BC TECH
Saved by @ThomassRichards

Next up in Privacy Technology at #enigma2021, Kelly Huang from @ethyca speaking about "GONE, BUT NOT "FORGOTTEN"—TECHNICAL & PRACTICAL CHALLENGES IN OPERATIONALIZING MODERN PRIVACY

 Just imagine there's a global pandemic forcing everyone to stay home and buy their stuff over the internet. And you've been working on your sanitization-on-demand startup. You've got more users than you can count! ... literally, because your data's all over.
Now you're a multi-national international country with privacy issues because your information is all over the place.

Now a user writes to request you delete their data. Where is it? How do you do that? Who's responsible for privacy in your business.
How do you operationalize privacy rights?

Primary stakeholders:
* Legal
* Business
* Engineering
We spend a lot of time on Twitter analyzing the legal rulings, but it's harder where the "rubber meets the code" 🥁
Three rights:
* access
* rectification
* deletion

Legal's trying to uphold them, but it's a technical question!

Legal wants to decrease risk but don't know software
The business wants to stay in business and make money. They want to be able to use data for things like placing ads and analysis.
It takes a lot of time to handle these requests, too!

They need a streamlined technical solution.
Program management wants to streamline and make things efficient and predictable... but they don't understand the technical limitation
As a software engineer, you've seen technical debt. So much technical debt. All the weight of the decisions that were made in the past, especially if you scaled without a data plan.

Average SMB has data in 10 different systems.
How do we delete?
Some poor software engineer is trying to track down what data is where?
What even *is* PII? There's no real standard.
What should be returned? What should be deleted.

Make a definition and stick to it.
Some of your databases might use email addresses as a primary key, some user IDs, etc.
1. Define PII
2. Find all the PII
3. Use pseudonymization to replace PII with some kind of random value which can't be tied back to the user

[reminder I am livetweeting this is not me speaking]
How do you do this at scale?
Maybe a centralized team who can handle this?
If you're a small company, plan ahead!
Be careful when you're doing sanitization -- some databases really don't like batch processes and you can make things fall over.
Speed
* you have a timeline -- often 30 or 45 days
* but that's not enough time if you haven't planned for streamlined speed

Ideally you won't need it, but have a backup plan, in case something goes wrong with a slow data system
Plan for a solution that grows with your business, not just a hacked-together series of SQL queries, but instead a centralized portal with extensibility as the business changes and technical systems grow.

... and as new privacy laws come into place
Privacy is way, way more than compliance. But compliance needs to happen.

Let's all do our part

[ end of talk ]

More from Lea Kissner

Lea Kissner
Lea Kissner
@LeaKissner
We're kicking off the Privacy Tech session at #enigma2021 with Mitch Negus speaking about "NO DATA, NO PROBLEM—GIVING NUCLEAR INSPECTORS BETTER TOOLS WITHOUT REVEALING STATE

A nuclear catastrophe hasn't occurred... yet. So we need to stay vigilant. Nuclear inspectors go in according to treaties to check what's going on and check compliance with treaty rules.

But as sophisticated analytics become more common, states will only want to share the minimum amount of information necessary under the treaty.

But perhaps we can use MPC -- secure multi-party computation

Yao's garbled circuits were first demonstrated on the millionaire's problem -- figuring out who's richer without revealing actual amounts.

Used for other things like cryptocurrency these days.

Can we use this for nuclear inspection?

MPC can be used to compute anything computed by a computer [but it's expensive!]
TECH
Lea Kissner
Lea Kissner
@LeaKissner
Last up in Privacy Tech for #enigma2021, @xchatty speaking about "IMPLEMENTING DIFFERENTIAL PRIVACY FOR THE 2020

Differential privacy was invented in 2006. Seems like a long time but it's not a long time since a fundamental scientific invention. It took longer than that between the invention of public key cryptography and even the first version of SSL.


But even in 2020, we still can't meet user expectations.
* Data users expect consistent data releases
* Some people call synthetic data "fake data" like
"fake news"
* It's not clear what "quality assurance" and "data exploration" means in a DP framework


We just did the 2020 US census
* required to collect it by the constitution
* but required to maintain privacy by law

But that's hard! What if there were 10 people on the block and all the same sex and age? If you posted something like that, then you would know what everyone's sex and age was on the block.
TECH , TEACH
Advertisement
Lea Kissner
Lea Kissner
@LeaKissner
Next up at #enigma2021, Sanghyun Hong will be speaking about "A SOUND MIND IN A VULNERABLE BODY: PRACTICAL HARDWARE ATTACKS ON DEEP LEARNING"

(Hint: speaker is on the

In recent years ML models have worked from research labs to production, which makes ML security important. Adversarial ML research studies how to mess with ML

For example by messing with the training data (c.f. Tay which became super-racist super-fast) or by foiling ML models by changing inputs in ways humans can't see.


Prior work considers ML models in a standalone, mathematical way
* looks at the robustness in an isolated manner
* doesn't look at the whole ecosystem and how the model is used -- ML models are running in real hardware with real software which has real vulns!


This talk focuses on hardware-level vulnerabilities. This is particularly interesting because these can break cryptographic guarantees (because those are outside of their threat models)
e.g. fault injection attacks, side-channel attacks
SCIENCE
Lea Kissner
Lea Kissner
@LeaKissner
In more Securing Democracy at #enigma2021, @ChrFolini talking about "THE ADVENTUROUS TALE OF ONLINE VOTING IN

Switzerland is a direct democracy where citizens get to vote at least 4x/year, with a lot of mail-in voting. We have a long history of online voting.

Disclaimer: THIS IS NOT SWEDEN.

[I get the picture that @ChrFolini has had to explain the difference several times.]


Process around mail-in ballots.

[tl;dr it's very complicated and wasn't threat-modeled until recently]


But the in-person ballots are complicated, too!


Most security folks don't think that we can't make a secure online voting system.

@ChrFolini says this is because of encryption
[Note: this is not the main reason that a lot of people cite -- we're more worried about things like malware but it's complicated]
WORLD
Lea Kissner
Lea Kissner
@LeaKissner
Last talk about Securing Democracy at #enigma2021: @jackhcable speaking about "THE FULL STACK PROBLEM OF ELECTION

Let's imagine that elections use all the security measures security people have been advocating: risk-limiting audits, paper ballots, etc. Would people trust the elections more?

Jack would argue no. Most people don't understand this stuff and most of the claims people are making can't be disproven. And are massively bogus already.

Georgia did a full recount on paper ballots and it very much didn't stop people from doubting the election!

Are election security results in vain? The point of election security is to convince the loser they lost.

No! Have to focus on the whole stack, from election infrastructure to campaigns to people and mis/dis-informaton


One takeaway from the talk: the parts of the stack must work in tandem. Can't fight misinformation in a vacuum, but must build on other election security measures.
POLITICS

More from Tech

Matt Wallace
Matt Wallace
@MattFnWallace
Hey, who wants to read a story about @Upwork fucking over freelancers in order to upsell their clients on unnecessary services the clients don't want and can't afford? Strap in!

So after my marketing agency closed I started freelancing again. A marketing company that wanted to work with me only hires freelance writers through @Upwork. So I signed up. I wasn't thrilled about it, but that's who they contract with and it's their marketing company.

I've been receiving regular assignments from this company, thru @Upwork, for over a month now. I've written dozens of articles for them. My work has been exemplary. I've been handling repeated rush jobs and delivering. The client was and is very happy. That's coming from them.

While I was wrapping up several assignments this week I was contacted by the marketing company. They asked if I had taken a new full-time job and wasn't available anymore. It seems @Upwork's talent group told them I was no longer available to take assignments.

I was very surprised. Nothing had changed on my end. I still needed the freelance work very much. I told them so. So the marketing company pressed @Upwork and were told there were "compliance" issues that were preventing the marketing company from giving me any more work.
TECH
Patrick McKenzie
Patrick McKenzie
@patio11
Some people really benefit from hearing advice that everyone knows, for the same reason we keep schools open despite every subject in them having been taught before.

In that spirit, here's some quick Things Many People Find Too Obvious To Have Told You Already.

Your idea is not valuable, at all. All value is in the execution. You think you are an exception; you are not. You should not insist on an NDA to talk about it; nobody serious will engage in contract review over an idea, and this will mark you as clueless.

Technologists tend to severely underestimate the difficulty and expense of creating software, especially at companies which do not have fully staffed industry leading engineering teams ("because software is so easy there, amirite guys?")

Charge more. Charge more still. Go on.

The press is a lossy and biased compression of events in the actual world, and is singularly consumed with its own rituals, status games, and incentives. The news necessarily fails to capture almost everything which happened yesterday. What it says is important usually isn't.

Companies find it incredibly hard to reliably staff positions with hard-working generalists who operate autonomously and have high risk tolerances. This is not the modal employee, including at places which are justifiably proud of the skill/diligence/etc of their employees.
TECH
Advertisement
Luca Hammer
Luca Hammer
@luca
Two years ago on a weekend, I built a tool to make it easier to evaluate Twitter accounts. Since then 36590 people used it to analyze 55390 different Twitter accounts.

Over the last months @mmkaradeniz and I made a new version. We launched it last night:

@accountanalysis doesn't use machine learning or AI „magic“. Instead of telling users if an account is authentic or not, it helps them to evaluate the accounts themselves.

It visualizes the different features (date, time, type, app, etc.) of Tweets to make them interpretable. /1

@accountanalysis The core concept is still the same, but it looks much better and is easier to operate. Not only for the users, but us developers as well. Enabling us to continuously roll out new features in the future.

Side-by-side screenshots of the old and new version. /2


@accountanalysis Some people had questions what different charts displayed and how they could be interpreted. There are now explanations for all charts, that can be toggled on and off at any time. /3


@accountanalysis The selected/retrieved Tweet count moved to the top to make it clear that not all Tweets of an account are analyzed. 3200 is the API limit by Twitter. It's possible to get more through the Premium API, but I don't think people would pay $100+ for the analysis of one account. /4
TECH
\U0001f7e2 Ed Guiness
🟢 Ed Guiness
@KiwiCoder
A long time ago I coded up a feature for SocialCoder which converts a link - any link - to a short URL. I use it all the time for sharing links to volunteer profiles and to volunteer opportunity listings.

The feature doesn't care what the link contains, it just hashes the URL, including any query params, and returns a shortened code.

More recently, around Christmas time, I added another feature where I can click a button to send a template notification to a charity that their new listing has been reviewed and published. I call it a next-steps email.

For the past few weeks, its all been working well. Its nice to keep automating things that previously were done by hand.

Fast forward to today.

A new opportunity listing is posted by a charity.

I review and publish it, tweet about it, then click a button to send the charity an emailed notification of next steps.
TECH
Zeke Hausfather
Zeke Hausfather
@hausfath
There has been a lot of discussion about negative emissions technologies (NETs) lately. While we need to be skeptical of assumed planetary-scale engineering and wary of moral hazard, we also need much greater RD&D funding to keep our options open. A quick thread: 1/10

Energy system models love NETs, particularly for very rapid mitigation scenarios like 1.5C (where the alternative is zero global emissions by 2040)! More problematically, they also like tons of NETs in 2C scenarios where NETs are less essential. https://t.co/M3ACyD4cv7 2/10


In model world the math is simple: very rapid mitigation is expensive today, particularly once you get outside the power sector, and technological advancement may make later NETs cheaper than near-term mitigation after a point. 3/10

This is, of course, problematic if the aim is to ensure that particular targets (such as well-below 2C) are met; betting that a "backstop" technology that does not exist today at any meaningful scale will save the day is a hell of a moral hazard. 4/10

Many models go completely overboard with CCS, seeing a future resurgence of coal and a large part of global primary energy occurring with carbon capture. For example, here is what the MESSAGE SSP2-1.9 scenario shows: 5/10
TECH

You May Also Like

Billy Bostickson \U0001f3f4\U0001f441&\U0001f441 \U0001f193
Billy Bostickson 🏴👁&👁 ...
@BillyBostickson
Tip from the Monkey
Pangolins, September 2019 and PLA are the key to this mystery
Stay Tuned!


1. Yang


2. A jacobin capuchin dangling a flagellin pangolin on a javelin while playing a mandolin and strangling a mannequin on a paladin's palanquin, said Saladin
More to come tomorrow!


3. Yigang Tong
https://t.co/CYtqYorhzH
Archived: https://t.co/ncz5ruwE2W


4. YT Interview
Some bats & pangolins carry viruses related with SARS-CoV-2, found in SE Asia and in Yunnan, & the pangolins carrying SARS-CoV-2 related viruses were smuggled from SE Asia, so there is a possibility that SARS-CoV-2 were coming from
ALL
Lu_lu\U0001f498
Lu_lu💘
@luciame16
Some thoughts on episode 53 of #Hercai

Love,that is not real,has no passion. Its fire turns into embers, it doesn’t not smell. The day, the night, the moon&year burn without sun, light, comfort&sleep.
Ömer Hayyam

#Reyyan #Miran #ReyMir #EbruŞahin #AkınAkınözü
#HercaiThoughts


1
PRAISE
The praise in this episode goes foremost to Ebru because she portrayed Reyyan so realistically like a woman who truly lost her unborn child. I was in awe and pain watching her along the episode, all her breakdowns and tears were so real.
#Hercai

2
Of course also Akın took his part and did his part masterfully, but he rightfully was the one who stood aside in this specific episode that needed to be about Reyyan’s pain and thus concentrated on Ebru.
#Hercai

3
And last but not least, if I say thank you to something that B gave us this year, then it’s to have Ali as our director. Also in this episode we saw the artistic eye behind every shot and I loved it.
#Hercai

4
OVERALL COMMENT
I don’t know who wrote ep. 52 but ep. 53 was going strong once more on symbols: roses, stones, fire and trees were incorporated and especially the ReyMir dialogues were written very well. I truly loved every ReyMir scene.
So let's get into it.
#Hercai
CULTURE
Advertisement
Andrew Chen
Andrew Chen
@andrewchen
1/ new essay: What's next for marketplace startups? Reinventing the $10 trillion service economy, that's what. Co-authored with @ljin18 https://t.co/fgKbrHTnH5. A short thread 👇

2/ Marketplace startups have done incredibly well over the first few decades of the internet, reinventing the way we shop for goods, but have been less successful services. It's bc services are complex, subjective, fragmented, and often in real life. Makes it hard

3/ There's been 4 major eras at making the service economy work online. The Listings Era, the unbundled Craiglist era, the Uber for X era, and the Managed Marketplace era


4/ Each era has added more value than the last, and utilized technology innovations, from internet to social / "read/write web" to mobile. The "Unbundling Craigslist" era was particularly epic at generating startup ideas


5/ The problem is, all the low-hanging fruit has been picked off. The techniques that got us to here won't get us to the next phase. So we have to do some pretty different things. That's why "Managed Marketplaces" have been a big deal - hire folks as W-2s, certify quality, etc.
STARTUPS
WORLD OF SANATAN DHARMA
WORLD OF SANATAN DHARM...
@world_sanatan
PETER PADUKAM - THE LEGEND OF MADURAI MEENAKSHI TEMPLE AND A BRITISH COLLECTOR.

A British Collector named Rous Peter was appointed as Collector of Madurai from 1812 to 1828.

Though a Christian by faith, he respected all faiths including Hinduism and also honored local practice


Collector Peter was the temple administrator of the Meenakshi Amman Temple and conducted all his duties with sincerity and honesty and respected the religious sentiments of all people.

Collector Rous Peter respected and treated people of all faiths equally and this noble trait

earned him the popular nickname ‘Peter Pandian'

Goddess Meenakshi Amman Temple was situated between Collector Peter's residence and office.

Everyday he used to go to the office by his horse and while crossing the temple, he got down from his horse, removed the hat and his shoes

and crossed the whole path on his foot.

Through this small gesture he expressed his reverence to the Goddess!

One day there was a heavy downpour in Madurai city and River Vaigai was in spate.

Collector was sleeping in his residence and was suddenly disturbed and woken up by

the sound of anklets and he left his bed to find out from where the sound had came.

He saw a small girl wearing pattuvastrams (silk garments) and precious ornaments and addressing him as 'Peter come this way'.
ALL
Damodar Hegde
Damodar Hegde
@DamodarHegde4
MUST READ TILL END:
FB POST BY MR PRABEER BASU,
IAS-1976(BIHAR)
" Received a hurtful post from an old friend and colleague. He was on my daily Broadcast list of WhatsApp. He requested that I do not send him any of my posts on 'political' issues. I gave him a long explaination
>2

2/29
on why I write and what I write. But he was not convinced.

Being alerted by him thus, I felt I should clarify to all who read my posts on what exactly I think and do.

The charge against me is that I wrongly support our current Prime Minister, Shri Narendra Modi..
>3

3/29
and that it establishes I am not rational and impartial anymore.
Let me try and explain.First and foremost,I do not write on 'political' issues. I write on 'national' issues. For example, I have no opinion on whether Rahul Gandhi should be President of his party or not.
>4

4/29

Similarly, I have no views whether BJP is a better party than Congress or vice versa.
Even after 36 years in the IAS I have no MLA, MP or anyone involved in politics whom I can classify as my friend or even acquaintance.
>5

5/29
So, naturally I don't care which party wins or loses as long as the winning party runs an honest government doing good to my nation.
Now, why I speak in favour of Shri Modi:

1. Ever since the beginning of my service I realised that Planning Commission was not serving..

>6
INDIA