2023 In Review
If you're anything like me, you spend large swaths of time throughout the year agonizing over the many obstacles in your way. Although I don't tend to publicize the challenges (especially when they're ongoing), I do like to take a moment each December (or January) to focus on some of our collective accomplishments. It's a good reminder that progress is possible even when the odds seem insurmountable. I hope you'll celebrate with me as I run through some of the successes of this past year, and that I get the chance to celebrate yours with you.
Security Planner
I was lucky enough to work with Jeff Landale this year, who completed a full content audit of Security Planner. In total, we made about 400 changes to keep our security content both up-to-date and easy to read. Working with Office/Bureau, we also improved Security Planner's keywords, search, indexing, and feedback form.
I spoke about Security Planner at CypherCon in Milwaukee, alongside Common Sense Media and some colleagues in a Consumer Reports webinar, and on podcasts like Safe Mode and Short Explanations.
Security Planner was cited in USA Today, SMEX, Access Now, Games Hotline Digital Safety Guide, Equality Labs’ anti-doxing guide, SaferJourno, and more. I can't wait to show you what we do next.
Data Brokers
The Big Ass Data Broker Opt-Out List is a labor of love I created in 2017 to help friends who were worried about being doxed because of who they are or what they do. This year, I made eight major updates, mostly in response to pull requests from volunteers.
The list was cited by Wirecutter, Tech Crunch, the Games Hotline Digital Safety Guide, Lifehacker, Freedom of the Press Foundation, Ford Foundation’s Cybersecurity Academy, Equality Labs, Disengage by Linda Formichelli (my very first freelance writing coach!), Tom Kemp’s book Containing Big Tech: How to Protect Our Civil Rights, Economy and Democracy, and in the first issue of Whitney Merrill’s awesome new zine, Reflector. I was also mentioned in a Tall Poppy blog post and tweeted out by the amazing Eva Galperin.
Stay tuned for new research peripheral to people search sites soon!
yaelwritesMemory safety
I’ve been seriously concerned about memory safety for some time, and am thrilled that I got to do some work around it in 2023. Early in the year, I wrote a report summarizing our 2022 convening on memory safety.
This led to the opportunity to speak on an Enigma panel on memory safety alongside Josh Aas and Alex Gaynor, who taught me almost everything I know about memory safety.
Our work was also cited in the Washington Post, IEEE Spectrum, Inside Cybersecurity, The Register, Tech Talk, ZDNet, and Dan Hon’s blog, Things that Caught My Attention. It was also a footnote in a CISA report, was discussed in the Oxide and Friends podcast, and was mentioned in my favorite cybersecurity newsletter, Zack Whittaker’s This Week In Security.
I was also thrilled to attend Tectonics to talk about memory safety roadmaps for companies. I’m hoping all of this publicity and the convergence of different groups and organizations taking this issue seriously leads to systemic change.
Freelance
No matter how happy I am in my day job, I find that I always continue to freelance. This year, I had my very first byline for the Atlantic about what big tech knows about your body, a post that my beloved high school history teacher reached out to congratulate me on. (Yes, this is one of my greatest accomplishments.)
Yael Grauer
I also wrote about online voting provider Democracy Live paying for academic research in an attempt to sway U.S. lawmakers for Cyberscoop, a story that was cited in the Washington Post, Vermont Digger, and Zack Whittaker’s amazing newsletter, This Week in Security. It was also mentioned in the Vermont Legislature’s Senate Committee on Government Operations.
<a href=“https://cyberscoop.com/author/yael-grauer/” class=”″ title=“Yael Grauer” rel=“author”>Yael Grauer</a>
And I completed one more update for my online textbook for Stukent, Business Writing: A Content Marketing Approach.
Speaking
In addition to some of the conferences mentioned above (Enigma, CypherCon), I also spoke at CactusCon with David Huerta in what I hope will continue to be an annual roast of bad tech reporting. I did a tech journalism AMA at ThotCon in Chicago.
I spoke about tech journalism over Zoom with students at the Reynolds School of Journalism at the University of Nevada in Reno. (They had the most amazing questions!) I spoke about cybersecurity for journalists and journalism educators to the international scholars participating in the Study of the United States Institutes (SUSI) Scholars initiative at ASU today, as part of the six-week Institute on Journalism, Technology and Democracy sponsored by Cronkite and the Global Security Initiative. As a Cronkite alum, this was a real honor.
I also spoke on a Reproductive Health Informatics panel, discussed the translation of security guides on a remote RightsCon panel, and spoke alongside some badass investigative producers, filmmakers, and videographers at a virtual event called Spectres: Case Studies in Countercultural Democracy. I moderated an Ask the Government Anything: Secure by Design edition panel at DEF CON’s Crypto + Privacy Village (covered in Politico and The Messenger Tech). And I was lucky enough to be a guest on a bunch of podcasts, some of which I’ve mentioned above: Crowdcast, Oxide, Short Explanations and Safe Mode. I do hope to travel less in 2024 but glad these speaking gigs happened.
Older Projects
One of the awkward things in publishing is that sometimes projects span multiple years. There are a few projects I worked in in 2023 that I won’t be able to share until 2024 or beyond. The Atlantic piece mentioned above was written in 2022. This year, my VPN work from 2022 was cited in Engadget and Bloomberg, and reporting I did that was published in 2021 was mentioned by Human Rights Watch. These projects don’t exactly ever end, so look for more soon.
Professional Development
I had an amazing year in professional development, so consider all of these recommendations! I kicked things off with the Management Center’s course, Managing Projects, and a Reforge class called Product Management Foundations. I participated in Poynter’s amazing Lead With Influence course, as well Ford Foundation’s inaugural Cybersecurity Academy. I signed up for Right To Be’s virtual bystander intervention training, and even attended IRE’s Phoenix workshop on investigative reporting. I took a week off to go on my very first writing retreat in Taos, New Mexico at the lovely Mabel Dodge Luhan house, with Jen Louden and a group of fabulous women, where I worked on a book on investigative reporting.
For fun, I signed up for an Atlas Obscura class on designing soft circuits and e-textiles, and watched a lot of videos on everything from magic to ukulele. I even did an online challah, halvah, and rugelach baking course! (Thank you, Bake With a Legend.)
Miscellaneous
I was happy to continue serving on the CyberMed Summit Board of Directors this year, and to attend the conference in DC. On a more personal note, I helped raise $619 for the Trevor Project during a Facebook birthday fundraiser. And here's to 2024! All of these projects really took a village, and I'm hoping the collaborations and momentum continues well into next year.