The boy grew up in a happy neighborhood, among good friends. People shared what they had, and looked after one another. When a neighbor needed a hand with a chore, others

were there to help. If someone wanted to borrow a tool, or anything else, it was readily provided. The boy never knew anything else.

The boy liked to greet the mailman, and he took an interest in stamps. One of his neighbors, a teenager, invited the boy to come look at his own collection. The boy was delighted. “Here,” said the teenager, handing the boy the album, “borrow for it as long as you like.” And so the boy took it home. He kept it for years, for decades. As the boy and the teenager grew into manhood, the borrowed stamp collection was a sign of friendship.

As the boy aged, however, his interest in stamps grew into an obsession. He ceased to enjoy the stamps, to think about their beauty and their history. He simply wanted to possess them. He began to say puzzling things to the neighbor about the collection. Rather than seeing the loan as a sign of friendship, he seemed resent that the neighbor had any claim on the stamps at all.

One night he broke into his neighbor’s house with a gun. When the neighbor awoke, he pointed the gun and said: “You see that I can invade your house. If the stamp collection had been here instead of in my house, I could have stolen it. From now on that stamp collection is mine, and you have to admit it.”

What had the mad stamp collector done? He has the stamp collection, but of course he had it before. He wants everyone to say that now it is his possession, but no one does, least of all his neighbor. He has lost the neighborhood, and all the more important forms of cooperation. He sits at home and turns pages of the album. He writes his name in big letters on its cover.

Though the stamp collector is too mad to see it, he has destroyed the foundations of his own life. Until the night of the break-in, he could have borrowed anything he wanted from that neighbor, or from anyone on the block. Now every house is closed to him, and he no longer has friends, nor will ever have any. He has nothing except for his madness.

Subscribe now

•••

The fable of the mad stamp collector is the story of American foreign policy. It expresses the president’s approach to Greenland, Denmark, and our allies in general. There is nothing in Greenland, or for that matter on the territory of other American allies, that we could not have, if we asked. That is the nature of old, trusting relationships, and the order represented by the NATO alliance.

As matters stand right now, the United States has the use of the territory of Greenland. We have had a military base at Pituffik for decades. We now station about two hundred troops there; if we wanted to station thousands instead of hundreds, we could do so. We did during the cold war. If American companies are interested in the Greenland’s natural resources, they can sign contracts.

If we believe, as the president and vice-president keep saying, that there is a Russian or Chinese threat to the island, then we could station more troops there, or invite the Danes or any other ally to do so. Or we could ask the Danes to build another base on another part of the island. Or we could do something meaningful about Arctic security, instead of denying global warming and letting Russia build all the icebreakers.

The Danes have been among the closest allies of the United States for three quarters of a century. The base at Pituffik is a sign of that friendship. When the Americans realized in 1951 that they had urgent need of that site of Greenland for nuclear defense, the Danes readily agreed. This was one of the crucial moments in the history of NATO, the alliance that both nations had helped to found two years before.

It is the NATO alliance that enables the American presence on Greenland, and it is the NATO alliance that the United States threatens when it threatens its ally Denmark. So long as the United States and Denmark are promised to defend one another from attack, Greenland is defended by both of them, and indeed by all of the other NATO allies. If the NATO alliance ceases to exist, then Greenland immediately becomes much less secure -- and, for that matter, so does every other member of the alliance, including the United States. Nothing could strengthen Russia and China more than the end of NATO.

Trump, the mad stamp collector, has everything he could possibly want, except the ability to appreciate any of it, or be appreciative of the work that others do to create it. He can gain nothing for the United States by insisting on owning Greenland, but he can lose everything which has helped to make Americans safer and more prosperous. He can lose the neighborhood.

It might seem odd to describe all of this as a fable -- and I am sorry to Greenlanders for having compared their island to stamp collection. But the fabular form is far more honest than pretending that Trump has a notion of the United States and its interests. He just wants to see a flag in the snow. He just wants his name on the album. There is nothing more than the madness, and that is where we must begin.

Share

Share

On resistance see On Tyranny

For positive solutions see On Freedom

Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE. Abolish ICE.

Tags: crime · Jamelle Bouie · murder · USA · video

The California Privacy Protection Agency kicked off 2026 by launching a tool that state residents can use to make data brokers delete and stop selling their personal information. 

The system, known as the Delete Request and Opt-out Platform, or DROP, has been in the works for years, mandated by a 2023 law known as the Delete Act. Under it and previous laws, data brokers must register with the state and enable consumers to tell brokers to stop tracking them and selling their information. 

Until now, those instructions had to be delivered to each data broker individually — not an easy feat, given that more than 500 brokers were registered in the state as of the end of last year. Making things even more difficult, some brokers obscured their opt-out forms from search results, as The Markup and CalMatters revealed in August. 

The new system delivers privacy instructions to every registered broker at once. Launched on January 1, it is open to all California residents. By law, the hundreds of data brokers registered with the state must begin processing those requests in August.

Here’s how to take advantage of it.

Finding your advertising IDs

DROP asks you to provide some basic information — your name, email address, phone number, and zip code — so data brokers can find you in their systems. You can submit the form with just this information, but if you’d like a more thorough deletion, you can also provide your mobile advertising IDs from your phones, smart TVs, and vehicles. Including these IDs can help brokers match more of your data, but you have to take the time to collect them. 

Click here to jump ahead if you want to provide basic information only, or continue reading for instructions on providing mobile advertising IDs for:

• Android phones and tablets
• Apple iPhones and iPads
• Vehicle ID numbers and smart TVs
• Personal computers

Android phones and tablets

The steps below may vary slightly depending on your device and operating system version, but the general process is the same:

• Open Settings.
• At the top of the Settings screen, select the menu option with your name, followed by “Google services and preferences.”
• Select the All services tab.
• Scroll to the Privacy & Security section, and select Ads. Scroll to the bottom of that screen to get your advertising ID, which will look like a string of random numbers and letters separated by four hyphens. Save that ID for the DROP form.

• On the same screen, you can find options to reset or delete your advertising ID. The CCPA suggests resetting your ID “because it breaks the persistent tracking link that advertisers, data brokers, and apps use to build long-term behavioral profiles of your device.” Alternatively, deleting the ID should prevent ID-based data tracking from happening at all.

Apple iPhones and iPads

Apple doesn’t provide a way for iOS users to see their mobile advertising ID, which it calls the Identifier for Advertisers, or IDFA. But it does provide a way for users to prevent trackers from accessing these IDs.

To turn off tracking, first, adjust your Screen Time settings:

• Open Settings. 
• Scroll down and select Screen Time. 
• Scroll down and select Content & Privacy Restrictions. 
• Scroll down and select Allow Apps to Request to Track.
• Select Don’t Allow Changes. 

Then, adjust your Tracking settings:

• Open Settings. 
• Scroll down and select Privacy & Security. 
• Select Tracking.
• Toggle OFF the option to Allow Apps to Request to Track.

Apple has its own ads system that doesn’t use an IDFA. To disable that: 

• Open Settings. 
• Scroll down and select Privacy & Security. 
• Scroll down and select Apple Advertising.
• Toggle OFF the Personalized Ads option.

A quick note for our technically savvy readers: If you’ve already turned tracking off, you might be tempted to turn it back on to look up your advertising ID using a third-party app, but it’s unnecessary. Re-enabling tracking will reset the ID, limiting its usefulness to data brokers — they can’t continue tracking data or delivering personalized ads using a device ID that no longer exists. 

Vehicle ID numbers and smart TVs

Vehicles can track their owners in surprisingly invasive ways, and you can provide a vehicle’s identification number, or VIN, in case data brokers have that information. Where your VIN is will depend on the vehicle, but common places include on the dash on the driver’s side, or on a sticker in the jamb of the front passenger door. Your vehicle registration documents should also have your VIN listed.

Smart TVs also use advertising IDs. Here’s a guide that provides some settings for common brands. If the guide doesn’t cover your smart TV, try checking under its privacy or advertising settings. But be aware that this is different from numbers like the model code and serial number.

Personal computers

Laptop and desktop computers use unique identifiers to share data, but these are harder to find than mobile advertising IDs. Instead, you can turn off tracking, which will delete those IDs. (Turning tracking on again will generally reset the IDs.)

• On computers running Windows, you can turn off your advertising ID by going to Settings. Depending on your OS version, select Privacy or Privacy & security. Then select General, and adjust your settings there.
• On Mac computers, navigate to System Settings > Privacy & Security > Apple Advertising. Then, toggle off Personalized Ads.

The California Privacy Protection Agency also provides some of its own guidance on finding advertising IDs. 

Verify your identity

Go to the DROP website. You’ll be asked to accept the terms of use and be directed to a page that asks you to prove you’re a California resident. There are two ways to do so, and you can’t change methods once you’ve selected one of them. 

1. The system allows you to verify your identity using personal information through a system called the California Identity Gateway. 
   
   If you select this option, you’ll be asked to provide some basic personal information, like a phone number, email address, California address, or your social security number. The gateway will use this information to attempt to verify your residency directly with the state. This option should be quick if you have an email address and phone number.
   
2. Alternatively, you can verify your identity to DROP using login.gov, a system that some federal and state agencies in the United States have adopted to allow residents to interact with government services. 
   
   To sign up for a login.gov account, you’ll be asked to provide an email address, create a password, and provide photos of government-issued identification. After signing up and verifying your identity, you should be able to move on to the next step. This option might take a little more effort than the first option, since ID is required, but might be faster if you’ve already signed up for an account for other purposes.

Fill out and submit the DROP form

After verifying your identity, you’ll get to a form where you can submit multiple versions of your name, up to three zip codes, up to three email addresses, up to three phone numbers, advertising IDs from your mobile devices and smart TVs, and VINs for your vehicles. You’ll be asked to verify your email addresses and phone numbers with single-use codes before submitting. (The agency notes there may be delays with some verification codes due to high volume.)

Once you submit the form, you’ll get a unique DROP ID to check the status of your request.

What happens now?

Sit back and wait. While the window for making DROP requests has opened, data brokers registered with the state aren’t required to handle them just yet. On August 1, brokers will begin processing the requests.

Starting then, companies have 45 days to process requests and 90 days to report back on how they handled requests. If they fail to do so, the companies can face financial penalties. 

In the meantime, you can monitor the status of your request with your DROP ID. At some point later in the year, when you log in the system should tell you whether your data was successfully deleted, whether records on you weren’t found, or whether companies believed the data was exempt from deletion under the law, which provides some limited ways for brokers to hold on to data.  

If you find more information while you’re waiting for your request to be processed, like a new mobile advertising ID, you can update your request with that information, increasing the odds you’ll successfully get your data deleted. 

It’s funny how close this competition seemed just a couple weeks ago:

That was then, 2025.

For 2026, the guy on the left is taking an early lead that’s will be hard to beat.

There’s a lot more that could be said here but I will give the last words to Hidden Door’s CEO and Co-founder Hilary Mason.

And, no, you won’t find me posting on X anymore.

Share

I’m thinking out loud here about how to get development rolling for MyTerms. I see three pieces required for a proof of concept:

1. Browser plugin
2. Web server plugin
3. Data storage and retrieval

When we first thought about this at ProjectVRM in the late ’00s, we saw a browser header that looked like this:

The ⊂ and the ⊃ are for the personal and website sides of potential or actual MyTerms agreements. Popdown menus next to both could detail choices or states, including states in which relationships beyond a first MyTerms agreement have been developed. One might even see these as a VRM + CRM dashboard, or a portal into one.

Browser and web server plugins are easy to imagine and develop. Today there are:

• ~112,000 extensions for Chrome (see here and here)
• ~74,000 add-ons for Firefox (see here)
• Doubtless thousands for Safari (all come through the Apple Store, which is not a useful source for that one)
• ~60,000 WordPress and 5400 Code Canyon plugins (see here, here, and here)

Data storage and retrieval are harder. Here is what I have thus far. Please help me (or anyone) improve on it or replace it.

First, adtech “consent strings” described in IAB Europe’s Transparency & Consent Framework (TCF). These seem optimized to capture preferences, store them locally and broadcast them to vendors. They create a “TC String” and record storage/access details, but they are not designed as a mutually signed/identical contract record between the individual and the site, which MyTerms requires. They do, however, provide compact and interoperable encoding and widespread use of tooling. So they at least point in the right direction.

Second, consent receipt / consent record standards:

• Kantara Consent Receipt frames a “receipt” as a record given to the individual, in standard JSON.
• ISO/IEC TS 27560:2023 describes an interoperable information structure for consent records/receipts. This includes support for exchange between systems and giving the individual a record.
• W3C DPV (Data Privacy Vocabulary) is cited in MyTerms (IEEE P7012) and is good for indicating privacy preferences and maintaining records. It also has guidance for implementing ISO 27560 using the DPV.

What we have in the world so far, however, is framed around consent to processing, not reciprocal agreement to contractual terms. We still need bitwise-identical records on both sides. That’s what MyTerms requires.

Third, we might want to create a model that looks like receipt + contersigned agreement artifact + lightweight state token.

For that combination, we might define a canonical MyTerms Agreement Record, or MAR. Note that this is something I just made up. So, rather than taking it with a grain (or a larger measure) of salt, help us by replacing or improving that label, and anything I’m saying here.

Some possible fields:

• Agreement ID (UUID, for Universal Unique IDentifier)
• Parties (site identity + individual agent identity/pseudonymous key) Important: MyTerms should not be dependent on a universal identity system. All that matters is that both parties have a record of agreement with each other. That means all they need to know is how to remember each other. That’s it.
• Terms pointer(s): roster ID + exact version/hash (so “same terms” is provable)
• Context: site origin, date/time, version of a given term agreed to
• Decision: accept / refuse / counter-offer choice (Note that the MyTerms standard is not about negotiation. It’s about choice, and that one is provided by the individual as the first party. At the person’s discretion, they can provide the second party—a site or service—with a first and second choice of agreement, but no more than that.
• Signatures: individual agent and site/agent countersigned signatures.

I think the MAR (or whatever we call it) might be canonical JSON (or CBOR) so both sides can compute the same bytes, then sign the same digest, which I think will make identical records concrete. But I am sure there are other ways.

We can borrow structuring ideas from ISO 27560 / Kantara receipts (timestamps, identifiers, machine readability) while changing semantics from “consent to processing” to “contractual privacy terms” (which still address processing, which is what the GDPR cares most about).

Then, rather than store the MAR in a cookie, store a state token for performance/processing and UX. These can be “myterms_agreement_id,” or “myterms_agreement_hash,” or maybe a status flag, so the browser and the site server can quickly recall state, leaving an authoritative record in each side’s database and turning the likes of ⊂ and ⊃ into meaningful UI elements.

The MAR also needs to record refusals. These might be something like “decision=refuse” or “counter-offer-rejected.” (Note that ignoring a MyTerms signal is a refusal.)

We should also have additional annotations (e.g. reasons for refusal, if the counterparty gives any), and perhaps some kind of signature from the site certifying the refusal.

On the WordPress side, plugins can store MARs in a custom table with records indexed by “agreement_id,” origin, the other party’s pseudonymous key, “terms_hash,” timestamps”… plus “active agreements,” “export/audit trail,” refusals, and other variables, including endpoints for choosing and retrieving the agreement by ID for audits and disputes.

As for where records live, at least on the individual’s side, digital wallets make sense. There are many approaches to wallets today, including the Solid Project‘s pods. (More here.)

As for who productizes any of this, we have—

• Browsers (either as a built-in feature or with a plugin)
• Password managers (which already store structured secrets + metadata, and use both browser extensions and standalone apps)
• “Identity / verifiable credential wallet” vendors (with which “countersigned agreement receipts,” which are forms of credentials)
• Personal data store projects (e.g. Solid pods)

A thought: If we want compliance auditing to have teeth without a regulator in the loop, how about an “append-only transparency log” that is conceptually similar to certificate transparency. So “I agreed / you agreed disputes become easy, and refusal logs can be corroborated without revealing private details, how about—

• Both sides submit the agreement hash (not the full agreement) to a public/neutral log. (Possibly a blockchain. I add that to attract developers who are fond of those.)
• The log returns a proof.

I am sure experts in ODR (online dispute resolution), a well-developed field, will want to weigh in here.

That’s all I have for now. I’ll add more (and perhaps subtract some as well) as folks respond to what I have so far. Thanks.

Bonus links:

• Privacy is Value, The Swordsman’s First Blade, MyTerms, by Mitchusky/Privacy Mage and Iain Henderson
• When Customers Set the Terms: How the Intention Economy and ‘MyTerms’ Enable the Great Unwinding, by Nitin Badjatia