How To Put Facebook in a Box

If you’re like me and you hate everything Facebook has become and everything they do as a company but you keep using it because nice people you really want to stay in touch with are on it, then here are a few simple tips to minimise your Facebook exposure:

1. Disable Facebook Platform. Instructions are helpfully provided here: After doing this, you will no longer be able to use Facebook to log in to other sites. That helps to remove Facebook’s power. If you already use Facebook to log in to other sites then this can be bit of a pain but it’s worth it to extricate yourself from Facebook’s platform.

2. Isolate Facebook. Using the Brave browser that blocks ads and tracking is one way. (Brave is my primary browser these days.) If you use Firefox, install Mozilla’s Facebook container extension:…/fire…/addon/facebook-container/ that will automatically isolate your Facebook usage from your usage of other websites. In Chrome or Opera, use a good third party tracking blocker such as Privacy Badger: (On my Firefox installations, I have Facebook container, Privacy Badger and HTTPS Everywhere installed). This limits what Facebook can know about your comings and goings on the rest of the web.

3. Delete any Facebook apps from all of your mobile devices. Sorry – this is an important one. Installing any Facebook app (including Facebook Messenger) gives Facebook unlimited access to information about you all the time. Delete the apps. Instead, use Facebook via the web browse and ensure you also have a tracking blocker installed on your mobile web browser (such as If you are sporting an Android phone, you can save the Facebook web app to your home screen and take advantage of notification so you can still be notified e.g. when someone comments on your post. More info can be found here:…/facebook-rolls-out-progressive…/ On IOS you can also save-to-homescreen from within the browser but you don’t get quite as much functionality. It still works fine.

(And yes, Samsung Internet mobile browser – available on all Android phones – does allow save-to-homescreen and installation of the Disconnect tracking blocker so I encourage you to use that. Plug over.)

4. Stop using FB messenger. And start thinking about migrating off of WhatsApp as well. It’s only a matter of time. Signal, Telegram and Wire are good alternatives.

And if you’re feeling very adventurous, please come join me on Mastodon (which is an open source, distributed alternative to Twitter and Facebook) and follow me at More info here:

In general, all of the above isolates your Facebook activity and lets you use the service for what it was designed for in the first place – keeping in touch with other people you care about. It also mitigates against the ways Facebook surveils you while you use it. If you want any help setting up anything I’ve described above, please let me know (not via FB Messenger please) and I’d be glad to help out. If you have additional suggestions, please feel free to post them in the replies. If you feel tempted to reply something like “who cares, privacy is dead” please just don’t.

An Open Letter to Chuck Schumer

Today, I have sent the following letter to Chuck Schumer, senator from New York State and Senate Minority Leader urging him to take further strong action regarding the horrific abuse of human rights that is currently being perpetrated by US Immigration and Customs Enforcement.

Dear Mr. Schumer,

First of all, please know that I am a U.S. citizen, formerly a resident of (and still a voter in) Brooklyn, NY. I am also a member of Democrats Abroad, where I have been active. Furthermore, I am an immigrant (currently living in another country than my country of birth) and a father of two.

I am writing to you to express my outrage at what is currently happening on the U.S. border. As reported in the New York Times, 5-year-old children are being kept in cages due to a rule change put in place solely by the Trump administration and implemented by an increasingly fascistic ICE agency. There can be no other description for what is going on here than ethnic cleansing and I cannot help but see it as part of a general slide into authoritarianism based on a racist ideology that brands some people as “animals” due to their ethnicity or country of origin. What is happening here seems like it must be against the law on child cruelty grounds alone.

However, so far you and your office have remained mostly silent on this issue. Why? What are you waiting for?

  • I call on you to vociferously support the efforts of your senate colleagues to pass the Keep Families Together Act. [NB: when I sent this letter, I did not realize that Mr. Schumer has actually been a cosponsor of the legislation in question. Having said that, my criticism stands because he has not spoken out on this issue and the fact that he has co-sponsored does not appear anywhere on his web site or on his Twitter feed.]
  • I call on you to investigate who has been responsible for putting this policy in place and for implementing it and to prosecute these people for human rights violations and child cruelty.
  • I further call on you to support and demand the dismantling of ICE in its current form. This organization has become the enforcement arm of Trump’s radical racist agenda and needs to be broken up and put under strict control with a human rights agenda at the core.

This is the minimum I expect from my senator, and the Senate minority leader. The country is sliding into fascism, Mr. Schumer. The time is now to put everything else to the side. If we cannot get this right, how we treat children and families of immigrants that lawfully present themselves at the border of our nation, then we do not deserve to be a nation. I urge you to put everything else aside and do everything in your power including obstructing, blocking and lying down in the Senate chamber to halt proceedings if you need to. Our government should shut down until this issue is solved, those children are back with their families, and we are on a path to right the wrongs that are currently being perpetrated in our names at the border.

Yours respectfully,

Daniel K. Appelquist
London, UK
U.S. citizen and voter in Brooklyn, New York

This Blog is Now Secure

For what it’s worth, I’ve moved this blog over onto new host (Tsohost) that supports one-click installation and auto-renewal of LetsEncrypt certificates. So now, after years of hammering on about moving the web to https, I’ve finally made my own web site secure. Yay!

In defense of the URL

Does the URL need defending? The URL has been under attack seemingly since the beginning of the Web. When I was busy launching web sites for magazines and journals in the mid-90s, I remember a radio ad (have no idea what they were advertising) where a clueless sounding guy complained:

“I just double-u double-u double-u don’t get it!”

Back then, the future of the Web and indeed the Internet as a ubiquitous communication medium was far from certain. Scores of voices, including big successful companies like AOL and Microsoft, were still pushing a more “cable TV” type approach to the delivery of digital content and services. In this model, service providers got to control the experience,  and be a funnel for delivery of services to people. Content providers that partnered with AOL would publish their “AOL keyword” on advertisements. Then AOL-competitor Microsoft Network tried to sew up exclusive content deals with newspapers – they wanted to be the sole source for news online. And remember – at this time, if you wanted to use AOL or Microsoft Network (or any of their competitors) you would have to “dial up” to that service, use their client and  then everything you saw from then on would be controlled by that company.

People rejected this approach in favor of the open web. People learned to decouple Internet access from the services they used, the web browser became the way people experienced online services giving those providers direct control over the user experience without any intermediary, and the URL became the cornerstone of that experience. The “dot com” era was born.

The URL is based on the domain name system (DNS) which is distributed in nature and not beholden to any one company, organization or government. Domains are cheap ( costs the same as and once you have one you can do whatever you want with it. And once you type the URL of a web site into the address bar of your web browser, you make a direct connection to that service. No intermediary service gets in the way. When you type, you go to Facebook. That is the way the web works and one of the reasons it has become such a powerful platform.

My feeling is that after 20+ years, people understand URLs. A 2014 pew research study of users’ “Web IQ” found that 69% of American Internet users knew that URL meant “Uniform Resource Locator.” That frankly surprised me – I think fewer people generally know the term URL. But I bet if you presented people with a URL and asked them “what is this?” they would tell you something like “it’s a web address,” “it’s a web site,” “it’s an internet address,” “it’s a link” or something that indicated they basically knew what it was. Furthermore, I bet most people would know what to do with that if you put them in front of a web browser and told them to go to that site. Yes – some of them would go google and then type the URL into the search box. They would still get to the site in question.

So why do marketers still seem bent on the URL’s destruction? Today I came across a bit of advertising on the Tube from Transport-for-London (the organization that runs the Tube)

This tweet elicited an almost instantaneous response:

The thing is: @Codepope isn’t wrong. But he doesn’t need to be wrong for me to be right. Yes, people do search more than they type URLs in. That doesn’t mean we should be ditching URLs in favor of pointing people to search engines. TFL could just as easily have posted a URL such as “” which would give people exactly the information they are looking for without any intermediary step. And, as discussed, if people typed that into a search engine it would go to the same place – search engines are savvy that way. But sending people to a search engine with a few random words defies logic in that it cedes back power and control of the experience to intermediaries (search engines and app stores). The argument on the “pro search” side seems to be “people can remember them better” but (a) I don’t see any evidence and (b) isn’t this a self-fulfilling prophecy? Surely it’s in the best interest of content and service providers to keep people using their URLs as it eliminates the middleman and allows people to connect to them directly.

I just  W W W don’t get it!

My actual theory of why marketers want to kill the URL: they don’t see an angle in it. A marketer who has been going to SEO conferences all year and getting an ear-full about how to cook search results by spending money takes a look at the relatively cheap URL and says “that can’t be as good because it doesn’t cost as much” which leads through a kind of sunk cost bias to the notion that search terms are easier to remember than URLs.

My research on this topic has shown me one thing: researching use of the URL is really hard. Unfortunately, I think this because most search engines aggressively ignore the term URL. I haven’t found any research studies that support or weaken my hypothesis. That Pew study gave me some hope that I’m not entirely off-base though. What do you reckon?


Jeremy Keith’s post on owning his own words has reminded me about the importance of running your own blog in your own space that you control. Of course, I’ve long been a supporter of this idea, but I’m afraid the ease-of-use of Medium has pulled me over to the dark side where I’ve recently been more prolific. Of course, the “barrier to entry” that Jeremy cites is not the only reason I moved to Medium. It is easier to compose there, largely because of the great work they’ve done on a web-based editor. But the main reason I started posting on Medium has been engagement. I simply get more engagement (views, ❤️s, comments, re-shares, tweets) on my Medium posts than I ever did on my blog. Case in point: I wouldn’t have read Jeremy’s original post if I hadn’t seen it on Medium (sorry, Jeremy). There’s a value to the platform that Medium provides. But there’s also a value to owning your own words. I’m also a little disappointed that Medium keeps trying to push their app on me when I’m on mobile devices instead of building a great progressive web app, but that’s a different story.

I run this blog on a self-installed WordPress. So today I’m experimenting with a WordPress plugin for Medium which may allow me to have my cake and eat it too. I’m going to use the blog as the primary platform and see whether I can still get the same level of engagement on Medium.

Update: After making this post, I discovered that subsequent edits to the WordPress post are not reflected on Medium so that’s one strike unfortunately against this method. Why can’t anything ever be easy?

Why are Web Companies Biting the Hand that Feeds Them?

Why are Web Companies Biting the Hand that Feeds Them?

WTF Lanyrd?

I posted the following on Medium earlier today. Basically I have just had it with Lanyrd’s downtime and the seeming unwillingness of parent EventBrite to make any investment in this important service. Let me know what you think and more importantly suggest some alternatives.

Dear EventBrite and Lanyrd: WTF?

How do I “Use” Apple Watch?

So one question I get asked a lot about my Apple Watch is “how do you use it?” (Or sometimes ”how often do you use it?”) From my experience with the Apple Watch thus far, this isn’t the right formulation. In one sense you’re always “using” it because it’s always on you. It isn’t usually something you affirmatively use though. It’s more about the notifications and the ways in which it can replace (mostly with better / easier overall user experience) some functions of the iPhone.

Apple WatchAt right is my boarding pass for a recent flight I took to Vienna to speak at the Uberall App Congress. I presented this image at the end of my talk (which was about how app developers should better make use of the web) to illustrate a point. I was able to get my Austrian Air boarding pass on my wrist without the need for a special Austrian Air app either on my phone or on my watch. The check-in took place on the web site (used from my phone’s browser in this case) and the passbook boarding pass was delivered by email. Once the boarding pass was in passbook, it magically loads into the watch. When the time for the flight drew near, a notification appeared on the watch bringing me directly to the boarding pass. The only slightly cumbersome bit was scrolling down to the 2d barcode with luggage and passport in hand – certainly no less cumbersome (and accident-prone) than fishing out your phone to do the same. The mobile payment scenario for Starbucks is similar, by the way – thought that does require an app install.

I’ve also been pleasantly surprised as how much I’ve been using it for “activity tacking” especially since I’ve never done activity tracking before nor ever felt a burning need in my life to track my activities.

But certainly the main thing I find myself “using” the Apple Watch for is notifications – notifications of text messages / iMessage, Twitter & Facebook activity, Photo sharing activity, LinkedIn activity, Slack activity, calendar entry alerts and the like. The haptic feedback means you never miss an important notification yet also gives you the power to silently ignore or quickly dismiss alerts when appropriate and and in a much less interruptive way than pulling out a phone. In practice this means I feel more in control of my digital life. Because the haptic feedback is not perceptible to anyone besides you and because it’s not visual, you’re not subject to “distracted talking” syndrome a-la Google Glass. By the way, one of the first things I did on configuring the watch was to turn off all email alerts. This is not a device for email – especially with the amount of spam I receive. I’m also still unsure on things like breaking news alerts – I think this only works until New York Times decides to alert me about something I don’t care about.

Things that need work on the Apple Watch, software wise, include the wifi connectivity. The promise is that when you’re on (e.g.) your home wifi network, you can leave your phone in one room and walk anywhere else not necessarily within bluetooth range but still in the same wifi network and your watch will remain connected to your phone. In practice this works maybe 80% of the time. In trying to debug the issue, I’ve found that that both the watch and the phone are indeed on the wifi (by inspecting the access point config) but that they are somehow not communicating. So there is some work to do there. Another issue is that the “turns on when you look at it” feature is maybe 90% reliable – leaving plenty of times when you’re stuck looking at a blank screen. Another feature that would be great but is currently, well, not so great is walking directions. The functionality is that it guides you (via haptic feedback and highly contextual alerts such as “make a left on Carnaby Street in 20 yards”) as you’re walking to your destination. It would be great if it worked. My experience using it in London is that it needs some work. For example, “enter the roundabout” is not a useful walking direction. I expect this to improve with IOS9 but it would be great if I could get Google walking directions (and cycling directions) on the watch. Finally (and this is more of an IOS issue than a Watch issue) I want Safari push alerts on IOS. These push notifications already work well on Safari on Mac OS and it’s hight time Apple brought them to IOS (as Google has done with Chrome for Android).

All in all, I’m very happy with Apple Watch and I definitely think it has the potential to open up the wearables market and make the smart watch as common as the smart phone has now become. There’s been quite a lot of debate recently about how successful the Apple Watch is / will be and how successful it needs to be. This is, to a large extent, a new category of product so it’s difficult to define what success is. Eight years ago Apple opened up the smartphone market with the iPhone. I remember a lot of grumbling back then about how people “didn’t want” touch screens, etc… Well, the doubters have been proved wrong and we are now firmly in the middle of the mobile era. Will the Apple Watch herald the next phase in innovation? My bet would be yes, it will.

Keybase: Reinventing PGP For the 21st Century?

Let’s face it, PGP is pretty old school. It’s like pocket-protechor old-school. I’ve personally taken several runs at trying to get PGP up and running. The problem has always been: once I get PGP working, there’s nobody to send encrypted email to. PGP just has never had enough scale to get even close to mainstream. Enter keybase, which is trying to revolutionize the way people use and think about PGP with a friendly web site and integration into services such as Twitter, reddit and github. I finally cajoled an invite out of a friend today and have been giving it a whirl.

My first impression is that Keybase does not entirely solve the problem of making public-key encrypted email work better. For one: if you want to incorporate PGP email into Apple Mail, you still have to download and install GPG tools, and the command line keybase tools (which require Node and NPM). And though there is some integration between the GPG tools and the Keybase tools, it’s fiddly and requires lots of command line usage (e.g. to make sure people you “track” on the Keybase web site also have their public keys imported into your GPG keychain so you can send them encrypted emails from within Apple Mail. AND you have to use GPG tools to manually add additional email addresses into your key, if you generated the key with Keybase. So that’s a pretty high bar if you want seamless PGP email from the desktop. I haven’t even tried to get it running on any of my mobile devices yet – which will definitely mean moving to a new email client (or just not being able to access encrypted emails on mobile, which is not ideal). There’s a lot of work going on to remedy these issues if the github issue threads are any indication.

What Keybase does allow you to verify PGP signatures without physically validating fingerprints in person, though proofs you add to your social networks.

Anyway, I now have some keybase invites. If you would like one, please message me in some way and have a look yourself.

Tagged with: ,

Mixed Feelings About the UK Government #Cyberstreetwise Campaign

Tube Ad for Cyberstreetwise campaign

Watch out for spammy emails! Or mimes!

So the UK government seems to have launched a new public awareness campaign dubbed #cyberstreetwise  (evidenced by posters in the Tube I spotted this weekend). The campaign’s web site is : Bonus points for a https URL. Negative points for choosing a “.com” domain instead of a more appropriate “” or even “.uk” domain.

So first of all, I was confused initially about who was supporting it. The logos at the bottom left panel include HM Government but also the more recognizable Facebook and Twitter logos (without explanation) which seems (to me) to mean “this is being sponsored by the government, Twitter and Facebook” or possibly “this is a government initiative with sponsorship provided by Twitter and Facebook.” In fact, reading the web site, it appears that neither Twitter nor Facebook have any formal role, so the presence of their logos is somewhat mystifying. I Suppose they just mean “we are on Twitter and Facebook” but honestly, these days who isn’t? [Side note: what is up with random Facebook and Twitter logos on things?  See my Twitter update on this topic that seemed to “go viral” earlier today.]

But putting this to the side for a second, I really don’t know what to make of this campaign. On the one hand, it’s exactly the kind of public awareness campaign thatI feel is needed. People need to start getting more aware of the the web basics, especially around privacy, e-safety, scams. use of strong passwords, installation of updates and use of security software. So yes. Great. But the information provided doesn’t seem to cover a lot of the key basics that I would think need to be covered. For example, under “privacy” i find no mention of private browsing modes or when you might want to use them, and no discussion of tracking on the web.

Tube Ad for Cyberstreetwise campaign

Download all updates at all time, cyber-citizen!

Under “keeping your child safe online” I see “Parental controls are available through your internet provider.” but no mention of Apple’s built in parental controls. More importantly, the text on this screen looks like a placeholder. As I’m leafing through their site, I’m asking “where is the actual content?” It feels like this could be a good use for wizards or possibly a cartoon. Also this campaign seems to be aimed both at businesses and families, and those are two different groups with different needs – so that’s weird. Finally some of the advice is a little questionable. For example: always download updates. Yes, but: sometimes phishing scams can masquerade as software updates as a vector to get malware into your computer. I know that’s a difficult message to package into a Tube advert, but it feels like the messaging could be better thought through. “Sign up to security software provided by your bank, such as Trusteer Rapport.” No. No, no, no. Judging from my experience with the software my own bank was trying to push me, I don’t think this is good advice – at all. Rather, how about educating people about how they can click on the padlock icon in their browser to verify the provenance of that certificate.

So I haven’t done a rigorous analysis of the whole campaign, but I’m of two minds about what I’ve seen so far. On the one hand: yes, it’s needed and yes, some good info. On the other hand some of the info provided makes me suspicious about its provenance and whether or not it has all been fact-checked by actual domain experts.

What do you think? Leave a comment here or on my Google+ post.

Tagged with: ,