacies, formal and informal.

In formal fallacies, there's a problem with how you structure your argument, and how you're making your points. You might be speaking the truth, but the logic breaks down because of the way you're putting your arguments together.

In informal fallacies, there's a problem with what you're saying, and the information might be incorrect or misleading.

In this article, we'll focus on these informal fallacies as they can be pretty common in everyday debate. And keep in mind that we're not talking about the effectiveness or persuasiveness of your argument, here – after all, fallacious arguments can be very persuasive.

Instead, it's all about giving you the tools to identify these weak arguments so you don't make these mistakes in your reasoning.

List of Logical Fallacies with Examples

In this article, we'll look at the most common informal fallacies so you can learn to identify them and avoid them.

The Sunk Cost Fallacy – Definition and Example

Have you ever finished a task (that you really didn't want to complete) simply because you'd put so much time and effort in already? You probably felt like you didn't want all that hard work to go to waste, or to be for nothing.

You were likely falling prey to the sunk cost fallacy. It states that it's actually better to abandon a project that's going nowhere (at any point) rather than waste any more time, energy, and resources trying to finish it for the sole purpose of finishing it.

The reason for this might seem counterintuitive, but think about it: rather than spend another minute of your precious time doing something that isn't going anywhere, it's better to switch gears ASAP (before you spend any more time) and start putting your energy into something productive.

Example of a Sunk Cost Fallacy

Let's say that you've decided to write a book. You spend hours and hours doing research, making an outline, and writing the first 10 chapters. You've put months if not years of your life into writing this book.

But then perhaps your interests change, or you no longer wish to be an author. You might think you should finish the book because you're so close or because you've already spent so much time and energy on it.

Instead, though, you should leave that project behind and focus on what's ahead. Maybe you're trying to get a new job, or learn a new skill, or move to a new city. Any of these current and relevant initiatives would suffer if you continued to work on your unsuccessful book project.

So how do you distinguish between this sunk cost fallacy and persevering until you finish something difficult? Well, it helps to think about whether the experience will benefit you in the long run – in which case, it would be helpful to see it through.

For example, let's say you've done three years of a four year degree program at a college or university. But your interests have changed, and you want to pursue something that doesn't require that degree.

Still, it might make sense to finish the program, as a college degree typically only helps you in future career moves – not to mention the life experience you'll gain in the process.

The Ad Hominem Fallacy – Definition and Example

Ad hominem means "against the person" in Latin. So the ad hominem fallacy happens when you attack a person's character, appearance, personality, or other irrelevant aspects in an argument instead of attacking what they're saying.

These types of attacks are fallacious because they're not relevant to the argument, and so they distract from the point at hand. It doesn't really matter if you think your mom is being a jerk – she's still right that you shouldn't speed while driving.

Example of an Ad Hominem Fallacy

Many people associate ad hominem fallacies with political debates. Unfortunately, some candidates don't seem to be able to help themselves.

What if Candidate A said that you shouldn't trust Candidate B because Candidate B doesn't dress well? There's no established link (that I know of!) connecting a "good dresser" with trustworthiness or good political decision-making, so this would be an ad hominem fallacy.

Or what about when Candidate A insults Candidate B for being too nerdy, or not cool enough? These qualities, first of all, are subjective, and second, they shouldn't affect Candidate B's ability to govern effectively.

On the other hand, sometimes people just deliver insults that aren't actually logical fallacies because they aren't part of the argument. For example, if you were to say that all New Yorkers are rude and unfriendly (but you aren't trying to make a point), that's just an (untrue) insult and not a fallacy.

So when you're debating someone, leave their personal characteristics out of it unless they're relevant to your point.

The Straw Man Fallacy – Definition and Example

When you hear the term "straw man", what comes to mind? Probably a figure of a person made of straw, like a scarecrow, or something else insubstantial. That straw figure isn't too solid, and you could just knock it over with a little push or a strong gust of wind.

The same holds true for straw man fallacies – they represent weaker arguments that are oversimplified or that distract from the main point the debater is trying to make.

So instead of responding to someone with a well-reasoned, to-the-point counterargument, someone using a straw man might reframe that person's argument in a vastly oversimplified way, or might latch on to an irrelevant point that's tangentially related and go after that. Basically, they create a "straw man" in place of a real argument.

Example of a Straw Man Fallacy

Perhaps you're discussing education with someone who believes that for-profit colleges are harmful to the broader educational system because they take advantage of their students, don't provide them high-quality education, and waste students' money.

Instead of responding with appropriate counterpoints (such as concrete examples of for-profit colleges who benefit their students), you try to undermine the person's argument by saying "See, they're against higher education and don't think people should go to college!"

In fact, the person has a much more nuanced claim, but you've ignored it and constructed a vague straw man fallacy in response.

Or maybe you're trying to figure out a solution to the number of people living without homes in your area. You might suggest setting up temporary (or permanent) tiny homes for houseless individuals, allocating resources for trash cleanup, and providing medical care during the pandemic.

Your opponent, however, might misconstrue your argument and insist that you're trying to welcome the homeless community to your area by providing so many benefits for them.

The False Dilemma Fallacy (AKA The False Dichotomy Fallacy) – Definition and Example

Have you ever argued with someone and they only give you two options when you feel like there are many more? Chances are they were falling into the trap of the false dichotomy.

Using a false dichotomy or false dilemma in an argument means that you oversimplify your argument or only focus on two outcomes when in fact there are other reasonable possibilities.

This strategy tries to hide important facts and considerations and tries to trick your opponent into thinking the argument is more cut and dry or simpler than it really is.

Example of a False Dilemma Fallacy

Let's say that you're still working on finding homes for houseless people in your community. You might suggest a range of housing options, such as tiny houses, community living, repurposing empty apartment buildings, and so on.

You could also offer to relocate people who wished to leave your area, or you could help them find jobs so they could afford their own home eventually.

Someone opposed to your efforts might say that houseless people either need to get a job so they can afford their own place or leave town. And they wouldn't offer any of the other options you explored.

To someone uninformed about the crisis of homelessness in your area, those two options might sound reasonable. But to someone who had studied the issue extensively, it would be clear that those extremes weren't the only options.

How about another example?

Maybe you're at a political debate and one of the candidates asserts that you're either a Democrat or you're a Republican in an effort to make some point.

In reality, though, this likely wouldn't be the case. Certain people in attendance could be Libertarians, for example – but the politician didn't include that as an option.

So keep in mind, when you're making an argument, that there are likely many nuances that relate to your point. Don't ignore them – simply take them into account and build them into your argument.

Do keep in mind, though, that some arguments really only do have two viable options – so they wouldn't represent false dichotomies. For example, if a General says "Either you're with us or you're against us" during a war, those are the two main options.

The Slippery Slope Fallacy – Definition and Example

The slippery slope fallacy refers to arguments that get increasingly dramatic and out of hand very quickly. Especially when the ever-more-dramatic conclusions aren't realistic or likely to happen.

These types of arguments are often made when someone wants to emphasize how drastically bad an outcome would be.

Perhaps a better name for this fallacy, though, would be the Domino Effect – one thing might lead to another which might lead to another which might...and so on. The problem with these assumptions is that they're all hypothetical, which makes your overall claim very weak.

Example of a Slippery Slope Fallacy

Perhaps your teenager wants to buy themselves a truck. They've been saving up, and they have the money. But you don't want them to drive a truck, for any number of reasons – perhaps you're worried about gas mileage, or parking in a city, or that they'll take it off-roading and get hurt.

Now, these are all fairly reasonable arguments as to why you wouldn't want your kid driving a truck, and they could easily result from that purchase.

But what if, instead of these sensible arguments, you let your emotions get away with you and instead said "You can't get a truck because then all your friends will want trucks and their whole families will then get trucks which they'll start driving all over the place and over-polluting the earth!"

You can see how that escalated quickly, right? And even though the arguer has a point about emissions in general here, it's probably not a realistic outcome of this situation (and it's probably not an effective argument to use to convince your teen not to buy a truck).

The Circular Reasoning Fallacy – Definition and Example

Have you ever noticed someone arguing in a way that they seem to go around in a circle? It might seem like they're making an argument, but they'll use their conclusion to justify their argument, and their argument to justify their conclusion.

If this sounds confusing, that's because it is. When someone says something like "This tee-shirt is wet because it's covered in water," they're making a fallacious argument. In fact, the tee-shirt is wet because you fell in a lake, for example.

In this case, someone saying something's wet because it's covered in water is just stating the obvious. They're not offering an explanation for why it's that way.

You can often recognize a circular argument when the conclusion – the thing the person is arguing in favor of (or against) – is also one of the premises (or arguments) they're using to justify their assertion (it's wet because of water, which is wet). In other words, if this is true because that is true, that is true because this is true.

Example of a Circular Reasoning Fallacy

So here's another example: you say that your friend Jessie lies all the time, and you know this because they never tell the truth. But your argument (that Jessie lies all the time) and your premise (because they never tell the truth) are the same thing. That means that this is a circular argument.

Here's another way to think about it: if your argument's premises assume that your conclusion is true right from the beginning, rather than proving or finding that it's true, you're arguing in a circle. Just remember: if your argument is defined in terms of itself, it is probably fallacious.

And if you want to know why it's sometimes called "Begging the Question," you can read all about it here. (Hint: it's a mistranslation of 16th century Latin that was actually a mistranslation of the ancient Greek phrase...fascinating.)

The Equivocation Fallacy – Definition and Example

Equivocation means that you're taking a word or phrase and changing its meaning slightly so that it means something else. Or you're using one word or phrase instead of another to hide the true meaning of what you're saying.

In other words, you're being ambiguous with your language. If something is ambiguous, it means that you can interpret it in more than one way or that it has two meanings. This is exactly what happens in an equivocation fallacy.

The word "equivocation" comes from the Latin for "equal voice" – meaning that it appears that what you're saying means one thing but it really means or can also mean something else.

The important thing to remember about equivocation fallacies is that they attempt to deceive in some way.

You might jokingly use ambiguity in a story, play, or playful conversation – but you're not really trying to convince your listener of something serious (or it's clear that you're being tricky or silly).

But when you use equivocation in a serious debate, political campaign, advertisement, or something similar, that's when it's more malicious and fallacious.

Example of an Equivocation Fallacy

So how do you tell the difference? Be mindful of the setting in which you use ambiguous language, or you see it being used.

Here's a simple example: "Nine out of ten dentists recommend Colgate toothpaste." First of all, what does "recommend" mean here? This could be misleading – do they really specifically recommend Colgate, or do they just recommend that you brush your teeth in general?

How about another example? What if you break up with someone, and they ask you never to drive by their house again. So you walk by – but you justify it by saying that you didn't drive by. You walked.

Clearly your ex meant that they didn't want you going by their house in any way, but you used the ambiguity of the situation to tweak their words and do it anyway.

The Post Hoc Fallacy – Definition and Example

You might have heard the phrase "post hoc ergo propter hoc" before, even if you've never studied Latin.

This Latin phrase translates to "After this, therefore because of this." Now that might sound like a jumble of conjunctions and such, but it basically means that if event B happened after event A, that must mean that event A caused event B.

Post hoc ergo propter hoc → (B is) After this (A), therefore (B is) because of this (A).

This fallacy says that because one thing happened after another, it means that the first thing caused the second thing happen. The argument is a fallacy when someone asserts something based purely on the order that things happened. This means they're not taking into account other factors that affected or caused the event to happen.

If this sounds a bit familiar to you, it means you might have thought about correlation vs causation before. The post hoc fallacy is related, but is more focused on the order of events (and their relationship).

Example of a Post Hoc Fallacy

Let's look at an example to help decipher what's going on in this type of fallacious argument.

Maybe there was an earthquake during which a building fell down. That's a pretty clear example of causality – the earthquake (event A) caused the building to fall down (event B).

But what if, after that same earthquake, a lot of people moved away from the city? Now, some of them might have moved because the earthquake was the last straw. But many might have fled because of rising housing costs, pollution, over-crowding, poor infrastructure, poor schools, or a bunch of other factors.

In other words, the earthquake likely wasn't the only direct cause of people moving away.

So anyone who argued "Look, people are moving out of the city because of the earthquake!" and didn't account for all these other likely causes was making a fallacious argument.

Here's another example: perhaps you're searching for a job, and you're not having any luck. But then someone gives you a good luck charm, and after a few more applications, you get a job.

You might be tempted to think that the good luck charm got you the job. But what's more probable is that you put a lot of effort into your applications, you studied really hard for your interviews, and you found your perfect company fit.

The Appeal to Authority Fallacy (AKA Argumentum ad Verecundium Fallacy) – Definition and Example

When you're gathering evidence to support your conclusion, you'll likely want to cite some experts. They've done research on the subject and know a lot about it, so it makes sense to use their knowledge and opinions to support your own arguments.

But be careful – if you don't use those expert's information correctly, or if you assume they're always right because they're experts, you could be falling prey to the appeal to authority fallacy.

An appeal to authority fallacy is easy to commit, but can be hard to recognize. This is because of the weight we all give to "authorities" in various subjects.

When you're engaging in an appeal to authority fallacy, you're likely either misusing someone's authority, citing an irrelevant authority, or citing a poor authority.

Let's see what these look like with some examples.

Example of an Appeal to Authority Fallacy

Let's say your mom's a lawyer and you seek her advice about a particular legal problem you have. If she practices that type of law and has experience with the problem you're having, you can likely cite her authoritative opinion with confidence.

But if you're arguing with your mom about the best way to save the sea turtles, and she asserts that she knows best because she's an intelligent person, she's using her own authority in a fallacious way (and with little to no justification).

Here's another example. Perhaps you watch a lot of Greenbay Packers football, and Aaron Rogers is your favorite quarterback. You happen to see a State Farm insurance commercial where Aaron endorses State Farm's services. You might think, "Well, I like Aaron Rogers, and he recommends State Farm, so it must be great insurance!"

While State Farm might be great insurance, Aaron Rogers doesn't have the authority to say so. He's an authority on being a great quarterback, but not on the quality or efficacy of insurance. So this is an example of an irrelevant appeal to authority.

So, when you're searching for evidence to back your claim, just remember – authorities aren't the only sources you should cite.

And you shouldn't just expect people to trust what those experts say with no evidence. After all, even the experts can be wrong, and just because they know a lot about one thing doesn't mean they know a lot about everything.

The Appeal to Ignorance Fallacy – Definition and Example

No one knows everything – it's just a fact of being human. We're all still learning, and while some might know more than others, we'll all be ignorant about certain things.

With that in mind, it's pretty easy to see why the appeal to ignorance fallacy is so common and so useless.

When you say something like "Well, no one's ever seen Nessie (the Loch Ness Monster) before, so they can't prove that she's real", you're making an appeal to ignorance. Why? Because no one knows whether she exists or not – because they've never seen her!

But the clearest way you can tell this is an appeal to ignorance fallacy is that you can turn it right around, and it still seems to make sense: "Well, no one's ever seen Nessie before, so they can't prove that she's not real!"

Either way, in both these claims, you're making an assertion based on something no one knows (the ignorance bit). Because no one knows it, you shouldn't use it in an argument.

Example of an Appeal to Ignorance Fallacy

Let's look at another example of an appeal to ignorance fallacy in action.

Perhaps you're an archaeologist who's studying an ancient civilization that lived around 2000 years ago. You study any remaining stone structures, pottery, tools, jewelry, and anything else they left behind.

You try to piece together what life would've looked like for these people based on their artifacts, where they lived, nearby societies, and so on. But you have no written evidence that tells you anything more. No one has found any inscriptions, written documents, or anything else with writing on it.

It would be tempting to assert that, since no one has ever found any evidence of writing, this society didn't have a written language. "We've never found documents or inscriptions, so they must not have written their language down."

But you could also assert that, even though no one has found those documents yet, they still might be out there and just haven't been excavated and discovered yet.

This argument is an appeal to ignorance, because you don't know something/haven't seen any evidence of something, but you're using it to support your argument (that the society doesn't have a written language) all the same.

The Appeal to Popular Opinion Fallacy (AKA Bandwagon Fallacy or Ad Populum Fallacy) – Definition and Example

Have you ever heard the expression "jumping on the bandwagon"? It refers to someone changing their opinion or developing an opinion just because a bunch of people hold that same opinion.

There's not necessarily good evidence for that opinion, but people hold it anyway – maybe because it's been believed for a long time, or just because of the sheer number of people who believe it. But even though many people believe this thing, it may be factually incorrect or misleading.

This is a form of the appeal to popular opinion fallacy. You argue that something is true, good, or right just because a large number of people (or some popular or influential person or people) are doing it or believe it.

What's wrong with that? If everybody's doing it, it must be good – right? Well, not necessarily. People aren't always completely rational and don't always think things through. Think of the term "mob mentality". What does that conjure up? Probably a bunch of people causing chaos – in other words, not a good thing.

So before you say something like "Well everyone believes this, so it must be true", think again. Because this isn't a case of "strength in numbers" – an ad populum fallacy results from a lot of people believing incorrect or misleading information.

Example of an Appeal to Popular Opinion Fallacy

What if your young teenager comes to you and wants to get a tattoo. They argue that all their high school friends are doing it because some celebrity just got this new tattoo.

Now, whatever your feelings about tattoos, this is a logical fallacy. Just because everyone's getting this tattoo doesn't mean it's the right choice for your kid. Maybe they haven't thought it through, or maybe they can't handle serious pain/needles, or maybe they will change their mind in a few years and regret such a permanent choice.

Also, everyone has different reasons for getting tattoos. Some do it to commemorate someone or something, some do it for the beauty of the art, some do it while intoxicated on vacation, and so on. But if a group of young teenagers is getting a tattoo on a whim to copy a celebrity, perhaps that's something you want your kid to think about more carefully.

So your kid arguing that "all my friends are doing it, so it's cool" doesn't take that into account. They'd need to think about getting a tattoo for their own reasons, and justify it to you that way.

Here's another example: you're FaceTiming with your family, and it's an election year. Most of your family belongs to one political party, but you belong to another.

Your mom starts trying to convince you to vote like they do – "The whole family votes this way! And we've been voting this way forever! Come on, you should be like your family and support the same candidate/things we do."

While it's understandable that your mom would want your political beliefs to align with hers, she's making a fallacious argument here. Just because they've always voted that way doesn't make it right.

She shouldn't say you should vote like she does because "that's what the family's always done/it's what they all do now". She should point out the benefits of her candidate, how they could help you out, why their policies are fair, and so on – and then let you decide for yourself.

The Hasty Generalization Fallacy – Definition and Example

People make generalizations all the time (that, right there, was a generalization!). And sometimes this is ok. If you're just stating something that's generally true, like "I like to cook" or "Puppies are cute", there's typically no harm in that.

The problem arises, though, when someone uses a generalization a bit too zealously in an argument without sufficient evidence. These types of "hasty" generalizations can fall into stereotyping, racism, falsehood, exaggeration, and more.

Often someone makes such a generalization when they're basing their opinion or argument off of the behavior or characteristics of just a few members of a group. This often means they're not taking the behavior of the whole group into consideration.

So why are these generalizations bad? Aside from lacking evidence and being based on problematic premises, people often assert hasty generalizations as if they were 100% true all the time. Which, of course, very few likely are.

If you want to avoid making hasty generalizations, you can use certain qualifiers when you make a generalization – like "Sometimes", "Often", "We often see", or "It may be the case that...". Those types of words and phrases let your listener know that you're not arguing that this thing is true across the board for everyone. It's just a general trend you've noticed.

Example of a Hasty Generalization Fallacy

Hasty generalizations are quite common, as people use generalizations all the time in regular conversation. And again, many generalizations don't hurt anyone. But let's look at some examples of bad generalizations.

If you say "People in the southern part of the US are so conservative and close-minded. I really can't stand how all they care about is football and BBQ", you're using a hasty generalization (a couple, actually).

While it's true that some people in the south have these characteristics, it's not true for everyone living in that region. And by making those assertions, you're perpetuating stereotypes that are likely overblown and miss a lot of nuance about southern American's characters and beliefs.

Here's another example: let's say you're having a fight with your significant other and you say, "You always pick fights with me!", you're likely exaggerating and making a hasty generalization. Unless it's literally true that they are always the one to start the fight, you're probably getting carried away in the heat of the moment.

One way to save yourself from making a hasty generalization in this case would be to say something like "You pick fights with me a lot" or "You often pick fights with me."

The Tu Quoque Fallacy (AKA Appeal to Hypocrisy Fallacy) – Definition and Example

Tu quoque in Latin means "You, too". And when you attempt to distract from your own guilt by calling out someone else's similar guilt, you're committing this fallacy.

The name makes sense – it's like you're saying "Well I may have done this, but you did it, too!" Now, think about that. Just because someone else did something similar to (or the same as) what you did, it doesn't make you any less guilty. You've still committed whatever crime or done whatever bad thing you've done.

This is also called an "appeal to hypocrisy" fallacy, because the person making the argument (let's call them Person A) often calls out the fact that someone else (Person B) did something similar to what they did. Person A argues that they may have messed up, but Person B did the same thing so should be punished. Person A is being a hypocrite because they're trying to escape the blame they'd like to assign to Person B.

It's tempting to use this type of argument, because people are always looking to shift the blame from themselves to others. It's especially enticing when that other person is not blameless and therefore seems to deserve some share of the guilt.

But this isn't an effective argument strategy because, while distracting, a tu quoque argument doesn't actually prove you innocent. It just draws attention (falsely) away from the issue at hand, which is your misdeed.

One thing to remember about tu quoque fallacies is that the information the person making the argument cites is typically irrelevant to the case at hand. Just because Person B is guilty also, doesn't mean Person A is any less guilty. So that accusation that Person A makes is irrelevant to their case.

Example of a Tu Quoque Fallacy

Let's go back to our teenager. Perhaps they've been caught skipping school, and their parents want to ground them for a week. The teenager might argue, "Yeah I skipped third and fourth periods, but Marta did, too!"

While it's not great that Marta skipped class as well, it doesn't really make that teen any less guilty of skipping school. They just knew someone who did the same thing, and are trying to justify what they did by bringing up Marta's transgression as well. But it doesn't mean that they skipped any less school.

Here's another example: perhaps your friend caught you cheating on a test, and threatened to turn you into the teacher. But you saw them cheat in another class last year, so you say "I may have cheated today, but you cheated on that math test last year, too!"

Again, their cheating a year ago doesn't make you any less guilty right now. While it might feel good to say, "You did that, too, so how could you think I should be punished for it!", it's not really a strong or relevant argument to make.

Instead of resorting to this type of argument, make sure you take responsibility for your actions and keep your points relevant to the issue at hand. Don't think you can get away with something just by calling out someone else's hypocrisy. It's likely not going to help your case.

The Loaded Question Fallacy – Example and Definition

When you ask a question that intends to reinforce your position and undermine someone else's, you could be asking a loaded question. These questions are helpful to you but harmful to the person you're asking, and may skew the opinion of anyone listening in your favor, perhaps unfairly.

Instead of asking a straightforward question that attempts to get more or new information, a loaded question often includes an accusation (or a confirmation of an accusation) – an oft-quoted example is "Are you still beating your wife?"

In this question, you're referencing an accusation – that the person beat their wife – without directly accusing them of doing it currently. But by including it in the question, you're turning listeners' minds to the fact that this person did, at one point, beat their wife. So either way, they'll appear guilty.

Example of a Loaded Question Fallacy

Let's look at some more examples of loaded questions, and why they're fallacies.

Perhaps you're at a rally in support of clean energy, and a rep from Exxon is there. If you're not old enough to remember, Exxon had a horrific oil spill in Alaska in 1989 that devastated 1300 miles of coastline and released over 10 million gallons of oil into the ocean.

You might call out that rep and loudly ask them if their company is still polluting the world's pristine oceans and killing millions of sea creatures.

Whatever your feelings about Exxon or environmental justice, it's not fair to set the company up like that for those listening. Your question is heavily loaded, and doesn't give them a shot at convincing others of their current position, whatever it might be. You're making your argument by essentially biasing the crowd against them from the start.

Here's another example: what if a company hires formerly incarcerated people, and you find out that one of them was a bank robber. If you asked their employer "You're really gonna let a thief handle your products?" you're creating a negative bias against them.

It's not necessary to refer to them as a thief or allude to their past as a bank robber. By doing so, you're only creating prejudicial feelings against them that may not be relevant or meaningful at this point in time.

So just remember – when you're asking questions to try to prove your point, keep them relevant, unbiased, and focused on the issue at hand.

The Red Herring Fallacy – Definition and Example

You might wonder where the term "red herring" comes from. It's a bit of an odd name for a fallacy, don't you think?

Well, there has been some debate about this in the past but most sources agree that a red herring signifies a distraction or something meant to mislead someone.

Fun fact before we continue: there's not actually a species of herring called a red herring. A "red herring" refers to a herring that's been brined and smoked until it becomes extremely pungent and turns a bright red color.

So these red herrings were used as training aids for animals because of their strong smell (to attempt to lead them in a certain direction).

Anyway, back to our fallacy: if you make an argument with the intention of distracting from the real issue at hand, it might be a red herring. Also, if you drop some seemingly related bit of info into a conversation or debate that leads your listener down the wrong path, that's also a red herring.

Ultimately, a red herring argument distracts or leads your listener away from the crux of the issue so that they get off course or off topic.

Example of a Red Herring Fallacy

Remember, a red herring basically a diversionary tactic in an argument. It's meant to lead the listener away from the main point of the conversation.

Suppose you're arguing with someone who is in favor of a dam that's being constructed in a beautiful river. You bring up the environmental impact that said dam will have, and how devastating it'll be to the surrounding natural habitat.

Your opponent might say something like "Yes it will destroy the habitat for many fish and other river animals, but if we don't build the dam it'll take jobs away from so many people who would've worked on it."

Now, this person has just used a red herring fallacy to try to distract from the environmental impact of such a dam. Instead of arguing for the benefits of the dam itself, and arguing against the environmental impact, they're dropping in a red herring – the potential impact on the workers who would've been hired to build the dam.

While that itself is a whole separate issue, it doesn't deal with or respond to the issue at hand, which is what happens to the natural environment when the dam goes in.

How to Avoid Logical Fallacies in Your Arguments

We've just discussed a whole bunch of logical fallacies, and you might be thinking – how can I make any arguments at all without saying something fallacious?

It's not always easy, as some of these fallacies are very tempting and easy to fall into. But as long as you stick to the point, don't try to deceive your listener, cite relevant evidence from relevant sources, and avoid any derogatory or misleading language, you should be ok.

Good luck, and happy debating!

I believe in Net Neutrality, and I wrote a brief email to the Federal Communication Commission on why access to broadband has shaped my design career. Here’s what my email said:

Hello, my name is Lukasz Lysakowski, a designer living and working in San Francisco. I support Net Neutrality as internet access has allowed me to create a career. I am a designer of online apps, products, and websites.

I started my education as a Bachelor of Arts major in the field of media productions at the University of North Carolina at Greensboro. At UNC-G I had the opportunity to take design classes in the new digital Media & Design program. Digital design and the internet were in their infancy.

Tied in with the design program was the introduction to the high-speed internet. No more dial-up services, BBS boards, and AOL, this was broadband. For me the access to a high-speed internet and web was revolutionary. I quickly learned how to build and design websites. At that point the best way to learn how to make sites was to use a browser’s “view-source” feature. “View-source” was also an original feature as it allowed any user to view and copy the underlying code of any website. I was able to take the site code without any hindrance and modify it to learn how to create my own work.

This access to a fast network and the underlying code behind any website allowed me to build the my foundation as an online designer. Of course, I was in a privileged position as I had access to a high-speed internet at an American University system.

After I graduated from UNC-G, I was able to jump into the field of web design at the start of the dot-com boom. The commercial web at that time was free-form without frameworks, rules, and systems. Designers and developers were hired to experiment and figure out the web. The internet quickly evolved, and it became accessible to the general public. Online browsing and interaction became part of the daily fabric of commerce, news, and entertainment.

For the web to be accessible for general use, it also had to standardize its form and function. Luckily, The Web Standards Project (WaSP) was a community of designers and developers that persuaded Microsoft and Netscape to upgrade their browsers to support W3C web standards. W3C standards compose the code of websites. These standards are set by a committee of companies, organizations, and individuals that promote equal web standard. WasP also demonstrated that passionate individuals can push the web to be developed to be formed on a free and open standard.

As a designer practicing for many years, I took part in the push of the web from a medium defined of static marketing static web pages to a dynamic online software platform. This same evolution of the internet also gave rise to the startup.

Technology startups accelerated the expansion of computation into all aspects of daily life and commerce by being free to experiment with new ideas. Startups have also benefited by having equal access to the internet. Startups are free to concentrate on the execution while not being worried about if they were going to be unfairly penalized by delivery.

We are still in the infancy of the web. We are just starting to see AR, VR, and mixed-reality take off. This field plus many other new technology fields will need access to even fast(er) networks and more data delivery. Incumbent technology companies plus startups will be racing with each other to develop the new ideas. Startups to challenge and progress the status quo will need the critical access to an equal and fair playing field.

In short: Net neutrality is vital to making sure that we maintain equal and fair access to all Americans to knowledge and information on the internet. Net neutrality supports America’s entrepreneurs and is vital to accelerating our economy to the next level of growth.

If you read this post and feel inspired, please email the FCC Commissioners at:

Ajit Pai, Chairman
Ajit.Pai@fcc.gov

Mignon Clyburn, Commissioner
Mignon.Clyburn@fcc.gov

Michael O’Rielly, Commissioner
Mike.O’Rielly@fcc.gov

Brendan Carr, Commissioner
Brendan.Carr@fcc.gov

Jessica Rosenworcel, Commissioner
Jessica.Rosenworcel@fcc.gov

Fight for the Future is a great starting point to learn how to champion Net Neutrality.

Fight for the Future, defending our basic rights and freedoms
_Fight for the Future is dedicated to protecting and expanding the Internet's transformative power in our lives by…_www.fightforthefuture.org

FCC Commissioner Clyburn has put together a fact sheet summarizing how Net Neutrality benefits consumers and businesses alike.

As the European Union General Data Protection Regulations (GDPR) looms, a privacy stripping email setting continues in widespread use around the world. It threatens sensitive communications that containing personally-identifiable information, intellectual property, financial information, and your most intimate photos.

You might log in to an email account to use it, but that doesn’t mean your messages are sent securely. Contrary to the assumption of privacy a username and password may provide, by default, emails are sent unencrypted unless explicitly or opportunistically secured. Email technology standards were written in a more innocent time before severe concerns about confidentiality.

Email privacy became a significant concern to the EU public after the Prism disclosures. Suddenly, the non-technical IT world began to understand how damaging lack of email encryption could be. After the Snowden revelations, providers like Gmail, Hotmail, private companies and many others decided to try and secure email communications.

Configuring explicit security is not easy. It requires overhead and certificate management.

Opportunistic security can help fill the gap. Encrypt email wherever possible, opportunistically, with a setting called Start-TLS. This opportunistically scrambles email contents to prevent eavesdropping. The setting, called Start-TLS, can provide a basic level or retain privacy protection. It’s not a guarantee, but helpful, similar to the HTTPS Encrypt Everywhere movement.

On the flip side, is a configuration which does the opposite, Strip-Start TLS. This email server setting removes any opportunistic encryption on emails, stripping them, baring the contents of the conversation.

Why is this important?

Back in 2014, the EFF reviewed an engineer’s blog post from Golden Frog VPN describing the problem. The engineer could no longer send and receive encrypted emails to a customer because an ISP provider applied the Strip Start-TLS setting. Leaving communications bare to eavesdropping. Anyone, hacking tool, criminal, spy agency could potentially read the emails.

From Wikipedia “ Opportunistic TLS is an opportunistic encryption mechanism. Because the initial handshake takes place in plain text, an attacker in control of the network can modify the server messages via a man-in-the-middle attack to make it appear that TLS is unavailable (called a STRIPTLS attack). Most SMTP clients will then send the email and possibly passwords in plain text, often with no notification to the user. In particular, many SMTP connections occur between mail servers, where user notification is not practical.”

If anyone doubts how valuable email communications are, or if such all you can eat buffet programs like Prism exist. While crafting an OSINT hacking crash course for Security BSides LV 2017, four NSA Prism related subdomains popped up using a web-based reconnaissance tool.

Figure 1 Highlighted list of NSA subdomains listing Prism July 2017

Have things changed much in the last few years? Sadly, a resounding no.

Even with existing data protection laws across Europe, the USA, other concerned countries, the Strip Start TLS configuration is in widespread use.

Use of the setting without notification could be contrary to the EU-US data privacy shield. Multiple USA based EU partners under new EU-US Privacy Shield agreements use strip opportunistic email encryption.

The disturbing email anti-privacy setting can be easily found. Using Censys.io tags, and two Python-based tools: ZMAP and StripTLS.

Censys.io is a web-based security researcher project, operated by the University of Michigan and based on ZMAP. A simple search yielded 11,641 in a few seconds, displaying many ISPs and email providers using the Strip Start-TLS tag. The tag is applied to a device based on metadata, technology in use and communications behavior.

Figure 2 Censys.io Strip Start-TLS global scan 10 November 2017

The USA returns the highest percentage of stripping systems on the internet — over six times the amount of China.

There is a confusing patchwork of data privacy laws at the federal and state level in the USA. However, the federal Health Insurance Portability and Accountability Act (HIPAA) broadly covers medial data privacy via a privacy and security rule.

Second on the list is the UK, with other European countries close by its side.

Figure 3 Censys.io Strip Start-TLS top country report 10 November 2017

Focusing on the European content, over three-thousand email stripping servers are found, resulting in too many data points to fit on the map.

Removing Russia from the list, and looking at EU GDPR locations only, the top five are: the UK, France, Italy, Germany and the Netherlands.

Some of these areas have existing data protection laws, which cover email and legislate against the widespread collection of data and communications.

Figure 4 Censys.io Strip Start-TLS European scan 10 November 2017

Figure 5 Censys.io Strip Start-TLS top European country report 10 November 2017

The UK implemented their version of data privacy regulations, complete with major fining power. Violators risk possible financial penalties.

Hidden behind the UK ISPs and data centre providers are banks, financial institutions like Rabobank and Santander, travel agency. Government councils, hosting, and other internet service providers like 1stdomains.co.uk and 1stdnsltd.co.uk.

Figure 6 Censys.io Strip Start-TLS top UK network providers report 10 November 2017

BT on the other hand, appears to own and host several stripping systems, like the Thailand government.

Most of the ISPs in the list own and host email security stripping systems. Many ISPs in France, Germany and Italy own email stripping systems.

Figure 7 Censys.io Strip Start TLS UK BT owned systems 15 November 2017

Figure 8 Censys.io Strip Start-TLS Thailand government telecommunications systems 15 November 2017

Currently, I use the Netherlands as a base of operations. Zooming on the Dutch findings, 174 systems, some operated by ISPs, web hosting providers and private organizations around the country.

Figure 9 Censys.io Strip Start-TLS top NL network providers report 10 November 2017

Similar to Thailand and other top EU countries on the tag list, most of the ISPs appear to own and host autonomous systems which strip opportunistic email encryption. KPN has several assets combined with a peering policy which stipulates data peers with KPN must also peer traffic to the USA wherever possible.

Figure 10 Censys.io Strip Start TLS NL KPN Static owned systems 15 November 2017

One of the pillars of the EU GDPR is consent and awareness of what is occurring with data. Encryption appears to be going backwards, not forwards. The surprising amount of these privacy stripping email systems on European networks, ISPs, web hosting, private organizations and internet network transits is disturbing to the privacy-conscious.

Most people are unaware email security can be downgraded, or previously secured emails exposed. Until EU data regulators gain awareness and clamp down on the illegitimate usage of Strip Start-TLS. The EU GDPR is impossible to implement if downgrading privacy and security across the EU is actively defeated broadly across the European internet.

Here are some references and tools I used in this article:

• Censys.io
• StripTLS python tool by tintinweb
• ZMAP.io

A few weeks ago, I published what I thought at the time was a fairly innocuous article: How I replicated an $86 million project in 57 lines of code.

I’ll admit — it was a rather click-bait claim. I was essentially saying that I’d reproduced the same license plate scanning and validating technology that the police in Victoria, Australia had just paid $86 million for.

Since then, the reactions have been overwhelming. My article received over 100,000 hits in the first day, and at last glance sits somewhere around 450,000. I’ve been invited to speak on local radio talk shows and at a conference in California. I think someone may have misread Victoria, AU as Victoria, BC.

Although I politely declined these offers, I have met for coffee with various local developers and big name firms alike. It’s been incredibly exciting.

Most readers saw it for what it was: a proof of concept to spark discussion about the use of open source technology, government spending, and one man’s desire to build cool stuff from his couch.

Pedants have pointed out the lack of training, support, and usual enterprise IT cost padders, but it’s not worth anyone’s time exploring these. I’d rather spend this post looking at my results and how others can go about shoring up their own accuracy.

Before we get too deep into the results, I’d like to go over one thing that I feel was lost in the original post. The concept for this project started completely separate from the $86 million BlueNet project. It was by no means an attempt to knock it off.

It started with the nagging thought that since OpenCV exists and the VicRoads website has license plate checks, there must be a way to combine the two or use something better.

It was only when I began my write-up that I stumbled upon BlueNet. While discovering BlueNet and its price tag gave me a great editorial angle, with the code already written. There were bound to be some inconsistencies between the projects.

I also believe part of the reason this blew up was the convenient timing of a report on wasteful government IT spending in Australia. The Federal Government’s IT bill has shot up from $5.9 billion to $10 billion, and it delivered dubious value for that blow out. Media researchers who contacted me were quick to link the two, but this is not something I am quick to encourage.

A Disclaimer

In the spirit of transparency, I must declare something that was also missing from the original post. My previous employer delivered smaller (less than $1 million) IT projects for Victoria Police and other state bodies. As a result, I’ve undergone police checks and completed the forms required to become a VicPol contractor.

This may imply I have an axe to grind or have some specific insider knowledge, but instead I am proud of the projects we delivered. They were both on time and on budget.

Visualizing the Results

The following is a video representation of my results, composited in After Effects for a bit of fun. I recorded various test footage, and this was the most successful clip.

I will go into detail about ideal camera setups, detection regions, and more after the video. It will help you better understand what made this iPhone video I took from through the windscreen a better video than a Contour HD angled out the side window.

An Ethical Dilemma

If you saw the hero graphic of this article or watched the video above, you may have noticed a very interesting development: I caught someone.

Specifically, I caught someone driving a vehicle with a canceled registration from 2016. This could have happened for many reasons, the most innocent of which is a dodgy resale practice.

Occasionally, when the private sale of a vehicle is not done by the book, the buyer and seller may not complete an official transfer of registration. This saves the buyer hundreds of dollars, but the vehicle is still registered to the seller. It’s not unheard of for a seller to then cancel the registration and receive an ad hoc refund of remaining months, also worth hundreds of dollars.

Alternatively, the driver of the vehicle could well be the criminal we suspect that they are.

So, although I jokingly named the project plate-snitch when I set it up on my computer, I’m now faced with the conundrum of whether to report what I saw.

Ultimately, the driver was detected using a prototype of a police-only device. But driving on a 2016 registration (canceled, not expired) is a very deliberate move. Hmm.

Back to the Results

Of the many reactions to my article, a significant amount were quite literal and dubious. Since I said I replicated the software, they asserted that I must have a support center, warranties, and training manuals. One even attempted to replicate my results and hit the inevitable roadblocks of image quality and source material.

Because of this, some implied that I cherry-picked my source images. To that I can only say, “Well, duh.”

When I built my initial proof of concept (again, focusing on validating an idea, not replicating BlueNet), I used a small sample set of less than ten images. Since camera setup is one of, if not the most, important factors in ALPR, I selected them for ideal characteristics that enhance recognition.

At the end of the day, it is very simple to take a fragile proof of concept and break it. The true innovation and challenge comes from taking a proof of concept, and making it work. Throughout my professional career, many senior developers have told me that things can’t be done or at least can’t be done in a timely manner. Sometimes they were right. Often, they were just risk averse.

“Nothing is impossible until it is proven to be.”

Many people bastardize this quote, and you may have seen or heard one of it’s incarnations before. To me, it neatly summarizes a healthy development mindset, in which spiking and validating ideas is almost mandatory to understanding them.

Optimal ALPR Camera Setups

This project is so exciting and different for me because it has a clear success metric — whether the software recognizes the plate. This can only happen with a combination of hardware, software, and networking solutions. After posting my original article, people who sell ALPR cameras quickly offered advice.

Optical Zoom

The most obvious solution in hindsight is the use of an optical zoom. Though I explore other important factors below, none lead to such a sheer increase in recognition as this. In general, professional ALPR solutions are offset at an angle, trained on where the license plate will be, and zoomed into the area to maximize clarity.

This means the more zoom, more pixels to play with.

All the cameras I had at my disposal were of a fixed lens. They included:

• A Contour HD action camera. These came out in 2009, and I use mine to record my cycling commute and to replay each week’s near death experience.
• A Fujifilm X100S (famously a fixed prime lens)
• My iPhone 6+

The featured test run was recorded on my phone. My only method of replicating an optical zoom was using an app to record at 3K instead of 1080p, and then digitally zooming and cropping. Again, more pixels to play with.

Angle & Positioning

The viewing angle of 30° is often referenced as the standard for ideal plate recognition. This is incredibly important when you learn that BlueNet uses an array of cameras. It also makes sense when you consider what a front facing camera would generally see — not very much.

What a front facing ALPR camera sees — not much.

If I had to guess I’d say a mostly forward-facing array would be the ideal setup. It would consist of a single camera pointed dead center as above, two off-center at 30° each side, and a single rear-facing camera. The value in having most of the cameras pointed forward would come from the increased reaction time if the vehicle is traveling in the opposite direction. This would allow a quicker scan, process, and U-turn than if the rear facing cameras picked up a suspect vehicle already ten meters past the police vehicle.

_A four camera array would need to be angled similar to this. Icons from [Freepik](http://www.freepik.com/" rel="noopener" target="blank" title=").

A Gymbal

When compositing the video, I thought about stabilizing the footage. Instead I opted to show the bumpy ride for what it was. What you saw was me holding my phone near the windscreen while my wife drove. Check out that rigorous scientific method.

Any production-ready version of a vehicle-mounted ALPR needs some form of stabilisation. Not a hand.

Other Important Factors

Frame Rate

Both the attempt to replicate my project and my recordings since then explored the same misconception that ALPR sampling frame rate may be linked to success. In my experience, this did nothing but waste cycles. Instead, what is incredibly important is the shutter speed creating clean, crisp footage that feeds well into the algorithm.

But I was also testing fairly low-speed footage. At most, two vehicles passing each other in a 60km/h zone created a 120km/h differential. BlueNet, on the other hand, can work up to an alleged 200km/h.

As a way of solving this, a colleague suggested object detection and out-of-band processing. Identify a vehicle and draw a bounding box. Wait for it to come into the ideal recognition angle and zoom. Then shoot a burst of photos for asynchronous processing.

I looked into using OpenCV (node-opencv) for object recognition, but I found something simpler like face detection, taking anywhere from 600–800ms. Not only less than ideal for my use, but pretty poor in general.

Hype-train TensorFlow comes to the rescue. Able to run on-device, there are examples of projects identifying multiple vehicles per frame at an astounding 27.7fps. This version could even expose speed estimations. Legally worthless, but perhaps useful in every day policing (no fps benchmark in readme).

To better explain how high-performance vehicle recognition could couple with slower ALPR techniques, I created another video in After Effects. I imagine that the two working hand-in-hand would look something like this:

Frame Rate vs Shutter Speed

A different manifestation of frame rate is largely influenced upon shutter speed, and more specifically, the rolling shutter issues that plague early or low end digital movie recorders. The following is a snapshot from some Contour HD footage. You can see at only 60km/h the rolling shutter issue makes the footage more or less unusable from an ALPR point of view.

Rolling shutter issues on a Contour HD @ 60km/h.

Adjusting frame rate on both the Contour HD and my iPhone did not result in noticeably less distortion. In theory, a higher shutter speed should produce clearer and crisper images. They’d become increasingly important if you were to chase the 200km/h BlueNet benchmark. Less blur and less rolling shutter distortion would ideally lead to a better read.

Open ALPR Version

One of the more interesting discoveries was that the node-openalpr version I was using is both out-of-date and not nearly as powerful as their proprietary solution. While an open source requirement was certainly a factor, it was amazing how accurately the cloud version could successfully read frames that I couldn’t even identify a plate on.

ALPR Country Training Data

I also found that the main node-openalpr package defaults to US country processing with no way of overriding it. You have to pull down someone else’s fork which allows you to then provide an extra country parameter.

Slimline Australian plates need their own separate country detection to regular Australian plates?

But this doesn’t always help. Using the default US algorithm I was able to produce the most results. Specifying the Australian data set actually halved the number of successful plate reads, and it only managed to find one or two that the US algorithm couldn’t. Providing the separate “Australian Wide Plate” set again halved the count and introduced a single extra plate.

There is clearly a lot to be desired when it comes to Australian-based data sets for ALPR, and I think that the sheer number of plate styles available in Victoria is a contributing factor.

Good luck with that.

Planar Warps

Open ALPR comes with one particular tool to reduce the impact of distortion from both the camera angle and rolling shutter issues. Planar warp refers to a method in which coordinates are passed to the library to skew, translate, and rotate an image until it closely resembles a straight-on plate.

In my limited testing experience, I wasn’t able to find a planar warp that worked at all speeds. When you consider rolling shutter, it makes sense that the distortion grows relative to vehicle speed. I would imagine feeding accelerometer or GPS speed data as a coefficient might work. Or, you know, get a camera that isn’t completely rubbish.

The planar warp tool provided with Open ALPR

What others are doing in the industry

Numerous readers reached out after the last post to share their own experiences and ideas. Perhaps one of the more interesting solutions shared with me was by Auror in New Zealand.

They employ fixed ALPR cameras in petrol stations to report on people stealing petrol. This in itself is not particularly new and revolutionary. But when coupled with their network, they can automatically raise an alert when known offenders have returned, or are targeting petrol stations in the area.

Independent developers in Israel, South Africa, and Argentina have shown interest in building their own hacked-together versions of BlueNet. Some will probably fare better than others, as places like Israel use a seven digit license plates with no alphabet characters.

Key Takeaways

There is simply too much that I’ve learned in the last few weeks of dabbling to fit into one post. While there have been plenty of detractors, I really do appreciate the support and knowledge that has been sent my way.

There are a lot of challenges you will face in trying to build your own ALPR solution, but thankfully a lot of them are solved problems.

To put things in perspective, I’m a designer and front end developer. I’ve spent about ten hours now on footage and code, another eight on video production, and at least another ten on write-ups alone. I’ve achieved what I have by standing on the shoulders of giants. I’m installing libraries built by intelligent people and have leveraged advice from people who sell these cameras for a living.

The $86 million question still remains — if you can build a half-arsed solution that does an okay job by standing on the shoulders of giants, how much more money should you pour in to do a really really good job?

My solution is not even in the same solar system as the 99.999% accurate scanner that some internet commenters seem to expect. But then again, BlueNet only has to meet a 95% accuracy target.

So if $1 million gets you to 80% accuracy, and maybe $10 million gets you to 90% accuracy — when do you stop spending? Furthermore, considering that the technology has proven commercial applications here in Oceania, how much more taxpayer money should be poured into a proprietary, close-sourced solution when local startups could benefit? Australia is supposed to be an “innovation nation” after all.

This week, I paid off my last student loan. It’s a big deal for me, and something that I’ve been looking forward to for many years. Now I want to do something that I generally avoid doing online: talk politics. Because if there’s one lesson that my student loans purchased, it’s that college should be free and accessible to all.

I spent six years accruing many tens of thousands of dollars in debt to get my two degrees from Purdue, a public land-grant university. I graduated in 2011 and spent the next six years paying back all that money and much more in interest. I began signing the dotted line for my mountain of debt when I was 18. I was a first-generation college student without a damn clue.

But Emily, you might say, you paid it all off super fast! Only 6 years, only your entire 20s, paying for a world-class education! Sounds like everything worked out just great!

And here’s the thing…you’re right. In my specific case, in my life, I was able to pay off the debt with unusual speed. Why is that, do you think? Well, I got a job right out of school and I’ve worked hard to earn promotions. Sometimes I run a tutoring side hustle for extra funds. I pay my bills on time. I avoid splurging on big trips or fancy things so that I can put more money towards paying off my debt. All that good, straight-laced, responsible middle class stuff you’re supposed to do.

But if you and I were friends on Facebook, then you’s already know my real secret for paying off student loans. I married a software engineer.

I married him because I love him. Some of the things I love about him contribute to financial health — a level head, long-term thinking, integrity, responsibility, intelligence, etc. But it doesn’t hurt that his intellectual gifts lend themselves to a career that he loves and that pays well. I followed my intellectual gifts as well, straight to a debt-plagued but enriching degree in English literature and an unexpectedly satisfying but unsurprisingly low-paying career in university student services. Let me be perfectly clear: my hard work is not what pays the student loan bills on time and ahead-of-schedule. My loans were paid off several years early by the mind-boggling good fortune of being in the right place at the right time to fall in love with a future software engineer. As a woman with an unrepentant penchant for liberal arts, I would have had to chase an entirely different career to pay off my debt at this pace on my own.

Not only did I marry an engineer, I married a lucky engineer, and it turns out that I’m pretty lucky too. We have never suffered chronic physical or mental illness. I had a perfectly smooth and planned pregnancy, a perfectly healthy baby, and the insurance to cover both. Our car has never broken down unexpectedly, we have never lost our jobs due to “reorganizing,” we have never had our identities or our possessions stolen except that one time somebody used our credit card number to buy a $400 Uber ride in New York, which took all of 1 phone call to resolve. We have large, extremely supportive families who gave us financial help when we were just starting out. Not to mention that we are white, cisgender, heterosexual, able-bodied, US-born, Christian-raised folks. If even one of the things in the list above was different, it would impact our financial lives, possibly drastically.

My point here is that I am LUCKY. If the universe had tilted at a slightly different angle at any point in my life, I might still be paying off loans for another 5 or 10 or 40 years. I am deeply, deeply grateful for my good fortune, and I am painfully cognizant that I could not have pulled myself up from this debt if the universe hadn’t handed me custom-tailored hydraulic bootstraps.

Okay, fine, but this is all me talking about me, me, me. Why do I think college should be free for EVERYONE? Because college is still by far the most reliable path upwards in social mobility. Education, especially higher education (university, community college, trade school, etc) is still the best tool we have for pulling people out of poverty and into economic productivity and security. Individual mileage may vary, of course, but it doesn’t take a degree in library science to track down dozens of reliable social science research sources that back this view. (Here, let me Google one for you.)

Education is a crucial tool for improving individual lives and the overall socio-economic health of our country, but that tool becomes dulled when you match it with crushing debt. I know so many brilliant, hard-working people who are struggling to pay the bills, let alone buy a house, because they lose a huge portion of their paycheck to their student loans. (Do you really think it’s the avocado toast that’s keeping millennials from buying cars and homes? Please.) Many of these folks are doing utterly important social work, like teaching and counseling and caregiving — work that is traditionally feminine, work that is chronically underpaid. I know other brilliant, hard-working people who found out halfway through that college wasn’t for them, at least not in their late adolescence, and now they are struggling to hustle up a living while carrying around thousands in debt sans degree. And it’s not like you can get rid of this debt. Whether you are a student or a parent who signed a loan, whether you finished school or not, there is no bankruptcy big enough to catch those loans. There are only two ways out: pay up or die.

I fundamentally believe that students should have the chance to go to college without being saddled with life-limiting debt. I believe that schools should be able to provide educations with the rigor to produce critical thinkers, creative leaders, and engaged citizens without worrying about whether or not the students get a high enough starting salary to make the degree attractive to a new batch of 18-year-old customers. I believe that graduates from non-rich backgrounds should be able to begin their working lives at the same pace as their peers with rich parents. Because, oh yeah, rich kids don’t have to worry about this stuff.

But Emily, you might say, even if the broke students and their parents shouldn’t have to pay for college, why does that mean that I, the noble Taxpayer, should have to shell out the funds? Well, first of all, I think public university and community college education tuition costs should be funded by taxes on the very wealthiest Americans, not the middle class. I mean, seriously, college is a staggering cost for most middle-class American families — this isn’t just an issue for the poor. Taxing the very rich to support education for the children of poor, working-class, and middle-class Americans is a one-two punch in the fight against income inequality.

I think making college affordable is worth our tax dollars and our civic energy. I want public schools to be truly public and free to all students from that state. We could at least be fully subsidizing the interest so that students only actually pay the cost of their education, rather than double or triple that cost over several decades. I think that’s a half-assed compromise, but saving a generation of students multiple tens of thousands of dollars each is a half-assed compromise I could start with. In any case, we have to do SOMETHING, because this is a crisis that non-rich kids with middle-class ambitions can only avoid with some rabbit’s foot, four-leaf-clover, shooting star, sparkly kind of luck.

And now that my own amazing luck has led me to this moment of freedom, I feel like I can finally speak my mind without asking for a personal hand out, which soothes my Midwestern soul. My loans are paid, and I never expect to see that money again. I don’t regret taking the loans and I don’t regret the excellent literary education they purchased. Speaking as one of “the good ones,” speaking as a loan-taker who did everything just right and ponied up every penny, I will be the first to say that the student loan industry is a blight on our country’s values of equal opportunity. Since when did we have to purchase the pursuit of happiness?

After over four months of confusion, controversy, and complete failures of Cybersecurity 101, the Federal Communication Commission’s “Restoring Internet Freedom” proposal — a set of rule-changes that could dismantle Net Neutrality and forever alter the fabric of the internet — ended up with 22,149,776 online public comments in response.

But we still don’t know how many of those were left by actual people.

In short, that’s why I began an investigation that has resulted in this lawsuit.

To tell the long story, let’s first review what happened over the last several months:

• FCC Commissioner Ajit Pai announced a proposed rule to change broadband internet regulation from Title II to Title I, along with a period for the public to leave comments that could shape the agency’s final decision.
• On the same day the “Restoring Internet Freedom” fact sheet was released, another public notice issuing guidance on how to comment on the proceeding was released, which stated “we anticipate that some may wish to submit a large number of comments from multiple individuals, each with the same or similar content” and “we anticipate that during some periods of the comment cycle, ECFS [Electronic Comment Filing System] may experience much higher volumes of traffic, and that some of this traffic may be malicious in nature.”
• John Oliver called on his viewers to comment against the proposal, only for the FCC website to crash in what may (or may not) have been a coordinated cyberattack.
• Public comments under real people’s names were found to have been posted without their knowledge.
• Multiple analyses claimed that up to millions of comments (pro- or anti-) were likely faked.
• Members of Congress demanded investigations from multiple agencies into the alleged cyberattack.
• On the last day of the extended deadline to comment, someone figured out that one part of the commenting system could be used to upload any kind of file to FCC.gov, capping off an already-fraught public feedback process with even more red flags.

This kind of public commenting period isn’t unusual for the FCC. The agency regularly announces new proceedings and is obliged to allow the public to weigh in on these, either by submitting comments online or by mail.

For this particular proposal, the agency had three online submission methods:

1. Submitting a single comment through the ECFS form on their website
2. Submitting a properly-formatted Restoring Internet Freedom ECFS Bulk Upload Template (with multiple individual names and comments) to a special submission widget created just for this ruling
3. Submitting comments straight into the FCC’s database through their Application Programming Interface (API), by use of a Data.gov-registered API key that requires a first name, last name, and valid email address

All three of these methods were easy to fake comments with. However, it’s the last two methods that allowed for the key problem with the “Restoring Internet Freedom” commenting process: anyone could submit comments in bulk.

Fortunately, these bulk comments couldn’t be sent completely anonymously. The Bulk Upload Template method also required the submission of the uploader’s email address. The API method required a valid email address to receive the necessary Data.gov API key to begin with — plus, the entire point of an API key system is to give (and track) individual user access to a given server.

Realizing this, I submitted a Freedom of Information Act request to the FCC on June 4, asking for the following:

1. All public API keys, including associated registration names and e-mail addresses, that were used to submit online comments via ECFS to Proceeding 17–108, “Restoring Internet Freedom” between Apr 26, 2017 and today, and copies of all data files submitted through these API keys for the same.
2. Logs of all times and dates that said public API keys were used to submit online comments via ECFS to Proceeding 17–108, “Restoring Internet Freedom” between Apr 26, 2017 and today.
3. E-mail addresses associated with all .CSV comment uploads, along with all .CSV files uploaded in response to Proceeding 17–108, “Restoring Internet Freedom” between Apr 26, 2017 and today (including any accepted .CSV submissions that did NOT use the FCC’s “Restoring Internet Freedom ECFS Bulk Upload Template” .CSV file template).
4. Logs of all times and dates that said e-mail addresses submitted online comments via the FCC’s online .CSV submission box to Proceeding 17–108, “Restoring Internet Freedom” between Apr 26, 2017 and today.
5. All e-mail inquiries to ECFSHelp@fcc.govregarding .CSV comment submissions in response to Proceeding 17–108, “Restoring Internet Freedom” between Apr 26, 2017 and today.

Normally, FOIA requests receive responses from designated FOIA Liaisons at government agencies. Instead, I received an email on June 14 from FCC Associate CIO Kevin Baker, acknowledging my request and informing me that they were extending their legal deadline to respond to my request from July 3 to July 18.

I never heard from the FCC again.

As the agency is legally obliged to respond to my request, and as the underlying questions behind my request still haven’t been answered, I have filed a lawsuit against the FCC for their refusal to conduct a reasonably timely search for the records, and have demanded the release of these records.

Even now, over three months after my FOIA request, and even after I’ve filed a lawsuit, this request is still listed as “under agency review”.

Of course, these requested records are only through June 4, and will leave out three months worth of millions of comments. However, this sample size should be enough to determine:

1. If any suspicious uploading patterns with repeat offenders took place during the timeframe of the May 7–8 alleged cyberattack
2. If any groups of comments submitted by particular email addresses correlate with what other previous comment analyses suspect are fake comments
3. If any suspicious email address URLs (lobbyists, PR firms, .gov addresses, non-US domain names, etc.) were allowed to submit bulk comments

If there ends up being any eye-opening evidence of what the FCC itself called “malicious in nature” traffic, they will have a lot of explaining to do to American citizens, businesses, and Congressmen alike.

Regardless of your own views on how the internet ought to be regulated, there is a blatant government transparency issue at hand here.

After all, how are we supposed to trust in the integrity of the FCC’s decision-making process when they won’t divulge records showing how millions of comments that are already public were submitted to begin with, and by who?

Edit: Special thanks to Matt Topic and Josh Burday at Lovey & Loevy for taking my case. Matt previously represented me in a FOIA lawsuit against the Chicago Transit Authority in 2014.

Imagine you didn’t need to trust a stranger to make a deal with them. Imagine you didn’t need to trust your bank to deposit your money there. Imagine you didn’t need to trust your government to know it was being just and fair.

What would happen?

It would change the world.

This is precisely the promise of blockchains.

Cryptocurrencies, which are built on blockchains, are all over the press these days, mostly because of the high prices, volatility, and sensational narratives surrounding debacles like Mt. Gox and The Silk Road.

But there’s something much bigger going on than just digital currencies.

While the mainstream media has been busy speculating about prices and black market intrigues, they’ve missed the fact that beneath it all, cryptographers had quietly invented an entirely new set of technological primitives.

Blockchains (and the consensus protocols that support them) were invented as a result of developers trying to solve a bold problem: how to create digital, untraceable money. By combining cryptography, game theory, economics, and computer science, they managed to create an entirely new set of tools for building decentralized systems.

But what they created will change much more than just how we exchange money. It’s going to change the entire world. And hardly anyone seems to notice.

Edward Witten, the famous physicist, once said of string theory that it was “a part of 21st century physics that fell by chance into the 20th century.” In other words, the physics community was not ready for string theory.

Blockchain is a 22nd century technology that fell by chance into the early 21st century.

It’s painfully obvious that we’re not ready for it.

What is a blockchain?

At its core, a blockchain is a surprisingly simple and elegant data structure. It’s basically just a linked list with one important augmentation — each block contains a cryptographic hash of the previous block. This creates an effectively unalterable chain of blocks and their fingerprints, stretching back to the original block.

If everyone in your system replicates this linked list (and verifies its legitimacy by repeating the cryptographic hash functions), it will implement a slow and somewhat crude distributed database that’s resistant to tampering.

And that’s a blockchain. Doesn’t sound that amazing, does it?

Of course, to actually build a functional protocol, you need a lot more than that — you’ll need authentication (public/private key cryptography), a consensus mechanism (Nakamoto consensus via proof-of-work or various kinds of proof-of-stake), space and time optimizations (Merkle trees and Merkle proofs), and a bunch of fancy peer-to-peer networking stuff. But that’s a subject for another, more technical blog post.

The point is this: blockchains are a genuinely new tool for organizing complex systems. And we are only beginning to understand how to integrate them into the real world.

The promise of blockchains

If everyone works off the same blockchain, and everyone openly shares what the current state of the blockchain is, and it’s computationally intractable to tamper with it, and everyone agrees on rules of how new data is committed… then suddenly everything changes.

Suddenly you can build completely decentralized systems that require no trust among participants. So long as enough actors in the system follow the rules of the protocol (in the most primitive case, at least 50% of them are good), then you can imbue the system with provable security guarantees. Conspiracies or bad actors can’t censor or vandalize the system.

You can even engineer the right incentives straight into the protocol, and then have every actor in the system enforce them.

Using blockchains, a lot of massive coordination problems simply disappear. Conundrums that plague global financial infrastructure, voting, international remittances, insurance policies, custodial records, and even government corruption can simply be designed out of existence.

By creating the right system with the right guarantees, you can fix bad incentives. You can eliminate corrupt middle-men and rent-seekers. You can create whole new societies that can coordinate better, more transparently, and more efficiently than ever before considered possible.

It’s really hard for most people to grasp the significance of this.

I’ll put it this way: if John Locke knew about blockchains, it undoubtedly would’ve compelled him to write a third treatise on government. It would’ve been a revolutionary idea in how to coordinate a society.

The future of the future

Most people I know right now in Silicon Valley are focused on deep learning and AI as the most promising technological revolution. And I share their enthusiasm! Deep learning is going to upend industries and give us new capabilities that we only imagined in high science fiction.

But blockchain — blockchain is going to upend entire societies. It’s going to enable new kinds of governance systems that were before only the daydreams of utopians and philosophers.

And yet, when you look at the cryptocurrency world right now, you’re not necessarily going to recognize that.

Most of what’s going on right now falls into two categories.

The first are the crypto-anarchists and hackers who are building low-level protocols. They’re racing to build what will become the decentralized TCP/IP stack for future builders.

The second category are the profiteers who trying to make a quick buck off the unaware and the optimistic.

Unfortunately, this second category is getting most of the attention.

The tower of Blockchain

Imagine stumbling across the world wide web in 1995, browsing through dinky fan sites catering to eccentrics, and thinking: “Hah. Wow. This weird little ecosystem is going to be really important someday.”

That was blockchain a few years ago. In other words, blockchain has safely crossed the Angelfire chasm.

Now that it has proven its first glimmer of usefulness, the next act is inevitable.

You may have heard about the ICO mania, or the recent rallies of the prices of Bitcoin and Ethereum. The wise and the wily have taken notice and have realized blockchain’s tremendous potential. And they’ve already made and lost fortunes speculating on the potential future of cryptocurrencies.

It’s unfortunate that right now, blockchain-as-speculation is dominating most people’s attention. The signal is getting drowned in the noise.

But that’s to be expected. We’ve seen this before.

When people first realized the extraordinary potential of the internet, tons of money was pumped into random dot coms. Anticipating mass adoption and astronomical value creation, speculation fed speculation, until the frenzy finally crashed in 2001.

What’s going on right now is comparable. There will eventually be a comedown.

But when the dust is cleared, like after the dot com crash, those who were serious — the Microsofts, the Amazons, the Googles — will have to come in and do the graceless work of building the future.

There’s much work to do.

I recently left my job at Airbnb. I was working on payments fraud for a little over a year. It was fascinating and impactful work — Airbnb is an awesome company — and I left on good terms. But the more I’ve been learning about crypto and blockchains, the more I’m convinced that this stuff is going to change the world.

And that’s why I’m going to be working on the blockchain. (And probably keep blogging about it!)

And if you’re a developer wondering how you can get involved and help build this future, check out this link and start getting your hands dirty.

Here’s how you can join the protest and spread the word.

Right now, new FCC Chairman and former Verizon lawyer Ajit Pai has a plan to destroy net neutrality and give big cable companies immense control over what we see and do online. If they get their way, the FCC will give companies like Comcast, Verizon, and AT&T control over what we can see and do on the internet. They’ll be legally able to slow down websites who don’t pay them, or completely block websites they don’t like.

If we lose net neutrality, we could soon face an Internet where some of your favorite websites are forced into a slow lane online, while deep-pocketed companies who can afford expensive new “prioritization” fees have special fast lane access to Internet users — tilting the playing field in their favor.

But on July 12th, the Internet will come together to stop them. Websites, Internet users, and online communities will stand tall, and sound the alarm about the FCC’s attack on net neutrality.

Some of the 200+ organizations who are participating in the July 12 Day of Action.

The Battle for the Net campaign will provide tools for everyone to make it super easy for your friends, family, followers to take action.

From the SOPA blackout to the Internet Slowdown, we’ve shown time and time again that when the internet comes together, we can stop censorship and corruption. Now, we have to do it again.

Learn more and join the action here.

And if you want to learn more about the history of the open internet — and why net neutrality is so important — you can read all about it here.

The past few months have been some of the most substantial in cybersecurity history:

• WikiLeaks released their Vault7 collection of CIA hacks
• The WannaCry ransomware has infected hundreds of thousands of computers.
• The FBI is investigating Russia hacking that may have meddled in the U.S. presidential election.
• Congress voted on a resolution to roll back Federal Communications Commission privacy protections that kept Internet Service Providers from selling your data to third-parties (and opening the door for ISPs to use your data in other creepy ways).
• And the open web is under threat from mega-corporations who may use deep packet inspection to turn it into a locked-down Chinese-style internet.

It would be an understatement to say that issues surrounding cybersecurity and digital privacy are “in the news.” Because these issues are a lot closer to home.

In fact they’re in your home, literally. In your computers, your smart phones, your smart-home devices, and maybe even your TVs.

Which means you might be interested in learning more about the field of cybersecurity, because it’s certainly affecting you. Privacy, security, digital rights, free expression, the open web — these are all raging issues that trace back to the fundamental mechanics of networks.

I’m invested in diving deeper into this world. I work as a consultant at Crypho, a Norwegian security software company that builds private and secure communication tools for organizations. And I’m currently in deferral at UC Berkeley Law, where I plan to learn more about digital privacy and security law.

And, in order to stay on top of the issues, I subscribe to the following free email newsletters:

#1: Electronic Frontier Foundation (EFF)

Email newsletter sign up: EFFector List

From the EFF website:

“The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.”

EFF is the organization—often in collaboration with others—behind security tools like Privacy Badger, HTTPS Everywhere, Certbot, among others.

And the EFF is the organization behind a gold mine of tips, tools and how-to’s for safer online communications. This treasure trove includes Surveillance Self-Defense, “EFF’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.”

And the EFF is behind much more in the form of amicus briefs, blog posts, whitepapers and of course EFFector List, their nearly-weekly email newsletter.

#2: US-CERT

Email newsletter sign up: US-CERT

CERT stands for Computer Emergency Readiness Team. And so US-CERT is the Computer Emergency Readiness Team of the United States of America.

US-CERT is an organization within the Department of Homeland Security, and it’s responsible for “responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

And the US-CERT newsletter keeps you in the know about all things cybersecurity-related, which include:

• Cybersecurity alerts, like the recent WannaCry Ransomware
• Announcements, like FTC’s Privacy Awareness Week
• Tips, like Securing Home and Small Business Routers
• Security Updates, like Mozilla Releases Security Updates
• Bulletin of software vulnerabilities, like Vulnerability Summary for the Week of May 8, 2017

Note that many countries have their own CERT, and as such you might be interested in following those as well. You can find a list of CERTs here.

#3: Schneier on Security

Email newsletter sign up: Crypto-Gram Newsletter

[Bruce Schneier](http://Bruce Schneier) is an influential security technologist. He keeps a blog called Schneier on Security where he discusses security issues. And also a free monthly e-mail called Crypto-Gram, which is a digest of his blog posts.

More about Schneier here.

#4: O’Reilly Security Newsletter

Email newsletter sign up: O’Reilly Security Newsletter

O’Reilly is a media company founded by Tim O’Reilly that publishes a ton of quality books and content on software and computer technology. They organize popular tech conferences like Velocity and OSCON. And put out a number of email newsletters, including one dedicated to digital security.

#5: UC Berkeley Center for Long-Term Cybersecurity (CLTC)

Email newsletter sign up: CLTC

The Center for Long-Term Cybersecurity (CLTC) is a research and collaboration hub at the University of California, Berkeley, whose aim is as follows:

“Housed in the School of Information (I School), the Center will create an effective dialogue among industry, academia, policy, and practitioners, with an aim to foster research programs, technologies, and recommendations. CLTC’s work is founded on a future-oriented conceptualization of cybersecurity — what it could imply and mean for human beings, machines, and the societies that will depend on both.”

If you’re located in the Bay Area, the CLTC might be of particular interest to you because of the events and talks they organize. If you’re not, you still might find value in the CLTC newsletter as it covers cybersecurity news, internships and jobs, and more.

#6: freeCodeCamp

Email newsletter signup: freeCodeCamp

freeCodeCamp is an open-source community committed to helping you learn to code. And as part of that effort, freeCodeCamp maintains a popular tech publication on Medium, where it publishes stories about development, design, data science, the open web, among other tech topics.

And while it’s not the exclusive focus of freeCodeCamp’s publication, you will often find informative articles on matters relating to cybersecurity and digital privacy and security, like this one on VPNs and this one on end-to-end encryption and this one on encrypting your digital life.

Which means it’s worth to keep an eye on freeCodeCamp’s email newsletter, which you can subscribe to by following the publication here on Medium and opting to “Receive Letters in your inbox.”

#7: OWASP

Email newsletter signup: OWASP mailing lists

The Open Web Application Security Project commonly referred to as OWASP is “an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.”

As such OWASP is behind a number of resources and projects that aim to improve application security and bring visibility to software security in general. One such project is the important and oft-cited Top Ten Project, OWASP’s list of the 10 most critical web application security risks.

Some bonus cybersecurity mailing lists

If you follow and read all of those email newsletters, you’ll probably know more about the world of cybersecurity than 95% of the population.

And if those don’t fill your appetite, a few others to be mindful of include:

• Jigsaw, an incubator within Alphabet (aka Google) “that builds technology to tackle some of the toughest global security challenges facing the world today — from thwarting online censorship to mitigating the threats from digital attacks to countering violent extremism to protecting people from online harassment.”
• The US Federal Communications Commission RSS feeds and email updates
• Mozilla, which occasionally covers security-related issues.
• Citizen Lab, based at the University of Toronto

And last, because I’ve been living in Latin America, I also follow organizations involved in digital privacy and security in this region of the world. So if you’re a Spanish speaker, you might want to check out Fundación Karisma (Colombia) and Derechos Digitales (Chile) and TEDIC (Paraguay), as they’re doing incredible work.

If you know of other resources, drop them in the comments! And any questions, you can find me on Twitter at @gilbertginsberg or at Gilbert Index. Thanks for reading.

People who are unlucky enough to get infected will see a threat on their computer that looks like the image above.

Here’s how ransomware works:

1. Someone accidentally runs malicious code on their computer (perhaps from an email attachment)
2. This code (called “ransomware”) encrypts many of the files on their hard drive (or does something else malicious).
3. The code then demands a ransom. It notifies the person that if they don’t do something (in WannaCry’s case, send the attackers $300 worth of Bitcoin), the software won’t unencrypt those files.

In WannaCry’s case, after 3 days, it escalates the demand to $600. Then after a week, it claims the data will be lost forever. This said, 7 days haven’t yet passed, so we don’t yet know whether the attackers will carry through on this threat.

As far as we know, only computers that are running Windows are vulnerable to WannaCry. But it’s a particularly nasty piece of ransomware in that only one person on a network needs to download it. From there, it can spread through local networks automatically, using ports normally reserved for network file sharing.

WannaCry is able to do this thanks to an exploit called EternalBlue that may have been developed by America’s own National Security Agency (NSA), then leaked last month by hacker group The Shadow Brokers (2 minute read).

Due its particularly virulent nature, WannaCry shut down several organizations over the weekend, including much of Britain’s National Health Service — preventing doctors from being able to use MRI machines, and even turning off the storage refrigerators that kept donated blood cool.

This morning, I went on ABC’s Good Morning America. They interviewed me about ransomware, and asked me what ordinary people can do to protect themselves.

Here are my basic tips:

1. If you’re concerned about your files, back them up. Windows and MacOS both have built-in backup tools.
2. Keep your software up-to-date. Don’t disable auto-update. Developers are constantly fixing security vulnerabilities. Even though it seems like a pain, install their recommended updates.
3. Don’t open suspicious email attachments.
4. Don’t rely on tools like anti-virus alone to protect you from these sorts of attacks. You personally need to be vigilant. Security isn’t a product — it’s a process.

If your computer gets infected with ransomware, and you don’t have backups of your files, you may want to go ahead and pay the ransom. While this rewards the criminals, it’s a small price to pay for saving irreplaceable files, such as family photos.

Remember that without the cryptographic key, even the most powerful governments in the world have no way of helping you unlock your files.

Microsoft discovered the vulnerability that WannaCry exploits back in March, and they’ve released patches for all recent operating systems. In the case of WannaCry, if you have a version of Windows from the past five years, and auto-update is turned on, your computer shouldn’t be at risk.

But if you’re still using older versions of Windows, like the 16-year-old Windows XP, you should definitely go download the patch. Here are the directions for this: (2 minute read)

WannaCry hit Russia the hardest. Cybersecurity consultancy Comae estimates that nearly half of infections occurred there.

Yesterday, new variants of WannaCry started cropping up: (4 minute read).

The NSA, CIA, and other government agencies currently devote about 90% of their cybersecurity resources to offensive cyber attacks: (4 minute read).

Many developers are outraged that government agencies have been stockpiling these vulnerabilities, instead of alerting software publishers about them, so that they can quickly patch these bugs.

As the saying goes, sometimes the best offense is a good defense. And that’s precisely the strategy that many developers hope governments will adopt.

Either way, the ransomware situation will get much worse before it gets better. So stay safe out there!

Here are three other links worth your time (also about ransomware):

1. Read the story of how one developer discovered a backdoor in WannaCry’s code, and was able to temporarily halt its spread: (7 minute read)
2. Security researcher Troy Hunt has written an in-depth analysis of the WannaCry outbreak: (12 minute read)
3. Watch as these bitcoin wallets receive ransomware payments from the ongoing global cyberattack, through a Twitter bot (2 minute read)

I only write about programming and technology. If you follow me on Twitter I won’t waste your time. ?

The Domain Name System (DNS) is often referred to as the backbone of the internet. It’s run by many engineers and their organizations, it ultimately shapes the future of the internet.

I recently attended ICANN58 in Copenhagen. It was an amazing week of round table discussions about the future of the internet. It included:

• seminars on policy development for the DNS
• workshops on how the architecture for the internet functions
• where the internet’s biggest vulnerabilities lie

It was a lot of fun, and I gained a t0n of value from it.

Just to backtrack a little, I’m relatively new to the domain world and the inner workings of the internet architecture. Since joining this space as a developer with iwantmyname, I’ve had to learn a ton. There’s a massive labyrinth that lies below the browser’s surface. So I wrote this guide to walk you through some of the infrastructure that hides behind those domain names and numbers we all use daily.

How does the internet work?

“This is a very common interview question: what happens when you go to Google.com, enter a query, and press enter?” — Quincy Larson

So you open your browser and go to freecodecamp.com and this awesome site loads up right in front of you in the blink of an eye. You already know that this site is rendered from a range of compiled files that sit on a server somewhere. But how does your browser find its way to those files in the infinitely expanding internet? You may start thinking…

What the heck just happened?

The very first time you went to freecodecamp.com, your browser didn’t know what the IP address for freecodecamp.com was, so it couldn’t connect to and retrieve those files. Nor for that matter did it know where the actual servers were that those files are hosted on. And therefore, it had no idea from where to pull those files to start rendering the page.

So here’s what happens: (cue the graphics!)

DNS Chat

OK, let me expand upon that a bit

1. A user asks their browser to visit freecodecamp.com
2. The browser queries a DNS Resolver (usually their ISP) “where’s freecodecamp.com?”
3. DNS Resolver queries the Root servers (which have a big important list that keeps this information) “where is .COM?” Replies with Verisign.
4. DNS Resolver then queries Verisign — “where is freecodecamp.com?” Verisign replies with the nameservers ns1.cloudflare.com and the IP address 192.168.178.1
5. Hosting servers are queried with the IP address. “Give me the files for IP address 192.168.178.1 (please)”
6. Website files are delivered and rendered on the page so user can learn to code…or whatever they were doing.

I grabbed this screencast from Verisign, by far the biggest Registry in the world running .com .net .cc .tv and .name. It shows you the process in a nice way how the protocol works through the sequential queries and responses through the DNS structure.

Don’t worry too much about trying to read all the text, but just watch the exchanges and flow of information to reiterate what we’ve discussed above (it’s on a loop so will restart).

DNS Chat

Who makes it work?

In short IANA, in long ICANN, (I’ll explain these organizations in a moment and all this will make more sense, I promise!)

The reason for explaining how it works, was to uncover who makes it work — the real question and purpose for this article. It’s easy to think things just work. But of course, it’s no accident, the reason the internet works is because of the protocols and policies that have been created and gained enough of a consensus to become universal norms, but who agrees on these and how?

In short, and with specific regard to how domain names and IP addresses are mapped, that function falls under the competency of IANA (Internet Assigned Numbers Authority). They have the mandate of making sure the correct technical procedures are in place to have a safe and stable Domain Name System. Which brings us to ICANN (Internet Corporation for Assigned Names and Numbers). There’s no discussing IANA without ICANN:

Besides providing technical operations of vital DNS resources, ICANN also defines policies for how the “names and numbers” of the Internet should run. The work moves forward in a style we describe as the “bottom-up, consensus-driven, multi-stakeholder model” — ICANN.COM

In September of 2015 the IANA function which has been run by ICANN since 1998 permanently transitioned from being under a contract with the United States Department of Commerce to the autonomous control of ICANN \o/ ICANN has a board of directors and as a body, is divided up into separate member groups, let’s explore the Multi-stakeholder model:

“ICANN’s inclusive approach treats the public sector, the private sector, and technical experts as peers. In the ICANN community, you’ll find registries, registrars, Internet Service Providers (ISPs), intellectual property advocates, commercial and business interests, non-commercial and non-profit interests, representation from more than 100 governments, and a global array of individual Internet users. All points of view receive consideration on their own merits. ICANN’s fundamental belief is that all users of the Internet deserve a say in how it is run.” — ICANN.COM

ICANN Multi stakeholder Model — image credit ICANN.com

While it is fair to say all these groups are “represented,” I would argue all are are not represented equally. It’s natural to expect that those with more financial stake and cash to burn will try to pull the conversation in a certain direction. For example, telecoms like AT&T, Comcast, Charter, Verizon, Vodafone, T-Mobile, Orange.

They will arguably pull us in a backward direction, where they can package up websites like they did with cable TV channels, and sell them to end users, toll the traffic on the cables they control, and generally triple-dip on a more closed internet so they can make even more profit.

Some Governments will also try to influence in a direction toward their own state-interest, while others will try to be more global citizens. Intellectual Property advocates (organizations that are usually made up of IP lawyers) want things to be more about IP and brand security, so they can protect the lucrative rights of their high paying clients.

Service providers in the commercial sector like Google and Facebook are visible in the array, and tend to advocate — in part at least — for their users’ privacy, along with maintaining their own domination of the web.

Registries like Verisign, have an interest in designing favorable policy outcomes to which they are bound to comply.

iCANN is like this, but way less adorable…

Interestingly in my experience it is the Registrars — where you can register domain names (like iwantmyname) — who provide a voice of reason in the fray. They have to balance their obligations to ICANN and the Registries against those of their customers. And as a result of this, they often have to push back against various members or interest groups, or at times even the ICANN board itself.

Let’s talk end users

Hey! That’s us!

There’s a significant lack of end-user engagement in this process. Well, we’d all be better off if the end users of the internet started paying more attention.

Remember that there are some 3.7 billion internet users, but there are only a few people who own stakes in telecoms, registers, or web platforms. The freeCodeCamp community alone has more than a million users, and together we share so much that’s at stake.

This said, the number of folks currently engaged in this discussion is very small — maybe only a few thousand people. To be honest, I think there’s a growing need for more of us developers to take a more active voice in the conversation.

This is, after all, our livelihood. It’s where we tend to spend our time. It’s the space that consumes much of our focus, energy, and passion. And apart from being highly savvy and heavy users of the internet, we also have unique insights into our own audiences. We can speak with an empathetic voice that resonates with an even larger end user base.

What you can do?

You can take a seat at the table (or on the floor). There are a few ways you can get involved, depending on how formal you would like your involvement to be. You can join At-Large.

_Image by [At-Large](https://atlarge.icann.org/news/announcement-12-2014-08-07-en" rel="noopener" target="blank" title=")

At-Large is part of the end user contingent of ICANN’s multi-stakeholder model. It’s divided into regional At-Large outreach groups (RALOs). Here’s the full list: NARALO (North America), EURALO (Europe), APRALO (Asia-Pacific), LACRALO (Latin American and Caribbean Islands) and AFRALO (African Nations).

These various RALOs feed their inputs into the At-Large Advisory Committee (ALAC… aren’t acronyms fun!) who in turn report to ICANN.

Inside these end user representative bodies, there are smaller organizations you can become a part of at the university- or city level.

Another way to get involved is by becoming an unaffiliated member, which is to say outside of an At-Large structure, and directly with your Regional At-Large group. (Note that currently only the North American, Europe and Asia Pacific RALOs that allow such members — here’s where you can find out more and apply.)

There’s one more way, and that’s by applying as a collective to become an ALS. This does require some effort on your part. You would need to organize, and lead the people who join your group. But the pay off is a seat at the table and a voice for all those who your ALS represents.

On a side note, I’d like to hear your input on whether you think the freeCodeCamp community itself should look into applying to become an At-Large Structure. This would give all of it’s members a pathway into the end user group of ICANN.

Outside of the At-Large structure, there’s one more way you can participate. When ICANN opens topics for public comment, you can weigh in on those. Here’s where to find them.

You can also attend an ICANN meeting like I did. ICANN convenes three times a year — each time in a different part of the world. I attended ICANN58, which was held in Copenhagen. The next one is ICANN59 in Johannesburg.

It’s quite a fulfilling experience to attend one of these one-week events. They’re free and open to the public. You just have to register and apply. They also offer fellowships to help you attend if you need some support doing so.

There are many ways you can voice your opinions and help shape the future of our free and open internet.

“All users of the Internet deserve a say in how it is run.”

— ICANN

So I hereby invite you to get engaged and take a seat at the table.

$USER We made it \o/ that was a lot to take in and process

Response: You humans with your little CPU, LOL :)

In early 2015, the Telecom Authority of India (TRAI) was hijacked by the telecom companies that it was supposed to be regulating. It released a consultation paper on Net Neutrality for public feedback.

The question was whether services like Whatsapp and Viber should be brought under an expensive licensing regime.

TRAI put a tiny, hardly noticeable link to the paper on their official government website. They also put in place a tight deadline for public discussion. They hoped the public wouldn’t notice this proposal to fundamentally change in how the internet worked.

Whatsapp had made messaging free of cost. Before Whatsapp, we had to buy costly messaging packs to send short messages. Every international message used to cost around Rs 5 (US $0.08) — a huge source of revenue for telecoms.

Next, several of these messaging apps started offering free calls. This cut into telecom operator revenues even more. Since these messaging apps made a lot of money through advertising, these telcoms hope to take a cut of it themselves.

Indian activists set up a website, savetheinternet.in, where people could answer all the questions that TRAI’s consultation paper was asking. People could then send these answers to TRAI with just a few clicks.

This was a smart move. But still, most people where unaware of the importance of Net Neutrality — the basic rule that all internet traffic should be treated equally, regardless of where it comes from, and that the internet access should be treated like any other utility.

Net Neutrality is a complicated concept, and the typical Indian had no understanding of it, or its importance. So we needed to an effective way to communicate all this.

Thankfully, the comedy group All Indian Bakchod stepped in to help communicate this. Here’s their first video:

Indians sent a million emails to TRAI. (TRAI retaliated by “accidentally” leaking those million email addresses to public.)

Facebook and the telecom operators responded by changing their campaign to try and fool the Indian public into thinking that these corporations were actually in favor of Net Neutrality.

These corporations tried to define Net Neutrality as everyone being able to access some things on the internet. In fact, Net Neutrality is about everyone being able to access everything on the internet.

Facebook launched Internet.org with a major telecom operator, Reliance. They claimed they were providing free internet. In reality, they were providing a very limited slice of the internet with only the websites of companies who were registered with Internet.org. And Facebook had full control of which websites could register.

Of course, none of this was clearly mentioned in their innocuous-seeming promotional videos.

Facebook tried to trick the Indian public into thinking they were making these websites available as out of charity. In reality, they were very clearly violating the principle of Net Neutrality.

Next, TRAI made it more difficult to protest Facebook’s actions by moving the discussion to mygov.in. Now a citizen had to go through a long account registration process in order to make a public comment, and they only had a few days to do so.

All Indian Bakchod again moved in to cast light on these corrupt actions with a second video:

As a result, Facebook’s Internet.org effort was bashed all over the internet for violating Net Neutrality. Facebook rebranded it “Free Basics” and began an expensive marketing campaign to publicize it in every corner of the country.

Look at the normal people just going about their lives, using Facebook for free. They were designed to make people think, “How can Free Basics be a bad thing?” This even made lay-people question the activists.

What is your problem if they are giving us free internet?

Free basics was just another name for Internet.org. Though they changed their branding outside, the source code said otherwise.

Designers responded with parody ads drawing attention to the folly of Free Basics.

And All India Bakchod came back with a third video:

The corporations quietly convinced TRAI to set up yet another short deadline for public discussion. In that time, a lot of emails were sent to TRAI through savetheinternet.in.

There were protests in the street. The Indian media hosted discussion panels where they brought experts from different fields to talk about Net Neutrality.

Here’s a photo of News 9's discussion panel. The Grammy Award winner Ricky Kej stepped in to speak up for the importance of Net Neutrality.

I was also part of the same panel.

Finally, all of these efforts paid off. The public outcry forced TRAI to side with citizens, and against the corporations. They ruled in favor of preserving Net Neutrality.

We had won.

In the big scheme of things, I had hardly contributed anything. The real heroes are the people behind savetheinternet.in like Kiran Jonnalagadda, Nikhil Pahwa and Tanmay Bhat’s team from All India Bakchod, among many other activists. You can read more about them here.

Some of the corporations and their investors weren’t very happy about this. Venture Capitalist Marc Andreessen tweeted this:

After getting utterly trashed in the Indian and American media, he was forced to publicly apologize for this.

India’s story had a happy ending. But America’s may not.

America’s president is currently working to destroy Net Neutrality. The telecom companies have lobbied congress and taken over the Federal Communications Commission. All that stands between these corporations and their bigger profits is us — the public.

I hope India’s Net Neutrality heroes inspire you.

Don’t remain silent. Raise your voice. Educate yourself on the importance of Net Neutrality. Explain its importance to your friends, family, and followers about its importance.

Together we can make sure that America continues to enjoy the same open internet that India does. Let’s do this!

1. I hosted 40 coding events last year. Here’s what I learned. (6 minute read)
2. I crunched the data from every episode of Netflix’s Ultimate Beastmaster (5 minute read)
3. Yesterday, Congress voted to get rid of America’s internet privacy protections. Here’s how to set up a VPN in 10 minutes, and why you urgently need to (10 minute read)

Bonus: This morning I live-interviewed JavaScript developer and author Sacha Greif about his new Meteor-based web development framework, Vulcan.js (35 minute watch)

Thought of the day:

“Yesterday’s bill not only gives cable companies and wireless providers free rein to do what they like with your browsing history, shopping habits, your location and other information gleaned from your online activity, but it would also prevent the Federal Communications Commission from ever again establishing similar consumer privacy protections.” — former FCC Chairman Tom Wheeler

Image of the day:

Photographer Charles O’Rear poses with “Bliss” — the default Windows background, and one of the most widely viewed photographs ever.

Study group of the day:

freeCodeCamp Buenos Aires

Happy coding!

– Quincy Larson, teacher at freeCodeCamp

If you got value out of this email, consider supporting our nonprofit.

“A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequila.” — Mitch Ratcliffe

Soon every mistake you’ve ever made online will not only be available to your internet service provider (ISP) — it will be available to any corporation or foreign government who wants to see those mistakes.

Thanks to a decision by Congress, ISPs can sell your entire web browsing history to literally anyone without your permission. The only rules that prevented this are all being repealed, and won’t be reinstated any time soon (it would take an act of congress).

ISPs can also sell any information they want from your online activity and mobile app usage — financial information, medical information, your children’s information, your social security number — even the contents of your emails.

They can even sell your geolocation information. That’s right, ISPs can take your exact physical location from minute to minute and sell it to a third party.

You might be wondering: who benefits from repealing these protections? Other than those four monopoly ISPs that control America’s “last mile” of internet cables and cell towers?

No one. No one else benefits in any way. Our privacy — and our nation’s security — have been diminished, just so a few mega-corporations can make a little extra cash.

In other words, these politicians — who have received millions of dollars in campaign contributions from the ISPs for decades — have sold us out.

How did this happen?

The Congressional Review Act (CRA) was passed in 1996 to allow Congress to overrule regulations created by government agencies.

Prior to 2017, congress had only successfully used the CRA once. But since the new administration took over in January, it’s been successfully used 3 times — for things like overturning pesky environmental regulations.

Senator Jeff Flake — a Republican representing Arizona — led the effort to overturn the FCC’s privacy rules. He was already the most unpopular senator in the US. Now he may become the most unpopular senator in US history.

Senator Flake

Instead of just blaming Flake, though, let’s remember that every single senator who voted in favor of overturning these privacy rules was a Republican. Every single Democrat and Independent senator voted against this CRA resolution. The final vote was 50–48, with two Republicans abstaining.

You would think that the Senate would heavily discuss such the consequences of such an historic decision. Actually, they only spent 10 minutes debating it.

“Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.” — John Perry Barlow

_VPN company [Private Internet Access](https://www.privateinternetaccess.com/" rel="noopener" target="blank" title=") paid $600,000 to run this full-page ad in Sunday’s New York Times — even though they would make a ton of money if these rules were repealed. That’s how bad things have gotten with this CRA — even the VPN companies are campaigning against it.

The CRA resolution also passed in the House of Representatives, where 231 Republicans voted in favor of removing privacy protections against 189 Democrats who voted against it. (Again, not a single non-Republican voted to remove these privacy protections.)

All that’s left is for the Republican president to sign the resolution, which he has said he plans to do.

So what kind of messed-up things can ISPs now legally do with our data?

According to the Electronic Frontier Foundation, there are at least five creepy things the FCC regulations would have made illegal. But thanks to the Senate, ISPs can now continue doing these things as much as they want, and it will probably be years before we can do anything to stop them.

1. Sell your browsing history to basically any corporation or government that wants to buy it
2. Hijack your searches and share them with third parties
3. Monitor all your traffic by injecting their own malware-filled ads into the websites you visit
4. Stuff undetectable, un-deletable tracking cookies into all of your non-encrypted traffic
5. Pre-install software on phones that will monitor all traffic — even HTTPS traffic — before it gets encrypted. AT&T, Sprint, and T-Mobile have already done this with some Android phones.

So how do we have any hope of protecting our privacy now?

According to a study by the Pew Research Center, 91% of adults agree or strongly agree that “consumers have lost control of how personal information is collected and used by companies.”

But we shouldn’t despair. But as the same British Prime Minister who cautioned us to “hope for the best and prepare for the worst” also said:

“Despair is the conclusion of fools.” — Benjamin Disraeli in 1883

Well we are not fools. We’re going to take the actions necessary to secure our family’s privacy against the acts of reckless monopolies and their political puppets.

And we’re going to do this using the most effective tools for securing online communication: encryption and VPNs.

Step 1: enable HTTPS Everywhere

As I mentioned, ISPs can work around HTTPS if they are able to factory-install spyware on your phone’s operating system. As long as you can avoid buying those models of phones, HTTPS will give you a huge amount of additional protection.

HTTPS works by encrypting traffic between destination websites and your device by using the secure TLS protocol.

The problem is that, as of 2017, only about 10% of websites have enabled HTTPS, and even many of those websites haven’t properly configured their systems to disallow insecure non-HTTPS traffic (even though it’s free and easy to do using LetsEncrypt).

This is where the EFF’s HTTPS Everywhere extension comes in handy. It will make these websites default to HTTPS, and will alert you if you try and access a site that isn’t HTTPS. It’s free and you can install it here.

One thing we know for sure — thanks to the recent WikiLeaks release of the CIA’s hacking arsenal — is that encryption still works. As long as you’re using secure forms of encryption that haven’t yet been cracked — and as far as we know, HTTPS’s TLS encryption hasn’t been — your data will remain private.

“The average busy professional in this country wakes up in the morning, goes to work, comes home, takes care of personal and family obligations, and then goes to sleep, unaware that he or she likely committed several federal crimes that day.” — Harvey Silverglate

By the way, if you haven’t already, I strongly recommend you read my article on how to encrypt your entire life in less than an hour.

But even with HTTPS enabled, ISPs will still know — thanks to their role in actually connecting you to websites themselves — what websites you’re visiting, even if they don’t know what you’re doing there.

And just knowing where you’re going — the “metadata” of your web activity — gives ISPs a lot of information they can sell.

For example, someone visiting Cars.com may be in the market for a new car, and someone visiting BabyCenter.com may be pregnant.

That’s where using a VPN comes in.

How VPNs can protect you

VPN stands for Virtual Private Network.

• Virtual because you’re not creating a new physical connection with your destination — your data is just traveling through existing wires between you and your destination.
• Private because it encrypts your activity before sending it, then decrypts it at the destination.

People have traditionally used VPNs as a way to get around websites that are blocked in their country (for example, Medium is blocked in Malaysia) or to watch movies that aren’t available in certain countries. But VPNs are extremely useful for privacy, too.

There are several types of VPN options, with varying degrees of convenience and security.

Experts estimate that as many as 90% of VPNs are “hopelessly insecure” and this changes from time to time. So even if you use the tools I recommend here, I recommend you take the time to do your homework.

Browser-based VPNs

Most VPNs are services that cost money. But the first VPN option I’m going to tell you about is convenient and completely free.

Opera is a popular web browser that comes with some excellent privacy features, like a free built-in VPN and a free ad blocker (and as you may know, ads can spy on you).

If you just want a secure way to browse the web without ISPs being able to easily snoop on you and sell your data, Opera is a great start. Let’s install and configure it real quick. This takes less than 5 minutes.

Before you get started, note that this will only anonymize the things you do within the Opera browser. Also, I’m obligated to point out that even though Opera’s parent company is European, it was recently purchased by a consortium of Chinese tech companies, and there is a non-zero risk that it could be compromised by the Chinese government.

Having said that, here’s how to browse securely with Opera:

Step #1: Download the Opera browser

Step #2: Turn on its ad blocker

Step #3: Turn on its VPN

Step #4: Install HTTPS Everywhere

When you’re done, Opera should look like this:

Presto — you can now browse the web with reasonable confidence that your ISPs — or really anyone else —don’t know who you are or what you’re doing.

You can even set your VPN to a different country. Here, I’ve set mine to Singapore so websites will think I’m in Singapore. To test this out, I visited ipleak.net and they did indeed think I was in Singapore.

Since the internet is complex, and data passes through hundreds of providers through a system of peering and trading traffic, US-based ISPs shouldn’t be able to monitor my traffic when it emerges from Singapore.

If you want to take things next level, you can try Tor, which is extremely private, and extremely hard to de-anonymize (though it can be done, as depicted in the TV show Mr. Robot — though it would require incredible resources).

Tor’s a bit more work to set up and use, and is slower than using a VPN. If you want to learn more, I have a getting-started guide for Tor here.

VPN Services

The most common way people get VPNs is through a monthly service. There are a ton of these. Ultimately, you must trust the company running the VPN, because there’s no way to know what they’re doing with your data.

As I said, some VPNs are improperly configured, and may leak personally identifying data.

Before you buy a VPN, read up on how it compares to others here. Once you buy a VPN, the best way to double check that it’s working properly is to visit ipleak.net while using the VPN.

Even though most users of VPNs are companies with remote employees, the NSA will still put you on a list if you purchased a VPN. So I recommend using something anonymous to do so, like a pre-loaded Visa card. (By the way, Bitcoin is not anonymous.)

There are dozens of VPN services, and there’s no clear “winner.” I use Private Internet Access which costs about $40 per year and runs on my family’s computers and phones.

I also asked people on Twitter which VPNs they were using and got a variety of answers:

Routers with built-in VPNs

You can purchase a VPN-enabled router. Note that these aren’t specifically designed to protect you from snooping by your ISP. Instead, they’re designed so that companies’ satellite offices can share the same network as their headquarter offices. I haven’t used one before, so I can’t testify to their efficacy.

If you happen to have a second residence in a county outside the US, you can just tunnel through that home’s network. Otherwise, you’ll need to configure your router to work with one of the VPN services I mentioned earlier.

Some routers are designed to work with VPNs at higher speeds than others. If you want to use a VPN at the router level, and your internet connection is less than 100 mps, this router will probably suffice. Otherwise, you’ll need to pay a bit more for a router like this one.

If you don’t trust the router companies, you can modify a router using Tomato USB. It’s an alternative open source Linux-based router firmware that’s compatible with some off-the-shelf routers.

Privacy is hard. But it’s worth it.

Privacy is a fundamental human right, and has been declared so by the United Nations.

Still, many people believe we live in a “post-privacy” era. For example, Mark Zuckerberg claims privacy isn’t that important any more. But look at his actions. He paid $30 million to buy the 4 houses adjacent to his Palo Alto home so he could have more privacy.

Other people are just too jaded and shell-shocked by all the data breaches around us to believe that privacy is still worth the fight.

But most people who say they don’t care about their own privacy anymore just haven’t really given it much thought.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden

Last week’s US Senate vote is just the latest in a series of events that show how we can’t trust governments to act in the interest of consumers when it comes to their privacy.

We need stronger privacy protections enshrined in the law.

In the meantime, we’ll just have to look out for ourselves, and educate other people to do the same.

I encourage you to read computer security expert Bruce Schneier’s book “Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World.” I learned a ton from it, and am listening to it a second time.

Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World
_Edit description_amzn.to

Thanks for reading, and for taking privacy seriously.

If you liked this, please share it on social media.

I had the chance to attend a coding bootcamp is Las Palmas de Gran Canaria last month.

If you’re not familiar with the concept, a bootcamp is an intensive session focused on learning new technologies — in this case GraphQL and Apollo in the context of Meteor apps. Oh, and did I mention this one was taking place on a beautiful island off the coast of Morocco?

I was attending the bootcamp as a mentor of sorts, so I got there a few days in advance. One day, as new attendees were starting to arrive, I ran into a student I hadn’t met before. Since it was almost noon, I naturally invited him and his family (he was accompanied by his two children) to join me and my wife for lunch.

Hard at work leaning Apollo and GraphQL

Now I didn’t realize it at the time, but in that brief instant, I had already made a lot of assumptions about my new friend. Since he was attending a coding bootcamp, he was probably a fellow programmer with a fairly stable situation. And since he spoke Spanish and had two young children with him, I assumed he must be a local developer stuck on baby-sitting duty while attending the camp.

But these assumptions were quickly shattered once Marwan started telling me his story.

Marwan’s Story

Marwan Ghabin was indeed a programmer. And in fact, a fairly successful one at that, having previously owned his own company in Libya. But I soon learned that the war had changed all that: because of the conflict, Marwan had lost not only his company, but also his home, and even close friends and family.

He was now living as a refugee in Spain with his two kids on a temporary visa, studying for his PhD while working odd jobs to pay the bills. But now, his visa was running out and he had nowhere left to go. Maciej, the bootcamp’s organizer, had invited him to attend for free while he figured out his next step.

Making It Real

We hear about the global refugee crisis all the time, but up to that point it had always seemed distant and abstract to me, something that I had a hard time relating to. After all, the stereotypical refugee had nothing, while I had a job, a bank account, a family…

Yet meeting Marwan made me realize that all these things I take for granted can be taken away overnight. And that maybe the ground we stand on isn’t always as solid as we think…

From left to right: me, Marwan, Xavier, and Maciej

How You Can Help

Now, I feel bad reducing Marwan to his refugee status. After all, he hasn’t let his misfortunes define him, so it feels unfair for me to put so much focus on this single aspect of his life.

But the reason I’m writing about this today is that time is running out for Marwan and his kids. His visa is going to expire soon, and after that he’ll either have to go back to Libya and face torture or even death or end up stuck in limbo in a refugee camp like so many others. Or he can try his luck as an undocumented immigrant, denying his children a chance at a stable life and education.

The good news is that there may be a way out: if Marwan can find a one-year contract as a programmer in Spain or elsewhere in Europe, he might be able to stay.

And maybe you can do something about it. Maciej has set up a website where you can learn more about Marwan and find out how to help:

helpmarwan.org

I know this might seem like a drop in the bucket compared to the millions of displaced families worldwide. But at least writing this post and spreading Marwan’s story is something concrete I can do for someone who really needs help. And maybe that’s a start.