Recent Articles

[Reuters][1]:

> Martin Schulz, the president of the European Parliament, said that if the report was correct, it would have a “severe impact” on relations between the EU and the United States.
> “On behalf of the European Parliament, I demand full clarification and require further information speedily from the U.S. authorities with regard to these allegations,” he said in an emailed statement.

So maybe if we can’t get *our* Government to answer us another Government can get answers for us. Sad, but likely.

[1]: http://news.yahoo.com/u-bugged-eu-offices-computer-networks-german-magazine-162017024.html

[From The Washington Post on new information about how PRISM works][1]:

> The FBI uses government equipment on private company property to retrieve matching information from a participating company, such as Microsoft or Yahoo and pass it without further review to the NSA.

This sounds a lot like “direct access” to me.

[1]: http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/

[Eyder Peralta][1]:

> A Defense Department spokesman tells us that the DoD is “not blocking any websites.”
> Instead, it is blocking offending content.

That content which is being blocked is anything that is classified — but once something is published publicly how can it still be classified?

Additionally, wouldn’t this make those whom we trust to protect us the least informed?

On another note: good to see that the U.S. and China agree on [some things][2].

[1]: http://www.npr.org/blogs/thetwo-way/2013/06/28/196571320/u-s-army-restricts-access-to-the-guardian-website
[2]: http://greatfirewallofchina.org

Dalton Caldwell [has written up some likely scenarios on the Google Reader shut down][1], as it pertains to publishers on the web. The scenarios he offers are mostly ‘meh’ situations, but I have a completely different take. ((*Shocking.*))

I actually think this shut down parallels well with implementing a paywall on your site, because both are creating natural obstacles for people. Every alternative RSS reader I have seen and tried isn’t as simple as Google Reader. What made Google Reader simple is that everyone already had a Google account so they could naturally discover this other “thing” and start using it, Google made discovery, use, and signup easy.

Now that same group is going to switch? Yeah right.

More likely: this is going to be a reality check for a lot of websites. Sure, the numbers (RSS subscribers) will be boosted in the days immediately following as many try multiple services at once, but in a month or two? My guess is the numbers will be way down.

My thinking is:

1. A lot of people got sucked into RSS by Google, but don’t really care about RSS. Maybe they check it here and there, but they won’t miss it when it’s gone.
2. A lot of people will simply find other ways that they think sufficient — ways that would not be sufficient for a nerd. (Twitter, Facebook, Friends, etc.)
3. This presents itself as a really great time for nerds to clean out their subscriptions — and many sites won’t make the cut. “I still subscribe to that site? Not anymore.”

So we have users that just don’t care enough to continue with RSS and the more nerdy set that does care enough, but may, or may not, keep subscribing to your site — because they do care about what they read, they will likely take this moment to reevaluate their subscribed feeds.

## Side Note

The most lucrative way to run a blog is with RSS Sponsors. You can charge quite a bit — people paid me about $500 per week with only 8,200 subscribers before I stopped — this is the best source of money for a blogger. That money is in jeopardy here not because of Google Reader, but because of Feed Wrangler.

Feed Wrangler offers Filters that can filter out keywords. This is great if you are tired of iWatch rumors, and typically doesn’t hurt bloggers.

But you know what will hurt? Filtering out sponsored RSS posts. The reason you get paid more for RSS sponsorships than for “banner” style ads is because the blogger can more or less assure you that your post *will* be seen by X-many subscribers. Google Reader showed it all to you. But with new RSS readers hell bent on making things better for users, well it’s only a matter of time before an RSS reader comes to market with an automatic “sponsored posts blocker”. I think that’s a killer feature for users, and an income killer for bloggers.

[1]: http://daltoncaldwell.com/where-will-google-reader-traffic-go

I’ll be honest, he needs a more badass voice, but still worth [watching this short video on Seattle’s Phoenix Jones][1].

[1]: https://vimeo.com/69041352

One of my bigger complaints with the Tom Bihn Smart Alec is that I have a bit of friction getting the strap on and off my body. That’s good in that it means the strap fits well and comfortably when on, but it’s cumbersome. I received a response from Tom Bihn about this that detailed how he loosens the strap when he takes it off and tightens when he puts it back on — I’ve been doing that same trick too.

Tom Bihn promised me a video on this a while ago and a couple of days ago they sent it over. [Here’s the video][1], but as you will notice (as apparent by the title of this post) this is not just about taking a backpack on and off. No this is about packing the Smart Alec for a hike. I didn’t think much of that until I watched the video — because holy cow does he fit a lot in that backpack. (The strap trick is right in the last 30 seconds or so of the video.)

Worth a watch if you want to see just how much a backpack like this will hold.

[1]: http://www.tombihn.com/blog/smartalechikevideo

[Marco Arment][1]:

> Since WWDC, every iOS-imitating UI looks ancient. Soon, they’ll start to feel obsolete. Most imitating efforts will need to be redone or abandoned to look current. And what will happen if people try to imitate iOS 7?

This is a great post from Marco, well worth a read as it is going to affect everyone with a phone. While I don’t think “defense” was the motivation behind the redesign, I do think it’s a nice fringe benefit.

I doubt it drove the design, but if the design could lend a hand — why not?

What I will tell you is that I will have very little tolerance for apps that don’t feel native on iOS 7. What that means is that my home screen is effectively up for grabs.

Every app on it feels old and gross on iOS — make your app feel native and I’ll switch to it just to get something that looks modern. That’s a big deal, because I certainly won’t be alone. ((This is similar to what happened when phones went retina and when the iPhone 5 came out needing taller apps. Similar, but not as big of a potential.))

[1]: http://www.marco.org/2013/06/27/ios7-as-defense

Speaking of Shawn Blanc, [he has a great overview of how to use Smart Streams in Feed Wrangler][1]. I think that’s one of the neatest features of all the new RSS readers and likely to be very powerful in the long run.

[1]: http://shawnblanc.net/2013/06/feed-wrangler-smart-streams/

[Shawn Blanc on his assumed departure from NetNewsWire][1]:

> And I know I’m not the only one. This weekend a lot of us will say goodbye to an old friend. You’ll forgive me if I’m a little sentimental, but if you’ve been reading this site for longer than a day you know I’ve got an affinity for fine software.

NetNewsWire was the first client I ever got for RSS and it introduced me to the medium. With the beta of version 4, and the pre-lease price of $10, I went ahead and bought [NetNewsWire 4][2]. I am a huge fan of [Fever°][3] and [Sunstroke][4]. They are great tools for RSS, but lately when I am out and about I have found I don’t have time for RSS — it’s too much. Instead I rely on App.net and (yes) Digg.com to stay up to date on what’s going on. That’s less overwhelming and faster.

So for the moment I am using NetNewsWire 4, un-synced to the web, and just checking my feeds when I happen to be at my Mac. So far I am loving the heck out of it.

[1]: http://shawnblanc.net/2013/06/nnw/
[2]: http://netnewswireapp.com
[3]: http://feedafever.com
[4]: https://itunes.apple.com/app/id488564806

[Alex Berenson][1]:

> We have treated a whistle-blower like a traitor — and thus made him a traitor. Great job. Did anyone in the White House or the N.S.A or the C.I.A. consider flying to Hong Kong and treating Mr. Snowden like a human being, offering him a chance to testify before Congress and a fair trial? Maybe he would have gone with President Vladimir V. Putin anyway, but at least he would have had another option. The secret keepers would have won too: a Congressional hearing would have been a small price to bring Mr. Snowden and those precious hard drives back to American soil.

This is just the tip of the iceberg — I hope the government decision makers get held responsible for the shitty handling of this so far.

[1]: http://www.nytimes.com/2013/06/25/opinion/snowden-through-the-eyes-of-a-spy-novelist.html?_r=0

When I was [writing about Apple’s privacy statement][1] regarding PRISM, I noted that wording around iMessage was rather vague and that I wanted to know more. I really didn’t get more information, but cryptographer [Matthew Green was also interested and did a little poking around iMessage][2]. His post is a fantastic read about what Apple may or may not being doing — because really we need Apple to reveal at least the high-level methods of encryption they are using before we know any of this for sure.

What does seem clear from Green is that iMessage *is* encrypted, but that Apple controls that encryption — this is an important point. It seems likely Apple *could* turn over at least a few days worth of iMessage content if compelled by a Government order — and highly probably that they store the meta-data for iMessage in a way that is easy to turn over if compelled.

Essentially it comes down to: how much do you trust Apple, and how much do you care about the government reading your iMessages?

[1]: https://brooksreview.net/2013/06/apples-commitment-to-customer-privacy/
[2]: http://blog.cryptographyengineering.com/2013/06/can-apple-read-your-imessages.html?m=1

Let’s start off with Conor Friedersdorf, [with a closing statement that *might* have been shocking only a month ago][1]:

> To sum up, America, the privacy protections you’re afforded are much weaker than you’re being led to believe, and when it comes to destroying communications that concern U.S. citizens, the NSA is either lying to the Senate about its ability to flag those communications, or else misleading the public about how reliably the communications of American citizens are destroyed.

Michael Horowitz, [writing for Computerworld has another unsettling discovery][2] about the security of HTTPS transaction — specifically talking about outlook.com in this passage seems to have some *slightly* more shocking information:

> But every lock has a key and outlook.com has a HUGE MASTER KEY. Anyone in possession of this master key can read the encrypted HTTPS pages. **All of them**. Every single encrypted web page that has ever been transmitted by outlook.com to millions of former Hotmail users can be decrypted with a single master key. 

Horowitz goes on to explain how to get around it — right now only Google and Bloomberg are the ones that employ the best standards for HTTPS transaction. Apparently Google and Bloomberg want to be the *only* ones that can spy on you.

The above seems in line with this post from [Leonid Bershidsky on PRISM and its effectiveness for fighting terrorism][3]:

> The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, Gmail and iCloud. These are not the services that truly dangerous elements typically use.

Sounds like the “security theater” that the TSA practices — only a lot more expensive and time consuming.

[‘Digby’ has brought to light a federal program][4] I had not heard of. It’s called the “Insider Threat Program” and designed to have government workers spy on each other to make sure that neither is doing something labeled as “treason” like leaking documents (classified or otherwise) to the media.

Which rather comically (if you can ignore how stupid this program is) leads to:

> When the Department of Education is searching for “insider threats” something’s gone very wrong.

Indeed.

So far we have learned that the U.S. has an awful lot of resources spent spying on U.S. Citizens — and Federal employees.

Which is pretty annoying, but not as concerning as this post from [James C. Goodale on how President Obama is doing his best to reduce the first amendment rights][5]:

> Until President Obama came into office, no one thought talking or emailing was not protected by the First Amendment. President Obama wants to criminalize the reporting of national security information. This will stop reporters from asking for information that might be classified. Leaks will stop and so will the free flow of information to the public.

This to me is one of the worst things I have heard about the current White House — this simply shouldn’t be. We are getting closer and closer to *Minority Report*… and that’s not praise.

Lastly, [in a post on Medium][6], Colin Lee claims to have known Edward Snowden from gaming, and makes a salient point:

> When you grant excessive powers even in limited circumstances, it becomes very difficult to take them back or to limit them. This is how many dictatorships came to power throughout history.

It’s like that old saying (as dumb as it may be): “You don’t boil a frog by tossing him in boiling water, instead put him in cold water and slowly bring the pot to boil.”

The proverbial pot looks to be boiling.

[1]: http://www.theatlantic.com/politics/archive/2013/06/2-senators-say-the-nsa-is-still-feeding-us-false-information/277187/
[2]: http://blogs.computerworld.com/encryption/22366/can-nsa-see-through-encrypted-web-pages-maybe-so
[3]: http://www.bloomberg.com/news/2013-06-23/u-s-surveillance-is-not-aimed-at-terrorists.html
[4]: http://digbysblog.blogspot.com/2013/06/this-really-is-big-brother-leak-nobodys.html?m=0
[5]: http://www.nytimes.com/roomfordebate/2013/05/21/obama-the-media-and-national-security/only-nixon-harmed-a-free-press-morehttp://www.nytimes.com/roomfordebate/2013/05/21/obama-the-media-and-national-security/only-nixon-harmed-a-free-press-more
[6]: https://medium.com/surveillance-state/19c2494940d5

A few days ago I was sent [this link to Alexander Hanff’s blog post about DuckDuckGo][1]. In that post he is claiming that DuckDuckGo is a bit hypocritical about their actions versus words in their Privacy Policy.

The bottom line is that a few things seem to have come out of this:

1. DuckDuckGo does not log your searches.
2. DuckDuckGo potentially *could* be compelled to intercept a user’s traffic, but;
3. DuckDuckGo actually doesn’t set cookies to identify users. Now, Hanff did find a cookie, but it appears to be from an third-party help-desk software provider — which has since been removed. That’s certainly a bit of mud of DuckDuckGo’s face, but compared to other sites I don’t see it as a big deal.

Basically if DuckDuckGo were compelled by legal action they would have very little (if anything) to turn over, and wouldn’t have a way to target a specific user for intercepts — at least not without the user being able to figure that out. ((I really could be wrong here, but that’s my best understanding.))

I think a lot of people that saw me get this link were expecting me to cut out DuckDuckGo, but I just don’t see the major concern here. I would guess there is a concern if you are a terrorist, potentially, but for the average nerd? What’s the problem? None that I can see.

At the end of the day, this statement from the CEO and Founder of DuckDuckGo, Gabriel Weinberg, [says everything I need to know][2]:

> In short, when you search on DuckDuckGo you are anonymous. That’s why it says search anonymously on our homepage. We stand by that statement wholeheartedly.

With any internet company it comes down to trust. Do you trust the people running the company? DuckDuckGo has garnered a large part of their user base by being anonymous and more specifically *not* Google — if they were found to be lying the company would die overnight. From what I can see, there were honest mistakes made, but nothing else of note.

[1]: http://www.alexanderhanff.com/duckduckgone
[2]: https://duck.co/topic/we-have-to-talk-about-ddgs-honesty

[Dan Goodin for Ars Technica reported][1]:

> And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the [Tor Project][2]—”will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person’s communications give rise to a reasonable belief that such person is a United States person,” the secret document stated.

Basically, if you are encrypting things the NSA can’t determine you are not a terrorist and therefore can save and try to break into all data they can get their hands on. It’s really no different than if you close your window blinds, the police can then attempt to break into your home and look through your stuff — oh wait — they *can’t* do that.

[Mathew J. Schwartz for InformationWeek adds][3]:

> In the event of an emergency, meanwhile, NSA analysts are allowed to throw the guidelines out the window. “If NSA determines that it must take action in apparent departure from these minimization procedures to protect against an immediate threat to human life force protection or hostage situations and that it is not feasible to obtain a timely modification of these procedures, NSA may take such action,” according to the guidelines. That said, NSA is then required to report its actions to the Office of the Director of National Intelligence as well and to the Department of Justice, which is then charged with notifying FISA.

Basically these secret courts have given NSA analysts carte blanche to do what ever the hell they want to. Stupid.

I guess the only thing to do is add a location flag to encrypted data that says: “Property of a U.S. Citizen, fuck off.”

[1]: http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/
[2]: https://www.torproject.org/
[3]: http://www.informationweek.com/security/government/want-nsa-attention-use-encrypted-communi/240157089?google_editors_picks=true

Reader Jonathan P. wrote in to ask about getting started with encryption: Specifically he wanted to know what data one should consider encrypting first. The answer depends on who you are. For the purpose of this post, I will assume you are a typical Mac geek with a job that does not deal with highly sensitive information.

In our hypothetical case, we should start by encrypting data to protect against crimes of opportunity (think people trying to sniff data from open networks, or swipe your computer), rather than attempting to prevent an attack specifically targeted at you (think CIA/FBI/NSA investigation, or a hacker that wants to mess with you like in the case of Mat Honan).

In the latter case — an attack directed at you, specifically — you need to encrypt just about everything possible, but for the former (more likely) case, I recommend encrypting everything that can be encrypted easily, and with the least hassle.

The basic things to encrypt are: all of your HDDs/SSDs, your internet connection (when on a public network), your passwords, and any financial information you keep on your Mac.

Your overarching thought should be: “I need to be more secure than the guy next to me.” For most people the concern is not the NSA (thankfully), but the sketchy guy in the corner of Starbucks trying to sniff passwords to your digital life. That guy is (hopefully) going to give up on you if your setup is harder to get into than anybody else in Starbucks. That’s the goal here; not 100% secure but more secure than most.

If you’re wondering how to be more secure than the average Starbucks customer, and reduce the likelihood of being targeted by an opportunist, read on…

HDDs and SSDs

Luckily Apple makes this dead simple with FileVault 2. Unlike its predecessor, FileVault 2 is stable, secure, and minimally invasive. The biggest change most users will notice is that you must type your password when you restart, start, or lock your Mac. Power users may notice a slight drop in read/write performance, but I can tell you I have been using FileVault 2 since day one and I’ve never been bothered by anything speed related.

If you have a portable Mac, I think you’re crazy not to activate FileVault 2 given its simplicity and ease of use. There are, however, a couple of other things you should know:

1. PGP Whole Disk encryption is just about as good as it gets, but you take a serious performance hit.
2. You can, and very much should, encrypt any external drive that you use. Especially backup drives. What good is an encrypted disk if most of your data isn’t living on the encrypted disk? FileVault 2 can encrypt those disks for you too.

Note that in Apple’s installation guide for FileVault 2 you have the option of storing a key with Apple so that you can recover your password if you lose it. This is, needless to say, a less secure method as it essentially allows the Government access if they compel Apple to turn over the key: Unlikely as an attack vector for our hypothetical scenario, but still a threat. The trade off is: less secure but recoverable, versus more secure but not recoverable. For most users, the former is the better option and unless your primary concern is the U.S. Government you’re probably fine storing the key with Apple. But keep an eye on Apple’s security policies and evaluate the precautions they take to secure your key against unauthorized access.

Personally, I chose not to let Apple store my key.

Your Internet Connection

The second most important thing to secure on your computer is the information you send and receive over the Internet. This information, if not encrypted, can easily be swiped by malicious individuals on open networks. (Think: Starbucks, hotels, conferences.) This data is a very easy thing to secure with a Virtual Private Network (VPN).

Services like Cloak, make setting up and using a secure VPN trivial for Mac users. What’s great about Cloak is that it automatically activates itself if it detects you using an unsecured network. That’s great, but you still need to be aware of larger public networks that are “secured” via WPA or WEP but accessible to people you don’t necessarily trust. Cloak is cheap and also works with iOS. At $1.99 a month it’s almost a no-brainer.

For the more technical minded you can create your own secure VPN using Amazon EC2, or your own Mac mini (my solution).

Either way, if you’re accessing the Internet via a network you don’t control it’s a really good idea to encrypt your traffic using a VPN.

There is of course an alternative: tethering. While tethering on a cell network is not the most secure thing, remember that the goal for the average user is just to be harder to hack than the average person. At the very least choose to use your iPhone/iPad to tether instead of connecting to an insecure public network without a VPN. This way the opportunist hacker won’t be on the same WiFi network as you.

Note from James: If you choose to use tethering via an iOS device, be sure to choose your own WPA key, as the automatically generated keys are susceptible to cracking.

Passwords

Ok, so this is where I should advise you to use strong, unique passwords for every site and get yourself a copy of 1Password. Except that’s not really my advice. There’s a couple of issues that aren’t specifically encryption, but that I think are worth going over.

Different Passwords, Different Sites

I first want to address the common badge of honor worn by nerds that they have a different, incredibly complex, password for every site. ((Truly if this is your argument your username should also be random.)) That’s great until you lose the app, and the data for the app that housed your passwords. Then you are hosed. The argument for this technique is that if any one site compromises your password, the rest of your sites are secure.

The argument for strong, unique, passwords is valid and very smart. My problem with this advice is that sometimes bad things happen to your data. So let’s pick on 1Password for a moment, because the only way to actually have unique and strong passwords is to have the world’s best memory, or to use a password manager.

Let’s say that my computer and all of my iOS devices are stolen. Let’s also assume that my Dropbox account was compromised. Now my 1Password database is gone, inaccessible to me, perhaps deleted by the hackers.

Let’s say I want to get into my email account. How do I do that? The password was strong and random and I didn’t remember it by heart. It was stored in 1Password, which is now gone. I can try ‘forgot my password’, but that sends an email to my backup email, which I also don’t know the password to. I’ll have to get a real human on the phone (good luck if you use Gmail) and try to convince them that this is my email, and that I am not actually a hacker.

Because there is a set of accounts that you will need access to if everything goes tits up, you should have a core set of strong passwords, perhaps unique, that you can commit to memory.

Additionally I have concerns with syncing 1Password data over Dropbox, but that’s a post for another day.

My advice is to get a password manager and to use unique, strong passwords for most, but not all, websites. Think about the sites you would be totally lost without access to (if that includes Facebook, never read my site again) and use memorable passwords that are still strong.

If you want to read more about what makes a good, strong password, I recommend this Ars Technica article.

Financial Data

This one is simple. Go to Disk Utility, create a new secure Disk Image, using 256-bit AES as the encryption. Store all your financial data in it — feel free to sync that DMG across Dropbox. If your Mac is encrypted, you can even remember the DMG password in Keychain and rest reasonably comfortably at night. ((This is probably one of those passwords that you want to know by heart though.))

Email, Texts, IM, Phone Calls

Short version: don’t worry about them.

Longer version: it’s possible, but incredibly cumbersome to encrypt this data and requires both sender and recipient to have encryption setup. Essentially you can’t just encrypt an email, one way, as both parties need to be able to deal with the encrypted data. The tools exist but they’re generally unfriendly to install and use.

If encrypted personal communication is really important to you, it seems that a good, user friendly solution is Silent Circle. They have a great FAQ explaining how their encrypted emails work (not secure enough for talking to Snowden I would guess, unless you set up PGP on your Mac as well. Actually their email encryption is the most confusing part of the service to me so I am not sure how this compares to a self-made PGP solution).

I’ve been using Silent Circle. It works well and is generally easy going. The apps are rather ugly, but you aren’t paying for a great user interface experience, you’re paying for encryption. For a more in-depth look at the best options for encrypted communications, this article is a good place to start.

In The End

When you are evaluating how to secure your digital life, the most important thing is to determine what you are most paranoid about. Is it the NSA? Or Bob, the hacker that loves venti Macchiatos and reading your Twitter DMs?

[Jonathan Poritsky,][1] responding to [my Kickstarter post][2], quotes this section from the Kickstarter [apology][3]:

> …we are prohibiting “seduction guides,” or anything similar, effective immediately. This material encourages misogynistic behavior and is inconsistent with our mission of funding creative works. These things do not belong on Kickstarter.

Poritsky follows up with:

> This is not the stuff of a non-apology. This is actual change; a real preventative measure.

This “change” that Kickstarter promises feels like the exact kind of “change” we would see the TSA make. “Oh crap someone used water bottles to smuggle in explosives, OK guys no more water bottles unless you paid $10 for them or they are under 3oz.”

Its “change” is reactionary and punitive to others. It doesn’t change the real problem, which is that Kickstarter had/has no mechanism for pausing a project, so that a proper investigation may be done. A blanket rule against “seduction guides” doesn’t stop or solve the problem. It’s an overreaction.

[1]: http://www.candlerblog.com/2013/06/22/kickstarters-apology/
[2]: https://brooksreview.net/2013/06/good-for-nothing-chickenshits/
[3]: http://www.kickstarter.com/blog/we-were-wrong

Today Kickstarter offered a [full apology](http://www.kickstarter.com/blog/we-were-wrong) for helping fund a manual on sexual assault, saying:

> Let us be 100% clear: Content promoting or glorifying violence against women or anyone else has always been prohibited from Kickstarter. If a project page contains hateful or abusive material we don’t approve it in the first place. If we had seen this material when the project was submitted to Kickstarter (we didn’t), it never would have been approved. Kickstarter is committed to a culture of respect.

That’s great, and a lot of [people](http://daringfireball.net/linked/2013/06/21/kickstarter) have applauded it. I call bullshit.

The excuses, I mean rationale, that Kickstarter offered was that they only had a couple hours to act, and that their bias towards the creators of projects blinded them into inaction.

This is what I call bullshit on, [given their response here](http://caseymalone.com/post/53394156872/hey-everyone-if-youre-here-its-probablye):

> This morning, material that a project creator posted on Reddit earlier this year was brought to our and the public’s attention just hours before the project’s deadline. Some of this material is abhorrent and inconsistent with our values as people and as an organization. Based on our current guidelines, however, the material on Reddit did not warrant the irreversible action of canceling the project.

Kickstarter has owned the fact that the content is “abhorrent” and that they knew this before the project was funded. Yet the project was still funded because, oohhhh, only *hours* to cancel it. Jesus Christ, give me a break.

They were chicken shits and allowed the funding to go through, while knowing it was wrong. Then the story got too big and they coughed up $25k to a great charity, but still allowed a manual on sexual assault to be funded. They have to live with that, I won’t ever fund a project, or promote one, on Kickstarter again.

The trust was broken.

[John Cusack][1] (yes *that* John Cusack) for Boing Boing:

> The Snowden Principle, and that fire that inspired him to take unimaginable risks, is fundamentally about fostering an informed and engaged public. The Constitution embraces that idea. Mr. Snowden says his motivation was to expose crimes -spark a debate, and let the public know of secret policies he could not in good conscience ignore – whether you agree with his tactics or not, that debate has begun. Now, we are faced with a choice, we can embrace the debate or we can try to shut the debate down and maintain the status quo.

There needs to be an open debate about this, at the very least, if you agree — [join up][2].

[1]: http://boingboing.net/2013/06/17/the-snowden-principle.html
[2]: https://optin.stopwatching.us