Headcode is a unified, developer-friendly JSON API that takes the fragmented, legacy feeds of the UK rail network and turns them into clean, enriched real-time data.
Previously I put out a post explaining “ how science funding literally pays for itself ” that takes you through the math and some data that backs it up. Now two new data points further bolster this claim. First, the Congressional Budget Office (CBO), the nonpartisan federal agency that provides budget and economic information to Congress, published a report entitled “ Estimating the Economic Effects of Federal Investment in Research and Development . ” Usually the CBO only projects out 10 years per their mandate, but because the effects of science funding can take longer to fully manifest, they projected out 30 years. Thanks for reading Gabriel Weinberg! Subscribe for free to receive new posts and support my work. The relevant headline takeaway is highlighted below in their primary table (Table 1), showing that over this period the effects of a $30B increase in science funding for 10 years ($300B in total and about a 33% increase from today) would result in decreasing the overall deficit over 30 years (see green arrows). The decrease is about -2% on average if the “R&D funding increase [is] financed by reducing noninvestment spending” and about -1% on average if the “R&D funding increase [is] financed by borrowing.” This means that the increased science funding would grow the economy so much that the tax revenues received from this growth alone would outweigh the spending increase, leading to an overall decrease in the budget deficit. In other words, increasing science funding (at least by this amount) is a complete no-brainer, so let’s do it already! A few years ago the CBO did a similar report for infrastructure spending and compared the two in this report, finding the ROI effects of science funding to be about seven times greater than infrastructure spending. Again, so let’s do it already! The effect on the present value of GDP over the next 30 years (discounted using Treasury rates) that a dollar increase in deficit-financed R&D spending would have is about seven times larger than the effect that CBO, in its August 2021 report, estimated the same increase in infrastructure spending would have. Second, the Clark Center regularly polls a panel of economists , and recently they asked about this specific topic . The panel essentially universally agreed that historically U.S. science funding has paid for itself. In particular, 82% agreed “historical federal support for scientific research has paid for itself through a substantial positive effect on long-run U.S. productivity growth.” 0% disagreed, with the rest either not answering, or declaring either “no opinion” or “uncertain”. They also ask respondents about the confidence in their answer, and when weighted the results are even more striking with a whopping 97% in the agree category. Are you sold yet? Government science funding, the bulk of which goes to medical research, extends our lifespans and healthspans by inventing new medicines and other technologies that grow our economy so much it literally pays for itself. I get that this is not the most flashy policy area, but it is the most obviously good for our long-term future. Finally, and also new this year, the Pew Research Center put out a survey on Americans’ views of science and science funding , and among other things found broad bipartisan support for government science funding. 84% of U.S. adults say “government investments in scientific research aimed at advancing knowledge are usually worthwhile investments for society over time.” That breaks down by part as 76% of Republicans and 93% of Democrats (including independents who lean one way or the other). Thanks for reading! Subscribe for free to receive new posts or get the audio version .
Among all this talk of European sovereignty and switching to European alternatives in a move to better privacy and less support of Big Tech, I wish for more emphasis on not just blindly copying US products and slapping an EU label on it. I see news like the Germany’s Federal Office for the Protection of the Constitution backing away from using Palantir and using a software solution from France instead. I’m supposed to feel happy reading this, and admittedly I did not yet dig into ArgonOS deeply - but all I can think of as a first reaction is “I don’t want an EU version of Palantir.” I don’t want ‘GDPR-compliant’ facial recognition and behavioral surveillance in our cities. I don’t want more privacy-friendly warfare (???). I don’t want more tech-enabled discrimination from next door. I don’t want supposedly European alternative that’s still based on AWS and Microslop. We need to be critical and take a stand against EU-washing, in which unethical business concepts or structures get painted in a more ethical light using the (increasingly less warranted) good reputation of the EU about human rights. We aren’t better for being from a different area, or just because it’s a different company name slapped on; it’s because we are supposed to have strong consumer protections and rights, resist the promise of easy money through unlimited data mining, and stand up against fascism. I don’t want us to compete with evil; I don’t want us to stoop to that level at all. Go hard on these copycats. Taking concepts from Fascism Land isn’t worthy of praise and they don’t deserve you as a customer or fan. Make them prove it first and ask them the hard questions. Boycott their shit if it is the same garbage, go to protests, write to representatives, be vocal online, support NGO’s that work against this. No one gets a pass for being European. I won’t lower my standards and values. Reply via email Published 24 May, 2026
I attended the Computers, Privacy and Data Protection Conference (CPDP) in Brussels for the first time. The conference has lots of different rooms mostly in the same building where multiple panels, workshops and other things are happening at the same time in specific slots, so you gotta choose what you participate in (was difficult at times!). Next to that, you have some fun rooms, some quiet working spaces and spaces to just hang out and talk. Based on the programme, the focus this year was definitely on age verification/youth 'protection', human AI relationships, consumer rights and marginalized groups. Lots of different groups and people present; people from the EU Commission and Parliament, AlgorithmWatch , Bits of Freedom , noyb and Max Schrems, IGLYO , EDRi , Equilabs , Equinox Initiative for Racial Justice , INTITEC , the EDPS and Wojciech Wiewiórowski, Privacy International , the International Committee of the Red Cross , the Office of the United Nations High Commissioner for Human Rights , the European Consumer Organization (BEUC), Future of Privacy Forum , AIRegulation.com , data protection authorities of different countries (CNIL, BFDI, etc.), ALTI , European Disability Forum , d.pia.lab , AI Now Institute , OECD , the IAPP , and all kinds of universities, plus companies like Mozilla, Mastodon, Signal, Wikimedia, Microslop, Uber, TikTok, Google and more. I was there for the opening remarks, then went on to visit: My takeaways/new things learned: Microsoft co-wrote parts of the EU's Energy Efficiency Directive , which allows data centers to keep their energy use confidential under the guise of business secrecy. The draft literally had paragraph's of Microsoft's proposal copied in unchanged. The Dutch government used racial/ethnic profiling via algorithms in the assessment of childcare benefit applications, which led to false allegations of fraud against thousands of families, particularly affecting those from ethnic minorities. I heard about this before, but learned more about it that day. To contest it all and defend democracy, we all need to train our AI literacy skills , support and have good tech journalism that questions and exposes it all (404media is, imo, a good example of what they meant), crafting and changing the social media narrative around AI and Big Tech, listening to affected people, demanding transparency via standards and audits etc. We cannot forget that officials know ; many of the effects we criticize are not accidents or side effects, they are the entire point. Like when tech predominately negatively targets marginalized communities, this is a bonus to people in power, and nothing to be fixed. Workers can resist by reminding their leaders of the liabilities and legal risks, strategic issues, money issues etc. that AI brings; demand specific definition of the needs that AI will fulfill at the workplace, instead of letting AI become the purpose instead of the tool. Age verification is racist and migrantphobic : Many people have issues with their ID, or have none, or are undocumented, and age verification in their country requires them to have contact with officials, police, etc. Age verification is transphobic : Relying on ID means many trans people are forced to reveal their deadname or are forced to come out, as it reveals they are trans if the ID is not or cannot be updated. The platforms are harmful, but we have so many ways and ideas against that that doesn't take away important spaces and support groups or bar entire groups of people. Age verification makes it possible for platforms to avoid working on their problems and becoming better, enables avoiding legislation and regulation, and enables control and surveillance by them; meanwhile, the truth is that you don't suddenly turn 16-18 and know how to handle porn, gore, harassment and all other negative parts of social media. The negative sides to social media that are named as the reason for age verification and banning of social media for specific age groups also affect adults negatively . We need to put more effort into education on how to handle these things. Yes, we can protect children's privacy by banning them off of platforms, but this also affects their other (digital and offline) rights, and privacy rights don't trump all . Children and teens should learn and be encouraged to control their own spaces and moderation via FOSS : Matrix, Mastodon, etc. where they can also seclude from adults and aren't reliant on Big Tech. Age verification and banning would take this away from them and also make it harder for FOSS projects. If children only ever enter the political discourse as victims, the only response can be rescue; that it why we have to make sure they enter as participants. Protection is not (just) space away from the risk, but confronting the systems that cause harm and eliminating them. 16-18% of US citizens report having engaged romantically with a bot, 45% of them said it made them feel more understood, 36% said it gave them stronger emotional support than their human partner. Problem: Current version of AI Act doesn't cover romantic and sexual use, no guidance for safeguards for emotionally responsive AI systems that protects around the risk of suicide, crimes, distress when service slows down or shuts down or model changes, discrimination as you get more if you pay etc.; drafts mention some of it now in Art. 50. With all the talk around becoming emotionally dependent on AI, nudging into harmful behaviors, etc. we cannot forget that you are also vulnerable on other services and in human romantic relationships, where the same routinely happens (weak argument, but to be fair, I also often forget this). We also cannot forget that it is not always a replacement - it often just supplements social life, and there are also surprisingly many people who just don't want or need romantic or sexual relations with a human ; they want bots specifically , and only bots. Disclosure agreements (meaning: labels everywhere that this is just a bot and not real) are most often useless, because people know and intentionally seek it out (exception for Insta/Snap DMs etc.) The latter about Human-AI intimacy was extra interesting because it had someone on the panel who directly works with people who use bots for romance and sex, and her experience has been mostly positive and that it helps her clients. Afterwards, I sadly was too overwhelmed, exhausted and in pain to continue and went back to the apartment to rest. Unfortunately, all the stress around the apartment and the generally more exhausting day triggered my digestive tract badly (Crohn's disease), but within the first few hours, all toilets in the venue were out of service due to an issue outside the venue or the organizer's control, and the alternative toilets were much further away. I didn't wanna have to deal with that with upset intestines. I missed the ' Designing Fairness ' Workshop, and the ' Consumer Rights at the age of acceleration' panel. Didn't meet anyone that day. Look at this ridiculous Gemini Photobooth they had that I saw no one use in the entire 3 days. This day, I managed to attend everything on my list, thankfully, as I felt a bit better. I attended: My takeaways/new things learned: The digital omnibus is mostly there to enable AI made in Europe to aid sovereignty and be competitive with US and China; AI here needs a framework to access data without much regulatory risk - that is what the EU Commission person said. Enforcing the law and and making it sharper is actually leveling the playing field and furthering innovation, because there is a massive power concentration of a handful companies that can do what they want, barely pay fines, have the fines suspended because of the US government bargaining with the EU, or who see them as a cost of doing business. Competition is impacted this way, as small companies are hit harder than the big ones. If the omnibus goes through with changing definitions of personal data etc., it will take years for case law, literature, standards etc. to catch up, it wastes money in companies who need to re-do everything to comply; so it doesn't simplify anything and makes praxis harder. You may set ChatGPT/Claude/Gemini etc. to not send feedback or training data in your settings, but when you react thumbs down/up to their request of whether the output was good or not, or choose between two different versions, the entire chat log until then gets sent for training and potential human review. So, these popup feedbacks override your settings . I need to read more papers by Theodore Christakis. Here is one of them. US and UK discovery and disclosure laws/principles go directly against EU data minimization principles; as long as data is relevant to a case it should be accessible, which is why in their cases, they can just have access to million's of people's data if necessary, and in a divorce case, they have the right to ask for AI chatlogs. There is no AI protection or privilege: If you use AI for legal stuff, you have no expectation of confidentiality like you would with a lawyer, so it is not safe from discovery. There is tension between tracking for harmful behavior/threats vs. data privacy rights ; what if someone threatens to kill themselves, kill others, etc.? Should company look for it, track it, report it, alert anyone, suspend the account, send help resources? Still unclear. There is also tension between people wanting the bonus features/ease of use coming from pesonalization and free services, while also not wanting to be tracked or charged. Advertisers see themselves as enablers of a good thing, as people want fitting ads, good algorithms, good suggestions, and free access; so if their business model is challenged or fails, people will have worse access and worse user experiences in their view. They also fear that if their business model is hindered, things will move into a more extreme, embedded, hard to avoid direction that you don't control or decide (Black Mirror ad type of stuff). I previously wrote about Consenter on the blog, and one panel had people from it there and showing screenshots; changed my mind on it a lot and made me understand the new features and goal better, I will probably write an update on it some time. We have different other options all covering something different about tracking, cookies, consent, or going about things differently, old and new: ADPC, GPC, ConStand, Global Privacy Control, DoNotTrack etc.; important for new stuff is granular consent, sent to the website, user given explanations etc. Uninformed decisions and bad practices lead to unfair competition ; bad actors erode trust level overall, so users resignate, experience fatigue and say yes in the same rates between "good" and "bad" services. Will read soon: Our data after us by the CNIL , and future release: Model rules on succession and access to digital remains by Eigenmann und Harbinja Digital remains can be split into assets (copyright, crypto, business tools, money), personal (messages, photos, identities, AI replicas), and third party data. GDPR only addresses living people; dead people's digital remains are subject to member state laws. There might be a need for something harmonized and European, though. For good digital hygiene , we should remember death and make it as easy as possible or sensible for the people we leave behind to get the access they need to manage our stuff how we want them to. Leave instructions, set emergency/legacy access when available (Google, Facebook, Instagram and Apple have it), include digital assets in your will, decide how your data is allowed to be used after death, especially around AI replicas. Hospice, nurses, families etc. should learn to ask affected parties about these things. Thanks to the focus on agentic AI, there is massive need for inference compute, which is super expensive. Almost all of it is in the control of, or can only be afforded by, the hyperscalers. At the same time, anything that seeks to enable or disable things for AI agents on the web can also affect accessibility programs like screen readers. It is in the best interest of the Big Tech companies to keep things individual, because it distracts from the collective issues and changes they'd have to do; it is easier to blame the person for agreeing to tracking than make sweeping changes to how much can be tracked. Individual consent doesn't consider the fact that data doesn't just affect you, but reveals things about your family, friends, partners, coworkers and more, as data is deeply interconnected. If your friend agrees to share his data and it also includes you, that is your data, still going to the service you'd have disagreed to. We as users have no collective bargaining tools yet; even big worker unions aren't negotiating with Microsoft about the terms of their employer using Microsoft Teams, when they actually should. We should also build up data unions made from users who bargain with the platforms. Strikes could look like boycotting the service, blocking trackers, scrambling data, massive amounts of access requests etc. Look into something called a Worker Data Trust ; this was used to prove Uber's predatory dynamic pricing (Worker's Info Exchange). Lots of workers made access requests, the data was combined and analyzed by researchers. After a failed attempt to meet up during lunch, I managed to meet up with another Country Reporter from noyb for a little while until the next panel happened, and sadly we didn't go to the same one. At this point, I was miffed about lunch at the conference. They made a big deal at registration about how the event will be mostly vegan and vegetarian to offset the climate impact of everyone traveling there, and they asked you to select your preference. I chose vegan. But for the entire three days, the food wasn't clearly labeled, some food was mislabeled as vegan when it wasn't, and there was way too little of it and wasn't restocked. It was more like "vegetarian snacks for birds". Vegan people had no warm food option at all, just sandwiches or wraps all three days that would have been enough for maybe 10 people. I mostly starved and I accidentally ate real cheese one time too because the food situation was so confusing. Here was one of the buffet menu cards, which were a bit to the side removed from the food, partially hidden by other stuff, and incorrect (anything with lactose is not vegan). I have no idea how, on a sea of silver platters with lots of bread, I am supposed to be able to differentiate the vegan gluten free bread option and the vegetarian gluten free bread that has scarmoza (italian cheese). It was a roundtable buffet, so everyone was waiting on you to hurry and grabbing stuff; I can't just grab bread and lift off the top to see the ingredients and then put it back, man. At least group the vegan stuff together or put labels directly in front of each thing. Also, while I am not reliant on gluten-free food, I think the people sensitive to it or having celiac disease don't appreciate that either. I skipped the Cocktail parties and big CPDP party, because it's not really feeling fun when you don't drink alcohol, have trouble just going up to people with your mask and hoping they hear you, and have no one to meet or go with. Last day was rather empty in the programme, so I arrived later and left earlier. I attended: My takeaways/new things learned: The AI warfare one was a bit of a letdown, because they all just accepted war as a right, an inevitable thing that has to happen. There was not even a nuance of fighting war itself, or banning AI weapons, etc; it focused more on the dual nature of the data , in which through surveillance, tracking, etc. not only can military use it to target people, NGO's and others can use it to warn, evacuate, render humanitarian aid etc. and document realities on the battlefield. There was also no possibility for the idea that we could enter an age where drones fight drones automatically and no one needs to get hurt or be traumatized or get to kill people like a game, and that is only because everyone is so attached to the idea that war has to have human casualties. It's hard to legislate and restrict because the data is taken from a whole ecosystem : Telecommunications, cloud services, civilian infrastructure, social media etc. and most of the data is collected during times of peace. Warfare is often explained with national security as a reason, which then again is a legitimate interest or fulfills other opening clauses in data protection and privacy laws. It is a problem that the richest men in the world, close to the US admin, lead the biggest companies worldwide, almost all in the US, and control almost all of AI and AI warfare. Project Maven from 2017 was continuously developed on and is now the Maven Smart System , which was used in Venezuela and Iran recently. Our Art. 15 GDPR right of access as it is right now is making up for Germany and Austria's lack of discovery and disclosure rights respectively. Controllers can usually drag stuff out, cite trade secrets and rights of others to evade data access, but the data subject barely has any power. Not having to justify the access request and it not having to be limited to data protection rights is good in this regard and needs to be kept up. Otherwise, also too much confusion and court cases whether a request was abusive or not if now, any request for a court case instead of privacy rights is deemed possibly abusive. We don't only need to focus on reidentification in general, but about the ability to single people's data out; you might not be able to identify them, but you can build a profile anyway. Learned about the term digital twin , or in terms of user data, a data twin that can be used for similation and is similar enough. AI-act-standards.com exists. Many don't know that the AI Act isn't a GDPR for AI, but serves more as market classification, as it sorts AI into different boxes who have to fulfill different requirements. The details of these requirements are/will be set with CEN/ISO standards and frameworks . You can see the progress of development on these standards on that website, and what they cover and how they interact. Hovering over the elements gives additional info. This is done by the JTC21 , and you can also get involved by registering with your national standardization body (in Germany, this is DIN) or when they do public consultations. Disabled people experience both extremes of AI - better accessibility options, often more reliant on AI, so also more subject to surveillance and having their privacy rights violated, while bad governments can use the data to harm disabled people, all under the guise of research. Marginalized groups are often the first trial group in anything, while not being stakeholders in the tech, or even invited to the table. See: AI used in immigration etc. and with deregulation and AI everywhere, we see a loss of reasonable suspicion thresholds in law enforcement and other groups. Learned about adversarial auditing . The previous two days, I did the whole fancy dress pants and blazer thing (one black blazer, one dark red/purple blazer), but for the last day and the drive home, I wore my Bearblog shirt and wide orange jeans: Someone from noyb staff thankfully recognized me and approached me, so we talked for a bit until he had to leave for another lunch meeting. That concludes the human contact I had. And then I left to drive home with my wife. She will hopefully soon write a guest post on my blog about how she navigates a new city in another country without mobile data/a smartphone (she has a tablet with WiFi only), because while I was at the conference, she explored the city on her own. It's kind of difficult to show up to these conferences as someone who isn't sent there for work, who doesn't have coworkers or ex-coworkers also attending, and who doesn't have much or any industry contacts yet. Most people there know each other from work or previous/other conferences, and I don't. These events are primarily for networking, keeping in touch, and talking about what you have seen and learned though. I couldn't discuss anything with anybody present, and it made me feel really lonely and silly. Just going up to people and striking up a conversation is not my strong suit, and it's something I am working on and has already gotten better, but the mask I am usually wearing in these big crowds and gatherings because I am on immunosuppressive medication is actively keeping me isolated. I know people have trouble understanding me, can't see me smiling at them, and think I am sick, so that keeps both sides hesitant. Unfortunately, if I attend next year, I will have to leave away the mask and maybe try out these protective sprays for nose and throat that are supposed to reduce viral load. It seems like you can only 'afford' to wear a mask if you are already in a group of people. Weeks before the event, I asked some people if they would attend, they said they will and we had a group chat of 10 to coordinate meetups. But during the entire conference, I was the only one trying to make something happen - saying where I am/where I will be, identifiers you could spot me with (as we never met before and you can't see name tags well on the lanyard), meeting points etc. and the two people mentioned were the only ones who took me up on it. The others just ghosted me/ignored my messages. That saddened me a lot during the conference. And unfortunately, these types of events are always really exhausting to me beyond the normal amount everyone experiences, because of things that trigger my conditions, my lower energy, my needs to lie down sometimes, sensory issues, food restrictions etc. so I really have to weigh if it's worth it to me. I'm not sure it is, without the social aspect. Many of the panels I chose had an issue of being not well organized. Instead of short speaker times, precise audience questions, interactions, dialogue, disagreements, different sides, answering the panel's topic and offering solutions etc., it often resulted in every speaker having a 10 minute monologue saying their peace, the other speakers not reacting or intervening because it's too much, everyone more or less saying the same thing or zoning out, and then having too little time to really give much attention to audience questions. Some gathered audience questions to answer them in batches and predictably, that resulted in nuance being lost and almost nothing being precisely answered. From many panels, I walked away with less learned than I wanted to, and just being reaffirmed in what everyone knew already. There were almost no further or new resources, or real takeaways of what the next steps should be and how we can tackle or solve an issue. They say " there should be more transparency " but not how we ask for it, how we legislate it, how it should happen. It's often just a vague " Someone should do more of something, and fast. " It was easy for people from the EU Commission to dodge mine and others' questions about the omnibus bullshit with no convincing answer. (: It disillusioned me a bit about my own goal to be speaking at a panel one day, because so often it felt like it was just there to platform someone to give them a chance to ramble and that's it, or just so that they can put this on their CV. Looking into the panelists, so many of them are genuinely great, very accomplished and admirable people with a lot of expertise, but the way things were set up, it couldn't shine through. You would have been better off talking to them directly. As a final bonus for reading this far, help me delete this (fortune) cookie. Reply via email Published 23 May, 2026 Contesting AI & Defending Democracy ; Possibilities for European AI Futures ( x ) Youth protection through inclusion and empowerment : a rebuttal of the exclusion-based narrative ( x ) Intimacy by Design: Governing Human AI relationships ( x ) Microsoft co-wrote parts of the EU's Energy Efficiency Directive , which allows data centers to keep their energy use confidential under the guise of business secrecy. The draft literally had paragraph's of Microsoft's proposal copied in unchanged. The Dutch government used racial/ethnic profiling via algorithms in the assessment of childcare benefit applications, which led to false allegations of fraud against thousands of families, particularly affecting those from ethnic minorities. I heard about this before, but learned more about it that day. To contest it all and defend democracy, we all need to train our AI literacy skills , support and have good tech journalism that questions and exposes it all (404media is, imo, a good example of what they meant), crafting and changing the social media narrative around AI and Big Tech, listening to affected people, demanding transparency via standards and audits etc. We cannot forget that officials know ; many of the effects we criticize are not accidents or side effects, they are the entire point. Like when tech predominately negatively targets marginalized communities, this is a bonus to people in power, and nothing to be fixed. Workers can resist by reminding their leaders of the liabilities and legal risks, strategic issues, money issues etc. that AI brings; demand specific definition of the needs that AI will fulfill at the workplace, instead of letting AI become the purpose instead of the tool. Age verification is racist and migrantphobic : Many people have issues with their ID, or have none, or are undocumented, and age verification in their country requires them to have contact with officials, police, etc. Age verification is transphobic : Relying on ID means many trans people are forced to reveal their deadname or are forced to come out, as it reveals they are trans if the ID is not or cannot be updated. The platforms are harmful, but we have so many ways and ideas against that that doesn't take away important spaces and support groups or bar entire groups of people. Age verification makes it possible for platforms to avoid working on their problems and becoming better, enables avoiding legislation and regulation, and enables control and surveillance by them; meanwhile, the truth is that you don't suddenly turn 16-18 and know how to handle porn, gore, harassment and all other negative parts of social media. The negative sides to social media that are named as the reason for age verification and banning of social media for specific age groups also affect adults negatively . We need to put more effort into education on how to handle these things. Yes, we can protect children's privacy by banning them off of platforms, but this also affects their other (digital and offline) rights, and privacy rights don't trump all . Children and teens should learn and be encouraged to control their own spaces and moderation via FOSS : Matrix, Mastodon, etc. where they can also seclude from adults and aren't reliant on Big Tech. Age verification and banning would take this away from them and also make it harder for FOSS projects. If children only ever enter the political discourse as victims, the only response can be rescue; that it why we have to make sure they enter as participants. Protection is not (just) space away from the risk, but confronting the systems that cause harm and eliminating them. 16-18% of US citizens report having engaged romantically with a bot, 45% of them said it made them feel more understood, 36% said it gave them stronger emotional support than their human partner. Problem: Current version of AI Act doesn't cover romantic and sexual use, no guidance for safeguards for emotionally responsive AI systems that protects around the risk of suicide, crimes, distress when service slows down or shuts down or model changes, discrimination as you get more if you pay etc.; drafts mention some of it now in Art. 50. With all the talk around becoming emotionally dependent on AI, nudging into harmful behaviors, etc. we cannot forget that you are also vulnerable on other services and in human romantic relationships, where the same routinely happens (weak argument, but to be fair, I also often forget this). We also cannot forget that it is not always a replacement - it often just supplements social life, and there are also surprisingly many people who just don't want or need romantic or sexual relations with a human ; they want bots specifically , and only bots. Disclosure agreements (meaning: labels everywhere that this is just a bot and not real) are most often useless, because people know and intentionally seek it out (exception for Insta/Snap DMs etc.) Simplification for Whom? Unpacking the Consumer Impact of the Digital Omnibus ( x ) My Chatbot, My Confidant: Protecting User Privacy in Generative AI Conversations ( x ) Informed consent: The breakthrough in Art. 88b GDPR / Digital Omnibus and current initiatives in the field of PIMS and technical standardisation ( x ) Digital Legacy Beyond GDPR: Succession, Data Protection, Access Rights, and Platform Power ( x ) The Agentic Assistant: What does Big Tech’s goal of creating a universal digital intermediary mean for society? ( x ) Designing Collective Technology Governance ( x ) The digital omnibus is mostly there to enable AI made in Europe to aid sovereignty and be competitive with US and China; AI here needs a framework to access data without much regulatory risk - that is what the EU Commission person said. Enforcing the law and and making it sharper is actually leveling the playing field and furthering innovation, because there is a massive power concentration of a handful companies that can do what they want, barely pay fines, have the fines suspended because of the US government bargaining with the EU, or who see them as a cost of doing business. Competition is impacted this way, as small companies are hit harder than the big ones. If the omnibus goes through with changing definitions of personal data etc., it will take years for case law, literature, standards etc. to catch up, it wastes money in companies who need to re-do everything to comply; so it doesn't simplify anything and makes praxis harder. You may set ChatGPT/Claude/Gemini etc. to not send feedback or training data in your settings, but when you react thumbs down/up to their request of whether the output was good or not, or choose between two different versions, the entire chat log until then gets sent for training and potential human review. So, these popup feedbacks override your settings . I need to read more papers by Theodore Christakis. Here is one of them. US and UK discovery and disclosure laws/principles go directly against EU data minimization principles; as long as data is relevant to a case it should be accessible, which is why in their cases, they can just have access to million's of people's data if necessary, and in a divorce case, they have the right to ask for AI chatlogs. There is no AI protection or privilege: If you use AI for legal stuff, you have no expectation of confidentiality like you would with a lawyer, so it is not safe from discovery. There is tension between tracking for harmful behavior/threats vs. data privacy rights ; what if someone threatens to kill themselves, kill others, etc.? Should company look for it, track it, report it, alert anyone, suspend the account, send help resources? Still unclear. There is also tension between people wanting the bonus features/ease of use coming from pesonalization and free services, while also not wanting to be tracked or charged. Advertisers see themselves as enablers of a good thing, as people want fitting ads, good algorithms, good suggestions, and free access; so if their business model is challenged or fails, people will have worse access and worse user experiences in their view. They also fear that if their business model is hindered, things will move into a more extreme, embedded, hard to avoid direction that you don't control or decide (Black Mirror ad type of stuff). I previously wrote about Consenter on the blog, and one panel had people from it there and showing screenshots; changed my mind on it a lot and made me understand the new features and goal better, I will probably write an update on it some time. We have different other options all covering something different about tracking, cookies, consent, or going about things differently, old and new: ADPC, GPC, ConStand, Global Privacy Control, DoNotTrack etc.; important for new stuff is granular consent, sent to the website, user given explanations etc. Uninformed decisions and bad practices lead to unfair competition ; bad actors erode trust level overall, so users resignate, experience fatigue and say yes in the same rates between "good" and "bad" services. Will read soon: Our data after us by the CNIL , and future release: Model rules on succession and access to digital remains by Eigenmann und Harbinja Digital remains can be split into assets (copyright, crypto, business tools, money), personal (messages, photos, identities, AI replicas), and third party data. GDPR only addresses living people; dead people's digital remains are subject to member state laws. There might be a need for something harmonized and European, though. For good digital hygiene , we should remember death and make it as easy as possible or sensible for the people we leave behind to get the access they need to manage our stuff how we want them to. Leave instructions, set emergency/legacy access when available (Google, Facebook, Instagram and Apple have it), include digital assets in your will, decide how your data is allowed to be used after death, especially around AI replicas. Hospice, nurses, families etc. should learn to ask affected parties about these things. Thanks to the focus on agentic AI, there is massive need for inference compute, which is super expensive. Almost all of it is in the control of, or can only be afforded by, the hyperscalers. At the same time, anything that seeks to enable or disable things for AI agents on the web can also affect accessibility programs like screen readers. It is in the best interest of the Big Tech companies to keep things individual, because it distracts from the collective issues and changes they'd have to do; it is easier to blame the person for agreeing to tracking than make sweeping changes to how much can be tracked. Individual consent doesn't consider the fact that data doesn't just affect you, but reveals things about your family, friends, partners, coworkers and more, as data is deeply interconnected. If your friend agrees to share his data and it also includes you, that is your data, still going to the service you'd have disagreed to. We as users have no collective bargaining tools yet; even big worker unions aren't negotiating with Microsoft about the terms of their employer using Microsoft Teams, when they actually should. We should also build up data unions made from users who bargain with the platforms. Strikes could look like boycotting the service, blocking trackers, scrambling data, massive amounts of access requests etc. Look into something called a Worker Data Trust ; this was used to prove Uber's predatory dynamic pricing (Worker's Info Exchange). Lots of workers made access requests, the data was combined and analyzed by researchers. Data-driven warfare : AI, civilian risks, and corporate responsibility ( x ) Digital Omnibus meets the Charter of Fundamental Rights ( x ) Toward a Standard for Fair AI-driven Recruitment ( x ) Data protection law as a shield, not a weapon: empowering historically marginalized communities in the EU in times of de-regulation ( x ) -> this choice was especially rough, because I was also very interested in ' The U.S. Deregulatory Effect ' happening elsewhere at the same time The AI warfare one was a bit of a letdown, because they all just accepted war as a right, an inevitable thing that has to happen. There was not even a nuance of fighting war itself, or banning AI weapons, etc; it focused more on the dual nature of the data , in which through surveillance, tracking, etc. not only can military use it to target people, NGO's and others can use it to warn, evacuate, render humanitarian aid etc. and document realities on the battlefield. There was also no possibility for the idea that we could enter an age where drones fight drones automatically and no one needs to get hurt or be traumatized or get to kill people like a game, and that is only because everyone is so attached to the idea that war has to have human casualties. It's hard to legislate and restrict because the data is taken from a whole ecosystem : Telecommunications, cloud services, civilian infrastructure, social media etc. and most of the data is collected during times of peace. Warfare is often explained with national security as a reason, which then again is a legitimate interest or fulfills other opening clauses in data protection and privacy laws. It is a problem that the richest men in the world, close to the US admin, lead the biggest companies worldwide, almost all in the US, and control almost all of AI and AI warfare. Project Maven from 2017 was continuously developed on and is now the Maven Smart System , which was used in Venezuela and Iran recently. Our Art. 15 GDPR right of access as it is right now is making up for Germany and Austria's lack of discovery and disclosure rights respectively. Controllers can usually drag stuff out, cite trade secrets and rights of others to evade data access, but the data subject barely has any power. Not having to justify the access request and it not having to be limited to data protection rights is good in this regard and needs to be kept up. Otherwise, also too much confusion and court cases whether a request was abusive or not if now, any request for a court case instead of privacy rights is deemed possibly abusive. We don't only need to focus on reidentification in general, but about the ability to single people's data out; you might not be able to identify them, but you can build a profile anyway. Learned about the term digital twin , or in terms of user data, a data twin that can be used for similation and is similar enough. AI-act-standards.com exists. Many don't know that the AI Act isn't a GDPR for AI, but serves more as market classification, as it sorts AI into different boxes who have to fulfill different requirements. The details of these requirements are/will be set with CEN/ISO standards and frameworks . You can see the progress of development on these standards on that website, and what they cover and how they interact. Hovering over the elements gives additional info. This is done by the JTC21 , and you can also get involved by registering with your national standardization body (in Germany, this is DIN) or when they do public consultations. Disabled people experience both extremes of AI - better accessibility options, often more reliant on AI, so also more subject to surveillance and having their privacy rights violated, while bad governments can use the data to harm disabled people, all under the guise of research. Marginalized groups are often the first trial group in anything, while not being stakeholders in the tech, or even invited to the table. See: AI used in immigration etc. and with deregulation and AI everywhere, we see a loss of reasonable suspicion thresholds in law enforcement and other groups. Learned about adversarial auditing .
Welcome back to This Week in Stratechery! As a reminder, each week, every Friday, we’re sending out this overview of content in the Stratechery bundle; highlighted links are free for everyone . Additionally, you have complete control over what we send to you. If you don’t want to receive This Week in Stratechery emails (there is no podcast), please uncheck the box in your delivery settings . On that note, here were a few of our favorites this week. This week’s Stratechery video is on The Inference Shift . Data Center Discontent. The impact of AI is, at least for now, being felt digitally: that is where AI is useful, and the more digital a job, the more it is threatened by LLMs. AI, however, depends on data centers in the physical world, and building data centers needs permission. This gives normal people the sort of veto power over AI they didn’t have in the face of globalization; I make the case in Monday’s Update and on Sharp Tech that understanding this dynamic is more important that trying to correct misinformation, which is a symptom, not a cause, of data center opposition. — Ben Thompson Agent Economics. What will the internet look like when ad-supported models are rendered obsolete by shifting user behavior and the rise of agentic web traffic? Ben considered this question last summer with The Agentic Web and Original Sin , and I was surprised to learn this week that Parag Agarwal, former CEO of Twitter, is now focused on devising solutions for exactly this reality. This week’s Stratechery Interview with Agarwal dives deep into the economics of content on the Internet, why ads make sense for humans, and why incentivizing content for agents will be different, and how Agarwal and Parallel are trying to solve them. I learned a ton from this interview, and I bet you will, too — and don’t worry, we did get a few bonus questions on the ride at Twitter. — Andrew Sharp Never Count Out the Slime Mold. Wednesday’s Daily Update on Google I/O reminded me of an iconic leaked memo about the ungovernable and poorly coordinated mold in Mountain View, as the company seems to be throwing 10 different types of AI spaghetti at the wall to see what sticks. Then again, Google is now a nearly $5 trillion company and its transformer architecture supercharged the AI era. That second part is why, when Ben highlights a DeepMind approach to building AGI that’s distinct from the approaches at OpenAI and Anthropic, I’m compelled to both pay attention, and remember: for all of Google’s faults and misses, they do in fact have plenty of historic hits. — AS Data Center Discontent, Understanding the Opposition, Fixing the Problem — There are understandable reasons for people to oppose data centers; the only solution that will work is simply paying them off. Google I/O, World Models, I/O Spaghetti — Google I/O put AI everywhere, for better and for worse. Meanwhile, is DeepMind aligned with Google’s business objectives? An Interview with Parallel Founder Parag Agarwal About Valuing Content on the Agentic Web — An interview with Parallel founder Parag Agarwal about valuing content and incentivizing its creation in a world of agents (plus questions about Twitter). Data Center Unpopularity Google Being Google The Little Vertical Laser That Everyone Uses Intel’s 30 Years in Costa Rica Constructing US-China Stability; Trump’s Taiwan Comments and More Summit Takeaways; Putin in China Wemby, Harper and an Instant Classic from the Spurs in Game 1 vs. OKC A Note on the Future of GOAT and An Emergency Top Five Much Ado About Data Centers, What Tech Gets Wrong About Its Critics, Q&A on SpaceX, Chinese AI, Elon Musk
There are understandable reasons for people to oppose data centers; the only solution that will work is simply paying them off.
I've been thinking more about the future we might be heading towards if things continue the way they do, relatively unstopped, especially in regards to data harvesting and leaks, and how digitalized our society continues to become. I wonder if we are simply headed for a society in which there is bleak acceptance and normalization of most pieces of information being out there already. Everything you put out there voluntarily/openly (like a blog, or social media) and the things passively collected about you (via your devices) being trained on, analyzed, in some database that cannot withstand the latest AI release or whatever, together with vibecoded insecure software. Your cloud, your social media posts, your DMs, your purchase history on different platforms, health data in your eFile, the journal entries you did in that aesthetic journaling app, the poop pictures you gave to an AI app to analyze, the recordings of your Alexa and smart TV, etc. that all may or may not be combined. We have lost so many of the previous barriers. Compared to previous times in history, many things aren't automatically private in your own home, or just saved in just people's brains anymore. Less and less things are exclusively physically in some cabinet you have to locate and get several keys for or lie your way in (social engineering) for. Digital things are written down and stored in a more accessible way, and while there is a metaphorical door, it can be broken down from anywhere in the world, and you no longer need to rely on pressuring things out of people or enduring any of the prep and risk of a physical break in. Your home can be broken into from half the planet away. All of this is making secrecy and privacy hard; it is all a technology arms race. Data protection and privacy is only seen as a hindrance, an annoyance in the eyes of many. Unnecessary when things are going fine until they aren't. It's annoying when a website asks you to consent, but it's suddenly important when you need to know what data a company still has from you, or when there's a breach. I see privacy laws overall being weakened, employees in those teams, authorities and organizations terminated, all because data is the new gold, or an even better oil. I see the EU trying to use our rights and data as a bargaining chip for US travel and exports. As usual, human rights stand in the way of big money. Historically, we are used to seeing the privacy of the rich as something rather physical; they move to gated communities, or land in bumfuck nowhere, to have no neighbors and peace from paparazzi and weird stalkers. They get to have certain media pulled from the shelves when it is not favorable to them. Increasingly, we have seen them remove digital content: Blog posts, Reddit threads, specific images and videos, stats tracking their whereabouts, meetings and flights. Unfortunately, the richer you are, the more protection of your data and privacy you can buy. You can see it even now: We need to give up so much information just to travel and pass airport checks, down to social media checks or the EU bartering over sharing biometric data with the US for EU travellers. Meanwhile, Taylor Swift and Elon Musk can restrict the activity of their private jets. They can obscure or limit their real-time location exposure, acquire surrounding properties to create buffer zones, forbid aerial photography and maritime tracking around their properties, tighten security around family information and their children’s identities, can afford security teams and compartmentalized travel arrangements, can subject others to NDA's, and influence powerful government officials - can you do the same? As you are told you need these devices with all these data mining features, all these privacy-disrespecting apps and LLMs, all these social media accounts to be successful, or happy, or organized, or be seen and loved, or get a chance at an additional income stream or fame, they are already rich and known enough. They get to be private, not overshare on socials, and leave posting and taking calls and messages to their assistants. It's okay for them not to be overly online and active. They probably get to be exempt from their own companies' tracking for "security reasons", despite using the same products. They know the data their services mine is harmful if you have a stalker or abuser; they only care if it affects them, though. And think of the legal repertoire they have when they have their likeness stolen, deepfakes of their voice and visual characteristics made in a way that harms them. You don't have the same options. When data leaks that makes you uninteresting to employers, you have to potentially live with that; they are the employers. Continuing on, having any privacy will be even more of a privilege. It is maddening, because very rich and powerful techbros like Musk, Altman, Zuckerberg, etc. get rich off of our data that we can no longer afford to protect against them, eventually always funding their dominance over us, and enabling their own exemption status in this data mining society. They benefit from collecting and analyzing information at industrial scale while attempting to selectively limit information flowing the other direction. In their ideal little world, they don't invest it back into us; they use it to further fund AI replacement workers, weapons, and their doomsday bunkers away from us all. It makes me wonder if we will end up in a society where people will deliver as much information up front as they deem necessary to be in control of the narrative and tell themselves they have not been spied on and instead have shared it voluntarily in an act of bravery. Reply via email Published 16 May, 2026
For Kami's Carnival "Bear Blog Carnival: Your favorite ____ in your niche hobby" , I'm writing about what my favorite General Data Protection Regulation (GDPR) article is. Initially, this came up in our Matrix server. I wrote: " If you ask me my favorite anything, I blank [...]. Except games. And GDPR articles maybe. Food too " Kami then asked me what my favorite article is, and it is Article 6 ( x )! It's the first thing I think of when I think of the GDPR; it decides so much, as it holds all of the legal bases data processing can have in 6(1). They are easy to remember and understand too: consent, fulfillment of a contract, compliance with a legal obligation, vital interests, public interest, and legitimate interest. Short, sweet, relatively easy to read for laymen. The rest of Article 6 is more about specifying parts of this via an opening clause so Member State law can narrow some of this down. I just find it so satisfying to have one article to refer to for different routes of legal data processing. Just one "only lawful if" and a nice list. They could have given each of these an article separately, spread out throughout the regulation, with a huge text every time, and it would have sucked. Or it could have been a single wall of text that vaguely describes these 5, which you then have to distill out of the text. Other laws I know are like that, and it's a slog! They infer specific rights and concepts out of a text that can be hard to even detect inside of it, so you learn all that by heart. Not here! A structure like this (easy to read and remember, collected in a single place, short) makes it so much easier to have definitive guidance and recognize when a right has been violated. And that's why I said " Article 6! It's like the heart of the GDPR to me, it's so important, it shows up all the time, it has all the legal bases you can possibly base data processing on. It's short, nicely structured, and even easy for laypeople to understand. It's chefs kiss law " If you wanna know what the competition is: Second place in my ranking would be Article 4 ( x ), which holds all relevant legal definitions for the regulation, meaning: what is processing, what is a controller, etc. I love when laws and regulations (mostly EU-wide ones) do this! It's so rare in the laws I have to learn for my degree (German laws), so I appreciate when I can just look definitions up instead of learning them by heart. It's also easier to refer people to this official, already included resource, than going " This is the definition I learned, coined by this author in this legal literature, but there are other literature voices that disagree, or have a slightly wider/narrower definition. " Less ambiguity and guesswork and " but so and so said so " involved when the definition is already in the law. The third contender would be Article 7 ( x ), which sets the conditions for consent. It says consent needs to be demonstrated (= proven), can be withdrawn anytime and should be as easy as giving consent, and you shouldn't be misled into consent by confusing design, conditional linking, or mixing it up with other matters. It needs to be clearly distinguishable, in an intelligible and easily accessible form, using clear and plain language - otherwise it is not binding. Companies and their lawyers love to forget the "plain language" part, and another upcoming blog post of mine will mention a bit about that... I could also talk about an article or two I don't like, just to offer a bit of contrast. Article 18 ( x ) is a super messy affair for me in my head; it's the right to restrict . While it has the same structure as Article 6 and tries its best to explain plainly and shortly the different situations, in the end it's lots of different complex situations lumped together, and it can be hard when you first learn about it to keep it mentally separated from Article 21 ( x ), which is the right to object . Both intervene in ongoing data processing, but Article 18 temporarily freezes the processing, and Article 21 wants to stop the processing altogether and challenges the legal basis. I also have started developing a dislike to Article 15 ( x ; the right to access your data) through no fault of its own, just because soooo many court cases deal with delayed or incomplete responses to these requests, and it bores me at this point. Everyone and their mama has opinions on what needs to be included, what can be left out, what counts as a copy and what doesn't, and whether a request was excessive or not. Anyway, that's it! Reply via email Published 06 May, 2026
When you search for privacy/data protection stuff, what you will usually come across are things like privacy guides , the privacy subreddit, interested tech-y privacy blogs and YouTube channels. They give you great advice and overviews over different kinds of alternative services or additional software you can use to protect yourself, and they rank them, rate them, give additional context and keep up with them in case anything changes. It's this stuff that initially got me interested in privacy, and I wouldn't know a lot of services if it wasn't for their work. I love that I can just refer people to those if they have any questions about specific alternatives, and they deserve their space in the privacy sphere. Anyway, this type of privacy material tends to do well online: It's easy to read, it gives you actionable steps to take, and immediately presents a solution. It says: You're still using Google services? Switch to the Proton Suite. You hate ads? Here are ad-blockers that also block trackers and popups and more. You "just" need to switch, or install more, and you're good. Crisis averted, you're safe/r. Meanwhile, more dry, theoretical, law-based stuff is harder to engage with and harder to write. The reason why I am not really interested in writing about privacy or data protection in the product-focused way isn't only because I am a law student and therefore more interested in law; it's because I prefer to talk more about why something is a problem (or a bad service), and I want to give people the tools to spot it, a legal justification for the bad gut feeling they have, and I don't want to end up just advertising products. The usual type of privacy content isn't always great at educating people on what the problem even is. This service is bad, this service is good (or at least better) is easy to believe at face value, especially when one is a big company and the other is smaller - but why is this bad, and why is this good? Okay, so one does more tracking and one does less tracking, but why is tracking bad? What stops this other service from also becoming "bad"? Nothing is really safe from enshittification, or bankruptcy, or losing their maintainer, or being steered by investors and existing under capitalism for profit. I'd feel bad having the majority of my posts in my area of interest to do the work of the sales department for these services, just for them to become another thing to move away from in a couple years. That is the downside of this sort of approach: You can install and switch all you want, but in the end, it puts a lot of responsibility onto the consumer and involves them in the never-ending arms race of avoiding something; whether that is not supporting an unethical company, or avoiding AI implementation, avoiding ads, avoiding trackers, avoiding becoming training data, etc. as both sides seek new loopholes and ways to get you to either comply and be subject to it anyway, or continue to be able to avoid it via another service or software. It's an unfair fight, where one side heavily depends on smaller companies or FOSS maintainers, and the other side are billion dollar companies that are having a monopoly on many things and have a huge influence on the most powerful government(s) of the world. Consumer choices are good and you should use yours to no longer support what doesn't align with your values, but they aren't everything, especially as the companies make it harder and harder for consumers to have this choice, or for that choice to even make a dent in their finances. That's where we need laws and consumer protections to hold them accountable and grant users who rely on these services better rights - even rights making migrating off of them easier, like the data portability aspect mandated by the GDPR. Indulging in the above sort of privacy content a lot can make you feel like you're outsmarting the Big Guys and you got it all under control while just the "normies" struggle who are just " too lazy to switch!11! ", but to me, that is a flimsy house of cards that can easily collapse. I say that while I too use these things - I am a Linux user, I have several browser extensions to reduce tracking and ads, I use forks like LibreWolf, I am a Proton user, I use a VPN, Signal, Matrix etc. - but I just want to be realistic about it and recognize that it just takes a little here and there for my products and services to vanish or get significantly worse, and that I don't want to foster a false sense of security. If you're like me and a millennial or older, you probably still remember all the past mass migrations between services. I also recognize how many people are left behind with this approach, or at least makes them rely on people around them who are knowledgeable in this stuff. In private, you have a choice, but you might be limited by your knowledge/awareness of alternatives, your understanding of tech, the complexity of the task, the network effect, or how willing the people around you or online are to help. Switching can be hard; transitioning cloud contents, or mail providers, and remembering to change your email address everywhere or at least implement a forwarding rule on the old one(s) can be a task that spans days or weeks next to all the other responsibilities you have. Then every now and then, you might wanna check in to see if your solution is still "good" or whether something changed. That's a lot more labor than just staying where you're at and where the majority is. Maybe you are the one to install a Linux distro for your grandparent, or an adblocker for your parents, and then you're on the hook when things break and have to take the time to sort it out, and they rely on your skills and time until their device is functional again. LibreWolf, for example, has broken many payment transactions for me in the past. At work, or in school or university, you probably don't have a choice at all. They force you into Microsoft and Google products or at least don't present alternative solutions in their setup guides. My work, for example, provides an MFA setup guide that only mentions Google Authenticator, even when any type of authenticator app would work. All of that is not ideal. Putting too much emphasis on switching one product out for another can sometimes produce this vibe of " If you're still using that proven-to-be-awful service, you consent to being exploited and tracked, and it's your fault for staying. " among privacy-interested people, but we can't let that run unchecked to basically mean that you can't expect better from platforms and the users deserve whatever is coming their way. Unless the laws make distinctions between company sizes, they apply to your sacred privacy-conscious competitor as well and might help to prevent them turning out "bad". I also think you'd want your friend, who cannot bring themselves to switch or delete a service, to still have at least some protections here and there, instead of pointing and laughing from your moral high ground. Your child deserves protections when they have to use Microsoft products on their school tablet or when they install TikTok to engage with their friends. They deserve to migrate as easily as possible. They deserve to have permanent deletions of their content. They deserve to not have their likeness uploaded to the platform used for advertising and AI deepfakes without their consent. They deserve to not be targeted by advertisers and political groups via the algorithm that attempts to radicalize them. They deserve not to have all their private data and especially location data leaked or sold, their DMs and art used for training data without consent, and so on. Even if they could switch/abstain and just don't do it. Switching from one service to another when both have the same profit goal and exist under the same system feels, and often is, a temporary bandaid. I don't wanna be a bandaid seller. I don't care about product names, I care for mechanisms, cash flow, dark patterns and settings options. I talk more about why things happen the way they do and make people aware that yes, this thing bothering you is very much illegal or should be handled differently. I write about what the root cause is (usually: attention economy, data brokerage business model etc.), and discuss (potential or actual) laws and other ways on how the root cause is contained, redirected or partially mitigated. We are also constantly hit with attempts by the US government to weaken and dissolve our EU consumer protections and that deserves more attention. I find that more productive and fitting to me/my style than being another " 50 privacy-focused services to consider " in a thousand, forced to make clickbait like " Is this service still safe in 2026??? ". Reply via email Published 25 Apr, 2026
OpenAI released ChatGPT Images 2.0 today , their latest image generation model. On the livestream Sam Altman said that the leap from gpt-image-1 to gpt-image-2 was equivalent to jumping from GPT-3 to GPT-5. Here's how I put it to the test. First as a baseline here's what I got from the older gpt-image-1 using ChatGPT directly: I wasn't able to spot the raccoon - I quickly realized that testing image generation models on Where's Waldo style images (Where's Wally in the UK) can be pretty frustrating! I tried getting Claude Opus 4.7 with its new higher resolution inputs to solve it but it was convinced there was a raccoon it couldn't find thanks to the instruction card at the top left of the image: Yes — there's at least one raccoon in the picture, but it's very well hidden . In my careful sweep through zoomed-in sections, honestly, I couldn't definitively spot a raccoon holding a ham radio. [...] Next I tried Google's Nano Banana 2, via Gemini : That one was pretty obvious, the raccoon is in the "Amateur Radio Club" booth in the center of the image! Claude said: Honestly, this one wasn't really hiding — he's the star of the booth. Feels like the illustrator took pity on us after that last impossible scene. The little "W6HAM" callsign pun on the booth sign is a nice touch too. I also tried Nano Banana Pro in AI Studio and got this, by far the worst result from any model. Not sure what went wrong here! With the baseline established, let's try out the new model. I used an updated version of my openai_image.py script, which is a thin wrapper around the OpenAI Python client library. Their client library hasn't yet been updated to include but thankfully it doesn't validate the model ID so you can use it anyway. Here's how I ran that: Here's what I got back. I don't think there's a raccoon in there - I couldn't spot one, and neither could Claude. The OpenAI image generation cookbook has been updated with notes on , including the setting and available sizes. I tried setting to and the dimensions to - I believe that's the maximum - and got this - a 17MB PNG which I converted to a 5MB WEBP: That's pretty great! There's a raccoon with a ham radio in there (bottom left, quite easy to spot). The image used 13,342 output tokens, which are charged at $30/million so a total cost of around 40 cents . I think this new ChatGPT image generation model takes the crown from Gemini, at least for the moment. Where's Waldo style images are an infuriating and somewhat foolish way to test these models, but they do help illustrate how good they are getting at complex illustrations combining both text and details. rizaco on Hacker News asked ChatGPT to draw a red circle around the raccoon in one of the images in which I had failed to find one. Here's an animated mix of their result and the original image: Looks like we definitely can't trust these models to usefully solve their own puzzles! You are only seeing the long-form articles from my blog. Subscribe to /atom/everything/ to get all of my posts, or take a look at my other subscription options .
I've been on vacation for a while and just now returned home. Still gotta reply to some e-mails, sorry! But also: Got a huge backlog of interesting data protection stuff to catch up on, and why not write about the most interesting things? When you talk to people about data protection and privacy, what they are usually thinking of are social media, ads, and agreeing to share information with 1557 partners in a cookie banner. It's all about the evil big guys. Child surveillance is less in the spotlight, and what's often forgotten is how supposedly "normal" school tech can put child and parent in danger. The need for children to have phones or tablets for school and have an account with several apps with more or less tracking and cloud services interferes with the need for privacy that people leaving abusive situations need. Lots of data harvesting is enabled by default (forbidden in the EEA, but nonetheless ignored sometimes, and still an issue elsewhere), which includes information about location. Sometimes, these permissions are also given before leaving the abusive situation, but something they forget to disable later, or miss some of the settings. Think of when your phone asked you to automatically upload images to the cloud, or to always tag location with them; you might have said no. Many people enjoy being able to filter based on location, love the meta data, and have their Photo app automatically make a little slideshow of the vacation. They want them saved on the cloud, and have access from anywhere. Unfortunately, that also means any abuser with access to the account gets a live feed of where the person is with each cloud upload. Months or years after setting that up, when everything was still okay, that is something you can totally overlook to disable. Even if you realize, it might be confusing to shut off. That is why education in data protection, privacy and how to use your tech is so important, especially for people suffering from abuse and stalking. Netzpolitik [DE] had a great article on this. Reading it gave me new appreciation for when my phone prompts me to reevaluate my privacy settings, saying " [App] has had access to all photos. Do you want to keep that? " Coming home from vacation, I immediately had to rush to my computer to make it in time for a workshop by Epicenter.Works that I signed up for a while ago, which was about their prototype for their upcoming service Whoidentifies.me ( demo ). The core idea of the project is providing an accessible way for the public (esp. citizens, NGOs, worker unions, consumer rights groups) to check who (companies, public authorities) accesses which data within the emerging eIDAS ecosystem, which involves the upcoming European Digital Identity Wallets (or also shortened to EUDI Wallet) and Identification. That's a whole topic for a dedicated blog post some time about OS age verification, the apps launching for that, etc. so I won't get into that now. Basically, different databases and public information are crawled and combined to give an accurate view of who makes use of the eIDAS system so people can make informed decisions about who gets their data. Ideally, you'll be able to filter companies by business type, use case and queried attributes in order to enable risk assessments and recognize misuse at an early stage. In the workshop, I asked if it is comparable to Haveibeenpwned.com , in the sense that I can enter some specific info and can see who gets that data, but that is not possible and out of the scope; it really is only for researching companies and public institutions and what their role exactly is when accessing the digital identification in general. Here's a demo page for Deutsche Bank - the information is not real and just a placeholder, but this is the information they are hoping to show and collect when the project launches. For more information on privacy in digital public infrastructures (like digital identity, digital payment and data exchange systems developed or operated by or on behalf of a government), here are some course materials by Epicenter.Works on the topic. More about massive flows of data: The ARD-Mediathek has a great documentary called Gefährliche Apps ( dangerous apps ). It shows how easy it is to access truly massive amounts of extremely precise smartphone location data that is not anonymous - the people in the documentary received this data as a free sample. The IDs included with each location can be filtered, which means you can see all locations for a specific ID. Tracked over a period of time, seeing exactly where people live, work, go to school and otherwise spend their time, down to exact rooms in buildings. This makes identification easy and lets you build a profile on them and their daily routine. This data is collected by mundane apps like weather apps, dating apps, fitness apps and games, and then sold to their 800+ partners. Unfortunately, this can have dire consequences not many are aware of or think are truly possible (because the bad shit always happens elsewhere, but never to them). This location data has been used to target people in war, harass and intimidate journalists and dissidents who have fled to other countries, and can expose the daily paths of vulnerable officials. It can be used to stalk you, to find out where you walk your dog or when your apartment is empty. It can be used against you when you criticize Russia or Israel. It is trivial for any individual to buy data based on a location they know you frequent and then go from there. Additionally, we have seen lately that the techno-feudalists in the US are becoming increasingly thin-skinned about anyone attacking their revenue streams or criticizing their fascist moves in public, down to the incident of Karim Khan losing his Microsoft access, and OpenAI and Palantir increasingly going after journalists and NGOs publicly exposing their unethical behavior and politics. These are companies worth billions of dollars, with massive data streams and political power, whose products are implemented everywhere at the moment, with especially Palantir used for public surveillance. With each step going outside, you are potentially not only building a profile with your phone location data together with a full social media profile, but public cameras will be, or are already, using you just existing in public for AI training and facial recognition. Together with laws in Germany proposing using internet image and video material to identify you (more further down below), we are quickly heading towards a point of total surveillance. One mentioned company was Datarade ; feel free to look around on the site to see how much is truly collected and offered. For example, here's one for global mobile location data, 70B+ daily signals, or this one for 250B real time daily events of location/foot traffic. How reliant is your workplace on Microsoft? In my case, if Microsoft stopped doing business with European governments or companies, I would be unable to do any work at all. We are fully reliant on the entire Office365 portfolio and more. I'd be unable to log in, to receive or write emails, or have access to any of the databases I need. This is scary, especially with the current US administration. We make ourselves insanely vulnerable. The Future of Technology Institute (FOTI, a pan-European think tank) published a paper called Cloud Defense - An exposed European flank about Europe's dependency on US Cloud services, especially critical national security functions. It's actually nuts - handing another country, especially one like the US, the keys to such sensitive and important things. The risk of a kill switch and subsequent loss of data, loss of work ability and the data being used against us is maddening. The EU needs to be more sovereign and its tech stack needs to withstand geopolitical tensions and shifts. Unfortunately, US tech companies have reacted with promises and options of a sovereign cloud or supposed data silos whose data never flows to the US, but those are meaningless and hard to actually enforce or control and the US CLOUD Act still applies. Our main path forward is leaving and excluding hyperscaler platforms that remain exposed to foreign jurisdiction and geostrategic leverage. Speaking of hyperscalers: Proton was writing about Microsoft 365 Copilot flex routing , which undermines GDPR compliance and the above promises of a an air-gapped sovereign cloud or data center. On April 17, 2026, Microsoft has started sending Copilot data to foreign servers for processing whenever European data center capacity reaches its limit - which means it may actually happen in the US, Canada, or Australia. This happens by default unless you opt out. This needs to either be opted out of or included in your organization's Microsoft DPIA. Moving on to a topic adjacent to privacy: The European Commission published a paper about the impact of digital technologies in European democracy, especially the so-called attention economy, which prioritizes engagement over accuracy and therefore highlights negative and dangerous content the most. It creates fractured perceived realities in which the goal is no longer to (just) make individuals believe false claims, but instead to distract and generate distrust. The information flow online overloads us cognitively, which makes it harder and harder to discern agendas. They also point out the “fantasy-industrial complex” that involves interactions between politicians, corporate actors, platforms, legacy media, influencers, and citizens to create fabricated versions of reality which are hard to reconcile. This is especially big in the AI age nowadays, as anything not fitting into a particular worldview can be dismissed as being generated by AI, and a lot of propaganda is indeed generated with it. The ones embedded in the platforms give users the "illusion of knowledge" due to the fluent language and realistic visual output, which makes it seem as if informational gaps have been bridged, when they actually haven't been. According to the report, this creates the conditions for a distinct new informational regime which is termed epistemia ; it lowers the threshold of responsibility in content creation (“the AI said it, not me”) and may create a false sense of competence in users. The problem is: With no trustworthy information, it's hard to hold governments and individuals accountable. Estimates of misinformation exposure of news content consumed online are around 1%-10%, with prevalence increasing to 10%-30% for content involving contentious topics like climate, health, or wars. Regardless, the people behind the paper see a huge potential for social media and the internet in general to actually help foster community and free expression and democratic participation, which just has to actually be enabled by the correct incentives and design, instead of rewarding harmful effects. The publication recommends I can only recommend reading the full paper if you have time! It's easier to read than you might think, has pretty graphics, parts have been highlighted and there are bullet point sections for better legibility :) The Datenschutzkonferenz (DSK) of Germany published a press statement about three controversial legislative initiatives by the German government which significantly increase the digital surveillance and data collection for criminal investigations and crime prevention. This would enable police to use biometric data from internet sources (your selfies, your videos and voice uploads, etc.) together with large datasets (e.g., police records, seized devices, telecom data, internet data) to identify people and analyze them using automated systems to generate new intelligence. This means AI could be used to identify patterns, relationships, and risks automatically. The risks are obviously mass surveillance, false positives, lack of transparency and disproportionate intrusion on our rights based on very vague "prevention" promises. The DSK is against this blanket allowance and wants strict limitations and clear legal thresholds so the use is only in exceptional, well-defined cases with a data scope limit and exclusion of AI where not controllable. Related: The new police law in Northrhine-Westphalia, Germany, that enables the use of Palantir is being accused of being unconstitutional. The European Data Protection Board (EDPB) released their Annual Report for 2025. Mostly about the Helsinki Statement/Initiative, balancing regulatory simplification with fundamental rights protection, cross-regulatory cooperation (DSA, DMA, AI Act), harmonizing national and EDPB guidance, and practical compliance support. Biggest fine: Ireland with €530M due to TikTok data transfers to China. Related: They also published guidelines for processing personal data for scientific research purposes . This is especially interesting to me because I work with health data and I am very familiar with the recent EU push for RWD (real world data), more data collection from health insurance companies, and efforts like DARWIN EU . More and more AI-powered military tech , as written about by Correctiv [DE]. Munich has become a hotspot for the development of Precision Mass Warfare and optimizing the Kill Chain, especially due to the company Helsing. The entire topic is difficult to discuss: What data is used for the training and what is collected in the actual war situation? Who is responsible when innocent people are killed due to a bot mistake? Is this better than letting civilians go to war for their rich governments and getting traumatized? If other countries are arming up on new war tech, would it be irresponsible for you to not participate? Digitalrechte.de [DE]: The European Commission decided that the Digital Service Act (DSA) should also apply to ChatGPT, as it can be used as a Very Large Online Search Engine (VLOSE) as well. This means the risk minimization measures and analyses, transparency reports, data access for research, external audits, reporting of illegal content and more need to be implemented. AlgorithmWatch is looking at how LLM use can alter the decision making of politicians in important positions. What can happen if a politician relies on an AI summary of a very complex policy area? The picture that is being painted so far is a confusing one: Politicians seem to be using it, but don't actually want to be nailed down publicly to admitting to doing it, and don't want to share (some of) the prompts. The Federal Ministry for Environment, Climate Action and Nature Germany (BMUKN) released a recommendation for sustainable AI . They claim environmentally sustainable AI and economic competitiveness are not in tension, but can mutually reinforce each other. They focus on the specialized niche use cases of AI developed by small and medium-sized enterprises for predictive maintenance, quality control, machinery control and process optimization, so this is a little removed from the whole US-based huge data centers to facilitate sex roleplay with huge reasoning GPAI. Therefore, they conclude those use less energy, require less hardware, can be used more locally and provide more digital sovereignty. They suggest standardized, publicly accessible, independently audited environmental reporting frameworks for AI's computing-related impacts, funding to reduce climate impact and research ways to use less electricity and water, and dedicated "green models" or green modes. BayLDA (the Data Protection Authority for Bavaria, Germany) has published a recommendation/handbook for AI use in Bavaria's public administration. I'm not in Bavaria, but still useful to see and implement in practice elsewhere in Germany when working in the public sector. At work, I am moving to fully solidify the role as a data protection coordinator and my boss involves me in some AI projects as well, and this is something I will be referencing. Got my Gold Member package from noyb , which included a sweet card. Reply via email Published 21 Apr, 2026 creating alternative public spaces that do not depend on the attention economy; also in the physical world, not just online reinforcement of crowd-sourced knowledge (good examples are Wikipedia, Community Notes, etc.) and better fact-checking regulations for more user agency (improving platform design from behavioral science insights like cool-offs or accuracy prompts, awareness campaigns and media literacy classes) demonetizing disinformation actors, and changing the business model of the platforms to no longer revolve around attention less polarizing algorithms, more decentralized platforms, more EU sovereignty. The Datenschutzkonferenz (DSK) of Germany published a press statement about three controversial legislative initiatives by the German government which significantly increase the digital surveillance and data collection for criminal investigations and crime prevention. This would enable police to use biometric data from internet sources (your selfies, your videos and voice uploads, etc.) together with large datasets (e.g., police records, seized devices, telecom data, internet data) to identify people and analyze them using automated systems to generate new intelligence. This means AI could be used to identify patterns, relationships, and risks automatically. The risks are obviously mass surveillance, false positives, lack of transparency and disproportionate intrusion on our rights based on very vague "prevention" promises. The DSK is against this blanket allowance and wants strict limitations and clear legal thresholds so the use is only in exceptional, well-defined cases with a data scope limit and exclusion of AI where not controllable. Related: The new police law in Northrhine-Westphalia, Germany, that enables the use of Palantir is being accused of being unconstitutional. The European Data Protection Board (EDPB) released their Annual Report for 2025. Mostly about the Helsinki Statement/Initiative, balancing regulatory simplification with fundamental rights protection, cross-regulatory cooperation (DSA, DMA, AI Act), harmonizing national and EDPB guidance, and practical compliance support. Biggest fine: Ireland with €530M due to TikTok data transfers to China. Related: They also published guidelines for processing personal data for scientific research purposes . This is especially interesting to me because I work with health data and I am very familiar with the recent EU push for RWD (real world data), more data collection from health insurance companies, and efforts like DARWIN EU . More and more AI-powered military tech , as written about by Correctiv [DE]. Munich has become a hotspot for the development of Precision Mass Warfare and optimizing the Kill Chain, especially due to the company Helsing. The entire topic is difficult to discuss: What data is used for the training and what is collected in the actual war situation? Who is responsible when innocent people are killed due to a bot mistake? Is this better than letting civilians go to war for their rich governments and getting traumatized? If other countries are arming up on new war tech, would it be irresponsible for you to not participate? Digitalrechte.de [DE]: The European Commission decided that the Digital Service Act (DSA) should also apply to ChatGPT, as it can be used as a Very Large Online Search Engine (VLOSE) as well. This means the risk minimization measures and analyses, transparency reports, data access for research, external audits, reporting of illegal content and more need to be implemented. AlgorithmWatch is looking at how LLM use can alter the decision making of politicians in important positions. What can happen if a politician relies on an AI summary of a very complex policy area? The picture that is being painted so far is a confusing one: Politicians seem to be using it, but don't actually want to be nailed down publicly to admitting to doing it, and don't want to share (some of) the prompts. The Federal Ministry for Environment, Climate Action and Nature Germany (BMUKN) released a recommendation for sustainable AI . They claim environmentally sustainable AI and economic competitiveness are not in tension, but can mutually reinforce each other. They focus on the specialized niche use cases of AI developed by small and medium-sized enterprises for predictive maintenance, quality control, machinery control and process optimization, so this is a little removed from the whole US-based huge data centers to facilitate sex roleplay with huge reasoning GPAI. Therefore, they conclude those use less energy, require less hardware, can be used more locally and provide more digital sovereignty. They suggest standardized, publicly accessible, independently audited environmental reporting frameworks for AI's computing-related impacts, funding to reduce climate impact and research ways to use less electricity and water, and dedicated "green models" or green modes. BayLDA (the Data Protection Authority for Bavaria, Germany) has published a recommendation/handbook for AI use in Bavaria's public administration. I'm not in Bavaria, but still useful to see and implement in practice elsewhere in Germany when working in the public sector. At work, I am moving to fully solidify the role as a data protection coordinator and my boss involves me in some AI projects as well, and this is something I will be referencing.
Andy Warfield writes about the hard-won lessons dealing with data friction that lead to S3 Files
As a non-Java coder, for the last ten years I’ve stumbled my way through the JVM-centric world of "big data" (as it was called then), relying on my wits with SQL and config files to just about muddle through. One of the things that drew me to Kafka Connect was that I could build integrations between Kafka and other systems without needing to write Java, and the same again for ksqlDB and Flink SQL—now stream processing was available to mere RDBMS mortals and not just the Java adonises. One thing defeated me though; if a connector didn’t exist for Kafka Connect, then I was stuck. I’d resort to cobbled-together pipelines leaning heavily on kafkacat kcat, such as I did in this blog post . I built some cool analytics on top of maritime AIS data about ships' locations, but the foundations were shaky at best: No failure logic, no schema handling, no bueno. What I really needed was a connector for Kafka Connect. However for that, you need Java. I don’t write Java. But Claude can write Java.
I wanted to explore the extent to which Claude Code could build a data pipeline using dbt without iterative prompting. What difference did skills, models, and the prompt itself make? I’ve written in a separate post about what I found ( yes it’s good; no it’s not going to replace data engineers, yet ). In this post I’m going to show how I ran these tests (with Claude) and analysed the results (using Claude), including a pretty dashboard (created by Claude):
Data protection, privacy and tech is a very dynamic field; every day, there are new court decisions, actions by big tech companies, and resulting questions, so thought I could share my resources that keep me informed. Unless marked with a German flag 🇩🇪, these are English. Not everyone has an RSS feed or their newsletter has additional info, so I settle for it. These are less interesting/applicable to you as a reader, but are still helpful for me. Reply via email Published 12 Mar, 2026 Interface-eu.org 🇩🇪 Zentrum für Digitalrechte und Demokratie 🇩🇪 Stiftung Datenschutz 🇩🇪 Netzpolitik.org European Law Blog Epicenter.works (🇩🇪 by default, but lets you select English version) Electronic Frontier Foundation TheCitizenLab 🇩🇪 Datenschutzkonferenz 🇩🇪 TÜV SÜD Datenschutz Blog Meetings with the data protection officer at my workplace. Following specific, notable people in the space - like via the RSS feed of their BlueSky or Mastodon. Magazine subscriptions like the Datenschutzberater My volunteer work at noyb.eu , translating and summarizing court cases, and learning about new events and projects in their Country Reporter meetings. Attending conferences, like the Beschäftigtendatenschutztag in Munich (2025) and Computers, Privacy and Data Protection (CPDP) in Brussels (2026, upcoming).
Ten years late (but hopefully not a dollar short ) I recently figured out what all the fuss about dbt is about . No it’s not (at least, not yet). In fact, used incorrectly, it’ll do a worse job than you. But used right, it’s a kick-ass tool that any data engineer should be adding to their toolbox today * . In this article I’ll show you why.
A service promising to protect your privacy is not able to keep you anonymous. Why is that? This distinction is actually really important in data protection and privacy laws. Anonymity is about the inability to link an action, message, or data point to a specific individual. If attribution is possible (even if difficult, like with pseudonymization), you are identifiable and therefore not anonymous. Privacy , however, is about the ability to limit or control access to personal information. The focus is not identity removal, but boundaries of who can observe, store, or process personal data. Personal data has to, by default, be linked to an individual, which makes you identifiable and not anonymous. If it isn't, it no longer counts as personal data. You can see this in the way the GDPR works; it doesn't apply to anonymous data, but personal data, and pseudonymous data still counts. Privacy can exist with full identification: Your doctor knows you and your diagnoses, but is protecting your health file from unauthorized access. On the other hand, anonymity can exist without privacy, like anonymous browsing that is still heavily tracked behaviorally. The way we ensure privacy has different mechanisms. In data protection law, this is referred to as "technical- and organizational measures" (TOMs). For example, these can be access controls, confidentiality obligations, encryption, and following the general principles of data minimization, storage and purpose limitations in the way your systems and organization are set up. Where we think they overlap is when we expect an entity to protect our privacy so an external actor cannot identify us. This is problematic in a variety of ways: When we are offered privacy, we implicitly assume privacy from everyone , while most privacy guarantees actually mean privacy from the public or third parties or less tracking than other services; not privacy from the service provider itself, or legal obligations/the state. Companies who aim to protect your privacy act more like privacy intermediaries : They shield users from outsiders or offer a service where less data is harvested or data isn't sold to third parties, but they still maintain some capability to associate activity with an identity. If you want anonymity at a service offering you privacy, you have to create it yourself by not giving the service a way to identify you. This can be done via using a fake name and address, using a way to pay that doesn't directly link your bank accounts or other payment info (privacy.com cards, or crypto, etc.), accessing it via a VPN, and possibly more precautions on an OS level (Kali Linux, containers etc.). That's cumbersome and not realistic for most people, as their threat level is not one of a whistleblower; however, you can of course decide to do it anyway. Even then, it might be impossible, depending on the service and what you share with it. You can be anonymous on a blog, but over the years, the very little vague information you share can paint a picture. If you use an email service for your normal email needs, you will likely receive all kinds of de-anonymizing information: Doctor's appointments, booking confirmations, event tickets and more, all with your real name and location. The correct move here would be to separate your different email needs into different accounts and addresses. Sensitive political organizing, for example, should be separated from your personal information, either the one you give the service directly, or any other private email coming in. Just remember at the end of the day: Privacy is conditional access to identity. Anonymity is the absence of an identity link. If the right legal conditions are met, access to identity is given. But if the service doesn't know who you are, it cannot reveal it. Reply via email Published 11 Mar, 2026
Technology has advanced to a point I could only have dreamed of as a child. Have you seen the graphics in video games lately? Zero to 60 miles per hour in under two seconds? Communicating with anyone around the world at the touch of a button? It's incredible, to say the least. But every time I grab the TV remote and decline the terms of service, my family watches in confusion. I don't usually have the words to explain my paranoia to them, but let me try. I would love to have all the features enabled on all my devices. I would love to have Siri on my phone. I would love to have Alexa control the lighting in my house and play music on command. I would love to own an electric car with over-the-air updates. I would love to log in with my Google account everywhere. I would love to sign up for your newsletter. I would love to try the free trial. I would love to load all my credit cards onto my phone. I would love all of that. But I can't. I don't get to do these things because I have control over none of them. When I was a kid, I imagined that behind the wild technologies of the future there would be software and hardware, pure and simple. Now that we have the tech, I can say that what I failed to see was that behind every product, there is a company. And these companies are salivating for data. If you're like me, you have dozens of apps on your phone. You can't fit them all on the home screen, so you use a launcher to find the ones you don't open every day. Sometimes, because I have so many, I scroll up and down and still can't find what I'm looking for. Luckily, on most Android phones, there's a search bar at the top to help. But the moment I tap it, a notification pops up asking me to agree to terms and conditions just to use the search. Of course I won't do that. Most people have Siri enabled on their iPhone and never think twice about it. Apple has run several ads touting its privacy-first approach. Yet Apple settled a class action lawsuit last year claiming that Siri had violated users' privacy, to the tune of $95 million . I can't trust any of these companies with my information. They will lose it, or they will sell it. Using Alexa or Google Assistant is no different from using Siri. It's having a microphone in your home that's controlled by a third party. As enthusiastic as I am about electric cars, I didn't see the always-connected aspect coming. I've always assumed that when I pay for something, it belongs to me. But when an automaker can make decisions about your car while it sits in your garage, I'd rather have a dumb car. Unfortunately, it's no longer limited to electric vehicles. Nearly all modern cars now push some form of subscription service on their customers. Have you ever been locked out of your Google account? One day I picked up my phone and, for some reason, my location was set to Vietnam. A few minutes later, I lost access to my Google account. It's one thing to lose access to your email or files in Drive. But when you've used Google to log in to other websites, you're suddenly locked out of those too. Effectively, you're locked out of the internet. I was lucky my account was restored the same day, apparently there were several login attempts from Vietnam. But my account was back in service just in time for me to mark another Stack Overflow question as a duplicate. I don't sign up for services with my real email just to try a free trial, because even when I decide not to continue, the emails keep coming. When my sons were just a few months old, I received a letter in the mail addressed to the baby. It stated that his personal information (name, address, and Social Security number) had been breached. He was still an infant. I had never heard of the company responsible or done any business with them, yet somehow they had managed to lose my child's information. I would love to not worry about any of this, but it's a constant inconvenience. Whenever I grab the TV remote, I accidentally hit the voice button, and the terms of service remind me that my voice may be shared with third parties . Technology is amazing when you have some control over it. But when the terms of service can change out from under you without warning, I'll politely decline and keep my tin hat close by. I have so much to hide .
Flight record about MinIO I wanted to leave a small flight record for my future self about what happened to MinIO. By the time I reread this, it will be old news. That is fine. This is less about the timeline and more about what it reminded me about my own preferences. I recently wrote about a data-first view of systems, where programs are transient and data is the center of gravity.
Data first, programs as guests Some ideas don’t arrive suddenly. They form slowly, through repetition and exposure, until one day they become visible. Over the years, I’ve noticed that the systems I’ve always felt most at home in share a specific trait. It took me a long time to see the bigger picture and name it clearly. In those systems, data is the center of gravity, not programs. Programs are transient.
Data
API
JSON
Security
Business
Java
AI
Cloud
Swift
Python
Programming
AWS
Tutorial
Sql
DevOps
Open Source