Leaving Facebook… the process.

I don’t intend (at least in the next year or so) to actually leave Facebook. It’s a nice way of keeping in touch with some people, and a good experimental platform for understanding the ways and wiles of tracking systems.

But there’s been a lot of chatter the last few days about how to leave Facebook, and the [obvious, if you think about it] algorithms used by Facebook for victim customer advertising target retention. Specifically, Facebook starts hitting the notifications hot and heavy, and eventually starts ignoring its own settings in the quest to keep you entertained on the hook.

The process you should follow (at least as of this writing)… 1) Start removing your content. Don’t do it all at once, but my approach is to slowly remove all photo “albums” with the exception of the auto-generated foursome (uploads, timeline, profile, cover).

2) Create an alternate identity email somewhere. Change your Facebook email over to this new account. Don’t use this email for any other purpose.

3) Remove ALL references to your primary email, web, phone, etc. from Facebook. Don’t use any identifier other than the alternate email address.

4) After a month or so, disconnect Facebook from your phone (if you ever gave it the number to start with)… watch as Facebook starts to fill your auxiliary email with notices.

5) On your fated day, sign in to Facebook, do the removal thing – it may take a number of attempts complete with various captchas and pleadings and confirmations and so on.

6) You may now walk away (figuratively speaking) from that alternate email, safe in the knowledge that Facebook can’t bug you any further.




Keeping email private…

Whenever one of the market-anointed tech titans speaks, people start to pay attention to their privacy… or lack thereof. In this instance, the question received regarded email, asking about alternatives to Microsoft & Google offerings, as compared to a Swiss service ProtonMail. Get your beverage(s) ready, this is going to be a long one.

Disclaimer: I am not a lawyer, and I did not sleep in a Holiday Inn Express last night. This discussion is relative to my understanding of United States Laws and court decisions. Your mileage may vary. 

First – how much inconvenience are you willing to suffer to keep your email private? What are you willing to pay?

On the surface, ProtonMail (which prides itself on end-to-end-encryption, and being based in Switzerland) seems like the obvious winner, since there’s a free version. But there are issues here. First is the recently passed CLOUD Act (Clarifying Lawful Overseas Use of Data Act, HR 4943, signed into law March 23, 2018) which allows for bilateral treaty-based exchange of overseas data between signatories. Note there is already such a treaty in existence with Switzerland. Proton’s off-stated “we only store encrypted data” claim is only good to the extent a user is not otherwise compelled to give up a password… or that the encryption is as described. Further, the only interface allowed to Proton is via web browser…

Gmail/Hotmail etc – “free” or “paid” – your email is going to be read by robots, mostly looking for advertising ‘bait’ or to build a better profile… (more on this later). Of course, these offerings win on convenience, and of course “free!”

Finally, there’s “roll-your-own” email. Invest in a server, configure your own email, have your own custom address pool, make your own filters and blocks, set auto-replies, run email lists… in simple terms, do everything the big boys can, but in your own way. All the mission-critical email for me has run on my own email server for more than twenty years. I use Gmail as a convenience, and am forced to use Outlook by various clients.

Now – let’s look at the legal implications on privacy, for the three offerings above. In the US, email privacy is governed by two major acts: the aforementioned CLOUD Act, and the ECPA (Electronic Communications Privacy Act, 1986). Most email communications falls under the [ancient] ECPA guidelines (assuming it is stored in the US).

The ECPA defines five types of communication for email. Three of those types require a warrant for access; two require a subpoena. Subpoenas are routinely issued by lawyers in the name of the court; penalties may be assessed for non-compliance. Warrants are issued by a judge, have stringent requirements for issuance, and are usually enforced by police agencies.

The ‘warrant required’ types of communications are: email in transit, email stored on a home computer, and email in remote storage, unopened, stored for 180 days or less.

The subpoena required types of communications are: email in remote storage, opened, and email in remote storage, unopened, stored for more than 180 days.

I run a combination server – it is IMAP when I’m away from home, and POP3 when I’m home. In simple terms – during a work day outside the house, or while travelling, I’m running the server in much the same mode as one does with any web-based system. The email is available via remote access (remote storage in ECPA terms). When I’m home, I have a POP3 client which downloads the email to a home computer, and erases that mail from the server.

In this mode, my critical email is always in the warrant-required states per the ECPA. Warrants are issued under standards more than 200 years old – it must be based on probable cause, describe the place or person to be searched, and for what evidence the search is being requested; all under oath or affirmation to a judge or magistrate. I feel reasonably secure.

Hope this helps the decision matrix.

ps – Gmail’s robots really kick in after about 200 emails are in the account. Want to baffle the builder? Set Gmail to operate in POP3 mode (delete after download) and watch the fun. (Running NoScript and disabling the Google Stats scripts also screws up the profile builder).


In praise of PagePlus X9

PagePlus X9 turns out to have sufficient functionality in layout design to replace InDesign CS3. (See the prior post “Migration” for why I have to change).

PagePlus is a product of Serif, a long-time competitor to Adobe. The Plus line of software is no longer in active development but licenses are still available – PagePlus is $25 from Serif directly, or a bit less in DVD form on Amazon.

Down the road a bit, the company expects to have a more full-featured layout package (Affinity Publisher)… but it’s been pushed back several times. I think the main development effort is in their Photoshop replacement software.

As to PagePlus, so far it’s worked fine for the four-to-eight page layouts I routinely need; shortly I’ll test it on a longer project.


[…tap… tap… is this thing on??]

It’s time to abandon the Adobe-sphere before it abandons me. In October 2017 Adobe decided to kill off the last vestiges of perpetual (non-subscription) licensing for Lightroom… and change the name to “Lightroom Classic.” And making things worse, somewhere in November a routine update broke functionality on my venerable InDesign CS3.

Historically, renaming software to “classic” has been the indicator of abandonment of same, and I expect that’s what Adobe has in mind, as the all-new-shiny Lightroom CC is all cloud-based and mobile and “fun” and made into lightweight eye-candy for the iPhone set.

Now of course I could go with the flow and pay the tribute, which for Lightroom/Photoshop is $10/month, but InDesign isn’t included and that would add another $20/month. Not happening, at least not with me.

I restored CS3 functionality by configuring a Windows 7 Virtual Machine and just installing the bare-bones stuff I need, but that’s a short-term patch, not a long-haul answer. So I’m now evaluating other publishing packages.

Lightroom is the big problem; I’ve been with the package since its first release and thus have a solid ten years’ work in creating a workflow, geotagging and keywording the 25,000+ photos in the master catalog. Right now, there’s nothing quite like LR out there, although there are promises.

Having played with some of the alternative RAW converter/editors, I’m waiting for the ON1 crowd to include digital asset management in their product. Hopefully that comes along soon.



Death of a tablet

It feels like an old friend is gone. The Wacom Intuous 3 pen tablet, model  PTZ-431W, vintage December 2006, has died.

I had thought it was essentially indestructible. I’ve spilled iced tea on it twice, coffee once; each time took it apart and gently cleaned the circuit board, and back to work it went. I’m on the fourth (and probably last, since I can’t find another to order) pen… the side switches wear out.

I use the pen tablet in preference to the mouse, which feels clumsy by comparison (albeit not as awkward as the touchpad on notebooks). I’m quite happy with pressure- and tilt-sensitive controls, and direct proportional mapping.

The replacement has new features, knows touch gestures, has edge lighting, even a wireless option (must remember to periodically charge the battery and not lose the fiddly bits) which generally won’t get used…

Serial number 7AZM14858, I salute you. Come to think of it, I’ll raise a pen to you.

Fixing Chrome

When it comes to web browsers, I prefer Chrome (general purpose), Firefox (when I’m exploring new areas – it’s better protected), and Internet Exploder… well, if you must.

I use Chrome for instance write now, updating the blog.

But for the past several days, Chrome has been acting up. Every time I’d launch it all the desktop icons would blink, go blank, then recreate themselves. It only happened launching Chrome, and nothing else has changed.

A bit of searching showed others were beset with the same problem… and the answers ranged from the Microsoft garbage of “re-install Windows” (emphatically NO!), to clearing the icon cache, to restarting Windows, to just accepting it and waiting for a fix, to checking an obscure item in the chrome://flags list.

Hmm… now we’re getting somewhere.

The pseudo-URL chrome://flags exists to control various experimental ‘features’ in Chrome. One especially buggy item is Chrome’s “profile manager” which showed up on the most recent release. Profile Mangler attempts to keep track of who is using the browser… useful in a shared-machine environment but not something I care about. If you have it enabled it will show up on the top bar of Chrome, just to the left of the control group, with the current user’s name in a small box.

If you’re having the issue, you have two choices. The first (safest) choice is to live with the bug and wait for Chrome v41 to appear. They’ve found the bug, repaired it and merged it into 41.

The second choice: open another instance of Chrome. Browse to the pseudo-URL chrome://flags. Find the key “Enable new profile management system” and set it to “Disabled”. Also find “Enable the new avatar menu” and set that to “Disabled.”

Restart Chrome and the problem will go away.

…and make a note that you did this so you can go and reverse it back when the new version comes in a few weeks.

On changing displays

One evening a few weeks ago I was busily working away on the computer and without any warning at all, there  was a sharp buzzing sound, a soft “pop” – and a blank display. I spent a good twenty seconds in the first portions of the “utility power is out let’s start shutting down the non-essentials” routine before it hit me: only the display had gone out.

As usual, the timing was impeccable. December 24th, the sales were over, ok, hook up the [garbage but it works] monitor from the server and start seeing what’s in stock where and for what price. Before long the choice is down to just a handful of items… and by 2:15 that afternoon the order is placed and the waiting game begins.

The display which died was a Dell 2407FPW – in service in July of 2006, so I got about 8 1/2 years out of it. In the summer of 2006 it was considered a high-end monitor; one of the few LCD displays with color accuracy comparable to the monster (27-inch Eizo) CRTs I’d been using. The Dell was a “pivot” monitor – which can operate in landscape (widescreen) or turn to portrait orientation (very useful for page layout work).

The video card on this box is a FirePro v5700 – nice mid-range workstation graphics, can output to DVI or Display Port with adapters for just about everything.

The choice boiled down to… Dell U2413 or Asus PA249Q.

Both are 24-inch 1920×1200 IPS 10-bit LED-lit displays. Prices are within a few dollars of each other. Reviews… the major sites are a draw; minor differences noted between the displays – mostly concentrated on preset “movie” modes – but the user reviews tell a different tale.

December 29 came and UPS brought the monitor right up to the door, and after getting it out of all the packing materials, and reading the calibration report, and re-routing the cables and getting the soundbar attached… it works!

And all is good, and now I’m running with a 30-bit color pipeline (with three programs only but this is for another post), calibrations are good, I can see clearly now…

I chose the Dell.