The L Word

I’ve been working with my team on a vision document for what we want our future digital library platform to look like. This exercise keeps bringing us back to defining the library of the future. And that means addressing the very use of the term, ‘Library.’

When I first exited my library (and information science) program, I was hired by Adobe Systems to work in a team of other librarians. My manager warned us against using the word ‘Librarian’ among our non-librarian colleagues. I think the gist was: too much baggage there.

So, we used the word ‘Information Specialist.’

Fast forward a few years to my time in an academic environment at DePaul University Library and this topic came up in the context of services the library provided. Faculty and students associated the library in very traditional ways: a quiet, book-filled space. But the way they used the library was changing despite the lag in their semantic understanding.

The space and the virtual tools we put in place online helped users not only find and evaluate information, but also create, organize and share information. A case in point was our adoption of digital publishing tools like Bepress and Omeka, but also the Scholar’s Lab.

I’m seeing a similar contradiction in the public library space. Say library and people think books. Walk into a public library and people do games, meetings, trainings and any number of online tasks.

This disconnect between what the word ‘Library’ evokes in the mind’s eye and what it means in practice is telling. We’ve got a problem with our brand.

In fact, we may need a new word.

Taken literally, a library has  been a word for a physical collection of written materials. The Library of Alexandria held scrolls for example. Even code developers rely on ‘libraries’ today, which are collections of materials. In every case, the emphasis is on the collection of things.

Now, I’m not suggesting that we move away from books. Books are vessels for ideas and libraries will always be about ideas.

In fact, this focus on ideas rather than any one mode for transmitting ideas is key. In today’s library’s people not only read about ideas, they meet to discuss ideas, they brainstorm ideas.

I don’t pretend to have the magic word. In fact, maybe it’s taking so long for us to drop ‘Library’ because there is not a good word in existence. Maybe we need create a new one.

One tactic that comes to mind as we navigate this terminological evolution is to retain the library, but subsume it inside of something new. I’ve seen this done to various degrees in other libraries. For example, Loyola University in Chicago built an entirely new building adjacent to the book-filled library. Administratively, the building is run by the library, but it is called the Klarchek Information Commons. In that rather marvelous space looking out over Lake Michigan, you’ll find the modern ‘library’ in all its glory. Computers, Collaboration booths, etc. I like this model for fixing our identity problem and I think it would work without throwing the baby out with the bathwater.

However, its done, one thing is for sure. Our users have moved on from ‘the library’ and are left with no accurate way to describe that place that they love to go to when they want to engage with ideas. Let’s put our thinking caps on and puts a word on their lips that does justice to what the old library has become. Let’s get past the L Word.


Locking Down Windows

I’ve recently moved Back to Windows for my desktop computing. But Windows 10 comes with enormous privacy and security issues that people need to take into account…and get under a semblance of control. Here’s how I did it.

There has been much written on this subject, so what I’m including here is more of a digest of what I’ve found elsewhere with perspective on how it worked out for me over time.

Windows Tweaker

This is a pretty good tool that does what Windows should do out of the box: give you one-stop access to all Windows’ settings. As it is, Windows 10 has spread out many settings, including those for Privacy, to the Settings screen as well as Registry Editor and Group Policy Editor.

There are dozens of look and feel tweaks, including an easy way to force Windows to use the hidden Dark Theme.

The Privacy Tab, however, is the single most important. There, you can easily turn of all the nasty privacy holes in Windows 10, such as how the OS sends things like keystrokes (that’s right!) back to Microsoft. The list of holes it will close is long: Telemetry, Biometrics, Advertising ID, Cortana, etc.


Speaking of Cortana, I was really excited that this kind of virtual assistant was embedded in Windows 10. I looked forward to trying it out. But then I read the fine print.

Cortana is a privacy nightmare. She can’t be trusted. She’s a blabbermouth and repeats back everything you tell her to not just Microsoft, but indirectly to all of their advertising partners. And who knows where all that data goes and how secure it is in the long run.


Turn her off. Pull the plug. Zero her out.

The easiest way to disable her is to set up a Local Account. But there’s more info out there, including this at PC World.

Local Account

When you first install Windows 10, unplug the ethernet and shut down wifi. Then, when you’re certain that all of MSFT’s listeners can’t communicate with your machine, go through the Installation Set Up process and when asked to create/log in to your Microsoft Account, don’t. Instead, use the Local Account option.

The down sides of going this route are that you can’t sync your experience, accounts and apps across devices. You also won’t be able to use Cortana.

The up sides are that using a Local account means you will be far more secure and private in whatever you do with your computer (as long as you maintain the many other privacy settings).

Reduce Risk and Streamline Your PC

Windows 10 comes crammed with many programs you may not want. Some of these may even be tracking and sharing, so if you don’t actually use it, why not lighten the load on your system and remove them.

You can do this the slow way, one app at a time, or you can use the Powershell nuclear option and kill them all at once.

I did this and haven’t regretted it one bit. So fire away…

Privacy Settings

I won’t go into all of this. There is plenty of solid advise on reducing your exposure on other sites (like at PC World) and some lengthy YouTube videos which you can easily find.

But it is critical that you go into the Settings panel and turn everything off at the very least. That’s my feeling. Some tell you that you even need to set up IP blocks to keep your machine from reporting back to Microsoft and its advertising partners.

Others say this is somewhat overblown, and not unique to Windows, like over at LifeHacker, so I’ll leave it to you to decide.


It’s really too bad that operating systems have gone down this road. Our PCs should be tools for us and not the other way around.

Imagine if everything that happened on your device stayed private. Imagine if it was all encrypted and nobody could hack into your PC or Microsoft’s servers or their advertisers’ databases and learn all kinds of things about you, your family, your work, your finances, your secrets. And yet, this is precisely what Microsoft (and iOS, Android and others) did, intentionally.

Frankly, I think its bordering on criminal negligence, but good luck suing when your data gets exploited.

Better safe than sorry…that’s my take. Do a little work and lock down your computer.

Good luck out there…


Killer Apps & Hacks for Windows 10

Did the UX people at Microsoft ever test Windows 10? Here are some must have apps and hacks I’ve found to make life on Windows 10 quick and easy.

Set Hotkeys for Apps

Sometimes you just want to launch an app from your keyboard. Using a method on, you can do this for most any program.

I use this in combination with macros like those noted below.

Quick Switch to VPN

vpn macro

VPN Macro

If you’re a smart and secure Internet user, you probably already use a VPN service to encrypt the data and web requests you send over the Internet (especially while on public wif-fi networks). But Windows 10 makes connecting to your VPN service a bit of a chore (I use Private Internet Access, by the way).

It’s weird because Windows actually placed the Connect to VPN in the Communications Center, but you still need to click into that, then click the VPN you want and then click Connect…that’s 3 clicks if you’re counting.

I’ve tried two methods to make this at least a little easier.

One caveat on all of this: if you log in with an administrator account (which I don’t because I’m concerned about security after all!), you could have your VPN client launch at start, but you’d still need to click the connect button and anytime you put the machine to sleep, it would disconnect (why they do that is beyond me).

With both methods, you need to manually add a VPN account to Windows built-in VPN feature.

Anyway, here are my two methods:

Macro Method

You can record actions as a “macro” and then save it as an executable program. You can then save the program to your desktop, start or taskbar. It’s a bit of a chore and in the end, the best you get is two-click access to your VPN connection…not the one-click you would get on a Mac. If my memory serves, this method only works if you log-in with an administrator account. Otherwise, you’ll be prompted for an administrator password each time…an who wants that?

Pin the Communicator VPN app to your Start pane.

This is actually how I ended up going in the end. To do this, you need to ‘hack’ a shortcut that points to your VPN settings panel (where the Connect button resides).

  1. On your desktop, right-click and select New > Shortcut
  2. A Shortcut wizard will open
  3. Paste ms-settings:network-vpn into the form
  4. Now pin the shortcut to your Start and you have quick access to the Connect dialog for your VPN

Switch between Audio Devices

Sometimes I want to jump between my speakers and my headphones and because I hate clicking and loath jumping out of Windows 10’s Metro design into the old-school looking Audio Device Controller, I followed the advice from The Windows Club. Their solution uses freeware called Audio Switcher to assign a hotkey to different audio devices.

I added Audio Switcher to my startup to make this a little more automated. Unfortunately, because I normally work in a non-administrator account on Windows 10, I get asked for an Admin password to launch this app at Startup. Egads!

In my case, I can now click the F1 (Headphones) and F2 (Speakers)  keys to switch playback devices for sound.

Overcoming the Windows Education or Windows Pro watermark

Windows embeds a horrible little Windows Education or Windows Pro watermark over the lower right corner of your desktop if you use one of those versions. There are two solutions to removing this remarkably distracting bit of text.

  1. Use a white background to “disappear” the white text
  2. Or, have an app sit over that space. I use MusicBee (recommended by LifeHacker) and set position the mini-version over that spot.
  3. Supposedly there’s a Regex trick where you delete the text but that’s a bit much work for me for such a slight annoyance.

Other Tricks

There are a couple other tricks that I’ve used to clean up Windows.

  1. Removing Metro Apps. This allows you to remove all the built-in apps that are there simply to confound your privacy and peddle your identity to Microsoft’s advertising partners. Remove them.
  2. Removing default folders from Explorer. If you’re like me and want better performance, you use a separate hard disk drive for your music, video and images and another drive (probably an SSD) for your OS and programs. Windows 10 is confusing for people with this kind of set up by placing folders in the File Explorer to your Images, Documents, etc. on your C Drive. In my case, that’s not the right drive. So I used the method linked above to remove those from Explorer.

Return to Windows

There’s a Windows machine back in my house. That’s right, after 14 years of Mac OS, I’ve shifted my OS back to Windows…on my primary computer!

Windows? WTF?

So, Mac OSX is still a superior operating system. But the gap between Windows and OSX has shrunk considerably with the launch of Windows 10, but that’s hardly a good reason to leave behind the most simple, well-designed and usable OS out there.

But Apple is steadily closing the noose on what computer users can do with their machines and this has really rubbed me the wrong way.

Besides, I had a dream. A dream to build a dream machine, that is. I wanted to build my own ‘Adobe Machine’ for home use and also be able to swap out hardware over time. In Apple’s ultra-controlled ecosystem, building such a device would be very, very costly and also fail to really expand over time. And for very practical reasons, relying on a finicky Hacitosh was out of the picture.

So, fed up with the self-imposed limitations of Mac, I went back to Windows…and this is my experience.

First Impressions

desktopSo, the design of Windows 10 is actually quite pleasant. The modern ‘Metro’ UI is very pleasant (I only wish it was applied uniformly across the OS–more on that later).

The Start (menu) is actually a great way to tuck all of your most important apps out of sight. And I love that it’s flexible, allowing you to organize apps and folders however you want. There are even ways to label and group apps however you wish. The librarian in me sings with these kind of organizational features.

I’ve found that I actually use the Start Menu as a replacement for not only my Desktop but also the Task Bar, which I only keep visible so I have the clock visible.

Maybe it’s the OSXer in me, but there are parts of Windows 10 that feel like redundant re-thinks of more familiar features. For example, the Action Center has quick access icons for things like VPN and creating Notes, all of which, one would expect would be handled by the Start Menu. There’s also the little arrow-thingy on the task bar where certain background apps live. Why?

An Unfinished OS?

As I began customizing and exploring Windows 10, I began to realize that Microsoft must have pushed Windows 10 out the door before the pain was dry. There are odd discontinuities you the pleasantly designed Metro aesthetic ends and you’re suddenly thrown into some god-awful old-school Windows environment. This happens in the Settings panel often, for example, once you get a couple levels down.

Uh, guys, the Metro thing really works. Did you not have time to reskin the old Windows 7/XP UI sections? Please do this soon. It’s like you drove up in a super sweet ride, with designer shades on your face and then you get out of the car and you’re not wearing pants! Actually, you’re wearing tighty-whities.

Also, what’s up with the VPN workflow? As it currently works, it takes no less than four clicks to connect to my VPN. This should be one or two clicks, really. Please fix.

There’s a very nice dark theme, but, alas, it only applies to certain top-level sections of the OS. The File Explorer (a heavily used part of the UI), actually does not inherit the dark theme. There are hacks out there, but seriously, this should be as universal as setting your color scheme.

Can’t wait for Windows 10 to get all grow’d up.


I’m going to write an entire blog on this, but Privacy is the biggest issue with this OS. Readers of my blog will know my personal feelings on this issue run strong. So I spent considerable time fighting Microsoft’s defaults, configuring privacy settings, messing with the registry (really?) and even doing a few hacks to lock this computer down.

Microsoft is really doing a number on its users. Windows 10 users are handing over unconscionable amounts of personal information over to Microsoft’s servers, their advertising partners and, if this info ever gets hacked (won’t happen, right?), to whoever wants to do a number on Windows 10 users.

Anyway, needless to say, I had to forgo using Cortana, which is sad because I’m very interested in these kinds of proto-AI tools. But as long as their phoning home, I just unplug them. Did the same to all the “Modern Apps” like Maps, News, etc.

Bottom Line

Breaking up with OSX was actually not as painful as I had expected. And I’m really enjoying Windows 10, save for a few frustration points as outlined above. Overall, it’s well worth the trade offs.

And my Dream Machine, which I christened Sith Lord (because it’s a big, dark beast), is running Adobe CC, rendering at light speed and could probably do the Kessel Run in less than 12 Parsecs.

Rewrite of the Jedi

swHi all, please indulge my inner geek as I take a little break from the normal discussion and have some fun re-imagining Star Wars.

If you’re like me, you’ve been thinking a lot about Star Wars as the new film debuts this weekend. Perhaps you even sat down and started watching the old films in preparation for the next installment.

Did you feel Lucas and Co. called it in with Return of the Jedi?

While not the galactic-scale train wreck of the Prequels, ROTJ always felt like a poor way to wrap up the Skywalker family tragedy.

Here’s my take on what was wrong and how I’d fix Return of the Jedi…and I’m not talking cosmetic fixes. I think to really do justice to Episodes IV and V, a new story line with whole new reveals and twists would have been in order.

What needs fixing

  • Leia should not have been Luke’s sister. We all agree: the suggestions (and actual acts) of romantic intrigue between Luke and Leia should have disqualified this plot twist from the start.
  • Ewoks were some of the least interesting, and one of the most annoying alien species of the entire story line.
  • The Han Rescue Mission was overly complicated, took up too much of the film and did nothing to move the story along
  • A New Death Star was a boring setting. Seriously, they couldn’t think of anything else?

Rewriting Jedi

There are two cliff hangers that need resolving in ROTJ left over from Empire:
1.    Han needs rescuing
2.    Luke needs to verify if Vader is truly his father or not

But before we handle Han’s rescue, since this obviously needs to get resolved so we can get back to the Skywalker family story, we need to set up the finale of the film with an opening scene. In the new opening crawl, we learn that Vader has been granted his wish to pursue his son, while the Emperor focuses on a new super weapon that will spell certain peril for the Rebellion. We also learn about how the Rebellion plans to retrieve Solo so that they can get back to fighting the Empire.

The story opens with the Emperor arriving on his personal Star Destroyer, scaring the crap out of everyone on board. He announces to the captain, “We have a new weapon that will be housed aboard this ship. Your crew will be expected to follow strict protocols of secrecy. Any deviation from them will call for extreme disciplinary action, captain.”

“As you command, my Lord.” Gulp!

dagobahWe then transition to Luke back on Dagobah confronting Yoda and Obi Wan over the reveal from Empire that Vader is his father. As in the original, Yoda will be dying and confirm Vader is Luke’s father and finishes his last breath with: “There is another Skywalker.” Only this time, he adds: “Heed the lesson in the cave…” Also as in the original film Obi Wan’s ghost explains the reasons for withholding the information and explains that the other Skywalker was Luke’s twin sister. But Obi Wan does not know who she is or where she is since, for security reasons, that information was not provided to him, but he felt that she was likely raised on Alderaan. So she may be dead.

After Yoda passes, Luke darkly departs for the Han Rescue operation.

And now on to Han’s rescue. First off, if you’re Leia and in command of a kickass Rebel Alliance who owes much to Han Solo, you certainly aren’t going to waste time with a ragtag, risky, undersized rescue effort. You’re gonna use an army to get your man.

And, of course, the Empire is gonna know this is what you’re going to do. Ah, the plot thickens.

So, in my revision, the rescue effort quickly returns us to the Rebel vs. Empire battle but also shows off how far Luke has come in his training (and then some). The plan goes as follows: Luke, Lando and Chewbacca will lead a ninja-like raid into Jabba’s palace with massive backup led by Leia poised to support him if things go south. Luke leads the stealth incursion into the palace, past a sleeping Jabba, neutralizes Jabba’s palace guard and locates Solo (who is no longer encased in carbonite but in prison and perfectly ready to fight his way out with Luke’s help). Solo quips something incredulous like: “Kid, this ain’t no Imperial base. You think you can just waltz in and waltz out?” Luke: “I’ve learned a few new tricks.”

Luke, Lando and Chewie nearly free Han, but then at the last minute as they’re nearing the exit, out walks Vader, Boba Fett and a battalion of storm troopers. Vader is holding Jabba’s head in his hands and flings it into the room: “You forgot to bid farewell to your host.”

Outside, Leia is realizing something is wrong just as Imperial troops engage the rebel position outside the palace.

Back inside, Luke and Vader duel while they continue their conversation about that little Father thingy Vader dropped last time they met.

Meanwhile, Chewie is badly wounded by Boba Fett. Lando and Han do a good job fighting back against the storm troopers but Lando is cut off from Han and Luke when Han blasts the door blocking off the storm troopers. “Sorry, old buddy,” Han says comically. Han then goes after Boba Fett. The two tussle hand-to-hand with Boba pulling out all kinds of nasty surprises from his suit. But Han anticipates them all: “Boba, don’t you have nothin’ I didn’t teach you first?” Eventually, Han kills Boba and then checks on Chewie who is bad off but alive. They call Leia and let her know Vader is inside the palace.

The Rebels are now aware that they have an opportunity to kill Vader and move aggressively to cut off the palace.

Back in the fight, Vader then shows us the power of the Dark Side once more and uses his strangulation technique on Han with one hand, while fighting off Luke with the other. “Only through the Dark Side can you save him,” Vader insists. Luke is enraged as Chewie cries out for Han. Vader snaps Han’s neck and lets his body fall to the floor. Luke begins to let his anger take control.

Leia’s forces sweep into Jabba’s palace, but are quickly matched by the Imperial forces hiding within. It’s a pitched battle and in the end, Leia is also captured and Vader threatens to kill her too if Luke does not surrender to him.

Defeatedly: “Very well, but I will never turn,” he says to Vader.

“Perhaps you already have,” Vader asserts.

There is a tense standoff as Luke and Vader leave the planet, leaving Chewie and Leia to mourn over Han’s body.

Back among the main Rebel fleet, Leia interrogates captured Imperial officers from the fight on Tattoine and learns about some ominous new weapon the Emperor is prepping in orbit above Couroscant. They fear a new Death Star is in the works and decide that an all out attack on the Emperor is their only hope. Leia is accused of letting her anger cloud her judgement and that perhaps she is putting her personal friendships before wise strategy. But in the end, she convinces the rebels that it’s all or nothing.

Aboard Vader’s Star Destroyer, Luke communes with Obi Wan and Yoda. They warn him that the Emperor should not be underestimated. Luke must remember his training and resist. Luke says: “The Dark Side seems impossible to resist,” To this Yoda says: “Your friends. Remember the strength of the bonds you have to them. You will not find such bonds on the Dark Side. Only servitude and sorrow. Remember this, you must!”

The rebel fleet prepares for their final assault. A wounded Chewbacca with a robotic leg growls angrily as Leia details the plan. The Rebels have learned that the Emperor himself is overseeing the construction of the super weapon, which their intelligence tells them is housed on a specially outfitted Star Destroyer to avoid detection. They have also learned that Luke Skywalker is being held aboard that ship.

The goal is to attack the Emperor’s palace on the Capital to divert Imperial forces from their real target: the super weapon on the Star Destroyer. Leia and a smaller force will take two large cruisers, one attached to the other piggyback fashion. The lower cruiser will collide into the Star Destroyer and begin driving it into the atmosphere. X-wing fighters will take out any escape pods that might hold the Emperor. When the Star Destroyer is hopelessly falling into the atmosphere, the reard Rebel Cruiser will detach from the other and take the rebel crew to safety. During this, Leia has a secret mission with the droids, Chewbacca, Lando and herself to get Luke. If they fail in time, they will perish with the Star Destroyer.

The Emperor finally makes an appearance as Vader brings Luke to the throne room of the Star Destroyer. We are treated to much the same dialogue of the original script. But this is interrupted when it is announced that a Rebel fleet has just come out of hyperspace above the Capital.

battleThe rebel fleet bursts just above the atmosphere and begins firing large ion cannon weapons onto the surface while also engaging Star Destroyers and (what the hell) orbital battle stations that look like miniature Death Stars intended for taking out large spacecraft.

The Emperor mocks the attack as “pitiful” (with a little spittle shooting out of his maw) and cackles in delight. “Soon, you will turn and join us in executing the final destruction of the Rebel Alliance.”

Luke replies: “The only thing I will destroy is you, your Highness!” and uses the Force to retrieve his light saber from the Emperor’s chair. As in the original film, Vader and Luke then go at it. I really liked this part of the film and I wouldn’t change much here. Except as Luke grows angrier and angrier and ultimately defeats Vader, he turns on the Emperor.

The Emperor: “You foolish boy. Nothing can stop the inevitable rise of the Dark Side over the Galaxy. Your friends’ assault on the capital is misguided as is your faith in them. And yourself.” The Emperor rises from his chair menacingly. “The Empire is now in possession of the ultimate power in the Universe and I intend to use it to wipe out the Rebel Alliance in short order.” A door opens and out walks a young woman in black Sith clothes.

“Darth Tera, meet your brother.”

The two fight in a dead even match with the Emperor clearly enjoying the fight. Luke does his best to convince Tera to join him and destroy the Emperor, talking about how the Dark Side nearly seduced him too. But that it doesn’t have to be that way. “There is good in our family. I can feel it.”

Tera is clearly troubled by this, but these mixed feelings just make her go wild with rage.

Vader, at the Emperor’s feet is clearly surprised. “You never told me there was another.”

“You have failed, Lord Vader. Now observe the true power of the Dark Side as it conquers the Light.”

teraSuddenly, an alarm sounds and the ship rocks as Leia’s ship strikes dead center into the Star Destroyer, it’s engine blasting the ship into the atmosphere.

Leia, Lando, Chewie and the droids blast their way between the ships and begin their rescue mission of Luke.

Luke senses this and begins using telepathy with Leia like he did on Cloud City in Episode V. She follows his directions, fighting their way against impossible odds. Fortunately, most of the crew are abandoning ship in life pods and shuttles which are picked off by the Rebel fighters.

Now knowing that Leia and the others are on the way, Luke’s confidence grows. “I can save you,” he says to Tera. And then to Vader: “I can save both of you. You can be free of the Emperor. You can return as Jedi.” This clearly has an effect on the Sith Skywalkers.

The ship growns as it begins hitting the atmosphere. The Emperor has had enough.

“You are both pathetic,” he scorns. Then, he goes after Luke with his lightning power lecturing all of them on the power of the Dark Side.

Vader is the first to rise up to Luke’s defense. At first Tera tries to stop her father, but Vader pushes her aside and she hesitates. The emperor blasts Vader and they tumble together over the precipice in a more revealing struggle that is terribly violent and makes you sympathetic for Vader. We do see them crash on the floor of the tunnel, with Luke and Tera looking over the side at their bodies.

Leia and company blast their way into the room with Luke and Tera standing over the precipice. “Luke!” she screams. “There’s still time to escape! Come on!”

Luke looks at Tera. “Come with me.”

“It’s too late for me.”

“That is the Dark Side speaking. But the Light offers hope.”

The heroes all run out of the room and make their escape to the rebel ship, which detaches from the front cruiser and joins the rebel forces at their rendezvous point. There is discussion about the victory over the Emperor and hints that Planets are putting their fear aside to join the alliance. “We will build a New Republic,” Luke says.

“It is time for the Galaxy to heal,” he adds, turning to his sister, now in white robes.


ProtonMail: A Survivors Tale

Beginning November 3rd, encrypted email service provider, ProtonMail, came under a DDOS attack by blackmailers. Here is my experience, as a supporter and subscriber, watching from the sidelines. It’s a survival story with many heroes that reads like a Mr. Robot script.

Why Encrypt Your Email?

ProtonMail is an encrypted email service that I just love. It overcomes the problems with email providers’ harvesting your personal data for resale, the pitfalls of these databases falling into criminal hands and just plain weirdness you feel when every word, attachment and contact is shared to whomever.

To make my point on why everyone should use encrypted email, like ProtonMail, consider this experience: I recently had to fill out an affidavit confirming my identity but did not have all the particulars with me, such as past addresses, etc. No problem, I just logged into my 12 year old Gmail account and did some searching. In no time, I had all the personal info the affidavit required to prove my identity.

It’s not that I purposely saved all this information in there. It just accumulates over the years organically.

Imagine if that data fell into the wrong hands.

ProtonMail is a crowd-funded, free email service that comes out of the CERN laboratories in Switzerland and MIT. The engineers at these research facilities were inspired by the revelations of Edward Snowdon about back doors into email servers and the general collection of data by governments, so they built ProtonMail.

The service is simple, elegant and super secure. The encryption happens through the use of a client-side password, so theoretically, nobody, not even ProtonMail, can decrypt your emails and read them.

ProtonMail Taken Down

The recent Distributed Denial of Service (DDOS) attack began on November 3rd when a group held for ransom access to ProtonMail’s email service. This was a very sophisticated attack that flooded their servers with requests, but also their ISP. The result was that ProtonMail and several other sites, including e-commerce and banking sites, were unreachable. After failing to successfully fight back, the ISP and other firms put enormous pressure on ProtonMail to pay off the cyber gang. They did so and the attack stopped…momentarily.

Less than half a day later, the attack re-commenced. This time it was even more sophisticated and destructive. And, things got even weirder. The original blackmailers actually contacted ProtonMail to let them know they were not involved in the new attack. ProtonMail is pretty certain that the second attack was likely a state entity.

You can read all the details on their blog post on the incident.

Over this past weekend, November 7-8th, ProtonMail launched a response to the ongoing attack, deploying new defensive technologies used by large Internet firms, funded through a GoFundeMe campaign. As of this writing nearly 1,500 individuals donated $50,000 in just 3 days to help in this regard.

Those would be the first, rather large, set of heroes. Thanks to you guys!

Click here to add to the fund.

Social Networks Get the Word Out

The media was really late to this story. It was not until the end of the week that the first news reports came out about the blackmail story made sexier by the fact that the ransom was paid with bitcoins.

Most of the breaking news, however, was only available on ProtonMail’s Twitter feed and their Sub-Reddit.

It was on their Twitter page that they first disclosed the moment-by-moment details of their fight to restore access and their ultimate attempt to fund new defensive technologies. It was on Reddit that the controversy and pain was aired such as reactions to their payment of the ransom and frustration of everyday users at not being able to access their email.

People really gave them a lot of credit, however. And it was heartening that, despite some rather single-minded rants, most people rallied around ProtonMail.

Lessons Learned

One thing I was surprised about were some of the complaints from business people that were using ProtonMail as their exclusive business email. They were losing money during the attack so they were often the most irate. But you have to wonder about someone using an emerging tool like ProtonMail for something so critical as company email. Obviously, new Internet services take time, especially when they are not backed by seasoned VCs who are risk adverse.

I personally had not made the switch to ProtonMail entirely. Part of this was because they don’t have an iPhone app yet, which is where I do about 50% of my emailing. But I was getting close.

So, yes, I had a few important emails get bounced back to the senders. And perhaps one or two have been lost permanently (I may never know). But it does go to show that, for the foreseeable future, ProtonMail is not a reliable sole-email solution. However, given the work they are doing in response to the latest attack, this event may be the turning point that makes them a truly stable email service.

Just this morning, they came under another attack, but unlike previous days over the past week, they were back online very quickly. Hopefully this means their new defenses are paying off.

Bottom Line

ProtonMail rocks. I really love it. The recent DDOS attack only confirms that the good team at CERN and MIT are dedicated to doing what it takes to keep this alive. I can think of other such services that have folded when they came under similar pressure. In fact, the user community around ProtonMail is as serious as ever, shelling out the money required to safeguard encrypted email just when it counted.

There will likely be further trouble ahead. The British government has suggested it might ban encrypted email services. And who knows how the US will respond long term. So, there could be more chop ahead. But for the time being, it seems that ProtonMail may have survived a very critical test of its resilience.

Stay tuned!

Private Email to Foil the Snoops – ProtonMail Review

As we’ve been learning over the past few years, privacy has been getting the thousand cuts treatment. Everyone’s been in the act. Et tu Google? You betcha.

Fortunately, you can stop inadvertently BCC’ing Google, the NSA, the Chinese government, hackers, marketers and other creepers of your personal content. That’s thanks to some good people who actually live by the mantra to “Do No Evil” who have created ways for email users everywhere to keep their messages between them and their recipients.

Over the past week, I’ve been exploring one of these, ProtonMail.

The True Cost of Free Email

Most email services are profitable because they sell everything that you type and attach in your emails to marketing companies. Vast profiles about you are generated from this content. Think about it: what diseases you talk to your relatives about, your political and religious beliefs, who you spend your time with, even documents you attach from tax info to intimate photos. It’s all in there, and it’s all for sale.

You might immediately wonder why your email provider is collecting all this. It’s none of their business, right? Well, it is because you made it their business when you agreed to the terms of service. Even down to the attachments, by using services like Gmail and Yahoo! Mail, you are granting that company to access and sell the content to ad companies and beyond.

Now imagine that this database on you was to be hacked. Can’t happen? It has. The Chinese government hacked Gmail and has likely gleaned a ton of information on the world’s Gmail users. Most likely, they were interested in what their own citizens were writing, but if you ever wrote anything critical of China or work for a company with exposure to China, they might find that interesting too. Who knows!

The US Government has also hacked into Google (and just about every other Western tech firm) as well.

And if these entities can do it, so can criminals and the mischievous. So, again, why are we letting these firms put our information at risk in the first place?

Good news: you don’t have to anymore…

Private and Secure Email

Alternatives to Gmail and other market intelligence-based email services include:

HushMail and StartMail were early services that took your privacy seriously. Both promised not to ever sell your data, but their business model made up the difference by charging you for the pleasure of living privately and secure.

Tutanota and ProtonMail, on the other hand, are free. Both use similar end-to-end encryption techniques and are quite similar in most respects. When I weighed which one to go with, I ended up choosing ProtonMail, only because their servers are based in Switzerland, a country that has outlawed the seizure of private computer content.

My ProtonMail Experience

ProtonMail was created by developers working at the CERN lab in Switzerland who were inspired by Edward Snowden and who were shocked at how weak online security was becoming, thanks to very aggressive and dangerous actions by global intelligence services.

ProtonMail uses encryption that is unlocked locally, on your machine, so even if anyone broke into ProtonMail’s servers, they would need a few more years than the age of the Universe to decrypt your content. Translation: it’s pretty damn secure, despite claims that the NSA can decrypt encrypted data. They would still need a lot of time and effort to do so, so it’s unlikely they’ll go to such an effort unless you’re an active terrorist (or the leader of Germany).

Best of all, you can send securely encrypted emails even to people using Gmail or Hotmail. You do this by checking a box, creating a password and an optional password hint for the recipient. They then receive an email with a link to ProtonMail. By following that link, they are taken to a secure web page inside ProtonMail where they can read and reply to your message by using the password. Or, if it’s nothing you’re worried about sending, you can just send it as regular, unsecured email to your Gmail friends, in which case it works as normal…but can be gleaned for any info you might have carelessly included.

Here’s how ProtonMail pans out.

UI and Functionality

This is more than just a bare bones email service. ProtonMail comes with a secure Contacts manager, email search and many other features you would expect in a modern email service.

The UI is clean and very straightforward.

Probably the hardest thing about using ProtonMail is the encryption, but not because it’s complicated…it’s drop dead simple…but only because it adds a step to your email creation if you plan on sending encrypted emails to people on Gmail, for example. In this case, you just have to come up with a good password and hint that your friends can figure out. It can actually be a little hard to come up with something that isn’t as easily hacked as “The city we met in.”

The other complication is that you have two passwords. One is used to access your mailbox and the other is used to decrypt the messages. So you have to enter two of these. In my case, I use KeePass password manager, so I just create super crazy, long, gibberish-based passwords for both of these and store them in the manager. Then it’s just a copy and paste action that I need to do twice when I log in…slightly easier, in fact, than using the two-factor authentication I use with Google, compounded by my non-use of cookies.

The Mom Test

I tested the recipient experience with my Mom (very non-technical) and some friends (generally non-technical) to see if any of this would keep people from reading and replying to me. So far, ProtonMail only snagged my mom, because she didn’t think of using caps on a name I was using for the password.

My mom also didn’t understand that she had to reply from within the browser window. Some caveats here: I believe she still thinks of email as something that she has to do in AOL.

My friends fared much better with no reports of trouble. So overall, I’d say there is a small learning curve for some recipients.

The Private Future

The hope here is that most people will gravitate over to ProtonMail or services like them, so that everyone’s on the same, private page. As I mentioned above, there are some extra steps with using ProtonMail with non-ProtonMail recipients. But if you’re communicating with friends that also use ProtonMail, the encryption is already there and you can relax…so obviously, I hope you all join ProtonMail.