Know Your Rights

Posted on 26th May 2011

The changes required as part of the EU Privacy and Electronic Communications Directive, which I discussed last week, come into effect today (26th May 2011). The Information Commissioner's Office (ICO) released a press release on their website stating that "Organisations and businesses that run websites aimed at UK consumers are being given 12 months to 'get their houses in order'." However, this statement only serves to confuse the issue more. Does this mean that individuals are not covered by the law (the directive implies they are) or does it mean that the leniency given to businesses does not apply to individuals, and thus the full weight of the law and fines will be imposed immediately. The press release also seems to imply that the new law only applies to businesses providing ecommerce websites, so does that mean other businesses and organisations are exempt?

Or, does it mean that those implementing the law and writing press releases are so eager to get something out, they have forgotten that their peace offering to (some?) businesses still leaves a gaping hole in their policy of adhering to the original directive.

And it gets worse. Reading an article on eWeek, George Thompson, information security director at KPMG, is quoted as saying "The new law inadvertently makes the collection of consent - yet another set of sensitive, customer data - compulsory. Companies need to tighten up their data management policies and make absolutely sure that every new data composition is covered." Which leads me to believe that you can now be fined if you don't ask the user to accept cookies, and can be fined if you don't record details of those who said they don't want cookies! Then I assume you can then be fined again if that data isn't securely stored away to adhere to the Data Protection Act.

Did no-one really sit down and think of the implications of all this?

The Register reports that only 2 countries within the EU have notified the Commision that all the rulings have been passed into law, with the other Member States possibly facing infringement proceedings. With such a weight of resistence, wouldn't it be more wise to review the directive properly so all Member States understand and agree to all the implications?

It's not all doom and gloom though. Another article by Brian Clifton on Measuring Success, looks at Google Analytics, and concludes that "Google Analytics uses 1st party cookies to anonymously and in aggregate report on visits to your website. This is very much at the opposite end of the spectrum to who this law is targeting. For Google Analytics users, complying with the ToS (and not using the other techniques described above), there is no great issue here - you already respect your visitors privacy...!" (also read Brian's car counting analogy in comment 3, as well as other comments). In fact Google's own site about Google Analytics supports Brian's conclusion too.

The BBC have posted on their BBC Internet Blog, explaining how they are going to be changing to comply with the law. To begin with they have updated their list of cookies used across all their services. Interestingly they list Google Analytics as 3rd-party cookies, even though they are not, but I think that comes from the misunderstanding many of us had about GA cookies.

Although the ICO website has tried to lead by example, with a form at the top of their pages requesting you accept cookies, this doesn't suit all websites. This method of capturing consent works fine for those generating dynamic websites from self controlled applications, such as ICO's own ASP.NET application, but what about static websites? What about off-the-shelf packages that haven't any support for this sort of requirement?

On the other side of the coin, the ICO themselves have discovered that a cookie used to maintain session state is required by their own application. Providing these are anonymous, the directive would seem to imply that these cookies are exempt, as being "strictly necessary" for the runing of the site. Then again, if they did contain identifying data, but the application wouldn't work without it, is that still "strictly necessary"? A first step for most website owners will be to audit their use of cookies, as the BBC have done, but I wonder how many will view them all as strictly necessary?

It generally means this is going to be an ongoing headache for quite sometime, with ever more questions than answers. As some have noted, it is going to take a legal test case before we truly know what is and isn't acceptable. Here's hoping it goes before a judge well versed with how the internet works, and that common sense prevails.

File Under: internet / law / life / website

Behind The Mask

Posted on 23rd August 2009

Last week it was noted that Why The Lucky Stiff had disappeared from the internet. There have been several thoughts regarding his disappearance, and some very strong reactions too. It strikes as very odd that rather than concern for someone, several have resorted to anger and made matters worse by now digging deeper into his personal life.

While I don't know _why, and I'm not part of the Ruby community, I have been aware of him and even read his Poignant Guide some time ago. He came across as a very creative and interesting character and I'm sure he was a credit to the Ruby community. He appears to have written alot of interesting code and been very good at promoting Ruby, both online and at conferences. So to me it seems strange to read some the "investigation" work going to try and understand why he has disappeared.

Some have suggested something serious has happened, and perhaps he had implemented a Dead Man's Switch, while others have summised that with having his birth name "outed" publicly recently, he just felt the intrusion into his personal life was too much. Whatever has happened I think it's sad that there seems to be lots of negative reaction to the situation. Of all the comments and articles I've read, only John Resig's Eulogy to _why seems to be in anyway a thought provoking hope that all is well the person.

Several people believe that he has taken it as a personal insult that someone has decided to research his birth name, and then publish it publicly. Whether this is true or not, I don't know, but it did make me think about how people treat those of us with an unusual online identity, that we happen to use in person too. One person struck as rather insensitive, as he acknowledged that after discovering something about _why's personal life, _why had asked him to keep it private. With the current wave of discussion, that person saw fit to announce it to the world, so they could show a bit of one-up-manship.

In all the time I've known of him, I've only ever known _why by his pen name, and like many others have never felt the need to know his birth name. In the Perl community there are three prominent characters to use an unusual identity both online and in person. chromatic, Abigail and myself. While I've been told the birth names of chromatic and Abigail, I've long since forgotten them as to me their pen names are who they what to be identified as. For myself, I've never gone to great lengths to hide my name, but my pen name is how I prefer to be known. My birth name is for my family (although even some of them refer to me as Barbie) and the tax man.

Once I sent a mail from a work account that included my birth name, to a friend in the Perl community. I received a reply asking if I could send from my personal account in future, as seeing my birth name had confused the hell out of the recipient and took a little while to suddenly realise it was me :) Another friend on discovering my birth name by way of a slip up online, felt the need to alert me, so that i could hide it. It seems some people actually quite like me having an unusual identity.

My pen name actually came about back in 1983, long before I ever got to use the internet, and was extremely useful when I was a Roadie. People remember an unusual name, and I know for a fact that I got asked to crew several gigs because tour managers and the like remembered me by name. I'd like to think it was also that I did a good job too, but that first impression of being introduced as Barbie was rarely forgotten. In all that time I was a roadie (1984-2005), no-one ever really put any effort to discovering my birth name. Some asked, but many more have been more interested in how I got to be named Barbie. Occasionally I've explained that it is my birth name and that my parents were rather eccentric. Amusingly some have even believed that.

However, Barbie is very much my public identity, and that's something that I'd rather keep. It has some very positive benefits for me, as it has helped me to get several jobs, and has often been a good introduction for some. My private life is not something I write about a lot, mostly because it's private. I talk about Dan, Ethne and Nicole from time to time as they are part of who I am, though others guard even that part of their life very carefully. In _why's case, this was something that he didn't seem to want to promote, at least not in the context of his _why persona. Respecting someone's privacy should be an obvious thing for any human to understand, though sadly there are some that feel that no-one has a right to a private life.

Does discovering someone's birth name really make any difference to how you see that person? The only reason I can see for anyone making something like that public, against the wishes of the individual, is to begin a character assassination. As I see it, _why may well have therefore taken steps to ensure that if people cannot respect his privacy, then why should he respect what they think about all he has given them. To some it is a tantrum, to me is purely about having had enough with the world that the persona of Why The Luck Stiff touched, and wanting to walk away completely and utterly, leaving no trace that it ever existed.

As I say at the beginning, I don't know the reasons for the disappearance, but I do hope that the person behind the persona is okay.

File Under: internet / life / people / web

Open Your Eyes

Posted on 3rd March 2009

Thanks to a twitter post by Simon Phipps this morning, I read with interest a blog post by Patrick Finch, entitled Mozilla and Cybermentors. Mozilla are getting actively involved with the UK charity BeatBullying and their CyberMentors programme.

It's unlikely that anyone growing up hasn't suffered some form of bullying. It comes in all shapes and forms, and while for some of it may be minor or only last a short time, for some it can have devasating effects. A colleague recently took his own life, because the traumatic and abuse he suffered through primary and secondary school, even over ten years later, was still something that affected his life and personality, and was something he felt he could no longer cope with. I personally was first bullied by my 3rd year junior teacher. Yes you read that right a teacher, and I was just 9. It isn't just children that can be cruel and spiteful, adults can too. While I would dearly love to name the teacher in question, I have no proof beyond my word, and even now feel powerless to do anything about it, much as I did back then. Many children who suffer from bullying feel exactly the same way. Even if they told, who would listen and who would even believe them?

As Patrick points out in his post, many young people are growing up never knowing how we used to keep in contact with our friends, without using the internet or mobile phones. We play out so much of our lives online, that it shouldn't be a surprise that a recent Harvard University task force concluded that one of the biggest risks to children on the internet, isn't from sexual predators, but from bullies. The difference between the school yard bulling and cyber-bullying, is that the former is pretty much contain within a small sphere and often there are adults and peers who can deal with it and stop it. On the internet anyone can hide behind their relative anonymity and victimise just about anyone they choose. As it isn't within school grounds, teachers are often unable or ill-equiped to deal with it.

As such, the Cybermentors aims to be a way for youngsters experiencing bullying online to tell someone about it. Mozilla are offering to support 10 members of the Mozilla community to be trained as Cybermentors, who can then spend at least 2 hours a week for 4 months, helping children to cope and deal with any bullying issues. All credit to Mozilla for supporting this, and hopefully other companies will also be willing to help fund training for individuals to act as mentors.

A few years ago the GetSafeOnline campaign was initiated to help make parents and youngsters aware of the potential dangers on the internet. Identifying ways to protect themselves from viruses, phishing scams and spam, as well as unwanted websites, chatrooms and the like. While this programme is different in that it's targeting a very specific danger, it is still all about keeping the internet safe for everyone. I personally value efforts such as this, rather than the sometimes heavy-handed and misguided attempts by governments and self-appointed puritans of the internet to protect children from percieved threats.

I really hope BeatBullying and the Cybermentors programme gets a lot of internet and media exposure, as the more children are aware of it, the more chance they have of coping with it and not suffering mental anguish for the whole of their (possibly short) adult life. If you're a member of the Mozilla community, and think you can spare the time, please read Patrick's blog post and get in touch with him.

File Under: internet / life / school / security / web

Back On Line

Posted on 16th February 2009

After the last few weeks of trying to access Twitter from the command line, I set about writing something that I could expand to micro-blog to any social networking site that supports many of the Twitter API type commands. At the moment it only works with Twitter and, but my plan is to look at creating plugins, or more likely to allow others to create plugins, that can enable the tool to interact with other micro-blogging sites.

After trying to think of a decent name, I finally settled on Maisha. It's a Swahili word meaning "life". You can grab the code from CPAN as App-Maisha.

Currently you'll need to use the standard Perl install toolset to install the application, but ultimately I'd like to have something that you can install just about anywhere without having to go through all the headache of installing dependencies. I'll have a go at doing an .rpm and a .deb package release, and will also try using PAR. It would be nice to have this as a standalone application that just about anyone can use, but for now CPAN will have to do.

My next immediate step is to look at writing something that interfaces to Facebook without requiring a developer key or any such nonsense. It will probably have to involve a bit of screen scraping, unless there is some more official API, but as yet I haven't found it. Everything regards Facebook applications seems to centre around the developer application that can do all sorts of dubious things, but mine is purely for the user to control from their desktop, not a 3rd party website/server. Thus giving them a developer API key assigned to me is wholly inappropriate. It would be nice if they had a restricted User API, which allows you to update your status and look at your friends' statuses, but I think I'll be in the minority wanting it.

File Under: community / internet / opensource / perl / technology

You Know My Name

Posted on 9th February 2009

Having mentioned twitter in a recent post, I thought I would mention a project I decided to look at recently. The original project, twittershell, is not my own, but it appeared to be the closest to what I was after, a command line interface to Twitter, with the bonus of it being written in Perl. As a consequence of the latter, I was able to hack on the code and submit a patch to do a lot of what I wanted. I currently run the patched version, and it runs rather nicely for me. However, there is something missing.

Twitter is no longer the only micro-logging service and as such I've also signed up to With the APIs being pretty much the same, it should theorectically be simple to plugin an interface to twittershell. Except it isn't. Unfortunately twittershell is written with only the Twitter API in mind. To intergrate and other micro-blogging services, it requires a rewrite. So that's where I'm currently at. The original twittershell project hasn't been touched in over a year, so I'm hoping the orignial author won't be offended by me forking the code to a new project.

However, what do I call the new project? I would rather it not be something that identifies itself with any specific blogging service, as I would like it to have a broader appeal, that encourages others to add plugins should a new service come along. I realise this project will likely have limited appeal, as iPhone and GUI apps seem the in thing, but I want something that I can run via ssh/screen on my home box and not have to worry about watching some app running on the desktop.

One idea I had was to call it 'Mazungumzo' (Swahili for talk or conversation ... an idea stolen from Joomla!), then I thought of 'Maisha' (Swahili for life). I did look up some Welsh words, but doubt anyone would be able to pronounce them ;) I also thought of 'Rambler', but that might have too many connections to someone who goes walking across hill and dale of a weekend. So any good ideas for projects names?

File Under: internet / perl / technology

Page 2 >>

Some Rights Reserved Unless otherwise expressly stated, all original material of whatever nature created by Barbie and included in the Memories Of A Roadie website and any related pages, including the website's archives, is licensed under a Creative Commons by Attribution Non-Commercial License. If you wish to use material for commercial puposes, please contact me for further assistance regarding commercial licensing.