Category: Technology (page 1 of 34)

Some thoughts on Keybase, online security, and verification of identity

I’m going to stick my neck out a bit and say that, online, identity is the most important factor in any conversation or transaction. That’s not to say I’m a believer in tying these things to real-world, offline identities. Not at all.

Trust models change when verification is involved. For example, if I show up at your door claiming to be Doug Belshaw, how can I prove that’s the case? The easiest thing to do would be to use government-issued identification such as my passport or driving license. But what if I haven’t got any, or I’m unwilling to use it? (see the use case for CheapID) In those kinds of scenarios, you’re looking for multiple, lower-bar verification touchstones.

As human beings, we do this all of the time. When we meet someone new, we look for points of overlapping interest, often based around human relationships. This helps situate the ‘other’ in terms of our networks, and people can inherit trust based on existing relationships and interactions.

Online, it’s different. Sometimes we want to be anonymous, or at least pseudo-anonymous. There’s no reason, for example, why someone should be able to track all of my purchases just because I’m participating in a digital transaction. Hence Bitcoin and other cryptocurrencies.

When it comes to communication, we’ve got encrypted messengers, the best of which is widely regarded to be Signal from Open Whisper Systems. For years, we’ve tried (and failed) to use PGP/GPG to encrypt and verify email transactions, meaning that trusted interactions are increasingly taking place in locations other than your inbox.

On the one hand, we’ve got purist techies who constantly question whether a security/identity approach is the best way forward, while on the other end of the spectrum there’s people using the same password (without two-factor authentication) for every app or service. Sometimes, you need a pragmatic solution.


I remember being convinced to sign up for when it launched thanks to this Hacker News thread, and particularly this comment from sgentle:

Keybase asks: who are you on the internet if not the sum of your public identities? The fact that those identities all make a certain claim is a proof of trust. In fact, for someone who knows me only online, it’s likely the best kind of trust possible. If you meet me in person and I say “I’m sgentle”, that’s a weaker proof than if I post a comment from this account. Ratchet that up to include my Twitter, Facebook, GitHub, personal website and so forth, and you’re looking at a pretty solid claim.

And if you’re thinking “but A Scary Adversary could compromise all those services and Keybase itself”, consider that an adversary with that much power would also probably have the resources to compromise highly-connected nodes in the web of trust, compromise PKS servers, and falsify real-world identity documents.

I think absolutism in security is counterproductive. Keybase is definitionally less secure than, say, meeting in person and checking that the person has access to all the accounts you expect, which is itself less secure than all of the above and using several forms of biometric identification to rule out what is known as the Face/Off attack.

The fight isn’t “people use Keybase” vs “people go to key-signing parties”, the fight is “people use Keybase” vs “fuck it crypto is too hard”. Those who need the level of security provided by in-person key exchanges still have that option available to them. In fact, it would be nice to see PKS as one of the identity proof backends. But for practical purposes, anything that raises the crypto floor is going to do a lot more good than dickering with the ceiling.

Since the Trump inauguration, I’ve seen more notifications that people are using Keybase. My profile is here: Recently, cross-platform apps for desktop and mobile devices have been added, mearning not only can you verify your identity across the web, but you can chat and share files securely.

It’s a great solution. The only word of warning I’d give is don’t upload your private key. If you don’t know how public and private keys work, then please read this article. You should never share your private key with anyone. Keep it to yourself, even if Keybase claim it will make your life easier.

To my mind, all of this fits into my wider work around Open Badges. Showing who you are and what you can do on the web is a multi-faceted affair, and I like the fact that I can choose to verify who I am. What I opt to keep separate from this profile (e.g. my gamertag, other identities) is entirely my choice. But verification of identity on the internet is kind of a big deal. We should all spend longer thinking about it, I reckon.

Main image: Blondinrikard Fröberg

So it turns out that you can pretty much do whatever you like on your own website

Last week, Audrey Watters blocked and Genius on her website. These two tools allow a ‘layer’ to be added to websites for annotation and discussion that can’t necessarily be controlled by the person who owns that site.

Blocking annotation tools does not stop you from annotating my work. I’m a fan of marginalia; I am. I write all over the books I’ve bought, for example. Blocking annotations in this case merely stops you from writing in the margins here on this website.

My first reaction? Audrey can do whatever she likes. Just as when she removed the ability to comment on her site a few years back, I didn’t understand the decision at first, but then it kind of made sense. Either way, it’s her site, and she can do whatever she wants.

So far, so why-are-you-even-writing-a-post-about-this?  Discussions on Twitter, Mastodon, Slack, and elsewhere show that this is a live issue. So, naturally I’ve been thinking about it. I have to say that I agree with Mike Caulfield’s sentiments:

My take (of course) is that annotation works best through a system of copies. Anyone should be able to annotate a copy of your work. But it’s not clear to me that people have the right to piggyback on the popularity of an address that you’ve worked your butt off to promote. It’s not clear to me that they should get to annotate the master file. This has always been the problem with comments as well — they work best on small sites, and go bad when they give users a much larger platform than they have earned. As with everything online, the phenomenon is gendered as well.

It seems what Audrey is doing is protecting her ‘means of production’ from what she considers to be an active assault from those who wish to piggyback on the success of her work. Some people have questioned how that works with the explicitly ‘open’ stance that Audrey takes. However, I think any perceived tension between her move and open licensing goes away when we think of some other examples.

Here’s three:

  1. Pokémon Go — this location-based, augmented reality game used some people’s residences as ‘gyms’ where characters in the game did battle. This caused real-world issues. Most people thought that random strangers pulling on to their drive to play games was an infringement of their civil liberties.
  2. Google Street View — this service involves a car mounted with 360° cameras taking photographs to improve Google’s mapping service. Faces were blurred out, but this wasn’t good enough for Germany’s stringent privacy laws. They’ve been prevented from capturing images at least once, especially when people are on their own property.
  3. Robots.txt — this text file that website owners can include in the root folder of their domain specifies what web crawlers can and cannot do. If you say that you don’t want your site to be indexed, then search engines and other aggregation engines should (legally?) comply.

Using these as touchstones, it seems fair enough for someone to insist that you create a copy of their work to be able to annotate it. As Mike Caulfield hints at, giving people the ability to comment on the master document seems like a privilege rather than a right.

Perhaps those creating annotation engines should find a way to seek the domain owner’s permission? An easy way to do that would be to get them to add the necessary code to activate annotation (as we did with OB101), rather than make it a free-for-all…

Image CC BY-NC-SA Karl Steel

Why I’m not using Twitter next month

TL;DR I’m spending time experimenting with and exploring Mastodon during the month of May. You can connect with me at

Update: I’m now at, for reasons I expain here.

Back in 2011, when I’d just discovered Open Badges, I led a semester of learning on the concept. Sometimes it’s not enough to play around the edges; you have to jump in with two feet to understand what something’s about. That immersion confirmed my initial thoughts, and I’ve spent the last six years evangelising and advocating for digital credentials based on that particular open standard.

The same was true back in 2007 when I joined Twitter. I thought that this was something revolutionary, something that could not only change the way that professional development was done in schools (I was a classroom teacher at the time) but literally change the world. Unlike Open Badges, of course, Twitter is backed by a for-profit company that floated on the stock exchange a few years ago. It’s a ‘free’ service that requires on advertising to provide shareholder value.

It was easy to forget all that in the early days, as we were giddy with excitement, connecting with like-minded people around the world. Pre-IPO, Twitter seemed like the good guys, being seen as a key tool in people organising to overthrow repressive regimes. In those days, it was easy to use one of a number of Twitter clients, and to route your traffic around the world to avoid censorship. Now, not so much.

Last week, via Hacker News, I came across 8values, a 60-question quiz in the mould of Political Compass. My results are below:

Libertarian Socialism

While I’m aware that this isn’t the most rigorous of ‘tests’, it did set me off on an interesting path. As you can see at the top right of my results, I came out as favouring Libertarian Socialism. I was surprised, as libertarianism is something I usually explicitly argue against.

I decided to do some digging.

The Wikipedia article for Libertarian Socialism is pretty fascinating and, as you’d expect from that site, sends you off on all kinds of tangents via the numerous links in the text. Given that I had an upcoming transatlantic flight coming up, I decided to make use of Wikipedia’s Book Creator. Within five minutes, I had a 500-page PDF on everything from anarcho-syndicalism to the Zapatista Army of National Liberation.

To cut a long story short, my current thinking is that Mutualism seems to best describe my thinking. I’m re-reading Proudhon’s What is Property?. He’s a little naive in places, I think, but I like his style.

Anyway, this is all to say that we need to re-decentralise the Web. I wrote a few years ago about the dangers of newsfeeds that are algorithmically-curated by advertising-fuelled multinational tech companies. What we need to do is quickly replace our reliance on the likes of Facebook and Twitter before politicians think that direct digital democracy through these platforms would be a good idea.

Ethical Design

So I’m experimenting with Mastodon. It’s not radically different from Twitter in terms of look and feel, but it’s what’s under the hood that’s important. The above image from Aral Balkan outlines his approach to ‘ethical design’ — an approach ensures things look good, but also respects us as human beings.

Decentralised systems based on open standards are really our only hope against Venture Capital-backed ‘software with shareholders’. After all, any promising new startups that aren’t decentralised tend to get gobbled-up by the supermassive incumbents (see WhatsApp, Instagram). But to get to scale — which is important in this case, not for shareholder value, but for viability and network effects — people have to use these new platforms.

So that’s what I’m doing. During May, a month when my Twitter timeline will be full of UK General Election nonesense, I’m using Mastodon. The only things I’ll be posting to Twitter are links to things I’ve written. If you’d like to join me, head here, choose an ‘instance’ (I’m on and sign up. You can then add me: As in the early days of Twitter, one of the easiest ways to find good people to follow is to find ‘nodes’. I’ve found Anil Dash (@anildash) to a good starting point.

I look forward to seeing you there. It’s a learning experience for me, but I’m happy to answer any questions below!

Header image CC BY Eric Fischer

My sites are now hosted in the European Union

I host my websites through Reclaim Hosting. I’ve been with them for a few years now, ever since they were known as ‘Hippie Hosting’ and an offshoot of the amazing work done by Jim Groom and team at the University of Mary Washington’s Division of Teaching and Learning Technologies.

Companies often talk about their commitment to customer service, but I’ve never known anything like that which receive from Reclaim Hosting. It’s insane. For example, in the last six months, amongst other things, they’ve:

  • Responded within a minute to a query about my wiki being down, and had fixed it for me within five minutes.
  • Worked with me to rectify a persistent spamming problem on my sites (that was my fault, not there’s)
  • Migrated my sites from US servers to ones based in the EU within 24 hours of me tweeting that I’d like them to do so.

On top of that, they charge me a very low price. I’m a huge fan, as you can tell.

The last of the bullet points is an important one as President Trump continues to rip up the good work carried out by his predecessors. For example, earlier this month, The Register reported on a joint letter sent by Human Rights watch and the ACLU which outlines in detail how Trump’s executive orders are underming the US-EU Privacy Shield. Bloomberg reckons that the EU are ready to pull out of it.

It’s 2017, so it seems strange to be talking about things that seemed more important in the early days of the web, such as where your server is located. But, of course, given the nationalist turn we’ve taken in the west, these things matter.

They matter because he location of your server is still of vital importance, despite recent protestations, that data in transit through the US makes it subject to US law. What you put on your own web space isn’t just the front end stuff that everyone sees, it’s the backend stuff as well — family photos, private emails, and the like.

Some people have asked why I’ve chosen to host my data in Germany, rather than in the UK. Well, for a start, I still consider myself as more European than British, despite ‘Brexit’. Second, Germany has stronger privacy laws than the UK (and certainly the US). Finally, and more pragmatically, it’s the EU option offered by Reclaim Hosting (mainly, I believe, because Digital Ocean offer block storage in that zone)

I perhaps spend more time thinking about these things than most, but that’s because it’s something I deem important. Ironically, most of my readers are in the US, so this move actually adds a few milliseconds to their page load times. Sorry about that…

Image CC BY Jeff Ddevjet

Preparing for ‘Story Hack’

Tomorrow, I’m helping facilitate Story Hack, a kind of book sprint at Gateshead Central Library. It’s part of a series of events funded by Arts Council England called STORY MODE:

Story Mode is a series of events that actively explore the role that Libraries play in their communities via a critical engagement with contemporary creative digital practices and how this activity can enable Libraries to grow in capacity and profile.

It presents new ways of working by presenting experiences and approaches from local, national and international practitioners. Story Mode events will connect Libraries to current engagement practices in contemporary visual, digital and narrative arts.

We’ll be using Sourcefabric’s Booktype platform to collaborate on during the day. Facilitators have been asked to curate relevant Creative Commons-licensed (or public domain) text for remixing, as well as to prepare a short, 15-minute talk about their work.

In terms of the focus of the day, we’ve been given the following prompt:

The advent of collaborative online platforms for journalists, writers and visual artists has had a profoundly disruptive effect upon the nature of traditional media and how we access it. This situation raises more questions than it answers. Questions like: Do digital platforms have the same aura and appeal as physical media? Does the truth matter anymore? Who should we give our attention to and why?

Thankfully, my network is filled with professionally-generous people. The following are just 10 of those whose work I can confidently and openly share with others in relation to the above prompt:

In terms of my own work, I’m going to use five links to describe what I’ve worked on over the last five years:


I’m going to learn a lot tomorrow, and see myself as much as a participant as I am a facilitator!

Image CC BY-NC Thomas Hawk

Safer Internet Day 2017 resources

Ironically enough, it was due to having to fix my hacked (and re-hacked) sites that has led to me posting these resources towards the end of Safer Internet Day 2017. Still, better late than never.

Today, I’ve been at the International School of Geneva, at the invitation of Richard Allaway. I ran three sessions with Years 10, 11, and 12, and then an after-school session with staff. You can find the slide decks I used below:

Many thanks to all involved — I had a great time, and some of the discussion was really thought-provoking!

Experimenting with push notifications

One of the advantages of reading Hacker News regularly is being exposed to the blogs of pretty technical people. Naturally, they’re the kind of people who are likely to be the first to implement new technologies.

Recently, I came across a blog that had a pop-up from the address bar. It asked me if I’d like to turn on ‘push notifications’ for new posts. I’m used to Google Calendar, Slack, etc. asking for these kinds of permissions, but it was a first for a blog.

After a bit of investigation, it would seem that implementing this myself in a manual way would involve more than just a half-hour tinker. It was then that I came across PushCrew, a service that offers a WordPress plugin. Configuration couldn’t have been simpler.

For the last couple of weeks, visitors to this blog have seen the following notification:


So far, 29 people have opted-in. Given it’s likely the first time most visitors have seen this kind of thing, I’d expect these kinds of numbers.

Hopefully, this is a useful development for people. I’m happy to experiment with it for a while, and gain your feedback. It’s free for up to 500 subscribers, so it’s not costing me anything for the foreseeable future

To me, it’s a half-way house for people who, with the best will in the world, are never going to subscribe via RSS, don’t want blog post emails  cluttering up their inbox, and who might miss updates via social media. It’s also cross-platform, and built on web standards.

Let me know if you think this is useful (and if you’re thinking of adding it to your own blog!)

Image CC0 Frank McKenna

The Flatter Organisational Structure Of The Future

My third of three posts for The Nasstarian has now been published. Entitled The Flatter Organisational Structure Of The Future, it’s a look at organisations that do very well because of less organisational hierarchy (and bureaucracy).

Here’s an excerpt:

The three examples below are primarily from the world of technology: these are fast-moving organisations who can’t let layers of middle-management get in the way of getting a product or service to market. What I hope this overview of flatter hierarchies inspires you to do is to think carefully about your next re-organisation. Instead of shuffling the deckchairs, could you instead introduce one of these approaches?

Click here to read the post in full!

Note: I’ve closed comments here to encourage you to comment on the original post.

7 approaches to educational technology integration

I’m working with Victoria College, a school in Jersey, at the moment. They’re new to digital strategy, so I’ve been sharing some models that can be useful when thinking in this regard.

1. The OODA loop

OODA loop (CC BY Patrick Edwin Moran)

Much more generally applicable than just to educational technology integration, and pioneered in the military, the OODA loop is useful when thinking about where to get started.

What I particularly like is that it starts with observation, and places great emphasis on context and feedback.

2. The SOLO taxonomy

SOLO taxonomy

SOLO stands for Structure of Observed Learning Outcome and focuses on five levels of understanding, from ‘pre-structural’ through to ‘extended abstract’. I reference this model in my book, The Essential Elements of Digital Literacies, which is where the above diagram comes from.

The idea is that competence is scaffolded and goes from understanding some aspects, through to the relation between them, and finally, applying that knowledge to a new domain.

3. The SAMR model

SAMR model

Although I’ve seen some recent pushback, I still think that the SAMR model is a useful frame to use for educational technology integration. The idea is that we move beyond technology that merely substitutes for previous analogue examples.

What I like about this model is that it takes minimal explanation, and can serve as an aspirational goal for both individual educators, and whole establishments. This is another diagram from my book.

4. The TPACK framework

TPACK framework

TPACK stands for Technological Pedagogical Content Knowledge. At its heart, it’s a Venn diagram, showing the overlap between technology, pedagogy, and content, but, again, I like the use of ‘context’ wrapping around the whole thing.

This framework is useful when explaining the importance of technology as an integrated part of a wider institutional/organisational strategy. The overlaps between each circle are also handy for identifying different streams of work.

5. Kolb’s experiential learning cycle

Kolb's Experiential Learning Cycle

While I think we can agree that Kolb’s ‘learning styles’ theory was off-the-mark, his experiential learning cycle is definitely worth exploring further in terms of educational technology integration.

As with other models, there’s a balance between doing and reflection, but — and this is where there’s a clear link to the SOLO taxonomy — Kolb’s emphasises the importance of ‘abstract conceptualisation’.

6. Vygotsky’s Zone of Proximal Development


The Zone of Proximal Development (ZPD) is a very simple approach to scaffolding learning. It sits between what the learner current cannot do and what they can do unaided. In other words, the ZPD is where maximal learning is happening.

Again, this is a simple approach which most educators should already know about. My father used to talk about it all the time when I was younger and he was doing his postgraduate studies! It’s useful for thinking about scaffolding staff/student digital skills.

7. The Essential Elements of Digital Literacies

The Essential Elements of Digital Literacies

I’d be remiss if I didn’t mention my own work, the product of the years of work that went into my doctoral thesis. It’s a synthesis of what came out of a meta-analysis of digital literacy approaches and frameworks.

There’s eight skillsets (the top row) and eight mindsets (bottom row). In my book and TEDx talk, I explain the importance of co-creating definitions of digital literacies, and placing emphasis on context. In terms of educational technology integration, I think the ‘mindsets’ are often skipped over.

I’m well aware that there are other approaches out there, and no doubt some I’ve never heard of. That being said, these are the models I currently find most helpful when working with clients. What have I missed?

Image by Paolo Carrolo

How I’m Getting Shift Done

NewCo Shift is a publication on Medium’s platform. It launched in April 2016 and covers “the biggest shift in business and society since the industrial revolution”.

This week, they launched a new part of the publication with the title ‘Getting Shift Done’ [GSD], divided into a Management section and a Tips and Tricks section. It’s an experiment, made possible with the help of sponsors Xero (which I use for Dynamic Skillset) and Work Market (which they’re using to manage freelancers for GSD).

I’m pleased to say that I’ll be contributing around five articles a week to NewCo Shift GSD. My first, How to Productively Stalk your Co-Workers using Dropbox Paper is now live (with a creepy, if germane, accompanying image). My focus will be sharing very straightforward ‘howto’-style posts, mostly for tools that I use and recommend.

If you appreciate my work, I could use your support in favouriting, commenting, bookmarking, and otherwise sharing my work on this new platform. Thanks in advance!

Note: I’ll include these posts in my weeknotes and Thought Shrapnel newsletter, rather than cross-post every single one here!