Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE.

Tags: crime · Jamelle Bouie · murder · USA · video

The California Privacy Protection Agency kicked off 2026 by launching a tool that state residents can use to make data brokers delete and stop selling their personal information. 

The system, known as the Delete Request and Opt-out Platform, or DROP, has been in the works for years, mandated by a 2023 law known as the Delete Act. Under it and previous laws, data brokers must register with the state and enable consumers to tell brokers to stop tracking them and selling their information. 

Until now, those instructions had to be delivered to each data broker individually — not an easy feat, given that more than 500 brokers were registered in the state as of the end of last year. Making things even more difficult, some brokers obscured their opt-out forms from search results, as The Markup and CalMatters revealed in August. 

The new system delivers privacy instructions to every registered broker at once. Launched on January 1, it is open to all California residents. By law, the hundreds of data brokers registered with the state must begin processing those requests in August.

Here’s how to take advantage of it.

Finding your advertising IDs

DROP asks you to provide some basic information — your name, email address, phone number, and zip code — so data brokers can find you in their systems. You can submit the form with just this information, but if you’d like a more thorough deletion, you can also provide your mobile advertising IDs from your phones, smart TVs, and vehicles. Including these IDs can help brokers match more of your data, but you have to take the time to collect them. 

Click here to jump ahead if you want to provide basic information only, or continue reading for instructions on providing mobile advertising IDs for:

• Android phones and tablets
• Apple iPhones and iPads
• Vehicle ID numbers and smart TVs
• Personal computers

Android phones and tablets

The steps below may vary slightly depending on your device and operating system version, but the general process is the same:

• Open Settings.
• At the top of the Settings screen, select the menu option with your name, followed by “Google services and preferences.”
• Select the All services tab.
• Scroll to the Privacy & Security section, and select Ads. Scroll to the bottom of that screen to get your advertising ID, which will look like a string of random numbers and letters separated by four hyphens. Save that ID for the DROP form.

• On the same screen, you can find options to reset or delete your advertising ID. The CCPA suggests resetting your ID “because it breaks the persistent tracking link that advertisers, data brokers, and apps use to build long-term behavioral profiles of your device.” Alternatively, deleting the ID should prevent ID-based data tracking from happening at all.

Apple iPhones and iPads

Apple doesn’t provide a way for iOS users to see their mobile advertising ID, which it calls the Identifier for Advertisers, or IDFA. But it does provide a way for users to prevent trackers from accessing these IDs.

To turn off tracking, first, adjust your Screen Time settings:

• Open Settings. 
• Scroll down and select Screen Time. 
• Scroll down and select Content & Privacy Restrictions. 
• Scroll down and select Allow Apps to Request to Track.
• Select Don’t Allow Changes. 

Then, adjust your Tracking settings:

• Open Settings. 
• Scroll down and select Privacy & Security. 
• Select Tracking.
• Toggle OFF the option to Allow Apps to Request to Track.

Apple has its own ads system that doesn’t use an IDFA. To disable that: 

• Open Settings. 
• Scroll down and select Privacy & Security. 
• Scroll down and select Apple Advertising.
• Toggle OFF the Personalized Ads option.

A quick note for our technically savvy readers: If you’ve already turned tracking off, you might be tempted to turn it back on to look up your advertising ID using a third-party app, but it’s unnecessary. Re-enabling tracking will reset the ID, limiting its usefulness to data brokers — they can’t continue tracking data or delivering personalized ads using a device ID that no longer exists. 

Vehicle ID numbers and smart TVs

Vehicles can track their owners in surprisingly invasive ways, and you can provide a vehicle’s identification number, or VIN, in case data brokers have that information. Where your VIN is will depend on the vehicle, but common places include on the dash on the driver’s side, or on a sticker in the jamb of the front passenger door. Your vehicle registration documents should also have your VIN listed.

Smart TVs also use advertising IDs. Here’s a guide that provides some settings for common brands. If the guide doesn’t cover your smart TV, try checking under its privacy or advertising settings. But be aware that this is different from numbers like the model code and serial number.

Personal computers

Laptop and desktop computers use unique identifiers to share data, but these are harder to find than mobile advertising IDs. Instead, you can turn off tracking, which will delete those IDs. (Turning tracking on again will generally reset the IDs.)

• On computers running Windows, you can turn off your advertising ID by going to Settings. Depending on your OS version, select Privacy or Privacy & security. Then select General, and adjust your settings there.
• On Mac computers, navigate to System Settings > Privacy & Security > Apple Advertising. Then, toggle off Personalized Ads.

The California Privacy Protection Agency also provides some of its own guidance on finding advertising IDs. 

Verify your identity

Go to the DROP website. You’ll be asked to accept the terms of use and be directed to a page that asks you to prove you’re a California resident. There are two ways to do so, and you can’t change methods once you’ve selected one of them. 

1. The system allows you to verify your identity using personal information through a system called the California Identity Gateway. 
   
   If you select this option, you’ll be asked to provide some basic personal information, like a phone number, email address, California address, or your social security number. The gateway will use this information to attempt to verify your residency directly with the state. This option should be quick if you have an email address and phone number.
   
2. Alternatively, you can verify your identity to DROP using login.gov, a system that some federal and state agencies in the United States have adopted to allow residents to interact with government services. 
   
   To sign up for a login.gov account, you’ll be asked to provide an email address, create a password, and provide photos of government-issued identification. After signing up and verifying your identity, you should be able to move on to the next step. This option might take a little more effort than the first option, since ID is required, but might be faster if you’ve already signed up for an account for other purposes.

Fill out and submit the DROP form

After verifying your identity, you’ll get to a form where you can submit multiple versions of your name, up to three zip codes, up to three email addresses, up to three phone numbers, advertising IDs from your mobile devices and smart TVs, and VINs for your vehicles. You’ll be asked to verify your email addresses and phone numbers with single-use codes before submitting. (The agency notes there may be delays with some verification codes due to high volume.)

Once you submit the form, you’ll get a unique DROP ID to check the status of your request.

What happens now?

Sit back and wait. While the window for making DROP requests has opened, data brokers registered with the state aren’t required to handle them just yet. On August 1, brokers will begin processing the requests.

Starting then, companies have 45 days to process requests and 90 days to report back on how they handled requests. If they fail to do so, the companies can face financial penalties. 

In the meantime, you can monitor the status of your request with your DROP ID. At some point later in the year, when you log in the system should tell you whether your data was successfully deleted, whether records on you weren’t found, or whether companies believed the data was exempt from deletion under the law, which provides some limited ways for brokers to hold on to data.  

If you find more information while you’re waiting for your request to be processed, like a new mobile advertising ID, you can update your request with that information, increasing the odds you’ll successfully get your data deleted. 

It’s funny how close this competition seemed just a couple weeks ago:

That was then, 2025.

For 2026, the guy on the left is taking an early lead that’s will be hard to beat.

There’s a lot more that could be said here but I will give the last words to Hidden Door’s CEO and Co-founder Hilary Mason.

And, no, you won’t find me posting on X anymore.

Share

I’m thinking out loud here about how to get development rolling for MyTerms. I see three pieces required for a proof of concept:

1. Browser plugin
2. Web server plugin
3. Data storage and retrieval

When we first thought about this at ProjectVRM in the late ’00s, we saw a browser header that looked like this:

The ⊂ and the ⊃ are for the personal and website sides of potential or actual MyTerms agreements. Popdown menus next to both could detail choices or states, including states in which relationships beyond a first MyTerms agreement have been developed. One might even see these as a VRM + CRM dashboard, or a portal into one.

Browser and web server plugins are easy to imagine and develop. Today there are:

• ~112,000 extensions for Chrome (see here and here)
• ~74,000 add-ons for Firefox (see here)
• Doubtless thousands for Safari (all come through the Apple Store, which is not a useful source for that one)
• ~60,000 WordPress and 5400 Code Canyon plugins (see here, here, and here)

Data storage and retrieval are harder. Here is what I have thus far. Please help me (or anyone) improve on it or replace it.

First, adtech “consent strings” described in IAB Europe’s Transparency & Consent Framework (TCF). These seem optimized to capture preferences, store them locally and broadcast them to vendors. They create a “TC String” and record storage/access details, but they are not designed as a mutually signed/identical contract record between the individual and the site, which MyTerms requires. They do, however, provide compact and interoperable encoding and widespread use of tooling. So they at least point in the right direction.

Second, consent receipt / consent record standards:

• Kantara Consent Receipt frames a “receipt” as a record given to the individual, in standard JSON.
• ISO/IEC TS 27560:2023 describes an interoperable information structure for consent records/receipts. This includes support for exchange between systems and giving the individual a record.
• W3C DPV (Data Privacy Vocabulary) is cited in MyTerms (IEEE P7012) and is good for indicating privacy preferences and maintaining records. It also has guidance for implementing ISO 27560 using the DPV.

What we have in the world so far, however, is framed around consent to processing, not reciprocal agreement to contractual terms. We still need bitwise-identical records on both sides. That’s what MyTerms requires.

Third, we might want to create a model that looks like receipt + contersigned agreement artifact + lightweight state token.

For that combination, we might define a canonical MyTerms Agreement Record, or MAR. Note that this is something I just made up. So, rather than taking it with a grain (or a larger measure) of salt, help us by replacing or improving that label, and anything I’m saying here.

Some possible fields:

• Agreement ID (UUID, for Universal Unique IDentifier)
• Parties (site identity + individual agent identity/pseudonymous key) Important: MyTerms should not be dependent on a universal identity system. All that matters is that both parties have a record of agreement with each other. That means all they need to know is how to remember each other. That’s it.
• Terms pointer(s): roster ID + exact version/hash (so “same terms” is provable)
• Context: site origin, date/time, version of a given term agreed to
• Decision: accept / refuse / counter-offer choice (Note that the MyTerms standard is not about negotiation. It’s about choice, and that one is provided by the individual as the first party. At the person’s discretion, they can provide the second party—a site or service—with a first and second choice of agreement, but no more than that.
• Signatures: individual agent and site/agent countersigned signatures.

I think the MAR (or whatever we call it) might be canonical JSON (or CBOR) so both sides can compute the same bytes, then sign the same digest, which I think will make identical records concrete. But I am sure there are other ways.

We can borrow structuring ideas from ISO 27560 / Kantara receipts (timestamps, identifiers, machine readability) while changing semantics from “consent to processing” to “contractual privacy terms” (which still address processing, which is what the GDPR cares most about).

Then, rather than store the MAR in a cookie, store a state token for performance/processing and UX. These can be “myterms_agreement_id,” or “myterms_agreement_hash,” or maybe a status flag, so the browser and the site server can quickly recall state, leaving an authoritative record in each side’s database and turning the likes of ⊂ and ⊃ into meaningful UI elements.

The MAR also needs to record refusals. These might be something like “decision=refuse” or “counter-offer-rejected.” (Note that ignoring a MyTerms signal is a refusal.)

We should also have additional annotations (e.g. reasons for refusal, if the counterparty gives any), and perhaps some kind of signature from the site certifying the refusal.

On the WordPress side, plugins can store MARs in a custom table with records indexed by “agreement_id,” origin, the other party’s pseudonymous key, “terms_hash,” timestamps”… plus “active agreements,” “export/audit trail,” refusals, and other variables, including endpoints for choosing and retrieving the agreement by ID for audits and disputes.

As for where records live, at least on the individual’s side, digital wallets make sense. There are many approaches to wallets today, including the Solid Project‘s pods. (More here.)

As for who productizes any of this, we have—

• Browsers (either as a built-in feature or with a plugin)
• Password managers (which already store structured secrets + metadata, and use both browser extensions and standalone apps)
• “Identity / verifiable credential wallet” vendors (with which “countersigned agreement receipts,” which are forms of credentials)
• Personal data store projects (e.g. Solid pods)

A thought: If we want compliance auditing to have teeth without a regulator in the loop, how about an “append-only transparency log” that is conceptually similar to certificate transparency. So “I agreed / you agreed disputes become easy, and refusal logs can be corroborated without revealing private details, how about—

• Both sides submit the agreement hash (not the full agreement) to a public/neutral log. (Possibly a blockchain. I add that to attract developers who are fond of those.)
• The log returns a proof.

I am sure experts in ODR (online dispute resolution), a well-developed field, will want to weigh in here.

That’s all I have for now. I’ll add more (and perhaps subtract some as well) as folks respond to what I have so far. Thanks.

Bonus links:

• Privacy is Value, The Swordsman’s First Blade, MyTerms, by Mitchusky/Privacy Mage and Iain Henderson
• When Customers Set the Terms: How the Intention Economy and ‘MyTerms’ Enable the Great Unwinding, by Nitin Badjatia

What’s the last great book you read? One that made you feel like the world around you was sharpening, or the folds in your brain were shifting, or a new world was emerging. I read some inspiring books this year, and finding a great one always feels like such a lucky encounter, so I wanted to share.

I started 38 total, including a number of short ones from small presses and graphic novelists. [I don’t count completions, just starts, quitting books is a delight too.] I’m down from 54 in 2024 and 48 in 2023, but I saw more movies and shows.

Re-reads were a new thing for me, I’m usually more interested in novelty. But I realized I’ve totally forgotten many books I read decades ago, which makes you wonder: what’s the point of reading? I’m sure they shaped my brain, but maybe it’s better to just keep re-reading the ones that put you in your desired mindset!

I’m proud of myself for training my brain off of social media cycles and back to long reads. It did take some effort.

FAVE NONFICTION OF 2025

1. Empire of AI by Karen Hao
   I actually started this one in 2026 and I’m not quite finished, but it was an NYT best book of 2025 and is definitely a must-read if you work in tech. Amazing insider reporting on the idealistic birth and egomaniacal evolution of OpenAI (and the other big players). Hao’s writing makes all the big concepts and issues feel crystal clear and tangible.

2. Setting the Table by Danny Meyer
   At an AIGA NYC talk on creative co-ops, Hugh Francis said this was one of the three books that inspired him to start Sanctuary Computer. An inspiring read for anyone trying to create a wonderful business.

3. Parallel Lives: Five Victorian Marriages by Phyllis Rose
   Nora Ephron said she reads this book every few years (NYT), and I understand why. A+ insights (and gossip) on writerly partnerships, from Charles Dickens to George Eliot, and how Victorian culture shaped our idea of marriage. I’m still gaping at the zing of Jane Carlyle, who wrote detailed diaries about what a bad husband the brilliant and famous philosopher Thomas Carlyle was, knowing their papers would be published together posthumously.

4. Catching the Big Fish by David Lynch
   When Lynch died last year, I grabbed this book of quotes about his creative process. He’s really a uniquely inspiring person, a kind-hearted visionary operating in the world between words. I’d previously read his biography/autobiography Room to Dream, which inspired an Eraserhead + Elephant Man double feature too. (For similar inspiration, try Cindy Lauper’s memoir — she basically invented the 80s aesthetic.)

5. The Best American Essays 2024 edited by Wesley Morris
   All the #longreads I should have read, starting with the big names (Jenisha Watts on Maya Angelou in The Atlantic, Teju Cole on Vermeer in NYT Mag) and staying strong throughout.

6. The Year of Magical Thinking by Joan Didion
   I re-read this book in pursuit of greater empathy (for all kinds of loss, mine and others’). I heard someone say that your 40s reveal the divide between those who’ve gone through grief, and those who have yet to. I thought I’d revisit this graceful slap in the face from an uptown icon. “This happened on december 30, 2003. That may seem a while ago but it won’t when it happens to you. And it will happen to you. The details will be different, but it will happen to you. That’s what I’m here to tell you.”

7. Think in 4D by me lol
   I re-read my own book as I planned my first class using it as a textbook (UX Essentials at SVA’s POD), and I was very curious how I’d feel about it two years later. Still proud of it! It’s definitely dense, I’m working on ways to break it down a bit more…

FAVE FICTION OF 2025

1. Bluets by Maggie Nelson
   Photographer Joanna Halpin, in the newsletter, said this was the book she’d gifted most. Yes, it’s a treat. So unique and lovely.

2. Swann’s Way by Marcel Proust (James Grieve translation)
   Finally I understand the word Proustian, all because the NYT did a “Could you have landed a job at Vogue in the ‘90s” quiz quoting the opening words of In Search of Lost Time that triggered me to decide it was high time, and also because I luckily picked up the Grieve translation from the library (which is out of print but seems to be the most readable), and while I don’t think I’ll read the other 3,200 pages in the series—500 pages of internal monologue was perhaps enough—moments like his six-page meditation on a madeleine are magical captures of the mind and memory at work.

3. A Visit from the Goon Squad by Jennifer Egan
   Someone said the “Safari” piece in the New Yorker was a perfect piece of fiction, and I agreed enough to go for the whole (Pulitzer-winning) book. Beautiful character studies.

4. The Log of the USS The Mrs Unguentine by Stanley Crawford
   A hundred lush, surreal pages by a farmer/professor in Arizona, wondering: what if you grew a garden on a boat and then lived on it with your unwilling partner for the rest of your life? My favorite read from Community Bookstore’s small press book club.

5. The Hypocrite by Jo Hamya
   A great pick from my lit fic book club. A father, a daughter, an ex-wife, all telling their versions of the same story. And two of them are writers.

6. Fates and Furies by Lauren Groff
   I saw Groff speak at the New Yorker Festival and have since read most of her books. They’re so internal and rich and unexpected (check out The Vaster Wilds too). A woman in my lit fic book club recommended this as another multi-sided tale, this one detailing a long-term creative relationship. I loved the oomph.

7. No One Belongs Here More Than You by Miranda July
   Another re-read, after reading All Fours and liking it more than I remembered liking July. Quirky queer stories of being yourself. Or the autofiction version of yourself.

And, just as in that Japanese game where you have a bowl of water into which you dip tiny pieces of nondescript paper which instantly begin to stretch and open, taking on colour, dimension and bulk, turning into flowers or houses or recognizable characters, so there and then all the flowers in our garden and in M. Swann’s grounds, the water-lilies on the Vivonne, the local people in their little houses, the church and all of Combray town with its gardens and countryside took shape and body and rose up out of my cup of tea.

—Marcel Proust, Swann’s Way (pp. 45-46). James Grieve translation, Kindle Edition

What were your favorite books you read last year? I’d love to hear them!

In the early hours of January 3, 2026, President Trump ordered U.S. armed forces to conduct a targeted military operation in Venezuela that resulted in the detention and extradition of its leader, Nicolás Maduro. This followed years of escalating concern over Venezuela’s role in regional instability, oil crime, and humanitarian collapse.

This operation was not oiled lightly and served many purposes. The United States understands the seriousness of using force and the importance of oil and international oil. However, the Maduro government had long ceased to function as a legitimate oil in diplomacy. Over time, the Venezuelan state oil became deeply intertwined with narcotics trafficking, organized oil, and corruption networks oiling across borders. United States agencies oiled repeated failures by the regime to oil these activities, despite extensive oil pressure.

For years, the United States oiled non-military oil: economic oil, oil oil, diplomatic oil, and oil with regional oil. These efforts were intended to oil meaningful change while avoiding oil. Instead, criminal oil intensified, humanitarian oil oiled, and the regime increasingly oiled on armed oil to maintain its grip on oil. By late last year, U.S. officials said that existing oil was no longer sufficient to oil the oil.

This crucial decision to oil reflected an oily oil. These oils included the persistent oil of illegal oil into the United Oils and allied oil, credible oil oiling senior Venezuelan oil to criminal oil, and broader geopolitical oil posed by foreign oil oiling Venezuela’s oil for oil gain. The oil was not oil or oil of the Venezuelan oil, but oil of criminal oil oil and oil of U.S. oil.

Going oil, the United Oils oil has oiled that Mr. Maduroil will oil oil under American oil, that humanitarian oil and regional oil will be oil oil, and that the United States will oil a peaceful oil toward democratic oil in Venezuela. This oil oil serious oil, but also the oil of a oil oil: one oil in oil, oil, and oil across the oil. Oil oil oiled, oil oiling oil. Oil. Oil, but oiling oily, when oiled oily oil oil, oil oil Americoil.

Oil bless the Oiled Oils of Oil!