Terence Eden’s Blog

I feel terribly guilty when I visit a new city, post photos of my travels, only to have a friend say "Hey! Why didn't you let me know you were in my neck of the woods?"

Similarly, if I bump into an old acquaintance at a conference, we both tend to say "If only I'd known you were here, we could have had dinner together last night!"

I do enjoy the serendipity of events like FOSDEM - randomly seeing a mate and expressing the joy of spontaneity. But I also like arranging to meet up in advance.

At the moment, my strategy is sending a blast on social media saying "I'm visiting [this city] next week, anyone fancy a beer and a natter?" I've met friends all over Europe, Australia, and New Zealand that way. It mostly works. But I can't help feeling it is inefficient and prone to missing connections.

I even wrote my own code to auto-post FourSquare checkins to my other social media sites.

Here are my ideal scenarios. Imagine something built in to Signal / WhatsApp / Whatever app you already use.

I tell my app that I'm going to Barcelona from 14th - 19th February and am happy to meet any of my friends.

✨Background Magic✨

My friend Alice has also planned a trip to Barcelona around those dates. She gets a ping saying that one of her friends is going to be in the same city. Does she want to know more?

So far, so Dopplr.

My friend Bob lives just outside of Barcelona. He's set his "willing to travel" settings to be about 30 minutes, so also receives a ping.

I don't know that either of them have seen the notification until they decide they want to meet.

I step off the train in Manchester, England England. Perhaps the app notices I'm away from home, or maybe I press the "Anyone Around?" button.

On a map I can see friends who have shared their rough location. I decide to message Chuck to see if he's free for a chat.

Dave notices my location is now within his preferred travel distance. He gives me a ring.

A bit like how FourSquare used to be - but with less precision.

The above is very much the "happy path". It doesn't look at any of the knotty problems or grapple with the UI that would be needed to make this work. But we know the technology for sharing location is viable - so what are the social issues that make this so difficult?

"Oh, fuck, Edgar's location says he's in town. Can we pretend to be out of the country?"

Alternatively, "Huh, I know at least a dozen people who live in Skegness. Why aren't any of them responding to me?"

Social pressure and awkwardness are hard problems. No one wants to use the app that makes you feel like a friendless loser.

Do you want your friends knowing your every movement? I'm sure some people do, but most probably don't. It's possible to sketch out some vague controls:

• Only send a notification if I push this button.
• Don't send alerts if I am within this radius of my home / work.
• Fuzz my location to the city / state / country level.

Is it a risk to let people know vaguely where you are? Is meeting up with (semi-) strangers from the Internet a smart life choice? Is having an app stalk you across the globe giving too much data to advertisers?

Does that creep from work abuse the system to keep popping up whenever you're out with friends?

I said the technology exists for this, and that was sort of true. Every device has GPS & an Internet connection. Storing a log of friends and sending them a message is a solved problem.

But is it solved in a decentralised and privacy preserving way?

No one wants to give all this power to one company. Google will build it and kill it. Facebook will sell your secrets to dropshippers. A funky start-up will be acquhired by Apple & restricted to iOS devices.

My location is fuzzed to an acceptable degree of imprecision and then sent… where? To all my friends directly? To a central server? Can k-anonymity help?

Is this a separate app? Everyone seemed to leave FourSquare after they buggered around with it. Perhaps it is just a feature in existing apps?

Messaging apps like Signal, Telegram, and WhatsApp allow you to share your location with one or more friends.

To me, it feels a bit weird to manually send a dropped pin to some / all of my contact. It also doesn't let you share "tomorrow I will be in…"

Using "Stories" is the common way to share an update with all contacts - but none of them let you automatically share your location in a story.

FourSquare's Swarm app allows you to check in to a "neighbourhood". But there's no obvious way of saying "London" or "Manchester" - and I'm not sure how close to an area you need to be to get an alert that your friend is there.

I don't want to build this. Trying to get everyone I know to adopt a new app isn't going to happen. With the fragmentation of messaging and the lack of interoperability, this is likely to remain an unsolved problem for some time.

So here's my strategy.

• Get back in to using FourSquare. Most of my friends seemed to stop using it back in 2017 when it was split into Swarm. But a few are still on there.
• Manually post a story on Mastodon, BlueSky, Facebook, WhatsApp, Signal, and Telegram saying "Visiting Hamburg next week. Anyone want a beer?"
• Hope that something better comes along.

My wife and I run OpenBenches. It's a niche little site which lets people share photos of memorial benches and their locations. Most modern phones embed a geolocation within the photo's metadata, so we use that information to put the photos on a map.

Google's Android has now broken that.

On the web, we used to use:

<input type="file" accept="image/jpeg">

That opened the phone's photo picker and let the use upload a geotagged photo. But a while ago Google deliberately broke that.

Instead, we were encourage to use the file picker:

<input type="file">

That opened the default file manager. This had the unfortunate side-effect of allowing the user to upload any file, rather than just photos. But it did allow the EXIF metadata through unmolested. Then Google broke that as well.

Using a "Progressive Web App" doesn't work either.

So, can users transfer their photos via Bluetooth or QuickShare? No. That's now broken as well.

You can't even directly share via email without the location being stripped away.

Literally the only way to get a photo with geolocation intact is to plug in a USB cable, copy the photo to your computer, and then upload it via a desktop web browser?

Because Google run an anticompetitive monopoly on their dominant mobile operating system.

Privacy.

There's a worry that users don't know they're taking photos with geolocation enabled. If you post a cute picture of your kid / jewellery / pint then there's a risk that a ne’er-do-well could find your exact location.

Most social media services are sensible and strip the location automatically. If you try to send a geotagged photo to Facebook / Mastodon / BlueSky / WhatsApp / etc, they default to not showing the location. You can add it in manually if you want, but anyone downloading your photo won't see the geotag.

And, you know, I get it. Google doesn't want the headline "Stalkers found me, kidnapped my baby, and stole my wedding ring - how a little known Android feature puts you in danger!"

But it is just so tiresome that Google never consults their community. There was no advance notice of this change that I could find. Just a bunch of frustrated users in my inbox blaming me for breaking something.

I don't know what the answer is. Perhaps a pop up saying "This website wants to see the location of your photos. Yes / No / Always / Never"? People get tired of constant prompts and the wording will never be clear enough for most users.

It looks like the only option available will be to develop a native Android app (and an iOS one?!) with all the cost, effort, and admin that entails. Android apps have a special permission for accessing geolocation in images.

If anyone has a working way to let Android web-browsers access the full geolocation EXIF metadata of photos uploaded on the web, please drop a comment in the box.

In the meantime, please leave a +1 on this HTML Spec comment.

I have an old mobile phone number that I'd like to keep. I think it is registered with a bunch of services for 2FA by SMS, but I can't be sure. So I want to keep it for a couple of years just in case I need it to log on to something.

I don't want to faff around with physical SIMs, so I went looking for the cheapest way to keep my number for the longest time. There are a whole bunch of providers out there who will do low-cost monthly contracts (like Spusu), which I don't want. Similarly, there are some pure PAYG providers who require you to top-up with £10 every few months (like 1pmobile).

In the end, I went with Lyca Mobile (affiliate link). Total cost was £10 which should last indefinitely.

The process isn't particularly straightforward. Here's how it works:

First, add a PAYG SIM to your basket and select "eSIM"

Next, click the Bin icon (🗑) in the top right. You'll get this pop-up:

Select "Discard plan & add credit" - you'll return to this screen:

The minimum top-up is a tenner, so select that. From there, you can add details of your old number, its porting code, and when you want the port to take place. Then pay.

Done! You'll receive your eSIM instantly. Scan it with your phone and you'll be up and running. The phone number porting will take as long as it takes.

OK, but will Lyca let you keep a number indefinitely? Here's what they say:

How long can I keep my number for if I don’t use any of Lyca Mobile’s services?

Normally we will keep your number for 120 days if you do not use our service. However, you may also keep your Lycamobile number for up to 1 year without using our service. Just dial *139*9999# from your Lycamobile and follow the instructions on the screen. Please be aware that there will be a fixed annual fee of £15 which will be deducted from your balance.

Source

Note, their chatbot says the fixed fee is a fiver. Like all half-baked AI systems, it is wrong.

So, what does "using" consist of? This is hard to find out! I think is any chargeable event. Based on their current PAYG pricing the cheapest options are:

• Send an SMS for 23p
• Use 1MB of data for 15p.

If I'm right, you could use 1MB of data every 120 days. That would deplete your credit in about 22 years. More than long enough for me!

There you have it, I'm pretty sure that's the cheapest way to keep a UK mobile number on an eSIM. You can keep it switched off for 119 days, flick it on, send a quick message, then shut it down again.

Click the referral link to join Lyca Mobile

Like all good nerds, I generate a unique email address for every service I sign up to. This has several advantages - it allows me to see if a message is legitimately from a service, if a service is hacked the hackers can't go credential stuffing, and I instantly know who leaked my address.

A few weeks ago I signed up for BrowserStack as I wanted to join their Open Source programme. I had a few emails back-and-forth with their support team and finally got set up.

A couple of days later I received an email to that email address from someone other than BrowserStack. After a brief discussion, the emailer told me they got my details from Apollo.io.

Naturally, I reached out to Apollo to ask them where they got my details from.

They replied:

Your email address was derived using our proprietary algorithm that leverages publicly accessible information combined with typical corporate email structures (e.g., firstname.lastname@companydomain.com).

Wow! A proprietary algorithm, eh? I wonder how much AI it takes to work out "firstname.lastname"????

Obviously, their response was inaccurate. There's no way their magical if-else statement could have derived the specific email I'd used with BrowserStack. I called them out on their bullshit and they replied with:

Your email address came from BrowserStack (browserstack.com) one of our customers who participates in our customer contributor network by sharing their business contacts with the Apollo platform.

The date of collection is 2026-02-25.

So I emailed BrowserStack a simple "Hey guys, what the fuck?"

I love their cheery little "No spam, we promise!"

Despite multiple attempts to contact them, BrowserStack never replied.

Given that this email address was only used with one company, I think there are a few likely possibilities for how Apollo got it.

• BrowserStack routinely sell or give away their users' data.
• A third-party service used by BrowserStack siphons off information to send to others.
• An employee or contractor at BrowserStack is exfiltrating user data and transferring it elsewhere.

There are other, more nefarious, explanations - but I consider that to be unlikely. I suspect it is just the normalisation of the shabby trade in personal information undertaken by entities with no respect for privacy.

But, it turns out, it gets worse. My next blog post reveals how Apollo got my phone number from from a very big company.

Be seeing you 👌

Many years ago, someone tried to get me into cryptocurrencies. "They're the future of money!" they said. I replied saying that I'd rather wait until they were more useful, less volatile, easier to use, and utterly reliable.

"You don't want to get left behind, do you?" They countered.

That struck me as a bizarre sentiment. What is there to be left behind from? If BitCoin (or whatever) is going to liberate us all from economic drudgery, what's the point of "getting in early"? It'll still be there tomorrow and I can join the journey whenever it is sensible for me.

Part of the crypto grift was telling people to "Have Fun Staying Poor". That weaponisation of FOMO was an insidious way to get people to drop their scepticism.

I feel the same way about the current crop of AI tools. I've tried a bunch of them. Some are good. Most are a bit shit. Few are useful to me as they are now. I'm utterly content to wait until their hype has been realised. Why should I invest in learning the equivalent of WordStar for DOS when Google Docs is coming any-day-now?

If this tech is as amazing as you say it is, I'll be able to pick it up and become productive on a timescale of my choosing not yours.

I didn't use Git when it first came out. Once it was stable and jobs began demanding it, I picked it up. Might I be 7% more effective if I'd suffered through the early years? Maybe. But so what? I could just as easily have wasted my time learning something which never took off.

I wrote my MSc on The Metaverse. Learning to built VR stuff was fun, but a complete waste of time. There was precisely zero utility in having gotten in early.

Perhaps there are some things for which it is sensible to be on the cutting edge. I took part in a vaccine trial because I thought it might personally benefit me and, hopefully, humanity.

But I'm struggling to think of anyone who has earned anything more than bragging rights by being first. Some early investors made money - but an equal and opposite number lost money. For every HTML 2.0 you might have tried, you were just as likely to have got stuck in the dead-end of Flash.

There are a 16,000 new lives being born every hour. They're all starting with a fairly blank slate. Are you genuinely saying that they'll all be left behind because they didn't learn your technology in utero?

No. That's obviously nonsense.

It is 100% OK to wait and see if something is actually useful.

I've told this story at conferences - but due to the general situation I thought I'd retell it here.

A few years ago I was doing policy research in a housing benefits office in London. They are singularly unlovely places. The walls are brightened up with posters offering helpful services for people fleeing domestic violence. The security guards on the door are cautiously indifferent to anyone walking in. The air is filled with tense conversations between partners - drowned out by the noise of screaming kids.

In the middle, a young woman sits on a hard plastic chair. She is surrounded by canvas-bags containing her worldly possessions. She doesn't look like she is in a great emotional place right now. Clutched in her hands is a games console - a PlayStation Portable. She stares at it intensely; blocking out the world with Candy Crush.

Or, at least, that's what I thought.

Walking behind her, I glance at her console and recognise the screen she's on. She's connected to the complementary WiFi and is browsing the GOV.UK pages on Housing Benefit. She's not slicing fruit; she's arming herself with knowledge.

The PSP's web browser is - charitably - pathetic. It is slow, frequently runs out of memory, and can only open 3 tabs at a time.

But the GOV.UK pages are written in simple HTML. They are designed to be lightweight and will work even on rubbish browsers. They have to. This is for everyone.

Not everyone has a big monitor, or a multi-core CPU burning through the teraflops, or a broadband connection.

The photographer Chase Jarvis coined the phrase "the best camera is the one that’s with you". He meant that having a crappy instamatic with you at an important moment is better than having the best camera in the world locked up in your car.

The same is true of web browsers. If you have a smart TV, it probably has a crappy browser.

My old car had a built-in crappy web browser.

Both are painful to use - but they work!

If your laptop and phone both got stolen - how easily could you conduct online life through the worst browser you have? If you have to file an insurance claim online - will you get sent a simple HTML form to fill in, or a DOCX which won't render?

What vital information or services are forbidden to you due to being trapped in PDFs or horrendously complicated web sites?

Are you developing public services? Or a system that people might access when they're in desperate need of help? Plain HTML works. A small bit of simple CSS will make look decent. JavaScript is probably unnecessary - but can be used to progressively enhance stuff. Add alt text to images so people paying per MB can understand what the images are for (and, you know, accessibility).

Go sit in an uncomfortable chair, in an uncomfortable location, and stare at an uncomfortably small screen with an uncomfortably outdated web browser. How easy is it to use the websites you've created?

I chatted briefly to the young woman afterwards. She'd been kicked out by her parents and her friends had given her the bus fare to the housing benefits office. She had nothing but praise for how helpful the staff had been. I asked about the PSP - a hand-me-down from an older brother - and the web browser. Her reply was "It's shit. But it worked."

I think that's all we can strive for.

Here are some stats on games consoles visiting GOV.UK

Matt Hobbs (@TheRealNooshu@hachyderm.io)

@TheRealNooshu

Replying to @TheRealNooshuInterestingly we have 3,574 users visiting GOV.UK on games consoles:
• Xbox - 2,062
• Playstation 4 - 1,457
• Playstation Vita - 25
• Nintendo WiiU - 14
• Nintendo 3DS - 16

20/22

---

❤️ 27💬 1🔁 010:45 - Mon 01 February 2021