Privacy Banner Requirements

I’m writing product requirements for the privacy banner in a new web site. The site carries no advertising and does nothing ugly in terms of privacy. It doesn’t even use Google Analytics. On top of this, the banner is pro forma – users don’t care. This should be a five minute project.

I googled around for how sites are supposed to act on clicks in a privacy banner and didn’t find a standard reference for ultra simple cases like this. The best I found is this well-informed but way overpowered guide. I guess each developer needs to go deep and figure it out themself. That’s silly. So, for the sake of sharing with developers looking for the same thing in the future, here is what I have so far.

The formatting is messy because WordPress isn’t the right tool for this. If you see flaws apart from that, let me know and I’ll incorporate them.

1. There must exist a privacy policy. The privacy policy must inform the user that:

a. The site uses analytics to perform tracking within the site.

b. The site uses cookies for session management.

c. They can delete their account in the profile page, once they are signed in.

d. It is not possible to use pages which require authentication if they do not accept cookies.

2. There must exist a terms of service which new users must accept. The terms of service must state that the site cannot be used without cookies.

3. A user must be able to delete their account. There must be a feature to do this on the profile page. Deletion must remove all trace of the user.

4. All pages which require a user to be authenticated should check to see whether the user has previously opted in or out of cookies, and show a cookie warning if not.

5. The cookie warning should be unobtrusive. It should not impair usability for users who see it but choose to ignore it.

6. The cookie warning should:

a. State that the site uses cookies

b. Link to the privacy policy

c. Offer an option to accept cookies

d. Offer an option to reject cookies

7. If the user rejects the cookie warning, cookies should be cleared and links within the page should have a parameter attached to say that there should be no tracking. On loading any view with that parameter in the URL, these same steps should be followed: cookies should be cleared and links within the page should have the parameter appended. However, these rules will not apply to any page which requires authentication, such as a user dashboard.

8. If the user accepts the cookie warning, the cookie banner should be cleared and a cookie should be set to not ask again.

Police Unions

Police unions are not ordinary ones. Ordinary unions have to fear beatings by the police. Police unions not so much.

And police unions are an important part of brutality.

They prevent disciplining officers for brutality. They influence elections to elect pro-brutality politicians, including the 2020 election. When citizens protest police brutality, they beat protesters.

Unions can be regulated. Police unions are a breakable link in the chain of police brutality.

Police unions should be forbidden to defend members against discipline. They should be forbidden to endorse candidates or organize politically.

The problem is policing

It is not possible for the police to not be brutal, capricious, and destructive.

They are a political force chartered through politics. Their paychecks go to ensuring their paychecks. They are accountable only to politicians, and their success is measured in elections. Police killings and brutality are growing because of successful alliances.

Anti-Black politics works for many candidates. White voters go to the polls for brutality. White fear gets officials elected.

The problem is not overpolicing, it is policing itself. Recent years have seen an explosion of protest against police brutality and repression. Among activists, journalists and politicians, the conversation about how to respond and improve policing has focused on accountability, diversity, training, and community relations. Unfortunately, these reforms will not produce results, either alone or in combination. The core of the problem must be addressed: the nature of modern policing itself.

The corruption of the police is deep and broad. It is on the order of corruption in the former Soviet Union. I can’t imagine successful reforms.

I wonder whether any municipality can seal itself off from the consensus form of policing in order to develop a new one that is not toxic. Could my city, Oakland, or my state, California? Would it have to happen at the national level?

Idea: client-side Oauth

You know how you can log into Github through Google, that is, into one web site by cross-authentication with another? That’s OAuth.

OAuth is a web thing. It lets you log in on a site for which you lack a password by asking a third party site to vouch for you.

What if you could do the same for client-side apps, ones which run on your own machine, never popping out to the cloud?

This idea came to me just now when the Chrome browser asked me to sign in to Goodreads, even though I am already signed in on Firefox. What Chrome could do is bounce me over to Firefox for an OAuth-like interaction.

This could also be super valuable as an API between password managers and desktop apps which require a password, like Slack. You sign into your password manager, and from then on a sign-in to another app can bump you to your password manager.

I’m sure it’s possible. I imagine a light variant or modest extension of OAuth would do the job.

Gas Alien Locomotion

The Black Cloud is a science fiction novel by British astrophysicist Fred Hoyle. Published in 1957, the book details the arrival of an enormous cloud of gas that enters the solar system and appears about to destroy most of the life on Earth by blocking the Sun’s radiation. “

In the charles cockell Youtube Could aliens be made of gas?, his main question is how aliens living as clouds could evolve. A commenter asked “How do you suppose an intelligent cloud remains as an individual? How would it have the equivalent of a skin or membrane to contain its entity?” and I replied “It could be a hive entity consisting of organisms small and light enough to float, sized on the order of dust. ” This post is to elaborate.

I envision alien organisms that are not clouds themselves but rather particles floating in the atmosphere among the clouds. An individual organism would be sized on the order of a spec of dust, light enough to remain airborne its entire life.

Left to its own devices the organism would have no means of navigation. It would simply move randomly. However, when it encountered another particle of the same organism it would attach to it. Over time these clumps would grow like coral reefs.

The attached organisms would amount to a hive. The skin or membrane at their surface would be the outward-facing sides of hive members on the outside of the clump. When the clump was too large to stay afloat it would shed members.

The hive could evolve in the same way as ants or bees, via a single queen-progenitor. From time to time the hive would birth and expel a new queen.

A new baby would be born within the hive and would spend most of its life there.

Rival hives would compete for food, and when they met by accident might have violent conflict.

Although a single organism would have no way to steer its flight, the hive might be able to use its shape to influence direction. It might be able to smell food, then reshape itself to glide towards the food.

A lifeform like this could already exist on Venus.

Planetary scientist David Grinspoon, astrobiology curator at the Denver Museum of Nature and Science, points out that high in the Venusian atmosphere temperatures are refreshingly tolerable. Atmospheric sulfur dioxide and carbon monoxide might serve as food for floating microbes.
NASA’s Pioneer Venus Orbiter took this false color image of Venus’ clouds during its mission circling the cloudy world from 1979 into 1992. Some scientists have speculated that the planet’s clouds might be a cozy habitat for microbial life.

Slow Herd Immunity

The great thing about those idiotic spring breakers in Florida is not watching Darwin tidy up the gene pool, it is herd immunity. The not-so-great thing is killing the rest of us.

A reopening strategy focused on herd immunity doesn’t have to be in opposition to flattening the curve. By flattening the curve we enable herd immunity to build up at a rate which is slow by steady.

The question is what the rate is. How long will it take to develop herd immunity while maintaining social distancing?

This is a particularly important question because of political stasis. The federal government will remain broken for at least the next 12 months. No action is the most likely action. Herd immunity developing gradually out of the status quo is reasonably likely.

Update April 17: the percentage of formerly-infected, now immune, people in Santa Clara CA, which was one of the first places C19 appeared, is 2.81%. Per TPM:

If this number is close to accurate it suggests that even in a relative hotspot the population is all but untouched by the disease and thus remains almost entirely vulnerable.

The good news is that this data is very early. Also a lot depends on how much social distancing has been going on, and in this part of California the social distancing has been fairly aggressive.

The simplest approach that could possibly work (in the short term)

Everybody should wear masks pretty much all the time, for the duration of the coronavirus pandemic. This is by far the most important thing.

The virus is respiratory. It has to be transported out of one person’s respiratory system and into another person’s respiratory system. The keys are breath and spit on side, mouth, nose, and lungs on the other. The mantra is respiration.

There are endless pathways for the virus. But almost all travel outbound from the mouth and nose and arrive into the mouth and nose. We cannot block all the other paths at sufficient depth and at a global scale. But we can block off the mouths and noses.

Masks are not perfect, of course. Of course. I’m not unaware and I’m not ignoring this. But masks do make a big difference.

Take this article:

It’s advocating against masks in a way that seems authoritative but is really fear, uncertainty, and doubt. Be afraid of FUD. You can never be sure about FUD. I’m skeptical about the value of FUD.

Maybe masks won’t work, but maybe they will. We have lots to gain and little to lose.

Virologists don’t seem to think masks will protect people from airborne viruses, mostly because there’s no evidence to prove they’re effective. William Schaffner, a professor in the division of infectious diseases at Vanderbilt University Medical Center, told NPR, “There really are no good, solid, reliable data.”

Science is good, but it’s absence is not a good argument to abandon common sense. Spit is the vector. Masks stop 90+% of spit from traveling.

Masks are often ill-fitting or too loose over the face, offer no real filter and leave eyes exposed. Since most viruses are airborne, this offers little protection. It

Entering via the eyes presents a long and difficult pathway to the respiratory system. Nose and mouth are where the air comes in.

“Ill-fitting or too loose” is half-assed science, suitable for half-ass science in response: virus particles aren’t determined secret agents trying to worm their way in. When stuff is in the way they get stuck like anything else. If some make it past, that probably doesn’t negate the benefit of stopping the rest. Perfection is the enemy of the good. Good is good.

It’s also fairly impractical to wear a mask for prolonged periods of time, so any potential benefits may be negated by the difficulty of use.

Let’s make masks that we can wear more. Let’s work on our habits. This is an approachable problem which we can tackle from the ground up.

While masks may offer an additional line of defense against certain illnesses, most experts agree the best way to prevent infection is good, old-fashioned handwashing.

Handwashing is a backline in defense in depth. There is spit in the air. It settles on a surface. You touch it. It gets onto your hands. You touch your face. The infection somehow makes its way to your mouth or nose. It goes down the windpipe instead of the esophagus. Ok, yes, this is a valid defense, but its weak as hell. Airborne breath and spit are the main attackers.

While masks may not be effective in protecting against airborne viruses, many experts believe they’re helpful in protecting against hand-to-mouth transmissions. That means they’ll protect against splashes from others’ coughs or sneezes. Masks will also likely reduce the chances of spreading infection from your hands coming in contact with your nose or mouth. According to the BBC, a New South Wales study conducted in 2016 showed that people touched their faces approximately 23 times per hour.

This is precisely my point.

Let’s consider the worst possible masks, a handkerchief tied over the face. The virus is much smaller than the gaps in the surface of the cloth and can easily pass through. Even so, if someone wearing a handkerchief sneezes, most of the liquid and vapor is caught. You can tell because the cloth becomes moist. Some corona escapes, but most stays put. On the receiving end of the sneeze, most of the virus lands on surfaces rather than being inhaled while airborne, and a person who gets corona on their hands can’t pick their nose, thereby inserting the virus into their respiratory system. They can’t put their finger inside their mouth. They can’t touch the skin of their face, and if they do touch their mask then they can put on a new mask more easily than they can wash their face with soap. And even the worst mask will catch some airborne particles.

There is a mask shortage, but that is an easy problem to solve. Very very easy. And in the meantime handkerchiefs are an improvement.

This is a method that can be done on a global scale. It is not feasible to have eight billion people stay home. They have to go out to make a living. Many have no home, or their home is too crowded to be safe. It is not feasible to stop touching our own faces – that is not going to happen.

Jails can do this: every inmate should wear a mask whenever they are awake. Daycares can do it: every kid can wear a mask all day. People on crowded buses can do it.

Just masks masks masks. Masks masks masks. Masks masks masks masks masks masks. Masks.

But is it possible? I don’t want to wear a mask while sitting alone at my desk, in my private workroom with the door closed. As simple as this is, can we do it?

What we can do to get started is sewing and evangelism. Let’s sew masks. Let’s have mask events where every person – including kids – is wearing a mask. Let’s post our cool personalized masks to Instagram.