On becoming a digital nomad

I am getting close to hitting the pandemic wall. Like many of you, I have been trying to be safe, following the rules, limiting my social contacts. Not getting on planes, going to any f2f meetings or even driving very much. I think last year my wife and I put a grand total of 6,000 miles on our car. So here is my current fantasy: becoming a digital nomad and living in some foreign country.

It is very ironic, this fantasy, because to some extent I already am a digital nomad, just without any of the nomadic travels. I have had my own freelance writing and speaking business now for several decades, but always have had a nearby office. (Mine is across the street from my home, but it could be anywhere in the world). Yet all my work is done for clients remotely. In some cases, I haven’t ever met some of them f2f. I was talking about this with my accountant, who lives just a few miles away. She and I have worked together for more than a decade but have never physically met.

In years past, I was semi-nomadic: I did a fair amount of travel to industry events, to speak at conferences, or to work with my clients at their offices. But now, thanks to the pandemic, that is all off the table. There is also an upside to the pandemic though: some companies have loosened their remote work restrictions and no longer care where in the world you work, just as long as you have the connectivity, the tools, and the time zones that you consider part of your workday firmly in place. This last issue is important: if your employer expects to find you at your desk or online at a certain time, you need to structure your day accordingly, wherever in the world you might be.

If you are considering becoming a digital nomad, you might want to study up on how to make the transition, as well as to figure out where in the world the Global You HQ will set up shop. Now is certainly the time to think about this, especially as many countries are trying to make it easier for nomads to settle – in some cases for years or more. Here are two resources that have the most current info on which countries are offering this arrangement, one from GodSaveThePoints and one from TravelOffPath. The list is somewhat fluid, as countries are changing the rules and evolving their Covid restrictions often at the same time. You can see some countries have placed income requirements: they want to attract nomads who have resources and income to come, and who will continue to work and earn their livings there. If you are just starting to think about becoming a digital nomad, there are dozens of blogs that describe the process, such as this one on TwoWanderingSoles.

In the past, pre-pandemic, nomads usually worked in a country under the radar, using 90-day tourist visas. You can still do this, if you understand that when the time is up, you literally must pack your bags and get out of Dodge. You can then find your next post and take up another 90-day residency. But that can get tiresome. And it could be risky: in these Covid times, you might not be able to get on any flights and then you would be in trouble when you try to leave on an expired visa. So that is where the digital nomad visa comes into play. Actually, the name is somewhat misleading, because it really is a temporary residency permit for an extended period of time.

I spoke to Bryan Cooley, who is a serial tech entrepreneur that I met when he was living in St. Louis. He has lived in various places around the world and now spends half the year in Manila as a permanent resident. He has spent at least a week in more than 130 countries and dozens where he has lived at least a month. I asked Bryan about his Internet connectivity, and he told me it has never been an issue. “I have had better connectivity than back in the US, even in some very remote areas.” Certainly, Covid has disrupted his travel plans: for example, even though he is a permanent resident in the Philippines, under current rules he can’t return if he leaves during the pandemic. He is looking into getting residency in Australia. He feels the digital nomad visas are mostly marketing efforts: “There are so many people traveling and going where they want to live. It has been going on for a long time. These programs are very limited in terms of numbers.”

A tech writer colleague of mine, Sharon Fisher, decided to go nomadic last fall, and has been to both Aruba (from October to January) and is now in Bermuda with her partner. I asked her how she ended up in these two places. She said that first she examined if Americans could enter the country, how their Covid cases were being handled, and what kind of broadband internet was available. Part of her Covid research was in understanding how onerous their quarantine protocols were. “We didn’t mind testing and staying home for a while, but we didn’t want to have to each pay $5000 to be sequestered for 14 days in a specific hotel on arrival.”

Next, they looked at the AirBnB situation, and so far they have had great experiences with the hosts they stayed at. They also need to have a close time zone to US operations: “we looked at Saipan (an island in the middle of the South Pacific) but that meant having to work in the middle of their night,” she told me.

Her biggest issues so far were groceries, transportation and bandwidth. “Food is more expensive than we anticipated, milk and produce in particular. Rental cars in Aruba were expensive but necessary. There are no rental cars in Bermuda, so we take the bus. Internet has been fine in the AirBnBs, including streaming video, with two people using the Internet just about constantly.” They also have T-Mobile cellular coverage which enables international data roaming but they eventually bought local SIM cards in Aruba.

What about her travel in the time of the Covid? “Ironically, it’s actually kind of been easier because Covid has reduced the number of choices we’ve had to make, and everyplace is less crowded. But the hardest part about traveling now is the existential question of ‘should we be doing this?’ The people in Aruba were very appreciative that some travelers were still coming, because of how dependent their economy is on tourism. Also, both countries have had much lower incidences of Covid than where we were in the US, and people seem to take it far more seriously. We personally have been much safer in these countries than we would have been in the US, and we have taken all the steps we can to ensure that the people in the other countries are safe as well. We realize what a privilege we have, and we appreciate it.”

If you are thinking about becoming a nomad, here are a few more points that I want to make. First, learn as much about the expat culture of your target destination. There is a difference between expats – people from elsewhere who intend to live there for the long haul – and nomads, who might not want to stick around or who want to travel as part of their newfound freedom. Bryan mentioned these communities might not be everyone’s cup of tea: “there are a lot of nomads who don’t really know what they are doing.”

Second, look at places that are specifically focusing on startups, such as Madeira Their website offers links to coworking places, long-term housing rentals, and other aspects of their support for digital nomads. Yes, the number of people that will be accepted to this program is small, and Americans can’t yet travel there — but it represents an interesting step in the nomad field. Next, don’t forget about your digital entertainment. If you expect your streaming services to deliver the same programming you have gotten in the US you might want to experiment with various VPNs. Also, understand the Covid vaccination program at your destination. Sharon mentioned that her “current plan is to stay in Bermuda through March, return to the US, get vaccinated, then see what options we have. If we aren’t yet able to get vaccinated, we will likely stay in Bermuda until we can. So far as I know we can stay for up to a year.”

Finally, learn about the changes that the EU has in store for its visa requirements in the near future. That could influence how your plans evolve once we are finally out of the pandemic.

Avast blog: Understanding the circle of digital certificate trust

If you recall the scene in Meet the Parents where the characters played by Robert De Niro and Ben Stiller discuss the “circle of trust,” then today’s blog will resonate with understanding of how your own digital circles of trust are constructed. Recently,  Google decided to ban Spanish CA Camerfirma after repeated operational violations. The ban will come into effect with the launch of Chrome version 90, scheduled for release in mid-April. What this means for you, and how digital certificates are used in your daily computing life, are explained in my blog post for Avast here. 

Haters gonna hate: fighting Holocaust deniers across social media

A new report from the Anti-Defamation League has reviewed the stated hate speech policies of nine different social media platforms. Unlike other studies, it also tests their responsiveness to user reports of violations of those policies. The ADL is an organization that has been operating for more than 100 years trolling (literally) these waters. They were specifically interested in how social media propagated posts made by Holocaust deniers across their networks. They scored each platform in terms of intentions and how they performed in terms of preventing hate speech on such issues such as:

  • Did the platform investigate the report and promptly respond (defined as within 24 hours) to the complaint?
  • Do users of each platform understand why it has made a certain content decision based on its stated policies?
  • Did the platform take any actual action once something was reported?

You can see a part of their report card above. Before I get to the grades given for answering these and other questions, I want to talk about my own personal experience with Holocaust denial. About four years ago, my sister and I went to Poland to see the places where our mom’s family came from. One of our cousins did some genealogy research and found an ancestor who lived in a small town in northeast Poland who was a rabbinical judge back in the 1870s. One of the stops on our trip was to visit Auschwitz, and you can read my thoughts about that day here.

One of the exhibits at the site was about the German engineering firm that designed the mass extermination equipment. For years, the copies of the original drawings used to build this gear were kept from public view by the denier network. But eventually they were sold to someone who flipped from being a denier to someone who realized the legitimacy of these plans, and that’s how we were able to finally see them.

Several years ago I attended a lecture by Jan Grabowski, a history professor from Ottawa. He has done extensive research into Polish Holocaust history, despite the current denier political climate where he and his research associates and colleagues have been threatened and in some cases jailed for their work. Grabowski is affiliated with the Polish Center for Holocaust Research in Warsaw which is attempting to find primary source records to document what happened during those dark times. Add to this a recent survey of millennials that found that 56% of the respondents could not even identify what Auschwitz was about.

From these two personal moments, I realize that we need more evidence-based approaches and to disseminate facts rather than fiction or misdirection. That is where the social networks come into play, because they have become the superhighway of these fictions. Let’s not even glorify them by using the term “alternative facts.”

Let’s return to the report card. Sadly, only Twitter and Twitch acted against the Holocaust denial content reported. No network got any A grades across the ADL’s rubric, to no surprise. Twitch, the gaming social network, scored B’s. Twitter and You Tube got C’s. Facebook and others received grades of D.

Based on its research, the ADL has some recommendations:

  • Tech companies must make changes to their products to prioritize users’ safety over engagement and reduce hateful content on their platforms.
  • All the platforms need to do a better job on transparency. They should provide users with more information on how they make their decisions regarding content moderation. This is especially urgent, given the recent decisions to terminate several high-profile accounts.

You can read others at the link above. My final point: yes, censoring hate speech — whether it about the Holocaust or whatever — is destructive to our society. Just look at the mob that swarmed across our Capitol earlier this month. The social networks have to decide whether they can step up to the task. And while it bothers me that we have to censor the most dangerous of hate speakers, we do have to recognize their danger.

Avast blog: How to celebrate Data Protection Day

Today is known as “Data Privacy Day” in the US and in other countries around the world, and the theme chosen by the US National Cybersecurity Alliance for this year’s event is about owning your privacy and respecting others. Somehow it seems fitting, given that we have been under lockdown for most of the past year. In my post for Avast’s blog, I talk about some of the ways you can get better at protecting your privacy. But realize that it is a constant struggle, particularly as you can compromise your privacy from so many places in your digital life. The key takeaway to remember is to watch out for your privacy more than once a year.

What’s up with WhatsApp privacy (Avast blog)

Last month, I wrote about the evolution of Instant Messaging interoperability. Since posting that article, the users of WhatsApp have fled. The company (which has been a subsidiary of Facebook for several years now) gave its users an ultimatum: accept new business data sharing terms or delete their accounts. For some of its billion global users, this was not received well, especially since some of your data would be shared across all of Facebook’s other operations and products. The change was indicated through a pop-up message that requires users to agree to the changes before February 8. The aftermath was swift: tens of millions of users signed up for either Signal or Telegram within hours of the news.

If you are interested in getting more of the details and my thoughts about whether to stay with WhatsApp or switch to Telegram or Signal, you should take a gander over on the Avast blog and read my post.

WhatsApp pushed off the change until May, which was probably wise. There was a lot of bad information about what private data is and isn’t collected by the app and how it is shared with the Facebook mothership. For example: while the change deals with how individuals interact with businesses, Facebook has and will continue to share a lot of your contact data amongst its many properties. What this whole debacle indicates though is how little most of us that use these IM apps every day really understand about how they work and what they share. My Avast blog tracks down the particular data elements in a handy hyperlinked reference chart.

The problem is that to be useful your IM app needs to know your social graph. But some apps — such as Signal — don’t have to know much more than your friends’ phone numbers. Others — such as Facebook Messenger — want to burrow themselves into your digital life. I found this out a few years ago when I got my data dump from Facebook, and that was when I deleted the standalone smartphone app. I still use Messenger from my web browser, which is a poor compromise I know.

Speaking of downloading data, I requested my data privacy report from WhatsApp and a few days later got access. There are a lot of details about specific items, such as my last known IP address, the type of phone I use, a profile picture, and various privacy settings, This report doesn’t include any copies of your IM message content, and was designed to meet the EU GDPR requirements. I would recommend you request and download your own report.

One of the sources that I found doing the research for my blog post was from Consumer Reports that walked me through the process to make WhatsApp more private. You can see the appropriate screen here. Before today, these items were set to “everyone” rather than “my contacts” — there is a third option that turns them off completely. This screen is someplace that I never visited before, despite using WhatsApp for years. It shows you that we have to be vigilant always about our privacy — especially when Facebook is running things — and that there are no simple, single answers.

Never before have we so many choices when it comes to communicating: IM, PSTN, IP telephony and web conferencing. We have shrunk the globe and made it easier to connect pretty much with anywhere and anyone. But the cost is dear: we have made our data accessible to tech companies to use and abuse as they wish.

Avast blog: Covid tracking apps update

After the Covid-19 outbreak, several groups got going on developing various smartphone tracking apps, as I wrote about last April. Since that post appeared, we have followed up with this news update on their flaws. Given the interest in using so-called “vaccine passports” to account for vaccinations, it is time to review where we have come with the tracking apps. In my latest blog for Avast, I review the progress on these apps, some of the privacy issues that remain, and what the bad guys have been doing to try to leverage Covid-themed cyber attacks.

Avast blog: It’s time to consider getting a Covid-19 vaccine passport for travel

As the number of people getting vaccinated against Covid-19 rises, it’s time to review the ways that people can prove they have been inoculated when they want to cross international borders. These so-called “vaccine passports” have been in development over the past year and are starting to go through various trials and beta tests. The passports would be used by travelers to supplement their actual national passport and other border-crossing documents as they clear customs and immigration barriers. The goal would be to have your vaccination documented in a way that it could be accepted and understood across different languages and national procedures.

In my blog for Avast, I talk about how these passports (such as the CommonPass open source one being developed above)  could prove to be a solution for travelers crossing borders, but they also come with their own set of challenges


Where is your phone central office?

I have written before about my love affair with telephone central offices. This past week, we all now know where Nashville’s CO is located, and we mourn for the people of that city. Nashville is a city that I have been to numerous times, for fun and for business. Little did I realize as I walked among the honky tonk bars and restaurants on Second Street that I was passing by its main CO, which offers a wide range of communication services.

Like the CO that was buried by the collapse of the World Trade Center back in 2001, there was a lot of water damage from the firefighters, and the Nashville repairs were hampered by having to work around the crime scene investigators. But still, within a few days AT&T was able to get various services back up and running, including 911 and airport communications, along with wired and cellular services. The company deployed a series of portable cell towers around the region. The lines that went through this CO connected not just Nashville but areas that were in adjoining states.

This is the conundrum of the CO: in the early days of telephony, they had to be located in densely populated areas, because stringing copper lines from each termination point cost money. To shorten the lines, they had to put them near the people and businesses that they were connecting. This means that you can’t easily protect them with physical barricades a la Fort Knox (or other government buildings). Plus, there are more than 20,000 COs in the US by some estimates. That is a lot of real estate to protect or potentially relocate.

COs are also relatively easy to find, even though many of them are located in nondescript building in major urban areas. My own CO sits like Nashville’s across from a similar collection of restaurants and commercial businesses. There are websites lovingly constructed by other fans of telecom, such as this one or this one that show photos of the actual buildings (although you will have to work a bit to find their street addresses). In my blog post from 2018, I posted pictures of several COs that I have been to, including one on Long Island where I brought my high school networking class on a field trip back in 2001.

Whether or not the bomber was intentionally targeting AT&T’s CO or not, one thing is pretty clear to me: these COs are the weak points in any terror campaign. I don’t have any real solutions to offer up here, just an aching spot in my heart for the men and women that have built them and keep them running.

N.B. This is the last day of a horrible year, a year punctuated with my own personal health story that had nothing to do with Covid. I want to send out a note of thanks to all of you that took the time to send me your support, and hope that you found your own support team to help you along as well. Here is my wish that 2021 will be better for all of us, and that we can support and care for each other to make it so.

Who benefits most from Facebook: the right or the left?

What I will take away from 2020 — apart from the worldwide pandemic and my own health issues that had nothing to do with it — is how Facebook solidified its position and the primary incubator for hate groups. And despite repeated attempts to try to prove otherwise, it continues to fan the flames of hate from both sides of the political spectrum. Instead of helping free speech, it is poisoning the world with its memes and encouraging like-minded people to join in its toxic spew.
This piece by Adrienne LaFrance in the Atlantic goes further, saying that Facebook has become the embodiment of the “doomsday machine,” first made popular during the Cold War and the central plot device of Dr. Strangelove, a movie we should rewatch in this new context. “Facebook does not exist to seek truth and report it, or to improve civic health, or to hold the powerful to account,” she says. “It has the power to flip a switch and change what billions of people see online. No single machine should be able to control so many people.”
Does Facebook cater more towards the left or right of the political spectrum? Earlier this month, we were treated (if you’ll forgive me) to both Zuck and Jack Dorsey being grilled by the Senate Intelligence Committee. (Here is the coverage by the NY Times.) Half of the questions asked by the Republican Senators were about censoring conservative voices and what political parties were supported by their staffs. “Facebook and Twitter have maintained that political affiliation has no bearing on how they enforce their content moderation rules,” said the Times. I would agree: they support hate from both sides of the political spectrum.
If you examine Kevin Roose’s Top 10 list of Facebook posts on Twitter, you can see if you go back to before the election that these lists were dominated almost completely by right-wing groups. More recently it has been more evenly split right/left, but still there are days where only a couple of the top 10 are from moderate or lefty outlets. This article from October documents how Facebook routinely sets rules for content moderation, then breaks them in favor of posting right-wing viewpoints. This has resulted in an outsized reach and engagement, which eclipse more centrist or left-leaning POVs.
Going back to the summer of 2019 when there was that White House right-wing blogger summit, we saw a marked spike in their support as documented by the Washington Post.
But this issue is getting to be old news. Just this past week, Facebook put up this web page, accompanied with full-page newspaper ads claiming that they are on the side of small businesses. They are going after Apple’s attempt to eliminate tracking cookies and make your mobile activities more private. Apple has proposed a pop-up warning when it detects a cross-site cookie, with this mockup. One analysis of the conflict says this illustrates Apple and Facebook’s different approaches to privacy and whether endusers or advertisers will foot the ultimate bill. Regardless, the irony and shameless factor from both companies is too much.
I usually come to this point in my posts where I offer some suggestions. Sadly, while our Congress continues to ask the wrong questions, there are no easy ways out of this. And even though we have destroyed many of our nuclear warheads, with the billions of us fueling social media’s every moment, there are far too many silos that are distributed across the planet, ready to launch their hateful rhetoric at the push of a button.

Securing your IRS online account

It is hard to believe that it has taken the US IRS all this time to figure out a better authentication mechanism for taxpayers. But starting next month, all taxpayers can apply for an identity protection personal identification number (IP PIN) to block identity thieves from falsely claiming any tax refunds. To give you an idea of the magnitude of this problem, the IRS says several billions of dollars of phony refunds have been prevented through its half-hearted efforts to date. This includes phony refunds that are issued to taxpayers who never filed returns.

The IP PIN process used to be for high-risk taxpayers: those who have been victims of refund fraud attempts in the past. Starting next month, we can all join this party (hopefully not the victims group). They explain all of this here, which they call “secure access.”

To participate, you will need a “real” cellular phone number (vs. an IP service like Google Hangouts) and your email address. You will also need a credit card or some other financial instrument (not a debit card) to prove your identity. If you are concerned about giving your phone number to the IRS, you can substitute your postal address and they will send the confirmations that way.

The IP PIN is a six-digit code that changes annually. That is annoying — why not use Google-like authenticator smart phone app —  and to make matters more confusing, this differs from the five-digit PIN that is used during the e-filing process for your return. (When I first typed in e-filing, I didn’t use a hyphen and one of the suggestions was effing. That isn’t too far from reality. But I digress.)

Even though the IP PIN effort isn’t happening until next month, you can sign up for your IRS electronic account now.  (CORRECTION: The IRS took down the service until January, see the link in my comment.)

This will be a prerequisite for the universal IP PIN process. You’ll notice that particular link isn’t mentioned in the earlier link that explains what secure access is: Dontcha just love our gummint? Anyway, I spent about 20 minutes getting my digital ducks in order for myself and about the same time for my wife’s account. My first credit card for some reason wasn’t accepted, and the site was initially down the time I tried to sign up my wife. I was going to use my Amex card but the IRS doesn’t take that either. Eventually, both of us passed muster and created our accounts It was nice to see that we didn’t owe the IRS any money from past filings.

If this has awakened a desire to be more proactive about protecting your digital identity, Brian Krebs has a bunch of other suggestions that he calls “planting your digital flag.” They are all good ones, although if you are paranoid about your privacy you might want to think about the security tradeoffs you are making.