2024 in Review
At the end of the year, I like to pause to celebrate the projects I’ve worked on that have crossed the finish line. These are largely collective accomplishments, a testament to friends and colleagues and an incredible community. In addition to focusing on what somehow got done against seemingly impossible odds in an extremely difficult year, I hope this recap helps connect people with projects and resources and ways to plug in or get involved. Thank you for taking a look back with me.
Security Planner
Early in the year, we launched a complete redesign and rebuild of Security Planner, a tool that provides personalized recommendations and expert advice to help people secure their data and devices. Security Planner 3.0 incorporates tools from three comprehensive user experience studies. It includes a streamlined and simplified layout for easier reference and navigation, improved filtering and sorting, adjusted graphics, content improvements, the ability to see your entire plan on one page to minimize unnecessary scrolling, and tips displayed in descending order of importance rather than by category. We continued making enhancements throughout the year, which included improved animations, a glossary of terms, simplified Spanish, and accessibility improvements. It was a pleasure working with the talented folks at Significant Other (previously Office/Bureau) along with my colleagues at Consumer Reports on the redesign.
People Search Removal
In 2017, after lamenting about how hard it was to scrub a mailing address off the internet, I launched the Big Ass Data Broker Opt-Out List (BADBOOL) in my personal capacity. This project was designed to help people opt out of people search sites. I updated it multiple times this year, improving the accessibility of link text and keeping everything up-to-date as data brokers folded, merged, or simply changed their opt-out process.
For a fee, a variety of services claim to remove your data from people-search sites, but some work better than others. People often ask me which services they should pay for (or have their work pay for) to speed things up, and I finally have a data-based answer. This summer, we released our findings in a people search removal service report I wrote for Consumer Reports in collaboration with Tall Poppy, an organization that built tools and offers services to help companies protect their employees against online harassment and abuse. We recruited 32 Community Reports volunteers, enrolled them in one of seven people-search removal services or manually opted them out in a control group, and evaluated the results.
Our research showed that some services (like EasyOptOuts) give you a lot of bang for your buck. However, I noticed that some sites may not be covered in a paid service. As an add-on to BADBOOL, I created an additional page called FIG (Filling in the Gaps), to help people who signed up for paid services and want to supplement that with manually opting out of services they don’t cover. (Like BADBOOL, FIG is a personal project.) Simply look up your service in the chart, see what isn’t covered, and tackle it manually. It’s even prioritized so you can follow the emoji to figure out where to start.
Cyber Readiness Report
This year I started a new role at Consumer Reports as Program Manager, Cybersecurity Research. In many ways this was simply a nod to work outside of Security Planner I was already doing, such as investigative research and reports. One of those was our annual Cyber Readiness Report, which I co-wrote with the amazing Stacey Higginbotham. The report has important new information on scams disproportionately affecting consumers of color.
Policy
I'm lucky to be working with policy whiz Justin Brookman this year, and dipped my toes in a bit of policy work when my team filed public comments to Cybersecurity and Infrastructure Security Agency (CISA) in support of their recently released ”Product Security Bad Practices” guidance. I also wrote a post about how charging for essential software security features undermines public safety. This was in support of cybersecurity firm Zatik Security's SaaS Safety Bar, which defines nine basic security measures that all SaaS users need for their safety, including those on free or low-cost plans.
Speaking
This year I went to Las Vegas to speak about my people search removal service work and data brokers more generally at DEF CON 32’s Crypto & Privacy Village. I traveled to California to speak about Security Planner and data brokers (particularly people search sites) at the first ever Personal Security Village at Security BSides San Francisco, organized by Tall Poppy. I attended NGO-ISAC’s conference in New York City, where I spoke on a panel moderated by Victoria Kauffman alongside Leigh Honeywell, Shauna Dillavou about the increasingly complex digital threat landscape for nonprofits and NGOs.
Closer to home and in my personal capacity, I moderated a panel at the University of Arizona in Tucson to draw attention to Infrastructures of Control, a border surveillance border exhibition. The panel featured a variety of experts on the border, including Isaac Esposto (No More Deaths), Dora Rodriguez (Salvavision), Pedro De Velasco (Kino Border Initiative), Todd Miller (The Border Chronicle), and Daniel Torres (Daniel Torres Reports).
Also in my personal capacity, I spoke at CactusCon with PPT whiz David Huerta in our fifth annual roast of bad tech reporting. We focused on common tropes in privacy and surveillance technology that journalists get wrong again and again.
I also presented Security Planner to NGO-ISAC virtually, as a tool for people responsible for the security of the nonprofits at which they work. And I spoke on a webinar for Community Reports volunteers to give them an update on our people search removal work and ways that people can protect themselves without playing opt-out whack-a-mole, such as the info on our page on protecting your financial data.
I often learn more at conferences in which I'm not speaking, which was definitely the case in 2024 at the Cyber Civil Defense Summit in DC, LABScon right here at home, and the very last XOXO in Portland. I also went to DC to attend a one-day writing and reporting workshop organized by Compiler and Humane Intelligence, to learn how to use Humane Intelligence's open source, no-code test and evaluation platform. And I tabled for Security Planner at All Tech is Human's Data Privacy Day in New York.
Media and Citations
I was thrilled to speak about various pieces of my work or to have it cited in a wide variety of news outlets, including ABC, Ars Technica, Axios, AZ Family, Forbes, the Freedom of the Press Foundation blog, IAPP’s daily newsletter, KUT/Texas Standard, Marketplace Tech, Money Talk News, TechSpot, The Record, The Register, and WHEC.
Security Planner received a shoutout in the “happy corner” of my favorite newsletter, Zack Whittaker’s This Week In Security. It was also included in CISA’s High-Risk Community Protection Planning webpage, which launched in April as the product of a year-long collaborative effort led by the Joint Cyber Defense Collaborative (JCDC). And it was listed in Amnesty International’s new Digital Security Resource Hub for Civil Society.
At work I was quoted in CR stories about banking apps and even got to test some lip balms. Some of my CR posts were updated, including ones on browser-based password managers, removing information from people-search sites, responding to a data breach, and tips for better passwords. There were also a couple of great articles on the findings in our Cyber Readiness Report and our people-search report.
I was listed in the credits for Safer Journo “for the incredible thorough read-through and dozens upon dozens of wonderful comments,” which is my favorite reaction to the voluminous commentary.
Freelance Work
This year, my online textbook for Stukent, Business Writing: A Content Marketing Approach, was used in colleges and universities across the country for one final year.
In 2023, I co-authored an update to Electronic Frontier Foundation’s street-level surveillance hub, which is now live.
I continue to work on a handful of freelance projects, including a book for No Starch Press and an article series that should be up by spring.
Impact
It’s incredibly heartening to see projects from years prior still having impact. In March 2020 at the height of the pandemic, Micah Lee and I wrote a post about Zoom lying about its end-to-end encryption which was published in The Intercept. This was something I discovered while bugging Micah while trying to make sure there wasn’t an error in a story I’d just written for OneZero. The article–or rather, Zoom’s dishonest claims–led to an $85 million settlement to a class action lawsuit, but now Zoom has offered $18 million to settle a US Securities and Exchange Commission probe related to its privacy policies and communications. Since the article was published, Zoom launched a real end-to-end encryption feature to both free and paid users worldwide. I’m glad to have played a small part in that.
Speaking of small roles, I have written and spoken a bit about the audio capabilities of Ring doorbell cameras in 2022, for Consumer Reports and in collaboration with EFF rock star Matthew Guariglia. I was pleased to learn that Ring announced it will no longer facilitate police requests for footage from users. As Guariglia writes, “This is a victory in a long fight, not just against blanket police surveillance, but also against a culture in which private, for-profit companies build special tools to allow law enforcement to more easily access companies’ users and their data—all of which ultimately undermine their customers’ trust.”
Professional Development
When it comes to security, I'm always trying to level up—or at least stay current. This year I attended IWMF’s one-day Newsroom Safety Across America course in Phoenix and started Ford Foundation’s Physical Safety School, led by the Collective Security Group.
I also finished Poynter ACES’s Introductory Certificate in Editing course which I had started in 2023. A lot of it was review but I always enjoy nerding out on the nuances of language.
Sometimes people get upset with me when I don’t remember having met them years prior. But in general I’ve been fascinated by memory champion Nelson Dellis ever since I read Joshua Foer’s amazing book, Moonwalking with Einstein. I started Dellis’ course, Everest Memory Masterclass, in 2023, but didn’t wrap up the main modules until this year. And while I'm not yet able to memorize decks of playing guards or long strings of 1s and 0s, I now know how other people do this!
Sparkle Quest
I almost skipped this section to try to keep this post purely profesh, but I do think finding ways to care for ourselves is important--especially for anyone working at a non-profit organization, in the arts, or in public policy.
I was feeling a bit burned out and in my annual review meeting with Pam Slim, I decided to go on a sparkle quest. Each year I pick a word or theme to focus on, and 2024’s word was Sparkle. This involved a lot of actual sparkle–sparkly clothing and accessories and such–but also seeking out moments that made me feel alive.
Those moments included being surrounded by an explosion of flowers at Buchart Gardens in Victoria, B.C., getting afternoon tea with my husband at the Promenade in London, drinking a snowy plover in Seattle and green tea at Lon Su in Portland, dressing up for not one but two costume parties, and finally solving Omegamart. I went to both Speakeasy Magick and Magic Afterhours in New York and saw the Conjurors’ Cabin of Wonders in Las Vegas.
I ate dumplings in San Francisco and ekmek in Victoria. I spent an entire day nerding out at Bletchley Park, once the home of the World War II Codebreakers. I took a day off to make a scented candle and hanging out at the Museum of Illusions. I played Puzzled Pint with friends. I went to the most amazing cocktail bars in San Francisco, Portland, New York, DC, Victoria, and of course here in Phoenix. I bought the most over-the-top sparkly jacket at Frock. I did a lot of gardening, baked challah, visited spas, and walked in the snow in Colorado. I spent a lot of time reading both fiction and non-fiction, including some amazing graphic novels.
I did acusound and yoga with sound bowls and bought my very own set of Koshi chimes, which are the audio representation of sparkle. I saw Amethyst Kia and Iron and Wine play the best show with live shadow puppetry. I went to see Jake Shimabukuro play with bassist Jackson Waldhoff and special guest Justin Kawika Young in a show that brimmed with positivity and joy. I saw two Shakespeare plays in Flagstaff at the Lowell Observatory, where I also got to learn more about Pluto and look at the sun through a telescope between performances. Mostly I was after stillness and sparkle and wonder, and I found it in spades. I'll be transitioning from this year's sparkle to fuzziness in the new year, and am hoping to make the best of whatever 2025 has in store.
Upcoming Speaking Gigs
I’ll be speaking about people search removal at ShmooCon in D.C. this January. In my personal capacity, I'll be recapping bad media takes with David Huerta at CactusCon in Mesa, Arizona this February. I hope to see some of you there!