Laura kalbag

Laura Kalbag

Designer and Co-Founder Ind.ie

Laura Kalbag is a designer from the UK, and author of Accessibility For Everyone from A Book Apart. She’s one third of Ind.ie, a tiny two-person-and-one-husky social enterprise working for social justice in the digital age.

Description

Many companies use cookies, tracking, and behavioral ads to help them sell more things. But it also means they collect a lot of data on what we do and who we are, raising online privacy concerns. What does that mean for developers? Laura Kalbag explains how those tools work and what we as developers should think about when building our own products.

Show Notes

Transcript

[00:00:04.05] SY: (Music) Welcome to the CodeNewbie Podcast, where we talk to people on their coding journey in hopes of helping you on yours. I'm your host Saron, and today we have an awesome guest with us to talk about online privacy (Music). So you've probably heard about trackers and cookies and other privacy-related terms, but what exactly are they? And why should developers - especially new developers - care about them?

[00:00:34.11] LK: My name is Laura Kalbag, and I'm a designer, developer, and co-founder of Ind.ie.

[00:00:39.12] SY: She's one of the creators of Better, a tool that "protects you from behavioral ads and companies that track you on the web by enforcing the principles of ethical design." She explains how tracking works on a technical level. She also shares some of the surprising information companies might have on you - even when you think you're being careful. After this.

[00:01:02.08] One of the best parts of being a coder is finally being able to bring your passions to life. You have the skills to design, to code, to create the thing you're excited about, and share that passion with the world. And Hover can help you with the first step, of sharing your passion with the world - getting your domain name. They've got a really beautiful and easy to use interface where you can find and register your new domain name in just a few steps. And to give you full control, they separate your domain name from your hosting, so you're never stuck with one service. They keep your domain name safe while giving you the flexibility to use whatever hosting service is best for you. They also give you free "who is" privacy, so your personal information is safe, too. To get started, go over to Hover.com/newbie to save ten percent off your first purchase. That's hover.com/newbie. Link is in the show notes. (Music)

[00:01:51.27] So you are one of the creators of a tool called Better, and when I looked on the website, the description for it was very succinct and just packed full of really interesting things. It says, "Better protects you from behavioral ads and companies that track you on the web by enforcing the principles of ethical design." So we have a lot of stuff to deconstruct and unpack and dig into. So let's start with what behavioral ads are - how do you define a behavioral ad?

[00:02:22.26] LK: I think the most basic example of a behavioral ad is when you go to visit a shop online, and you're looking at a particular shoe, and you're like, oh I really like that shoe, and then I go back, I'm browsing the web another day, suddenly that shoe turns up in my sidebar in an ad, and I go on another page and it shows up, and I go on Facebook and it shows up, and that's a really visible example of behavioral advertising, where what you've done has been recorded by a script and has been sent back to a server and they decide to keep sending you that ad again for that thing that you've been looking at, in order to attract you back to the site.

[00:03:04.19] SY: Yes, that happens all the time and it's so creepy and so weird and not only is it, just to have a shoe following you wherever you go online is kind of a weird idea, but every time I see that I think, how are they doing that technically? Like, as a developer, how can someone create a behavioral ad?

[00:03:26.24] LK: Well, it's not that I'm advising anybody to go do this, but really it's about having a script that's on the page that is recording what a person is doing, and that could be the contents of that page, that could be any of the information you can get about a person when they're visiting a page, which could be something as simple as the size of their screen or their vague country that they're located in. Or it could be much more specific information, especially if they're locked into a service that's also recording and has profile information based on you. And also it's done by cookies, as well, which is kind of another type of script that gets logged in your browser and you can clear these cookies, you can tell them to go away, but actually they're often used for very useful functionality, these cookie scripts, such as keeping you logged into something, or recording your country or language choice on a website.

[00:04:20.22] SY: So cookies are delicious, I love cookies, chocolate chip cookies, specifically. And whenever we talk about cookies in tech, it's always talked about in a negative way, but what actually is a cookie? Because it sounds very benign, but it's talked about very negative. What is it, how does it work?

[00:04:37.11] LK: Well, in its barest form, it is fairly benign. I mean, they gave it a pretty, cutesy name. But all it is is recording a little bit of information that could be useful and it's kept to that specific browser, and that little piece of information can be brought back by a website at any time if they set that particular cookie. And so it could be the information, such as Laura is based in Sweden, Laura's preferred language for browsing the web is UK English. Or it could be a lot more damaging information, it could be something that's saying, this is user profile - some random number. And that number could link back to a profile in a database that has a huge amount of information about you, and your browsing habits and the things that you look at and the things that you do and the sites you visit and things like that.

[00:05:32.00] SY: So as a shoe company, I understand why I would want to use cookies and do behavioral ads, because if I can figure out, oh, Laura likes the color yellow and really likes boots, if I just show her this awesome boot that I made I can make her happy, because now she has a boot and I can make me happy because now I make money. Why is it bad?

[00:05:57.11] LK: I think there are two sides to why it's bad. One is the act of should we really be able to manipulate the people visiting our sites in the first place? Should we be trying to sell things to them in a traditional manner, such as showing a really great product, offering them a really great service? Or should we try to manipulate them into buying something by just hammering this ad in front of them every time you visit a page until we're just like, oh I give up, I want it. And it's not really the same as actually really genuinely needing and wanting something in the first place. The other side of it is that the information that's being collected by these scripts, by these cookies, is often potentially really privacy-invading. So you might think, well actually it's pretty harmless if someone knows when I'm on my computer, but if they know when you're on your computer, where you are at the time, who else is on another computer in the same house as you. When all of that information starts being brought together, it could give people a lot more information than you wanted to give out in the first place. And when we start thinking about really big systems, where your privacy really matters, things like - I don't necessarily want to be sharing every kind of intricacy of my day to day life with say, my government, and in the same way, I don't necessarily want it to be something that a big corporation can get hold of, because what they'll do with this profile information, is they might use it against me. They might decide that I live in an area and I have friends who are quite poor, and so I'm not going to give them a loan, because I don't think they're the kind of person who's going to pay their loan back. And this sounds like a really extreme example, but actually Facebook made a pattern for this exact use case, of preventing someone from getting a loan based on their friends on Facebook.

[00:07:58.28] SY: Wow. Holy crap.

[00:07:58.28] LK: Yeah it's big.

[00:08:01.15] SY: I didn't know you could do that. So when it comes to things like that, who is responsible for making sure that doesn't happen? As a user, is it my job to know better and to protect myself and to use tools like Better, or is it Facebook's job to not collect information? Is it the government's job to create laws? There's so many people involved, so many different organizations that are a part of this conversation - whose job is it to protect the consumer?

[00:08:34.29] LK: I think it's a lot of different people's jobs. Primarily I would say, it's not the user's job. I'd say it's not the person's job because, just because you use a computer doesn't mean that you understand what these scripts and cookies are doing. You could go about your everyday life, browsing websites, using apps and things like that, and never having any idea of the information that's being collected about you. You'll just assume that it's good, and this is different from the information that you might put out publicly. You might decide to post an image on your website, a photo of you having fun with your friends. You've chosen to make that public. It's quite different from something, you don't necessarily expect your browsing history to be shared with someone. You don't necessarily put that on your personal website. And so I don't think it should ever be the user's responsibility. In fact, I tend to not even refer to people as users. I refer to them as the people who use things because I think that when we say user as a developer or a designer, we're separating ourselves with this idea of a far-away person, and we don't necessarily think of them as another person like us. I think that it's important that government and states and things regulate this as much as possible, make laws to protect people from harm and invasion of their privacy. However, it kind of relies on a lot of these laws being up to date, being tested, being able to follow technology, and that's very difficult, so we kind of need quite broad laws in order to help protect people. I think Europe and the EU, their writing some privacy regulation right now, and this is the GDPR as it's called, which is the General Directive Privacy Regulation, and that is looking very positive for protecting people, and that will affect people in the US who are building sites and things like that, because if they have any customers who are in Europe, they'll have to abide by those privacy regulations, too. That's a good thing but these things can be very slow and often they get it wrong and often big companies will lobby governments in order to encourage them to make laws that are nice and easy going on them. So I'd say the people we really need to put the most amount of pressure on are the corporations who are building these kind of privacy-invading technologies, and that's really difficult, because the sad thing is, most of the web and technology today is based on a business model of trading this information and tracking people's information about them. Any service that's free is usually funded through advertising. And this isn't the sort of print ads you get in the newspaper, where you look at it, you see it, you can turn a page, it's gone. It's not looking back at you. On a web page, the ad is looking back at you. It can see what you're doing, so it can invade your privacy. So it's not really the same as the old data advertising. But because people have got used to all of this free stuff, we fund this business model as well by continually using all these free services and expecting things to be free, too.

[00:12:02.00] SY: So where did it go wrong, or when did it go wrong? Was there a time in internet history when we could've saved ourselves and avoided this world based very much on advertising?

[00:12:15.08] LK: I don't think so. I think maybe back in the day there were people making sites for hobbies and they weren't necessarily trying to make a business out of it. But really this has been around for a huge amount of time. You think of Google. Google has scripts on nearly 80% of the world's most popular websites, the top few thousand website. Google has an eye on people across these websites. One of their big services that they provide is search, and they've been doing that for a very long time. And people expect search to come to them for free, they want all of the benefits of it for free, Google goes through and indexes and looks at all these websites and makes sure it has up to date versions of them, that it can understand all the keywords on those pages, and things like that. And Google had to get the money for that from somewhere, and it decided not to charge people money, but instead fund it through a model of advertising, which has gotten us to the position where we are today.

[00:13:22.28] SY: So what is the role of developers in our future, because we talked about how the main thing - the main entity around this issue, is corporations. Which makes sense - they want to make money, they want to make as much money as possible so they'll use whatever tools that they can. But in those corporations, we have lots of people - we have developers, we have designers, business people, we have finance teams - we have all these different groups. So where do developers live in this conversation?

[00:13:51.08] LK: I see developers as the gatekeepers. Because a lot of the time, people from the business section as well will come to you, and they might say, we want you to put this script, this service on our page. It might be another advertising script, but it could be another tracking script that's analytics or something like that, because all of these analytics and all of these A/B testing third-party scripts, are all pulling in this information. So you need to be able to stop people and say, hang on, why are we doing this? And there is a really great thing that I think developers can pull out of their back pockets when it comes to providing reasons for adding lots of third-party scripts to their sites, and it’s performance. Because there's no point in worrying -

[00:14:37.23] SY: Oh, smart.

[00:14:38.04] LK: - about thick your web fonts are or how big your JavaScript page is or how your CSS file is. There's no point in minifying anything, making your CSS compile into smaller scripts, if you're adding a load of third-party scripts that are really increasing the load time. And a lot of research has been done looking into how people are impacted by load time. And if someone visits a site and it loads really slowly for them, they're not going to go back, so you can save yourself a lot of grief on the performance side if you don't bother adding those scripts in the first place.

[00:15:17.08] SY: I love that, because one of the things I was thinking about was how, I think that if you're a developer, you generally know, or you have some sense of cookies and tracking and it probably makes you a little uncomfortable, or maybe you're excited by all the power that you have, I don't know. But it's interesting to me that I feel like when I think about my own network of people I know and developers I know, there's a relatively small subset that is upset enough about this to use all of those anti-tracking tools and use protonmail and do all kinds of others things that help them limit the amount of information that companies can get. But it still feels like a vast majority of developers - even though we know what's going on, we don't care enough I guess to do something about it. Do you see that happening in your world, too?

[00:16:12.20] LK: Yes, and I give talks at conferences a lot and a lot of people come up to me afterwards and go, well, why should I care? I don't have anything to hide, which is the classic. But of course it's not about wanting to hide anything, but also you have a little awareness of how much power this information about you can have. The NSA, the programs that they use to spy on people outside of the US, they used to have this program that would suck in all the information it could find on the web about every single individual that they're deciding to spy on, in trying to find criminal activity, terrorists, things like that. There was a guy called Bill Benny, and he actually made a different program, a competing program, called ThinThread, which actually pulled in just the metadata about people, so not all of the conversations they're having, not the text of that, not the images, the photos they're uploading. But the metadata, the information about that content. He discovered that that was all he actually needed to be able to predict terrorist attacks, to be able to thwart things like that. And so this was a really good example of the value of the smallest pieces of information about us and how much value they can hold to people we have no idea are following us. And so it's quite an extreme example and I don't think anyone out there is worried about being tracked because they're a terrorist, but there are very many other ways that we are vulnerable, and I think a lot of people working in the industry may not care yet because they do have privilege. Because if you think about it, in some countries, it's illegal to be gay. And so you don't necessarily want profile information or the information where you've been having a private conversation with someone on the web, you think no one's listening in. You don't want that information getting back to anybody else, let alone your government. There are a lot of people who are poor, are the ones who suffer the most because of a lot of the discrimination from insurance that can come out of this kind of information. A lot of it is because algorithms are making the decisions based on information. It's not a human being that's looking at whether you qualify for this particular insurance. It's an algorithm sucking up personal information about you that it's found in all these different places and going, oh, well, that person fits in this box. It might be true information - but it might also not be. But they have no way of distinguishing between those. (Music).

[00:18:56.11] SY: Coming up: we talk more about data collection. How do we decide what information to keep, when we're the ones building the products? We also look at some privacy-friendly alternatives to some of the popular tools we use all the time. After this.

When I learned to code, I was so excited to finally bring my passions to life. I could build things that I really cared about, and share them with the world. And the first step in sharing is getting your domain name. That's where Hover comes in. They've got a really slick and easy to use interface, they've got awesome domain names to pick from, and they separate your domain from your hosting so you have full control and flexibility over your online identity. So go to hover.com/newbie to save ten percent off your first purchase. That's hover.com/newbie. Link is in the show notes.

[00:19:44.21] SY: So most people listening to this show, I'm going to assume safely, are not building very vast complicated ad-tracking type of software. I think a lot of us are just getting started, building little side projects, that kind of thing. So does this conversation on privacy and tracking, does it apply to us, does it apply to beginning developers, or is this mostly a conversation for the CTO, the senior devs, the people who are kind of at the top of the tech food chain, so to speak, and who actually have the power to push back and make decisions?

[00:20:24.23] LK: I think this applies to all of us, because we often add a lot of things to our pages that we're not really thinking about. And I think it's really good to get into the habit of, in the same way that when you are using a new framework for the first time, so you might be using something like Bootstrap or you might be using something much more powerful like React or something, and having a general understanding of how that framework works and what it does is good practice, because that way you know how it's going to bolt into technology and things like that. Even if you don't know exactly how every little bit of it works, you want to have an overview. And I think the same thing goes for when you're adding other third-party scripts to your site, so the scripts from other providers, scripts you haven't written yourself. And even something as simple as analytics - so this is one of the first scripts we add to a website, because we're like, oh I want to see how many people visit my site, maybe I want to see how big their screen is, what device they're using. So I can make design decisions based on that. That is very innocent on your part, but whose analytics you use can have a use effect on the people visiting your site, because that information is being collected and kept in a place. And even if the analytics provider is completely well-intentioned, they're just collecting that information and storing it only for use by you, so they have copies of sites people are visiting and things like that, but they're only sharing that information with you. That doesn't mean that a bad actor, someone like a hacker or something like that, could think - oh, that information is valuable because it's all stored in one place, I've got all of that information from everyone that uses that analytics package is stored in that one place. So I'm going to hack it, and then I'll have all of that useful information. And this is the problem with having centralized systems, this idea of having everything kept in one place. Because it's vulnerable, in any way, whether someone is doing it for the right reasons or not doing it for the right reasons. And so even a decision such as whose analytics we use and whether we use analytics that's hosted on another service or whether we post them on our own website, has an impact on the people using our site.

[00:22:52.09] SY: So for an example like analytics, is it that we just shouldn't have analytics, or is that there are alternatives that give us the information that we can use to make our site better and make - I won't called them users - make the people who use our websites happier and have a better experience without the privacy and tracking concerns?

[00:23:16.28] LK: Yeah, I think with a lot of these things it's about finding the balance, but I think the first thing you have to think about is what information do you need to collect. What's actually going to be valuable to you, and what's collecting information for the sake of collecting it? Because a lot of analytics will just suck up lots of stuff, just because it can. And that's not necessarily because you should.

[00:23:40.06] SY: And I think that right there is the problem, especially for new developers, because we don't always know what we need, and I think there's this fear of, if I miss it, then I can't go back and collect it. I can't go back and fix that mistake, so if I get everything, then I can kind of figure it out later. So if we shouldn't do that, if there's a danger in doing that as beginners, as newbies, how can we make better data collection decisions?

[00:24:08.13] LK: That's another thing about analytics as well is that it only tells you about the information about your site in the past, it doesn't tell you about what to do in the future and it doesn't necessarily tell you what will work and it doesn't even necessarily tell you what's not working. You just have to make assumptions based on it. But I think that one of the things that we can do when we're making these decisions is to do things like self-hosting and analytics, and there's lots of services out there, there's an open source one - free on open source one - called Piwik, and if you are using analytics and you're hosting it on your own server, then you can choose what you want to collect and what you don't want to collect, what might be useful to you, and you can also only have it on your site. So nobody else has access to that information, you're not giving it to anybody else to use. And so that's a really good way of looking after the people who are using your site, and kind of respecting their privacy.

[00:25:14.01] SY: So even if I am using a tool like that, how do I decide what data to collect? How do I make that decision?

[00:25:20.06] LK: I think it's very much based on what are you providing? What are you trying to do with your site or your service or your app? What kind of thing is useful to you? Things like the amount of people using your site is quite useful because you want to know that you're not going to get a massive bill, because you haven't got the right server for the bill. So that kind of thing is very useful. Maybe you don't need to be tracking where someone's mouse is moving on the page. That's not going to have a huge effect -

[00:25:52.04] SY: Yeah, that's a lot of information.

[00:25:52.22] LK: You don't really need to know where someone's come from. Only the information on your site is really relevant to your site. You don't need to try to identify people as individuals, I think that's a really dangerous road to go down. You want to avoid collecting anything that can identify people as individuals. I mean, arguably, any data set that's got enough information could probably identify you as an individual when it's held against a different data set, but still you can do as good as you can by, you don't need to know the gender of anybody, you certainly very rarely need to know their name. Things like location - do you really need to know their location? Can you do that in a way that is not pinpointing them exactly, if you do need to use their location for things like finding where a store is or something like that. Every time you're making a decision about what you're going to collect, you're just thinking about is this useful, is this going to help me? Maybe it's easier to think about it by flipping it on its head and going, can I do harm if I have this data?

[00:27:04.01] SY: Ooh, I like that. Yeah. So I want to get back to the tool that you created called Better, and going back to that description, it protects you from behavioral ads and companies that track you on the web by enforcing the principles of ethical design. What does that tool actually look like, and how do you use it?

[00:27:22.19] LK: It's an app for currently Mac-OS and iOS, and what it does is it works with the inbuilt functionality in Safari, so it works with Safari specifically, because what Apple has done is provided this functionality called content blocking, and what content blocking does is you can pass it rules, and it will enact those rules in the browser for you. So what we do is we pass it a list of known trackers and what it does is it blocks all of those trackers in the browser and it's quite important to have that separation of us giving it a list of rules and it doing it in the browser, because that means we don't have any access to the browsing history or the traffic of the person using the tool either.

[00:28:11.21] SY: Interesting.

[00:28:12.20] LK: Because we don't want to make a privacy tool that then goes and spies on you, that would defeat the point. But that's why it's currently only available on Apple and using Safari, because we really need to use this tool that Safari and Apple has very deliberately offered to developers, because they're starting to follow this idea of differentiating themself based upon privacy. To be honest, it's then setting themselves apart against Google, because one of their main competitors, especially selling devices, is Google with all of the Android phones and things like that. So what Apple is saying is, we're giving you this rather expensive device, but you know that when you use it, your information is private to varying degrees. They can't do that, pointing at Google. It's a sales tactic for them, but it's a sales tactic that does benefit the people using their devices.

[00:29:09.21] SY: Yeah and that's the thing that I've always appreciated about Apple, because I am purchasing all the stuff, like I have a Macbook and I have an iPhone, so I feel a little bit more comfortable trusting them and trusting that they will prioritize my privacy because I'm the customer. I'm not the product, I'm the actual customer. So does that mean, when we look at how helpful privacy tools, anti-tracking tools, how much we can use them, does that mean that they are generally only applicable to companies, to products that already take privacy seriously? Like is there a world in which we can use something like Better and still use Chrome, if we prefer Chrome as our browser?

[00:30:02.00] LK: To some degrees, but there is a reason why Google stops a lot of these tools from being in its Play Store and things like that, and a lot of people will say, can I use Better with Chrome, and I say, well I wish you could, but if you're using Chrome, and especially if you're using Chrome whilst locked in with Google, there's not really that much I can do for you. I can't certainly protect you from Google, I can protect you against other stuff, but not Google, and that's the thing about Better is we focus on third party scripts, because there'd be no point us blocking things that Facebook does when you're logged in and using Facebook. That's just going to be really frustrating. And you've decided you want to be there, otherwise it will all just break and nothing will load and it will look really awkward. And so what we do is we focus on blocking say, the Facebook button on other pages, because on other sites, the Facebook button is what Facebook is using to track you, whether you're logged in or not, it's using that to create a shadow profile of you, and then the second you log in with Facebook, it can connect that information to the shadow profile.

[00:31:12.16] SY: Ooh, what's the shadow profile?

[00:31:13.12] LK: So shadow profile is the profile that Facebook has on you if you haven't used Facebook. And so there are a lot of people out there who are very proud, wave their hands in the air and they'll go, I'm good, I've never used Facebook. But the things is that so many people have used Facebook, that inevitably photos of you have been uploaded, your name has been mentioned. People often upload their address books, not aware that sharing your contact in order to find your friends is another way of sharing the contents of your entire address book with these services. So Facebook and other similar services will use this information to create a profile of you and then as soon as you sign up, they can go, oh, that's you. So for example, I left Facebook for a while, maybe about five years ago. I didn't really use it that much, I thought right, I'm leaving. And then my grandfather started using it, and I was like, oh I kind of want to see what -

[00:32:11.00] SY: That'll get you.

[00:32:12.00] LK: I'm going to go back there, just for the sake of keeping in contact with my grandparents. And when I logged back in, I didn't log back in, I created a new account, I was like haha, I'm going to fool Facebook, and then it started suggesting to me, oh we think you went to school here, is that correct? We think you live here, is that correct? And I'm like yes, of course it's correct. How could I think I could fool you, Facebook? It's not because I have a very unusual name, it's because it already has all my information and it's far cleverer than I am, at doing that. Some of things that Facebook knows about you, if you go to Ad Preferences, it has some lists of categories that it's put you in, and it can be very simple things such as someone who uses Wifi, to quite personal things like I have a category that says lives away from family. And so it's kind of, I think it's based on the fact that I don't live in the same country as the rest of my family, and to other very, very strange things, and things that I have no idea why it's put me in those boxes, but it's, it may have suited some advertising at some point, to put me in there.

[00:33:25.28] SY: I think a big reason why, even when we know Google is watching and Facebook is watching, we keep coming back to those tools, and we still use them, is because they're very convenient, they're very, very easy. So if people are listening to this and thinking maybe I should take this privacy thing a little more seriously, maybe I don't want to be tracked to the degree that I probably am - what are some good first steps that we can take to either educate ourselves or to be maybe a little less trackable?

[00:33:59.01] LK: I say try to find services that you use commonly, and try to replace them with the most privacy-friendly thing you can find. So for example, a lot of people use Gmail, and there are loads of really great and reliable email services out there. They may not hook into everything else in your life quite as well, that's actually one of the benefits to getting away from Google, because if a company has very little information about you, they can't do very much with that information. And so I use fast mail, which is actually based in Australia, I think, there's Protonmail, which is a very popular privacy-based email provider. For things like messaging, you may decide not to use Whatsapp, because Whatsapp another one. You do have the option to encrypt the messages, but they still have access to metadata - it's a bit of a gray area. And so you can use services like Signal, which is free, or Wire, which is another really great service that you can do video chat with, things like that as well, so you can replace Google Hangouts and things like that. I would say search-wise, DuckDuckGo is very good, and again, it's not going to be the identical experience to being logged in with Google where it will pull up search results from people you follow on Twitter and stuff like that, but it's a very good search. And what it actually does is, it has these clever little shortcuts you can use, so if you're not finding the results very satisfactory on DuckDuckGo, so maybe you search for a problem you're having with your CSS, and you're not getting any decent results on DuckDuckGo, you can actually do !g and as part of your search, and it will redirect your search to Google, but run it through as an encrypted Google search.

[00:35:50.02] SY: Oh, very cool!

[00:35:50.26] LK: So Google doesn't have its hooks in quite as much. And you can do the same for !i, for images, for image search on Google, and !m for map search. And you can also set your own key words and stuff like that as well. It's a really useful tool.

[00:36:06.09] SY: Oh, that's neat. So for those of us who are just understanding and just learning about security and tracking and privacy, is it too late at this point, if I say ok fine, I'm going to stop using Gmail, I'm going to switch to Protonmail, I'm going to not use Google.com, I'm going to use DuckDuckGo - at this point in my life, I feel like Google and Facebook and all these companies have all the information they could possibly want on me to do whatever they want. So is it too late?

[00:36:35.02] LK: I think it's not, because you have to think to some degree about yourself, but you also have to think about the other people who your decisions are affecting. So when you're deciding to use Gmail, you're not just deciding that you're going to share your information with Google, you're deciding that you're going to share all of the information with the people that you email with Google as well. When you're deciding to share your photos on Facebook, you're not just deciding that you're uploading photos of yourself, you're going to also be getting the face scanning on your friends, your family, your children as well. And so you have to be aware of the network effects that your decisions have. And I think in terms of being conscious of this as someone starting out in the industry, I think it would be really great if people started trying to build more privacy-respecting tools. And I don't think necessarily people should be doing what we're doing, and building something this specific to privacy. What we should be doing is building really great wonderful app services that just also happen to be private, that also happen to be secure, that are a really great convenient experience that people actually want to use and they don't have to worry about their privacy.

[00:37:53.06] SY: Really great advice, I like that. So next let's do some fill in the blanks, are you ready?

[00:37:57.27] LK: Yes.

[00:37:59.18] SY: Number one - worst advice I've ever received is?

[00:38:02.16] LK: When I was freelancing, someone recommended to me you've got to say on your website everywhere, you've got to talk about yourself as if you're more than one person. Because you're more likely to get client work then. And people will trust you because they think you're bigger, and if you're bigger, you're more reliable. It's terrible advice because if someone finds out that you're just one person, they're going to trust you way less. And also you're setting expectations for yourself that you just can't manage. So I always whenever I see that, I'm always, no be straightforward as yourself as possible, especially when you're freelancing and you're trying to do client work, because the wonderful you is the person that people want to hire.

[00:38:47.10] SY: Yeah. Oh my goodness, I completely understand that. So I came in from a world of start-ups where that was exactly the idea, be bigger, look bigger, look more important than you may feel sometimes. And so I carry that with me with CodeNewbie and it was so funny to talk to people who knew that it was just me, because I was so used to saying we, "we at CodeNewbie," and my friends would be like "Isn't it just you?" Now we have a team, now there's actually other people so the we is correct, but for a long time, I got into that habit of just trying to be bigger that I couldn't stop saying we. It was really funny.

[00:39:24.05] LK: Yeah, and to people starting out - it looks really intimidating, because you're looking around, and you're like, oh everyone's big, everyone's these huge, responsible companies and they all have employees and things like that, when actually it's just another person who's working part-time from their bedroom just trying to learn stuff and make stuff. And that's how so many of us start out, and it doesn't help anyone to pretend otherwise.

[00:39:49.19] SY: Yeah. Number two - my first coding project was about?

[00:39:53.03] LK: The very unofficial one would be trying to make my Myspace profile look pretty. And that's when I first started getting into CSS and HTML and started trying to understand why these magic characters I was typing in were actually doing anything, and then I started making fan sites for local bands.

[00:40:14.25] SY: Nice, very very cool. What did you use to do that? Did you use a builder, did you just use vanilla HTML and CSS?

[00:40:21.18] LK: I used HTML and CSS, but nobody had told me that tables for layouts wasn't a thing anymore, and this must have been maybe thirteen years ago or so, so people were still in a lot of places using tables for layout, but that was not best practice.

[00:40:45.05] SY: Yeah.

[00:40:45.16] LK: And so I learned how to do tables before anything else, cutting graphics up into tiny little squares so that they lined up in my table cells to make a beautiful image.

[00:40:56.20] SY: Yes, that's one of the things that really confused the crap out of me too when I first learned HTML and CSS. Because when you don't know what resources are available, you just do a search for HTML and CSS, and there are still a lot of articles and stuff that reference tables and that say, oh, here's how to do a table layout. So even - what was this, five, six years ago, I think, when I was first looking at this stuff? Even then, there was still plenty of tutorials that talked about how to style with tables. So, yeah.

[00:41:26.29] LK: Yeah, that's exactly how I got into it. I just typed, how do I do HTML or something like that, I got a really great, well-written tutorial.

[00:41:36.25] SY: Yep, lots of screenshots.

[00:41:36.25] LK: I didn't know then either that the technology moved so quickly, so I didn't have a reference for, this was written ten years ago. That didn't mean anything to me. Whereas once you become more familiar, you start having an idea of, oh if this was written six months ago, maybe it's not great, or if this was written two years ago, maybe it's no longer relevant. But when you're starting out you have no concept of that.

[00:42:04.21] SY: I remember I learned Rails 4, and then I think it was maybe a year, a year and a half, Rails 5 came out and I was so angry. I just figured out Rails 4, I'm comfortable, I'm happy - why would you do this to me, why would you give me another thing to learn, so yeah, I completely understand. In the beginning, it feels like, how often does psychology textbooks get updated? You know, when you think about other subjects in other classes, they're so static that getting used to the pace of change in tech has been - it look a while to get used to.

[00:42:40.04] LK: Yeah, and knowing which of the things that are here to stay, and which of the things are the real foundations that we have to understand and which are the things that, oh they're going to change next week.

[00:42:51.25] SY: Yeah, yeah exactly. Number three - one thing I wished I knew when I first started to code is?

[00:42:57.23] LK: I think that would be that table layouts were no longer. But also that so many other people started out in the same position that I did. I saw a lot of people that seemed to be incredibly professional, they were working at really well-respected big companies, they knew all of these languages I had no idea about. And I didn't really ever think about, well they started out like me, they took years and years to get to those positions. And I don't necessarily want to be in that same position. Is that what success is?

[00:43:39.04] SY: Yes!

[00:43:39.24] LK: I sort of saw that big thing as being what success is. And then I could just set myself up for continued failure if I hoped to achieve exactly what those people are doing, without realizing that actually I can make success be whatever works for me. And especially as more and more technology has come out, more and more different languages, different ways of doing things, that's even more true because actually making your own niche in this whole industry, finding the thing that you're good at that you can share and that you can do is really valuable and is much more valuable than you just being a clone of somebody else.

[00:44:17.05] SY: Absolutely, and to me, that is maybe my favorite part of doing this podcast, because I get to meet wonderful people like you who expand my idea of what it means to be a technologist in this industry, because when I think about a coder in the very beginning I'm thinking someone who makes websites, but the more I talk to people, the more I realize, oh wow, there's so many different things you can do and specialities you can focus on and areas you can really develop an expertise in. So yeah, I think that looking at a developer and saying oh, they know ten languages, therefore I must know ten languages, is doing yourself a disservice.

[00:44:54.02] LK: Yeah, and it's impossible to be great at everything. So don't beat yourself up trying to get that way, you may as well focus especially on something you enjoy and you want to spend time in, if you can do that. Because if you're going to spend every day writing a particular language, it should be something you actually enjoy writing and feel you understand. (Music).

[00:45:15.10] SY: Yep, absolutely. Thank you so much, Laura, for spending some time with us and teaching us all about privacy and tracking. You want to say goodbye?

[00:45:22.11] LK: Goodbye, thank you for having me!

[00:45:24.00] SY: And that's the end of the show. Let me know what you think. Tweet me @CodeNewbies, or send me an email, hello@codenewbie.org. If you're in D.C. or Philly check out our local CodeNewbie meetup groups, we've got community coding sessions and awesome events each month, so if you're looking for real-life human coding interaction, look us up on meetup.com. For more info on the podcast, check out www.codenewbie.org/podcast, and join us for our weekly Twitter chats. We've got our Wednesday chats at 9 PM EST and our weekly coding check-in every Sunday at 2 PM EST. Thanks for listening, see you next week. (Music).

Thank you to these sponsors for supporting the show!

Thank you to these sponsors for supporting the show!