Talk back: Why should we have more restrictions on "harmful" speech on social media?

Dear all,

This is a different sort of blog post.

Rather than me writing yet another essay to you, I want to open the floor to you. I want you to answer something for me. It's like the subreddit "Change My View."

This is aimed specifically at my liberal and progressive friends who are very upset at the social media giants for letting things get so out of hand. See how much of the following applies to you:

You have become increasingly aware of how awful the harassment of women and minorities by the far right has become. You are really, sincerely worried that they have elected Trump, who isn't just a crass clown (many people agree with that) but basically a proto-fascist. You are convinced that Trump must have gotten elected because of the growing popularity of right-wing extremists. They engage in hate speech. Not only is this why Trump was elected, it's why people are constantly at each other's throats today, and why there has been domestic terrorism and mass murder by the right. Therefore, all mature, intelligent observers seem to agree that we need to rein in online hate speech and harmful speech.

I've heard all of this a lot, because I've sought it out in an attempt to understand it—because it freaks me out. Here's the thing: I think it's mostly bullshit. Yes, people (of all political stripes) have gotten nastier, maybe. I didn't vote for Trump and I dislike him. But beyond that, I think the entire line above isn't just annoyingly wrong, it's downright scary. This is largely because I have always greatly valued free speech and this above-summarized mindset has put free speech (and hence other basic liberal democratic/small-r republican values) at risk.

But I'm not going to elaborate my view further now; I mention it only to explain why I want your view first. I'll save an elaboration of my view in a response to you. What I hope you'll do, if you agree with the bold bit above, is to explain your sincere, considered position. Do your best to persuade me. Then, sometime in the next week or two, I'll do my best to persuade you, incorporating all the main points in your replies (assuming I get enough replies).

So please answer: Why should we more aggressively prevent harmful or hate speech, or ban people who engage in such speech, on social media? The "why" is the thing I'm interested in. Don't answer the question, please, if you don't agree with the premise of the question.

Here are some sub-questions you might cover:

  1. Did you used to care more about free speech? What has changed your mind about the relative importance of it?
  2. Do you agree with the claim, "Hate speech is not free speech"? Why?
  3. Exactly where did my "Free Speech Credo" go wrong?
  4. If all you want to say is that "free speech" only restricts government action, and that you don't think corporate actions can constitute censorship, but please also explain any thoughts you have about why it is so important
  5. If you're American and you want Uncle Sam to restrict hate speech, why do you think the law can and should be changed now, after allowing it for so many years? (Surely you don't think Americans are more racist than they were 50 years ago.)
  6. Does it bother you that "hate speech" is very vague and that its application seems to have grown over the years?
  7. If hate speech on the big social media sites bothers you enough to want to get rid of it, what's your stance toward blogs and forums where racists (or people who want to call racists) congregate?
  8. Where should it end, generally speaking? Would you want the National Review banned? Don't just say, "Don't be ridiculous." If that's ridiculous, then where do you draw the line between, for example, banning Paul Joseph Watson from Facebook and using government power to take down a conservative opinion journal?
  9. By the way, do you think it's possible for conservatives and libertarians to be decent people? Honest? Intelligent? Do you think they are all racists? Do you think that articulating all or many conservative or libertarian positions is essentially racist or harmful speech?

Basically, if enough people answer these questions (one or all), I think that'll give me an idea of how your mind actually works as you think this stuff through. This will enable me to craft the most interesting response to you. I want to understand your actual views fully—i.e., not (necessarily) some academic theory, but your real, on-the-ground, down-to-earth views that results in your political stance.


Version history for "Declaration of Digital Independence"

1.02 (2019-06-10) At the end of the preamble, expand "But it has become abundantly clear more recently that a callous, secretive, controlling, and exploitative spirit guides the centralized networks of the Internet" by appending "and the corporations behind them." This is to clarify the meaning of "they" in the enumeration of abuses. This is also why in the next paragraph we add, to "To show what train of abuses we have suffered", the clause "at the hands of these giant corporations".

1.01 (2019-06-09) In "Principles of Decentralized Social Networks" 4, append to "Just as no one has the right to eavesdrop on private conversations in homes" the clause "without extraordinarily good reasons".

1.0 (2019-06-09) First posted version.


Social Media Strike!

This content is password protected. To view it please enter your password below:



FAQ about the project to decentralize social media

This content is password protected. To view it please enter your password below:



Declaration of Digital Independence

This content is password protected. To view it please enter your password below:



The Antivitist Trend in the West

Recent events have suggested that there is a trend afoot in the West: that life is overrated and that death is not so bad. Call it, for lack of a better term, antivitism (from Latin vita, life).

I'm not saying there's a "death cult." But there is evidence of a rather odd trend that seems to celebrates death or at least that greatly undervalues life. By the end of this post I'll have a fuller account of the attitude in hand. This attitude may be seen most often among certain young but world-weary activists. I don't mean just the young and activist, but one less often sees this view among older people, with healthy children, and the politically apathetic.

"All right, what are you on about, Sanger?" you ask.

Well, I'll tell you.

First let's consider euthanasia. Now, don't get me wrong; I'm not saying that euthanasia advocates are a "death cult." Insofar as euthanasia is strictly an end-of-life "palliative care" decision and it is passive euthanasia (i.e., the doctor doesn't actually flip the switch), this doesn't seem to valorize death or devalue life. It is euthanasia for depression—especially active euthanasia, and even more especially for the young—that would essentially encourage the most fragile among us to give up, to stop living, and to entertain the strange fantasy that dying is OK. Death is preferable, such people say, pretending that they are being sensitive (because all their views are driven by a desire to be sensitive) because it is merciful. Never mind that we're talking about killing; it's sensitive killing, and if you aren't on board, you just don't understand. The suggestion is that life couldn't improve, so killing yourself (even if you're quite young) can be preferable—if that's what you decide.

The appalling recent case of Noa Pothoven is illustrative. Noa, a 17-year-old victim of repeated sexual assault, killed herself slowly, by not eating or drinking, while her parents and doctors stood by idly. That this was allowed to happen might be written off as a weird Dutch excess. But while people around the world were wringing their hands about the horror, another surprisingly large or at least loud group of people, also quite international, complained bitterly that people were calling this "euthanasia," as if this label particularly mattered. This semantic dispute went proxy for the real issue: should minors be allowed to kill themselves just because they're depressed? The answer should be obvious, but for that strange coterie of "antivitists," death was a sad, tragic, but very welcome blessing for Noa. Her parents and doctors did, the antivitists affirm, just what they should have done: stand by idly while she killed herself.

Only a failure to properly value life and its possibilities, and by comparison to positively value death, could lead one to such a position.

So now perhaps you have an idea of what I mean. Some might immediately want to add abortion to the list of antivitist positions. I'm not so sure. Perhaps it isn't fair to call all abortion advocates "antivitists." The pro-life (or anti-abortion) argument here is that a newly-gestating life in the womb is a human life, though not a sentient one, and all human life has a right to live, and snuffing that life out is murder. The killing of a fetus for the convenience of the mother strikes some with great horror.

My view on this, which I don't hold to very strongly, is that abortion in the first few months is easier to dismiss because the fetus cannot even feel pain. However that might be, abortion after viability is very problematic for me, and for most people. After that point, you must twist yourself in logical knots if you wish the deny the obvious fact that there is a baby that with as much ease could be born into the world as killed (though at much greater expense afterward, if allowed to live). Such "late-term" or "third trimester" abortions shows considerable contempt for that little life, particularly when the mother's life is not at risk. Late-term abortions make up a very small percentage, just 1.3%, of all abortions in the U.S.; but if they should be considered murder, that would still be 35 murders per day in the U.S.

However that might be, I certainly think favoring genuine infanticide can qualify you as an antivitist. Even in this case there are exceptions: there are certain cases of babies born brain dead, who will never be sentient or who will never know anything but pain. Killing them is more uncontroversially a mercy when—though it is horribly tragic—there is nothing worth calling a human life that could have been preserved. Peter Singer highlights these sorts of cases. But on my view, obviously, not all birth defects qualify, and certainly the convenience of the mother does not qualify.

But has anyone maintained that outright infanticide of healthy infants, just because the mother doesn't want a baby, is acceptable? Well, it's 2019, so I suspect you won't be surprised when I tell you the answer is yes. It's not just campus dudebros who apparently think so. If you want to do a more serious search for answers to this question that don't take the form of Republicans trash-talking Democrats for favoring late-term abortion, don't call it "infanticide." Call it "neonaticide"; the Chicago Tribune reported that "a conservative estimate puts the incidence of neonaticide in the U.S. at 150 to 300 annually." It so happens that this crime was defended by two freshly-minted Ph.D. ethicists back in 2012; their term for it was the chillingly clinical-sounding "after-birth abortion," maintaining that newborns should be permitted to be killed if their mothers don't want them.

Fortunately, the view never really caught on—unless you wanted to count the aforementioned people who support the killing of viable babies who were extracted from the uterus in order to be killed (i.e., they would survive if they weren't killed). There would seem to be quite a few of such people, though such people disagree with the "infanticide" epithet.

Clearly, it seems to matter what you call the killing of babies.

Now, I am aware that I keep using a formulation that must sound uncharitable and paradoxical, if not absurd: that some positively prefer, celebrate, or valorize...death. Is that just rhetorical excess on my part? Maybe. But it certainly isn't excess in the case of the very best example of antivitists: antinatalists. As the Collins Dictionary has it, antinatalism is "a philosophical position that opposes human procreation, holding it to be morally wrong." They really do dislike life, or at least new life. They think that to be born is to be harmed. Look at how philosopher David Benatar's book title has it: Better Never to Have Been: The Harm of Coming Into Existence.

As interesting as this might be, I'm not going to discuss it in great depth, partly because it isn't really a massive movement and partly because I don't feel like debunking easily-debunked philosophical nonsense. The point is that there really is a small minority of people—mostly young and sad people (on Reddit, 80% are under 26 and 59% depressed or suicidal)—who take the position that life is simply a bad thing, and that death would be better, or as Benatar puts it, it would be better never to have been born. These people must really dislike It's a Wonderful Life (one of my very favorite movies). In it, the angel Clarence disabuses the hapless George of his belief that it would be better if he had never been born.

https://www.youtube.com/watch?v=bOXxKxwjogM

Along these lines, I would be remiss not to mention those who do not want to procreate; I refer to the childfree movement. Their Reddit group is much larger than the antinatalist one, though they are philosophically largely in alignment. In fairness, most of these people simply want society (especially their own parents) to stop bothering them with expectations to procreate. Of course they're not necessarily antivitists, let alone part of a "death cult."

But a sizeable number of people in the movement do believe it is positively wrong to procreate; and they take this seriously, going so far as to declare quite unashamedly that they hate children. This is the populist side of antinatalism. I imagine most people already know that this isn't some wild-eyed scare-mongering; The New Yorker saw fit to give a platform to the view (quoting Benatar, again, among others). These more passionate childfree antinatalists have dismissive epithets for those who do choose to have children: "breeders." These people value their own lives, presumably, if they aren't among the many miserable antinatalists, but not so much the lives of children, i.e., of new people on the face of the earth. Obviously, people who are angered by the addition of new human beings need not valorize death; but it seems fair to say that they do not place a premium on life per se, beyond their own lives and perhaps those of people who are already here (as long as they aren't children, I guess; one can only wonder at what age they stop being abhorrent).

So there are some views that strike me as being, prima facie, "antivitist" views.

Here's a problem for my view. People who favor extreme abortion rights, euthanasia rights, antinatalism, and the childfree lifestyle tend to be on the left or libertarian—and the left and libertarians alike are generally opposed to capital punishment. So a challenge to me would go, "Hey Sanger, you said these people favor death. [Well, maybe in the case of some post-viability abortion advocates and antinatalists.] If they were some kind of 'death cult,' wouldn't they be in favor of capital punishment? But they hate capital punishment! So there! These people care about quality of life, of course!"

I can't disagree. This suggests, then, that there is something more subtle at work than that they simply "celebrate death or greatly undervalue life." Clearly, we need to draw a distinction. It isn't a desire for death per se, I think, that characterizes antivitism; it is one's own death, or that of those one is responsible for, or would be responsible if one did not oppose creating new life. That seems more reasonable, if still rather deranged.

Also, let me concede something before I'm accused of a really gross error. Of course, you wouldn't have to accept a general principle that human life is not terribly valuable in itself, or that death or never having been born is preferable to life, in order to accept most of the above views. I mean, logic may be chopped in various ways, and I don't wish to imply that people are part of anything remotely resembling a "death cult" simply because they embrace one of the views described above. Of course that would be wrong.

So what am I saying?

In frank discussions of these topics, one does frequently comes across deeply pessimistic remarks: life is hell; the terminally depressed can't change; death would be a blessing; it would be better never to have been; new lives are little more than bloodsucking parasites; people who create new life are mere contemptible "breeders." All of these are, I maintain, undercurrents of ultra-sophisticated, world-weary nihilism that pop up in discussions of late-term abortion rights, euthanasia rights, antinatalism, and the childfree lifestyle. It seems that some wish to impose their own hatred of their own lives on the rest of the world, and that this manifests in support for the positions mentioned. That strikes me as coming from a profoundly misanthropic place.

Another pessimistic modern sentiment, not discussed above, falls under the same umbrella: our lives are meaningless and absurd; there's no escape from the nausea that our radical freedom in a postmodern world. This isn't so much misanthropy as more straightforward pessimism that is part and parcel of the rejection (as "false consciousness") of any religion-based or naturalistic values that might give life meaning.

If there is an antivitist trend, whether rooted in nasty misanthropy or nihilistic pessimism, and if it continues to grow as it has in recent decades, then I suppose the next things to expect would be:

Maybe I'm onto something. I'm not saying this post clinches the matter. But if I'm right, this would tend to explain why various kinds of morbid and deeply depressing entertainment have become so popular in recent decades.


Is letting a 17-year-old die morally equivalent to killing her?

A spate of news articles appeared yesterday, reporting that Dutch 17-year-old mental patient Noa Pothoven was euthanized. This formulation—she was euthanized—caused outrage in certain circles. This is factually incorrect, they say. She was not euthanized. She took her own life.

What are the facts of the case? She was sexually attacked and assaulted three times, beginning at age 11, which led to severe depression and anorexia. She wrote an autobiographical account of her troubles. At age 17, she decided she had had enough. With her parents' acquiescence, she refused food and drink, and last Sunday, she died.

So why do people like Politico correspondent Naomi O'Leary and Reason writer Elizabeth Nolan Brown insist that she was not euthanized? Because Noa's problems, as the latter writer puts it, "did not come to an end with the state permitting a doctor to kill her." She chose to commit suicide, while her parents and doctors stood by and did nothing, respecting her wish to die. That's not euthanasia, O'Leary and Brown say. O'Leary found this to be infuriating "misinformation."

To this, many others respond: of course it's euthanasia. What else do you call it when a doctor stands by and allows a patient to starve herself to death—all the more tragic in this case because the patient is just 17 years old?

The question looks like an unresolvable semantic one. But logic-chopping ethicists come to the rescue with a distinction: Noa was subjected to passive, not active euthanasia. The difference, as the BBC explains, lies in the difference between killing and letting die. Nobody killed Noa (in fact, she asked for help, and was rightly refused); but they did let her die.

If you leave it at that, no one is the wiser, because the real questions, clearly, are: (1) Is there a moral difference between active and passive euthanasia in this case? And: (2) Did Noa's parents and doctors do right or wrong?

Given a case that sounds so outrageous to some, it is easy to glibly declare that there is no difference. But there are plenty of cases in which there certainly seems to be a difference between killing and letting die. Changing the case makes this rather clearer. Suppose a 50-year-old man like me is severely depressed and wants to die. Is there a difference between you shooting him through the head, and his doing the same thing while you stand by idly? (Let's assume it's you could easily take the gun away.) Clearly there is. But wherein lies the difference?

There are a couple, actually. First, in the case of active euthanasia, you are taking action. We can ask the question, "Why did you pull the trigger?" We can ask a similar question in the second case, "Why didn't you stop him?" but the questions are actually quite different.

Second, more to the point and more importantly, to permit active euthanasia requires that we adopt policies, moral and legal, that distinguish between murder and euthanasia. But there is no such requirement if we permit only passive euthanasia: here we need only adopt policies to distinguish between suicide and passive euthanasia. (For one thing, it's not passive euthanasia if nobody knows you're committing suicide.)

Active euthanasia is more morally fraught because it resembles murder, and murder is rightly regarded as one of the very worst crimes it is possible to commit. But allowing someone to commit suicide looks very different indeed from murder, because the motives are deeply different. If you stand by while your 50-year-old friend commits suicide, you might very well feel guilty later, and people might well blame you for doing something wrong (or rather, for not doing what you should have done); but nobody can sensibly accuse you of murder.

Ultimately—as is the case with most ethical questions—it is ultimately about the policies, the rules, the principles. Do we want to be a society that approves of people committing suicide? Should that be regarded as a real possibility for people? Should it figure into their calculations as an option, sometimes? And then, if so—do we want to take the morally fraught step of helping people to carry out this dreadful choice?

Let's briefly consider both sides here.

The more conservative approach points to the impact that the choice has on others, that the policy has on society at large, and whether we even have the right to throw away a gift given to us by the divine. No man is an island, and the official approval of suicide causes trauma far beyond that experienced by a person suffering in bodily pain or depression. The trauma is compounded when others participate in carrying out the decision. In the case of Noa, consider the lifelong trauma her dramatic act will have on her parents, family, friends—and now also the broader society in which other 17-year-olds might be tempted to solve their problems this way.

The reason that liberals and libertarians are typically in favor of euthanasia (passive at least, and often active as well) is that this respects the choice of the individual. Whether to go on living is a deeply personal decision, they say. Hence society's rules should permit a negative outcome if that is our choice. If this encourages others (or rather, alerts them to the possibility) to do the same, perhaps that's for the best. Why should people be forced to live if they don't want to? Even if there are some awful consequences, this is the price we pay for freedom.

This is not an easy question, and you're frankly an idiot if you pretend that it is. But there's a complicating factor in Noa's case. She was young, just a few years older than my son. I can't imagine "permitting" him to commit suicide as I stood by. The idea fills me with horror.

The admitted fact is that she lacked a mature mental capacity. Moreover, while I don't really approve of the clinical language, one might say she was ill in addition to being young. Now, typically, as in the case of the 50-year-old, we might credit the person's choice as being mature and considered, and therefore free and worthy of the respect of a person with dignity. Do we owe a mentally ill young person the duty to dignify her choice as also one that is free? I'm not so sure. She was unformed, and she was not thinking straight. Had she been my daughter, I would have had her committed to an asylum that would help her get better. I would not have respected her choice, being one made by an immature and ill person.

I pity Noa's parents and doctors. But I also accuse them of doing something very wrong indeed—by not taking action when they clearly should have.

By the way, it's not lost on me that one might argue that anybody, regardless of age, with severe depression might be thought to be sufficiently impaired that we should not credit his decision to end his life as being free, and hence we should always work against it and instead institutionalize the person. But I'm not making that argument, as it raises further, hard questions. Noa's case strikes me as being rather clearer. The combination of her youth and her mental incapacity mean that her caregivers had absolutely no obligation to credit her choice.


Some thoughts on the new Voice.com project

This evening we finally learned what the #B1June hype was all about: among other things, a new social media system called Voice.com, built by Block.one, the company behind the outrageously well-performing EOS token. (Full disclosure: Everipedia, where I am CIO, is built on EOS and is the recipient of a major investment from Block.one.)

The site isn't operational yet, and I couldn't find an app in Apple's App Store, but you can sign up for the beta on Voice.com and view a very interesting-sounding rundown of features.

In their introduction to the project this evening at a very glitzy gala event at the D.C. Armory in Washington, D.C., CEO Brendan Blumer and CTO Dan Larimer said that there were huge problems with existing social media giants. The small changes Big Social Media is likely to make won't solve the root problem: you are the product. As long as the social media giants make their business the collection and sale of data about you, you will lack control over your data and your user experience.

They also find a serious problem in fake accounts. Certainly I wonder how many accounts upvoting my posts on Twitter correspond to at least one person, and some responses one sees there sound mindless and robotic enough to have come from bots.

The fact that Block.one has got that much right makes me optimistic about what will be eventually released.

The coming features they advertise:

  • Voices.com will confirm that every user is a real person. I pressed Block.one engineers for information on how this would work, but they remained mum.
  • The Voice network features a new token, the Voice token (I think it's officially rendered as $VOICE). The only way to create the token is when others upvote your content. There will be no ICO or airdrop. And you can't purchase Voice tokens. That's kind of neat. No word on whether you can cash in your Voice in dollars or EOS somehow. A fair bit is rather vague at this point, to be honest.
  • If you have a message you want to get out, you can spend Voice tokens that you have legitimately earned to boost it, even to the top of a queue (not sure which queue). If others agree that your post is important and upvote it, you can get your Voice back and then some. That's kind of neat.

To my mind, there are as many questions raised as answered here. Anyway, I had two thoughts I wanted to pass on to Block.one and to the Internet void.

First, getting "one person, one account" correct and operational is very important and very hard, and I'll be watching closely to see if they've done it. As I explain in a requirements paper I'm at work on, there are at least four requirements of such a system:

  1. That a person with some essential uniquely identifying information (such as, perhaps, a name, a birthplace, and an email address) actually exists.
  2. That the person thus uniquely identified is actually the owner of a certain account on the network (and thus bears that name, has that birthplace, and owns that email address).
  3. That the person is not in control of some other account. (This is particularly difficult, but it is required if it is one person, one account.)
  4. That the person remains in control (and has not passed on or lost control of the account).

This, or something like it, I want to propose as the gold standard of online identity. I take an interest in this because we need to verify that Everipedia accounts are "one person, one vote" (OPOV) accounts for purposes of voting on encyclopedia articles.

Let's see how many of these requirements the new EOS identity protocol can satisfy.

Second, since Everipedia is built on EOS, I very much hope Voice.com ends up being fully decentralized. The first requirement of a fully decentralized system is to use open, common standards and protocols needed to publish, share, and give all users control over their own social media experience, regardless of which app they use. But I heard nothing about open, common social media standards this evening, and while the Block.one engineers I spoke to this evening did say they were considering adopting some such standards, it didn't sound like that would be part of the upcoming launch. I could be surprised, of course.

Another requirement is that posts from outside of the network should be readable (if a user so desires) inside Voice.com feeds. Otherwise, each social media ecosystem is its own silo—and not decentralized. I'm not sure if Voice.com is working on this.

Actually letting users export their Voice.com data very easily (i.e., with RSS-like feeds) so that their friends outside of the new social network can view their posts on other networks is another crucial requirement the new project will have to tackle, if they want me 100% on board.

Finally, lots of fine-grained control over how the user's feed works will all by itself go a long way to convincing me that a company is serious about letting users take back control. No word yet on whether this is in the works for Voice.com, although I did see a nod in that direction.

I would encourage Block.one to consider adding these features so that I can get behind them in the upcoming push for a Declaration of Digital Independence (about a month away), accompanied by a social media boycott and, eventually, mass alternative social media try-outs.

One last thing. I would like to know whether Voice.com will have an end-to-end encrypted messaging system. This isn't easy for anyone to build, but if you want to go head-to-head with the big boys and demonstrate commitment to privacy, it's a very good idea. Maybe Sense Chat can help, since they're moving to EOS. I am thinking more about the importance of this, being already very convinced of the importance of privacy; in fact, I'm increasingly hardcore about it. (I'll be very curious to read Voice.com's new privacy and community policies. Minds.com just updated theirs, y'know.)

But Block.one does seem to be on board; after all, they gave every attendee a hardware security key, something I was going to buy soon anyway. Thanks, guys!


How to write an app (that respects privacy and supports security)

Some difficult-to-meet requirements

  1. Be open source. Don't make users have to trust your black box. I don't want to have to trust you. I don't know you.
  2. Don't just release your in-house source code. Develop in public; practice outreach to OSS developers to loop in others; make distributed code reviews a standard practice.
  3. Be fully open source. Don't depend on proprietary vendors or use APIs that, for example, make sensitive user data open to systematic collection.
  4. If you must keep some of your server-side code private (it could happen), then hire a third party to do public, independent audits of security and user privacy issues. I don't want to take your word for it. The more often an audit is performed, the better.
  5. Don't use a business model based on selling or datamining user data. Prefer subscription, non-targeted ad, and other non-intrusive models. Maybe tokenize. Prove to your users that this is your business model, and go on the record loud and clear that it is.
  6. Have a clearly-worded privacy policy that (as much as possible) lacks vague language and is highly specific about exactly how user data is used. Make many clear positive assertions about what you do and don't do with user data, in various categories that users might worry about. Include a non-legalese gloss of both the main document and the latest updates.
  7. If you have a cloud app with any data that some users might reasonably want to be kept private (which is almost all cloud apps), store the data using zero-knowledge encryption or other similarly secure tech whenever possible.
  8. When private user data needs to be processed, do it client-side, not server-side, so that you don't need to see the data.
  9. Use strong, standard, end-to-end encryption for all user-to-user communication features.
  10. Obviously, follow best modern practices when it comes to user authentication. E.g., save hashes of user passwords.
  11. If you must make it easier for users to log in by using social media/OAuth logins, then at least give users the clear and prominent option of using their own password for your site. (I strongly advise users to use their own passwords, tracked with a modern, secure password manager. Social media logins are a backdoor for corporate surveillance.)
  12. Conspicuously distinguish between public and private data. Of course, sometimes users don't care about privacy; they want the widest possible exposure for a public post or profile. Just make it really, really clear what information is exposed to whom, and especially whenever anything is not 100% private (and kept that way through encryption).
  13. Support various kinds of two-factor authentication.
  14. Don't keep unnecessary logs of user/visitor data. Never use feckin' Google Analytics!
  15. Make it hard for governments to get user information out of you. The best way to respond to government information requests when you run a private service is with, "We do not have access to that information. It is never sent to or recorded on our servers, or if it is, it is done so in an encrypted format."
  16. Make your mailing lists and notifications opt-in, for the love of all that is holy.
  17. Don't force users to use your proprietary mobile app. Some of us like to use browser versions because we the user have more control and transparency about what the hell is going on.
  18. Speaking of transparency, be totally transparent to OSS devs and regular users alike about how your app works and allay any concerns they might have.
  19. Clarify where your management and developers live and where your offices are located. If we can't find out who you are, how can we trust anything you say about yourselves?
  20. All of the above goes double if you live in a country that is associated with hacking or a highly intrusive or totalitarian government, or if you have any other red flags that might make users worried about their privacy or security when using your app.

I've reviewed and installed a lot of software lately and have designed (if not coded) a lot over the years. As a consumer, this is the ideal I'm after. I'm not sure I know of many consumer web apps that satisfy all of these "requirements." But this is what we need if we want to respect privacy and help users with their security.

I might add more to this list as I think of more things. If you have additions you think I should make, please list them below.


Why your company should consider getting a NAS

What's a NAS again?

"NAS" means "network-attached storage," but this buzzphrase has come to mean more than just a backup drive for your local network. It's also, and maybe more importantly, an easy-to-set-up personal cloud server.

You use it for document storage and sync a la Dropbox; to sync your calendar, contacts, notes, and password data; to host a secure, private Telegram- or Slack-style chat; as a code test bed; as a shared media server; even to store pictures and movies, and display or play them a la Netflix; and more. And in recent years, it's become pretty easy for power users to set up. And it all works well. And it's cheap. It's insanely cool.

I've already explained in earlier blog posts how I chose a NAS and why you might want one at home. But why might you want to install one at the office?

My business uses for a NAS on a business trip

Well, a lot of my personal uses are actually business uses. Traveling literally around the world, I am connected to my (I hope) secure and private home server, i.e., a Synology Diskstation 1019+. What apps that run on my server have I used on this trip so far? Glad you asked:

  • calendar, which Everipedia's PR firm and I both update independently
  • file hosting with capabilities for:
    • file sharing (this is how I transferred my latest presentation deck to a conference in South Korea)
    • syncing between the NAS, laptop, and phone (which I used to look at my notes on my phone, when I gave a speech yesterday in Amsterdam; I wrote an updated version of the speech on my laptop and displayed it seamlessly on my phone)
    • backing up (not only is a copy automatically saved to the NAS a la Dropbox, but the NAS itself is backed up hourly to a secure third party site that uses zero-knowledge encryption, so only I can possibly read the files that are saved there)
  • a remote file editing app (like Google Docs; let a colleague see a work in progress)
  • a secure password manager (used constantly) I can sync with from anywhere (even my phone; can you make a new account on your phone and input and save a secure password easily? I can!)
  • secure encrypted chat (with my boys at home)
  • the photo app Moments (to upload pictures, which family can see even while I'm gone)
  • the to do list that displays the same list on my phone and my laptop
  • a movie player (I watched a movie that streamed from home, which my boys ripped for me)
  • a music player (so nice to have such easy access to my entire frickin' digital music collection, not just while at my desktop)

I actually used all of those things myself. And here are the things that I didn't have to use (and for that reason I didn't have to put my privacy and security at risk):

  • Gcal
  • Dropbox
  • Google Docs
  • Slack or Telegram (at least for talking to my boys)
  • Instagram, Google Photos, Dropbox photo sharing, Flickr, iCloud photo sharing, Cluster, etc.
  • my phone and laptop's limited space for random large media files like movies and music; I now use about 15 GB on my phone
  • a cloud-based "to do" app like Apple's, or Asana, or whatever

I dropped all that. I don't have to worry about how they're violating my privacy. I can give a big old middle finger to their ridiculous privacy policies and user agreements and privacy settings. I don't have to think about how their systems can be hacked. (I do have to think about how my own system can be hacked, though!)

What would your startup do with a NAS?

Everipedia (of which I am CIO) doesn't have a NAS yet, if we ever will get one, and I thought, if I'm going to take some time to explain to my fellow execs the advantages and disadvantages of NASes for business, why not turn everybody else on to the idea, too?

Let me talk about startups here because I'm well aware that larger, more established enterprises have serious enterprise solutions to these problems. But until fairly recently, startups and smaller businesses have been stuck more or less with public cloud solutions.

Setting up a NAS would be a bit of pain. I'm not denying it; see the next section for discussion of that issue. So why think it would do any good for your startup? Well, check this out:

  • Shared calendars. Instead of scheduling meetings via Google Calendar and wondering if they're selling the information to your competition, or if your data could be sold by a criminal hacker who cracks the honeypot that is their giant Gcal database, you put your meetings on your own server, on shared calendars.
  • Collaborate on the same documents and host them securely in your own office. Cut the umbilical cord with Google Docs. You can use it to back up Office 365 if you use that. What are they really doing with your proprietary stuff there? Frankly, it makes me feel dirty whenever I have to open up Google Docs or Sheets; but I do, because the rest of the team does. It doesn't have to be that way.
  • A related but distinguishable advantage is that all of your company's documents can be found in one place, under the clearly-defined ownership of company. Sure, there are cloud services that will do the same thing--but not with the same granularity of control, not to mention guarantee of privacy.
  • Conduct your company's internal Slack or Telegram-style discussions just as easily, and more securely, via a chat app that you and your team set up and run. Never worry again whether it's really encrypted. You'll know because it'll be up to you. I can attest that it's just cool to have a Slack-type conversation across the world but using your own privately-owned and -controlled machine.
  • Host your assets. Your company has assets: logos, design documents, videos, etc. Where do they live? If you're a small company, either they're on your design team's individual machines (which is a terrible idea; what if something happens and they're not properly backed up?), or they're in the cloud, or they've already got a NAS installed. You know what's really cool about a private cloud if you're doing design work, video production, etc.? Everyone can sync to the machine via the Internet and the local network. You can plug yourself right into that sucker and transfer ginormous files super-fast. You can even bring a media production NAS along with you on-site if you need to do heavy video editing, collaboratively, on site. (I haven't done this yet myself, but I've read about it.) You can't do that with the public cloud cloud.
  • Host your own ticketing, project management, and bug tracking software. OK, maybe you don't really care if that stuff is in the public cloud. But I care. What if you have real, live corporate secrets lurking in your project management tool?
  • Set up secure, shared Docker containers that you completely own, to make it easy to do testing and to help new developers install their dev environment quickly. Some NASes are built to work with them directly.
  • Maybe your code is so sensitive that you don't even want to put it on Github or Gitlab. (If you're a closed-source shop, it could happen.) You know what NASes can do for you? They can serve as out-of-the-box Git servers. How cool is that?
  • You can securely and easily back up all the data on your NAS, which especially for some businesses is absolutely necessary. Among other things, it can ensure that uncooperative or unresponsive employees who exit the company don't take crucial intellectual property with them irretrievably; management has greater control of what remains in the permanent archive, so long as it was originally put on the NAS.

It's a real live server, so of course you can install lots of other apps for your team and customers. But the above-listed items involve improving your privacy and security by moving from a public to a private cloud.

But what are the advantages, really?

If you've got a tech team with the skills, they could set you up with a traditional (and probably cheaper and faster) server. So what's the big deal?

Sure, maybe ten years ago you could have set up a server and had some of this convenience, but only in recent years have systems like FreeNAS, NextCloud, Synology, and QNAP been absolutely decked out with everything you need to replace all of the above public cloud services. It's not just that it's easy to install your own server, it's what you can do with it so easily now. For the last couple of decades, developers have discovered a bunch of great ideas for how to facilitate cloud-based, collaborative, and cross-platform work online, and especially in the last few years, NAS system developers (both proprietary and open source) have created similar systems for NASes.

The point, then, is that these software solutions are easier to install than ever, pretty cheap, and actually effective.

"Maybe," you say, "but that doesn't answer the real question: why do it yourself? Why not just keep using cloud services until you are a giant enterprise?"

Well, this is a matter of opinion, but I think it's increasingly clear that we simply can't trust the public cloud with either our privacy or our security. Over and over, we hear about how giant corporations are selling our data, spying on us, and letting governments spy on us. This is offensive enough in itself, but this also creates serious security issues.

While my information privacy (and my family's) has become my driving concern, with businesses (especially tech startups), security is the more serious problem. The problem is that security is simply more difficult and more fraught than it was even ten years ago. Think about the proliferation of multiple devices, owned by the employee and not the company; each is an "attack surface." Think of how much important, even business-critical data is spread across cloud services and protected by multiple employees with fairly random, hit-and-miss security habits.

Then consider all the horror stories you've heard about cloud services being hacked. Maybe you mostly trust your various vendors. Maybe you wouldn't care about most of your data being revealed publicly or put in the hands of competitors or criminals. But hacks do happen. They are a common occurrence. And no doubt you have some data that really is sensitive. How about your cap table, salary data, and any crypto keys that are in the hands of the company?

What a NAS does, then, is that it enables you to take responsibility for cloud data services. With a good server, you can satisfy yourself, especially with staff who are really good at security, that you're more secure and private than in a public cloud.

Of course, you do have to think about your own security if you install a company NAS, which is why I mention that it's important that you have good security skills on board. So the natural question is: "Why think that we will be better at security with a private cloud server than various public cloud services would be?"

There are two parts to the answer. First, you can trust yourselves (unless, for some reason, you can't). If you put your data in the cloud, you are forced to trust strangers, both their honesty and their security practices. Second, public cloud services are honeypots for criminal hackers. They're a huge juicy target, and your stuff is there; it's buried among a lot of other stuff, but it's there. Especially if your NAS is properly locked down and obscured in various ways, hackers don't have nearly as great an incentive to attack your machine, because they'll only get your data.

Those are two important differentiators. When you replace public cloud services with your own, if you do your homework, you'll probably end up with a much more secure systems for your business.

Also, did I mention how frickin' cool it is to use and be in charge of your own cloud?

But are there disadvantages?

Sure, there are. There are actually several issues that might stop you. So let's lay it all out there.

First, somebody is going to have to spend a few days buying, installing, and configuring the machine and the apps. You might or might not need to upgrade your Internet connection, modem, and router. Then there will be some ongoing maintenance and support, somebody managing NAS accounts, etc. It's not a deadly amount of work but it isn't trivial even for our little home NAS. Making sure your startup's NAS is locked down and operational definitely a task. It would be something a sysadmin, devops, or networking type would do.

Then there's the security risk involved in a poorly-configured machine, or if your company has bad security protocols (such as, to take a simple example, letting people with lots of permissions in the system use easily-crackable passwords, or letting everyone in the office have access to everything, or doing something crazy like turning off the firewall). I think my Synology NAS is pretty secure, but I'd really want to dot my i's and cross my t's before putting my machine into production for business purposes. Ideally, you'd have somebody with special and in-depth experience with server administration, networking, and information security. Any sufficiently experienced geek should be able to do what needs to be done, with enough time, research, and occasional consultation.

A different sort of disadvantage would occur if you had a slow Internet connection or inadequately beefy machine. You might expect collaborative document editing to work as fast as Google Docs, but if your machine or Internet connection are too wimpy, you'll be disappointed.

There are a few other, perhaps more minor risks:

  • Certain NASes might not have the full set of apps you'll need to have on your phone. I can tell you, however, that Synology has pretty much everything I've needed (so far); QNAP actually has more apps than Synology in its App Center (last time I checked, or so one reliable source reported); and NextCloud has a zillion (open source) apps available.
  • If the power goes out, you're stuck until it comes back on.
  • Someone at the office might get a NAS set up, but if nobody else is able to run it and the NAS person quits, you might be stuck.
  • You'll have to teach and motivate the team to use the NAS; some of them might not care so much about your company's security, and would rather use they're used to.
  • You might (marginally) trust the reliability of the social media giants' software over that of your NAS vendor (or the OSS that makes up the FreeNAS and NextCloud offerings).

There might be other issues; your mileage will vary.


Why not look into it some more?