Liz Denys

Tracy Jenkins's For Like Ever poster is an iconic piece of "the millenial aesthetic." I've made a new poster inspired by For Like Ever and the current need for social distance:

The texture in the clouds below the text is made up of no symbols and small x's:

I've made an A4 paper, 300 DPI version of the Cancel Like Everything poster available for printing. The Cancel Like Everything poster is licensed under the Creative Commons - Attribution-NonCommercial-ShareAlike 4.0 International license, so you can print, adapt, and share it for any non-commercial purposes. By the way, I consider non-commercial purposes to include selling prints either at cost or with 100% of the profits going to COVID-19 relief.

I've never been to Sqirl, but ever since I ordered their puffed millet 'nola on a whim, I've been obsessed. All I want for breakfast these days is a bowl of this granola with some plain yogurt. UPDATE: I no longer order from Sqirl after hearing about their jam mold and the deeper problems #moldgate revealed about Koslow and Sqirl - especially the generally unsafe working conditions and flippant attitude towards the community and places that made up the Virgil Village neighborhood of LA before Sqirl moved in.

As it turns out, it's the second version of their turmeric-spiced puffed millet 'nola, and Sqirl's Jessica Koslow posted the recipe for their first version, which contains nuts and uses different sweeteners, on Instagram a few years ago. The humble but mighty millet 'nola has since made its way around the internet. I've never had the previous version, but between looking at the current ingredient lists alongside the recipe for the previous version, I figured I could come up with something close to the new version. UPDATE: There was no attribution on this recipe in Koslow's post, which implies that she created it, but given everything that came out after #moldgate, I can't be sure who created this recipe.

Instead of using a base of just puffed millet, I also use puffed quinoa because quinoa is a complete protein. I include pumpkin seeds along with sunflower seeds because I love them both. Instead of adding glucose to my pantry, I chose to make the liquid part like one does for Eleven Madison Park's granola recipe, another granola I adore. The ratio of liquid to dry ingredients is a tad lower here than in EMP's granola as there are 4 teaspoons fewer dry ingredients, but the puffed grains don't seem to want as much syrup as denser oats do.

Puffed millet and qui'nola

Ingredients

• 1/2 cup dark brown sugar
• 1/3 cup maple syrup, preferably dark color
• 1/3 cup extra virgin olive oil
• 1 1/2 teaspoons turmeric powder (I used Diaspora Co's excellent turmeric powder.)
• 1/2 teaspoon ground cardamom
• 1 1/2 teaspoons Diamond Crystal kosher salt (You can use other brands, but know that Diamond Crystal is less dense than other kosher salts.)
• 1/2 teaspoon baking soda, optional (if you want to caramelize the brown sugar)
• 2 cups puffed millet
• 2 cups puffed quinoa
• 1/3 cup raw sunflower seeds
• 1/3 cup raw pumpkin seeds
• 1/4 cup white sesame seeds
• 2 tablespoons brown flax seeds
• 1 cup freeze-dried fruit of your choice (I used a mix of strawberries, blueberries, and raspberries because that's what I found most easily, but I'm excited to use some blackberries and cranberries the next time I make this!)

Preparation

1. Preheat the oven to 325 degrees Fahrenheit. Line a half-sheet jelly roll pan or two quarter-sheet jelly roll pans with tin foil.
2. In a large stockpot (doesn't need to be huge, I used a 5 1/2-quart pot) set over low heat, stir and warm the brown sugar, maple syrup, and olive oil until the sugar dissolves.
3. Add turmeric, cardamom, and kosher salt. Stir until combined and bubbles. If you want to make a deeper caramel coating, let bubble a bit, add baking soda, and stir until combined. Remove from heat.
4. Add puffed millet, puffed quinoa, sunflower seeds, pumpkin seeds, sesame seeds, and flax seeds to the stockpot. Stir until everything is well coated.
5. Spread granola onto the jelly roll pan(s). Bake for 15 minutes, stirring once halfway through. Remove granola from the oven and let it cool completely (about 30 minutes).
6. Add freeze-dried fruit to granola (or just top granola with freeze-dried fruit when you eat it). Transfer to an airtight storage container.

Yields about 6 cups of granola. Total preparation time is about 55 minutes: 25 minutes of active preparation time plus 30 minutes for the granola to cool.

Popular Twitter parody account @BabyYodaBaby is currently suspended for "platform manipulation and spam" according to their Instagram. Twitter's policy on platform manipulation and spam allows for "using Twitter pseudonymously or as a parody, commentary, or fan account," as @BabyYodaBaby is doing. This is the second time @BabyYodaBaby has been suspended, and they've mentioned they've appealed the decision. However, despite being an extremely popular account with over 200,000 followers, they've stayed suspended for a week.

First, a brief (unrelated) tale of a Twitter suspension

Last December, I created a new Twitter account for a festive holiday birb, @BeakMidwinter, to test whether or not you could create a Twitter account without giving Twitter a phone number. Beak Midwinter is a fictional persona I created for a delightful holiday bird decoration to spread general winter joy and also likely falls into the broad "parody account" category. When you create an account, you can either use an email address or a phone number, and I opted to use an email address. After creating the account, I immediately added basic profile information, a first tweet which I then pinned, and set up two-factor authentication via both an authenticator app and a security key. Beak followed a few accounts, and some of those accounts, not just me, followed them back. Their first tweet was liked. All in all, @BeakMidwinter started off like many other accounts - parody or real person - would.

Within an hour of creating the account, @BeakMidwinter was "temporarily restricted," and Twitter gave no reason behind this action. When I logged in, I was greeted by text telling me "what happened":

In order to make sure Twitter is as safe as possible, sometimes - like now - you may be asked to confirm you're not a robot. Easy, right? Just complete the following to get back to the Tweets … Verify your phone number.

I couldn't find anything @BeakMidwinter did in violation of the associated Twitter Rules or Twitter Terms of Service. When I tried to log into @BeakMidwinter's account, I was told I could remove the restrictions by adding a phone number, just as the help pages implied. I wasn't going to do this because I didn't want Twitter to be able to trivially link this account to my phone number's advertising profile. Plus, Twitter has a bad track record of using phone numbers that we're given for security purposes, which makes me even more suspicious of giving the company my phone number.

A few weeks later, @BeakMidwinter's temporary restriction changed to a suspension: they didn't give a reason, but I suspect it happened automatically because I didn't add a phone number to the account. I appealed the decision, stating the following as the description of the problem:

My account was banned simply because I did not want to add a phone number, which can be used for marketing purposes. This account is an account made by a real person in order to spread holiday joy through the fictional persona of a delightful felt bird who sports a decorated tree costume. I have searched the Twitter support pages extensively, especially https://help.twitter.com/en/rules-and-policies/twitter-rules, and found nothing that would ban this account. This bird persona is not impersonating anyone or manipulating the platform, just attempting to spread holiday cheer.

I revealed myself, "Liz Denys, the human behind @BeakMidwinter," in the full name field and did not fill in the part of the form that (optionally) asks for a phone number. Twitter sent an email to the email on @BeakMidwinter's account requesting I "reply to this message and confirm that you have access to this email address," and I did. Twelve hours later, Twitter removed @BeakMidwinter's suspension, and the festive birb has been tweeting good winter vibes ever since.

So, you might wonder, what does a little account like @BeakMidwinter have to do with @BabyYodaBaby?

It's not clear that @BeakMidwinter was suspended for any reason other than Twitter testing how far the account would be willing to go to avoid giving the company a phone number, but if there was any section of the rules that Twitter could argue my little festive birb parody account was violating, it is the "platform manipulation and spam" section.

I'm not an expert on account policies, but some very normal Twitter behaviors are only protected through exceptions. Anyone who has a separate account for their business, organization, or project runs the risk that they "artificially amplify or disrupt conversations through the use of multiple accounts" through "coordination," save the exception for "operating multiple accounts with distinct identities, purposes, or use cases," which explicitly calls out organizations, hobbies, initiatives, and pseudonymous alt accounts. Even "engaging (Retweets, Likes, mentions, Twitter Poll votes) repeatedly with the same Tweets or accounts from multiple accounts that you operate" counts as "coordination," even though it's natural to like your project's tweets. (I already don't "like" tweets on my main Twitter account for other reasons, mainly because Twitter doesn't store like data in a way that I control, but it turns out this choice helps protect my accounts from being penalized for "coordination," too.)

This all assumes @TwitterSupport applies their rules carefully and fairly. Based on my experiences and reading those of others, suspensions happen without warning, and you are then at the mercy of Twitter Support understanding and agreeing with your appeal. Even putting Twitter's mishandling of suspensions of marginalized people aside for a moment - something very important and worth discussing - it's baffling to me that my barely active, tiny festive birb can overturn their suspension while @BabyYodaBaby, a wildly popular account that actually drives some traffic to Twitter, has been suspended without anything besides being told their account is used for "platform manipulation and spam."

One possible Twitter future

Twitter co-founder Jack Dorsey has recently stated a desire to decentralize the platform, which sounds a lot like Mastodon's Fediverse to me:

Twitter is funding a small independent team of up to five open source architects, engineers, and designers to develop an open and decentralized standard for social media. The goal is for Twitter to ultimately be a client of this standard. 🧵

— jack 🌍🌏🌎 (@jack) December 11, 2019

I have a sinking suspicion that a decentralized future for Twitter might start by removing the exceptions in their platform manipulation and spam policy. Maybe first, we'll lose harmless bots, such as those broadcasting information about the weather or code commits, because they will be relegated to their own separate site with its own set of rules. I won't be surprised if "parody accounts" follow. Then, separate instances for projects and organizations. (Maybe also, businesses, though ads from whatever Twitter instance is created for brands will be shown across instances.) Next, pseudonymous accounts, including accounts incorrectly marked as such.

I'm not going to say every account on Twitter is intrinsically valuable, but I've found value across all these very different types of accounts. Verified accounts already, fairly arbitrarily, make some of us second class citizens. I'm not intrinsically opposed to decentralization - people should have options, and I'd certainly rather be on a platform that penalizes accounts that engage in hate speech instead of accounts calling those people out - but decentralizing an established platform will require a level of care that Twitter hasn't shown on its existing, singular platform.

A new episode of Loose Leaf Security is out to remind you to cover your webcams when you aren't using them, and it features my favorite episode art yet:

Covering your webcams

Liz and Geoffrey take a look at how attackers compromise webcams and discuss why it's worth physically covering them. Malware and alleged threats of malware are only some of the avenues attackers take to access other people's webcams; vulnerabilities in legitimate software, like the recent Zoom security flaw, can also be exploited. Additionally, sharing ownership of your devices with another party like your school district or workplace may leave you and your webcams exposed. In the news, the FTC fines Facebook, weaknesses in Apple's iMessage and Visual Voicemail, and U2F support added to Firefox for Android.

Head over to Loose Leaf Security or click the link above for the full audio and our detailed show notes.

Loose Leaf Security's new articles section and newsletter

In addition to podcast episodes, we'll also be covering some security- and privacy-related topics in blog-style articles, where we can go into more detail than we could in an episode and write for multiple audiences, where appropriate. Our first article is already up: Instagram 'Unusual Login Attempt' verification loop failures.

Geoffrey and I are also starting to compile a weekly newsletter for Loose Leaf Security that will include short summaries of interesting security news as well links to any new Loose Leaf Security content. You can sign up here.

As always, you can subscribe to Loose Leaf Security in your favorite podcatcher and follow the project on Twitter, Instagram, and Facebook.

Three more episodes of Loose Leaf Security are out, a series about authentication and password managers:

Using a password manager effectively

In a deeper exploration of password manager browser extensions and features for sharing as well as a survey of alternatives to password managers, Liz and Geoffrey go back to the topic of Loose Leaf Security's very first episode and discuss how password managers keep them safe in practice. In the news, a research firm makes dramatic claims about password manager security, and Facebook expands data tracking in worrisome ways.

Two-factor tidying

With a wide variety of possible two-factor authentication methods, it's difficult to keep track of which ones you're using - and which ones you could be using. Liz and Geoffrey talk about their personal strategies and how to handle difficult cases like custom authenticator apps. In recent news, there's improvements to using security keys with Google accounts and some surprises with automatic updates.

Password managers: how they should work and when they didn't

Liz and Geoffrey discuss password manager extensions in depth: everything from how they keep your passwords safe from malicious websites to how they sync your passwords between your devices to how they've made mistakes in the past. If you haven't picked a password manager yet, this hard look into the security records of popular password managers sheds light on which companies have earned your trust, but even if you're a long-time password manager user, knowing about their usual pitfalls helps keep you safe from potential future issues. Also, the new iOS 13 has a variety of security implications, and Firefox and Chrome change third-party cookie settings.

Head over to Loose Leaf Security or click the links above for the full audio and our detailed show notes. As always, you can subscribe to Loose Leaf Security in your favorite podcatcher and follow the project on Twitter, Instagram, and Facebook.