Articles: Popular

Model View Culture: Social Networking as Peer Surveillance

March 23, 2015

This piece was originally written for Model View Culture's Surveillance issue in October 2014.

Tech news articles preach the dangers of sophisticated programs at startups misusing data we give them, performing sociological experiments on us, or the NSA spying on everything we say and do.

But those things are barely on my radar.

As an outspoken, queer woman, the internet is a terrifying place. Can I trust myself, my friends, or my family not to inadvertently harm me through the information shared on social networks? What will ill-willed colleagues do with that information if and when we unintentionally trip up?

Photo of the author standing in front of a whiteboard illustrating her many social connections.Photo CC-BY John December, filtered. 

I want to tell you the story of how we came to unwittingly self- and peer-surveil, allowing the internet to near-simultaneously make our worlds bigger and smaller. I know this, because it’s my story, too.

In 2004 I moved across the country, away from everything I’d ever known. I was in a new city where I knew no one, so I turned to the internet as I’d done most of my life. This was an interesting time for the web; sites relying entirely on user-generated content were becoming big and would herald in the era we find ourselves in today. When I found out about Meetup and Upcoming, I happily told them about all things I was interested in.

I soon found myself in a community that relished sharing a physical space with internet people and we were drunk on the feeling. We took pictures, happily tagging them with both our actual and internet names, dates, events, and geolocation data. We embraced hashtags not just for events, but impromptu collaborative art projects. Social networks were uncharted territory,  a make-it-what-you-want-it-to-be atmosphere where we were explorers and inventors, discovering ways to connect, share, and feel closer to each other. In a way, the internet itself became a new friend to me – one that wanted to see the whole picture of who I was. It wanted to know what music I listened to when I was sad, what pictures made me happy, and what I wanted out of life. I found myself sharing every article I found interesting, information on the charities I donated to, and what concerts I’d be attending. In a bizarre sense I felt the more I shared of myself, the stronger that relationship could be.

It seems unimaginably naive to say I didn’t realize how all of that information could ever be used against me. I remember remarking to people who were dismayed by Twitter having made oversharing popular, “no one will care what I did today a month from now; we’re living in the moment.” But a few years provides a wealth of perspective: today, people constantly exploit little pieces of information from social networks I’ve participated in over the years to DDoS attack my websites and physically threaten, harass, and abuse me.

An obvious example of this is my income, which has become nearly fully supported by micro-donations from hundreds of people all over the world. For quite a long time, that income came through a site that advertised exactly how much money I was making and from how many people. At first this was a positive thing – people could see how much financial support projects like mine received and understand that it wasn’t as widely supported as many thought. But when I was visibly in the site’s leader board and eventually the top person receiving on the site, it became a huge problem. Reddit and Hacker News had a field day. I’d get comments and emails from people claiming my work was panhandling, prostitution, trickery, and theft. People berated me if they found out I went to a movie with my partner, feeling I was squandering the money I received. Others who had previously supported me were angry when I wouldn’t immediately drop everything I was doing to give them advice, because in their eyes, I worked for them. My ability to maintain a work/life separation effectively disappeared.

Having received threats and abuse online, I have to take extra steps to protect myself offline. I pre-emptively tell new acquaintances that they can’t post information online about where I am, where I’m going, or who I’ll be with for fear of confrontation or worse. Friends with the best of intentions asking publicly on Twitter for me to meet them at a specific place and time means having to decline a lot of invitations. It’s awkward to explain to people that they may be inadvertently putting you in danger.

I recently stopped following anyone on Twitter and replying sparsely because people graduated from attacking me directly to going after my friends and family to cause me harm. I semi-jokingly tell people that being near me is risking radiation exposure; I’ve been blackmailed into giving up relationships and fully living my life for fear of indirectly hurting the people I care about. In essence, social networks have manipulated the relationships I have with others.

Social Networks as a Panopticon

In the late 18th century, the philosopher and social theorist Jeremy Bentham designed the Panopticon, a building that allowed a watchman to observe every occupant from one vantage point. This led occupants to act as if they were being observed at all times, regardless of whether a watchman was in the tower or observing them; the mere potential of constant surveillance altered occupant behavior.

Foucault discussed his social theory of Panopticism in Discipline & Punish: The Birth of the Prison, noting that the occupants of the Panopticon are “the object of information, never a subject in communication,” and that

He who is subjected to a field of visibility, and who knows it, assumes responsibility for the constraints of power; he makes them play spontaneously upon himself; he inscribes in himself the power relation in which he simultaneously plays both roles; he becomes the principle of his own subjection.

In the 1970s, a piece of software called DIALOG was designed to replicate the Panopticon effect and tested at a large pharmaceutical company as part of a psychology experiment. The software allowed workers to not only report the work they were doing, but to socialize with peers. When users realized the software was allowing management to monitor them continuously, many stopped using it. Others decided to continue, “raising the question of whether remaining users modified their behavior under the threat of surveillance, as prisoners in Bentham’s Panopticon would, or whether they believed that the benefits offered by the system outweighed the possibility of punishment.”

Photo of a panopticon prison with guard tower looming before dozens of cells.Photo CC-BY Friman, filtered.

Social networks operate in much the same way. Thanks to open APIs and the limited technical talent needed to use them, the ability to monitor someone’s every activity can be easily automated and analyzed for patterns. A few weeks worth of data can give you an idea of when someone leaves for work, what coffee shop they stop at in the morning, and even what route they drive to get home. Using additional data – something as simple as a selfie – it’d be easy for a relative stranger to “recognize” you on the street.

Barring that level of sophistication, a simple observer to our online lives can still learn a lot about us. I was shocked the first time I met someone and they asked about each of my four cats by name. I’d willingly put that information out there, but I didn’t fully comprehend what someone using it would feel like.

Knowing the risks, do we alter the way we act within these systems? I’d argue that too few of us do, myself included. Only after the information I’d put out there was used to hurt me did I realize exactly how much I’d shared and how difficult it was to get back.

I don’t doubt there are dangers lurking around corners I haven’t thought of yet.

Social engineering

What allowed all of this to happen? How was I so easily fooled into living in the Panopticon? A shared and interwoven set of tenets between social networks and the people who use them create a variety of subtle pressures.

Rusty barbed wire.Photo CC-BY LongitudeLatitude, filtered.

Tenet 1: Well if it’s free, I guess I’ll take two

After just a couple years of becoming actively involved in social networks, I had a social media list that boasted nearly 30 differentactive profiles (I have no idea how many I’ve made total), but I wasn’t concerned. “It doesn’t cost me anything to try a new service”, I’d tell myself. I could play around, test the boundaries of the system and how it let me interact with people before adding it to my always-open tabs list or abandon it completely — along with my data that lived there.

Tenet 2: One identity to rule them all, and in a closed system bind them

Coupled closely with the desire to try everything is the compulsion to stake a claim to your identity on every service available. In manufacturing the scarcity of things like usernames, social networks create an anxiety on the side of the potential user; the assumption being that demand will always be higher than the supply, so urgency in account creation is required.

On top of that, larger properties have done well for themselves by creating a closed ecosystem to connect them. Google and Facebook are both good examples of this, allowing users to connect their email to their social calendars to their social networks to their contacts and so on. Participation in any of the sub-properties requires participation in the main one and encourages staying within the ecosystem by exploiting user laziness.

Tenet 3: Public is default

It’s easy to forget that the idea of privacy controls are a relatively new concept. I think the first social network I saw them on was Pownce, and even then I treated it less as a form of security and more as filling a niche need. I could share this post with that set of people and no one else can see it? How novel! At that point it didn’t even occur to me that someone could or would want to manipulate my willingness to share every detail of my life.

Social network growth is driven mainly through public sharing – the ability to see things outside the walled garden and want to participate. It should come as no surprise that startups wanting to show potential financial partners exponential user growth encourages public-as-default to the point of making it difficult or impossible to hide data.

Tenet 4: Share everything early and often

I’m just as guilty as the next person for actively encouraging my friends to share, share, share. In a world that we experience primarily through technology, we feel connected when we learn more about someone through their everyday lives. This isn’t something artificial and constructed by a marketing department, we aren’t as compelled to share because of A/B tested button color or slogan. It’s a subtle pressure; something that feels natural and familiar because it’s how we make friends, how we become better friends.

Tenet 5: Shoot first, ask questions later

Even knowing the dangers, we feel strangely safe and at home on the internet. And what feels more safe than scrolling through tumblr on your laptop in your warm bed, instagramming that weird thing your cat does, or telling your friends what you’re up to today?

In an industry where shoot first, ask questions later might as well be tattooed across the shoulders of startup employees, none of this is very surprising.

The industry has shown some hints at self-awareness of the problems it magnifies, but creates as many as it solves. Anti-social networking apps like Cloak, ostensibly used to avoid people you follow on social networks, can just as easily – and perhaps more obviously to those of us most vulnerable to confrontation or altercation – be used to stalk contacts.

Many marginalized people are using services in ways the creators may not have expected. When I received death and rape threats this past summer, it was important for me that my partner always knew where I was. I used Apple’s Find My Friends to constantly share my location. But in doing so, I’m forced to give up more privacy. It’s easy enough to forget that it’s always monitoring me; what danger could I be in if my partner knew I visited an abortion clinic, the home of an ex, or an intimate violence shelter?

There is no “outside the system”

Miraculously (and perhaps ignorantly), all of this hasn’t made me a social recluse. To this day I use services that share photos, videos, microblogs, what I read and listen to, my exercise habits, and even what I knit.

A bridge enclosed in wire fencing.Photo CC-BY Daniel Oines, cropped & filtered.

There’s no doubt that social networks use predatory practices masquerading as friendly ones to extract what they need from users and that people will exploit that easily available data to victimize marginalized people in slightly more sophisticated versions of the old ways. As marginalized people, we’re often on the safe side when taking the cynical view of things, so assuming social networks and predatory people will be out there, how do you protect yourself? A growing sub-genre of self-help books focusing on internet privacy, including Violet Blue’s The Smart Girl’s Guide to Privacy, may hold some of those answers.

But we shouldn’t discount what participating in social networks means for our identities. Can we celebrate and share our identities – all the little pieces that make us who we are – without sacrificing our privacy and safety? Are our identities forever altered by defiantly living within the Panopticon?

You Asked: How do I deal with online harassment? How do I help the targets of online harassment?

July 8, 2014

A German translation of this post is available on kleinerdrei.org

This post covers two similar questions.

I've recently found myself the target of an internet harassment campaign. Do you have any tips for dealing with this?

Dealing with online harassment is emotionally and physically taxing, which is exactly what harassers aim for. You can minimize their impact and protect yourself at the same time in a variety of ways.

As someone who faces this regularly, I opted to create a post to explain how I'd like people to react when they see this happen to me. In conjunction with a keyboard shortcut on my phone and computer (!trollresponse, which expands to that link), I can quickly inform people what I need from them and why, without having to explain it to each person individually during every incident. I also link to this from my contact page and in the footer of my site so it's easily accessible for people who would otherwise be contacting me about those things. 

Consider contacting important people in your life to notify them about what's happening to you. Frequently harassers will attempt to get to you by attacking people in your life (family, friends, employer, clients), so minimizing that risk is something to seriously consider. This isn't an option for everyone, as some people need to keep their online identity or work secret from those people in their lives, so do what is best for you. Notifying the people close to you keeps them from inadvertently revealing any information to harassers online or exposing you to additional risk. 

You may also want to discuss this with your therapist/other mental health professional or doctor as this adds an incredible amount of stress to your life. The Geek Feminism Wiki has a handy resource for therapists working with geek feminists who regularly see this abuse.

On social media in general, block liberally. Remove the opportunity for people to easily continue to harass you. My personal policy is if I feel my heart rate tick up a notch when I read something someone has sent to me, I immediately block them. We don't owe abusive people our time or attention.

On twitter considering using The Block Bot, which is a service that allows individuals to add people to a shared block list for generalized abuse. If someone says something aggressively sexist, cissexist, transphobic, or otherwise to someone on the network and they add the person to The Block Bot, the person will also be blocked for me. It's a sort of pre-emptive strike against harassers.

On facebook, be sure to regularly check your privacy settings. I have a calendar notification every 2 months that reminds me to take a half hour to make sure they haven't added new features that have chipped away at my privacy.

Consider having someone close to you screen your emails, @replies on twitter, or other messages online for harassing content. Ask them to keep everything private, but to log everything. They can block people, archive emails, and report people for abuse on your behalf (but be aware that on Twitter, reports of abuse can only come from the victim's account :/).

Any threats and harassment you receive should be documented. Know that tweets, facebook posts, etc can all be deleted by the user who sent them (or taken down if the user is suspended), so be sure to take screenshots, record links and text, and any names or aliases the person goes by. If the person escalates, being able to show a pattern of ongoing, excessive behavior may be important.

Take care of yourself. This stuff is hard to deal with even when you're at your best. Talk to people you trust about your concerns, what you need from them, and how they can help. Eat, exercise, and sleep as normally as you otherwise would. Take time for yourself to do things that relax you - read, play games, spend time outside, be with friends.

I know that you and other diversity advocates and activists face a lot of harassment online. When that happens, what can I do to help?

The way that each person would like you to react to their being harassed is different. Unfortunately, being the victim of harassment comes with more than just the obvious risks.  Respecting their wishes is the least you can do to not add to the pile of unwelcome contact they're currently receiving. If you don't agree with the way they are handling being harassed, remember that it's not your place and not helpful to tell them they're doing it wrong. Respect what they want and need.

Expose as little of another person's life as possible:

  • Ask before taking a picture of someone and if it's okay to post it publicly; tell them where you are posting it. Don't forget to ask if it's okay that you tag them.
  • Ask before checking someone in on Foursquare, Facebook, or similar geoloc services. Don't check in at people's homes.
  • Don't make private plans publicly. Ask the best way to arrange things with them - email? sms? DMs? phone call?
  • When inviting people to small events, provide a way to privately contact you so they can voice any concerns about other possible attendees, the venue, etc.
  • Ask each time before sharing private information: phone numbers, email addresses, physical addresses, online identity information, employer, medical information, gender/sexuality/other identity information, etc. When in doubt, offer to share the asker's contact information so the person can choose whether or not they want to share that information with them directly.
  • Never make promises on someone else's behalf.

Understand that people facing this kind of harassment may have a variety of emotional reactions - anger, depression, sadness, anxiety, hopelessness, numbness. Don't negate their feelings. 

A victim of harassment may also need special consideration when planning social or professional events, so be sure to be aware and sensitive to them.

Resources

Protecting Yourself

More on Harassment

Feigned Shock and Faux Enlightenment

July 2, 2014

I'm often asked if I believe that things in tech are getting better. Are the efforts to raise awareness, educate, and counteract the effects of rampant sexism, racism, cissexism, homophobia, and ableism, among others, making an impact?

Changes happen at a level hard for us to perceive, something I discussed in a recent talk I gave at Monitorama. That being said, I've been watching a few areas in which to gauge progress.

Feigned Shock

The diversity in tech movement is stronger, larger, and louder than I believe it's ever been. Articles in industry publications as well as global magazines and newspapers, blog posts, conference talks, podcasts, and large-scale twitter discussions continually highlight the rampant abuse, harassment, and bias that marginalized people in tech face.

And yet each time these incidents surface, the industry and surrounding publications feign shock. How could this happen at a company a large portion of the industry looks up to? Can you believe a highly respected speaker and author would do that to someone at a conference? How can people be treated unfairly in a meritocracy?

Reactions to these incidents are so unvaried that we can easily map the timeline:

  1. Incident goes public.
  2. Feigned shock from the offending group, meanwhile marginalized group are upset that this is happening yet again and nothing has changed.
  3. Offending group calls incident reporter derogatory names and a liar. Depending on how visible and beloved the offender(s) were, the reporter may also receive sustained harassment, abuse, and threats from the offending group.
  4. Approximately 1 week elapses.
  5. Go to 1.

To be shocked by these incidents is to actively avoid reading, hearing, or seeing anything documenting these incidents. As they even show up on Reddit and Hacker News, places famously hostile to marginalized people, I just don't see how it's possible to avoid it.

But here's the thing: the longer they pretend to be shocked and appalled that these things happen, the longer they can keep from evaluating their own actions and those of their colleagues. They can distance themselves from the incident, remarking that they'd never do something like that. There is no critical discussion about what leads to these incidents - what parts of our culture allow these things to go unchecked for so long, how pervasive they are, and how so much of this is rewarded directly or indirectly. All of this means spending a day or two upset and demanding that someone do something!, while waiting for the next thing to come along and distract us from actually contributing to solutions.

It's important to notice what is happening here: by declaring that the people doing these things are others, it removes the need to examine our own actions. The logic assumed that only bad people do these things and we aren't bad people, so we couldn't do something like this. Othering effectively absolves ourselves of any blame.

Faux Enlightenment

Along with greater discussions of diversity unfortunately comes faux enlightenment.

This takes a lot of forms and is scary in that it's very difficult to tell who really believes in diversity. I've known a number of very visible, public figures who say one thing in public, but support some heinous things behind closed doors. When these people are conference organizers, programming heroes, and well-known speakers, the risk they pose to harming a lot of people is hard to ignore.

This is also manifested in people and organizations that are largely paying lip service to diversity without understanding what continues to contribute to the lack of diversity and why a lack of diversity hurts us all. 

Without having invested time or energy into educating themselves about these issues, they're left to mimick what they believe people want to see or hear. For instance, we've seen a number of programming conferences recently announce they've put a code of conduct in place, only to find out it not only doesn't protect victims of harassment, but it puts the onus on the victims themselves to resolve the situation with the person harassing them. Or consider the number of companies declaring that diversity is important because "it'd be nice to have women to look at in the office" (note that in the majority of the discussions they have, diversity is always and only code for women, and often white women).

When the inevitable backlash occurs, it can often be worse than if they'd done nothing at all, and for good reason. By feigning enlightenment, they're intentionally deceiving people who are worried about their safety. The industry is dangerous enough without being tricked into walking down a dark alley. From there, they get defensive ("we tried to do something good!", "nothing is ever good enough for these people!") before having to backpedal and patch things up with the community. They issue a non-apology apology and reaffirm their commitment to diversity by making a donation to a non-profit.

The assumption being that if they make a sizable donation, it offsets the harm they caused. What it's become is a sort of fine levied upon individuals and businesses that do wrong - a simple speeding ticket to be paid. More often than not, this is a transparent PR tactic to mitigate some of the damage to their reputation. They make no promise to educate themselves or the other people in the organization to understand why what they did was wrong to prevent them from doing it again. Without recognizing the context in which things are problematic and giving them the base level of skills to apply the rules to a variety of situations, they're bound to make the same or similar mistakes in the future, leaving progress locked in time. 

Don't get me wrong - I fully believe they should still have to pay the fine, but when you consider the amount of professional, personal, and financial harm they've done to their immediate victim(s), on top of contributing to an already ignorant or actively aggressive anti-diversity community, you can start to see how any amount of money they'd willingly part with as a PR tactic is unlikely to even begin to offset their actions.

And even when they donate money to a diversity in tech non-profit, it's often to one that is furthest from the problem they contributed to. This is especially true of pipeline non-profits, which help two major demographics: children/young adults under 18 (who tech companies cannot hire), or intro classes and developer schools (in an industry that shies away from hiring junior developers at all).

Pipeline organizations play an important role in increasing diversity in tech, but they don't address the problems that currently exist in the industry that contribute to the epidemic of attrition. We need to be forced to examine the problems we create and perpetuate - to tackle the body of the problem, which is the lack of opportunity, advancement, equality, and poor treatment that marginalized people face when trying to succeed in the industry. We need a solution to keep coworkers from making homophobic jokes, to encourage bosses to examine the biases that prevent them from noticing the accomplishments of people of color, to educate conference organizers about taking reports of harassment seriously and act to protect their attendees. We need to change our workplace culture to be inclusive and welcoming. For the people who go through these pipeline organizations and developer schools, they end up struggling to find jobs, be paid fairly, treated decently, and offered advancement.

So how does donating to a pipeline organization help if we want to give new people an actual place in the industry?

Donating to organizations as far from the source of the problem as possible allow us to redirect the blame, with false but regularly accepted statements like we don't have any executives of color because children of color aren't interested in computer science at a young age. We don't have any women speaking at our conference because they're too afraid to speak in front of an audience. Not only does this ignore the number of highly capable marginalized people that are already in the industry, but it puts the blame back on them for not being present. We dismiss our involvement in the problem; how we discourage them from participating through our marketing, our actions and those of our colleagues, and failing to consider how homogeneity-enforcing we've allowed our culture to become.

So long as I confine my activities to social service and the blind, they compliment me extravagantly, calling me ‘arch priestess of the sightless,’ ‘wonder woman,’ and a ‘modern miracle.’ But when it comes to a discussion of poverty, and I maintain that it is the result of wrong economics—that the industrial system under which we live is at the root of much of the physical deafness and blindness in the world—that is a different matter! It is laudable to give aid to the handicapped. Superficial charities make smooth the way of the prosperous; but to advocate that all human beings should have leisure and comfort, the decencies and refinements of life, is a Utopian dream, and one who seriously contemplates its realization indeed must be deaf, dumb, and blind.

Helen Keller, letter to Senator Robert La Follette, 1924

By only supporting programs that are as far a reach from the industry as possible, we're passing the responsibility on to the next generation of business owners, conference organizers, and community members. In abandoning the marginalized people that currently work in the industry, we prolong the myriad problems we see today even longer.

What Does This Mean?

So what does all of this mean for diversity in tech? Like everything, it's complicated.  

On one hand, attempts are being made on a large scale - concious and otherwise - that artificially limit the speed of change. We see individuals pretending that at every incident of publicized abuse, this is the first they've heard of this behavior happening at companies and conferences. They profess their "committment to diversity" only after they've been caught doing the absolute minimum or worse, creating actively hostile environments. They aim to avoid detection, effectively deceiving people into believing they have invested effort in positive solutions and are deserving of praise.

On the other hand, these conversations are happening. Diversity is becoming a demand in tech. Whether or not companies, conferences, communities, or individuals understand the need for it, they know they can't ignore it anymore. For instance, a tech conference cancelled last month and publicly stated the reason was because they were unable to get any women and/or people of color to speak. That being said, they and other people in the community blamed marginalized people for the lack of diversity in the lineup, but at least the conference knew they couldn't have a homogenous lineup without consequences.

If we're going to see any kind of progress, it's going to mean moving ahead before some people are ready and it's going to be painful.

It also means that people need to stop just nodding their approval at this work and actually get involved. Our roles in this problem don't end at mere agreement. It isn't super helpful that you emphatically agree with those who speak about the lack of diversity in tech on twitter. What is helpful is educating yourself, owning up to your mistakes, and being present in your community working to fix these problems. We can start by not expecting a pat on the back for doing a single good deed - change is made of millions of good deeds done over and over again. A single action isn't nearly as helpful as changing your outlook on these issues and contributing to change every day.