Teaching in Higher Ed

Trying Out PopClip After Watching a ScreencastsONLINE Tutorial About It

By | | | XFacebookLinkedInEmail

Person typing on a keyboard

ScreencastsONLINE just continues to pay dividends for me in my Apple-device-filled life. In this case, it was a brand new tutorial for a utility that I have known about for a long time: PopClip.

PopClip is a Mac utility that adds a floating action menu whenever you select text, making common actions like copy, paste, search, and share faster. It’s especially useful if you work with text a lot and want quick, mouse-driven shortcuts

If you are a Windows user but intrigued by this idea, there's hope for you yet. For Windows users, SnipDo is the closest thing to PopClip I'm aware of. It’s the best match if you want the same “select text, then get actions” workflow, though I haven't tried it before.

Dave had mentioned something to me about PopClip recently (that he was thinking about getting into it). And lo and behold, here comes the update for the latest videos on screencasts online. And there was one about PopClip. I watched it and was ready to dive in and play.

Lee made it super easy to understand how it works and how to customize it to your liking. Here are the topics that Lee covers in the PopClip Updates Screencasts Online tutorial, in case you're interested:

  • PopClip Overview
  • Installing Extensions
  • PopClip Settings
  • Obsidian Extension
  • Perplexity Extension
  • ChatGPT Extension
  • Open In Browser Extension

I have access to PopClip as part of my SetApp (ref link) subscription, but it is also available on their website to buy as either a standard or lifetime PopClip license.

Past Concerns About PopClip No Longer Are An Issue

I'm unclear at this point whether PopClip has changed a lot since I looked at it or whether I just never understood how it worked in the first place. No matter my concerns about it have been resolved as follows.

Popping Up When Not Needed

I remember years ago, downloading it and playing with it and instantly deciding it got in the way of my internet reading habit of constantly clicking and dragging across text as I read it. That often helps me focus when needing to consume something dense or otherwise hard to discern. I've learned I'm not alone on that click and drag habit, by the way, but now PopClip seems to be ready for someone like me to tap into the power of what it has to offer, while still getting to keep my pattern of doing this.

You have granular controls over where pop clip appears once you you click and drag across text and release your mouse or trackpad. You can determine if you want PopClip to appear automatically. Even after about 15 minutes of experimentation, I would say leaving this as the default really helps you leverage the real power of PopClip but if you had certain websites that you visited where it wasn't going to be particularly helpful you can have rules set up where it gets disabled based on a specific app, such as a browser, or specific websites that you would like to disable it on. I haven't done that again because of the controls under appearance. you can change the size of the pop clip as it pops up or you can change the color or whether or not it gets positioned above or below the text.

PopClip - general settings - checkmark to have it Appear automatically. Settings for Size and Position, as well.

Getting carried away with extensions

Another concern I had was being so inspired by all these different possibilities that I got carried away and installed a bunch of extensions that would then do away with the simplicity of PopClip. As I look at my installed PopClip extensions right now, after only having the app for less than an hour, I've got 15 different actions. However what I'm realizing because of the ScreencastsONLINE tutorial I watched is that not all of the actions appear every single time pop clip may be evoked.

PopClip is context specific and only brings up the relevant actions for what you're in the middle of doing. A simple example of this is that spell check is only going to come up when you've selected a word that is misspelled. Otherwise, it remains in the background, invisible to you. You can also configure the order that your extensions appear such that your more commonly used ones are closer to the front of the line.

This 5-minute YouTube preview video of Lee's ScreencastsONLINE tutorial gives you a look at the extensions he suggests in the tutorial and is well worth a watch.

Early Experimentations

Installing PopClip and getting started was a breeze. This is particularly the case because of it being part of my SetApp subscription, as I mentioned earlier. The built-in actions are all easy to use and understand. I think if it were only the case that I would be offered easier ways to cut, copy, and paste, however, I probably would have skipped PopClip, entirely. Those basic keyboard shortcuts have been burned in my brain a long time. That said, PopClip has a lot more to offer than just those essentials. The other nice thing is it doesn't take long at all to both learn and to begin to get some of the features and functions into one's muscle memory.

Here's a bulleted list of some of the PopClip actions I think could be potentially potentially particularly helpful for my use cases. I'm sure I'll be finding more as well.

  • Open link: In working with various LLMs and also coming across this issue in other cases, I find sometimes a link is presented to me but is not clickable. All I have to do with pop clip is select the text to activate pop clip or use the keyboard board shortcut I have established, and then I'm able to use this pop clip action to easily open the website. site. This was very easy to install and understand from the beginning.
  • Title Case and Uppercase: These two functions are things I don't do that often, but when I do, I have to open up an entirely a separate app and try to remember how to use it. It's typically been so long. Now I can easily select text and have it modified in less than a second or two using these two actions.
  • Timestamp: This one is also super simple, but will save me a ton of time. Anytime I attend a conference or go to a meeting, I always have the file name begin with a four-digit year followed by a dash, a two-digit month followed by a dash, by, you guessed it, a two-digit day. and now that's just going to be a simple muscle memory thing for me that I'll be able to pull up much faster than me sitting there trying to type it despite how fast I type on my 10 key. I can now get something like this in less than a second or two: 2026-04-10.
  • Perplexity App: I have not been a big user of perplexity, but many people I highly regard do make use of it, this seemed an easy way to have other options when experimenting with artificial intelligence and wanting to see how its approach to a given prompt might vary from the others I use more frequently.

This is the first piece of writing I have done since installing PopClip and can already ready tell that it is not only not going to get in my way, it's going to be a tremendous his help to me. I imagine there are many more pop clip actions in my future.

One last thing I wanted to mention is I was talking earlier about getting PopClip into to my muscle memory, that's such a big part of computing for me. When watching Lee describe how he uses PopClip, He mentioned using command L to highlight the URL for the website he's currently on. I delighted when I saw that since that's something I do a gazillion times per day, but do not have that keyboard shortcut in my muscle memory. I have since added it to my keyboard shortcuts that I keep in the Tot App by the Icon Factory, so that as I'm learning new ones, I can remember to practice them and instill them into my habits.

My Three Categories of Considerations for Using AI Tools

By | | | XFacebookLinkedInEmail

abstract image with glowing boxes

This is the third post in a series about AI tools, broadly speaking, and Claude Cowork, specifically. The first post was about slowing down and giving yourself permission not to rush. The second addressed AI, privacy, and the risks worth understanding before diving in. This one is where I get specific about the framework I use when making decisions about my own use of AI and how I advise you to proceed with caution, given that you're not solely making decisions regarding your own risk profile.

I think of it as three categories of considerations: your employer, your own privacy, and other people's information. Working through each of these helped me figure out what I would and would not give Claude access to, when experimenting with Claude Cowork in recent weeks. Your situation will be different from mine, but I hope walking through my reasoning gives you a useful starting point.

Your Employer

If you work for yourself, you can probably skip this section. But many of us have at least one employer, and there are some things worth thinking through carefully before using any AI tool on anything work-related. This varies depending on where you live, and in the United States, it varies by state. I will speak in generalities without claiming to be an attorney, or even playing one on tv.

Most employers have something in their employee handbook about how equipment and systems belong to the institution, and how anything done on them should be for professional and business-related purposes. You should be familiar with your employer's policies around AI use.

There are also specific regulations to consider depending on your field and industry. In higher education, FERPA protects student information. Anything involving student data needs to stay within systems that have appropriate privacy protections in place.

For me, this is actually fairly clean, because I have some big walls up already. I use my own device, not a university-issued one. My university runs on Office 365, and the AI capabilities within that ecosystem, including Copilot in Outlook and other Microsoft tools, fall under the same privacy protections that cover the rest of Office 365. So if I am going to use AI on anything related to my work, especially anything that touches student data, that stays within Microsoft's tools and the privacy and security infrastructure set up by my employer.

That means Claude Cowork is for personal and professional work that is entirely separate from my university role. Anything involving students, course materials tied to my institution, or files that live within university systems stays out of it entirely.

If you are thinking through your own employer situation, the questions worth asking are: Does your institution have an AI policy? If so, what does it say about tools you bring in on your own? What data would you potentially be sharing, and does any of it fall under regulatory protections? And which AI tools, if any, are already approved and in use within your institution's existing systems?

This is a little bit of a tangent, but since we're talking about AI and policies, this repository of syllabi policies for Generative AI from Lance Eaton is worth bookmarking, as it is the most comprehensive one I've seen.

Your Own Privacy Comfort Level

This is the category that requires the most personal reflection, because it depends entirely on what you value and what you are comfortable with. Most of us haven't done sufficient thinking about privacy in general, let alone when applied to AI. Three links from Civics of Technology well worth exploring are:

  1. Teaching Practical Privacy: Notes from a Librarian – guidance and resources on thinking through your digital security and digital privacy
  2. Nothing to Hide: Student Arguments – Assignment that helps facilitate deeper thinking for students and lifelong learners
  3. Privacy Week Events – Extensive reading list, resources, and video of their webinars

I have a few different mental buckets for my own information. At one end, there are things I am very protective of: personal journals and reflections, health information, financial data, anything that feels like something I would want shared or otherwise bought/sold. Another tangent here, because I just reminded myself of this famous speech from Lloyd (played by John Cusack) in the movie Say Anything. He talks about what he wants to do with his career, starting at the 1:00 minute mark.

Ok. Now we're back to the main topic, now that we've revisited not wanting to have anything to do with… well, hopefully you watched it… I digress… 

I would not keep any of that sort of information in files or folders that Claude can access. If I were going to journal consistently (sigh…), it would happen in an app specifically designed for that purpose, with the kind of encryption I am comfortable with. That is its own walled garden. I subscribe to Day One and have for years, and feel good about their privacy picture for my use cases.

At the other end, there is information that is already publicly available. I have been podcasting for over twelve years (and was regularly on Dave's Coaching for Leaders podcast before that. I have shared a lot of things on both shows. Transcripts of those episodes exist on the web. If something is the kind of thing I might have said publicly, I am generally less cautious about it being in an AI-accessible space.

Most of what I work with in Claude falls somewhere between those two ends. Notes I took on a book I was reading. Research I compiled on a topic. Working drafts of writing. These feel like appropriate things to have within Claude's reach. I have not given Anthropic permission to train on my data. That is a setting users can configure, and I strongly recommend you check yours.

One thing I have found worth doing is thinking not just about which apps or tools I give access to, but what is actually inside them. A notes app might have grocery lists right alongside something much more sensitive. A calendar might have a podcast recording and a medical appointment on the same week. It is worth going folder by folder, and sometimes note by note, rather than just making a whole-app decision. My default is to block access and go slow, until I have had the chance to think things through and carefully research the implications.

Other People's Information

This is the category I feel most strongly about, and it is also the one that requires the most nuance.

The hard line for me is this: I am not comfortable giving any AI access to someone else's phone number, date of birth, or email address. Those things are off limits, and I would not give Claude access to my contacts app — just as I've never given access to that sort of data when social media companies and business applications have tried to get me to share it.

But some of what I keep in my notes relates to people who are already publicly findable, and I think it is worth explaining where I draw that line.

I host the Teaching in Higher Ed podcast, and I maintain records of the body of work we have built over the years on the website (which is openly licensed and free for anyone to use): episode numbers, guest names, topics we covered, key resources mentioned, and transcripts. Having those records accessible is simply part of how I do that work.

I take a similar approach with workshops I attend. My notes on an online workshop include the presenter's name, the topics covered, and key resources shared. The person's name is already online. Their slides are often publicly shared. Their name is associated with the event listing and its promotion. That is the kind of information I consider reasonable to keep in my Obsidian notes, which I have given Claude access to in some cases. The point is that I only keep within Claude's reach information that would otherwise be accessible via the open web.

If I attend a private or confidential conversation, one that is not recorded and where the content is not publicly available, those notes belong somewhere outside of any files or folders I have allowed Claude to access.

Revisit Your Permissions Over Time

One last thing worth saying: granting access is not a one-time decision. Most of us, once we have connected an app or given a tool permission, never go back to check on it. But your life changes, your files change, and the tools themselves change, including their privacy policies, sometimes significantly.

It is worth building a habit of auditing what you have connected, even briefly, every few months. Ask yourself: does this tool still need access to this? Has anything changed in what that folder or app contains? Have the terms of service changed in ways that would affect your decision?

The same thoughtfulness you bring to the initial decision is worth bringing back periodically.

Putting It Together

These three categories, your employer, your own privacy comfort level, and other people's information, have been the framework I have used to think through what I will and will not give Claude Cowork access to. My privacy risk profile is likely different than yours and I encourage you to remember to go slow.

Photo credit: Fabio on Unsplash

 

Why Naming Things Matters and Why TiHE Recommendations Are the Best

By | | | XFacebookLinkedInEmail

Bookshelf with a book being held out from the rest. Chris Argris' On Organizational Learning

Many people have told me how much they get out of the recommendations segment of Teaching in Higher Ed each week. I feel that way too, and candidly can even find those recommendations overwhelming with all of the delight they bring me. Like eating at a delightful buffet, while still realizing most things can best be taken in moderation. So many good books to read, just as one example.

On Teaching in Higher Ed Episode 616, Katarina Mårtensson recommended the Academic Imperfectionist podcast, hosted by Dr. Rebecca Roache. I have listened to a couple of episodes and am so excited that so many more are in store for me, given how late I am to this particular podcast-listening adventure.

I have talked for a long time, in both my leadership and my teaching, about the importance of naming things. It has come up across so many different dimensions of what we do as educators. So when I heard Rebecca address it directly in episode 122 of the Academic Imperfectionist podcast, “Write It Down, Make It Happen”, it stopped me in my tracks.

Here is what Rebecca said at that point in her episode:

Not knowing exactly what it is that's causing you distress makes things worse than they need to be. This is what led the psychiatrist Daniel Siegel to come up with the expression “name it to tame it,” to describe the effectiveness that noticing and naming strong negative emotions has on making them less intense. If you ever talked through your fears or anxieties or journaled about them and ended the process feeling a little bit more positive, then you've experienced this effect.

Naming it in my teaching

I am looking forward to sharing that episode of the Academic Imperfectionist the next time I teach an elective course I have been teaching for well over a decade: Personal Leadership and Productivity.

In Getting Things Done terminology, what Rebecca describes about making lists maps onto what is known as a mind sweep. Sometimes called, a little less formally, a brain dump. You can use a trigger list to help surface those open loops and get them out of your head. David Allen reminds us:

Our mind is for having ideas, not holding them.

I have had students who struggled with this process, and over the years I learned why: they were reluctant to begin exploring what had been causing them stress until they knew there was a plan for what came next. Once I started naming that for them (letting them know we were going to learn what to do with what landed on that metaphorical or literal page) everything shifted.

The naming creates the conditions for the mental work and enough trust to begin the process of unpacking the often-heavy burdens of all the stuff that is not yet done.

Naming it in our organizations

The other reason this section of Rebecca's episode 122 stood out to me is how much it matters in our leadership.

Speaking of recommendations, I do not want to spoil an upcoming episode's recommendation, but I cannot resist a small preview. I recently discovered Libib, a service for cataloging books, and have been cataloging a bunch of volumes I had not touched in years. Picking up books I had not looked at in a while has led me down a series of delightful rabbit trails, including one connected to this very topic.

Chris Argyris's On Organizational Learning describes something he calls skilled incompetence. Reading from chapter 7, Argyris writes:

In handling these problems, the executives use highly honed skills, yet create consequences they do not intend. Hence, their skillfulness is tightly coupled with incompetence. Moreover, this skilled incompetence not only operates at the individual level, it permeates the entire organizational culture as well.

He goes on to explain that skills are usually associated with accomplishing what we intend. Skilled incompetence is different: it is about unintended consequences we do not see (and may be actively working to avoid seeing).

Before I try to recap the entire book here, I will stop and just say how powerful Argyris's description of organizational defensive routines is. We can cover up our naming of problems in profound and precise ways. He also offers some paths toward unlearning those defensive habits, which I am looking forward to sitting with more, as I continue the process of revisiting all treasures my library cataloging has unearthed.

Naming things matters in our self-awareness, in our classrooms, and in our leadership. I am looking forward to continuing to learn from the Academic Imperfectionist podcast, and from all the wisdom shared by guests on Teaching in Higher Ed. If you have a few minutes, I suspect you'll find something worth exploring on the TiHE recommendations page.

AI, Privacy, and the Risks Worth Understanding Before You Dive In

By | | | XFacebookLinkedInEmail

security camera adhered to the side of a building

This is the second post in a series about my use of AI agents, broadly speaking, and Claude Cowork, specifically. However, there are a number of foundational topics we need to explore first, together.

The first post was about going slow and not feeling pressured to jump in before you are ready. This one is about understanding the actual risks, so that when you do decide to use these tools, you are making an informed choice. I can't say this enough:

This is your permission to go slow and resist the temptation to jump in head first.

Let's start with where I stand in all this stuff. I am not a security expert. I am is someone who has spent a lot of time reading and thinking about this, and who wants to help translate some of what I have learned more from a beginner's mind. So let us talk about what can actually go wrong. This isn't intended to be a complete description of all the things. More so, these are issues that I'm not seeing talked anywhere near enough in the discourse about what's possible with these agentic AI tools.

Email as an Example of a Huge Risk Point

One of the most important things to understand about AI tools that integrate with your accounts is that access tends to cascade. Email is the clearest example of this, in terms of how this access could be compromised.

Your email is not just a place where messages live. It is the recovery address for nearly every other account you have. Your bank. Your health portal. Your university systems. Your social media. If someone, or something, gains access to your email, they can use it to trigger password resets on almost everything else. And with two-factor authentication now widely used, that access can extend to getting codes texted to your phone or sent to that same email, which means an attacker can potentially lock you out of your own accounts entirely.

Dave sent me a Daring Fireball post yesterday about a guy who documented a phishing attempt that could easily have resulted in some bad stuff happening: Matt Mullenweg Documents a Dastardly Clever Account Phishing Scam. When I read it, I had the thinking of how easily even the more technical among us could have fallen victim to that, especially if we were rushing and not paying as much attention.

Getting access to people's email accounts is the mechanism behind a large proportion of real-world identity theft and account takeover. Before you grant any AI tool access to your email, it is worth asking what level of access you are granting. Read-only is very different from the ability to send, delete, or manage. And even read-only access means the tool can see, and in some cases store or use, the contents of your messages.

Personal Data Risks

There is a parallel risk that operates more slowly and less dramatically, but is no less real. Your personal data, gathered across apps, websites, AI tools, and services you use every day, is part of a large and largely unregulated commercial ecosystem. Data brokers collect it, package it, and sell it, often without your knowledge and without any direct relationship with you.

This matters in the context of AI tools because many of them, especially free or low-cost ones, have business models that depend on data. When a tool is free, it is worth asking what you are providing in exchange. Sometimes the answer is your usage patterns. Sometimes it is the content of your conversations. Sometimes it is both.

Anthropic, the company behind Claude, updated its privacy policy in 2025 in ways that are worth knowing about. Previously, Claude did not use consumer conversations to train its models. That changed. If you use Claude on a Free, Pro, or Max plan and did not actively opt out, your conversations may now be used for model training and retained for up to five years. The setting is in Claude Settings under Privacy. You are looking for the toggle labeled “Help improve Claude.” Turning it off means your new conversations will not be used for training.

This is not unique to Anthropic. It is an industry-wide pattern worth paying attention to across any AI tool you use. Stanford's Human-Centered Artificial Intelligence (HAI) provides a history of privacy policies and a cautionary note: Be Careful What You Tell Your AI Chatbot.

If you work for a university, before you do anything with AI, familiarize yourself with existing policies around your use. Ohio University calls out the key risks to be aware of, as well as instructions for how members of their community should use AI in response.

Copyright Issues

I want to share something that is personal to me, though not at all unique to me.

My first book was published by Stylus, an independent academic press that was later acquired by Routledge. Routledge's parent company, Informa, subsequently entered into agreements with AI companies to license academic content for model training. Authors were not asked for permission. Many were not notified at all.

The Authors Guild has been working to establish that publishers cannot license authors' works for AI training without seeking permission by separate agreement. Their position is that AI training rights were never contemplated in publishing agreements and cannot simply be assumed. They also maintain guidance on practical steps authors can take to try to protect their work going forward.

If you have published with an academic press, it is worth checking whether your publisher has entered into any AI licensing agreements. Ithika S+T has a Generative AI Licensing Agreement Tracker that shows which publishers have signed deals to allow AI companies to train on scholarly content.

There is also a current legal settlement related to this worth knowing about. Anthropic was sued by authors whose books were acquired from piracy sites and used to train Claude. A settlement has been proposed. If you have published books, you can search the settlement works list to see if your titles are included. The deadline to file a claim is March 30, 2026.

Other Risks

A few additional categories are worth at least brief mention.

Prompt injection is a risk specific to AI agents, tools that can browse the web, read documents, or take actions on your behalf. A malicious actor can embed hidden instructions in a webpage or document that the AI reads, causing it to take actions you did not intend. Some scholars have hidden AI prompts in their article submissions in an attempt to garner better reviews, just one of many examples illustrating the need for more heightened verification methods and protocols.

Data breaches at AI companies are also a real possibility, like this one regarding a Meta AI leak. When you have conversations with an AI tool, those conversations are stored on servers. If those servers are compromised, your conversations could be exposed. Deleting conversations when you are done with them is one practical step you can take.

Surveillance creep is a slower and more diffuse risk. The more you connect AI tools to your accounts, your calendar, your location, your habits, the more detailed a picture exists of how you live and work. That picture may be used by the AI company itself, or it may become accessible to others through data sharing agreements, legal requests, or breaches. The question is not only “is this safe today” but “do I want this data to exist at all.” This is particularly an issue because of how quickly corporations can change their policies and practices, making it that much more difficult to keep up and mitigate risk. This example from Clara Hawking on LinkedIn related to something many of us have done in the past describes the insidious nature of this slow creep well.

I know I've not come close to naming all the risks, but at least wanted to mention a few issues that come to my mind, as I decide my own risk profile for these sorts of endeavors.

Where to Learn More

If you want to go deeper on any of these risks, a few resources to explore further:

The Electronic Frontier Foundation covers digital rights, surveillance, and AI privacy for a general audience. Their guides are practical and regularly updated.

Kashmir Hill's reporting at the New York Times covers privacy and technology in a human, narrative way that is genuinely readable. She has written extensively about data brokers, facial recognition, and the ways AI is reshaping privacy in everyday life.

Leon Furze's Teaching AI Ethics series has a full section on privacy and data that goes into more depth than I have here, with research citations and teaching applications if you want to explore any of this with students.

The next post in this series moves from the general landscape to the specific framework I have used for my own decisions: three categories of considerations that have helped me decide what to give Claude access to and what to keep off limits.

Photo by Joe Gadd on Unsplash

 

Permission to Go Slow

By | | | XFacebookLinkedInEmail

robots statues made out of pottery in a garden

I'm beginning a series of posts about my experimentation with Claude Cowork, specifically, but also about the landscape of AI agents, more broadly. However, I want to say something before we get into caveats and considerations, security settings and privacy policies, and all the rest of it. Something I'm not hearing explicitly stated anywhere near enough in conversations about AI.

You do not have to do any of this yet. Slow down.

There is enormous pressure, most of it implicit, to jump in, try the tools, connect the apps, grant the access, and figure it out as you go. The tech industry moves fast and can seem like it rewards people who move fast with it (move fast and break things, anyone?). But curiosity about AI does not require you to immediately hand over access to your files, your calendar, your email, or anything else. It is completely okay (and I would argue, even necessary) to be in a learning phase.

Marc Watkins, Assistant Director of Academic Innovation at the University of Mississippi, describes this as cultivating skepticism and curiosity in the age of AI on Episode 613 of the Teaching in Higher Ed podcast and in his writing about how generative AI is impacting education.

Speed Disguises Itself as Progress

Sam Illingworth, a Full Professor of Creative Pedagogies in Edinburgh, runs a newsletter called Slow AI. His subtitle says it plainly:

…knowing when to use AI and when to leave it the hell alone. Everyone is teaching you how to use AI faster. Nobody is teaching you how to think about what you lose when you do.

Sam tells us that most of the advice about AI is wrong. Not because the tools are bad, but because nobody is asking what we give up when we use them.

If you are feeling behind because you have not connected an AI tool to your calendar or your email yet, I encourage you to follow Sam's advice and slow way down. There are serious security and privacy concerns at play and these issues deserve our careful attention. Sam has also written about what happens when organizations distribute AI tools before anyone knows how to use them safely, and then call the chaos adoption. That is true at the institutional level. It is also true at the personal level.

Connecting things before you understand what you are connecting is not getting ahead and winning some kind of race. It is just moving fast and almost assuredly breaking things in the process.

There Are Real Costs Worth Understanding First

Leon Furze, an international consultant, author, and speaker, has written one of the most thorough and accessible series I have come across on AI ethics. His Teaching AI Ethics project covers bias, environmental impact, copyright, privacy, human labor, and power. It was originally written for educators and students, but it reads clearly for anyone who wants to understand what is actually happening underneath the hood of these tools. The updated 2026 series is available as a free, open-access ebook: Teaching AI Ethics – A Guide for Educators.

Furze's work is a good place to start if questions like these are on your mind: Who does the labor that makes these systems run? What does it cost the planet to train and operate them at scale? Whose work was used without permission to build them? He also encourages us on Episode 572 to not solely refuse to learn anything about AI because of these ethical concerns, but to remain curious and in a position of learning. He shares:

We can take a personal moral stance, but if we have a responsibility to teach students, then we have a responsibility to engage with the technology on some level. In order to do that, we need to be using it and experimenting with it because otherwise, we're relying on third party information, conjecture, and opinions rather than direct experience.

While Sam and Leon tend more on the experimental side of things (with curiosity and skepticism at the forefront), there are other voices worth centering.

Critics Worth Listening To

Emily M. Bender and Alex Hanna are the co-hosts of Mystery AI Hype Theater 3000 and the authors of The AI Con: How to Fight Big Tech's Hype and Create the Future We Want. I talked with both of them on Episode 576 of Teaching in Higher Ed, where Emily described the two sides of the same coin:

The boosters say AI is a thing. It's inevitable, it's imminent, it's going to be super powerful, and it's going to solve all of our problems. And the doomers say AI is a thing, it's inevitable, it's imminent, it's going to be super powerful, and it's going to kill us all. And you can see that there's actually not a lot of daylight between those two positions, despite the discourse of saying these are two opposite ends of a spectrum.

Meredith Whittaker, president of Signal and co-founder of the AI Now Institute, has been one of the most consistent and credible voices raising alarms about what happens when AI agents, tools that act on your behalf, get access to large parts of your digital life. She has called it “putting your brain in a jar.” She is worth following if you want someone who speaks plainly about the structural risks, not just the individual ones.

Kate Crawford, co-founder of the AI Now Institute and author of Atlas of AI, takes a more structural and academic approach. Her work examines the economic incentives that make data collection the default, and what is lost when we consent without fully understanding what we are agreeing to.

Kashmir Hill is a technology reporter at the New York Times who covers privacy in a way that is accessible and human-scale. Her book, Your Face Belongs to Us: A Tale of AI, a Secretive Startup, and the End of Privacy, about facial recognition technology and what it means for privacy, is a compelling read. Her ongoing reporting tracks the kinds of policy changes that affect everyone who uses these tools.

Kashmir's TED talk with her collaborator, Surya Mattu, What Your Smart Devices Know (and Share) About You is well worth a watch, to remind us of what's at stake.

The Electronic Frontier Foundation is the most reliable starting point I know for guidance on privacy and security. They publish regularly and write for non-technical audiences. Well worth a look is the Tools section of the EFF website, which includes tangible ways to defend ourselves against the threats to our privacy and security online.

What This Series Is About

Over the next few posts, I am going to walk through the specific considerations I have worked through as I have decided what to give Claude Cowork access to and what to keep off limits. That will include thinking about your employer, your own personal privacy, and other people's information.

But I wanted to start here, with this: none of this has to happen on anyone else's timeline. You are not only allowed to go slow, but it is prudent to do so, particularly given the pace of change related to the AI tools' capabilities. You are allowed to decide that some things are not worth the tradeoff, at least not yet. You are allowed (and urged) to keep some parts of your life outside of any of this entirely.

At the same time, I would ask that you heed Maha Bali's advice and not engage in AI-shaming, should you choose to engage further with these posts about my experimentation. Maha is a Professor of Practice at the Center for Learning & Teaching at the American University in Cairo (AUC) and a full-time faculty developer. That translates to her being expected to help people “make thoughtful decisions about how they're going to teach and assess in a time where this thing exists.” Some of us have jobs that require we remain simultaneously curious and skeptical about AI and we aren't afforded the opportunity to ignore what's happening across higher education.

On Episode 529 of the Teaching in Higher Ed Podcast, James Lang, Professor of Practice at the Kaneb Center for Teaching Excellence at the University of Notre Dame and author of six books, discussed a beautiful piece he wrote: Voltaire on Working the Gardens of Our Classrooms – Are you a Pangloss, Martin, or Candide?

I'll admit I've long since forgotten the Voltaire specifics, but I walked away reminded of something I already knew: teaching isn't a race. We're not supposed to go fast and break things, because people can get hurt in the meantime and we can wind up forgetting why we got into this work in the first place.

Jim shares about his own teaching:

I have skills and experiences that I have developed over a lifetime, and a commitment to supporting teachers and learners. I still see those skills and experiences making a positive difference in the lives of other humans. You might be feeling the same way. You feel storm clouds gathering above you, and are worried about the future of education, but in the meantime you are connecting with students and creating learning in the gardens of your classrooms.

He continues the garden metaphor throughout the piece and ends by encouraging us to go work in our gardens. It is in that spirit that I seek to share what I'm learning about agentic AI, as it relates to the various roles I hold, while encouraging all of us to go slower than we might normally, and to be curious and skeptical as we do our tending.

Featured photo attribution:
Photo by Naoki Suzuki on Unsplash