Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 12:30 pm on August 7, 2018 Permalink | Reply  

    Working to improve discourse online 

    There is a lot of talk about how we can improve discourse online, as well as solve online hate. I first had the opportunity to speak on this at RightsCon in Brussels in 2017, representing Canada.  

    It’s a complicated topic, and no easy or obvious solutions, but the good news is that there are a lot of people researching the topic, and a few of us actively working on solutions. 

    I’ve had my idea for a couple years, and finally hired a group of students at BCIT to build out a first draft of my idea, which I’ve called Debate Pyramid.

    The idea for this project stems from an article written by Paul Graham in 2008 called How to Disagree . A few years later, I saw that someone made that into an image: 

    debate pyramid

    It was based on this image that I realized we could likely select most Tweets, or Facebook comments, that are in a debate, based on one of these levels. Then, over time, you could choose to filter out levels — for example, I’ve chosen to block anyone who has scored over 100 votes of using Ad Hominem or Name-Calling attacks in a debate. I don’t need to use up my mental real estate reading this. 

    I’d love your feedback if you give it a try. It currently works for both Google Chrome and Mozilla Firefox browsers, and you can vote on any comments or tweets on Facebook or Twitter with it.  

    This year while at RightsCon 2018, I met an ally named Shane Greenup who has been working on these issues longer than me.  If you’re interested in this topic, you may also want to try out rbutr which is also a browser plugin. 

    What rbutr does is tell you when the webpage you are viewing has been disputed, rebutted or contradicted elsewhere on the internet. From there, you can easily click to read the rebuttals, which are prioritized in a crowd sourced way. I’m sure he’d love any feedback you have if you give it a try, as he’s genuinely trying to improve online discourse as well. 

    I have a lot of other ideas as well, as simple one would be a option for social media — so if someone posts an old, debunked article which can easily be found on, they would lose “social points” in debatepyramid, and so you could say, “as soon as someone has posted 10 articles debunked on, I don’t want to read their content anymore” as if someone is doing that — that frequently, clearly their research skills are lacking and it would incentivize them to up their game in this area. I should add, the plugin would automatically post the link as a response to their comment, by everyone using the plugin, so it would add that social pressure as well. 

    Thanks for reading. Let me know if you give DebatePyramid or rbutr a try, and what you’d like to see added or changed with either plugin. Also, if you have any other ideas, please share in the comments below for others interested in this topic area.

    • cqwww 3:25 am on June 15, 2018 Permalink | Reply  

      Modern cell phone story (privacy related) 

      As you walk around with your cell phone on, you walk by different cell phone towers, which allow you to make a phone call no matter where you are. Your cell phone is always beaconing out; hey; which tower is closer?

      Whomever responds first, wins.
      Sometimes it’s an IMSI catcher, a hacker, or a government agent, or sometimes it’s a tower owned by your phone company that responds to your cell phone that it’s clear for you to make a call — but they’re all motivated to make sure your cell phone stays with you, and that the GPS stays on, and your unique phone identifies you (MAC address, Bluetooth (LTE), IMSI number, and the same phone number) as that information is worth a lot. They’ve all turned off encryption, it’s virtually non-existent for cell phone networks. This allows them to do man-in-the-middle (MITM) attacks where they just listen in the middle and allow your phone call to carry on. It can be recorded and shared, forever.
      Which tower is your cell phone connected to right now? Is that even a legit cell phone tower you’re connected to right now, or your neighbors briefcase? Who owns that device your cell phone is connected to?

      There is nothing to be trusted about cell phone networks in 2018. The only two tools the public can use are and for secure communication, and they require a data connection. It will take at least a year from now for your cell phone provider to fix this issue, so that you know if you’re connected to them, or your nephew’s PAL receiver. This info is years old, so it’s unlikely to get fixed any time soon. Enjoy the radiation beside your genitals as your cell phone spends its time trying to find something to connect to and share its information with, at least there’s a comfortable warmth.

      IMSi-Catcher (Wikipedia)

      • cqwww 11:55 am on June 11, 2018 Permalink | Reply
        Tags: anti money laundering, anti terrorist financing, security token, utility token   

        New Canadian rules around AML/ATF and offering of tokens 

        It’s a big week for Canadians whom work in cryptocurrency. First, the Department of Finance released an impact analysis statement around the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

        Canada Gazette, Part I, Volume 152, Number 23: Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2018

        Most notably the proposal:

        • Persons and entities that are “dealing in virtual currency” would be financial entities or other entities deemed domestic or foreign MSBs, as the case may be. These “dealing in” activities include virtual currency exchange services and value transfer services. As required of all MSBs, persons and entities dealing in virtual currencies would need to implement a full compliance program and register with FINTRAC. In addition, all reporting entities that receive $10,000 or more in virtual currency (e.g. deposits, any form of payment) would have record-keeping and reporting obligations.

        These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.

        and a couple of days later, the Canadian Securities Administrators sent out a notice on Securities Law Implications for Offerings of Tokens.

        CSA Staff Notice 46-308 Securities Law Implications for Offerings of Tokens [PDF]

        Most notable it provides guidance on when an offering of tokens may or may not involve an offering of securities, and has many examples. They also recommend you work with qualified securities legal counsel as well as the regulatory bodies themselves.

        • cqwww 12:05 pm on May 9, 2018 Permalink | Reply  

          If you insist on having pop-ups on your website, wait until your visitors are hooked 

          We’ve all been to a website where you get a pop-up right away, asking for a conversion, for example to sign up for their newsletter. What website owners don’t usually measure is the negative impacts of such activity — if you’re only measuring the signups, and not the exits, it looks like success. Consider instead the more normal socialized model of marketing, which is to ensure that people are having a good experience before you ask. “jab jab right-hook” as GaryVee would say.
          Even at the end of reading my first article on a given website, if I get a popup, I’m likely to block the website from working in my browser in the future. The first few times someone comes to your website, should be a positive experience, and the website visitor should find what they’re looking for without being interrupted. It’s quite easy, technology wise, to detect when a user is back.
          If it’s my 5th time on your website, you know I’m hooked. At the end of an article and when I’m about to leave, not interrupting my access, would be a good time to facilitate the ask. Even then, I would consider if a popup is the best way to make that ask. If you don’t have the confidence you can attract someone to your website without a pop-up for at least 5 visits and they have a good experience being able to consume your content, consider resolving that first. This blog gets anywhere from 10k-100k hits per day now, more than many local news outlets, and I have no popups, or any experiences that will interrupt you. Build traffic with good content, and throw out an ask once in a while, to your repeat visitors.

          • cqwww 1:07 am on April 17, 2018 Permalink | Reply  

            I’m looking for smart phone recommendations 

            I’m not a fan of planned obsolescence, so I want a phone that will last. I currently have a Nexus 5, which is ~5 years old. Why I still like it: There are a lot of hardened kernels and tools for it due to its popularity; why I don’t like it: battery life and trustability of the Google Play Store (2/10) and general privacy of the Google ecosystem. There is f-droid as a replacement app store for Android, but it has limited options and a different set of issues.

            One of the biggest challenges today is trusting the hardware, and operating systems, in terms of threat model. This is a hard problem, that is not easily solvable. It involves pressure from nation states to backdoor the phones. In Asia, this is more likely a hardware concern, in the United States, the pressure that can come to an operating system vendor with a national security letter under the US PATRIOT Act. In Canada, our trusted Blackberry (RIM) was found to have provided the RCMP the private key for over 6 years.

            As a result, I think we should be looking to support open hardware platforms. This should solve the planned obsolescence issue, and some of the security issues.
            For example, I had the Neo Freerunner from OpenMoko, which was great philosophically but never really practical. For the hobbyist, there’s the PiPhone and ZeroPhone, but they need even more work to be practical.

            There’s the Samsung Z4, although it has hardware and operating system concerns; but the most exciting phone in the near future is the Librem-5 from This phone has hardware toggles to turn off the microphone and camera when not in use, as well as Wifi/Bluetooth, and baseband. Amazing.

            Not as open source, but a balance between ethics and solving planned obsolescence, and DIY, also check out the Fairphone 2.

            So my requirements in order:

            • Privacy & Security-centric
            • Will last longer than most smart phones
            • Ethical hardware
            • Open hardware/Open Software

            I’d love your thoughts on anything I’m missing in the comments.

            • Jason 4:41 am on April 17, 2018 Permalink | Reply

              It’s not available yet, the site says that phones and a ROM will be available in 2018 but have you looked into

          • cqwww 11:00 pm on April 10, 2018 Permalink | Reply  

            New Tech: IPFS 

            IPFS is a distributed, peer-to-peer (p2p) hypermedia protocol.

            It’s not just theoretical, you can use it now. There’s a lot to be said about the benefits. Consider for example you’re downloading an image or a video, the speed at which that transfer happens, depends on that single connection. With p2p, you’re connecting to many nodes, making the process a lot faster. Also note that every file, and ever block in every file gets a cryptographic hash. This not only means that IPFS keeps track of every version of every file, this feature allows allows it to block duplication! So instead of 1000 copies of the same movie in the cloud, as soon as one person uploads the movie, everyone is splitting that same single copy. The other big feature, of every file with every version, is unlike the web we know today, no web pages or files get lost or forgotten! This should make the archivist in all of us squeal with glee.

            Note, this is fully working, but alpha software. Also, this is intermediate level to use, meaning you should be comfortable in a terminal, and know how to untar a tarball. If this last sentence doesn’t make sense to you, IPFS is not for you. Perhaps instead, learn how to use the terminal. For those ready to dive in:

            Are you ready to give it a try? Install it now.

            Not sold yet? Spend some time going through their documentation.

            • cqwww 5:10 pm on April 2, 2018 Permalink | Reply  

              Thinking about where you’re making your DNS requests 

              Yesterday, Cloudflare announced their DNS service. They provide a good primer on DNS, and what solution they are working to resolve. There was a lot of chatter in the infosec community about this, often directed to DNS legend and friend, Dan Kaminsky.

              This was my response to utilizing this service, especially if you’re not an American:

              As I’ve said elsewhere, I won’t be recommending the American company whose main product is SSL/TLS MITMaaS, to my DNS seeking clients.

              A Canadian doing a lookup on to buy cannabis seeds would be breaking US federal law and worthy of a lifetime ban from US soil, as an example of why this is a terrible idea for non-Americans.

              While I appreciate wrapping DNS requests in crypto at the transport layer, as well as third party auditing, I’m holding out for a solution that is not American (bound by the US PATRIOT ACT), and ideally open source and decentralized.

              If you know of any fast, open source, decentralized solutions, let me know!

            • cqwww 6:36 pm on March 30, 2018 Permalink | Reply  

              If you’re in Vancouver, I’ll walk and talk with you for $5/km. 

              After watching the 60 second docs video on the People walker, I shraed the link on Facebook, offering to do the same.

              Within minutes I had my first customer, and I have 4 of them within 24 hours of sharing it. Clearly it’s serving a niche.

              One thing that stands out is a friend of mine commented,

              people are so lonely in vancouver that hey have to pay someone for companionship???!!!

              but it’s worth noting I think, that not only are there lonely people everywhere, but there are lots of other reasons to go for a walk with someone. Here are a few:

              So, if you’re in Vancouver, and want to go for a walk, I’m only $5/km; reach out. I look forward to getting more healthy physically, mentally, and social with you.

              • cqwww 12:33 pm on March 29, 2018 Permalink | Reply  

                Announcing: Black Tie Dinner – Vancouver on April 12th, 2018 

                Summary: Black Tie Dinner on April 12th, 2018  18:00 at the McDonalds on Main Street, one block south of Main Street Station. [Facebook Event]

                History: If you’ve not heard of it, I’ve run three (one, II, and III) Black Tie Dinners in Victoria, and they were all wildly successful, and by wildly successful I mean more than my friends showed up, and a great time was had by all. Seriously though, we usually fill at least 1/2 the restaurant, and most people are complete strangers, many whom have become friends since.


                  • Wear your finest dining attire! (Black tie/tux/suit & formal dresses)
                  •  Bring along your own china and nineteenth century cutlery, as well as a table cloth and formal napkins (fine dining place setting)
                  •  After you order your food, casually grab the next empty table, place your table cloth on it and set the table. Remove your food from it’s packages, and place it on your china plate. Remove all evidence of McDonald’s packaging, so any pictures look like you’re in a fine dining establishment. Close up pics should like a formal restaurant. Wide angle pics should be hilarious.
                  • Bonus: Sit with strangers whom are also dressed their best!
                    from the first black tie dinner at McDonalds on Pandora

                    from the first black tie dinner at McDonalds on Pandora


                The above 8 pictures thanks to Mark McLaughlin from BTD II

                • cqwww 1:02 pm on March 26, 2018 Permalink | Reply  

                  Free alternatives to sign documents 

                  If you have to sign documents once in a while, are trying to save on printing paper, and are looking for a free alternative to DocuSign, here are a few you should check out, and how many documents you can sign per month on their freemium plan:

                  If you’re doing this professionally, DocuSign appears to be the leader, and there are platorm solutions I did not include, such as document signing tools that only work on iOS or Android.

                  • cqwww 8:14 pm on March 14, 2018 Permalink | Reply  

                    Understanding Co-dependence 

                    I’d heard the term codependence many times before, and usually associated it with romantic relationships. A friend of mine mentioned she recently read a book on Facing Codependence from Pia Mellody. I did a youtube search and found a 10 minute video that I find myself recommending a lot the last few weeks. From there I’ve watched a lot of Pia’s longer videos.

                    My big take away was her referring to the word abuse, and the suggestion that in our culture we usually only refer to abuse as violent physical or sexual actions. However the suggestion is that codependence is when you take any actions or behaviours that are intended to condition the other human to behave in a way you want them to behave, as opposed to how they want to behave in order to be the best versions of themselves.

                    This is likely easiest to think of your parents — how many of their actions are conditioning you to be like them and how they want(ed) you to be, vs supporting you in your endeavours, no matter how polarized these desires are from their own beliefs.

                    My challenge to you, is for the next week whenever you interact with another human, consider how much of your behaviour is selfless actions to support them, vs codependent behaviours.

                    • cqwww 11:33 am on March 6, 2018 Permalink | Reply  

                      Phone scammers pretending to be CRA 

                      In Canada, there is a popular phone scam where the caller will pretend to be the Customs and Revenue Agency (CRA — Canada’s version of the IRS). A few things to remember:

                      1. All phone numbers can be spoofed now. Don’t trust the caller ID.
                      2. With tools like lyrebird, you can’t trust the voice on the end of a phone call any longer.
                      3. CRA uses registered mail, not phone or email.

                      The government of Canada set setup a page with the warning signs, and how to protect yourself, which also has a list of numbers you can call if you’re a victim. Also note there is a Canadian do not call list you likely want to get yourself on, as if you’re on this list, you have another organization you can complain to about these harassing calls. If you did receive a call that violated the Unsolicited telemarketing rules, here is the complaint form.

                      compose new post
                      next post/next comment
                      previous post/previous comment
                      show/hide comments
                      go to top
                      go to login
                      show/hide help
                      shift + esc