Recent Updates Page 3 Toggle Comment Threads | Keyboard Shortcuts

  • cqwww 5:26 pm on August 22, 2018 Permalink | Reply  

    Slutshaming: A life ruined and a path to sex work 

    I was recently asked to do a talk on privacy & security for the local sex work industry. I asked what they were interested in, and it was mostly centered around doxxing, and how to avoid it. At the end of the talk, I gave out my business cards and suggested people reach out if they have any specific questions. One young woman told me what I feel is a tragic story, and I hope sharing it we can come up with a solution.

    As the story was told to me, this young woman lived in another city in Canada, and was working an office job as an admin assistant. She had an older co-worker who really didn’t like her, and started making unprofessional comments, such as that our victim, let’s call her Jo, couldn’t possibly afford the designer handbag she wore to work. Jo said to her co-worker it was none of her business, but if she must know, her handbags meant a lot to her, and that’s what she choose to save her money up to buy. The harassment continued. One day, the harasser “accidentally” sent an interoffice email with a link to a article which was slut shaming Jo, using pictures from Jo’s instagram (nothing nude, one pic was in a gym working out, I’ve seen the article). But it also made several allegations about Jo, including her full name, and the city in which she lived.

    Jo was furious, and called the police, who allegedly told her there was nothing they could do, as it was a cybercrime. A couple days later, Jo was called into the office, not the harasser, and was let go from her employer. Not sure what to do, she tried to apply for other jobs for over a year, but any web search by future employers would being up this article making allegations as to promiscuous behaviour. After over a year of trying to find a job she felt defeated and moved here to Vancouver, in the process legally changing her name so she could move on. The issue now, was she has no employment history with this new name, and so for over a year couldn’t find work here — and in a desperate state for income, has recently entered into the sex work industry for lack of other options.

    She told this to me with an almost void emotion, stating that it’d taken her 2 years to get over that article which was still there, but she was grateful for me just listening. I told her I would look into it, and see what I could do.

    I’ve provided her three solutions thus far, hopefully helpful for anyone reading this who may have had their life ruined by or another slutshaming website.

    1. File a DMCA complaint:
      I would create a new email address just for this, in case they try to
      shame you with it — but if they did, the lawyers in the next step
      would have even more recourse. I think this is likely your cheapest and
      fastest to try to get started
    2. A followup, or separate option is to reach out to a lawyer like this and ask
      them what they charge to have your article removed:
    3. As this happened in Canada, file a privacy related complaint against
      If it happened in BC:
      If it happened in AB:
      If it happened in other provinces (other than QC):
      The advantage of going down this route, is it could set a
      precedent to get the slutshaming website itself blocked provincially or federally, not just your article removed, so it would fix
      the issue systematically, and for others. The privacy commissioners may also choose to investigate who was responsible for posting it.

    I’m writing this with the hopes that as these paths are tried, one of them will be found successful, or someone who has had success will list it here as a comment for others. The other intention is to raise awareness for anyone interested in going after this website systematically, as having just heard one silent story, it makes me wonder how many other lives have been ruined.

    • cqwww 12:30 pm on August 7, 2018 Permalink | Reply  

      Working to improve discourse online 

      There is a lot of talk about how we can improve discourse online, as well as solve online hate. I first had the opportunity to speak on this at RightsCon in Brussels in 2017, representing Canada.  

      It’s a complicated topic, and no easy or obvious solutions, but the good news is that there are a lot of people researching the topic, and a few of us actively working on solutions. 

      I’ve had my idea for a couple years, and finally hired a group of students at BCIT to build out a first draft of my idea, which I’ve called Debate Pyramid.

      The idea for this project stems from an article written by Paul Graham in 2008 called How to Disagree . A few years later, I saw that someone made that into an image: 

      debate pyramid

      It was based on this image that I realized we could likely select most Tweets, or Facebook comments, that are in a debate, based on one of these levels. Then, over time, you could choose to filter out levels — for example, I’ve chosen to block anyone who has scored over 100 votes of using Ad Hominem or Name-Calling attacks in a debate. I don’t need to use up my mental real estate reading this. 

      I’d love your feedback if you give it a try. It currently works for both Google Chrome and Mozilla Firefox browsers, and you can vote on any comments or tweets on Facebook or Twitter with it.  

      This year while at RightsCon 2018, I met an ally named Shane Greenup who has been working on these issues longer than me.  If you’re interested in this topic, you may also want to try out rbutr which is also a browser plugin. 

      What rbutr does is tell you when the webpage you are viewing has been disputed, rebutted or contradicted elsewhere on the internet. From there, you can easily click to read the rebuttals, which are prioritized in a crowd sourced way. I’m sure he’d love any feedback you have if you give it a try, as he’s genuinely trying to improve online discourse as well. 

      I have a lot of other ideas as well, as simple one would be a option for social media — so if someone posts an old, debunked article which can easily be found on, they would lose “social points” in debatepyramid, and so you could say, “as soon as someone has posted 10 articles debunked on, I don’t want to read their content anymore” as if someone is doing that — that frequently, clearly their research skills are lacking and it would incentivize them to up their game in this area. I should add, the plugin would automatically post the link as a response to their comment, by everyone using the plugin, so it would add that social pressure as well. 

      Thanks for reading. Let me know if you give DebatePyramid or rbutr a try, and what you’d like to see added or changed with either plugin. Also, if you have any other ideas, please share in the comments below for others interested in this topic area.

      • cqwww 3:25 am on June 15, 2018 Permalink | Reply  

        Modern cell phone story (privacy related) 

        As you walk around with your cell phone on, you walk by different cell phone towers, which allow you to make a phone call no matter where you are. Your cell phone is always beaconing out; hey; which tower is closer?

        Whomever responds first, wins.
        Sometimes it’s an IMSI catcher, a hacker, or a government agent, or sometimes it’s a tower owned by your phone company that responds to your cell phone that it’s clear for you to make a call — but they’re all motivated to make sure your cell phone stays with you, and that the GPS stays on, and your unique phone identifies you (MAC address, Bluetooth (LTE), IMSI number, and the same phone number) as that information is worth a lot. They’ve all turned off encryption, it’s virtually non-existent for cell phone networks. This allows them to do man-in-the-middle (MITM) attacks where they just listen in the middle and allow your phone call to carry on. It can be recorded and shared, forever.
        Which tower is your cell phone connected to right now? Is that even a legit cell phone tower you’re connected to right now, or your neighbors briefcase? Who owns that device your cell phone is connected to?

        There is nothing to be trusted about cell phone networks in 2018. The only two tools the public can use are and for secure communication, and they require a data connection. It will take at least a year from now for your cell phone provider to fix this issue, so that you know if you’re connected to them, or your nephew’s PAL receiver. This info is years old, so it’s unlikely to get fixed any time soon. Enjoy the radiation beside your genitals as your cell phone spends its time trying to find something to connect to and share its information with, at least there’s a comfortable warmth.

        IMSi-Catcher (Wikipedia)

        • cqwww 11:55 am on June 11, 2018 Permalink | Reply
          Tags: anti money laundering, anti terrorist financing, security token, utility token   

          New Canadian rules around AML/ATF and offering of tokens 

          It’s a big week for Canadians whom work in cryptocurrency. First, the Department of Finance released an impact analysis statement around the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

          Canada Gazette, Part I, Volume 152, Number 23: Regulations Amending Certain Regulations Made Under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, 2018

          Most notably the proposal:

          • Persons and entities that are “dealing in virtual currency” would be financial entities or other entities deemed domestic or foreign MSBs, as the case may be. These “dealing in” activities include virtual currency exchange services and value transfer services. As required of all MSBs, persons and entities dealing in virtual currencies would need to implement a full compliance program and register with FINTRAC. In addition, all reporting entities that receive $10,000 or more in virtual currency (e.g. deposits, any form of payment) would have record-keeping and reporting obligations.

          These amendments serve to mitigate the money laundering and terrorist activity financing vulnerabilities of virtual currency in a way that is consistent with the existing legal framework, while not unduly hindering innovation. For this reason, the amendments are targeted at persons or entities engaged in the business of dealing in virtual currencies, and not virtual currencies themselves.

          and a couple of days later, the Canadian Securities Administrators sent out a notice on Securities Law Implications for Offerings of Tokens.

          CSA Staff Notice 46-308 Securities Law Implications for Offerings of Tokens [PDF]

          Most notable it provides guidance on when an offering of tokens may or may not involve an offering of securities, and has many examples. They also recommend you work with qualified securities legal counsel as well as the regulatory bodies themselves.

          • cqwww 12:05 pm on May 9, 2018 Permalink | Reply  

            If you insist on having pop-ups on your website, wait until your visitors are hooked 

            We’ve all been to a website where you get a pop-up right away, asking for a conversion, for example to sign up for their newsletter. What website owners don’t usually measure is the negative impacts of such activity — if you’re only measuring the signups, and not the exits, it looks like success. Consider instead the more normal socialized model of marketing, which is to ensure that people are having a good experience before you ask. “jab jab right-hook” as GaryVee would say.
            Even at the end of reading my first article on a given website, if I get a popup, I’m likely to block the website from working in my browser in the future. The first few times someone comes to your website, should be a positive experience, and the website visitor should find what they’re looking for without being interrupted. It’s quite easy, technology wise, to detect when a user is back.
            If it’s my 5th time on your website, you know I’m hooked. At the end of an article and when I’m about to leave, not interrupting my access, would be a good time to facilitate the ask. Even then, I would consider if a popup is the best way to make that ask. If you don’t have the confidence you can attract someone to your website without a pop-up for at least 5 visits and they have a good experience being able to consume your content, consider resolving that first. This blog gets anywhere from 10k-100k hits per day now, more than many local news outlets, and I have no popups, or any experiences that will interrupt you. Build traffic with good content, and throw out an ask once in a while, to your repeat visitors.

            • cqwww 1:07 am on April 17, 2018 Permalink | Reply  

              I’m looking for smart phone recommendations 

              I’m not a fan of planned obsolescence, so I want a phone that will last. I currently have a Nexus 5, which is ~5 years old. Why I still like it: There are a lot of hardened kernels and tools for it due to its popularity; why I don’t like it: battery life and trustability of the Google Play Store (2/10) and general privacy of the Google ecosystem. There is f-droid as a replacement app store for Android, but it has limited options and a different set of issues.

              One of the biggest challenges today is trusting the hardware, and operating systems, in terms of threat model. This is a hard problem, that is not easily solvable. It involves pressure from nation states to backdoor the phones. In Asia, this is more likely a hardware concern, in the United States, the pressure that can come to an operating system vendor with a national security letter under the US PATRIOT Act. In Canada, our trusted Blackberry (RIM) was found to have provided the RCMP the private key for over 6 years.

              As a result, I think we should be looking to support open hardware platforms. This should solve the planned obsolescence issue, and some of the security issues.
              For example, I had the Neo Freerunner from OpenMoko, which was great philosophically but never really practical. For the hobbyist, there’s the PiPhone and ZeroPhone, but they need even more work to be practical.

              There’s the Samsung Z4, although it has hardware and operating system concerns; but the most exciting phone in the near future is the Librem-5 from This phone has hardware toggles to turn off the microphone and camera when not in use, as well as Wifi/Bluetooth, and baseband. Amazing.

              Not as open source, but a balance between ethics and solving planned obsolescence, and DIY, also check out the Fairphone 2.

              So my requirements in order:

              • Privacy & Security-centric
              • Will last longer than most smart phones
              • Ethical hardware
              • Open hardware/Open Software

              I’d love your thoughts on anything I’m missing in the comments.

              • Jason 4:41 am on April 17, 2018 Permalink | Reply

                It’s not available yet, the site says that phones and a ROM will be available in 2018 but have you looked into

            • cqwww 11:00 pm on April 10, 2018 Permalink | Reply  

              New Tech: IPFS 

              IPFS is a distributed, peer-to-peer (p2p) hypermedia protocol.

              It’s not just theoretical, you can use it now. There’s a lot to be said about the benefits. Consider for example you’re downloading an image or a video, the speed at which that transfer happens, depends on that single connection. With p2p, you’re connecting to many nodes, making the process a lot faster. Also note that every file, and ever block in every file gets a cryptographic hash. This not only means that IPFS keeps track of every version of every file, this feature allows allows it to block duplication! So instead of 1000 copies of the same movie in the cloud, as soon as one person uploads the movie, everyone is splitting that same single copy. The other big feature, of every file with every version, is unlike the web we know today, no web pages or files get lost or forgotten! This should make the archivist in all of us squeal with glee.

              Note, this is fully working, but alpha software. Also, this is intermediate level to use, meaning you should be comfortable in a terminal, and know how to untar a tarball. If this last sentence doesn’t make sense to you, IPFS is not for you. Perhaps instead, learn how to use the terminal. For those ready to dive in:

              Are you ready to give it a try? Install it now.

              Not sold yet? Spend some time going through their documentation.

              • cqwww 5:10 pm on April 2, 2018 Permalink | Reply  

                Thinking about where you’re making your DNS requests 

                Yesterday, Cloudflare announced their DNS service. They provide a good primer on DNS, and what solution they are working to resolve. There was a lot of chatter in the infosec community about this, often directed to DNS legend and friend, Dan Kaminsky.

                This was my response to utilizing this service, especially if you’re not an American:

                As I’ve said elsewhere, I won’t be recommending the American company whose main product is SSL/TLS MITMaaS, to my DNS seeking clients.

                A Canadian doing a lookup on to buy cannabis seeds would be breaking US federal law and worthy of a lifetime ban from US soil, as an example of why this is a terrible idea for non-Americans.

                While I appreciate wrapping DNS requests in crypto at the transport layer, as well as third party auditing, I’m holding out for a solution that is not American (bound by the US PATRIOT ACT), and ideally open source and decentralized.

                If you know of any fast, open source, decentralized solutions, let me know!

              • cqwww 6:36 pm on March 30, 2018 Permalink | Reply  

                If you’re in Vancouver, I’ll walk and talk with you for $5/km. 

                After watching the 60 second docs video on the People walker, I shraed the link on Facebook, offering to do the same.

                Within minutes I had my first customer, and I have 4 of them within 24 hours of sharing it. Clearly it’s serving a niche.

                One thing that stands out is a friend of mine commented,

                people are so lonely in vancouver that hey have to pay someone for companionship???!!!

                but it’s worth noting I think, that not only are there lonely people everywhere, but there are lots of other reasons to go for a walk with someone. Here are a few:

                So, if you’re in Vancouver, and want to go for a walk, I’m only $5/km; reach out. I look forward to getting more healthy physically, mentally, and social with you.

                • cqwww 12:33 pm on March 29, 2018 Permalink | Reply  

                  Announcing: Black Tie Dinner – Vancouver on April 12th, 2018 

                  Summary: Black Tie Dinner on April 12th, 2018  18:00 at the McDonalds on Main Street, one block south of Main Street Station. [Facebook Event]

                  History: If you’ve not heard of it, I’ve run three (one, II, and III) Black Tie Dinners in Victoria, and they were all wildly successful, and by wildly successful I mean more than my friends showed up, and a great time was had by all. Seriously though, we usually fill at least 1/2 the restaurant, and most people are complete strangers, many whom have become friends since.


                    • Wear your finest dining attire! (Black tie/tux/suit & formal dresses)
                    •  Bring along your own china and nineteenth century cutlery, as well as a table cloth and formal napkins (fine dining place setting)
                    •  After you order your food, casually grab the next empty table, place your table cloth on it and set the table. Remove your food from it’s packages, and place it on your china plate. Remove all evidence of McDonald’s packaging, so any pictures look like you’re in a fine dining establishment. Close up pics should like a formal restaurant. Wide angle pics should be hilarious.
                    • Bonus: Sit with strangers whom are also dressed their best!

                      from the first black tie dinner at McDonalds on Pandora

                      from the first black tie dinner at McDonalds on Pandora


                  The above 8 pictures thanks to Mark McLaughlin from BTD II

                  • cqwww 1:02 pm on March 26, 2018 Permalink | Reply  

                    Free alternatives to sign documents 

                    If you have to sign documents once in a while, are trying to save on printing paper, and are looking for a free alternative to DocuSign, here are a few you should check out, and how many documents you can sign per month on their freemium plan:

                    If you’re doing this professionally, DocuSign appears to be the leader, and there are platorm solutions I did not include, such as document signing tools that only work on iOS or Android.

                    • cqwww 8:14 pm on March 14, 2018 Permalink | Reply  

                      Understanding Co-dependence 

                      I’d heard the term codependence many times before, and usually associated it with romantic relationships. A friend of mine mentioned she recently read a book on Facing Codependence from Pia Mellody. I did a youtube search and found a 10 minute video that I find myself recommending a lot the last few weeks. From there I’ve watched a lot of Pia’s longer videos.

                      My big take away was her referring to the word abuse, and the suggestion that in our culture we usually only refer to abuse as violent physical or sexual actions. However the suggestion is that codependence is when you take any actions or behaviours that are intended to condition the other human to behave in a way you want them to behave, as opposed to how they want to behave in order to be the best versions of themselves.

                      This is likely easiest to think of your parents — how many of their actions are conditioning you to be like them and how they want(ed) you to be, vs supporting you in your endeavours, no matter how polarized these desires are from their own beliefs.

                      My challenge to you, is for the next week whenever you interact with another human, consider how much of your behaviour is selfless actions to support them, vs codependent behaviours.

                      compose new post
                      next post/next comment
                      previous post/previous comment
                      show/hide comments
                      go to top
                      go to login
                      show/hide help
                      shift + esc