How to Stay Safe Online with Michael Fey from 1Password
Digital Citizen
Episode Notes
On this special bonus episode of the Digital Citizen Podcast, Michael Fey, 1Password’s VP of Engineering, talks to Fastmail CTO Ricardo Signes about a new partnership between Fastmail and 1Password.
EPISODE NOTES
Explore the Masked Email integration, which is available to everyone with both Fastmail and 1Password accounts, and learn how you can protect your online privacy with unique email addresses. Rik and Michael also discuss Internet security, password managers, and secure email. If you want to be more secure online, this is the episode for you.
▶️ Guest Interview - Michael Fey
- Follow Michael Fey on Twitter - @MrRooni
- Learn more about Masked Email
- Get 25 percent off your first year of 1Password Families when you create your account.
- Start your 30 day trial of Fastmail at fastmail.com/signup/1password
🗣️ Discussion Points
- Most places on the internet require you to provide an email and password when you signup. Using the same email address everywhere means that someone who knows your email address knows half of what it takes to access your account.
- Now with Masked Email, you can generate a unique email address in the same way that you generate a unique password. You can easily disable Masked Email addresses if you find they’ve been targeted with spam.
- 1Password is a password manager that makes it easy to store and use strong passwords. Your data is end-to-end encrypted and only you have access – 1Password can’t see what you store in 1Password or which sites you visit.
- Michael Fey’s number one piece of advice for passwords is to not reuse them. Using a different password for every service you signup for will keep you more secure online. Ideally, you shouldn’t even know your password! Let an app like 1Password generate your passwords. If you are using the same password for your shoe store and your bank, your bank details are only as secure as the shoe store’s security.
- Most people do not protect their email addresses and generally use the same one everywhere. When your email address gets leaked, that’s a link in the chain that a hacker can exploit. Even with unique passwords, a single email address can still be a point of weakness from phishing attacks and other exploits.
- Security and privacy go hand-in-hand. Security is about keeping your information safe. Privacy is about keeping your information hidden.
- Making and Managing Masked Email addresses in 1Password will be familiar if you’ve used 1Password before. Keeping your email anonymous is now as easy as generating a strong password, you can create a Masked Email address without ever leaving the sign-up page.
⭐ Takeaways
- Being a good digital citizen involves being nice and kind online, in the same way you would be in person. We all want compassion, respect, and dignity.
- Using a password manager is the easiest way to store and use strong passwords and protect yourself online.
- Having a different email address for each online service you use gives you an extra layer of security, if you’re also using unique passwords for each account. It also protects you by keeping your real email address private from the apps or services that you sign up for.
🔵 Find Us
- Digital Citizen Website
- Check out our blog
- Tweet us @Fastmail
💙 Review Us
If you love this show, please leave us a review on Apple Podcasts or wherever you listen to podcasts. Take our survey to tell us what you think at digitalcitizenshow.com/survey.
Episode Transcript
RICARDO SIGNES: Welcome to our special bonus episode of the Digital Citizen Podcast. I’m Ricardo Signes, the CTO of Fastmail, the email provider of choice for savvy digital citizens everywhere. We have an exciting announcement to share that I can’t wait to get to, but first, if you’ve been tuning in to this season go to digitalcitizenshow.com/survey to tell us what you think. One person who fills out the survey before October 31st, 2021, will receive a year of Fastmail for free.
HELEN HORSTMANN-ALLEN: Yeah, if you have ideas or feedback for our show please take the survey to let us know. It only takes a couple of minutes to complete and like Rik said, one of you will win a free year of Fastmail. We love hearing from you so please do head over to digitalcitizenshow.com/survey and thank you so much. So, Rik introduced himself, but I’m Helen Horstmann-Allen, COO of Fastmail. We make email you can feel good about driven by our values, and one of those values is being a good digital citizen. This episode is really exciting for us because Fastmail and 1Password have just teamed up to launch a really awesome new feature called Masked Email. And, in this episode, we’ll be talking to Michael Fey, the vice president of engineering at 1Password, all about it.
RICARDO SIGNES: I’m really excited for Masked Email and what it means for our users, and I had a great time talking to Michael.
HELEN HORSTMANN-ALLEN: I really enjoyed the conversation you had with him on his show too. It’s been great working with 1Password on this. They’ve been awesome partners, and we’ve gotten to build something really cool with them. Rik, can you tell our listeners more about this new feature, Masked Email?
RICARDO SIGNES: Yeah, so most places on the internet when you have to login, you login with an email address and a password. Using the same email address everywhere means anybody who knows your email address already knows half of what it takes to log you in. And also means that as data about you gets shared, there’s a great way for people to correlate all your data from different places and that’s your email address. We wanted to solve this problem by letting you use a different email address everywhere, and since you’re already storing your unique passwords in your password manager, well, why not store a unique email address too? This is something I’ve been doing for years, I did this by doing a little more work at a couple of different places. I’d make a new address when I was signing up, and I’d make sure my Fastmail rules were set up to file the mail how I wanted. Then, if I had to send mail from it, I’d make sure I got my reply-from address correct. It was a little bit of work, but it was really worth it to me.
HELEN HORSTMANN-ALLEN: Now with Masked Email, generating a unique email address gets made the exact same way as generating a unique password and stored in the same place too. Connecting your Fastmail and 1Password accounts only takes a minute, and you can start generating new Masked Email addresses immediately. We were so thrilled to work on this project with the team at 1Password because of all the things that we jointly think are so important about privacy and your data. Owning your own identity is as important to us as owning your own data. So, of course, you can use Masked Email from your domain too. And if you don’t own a domain, use Fastmail instead. One of the key points for Masked Email for all of us was that it puts you in control. You can easily disable these addresses if you discover it’s now a spam target or it’s been leaked by somebody without affecting the rest of your email or having your primary email address bombarded with junk forever.
RICARDO SIGNES: We were also really excited to work with somebody who cared about open standards. When 1Password and Fastmail started talking about this project we were keen to see that each side of the conversation wanted to be able to use open standards for doing things because we believed in a system where you can use off the shelf tools and where you can interoperate without having to come up with a lot of new solutions that won’t be usable by people in the future potentially. For example, when we wanted to allow 1Password to talk to Fastmail it was obvious to everybody that we should just use OAuth, the open standard design for doing that. And we also knew that both sides of this conversation cared about making sure that everything respected the user’s privacy by default. We didn’t have to worry about 1Password taking data from Fastmail customers and using it for something weird because we understood very clearly that’s not what 1Password does, it’s not what Fastmail does, and we could both trust each other on this front.
HELEN HORSTMANN-ALLEN: Rik, I know you talked more about Masked Email with Michael, but what other topics did you both cover?
RICARDO SIGNES: Oh, we talked about a lot of stuff. We talked about his best advice for creating strong passwords, we talked about privacy and security and why they matter and also how they’re different because they’re closely related concepts but not actually the same thing. We talked as usual about what people can do to keep themselves safe online, and if you listen to the end of the episode you’ll get some takeaways about what we think you can do to be a better digital citizen based on this conversation with Michael. You can also read those takeaways on our website at fastmail.com/digitalcitizen.
RICARDO SIGNES: So Michael, you’re the Vice President of Engineering at 1Password. Now, I know 1Password, and I’m guessing that most people who listen to the podcast know 1Password, but when you meet somebody who doesn’t know 1Password, what do you tell them 1Password is or does?
MICHAEL FEY: This is funny. 1Password was a very small company to start, and so as we grew we hired marketing and salespeople. And I remember being in a workshop with one of our marketing and salespeople and having her just workshop with me the answer to this question which is, 1Password is a password manager that keeps you safe online. And then if I have more than that, what I say to people is, “all right, a lot of people use the same password for everything or like some variation of the same password,” people usually nod, like “yes, I do that.” And then I say, “and that’s terrible because if the place where you buy your shoes online has the same password as your bank, then you are saying that they have the same level of security, and if the place where you buy your shoes gets compromised then your bank does too.”
MICHAEL FEY: So, 1Password helps you create unique passwords for all of your accounts and then it fills them for you into your browser or on your mobile device and makes it really easy to use unique passwords everywhere and stay safe online. Beyond that we also store a bunch of stuff, I use it as a digital vault with my family. So, I don’t know my wife’s social security numbers or the kids’ social security numbers, but they’re in 1Password, so I don’t have to, I can look them up, right? Or passport information is in there, so if I’m filling out a customs form as I’m on a plane I can just pull it up in 1Password and do it quickly. So, you could store credit cards and all sorts of information that you want to keep safe and secure in one place, and it lives on all your devices.
RICARDO SIGNES: We’re talking about storing data securely and taking responsibility for the privacy or the security of the people who trust 1Password. This gets me right into the topic of this whole podcast, right? Which is responsible digital citizenship, and, in this case, 1Password is part of our online society in providing a service to help people be secure. What does it take to provide that service responsibly?
MICHAEL FEY: I think it’s a mindset, and I think it’s a company mindset that you have to be in, right? So for us, everything is sort of security and privacy first, we start there whenever we’re trying to solve a new problem. And in fact, five or six years ago, when we were moving from one sort of model where every stored their data on their own devices and they could sync it over iCloud or Dropbox to a hosted model that we have today where everyone’s data lives on servers that we control, that was such a shift for us that before we ever wrote a single line of code we said, “how do we take this exact same model,” the old world model where everyone’s data is distributed across all their devices, “how do we recreate that in this new world?”
MICHAEL FEY: And so we spent quite a bit of time coming up with a security model that allows us to basically say the same thing that we’ve always said which is, “we don’t have your data,” “we don’t have your information.” We have this big blob stored on our servers that if anyone were to ever get access to it, it would be just nonsense to them, it’s impossible for anyone to crack that data. That’s the type of mindset I think that you have to be in when you’re in this business is—security and privacy first and then you build your solutions on top of that.
RICARDO SIGNES: Does that make the job a lot harder or does it just make it different?
MICHAEL FEY: Oh no, absolutely harder. And you see it every day in data breaches and other things, you see other companies that don’t have that mindset of security and privacy first. And it is harder, there’s things that we just don’t or can’t do because of how we’ve decided we want to operate in the industry but, at the end of the day, I think that that’s a win and a benefit for us.
RICARDO SIGNES: Yeah. We talk a lot about the need to understand the problems that you face online. Just making day-to-day choices using the internet, one of the key things is understanding, if not how the internet works technically, how does the internet work? What makes it go? And talking to people about, how do you think about these things informs their ability to make reasonable choices because there are benefits they can now understand.
RICARDO SIGNES: One of the things that you mentioned is passwords. It’s right there in the name. 1Password stores lots of things, I also store things other than my password in 1Password. But with passwords being the big one and the one that everybody’s got experience with having passwords and dealing with all the different advice on how to pick a good password, I thought I would ask you, as the password professional on this call, what’s your number one piece of advice on passwords?
MICHAEL FEY: I sort of touched on this briefly but it’s, don’t reuse them, one password per service, a single password per service, right? It’s the easiest thing you can do to keep yourself safe because at some point that password may get out into the world, and you don’t want that password to be tied to you and be able to use anywhere else, so use a unique password. And also let an app like 1Password generate it for you, don’t try to be fancy, don’t try to come up with your own algorithm for how you should create your passwords. Ideally, you shouldn’t even know your passwords. I only know two passwords. I know two, I know my Apple ID password because I need that one to set up a new device and it’s ingrained and the other one is, of course, my account password for 1Password. Other than that, I don’t know any of my other passwords, they’re all stored in 1Password and generated.
RICARDO SIGNES: You’re doing better than I am. I think I’m at five or six. At Fastmail, we’ve talked about needing separate passwords for a long time. In the guise of Pobox, I found a blog post from 2009 where we were giving this advice and said, “just go use 1Password, you’re going to enjoy it,” and that’s a long time ago already. And I think that on one hand, everybody knows they should be doing this and probably that’s not even true, but the world I live in, it feels like everybody knows. Do you have any information on what people’s actual password habits are like?
MICHAEL FEY: Yeah, absolutely. And certainly not because we do any sort of data mining or anything else, we don’t know anybody’s passwords, I will just be very clear about that. But we do interop with some services like Have I Been Pwned, which collects password breaches and, I mean, just terabytes of data of passwords that have gone out into the world. And we actually use that to look up people’s password if they enter them into 1Password manually. We can actually say, “oh, this is a reused password,” “this has been exposed in a data breach in the past.” The way we do that, just to quickly do a quick tech dive, it’s not like we send your password up to some service and then say, “hey, do you have this?” But instead, we actually take the first five characters of a hash of the password, and then we ask the service, “do you have passwords that match this?” And then we get a subset, and then we compare them locally, and so it’s all secure, it’s all done locally.
MICHAEL FEY: But habits-wise, I think the thing that jumped out at me, and I’ve seen this going through some of the passwords that my wife and I used to use because we have a shared vault for all of our stuff. So, going back and cleaning up some old passwords you would see passwords that we created that’s like, no one’s ever going to have this, no one’s ever going to have this dog name and the year that it is adopted, no, those are out there, those passwords are out in the wild. And so I think the thing that you learn from this is that if you’re coming up with it yourself there’s a really good chance that someone else has already used it which means it’s already out in the world, which means when someone wants to perform an attack on a service where you have an account their scope of passwords that they need to try it gets a lot smaller and they can actually churn through the list of known passwords first to see what people have used.
RICARDO SIGNES: So, passwords have problems at least when you let people pick them and we can tell people: don’t pick your own passwords, use unique passwords, put them in your password manager, let your password manager pick them for you. For now, we mostly live in this passworded world, and one thing we need to do is keep using different passwords because, as you said, if you’re using the shoe store and your bank the same password, you are making your bank only as secure as the shoe store’s security. What other weakest link problems like that we need to worry about and secure our online life?
MICHAEL FEY: I think that the other one is probably email addresses, right? Email addresses are a piece of personally identifiable information that are more or less out in the world. They’re not supposed to be secrets, people haven’t been trained to keep them secret, and you have an email address so of course, you use that email address everywhere, which means that everyone has a record of it. And people since they haven’t been trained to keep it safe, there’s a good chance that your shoe store is not safeguarding your email address that much. And we see that with data breaches, right? Like, oh, people’s email addresses and date of birth got out there, right? That’s a link, that’s weak, and that companies like Fastmail, you can actually fix that. That’s the cool part, you are moving into a space where you have the ability to actually directly address that problem.
Ricardo Signes: Yeah. So, you and I, we talked about this, it was not too long ago anyway, on the 1Password podcast, Random but Memorable, whose name I just still like saying, we talked about a bunch of stuff including email addresses and specifically the idea of having more than one email address, not always having the same email address. If I have a unique password everywhere, does having a distinct email address actually… Is there a point? How does that help me?
MICHAEL FEY: Yeah, I think so. Because again, like as I said, it opens you up to a personally identifiable information-based attack, right? Whether that’s a phishing attack or something else. It’s a piece of information that someone knows about you that they could use to reset your password or do something nefarious, right? Which I think is really interesting if you look at it from a unique email address point of view, it sort of cuts off a lot of those attacks because they might be going into a system and saying, “oh, I’m going to initiate a lost password for this email address,” it’s going to come back and go, “I don’t have a person for that,” or it’s going to be a “no,” right? Which is really neat if you’ve used a unique email address to sign up for that service.
RICARDO SIGNES: Right. So, normally if I was asked, “why do you need more than one password?” I would say, “it’s for security.” If you asked me, “why you want more than one email address,” I would say “privacy,” or you’ve already said personally identifiable information. We see this as kind of blurred because when you talk about if you can reset my password based on knowing my email address from one place, there’s a security element there too, but I know 1Password talks about itself as a company concerned with both security and privacy. So, what’s the difference between security and privacy?
MICHAEL FEY: Yeah. So, they obviously go hand in hand, right? Security is all about keeping your information safe. So, that’s where we get into talks about encryption and cryptography and basically making it such that the information that you’ve stored is not accessible, it’s not vulnerable to attacks that might expose it. Privacy is about keeping your information hidden. I look at it almost like armor versus stealth technology. So, armor is about making something really strong, right? Impervious to bullets and explosions and stuff like that, right? You have an armored vehicle, you’re not supposed to be able to attack it directly. If you have a stealth plane, you’re not even supposed to see it, you’re not supposed to know that it’s there, right? That to me is the difference.
MICHAEL FEY: And if you had a highly armored stealth plane, well, then that’s the best, right? That’s as cool as it could get. So, that’s sort of the difference between the two. And so, if you try and apply that same metaphor to technology, you might know that some information exists at a place, you might know that someone has an account at a place, and that’s where you want to have really strong armor against attacks that might try and get in there, but if that same location is also engaged in privacy-focused activities then there’s not even a target to hit, you can’t even go after the target because you don’t know that it’s there, and it sort of increases that difficulty for accessing the information that you want to get at.
RICARDO SIGNES: Yeah, and if someone can find your target they still got to get through a lot of armor.
MICHAEL FEY: Yeah, exactly.
RICARDO SIGNES: Yeah, I like that metaphor. We know that we want to have unique passwords and we know we want to have unique email addresses and presumably, people who are listening to this podcast by this point know that Fastmail and 1Password have been working together on Masked Email, which is a partnership to make it easy to have unique email addresses, just as easy as it is with 1Password to have a unique password. If I’m going to use this feature and I want to sign up for some new service and I don’t want to use my same email address, I want a unique email address and a unique password, how does this change? How does this feel for someone who’s using that feature? What’s the experience?
MICHAEL FEY: It should be largely the same as how they’re used to using 1Password today, which is really neat. If you go and sign up for a new service today, 1Password will fill your email address and a unique password, it’ll prompt you to generate a password. Well, ideally if we’ve done our job right it should be as simple as saying, well, I want to use a Masked Email when I sign up for this and generate this password, and then it fills in both of those things and you’re off to the races. From my point of view, if I’m using this, I’m still going to get an email from this service into my regular inbox and be able to operate in that account the way that I normally would, I’ll also know that my account is stored safely in 1Password, and I can get in there and auto-fill that stuff, and I don’t really have to worry about remembering a unique email address, I don’t have to worry about remembering a unique password, the stuff should just continue to work if we’ve done our job right.
RICARDO SIGNES: Right, so you don’t need to remember your email address because 1Password has remembered it for you, and you don’t need to worry about where that mail goes because it goes to your inbox, and all that information is being stored securely in 1Password.
MICHAEL FEY: Right. Yeah, exactly right.
RICARDO SIGNES: So, I had a lot of fun watching this project happen. It’s always nice to work with another company who shares our stances on privacy and our stances on what users are entitled to, not every company feels the same way, even companies that I like sometimes it’s not one of their foundational values. And I also enjoyed watching this get to use our own team’s sets of expertise, right? We got to work on email routing bits and that’s also nice to watch people do what they’re good at, and it’s a feature people asked about. Is this a feature for everybody, or is this a privacy connoisseur’s feature?
MICHAEL FEY: I think that this is a feature that I’m going to say that everyone should use. I think that, especially because we’re ticking those boxes of making it easy, right? I’m not going to some web dashboard somewhere and trying to come up with my own email address while I’m also trying to sign up for a new service, right? That stuff is just taken care of for me. So, because it just gets out of the way and then also increases your security and privacy online, it seems to me a no-brainer for anyone to opt into this and start using it. So, I don’t think that this is just for the privacy connoisseur, I think this is for, first of all, just from a user experience point of view, I think it’s for everyone.
MICHAEL FEY: But also increasing your privacy footprint online I think is a really smart thing for people to do. But also, Rik, I think that there’s a big education cliff that we still need to hit with the general populace, right? I think that people are just starting to get into the mindset that they should use a unique password everywhere, that feels like something that’s becoming a little bit more mainstream. But random email addresses, or unique email addresses, I think still has a ways to go to be in sort of the mainstream.
RICARDO SIGNES: We talked to a behavioral scientist on our first episode, BJ Fogg, and he has a model of behavior, and he says that “if you want to actually have a behavior occur, you need to have sufficient motivation, and you need to be prompted to take that action, and you need to have the ability to do it that can’t be too hard, you have to want to do it, and something has to remind you to do it.” And I’ve thought a lot about 1Password, and the ways in which it meets some of these requirements.
RICARDO SIGNES: When I go to log in to a site it says, “do you want to save your login?” If I go change my password, it will notice and say, “do you want to update your login?” And when you talk about users getting past this education speed bump, right? Learning that they should have these behaviors, I guess I wonder, what other things could we, not just Fastmail and 1Password but people who are building technology on the internet, what could we do to make it easier for users to serve their own interests, right? To be more secure because the choices become easier or more prompted.
MICHAEL FEY: So, I think that the ability and the prompting is certainly something that we can do. I think the motivation is the aspect that’s a little bit harder because the motivation is the education. I mean, this is something that we sort of struggle with as well on the 1Password side, right? We have a whole section in our app that’s dedicated to duplicate passwords like, “oh, you shouldn’t have duplicate passwords.” And it’s like, we can show them to people, we can give them a little learn-more links about, “why, why wouldn’t you do this?” But at the end of the day, if someone doesn’t go and investigate that stuff or doesn’t really think about it too much, it’s difficult to do that education while also wanting to sort of get out of the people’s way and let them get access to the data and the sites that they want to get in.
MICHAEL FEY: I think that this is one of those areas where bigger companies getting involved helps us at companies like Fastmail and 1Password, right? As soon as Apple starts telling people, “hey, your passwords are garbage, you’re reusing them you shouldn’t be doing this,” it starts to educate the masses, right? And so a company like Apple, with so much reach, with very simple means can tell people that these practices that they have are bad. And once they have started doing this education then it gets into the global consciousness, and then it makes it easier for us to do our job, right? So, it’s really easy to sort of put it all on our shoulders and be like, “oh God, we really got to do some things,” and we should certainly try, but I’ll tell you what, when a company like Apple comes in and just swings a big old hammer and says, “you should all be using unique email addresses,” everyone goes, “holy cow, we should be using unique email addresses, of course,” and then it gets easier. It’s a rising tide that I think lifts all boats, which, I think, is really neat.
RICARDO SIGNES: It’s a rising tide, there you go.
MICHAEL FEY: Yeah.
RICARDO SIGNES: So, talking about the big companies picking up standards, we’ve talked a decent amount on this podcast about standards and I know or I assume that you and I have both had to solve technical problems in weird ways because of the existing standards of the internet or non-standards of the internet. And if I got one wish to fix email to just make a change in how it worked I know what it would be. And I was wondering if you could make just one change in how, I mean, we could say passwords, but let’s say, internet security worked to just make life easier for online privacy and security, what would your change be?
MICHAEL FEY: It’s funny. I think I would do away with the password. I think that I would go to a world where these standards that are being set as the replacement for passwords. That’s a future that’s made a reality because it has the opportunity to make everyone safer. If everyone tomorrow had all of their accounts everywhere switched over to a passwordless system and they were able to use devices or software that just logged them in securely because it was able to connect who they are to what they’re trying to do, that would be amazing, data breaches and large scale security breaches, I think, would be largely a thing of the past, I say that, and when I say that I hear our security lead in my ear saying, “no, because there’s all this other stuff.” But I am a bright-eyed optimist, so I’m going to say that I think it would make those things the thing of the past.
RICARDO SIGNES: So, we can’t just choose to not have passwords right now, we’re waiting for the internet to take us to that place.
MICHAEL FEY: Yeah.
RICARDO SIGNES: In the meantime, apart from having our distinct per-site passwords and email address, as we’ve established, this is our new baseline for behavior, what else should people be doing to protect themselves online?
MICHAEL FEY: I think the other thing that is still missing in a lot of people is a healthy dose of skepticism around communications that they get, right? And I’m talking specifically about phishing attacks, right? I think that it’s still a thing that people fall victim to, and so having a little bit more, like I said skepticism. My mother, who is 83 years old, is one of the most internet-savvy people I know because she will tell me, she goes, “I got an email from FedEx that said they’re holding a package for me and they just need a $1.50 to release it,” she goes, “and I put that in the trash because that’s garbage,” I said, “that’s right mom, it is, you’re awesome.”
MICHAEL FEY: Or “I got an email saying that I subscribed to something on iTunes and I did not subscribe to anything on iTunes, so I didn’t click the manage subscription link, I just deleted it,” I was like, “that’s right.” And if everybody did that, that would be great. So, be like my 83-year-old mother and just be a lot more skeptical about the things that people are trying to tell you and sell you.
RICARDO SIGNES: Yeah, I think I will tell all listeners they can blame me as the mascot for technologists here. I think that technology the computer interfaces have given people a lot of prompt fatigue, right? It’s like, I just have to say yes to do what I want to do, and it’s been easy to exploit that. And what people really need to do is read every single prompt which is, what a drag. But yeah, as you say, skepticism goes a long way there.
RICARDO SIGNES: Well, there’s one last thing I’ll ask you which is, being responsible for your own privacy and security is only one part of what we talk about as digital citizenship, which of course people have a lot of different opinions about, what do you think it means or it takes to be a good digital citizen?
MICHAEL FEY: So, back when Twitter was first getting started, I joined Twitter I think in 2008 or 2009, and there was a huge community of other Apple developers, Mac and iOS developers, on there during that time, and it was where we congregated and where we met and shared ideas and did all of these cool things. And also around that time I remember Wil Wheaton, who is an actor, I was following his website at the time and his mantra was always, don’t be a dick, right? That has always stuck with me. So, much in the same way that you would act in the world, act online, be kind and be gracious, and go out of your way to help people and don’t be a dick, right? That to me is good digital citizenship. And I think that it’s something that you see sometimes in the world, you see it, and I think that it’s more rare than it should be because too often you see the garbage, right? That garbage tends to float to the top, and I think that we need a little bit more of people being nice to each other.
RICARDO SIGNES: I think that’s been a recurring theme when we talk to people about this. The idea that digital citizens are human beings—not just you but all the other ones too. And you have to keep in mind you’re dealing with a lot of other human beings and what do human beings want from each other? They want compassion and respect and dignity. Well, I am really looking forward to seeing what happens with this Masked Email project, we say it’s a feature for everybody, and will everybody be using it? We’ll probably be finding out in the not too distant future.
HELEN HORSTMANN-ALLEN: I really loved that conversation, Rik.
RICARDO SIGNES: Oh, I’m glad to hear it. Towards the end of that conversation, Michael and I talked about what people can do to improve their privacy and security online. And I’m curious if you could give one piece of advice to somebody about how they could improve their privacy and security online, what would it be?
HELEN HORSTMANN-ALLEN: Rik, you already stole my best answer. I almost always tell people, it’s just, use a password manager. And like you Rik, I have used my own homegrown version of Masked Email for a long time. Not reusing key information is one of the best ways to keep yourself safe no matter what happens to you, companies you deal with, whatever. What do you think the key takeaways are, Rik?
RICARDO SIGNES: Well, first of all, don’t use the same password everywhere you go, it’s not secure, and it puts you and your private information at risk. I hope at this point everybody is already using unique passwords but, realistically, I know they’re not. And if everyone has been telling you that this is a good idea and a big deal, it is a good idea and a big deal, please use different passwords wherever you go. Also, don’t use the same email address everywhere. It’s not the same as using the same password everywhere, you’re not putting yourself at the same amount of insane risk, but you can do better. Having a different email address for the different services you use helps isolate your data and helps give you some more privacy and some more security when you’re doing things online. And with Masked Email from 1Password and Fastmail, it’s actually really easy to just do that—much easier than it was before.
RICARDO SIGNES: It was worth my time and energy before and if you never thought about it or didn’t think it was worth your time and energy, I can tell you the amount of time and energy it will take now is very, very close to zero. And ultimately one of the big takeaways from this conversation is, just like in the rest of your life when you are online the golden rule still applies, treat other people the way you want to be treated, and be kind. This might not be a matter of privacy or security, but it is a matter of citizenship, it’s a matter of the kind of community that we have, that we live in, that we spend our time in, and I think we would all like to have one where we feel welcomed and safe. This is the real end of our season, so thanks to everyone who’s given us comments and shout-outs, whether you emailed us, commented on Twitter, took part in discussions on EMD or Reddit, thank you.
HELEN HORSTMANN-ALLEN: Rik, what was your favorite part of the season?
RICARDO SIGNES: The whole thing was great, I enjoyed the whole thing. I’m going to give you two answers because I don’t like giving just one. I really enjoyed our first episode with BJ Fogg, not just because of the content of the episode but because it contained a lot of good advice both from BJ and from his book about how to help change the actions I take to engage with the internet and with my computers. And I know that I have a lot of things I can do better and BJ Fogg’s work seems like a realistic way to actually make improvements that I believe can work, which is a big deal.
RICARDO SIGNES: And as far as podcast content goes, I was really happy with our conversation with Lucie from Digital Rights Watch, I thought that it hit on a really important statement which is that digital rights are just human rights. And this is something that we talk about over and over that everything about digital citizenship is the same as it is about real-life citizenship, it’s about the way that society works, the way that we treat each other, our rights and our responsibilities, and we need to apply the same kind of critical eye to our online life that we do to our offline life. And I thought that episode did a really nice job of making that point. What about you?
HELEN HORSTMANN-ALLEN: Well, I have a much more practical answer, I love the transcripts! I find it much easier to read conversations like the ones you had than listen to them. So, I was really happy that we had them, we had them right from the start. And I have to give a major shout-out to our producer, Haley, who turns all of these conversations into these tight easy to read transcripts that you can read at fastmail.com/digitalcitizen.
RICARDO SIGNES: Also, easy to listen to because without that work you would be getting a lot of my digressions, which although I’m sure everyone would find them delightful for about two minutes, they do tend to go on.
HELEN HORSTMANN-ALLEN: So, if you haven’t told us how you felt about this season or what you’d like to hear from us next season, you know what to do at this point, go to digitalcitizenshow.com/survey to tell us what you think before October 31st, 2021. And just a reminder, if you do that you have the chance to win a free year Fastmail, so fill it out. Between now and season two we’ll be exploring the content of season one at greater depths on our blog and in social media, so follow us at Fastmail on Twitter and keep a lookout for it.
RICARDO SIGNES: As always, thank you for listening to Digital Citizen. Digital Citizen is produced by Fastmail, the email provider of choice for savvy digital citizens everywhere. Our producer is Paul Colligan. Our assistant producers are Haley Hnatuk and Lenore Hart. Special thanks to the incredible team of people behind Fastmail. Digital Citizen is hosted by me, Fastmail CTO, Ricardo Signes.
HELEN HORSTMANN-ALLEN: Subscribe to our show and rate and review us on your favorite podcast player, we’d love to hear what you think about the show. For a free one-month trial of Fastmail, go to fastmail.com/podcast. Find more episodes, transcripts, and Rik’s takeaways at fastmail.com/digitalcitizen.