Some things you should do if you value your privacy online:
Stop using FB Messenger, start using Signal: Facebook is a data-mining, advertising company with (some say) ties to the CIA. Stop communicating though Facebook or Google, or SMS. It’s not private. Use Signal or at least use the secret messaging function of FB Messenger which you can choose to enable when starting a new conversation.
Stop using GMail, start using your own domain email: GMail, Hotmail, etc. all read your mail to advertise and build a profile on you. That’s not a good tradeoff for providing email service. Get email on your own domain from Hover, Fastmail, or ProtonMail or use iCloud instead (if you use Apple products). Bonus points if you learn about and use PGP for really important communication.
Stop using Google, start using DuckDuckGo: Again with the profiling. You search, Google profiles you. Everything you search for, they know about. If you are okay with that, then you should have your head examined. Use DuckDuckGo instead. The search results are just as good, and they don’t track you. Ever.
“Did you Google it?” That’s a question that pretty much everyone would be able to understand and answer. To most people, that question means, “Did you search for the answer to your question online using Google search?”
Google offers a great search engine, and maybe even something akin to a general knowledge engine that can answer questions like, “how tall is Obama”, or “what time is the ballgame tonight?”
Trading your privacy for search answers
But the trade-off for users of Google is that Google takes all that data you feed into it and creates a profile of you that it then uses to push ads at you. It’s not just the Google search engine that feeds that data-eating monster either. Your email (if you use Gmail), your web browsing history (if you use Chrome) and a whole host of other things contribute to the creation of that profile.
Google knows where you are if you use an Android phone, or navigate with Waze or Google Maps. They know what music you like and what movies you watch. They know if you are sick because you search for information on symptoms. They know if you are in a relationship or have a family because they see different users from the same IP using different accounts.
That’s just the tip of the iceberg. Suffice to say, they know a ton about you. And maybe you are fine with that…or maybe not.
I’m not fine with that, and I try to avoid using Google services whenever possible to prevent Google from assembling that profile of me.
Google alternatives
There are a bunch of different services you can use that aren’t Google. Apple’s iCloud email is great and ad-free and Apple doesn’t scan your email to know how to advertise to you. Or you can get your own ad-free, private email at your own domain name through services like Hover.com (where I work).
But search is a tough one. Google search is fantastic and over the years, there haven’t been many search providers than can match Google’s search.
DuckDuckGo search
DuckDuckGo is now at a point where it’s right there with Google for 99% of the searches I do, including images and even news. When DuckDuckGo comes up short, it’s easy to re-do the search using Google Search, right from DuckDuckGo.
Additionally, most of the major browsers will now allow you to choose DuckDuckGo as the default search, including using it for the instant search dropdowns from the URL bar. Safari even automatically switches to DuckDuckGo when you enter private browsing mode.
DuckDuckGo has a few advanced features that Google doesn’t have, including what DuckDuckGo calls “bangs”. These are special searches that you can start by using a “!” and a keyword.
For example, you can search on Google from DuckDuckGo by starting your search with !g and then the search terms and it’ll open up Google and do your search there.
A full list of “bangs” is here. I often use !g for a fallback to Google Search, !maps for location searches and even !hover to do a domain search at Hover.com.
DuckDuckGo also provides “instant answers” for common searches like “15 inches in cm” or “24.99USD in CAD“. These give you the answer right up front without requiring you to click through to a website. In my experience, DuckDuckGo does a great job with these “instant answers”, often providing them in situations where I wouldn’t expect them to exist (like PayPal error codes).
We don’t track you
Or course, the most important part of DuckDuckGo is that they don’t track you. In other words, your searches aren’t tracked, and stored to build up a profile of you. Their policy in a nutshell is simple and succinct: “DuckDuckGo does not collect or share personal information.”
You can read the full text here and get a better understanding of why not tracking you is important and why you should care.
Once you’ve done that, switch over to DuckDuckGo as your default search engine for a week or two. I bet that you won’t notice much of a difference compared to Google.
Encryption is something we should all be using, but it’s still too hard for the average person to understand.
Apps like Signal from Open Whisper Systems are great for basic chat where you can be sure nobody will be able to intercept and read your messages. Even iMessages are pretty well protected from prying eyes. But encrypting email and sharing files between two or more people in a secure and private manner is still really tricky to setup and use and because of that, it’s not all that common.
How many people do you know that you can send a PGP encrypted email to? How many people do you know who have even heard of PGP encrypted email?
Why does this matter?
Maybe you are in the “I’ve got nothing to hide” camp. Sure…you might think that is the case, but I’m willing to bet that you actually have plenty to hide. Criminals aren’t the only people who might want to keep things private or secret. Does your company have secrets that you wouldn’t want competitors or even your own customers knowing about?
Keybase.io website feels approachable and friendly, even to non-techie people.Perhaps you want to be able to send your credit card or banking details to your spouse in a secure way. Or maybe your doctor will want to send your latest test results to you (and only you). With encryption, you can be sure that the contents of the email can only be read by you, even if someone else accesses your data.
Look at the recent hacks of the Democratic National Committee and John Podesta that ended up on Wikileaks. Had the DNC and Clinton used PGP encryption, whoever got their hands on those emails wouldn’t have been able to read them. No embarrassing opinions about other people in the open and no media to deal with.
You’d think someone like a US Secretary of State who was using a private email server would have been smart enough to require anyone who communicated with her to do so with PGP encryption…she could have saved herself a lot of trouble!
Be smarter than she was.
Enter Keybase.io
Keybase is a relatively new website and service that aims to put PGP encryption into the hands of more people. It combines easier ways to encrypt, decrypt and digitally sign messages with a really interesting idea around identity validation. As they say, “Keybase maps your identity to your public keys, and vice versa”.
Previous to Keybase coming along, it was the case that someone could look at this website and say that it was “probably” the same person as @jameskoole on Twitter.
With Keybase, the idea of “probably” the same person becomes “provably” the same person. How does it work? Like this:
If I can post a tweet to my Twitter account, then that’s me. So Keybase gave me a very specific text to tweet and they they checked for it. Similarly, if I control the DNS entries on my domain name, then it stands to reason I could put a very specific TXT record in place that they can check for. If you dig the DNS on jameskoole.com, you’ll see a TXT record that serves as my Keybase verification.
Here’s my Twitter “proof”, for example:
Verifying myself: I am jameskoole on Keybase.io. m1Twre81pYtkmsHYeLtWiRkpcP5SviU9rA8t / https://t.co/9IzQQz5LJQ
You can look at my Keybase profile to see the various identities that are “provably” me.
Encryption tools
The next big piece of the puzzle is for Keybase to provide ways to sign, encrypt and decrypt messages sent to me by others who wish to contact me securely and privately.
PGP is the key here (pun intended). OpenPGP is an open source, well-known encryption protocol that works by way of a public/private key pair. A message to me can be encrypted with my public PGP key. Once encrypted, the only thing that can decrypt that message is my private PGP key.
On Keybase, anyone can get and use my public key to create an encrypted message that only someone with my private key (in other words, only me) will be able to view. And I can do the same with anyone else on Keybase.
The idea of a PGP public key server isn’t new. But what is new is that Keybase allows users to link their online identities to those keys. So I can look someone up on Keybase by their Twitter handle and send them an encrypted message, knowing that I am sending it to the right person.
Keybase Filesystem
Encrypted Messages are great, but what if you want to send data like a text file, or a picture or a Word document. Keybase Filesystem (KBFS) extends Keybase and creates something like a secure, PGP-signed or PGP-encrypted Dropbox sharing service. You can see my public Keybase folder here which contains files that are automatically signed by me so you know that they come from me.
With KBFS, I can share things like passwords with others on my team at work as easily as dropping a text file into a folder. I can share files with anyone on Keybase, and those files are automatically signed (so people know they are from me), and encrypted (so only they can open and read/view them).
A lot more work to do
Is Keybase easy enough for anyone to understand and use? No. Not yet. But with a little effort and learning, I think anyone can get set up on Keybase and start messaging and sharing securely. If you don’t have a PGP key yet, Keybase will help you create one. If you already have a PGP key, then you can use that with Keybase.
Even if you don’t know how any of this works, you can send me an encrypted message. Give it a try! Go here, and enter my username (jameskoole) in the recipient box. Type your message in the Message to encrypt box and click encrypt!
You’ll see something like the text below, which is a secret message that only I can read because it’s encrypted with my public key and can only be decrypted with my private key which only I have. And because it’s just text, you can email it to me like any other email, except nobody else will be able to read it, even if they hack into my email or tap into the network along the way.
I’d really encourage everyone to check out and sign up for Keybase. Maybe you know a bit about encryption, or maybe not. Use this as an excuse to get educated. This stuff really matters and as time goes by, it’s going to matter more and more.
Keybase is a service that deserves to exist and that makes acquiring using encryption technology much simpler.
For a deeper explanation of the KBFS, there’s a good explanation here that spells it how it works better than I can.
Keybase is currently available via invites only, but I’ve got a bunch. Drop me a line in the comments, or hit me up on Twitter and I will get one out to you.
Aside from getting hours a week to think while out running, there are some shared lessons to learn between being a marathon runner and product manager.
Here’s a few that I came up with (while out on a run, naturally):
It’s about having a long-term goal and a plan to achieve it — training for a marathon takes months. You map out a schedule with various runs, and your gradually build until race day. As a PM, the product roadmap is your guide and you plan out a strategy to get you there over the course of many sprints.
It’s about collecting and analyzing the right data — cadence, pace, heart rate, effort, what I ate, how I felt…it all goes into painting a picture of where I’m at, where I need to work and whether I’m improving. On the PM side the same holds true. Collecting and analyzing the right data gives insights into where to work on the product, and whether what we released had the intended effect or not.
It’s about taking thousands of small steps — when it comes to the marathon, you can’t go into it thinking about all 42.2 kilometres. You break down the training into weeks and days, and the race into kilometres and even steps. As a PM, you need to focus on getting from here to there, but not all at once. Iterate, take small steps, learn and repeat. Keep it moving.
It’s about learning from those around you and sharing what you’ve learned — I talk to running friends and learn from their experiences to grow as a runner. I share my experiences with others to help them grow too. It’s a community. As a PM, I learn from other product managers and study other products to learn things to apply to my own product. I share what I’ve learned with others to help them do the same. It’s a community.
It’s about highs and lows, and celebrating the good while learning from the bad — you have good runs, and you have bad runs. Some races it all comes together. Other races…not so much. As a PM, some releases are a reason to celebrate while others leave you scrambling to understand how you got it so wrong. In both cases, you learn from it and move forward.
Midway through the BMO Vancouver MarathonI’ve been a runner since 2008, and a marathoner since 2010. I consider myself a veteran marathoner now after eight full marathons and two ultras. I learned a lot in my first few years as a runner, going from running for about 20 minutes at a time to running a 50km ultra marathon in five hours and 18 minutes.
I’m a relative rookie as a PM, only taking the job at Hover in the summer of 2013. Similarly, the first few years as a PM have been spent getting my feet under me and building up the skill set to work with our team to make a great product.
In both roles, I still have a ton of learning to do and goals to achieve.
If you are asked a question about the product you manage, there are only two answers that will suffice:
The answer to the question.
“I don’t know, but I’ll find out for you.”
If you aren’t the expert on your product, then you’ve got work to do. There should be very few stumpers when it comes to the ins-and-outs of what your product does, what it’s good for and how to use it.
Count the “I don’t knows”
It’s not the end of the world if someone asks you something and you don’t have the answer at hand. You can’t know it all. But if you find yourself saying, “I don’t know…” a little too frequently, then it’s time to dig in and give yourself an in-depth refresher on just what you are building.
Most importantly, when you don’t know something, make it a priority to get the answer. You owe it to the person who asked (especially if it’s a customer) and you owe it to yourself and your team.
But I just got here!
It’s particularly tough for product managers who didn’t work on the product from the start. It’s not an easy job to get up to speed and become an expert user. But that’s your job.
Photo credit: Christopher SessumsDon’t overlook users when it comes to learning about your product. Watch them use it. Talk to your support team and ask to watch them work.
Once you think you know everything there is to know, go back and learn some more.
Why it matters
It’s hard enough to build a great product with all of the information and experience and knowledge. Having less than the full picture puts you at a huge disadvantage.
Knowing exactly how (and why) things work the way they do gives you the great insight to understand how to make it even better. Seeing where you get frustrated, or watching your users run into roadblocks shows you where you’re coming up short.
When it comes to leading a team, not knowing how things work puts you in a tough spot. It’s a waste of a developer’s time when she or he has to explain that the feature you asked them to build is already there. Support has enough work to do supporting customers…don’t make them spend valuable time on you. Marketing should be able to lean on you to explain how something works and why it matters to your customers.
On Keybase, anyone can get and use my public key to create an encrypted message that only someone with my private key (in other words, only me) will be able to view. And I can do the same with anyone else on Keybase.
