Monday, August 22, 2011

Microsoft caught with hand in Cookie Jar

Film at eleven! Well, okay, maybe not, but an amusing read is available now.

Of course, Microsoft quickly published their side of the story, which is already collecting amusing comments from people who aren’t completely buying it.

Trail of crumbs, anyone?

Thursday, August 11, 2011

LinkedBook - or just InYourFace?

A lot of us have come to expect, if not completely accept, that Facebook will farm out their users data to advertisers faster than a crop-crazy Farmville aficionado, given half the chance and a way to slide it into some New and Improved User Preferences. LinkedIn, that quasi-professional counterpart in the major social media arena, has seemed less inclined to stoop to such unprofessional tactics.

Until now.

I don’t much appreciate the irony that only recently did I decide to go ahead and share my one and only photo on Linkedin. Being somewhat camera-shy, I was careful to make sure it was shared only with those already in my network. Granted, anything posted on the intarwebs is out there for all to see if they really know how to find it. That doesn’t mean I want my social networking venue furtively taping my image to the cyber-walls as they see fit for fun and profit (it's bad enough that I just gave people I actually know tacit permission to do so). It doesn’t mean I’m automatically agreeing to be affiliate advertising fodder, either.

Considering that one of the main things people do on LinkedIn is business related networking, the ramifications of having your profile information and/or your photos affiliated (bad pun absolutely intended) with advertising you may or may not want to endorse - or you may or may not even feel is appropriate - are potentially more than simply annoying or embarrassing. LinkedIn promises you'll be connected to ads "related" to content you have publicly endorsed. The problem is, the term "related" is open to a lot of interpretation, and the further down the chain it goes, the more (mis)interpreted it can get, especially if that interpretation is being done by marketing algorithms. I'm sure we've all gotten search results sprinkled with suggestions that were pretty well removed from what we were actually looking for. I've definitely gotten "You might also like" suggestions that I definitely would NOT want to "like", not even on Facebook. Most certainly not on LinkedIn.

The delivery method leaves a bit to be desired, as well. Opt outs are, IMHO, all too often underhanded tactics used to get people to consent to, or even purchase, services and goods they would otherwise avoid, given full disclosure. I suppose I shouldn't complain. A good part of my income comes from cleaning bloatware off computers where the user wasn't careful enough to opt out of everything but what they intended to install. Still, both from a consumer advocate perspective, and a LinkedIn user perspective, this is one option I couldn't opt out of fast enough.

Before you decide this is yet another privacy-tempest-in-a-teapot, you might want to let your imagination run a little wild on how your endorsement of streaming cable TV could ultimately wind up being represented. Some of that late night programming might not be the kind of fare you want paired with a personal photograph...or, then again, it might (and if it is, you probably should at least make sure your photo is "appropriately" flattering...*cough*). Then you can decide if you want to opt out of LinkedIns latest offering - or not.

Update: Attitudes can result in adjustments.

It's nice to know the noble motivation comes back to that ubiquitous excuse of "delivering useful ads" . Personally, I've never yet had an ad delivered that I found useful. I suppose it could happen someday, but I'd still rather not find myself making a surprise appearance in one.

Tuesday, May 17, 2011

Phun With Phishing

I have a lot of friends stranded overseas, and a lot of relatives who left me bzillions of dollars after dying fortuitously in a vehicle crash, and more than a few people who trust me enough to invite me to help them transfer a huge trust fund for orphans to safe haven in a US Bank account, at least according to some of the unsolicited email I get. I generally ignore these, simply because there are too many to answer them all, and it would be unfair to answer only a few and leave the others twisting helplessly in the wind, and also because 99% of them get caught by my email spam filter and routed to the most appropriate folder (the trash). Every once in a while though, one gets through, and sometimes it's even barely interesting, or else vaguely amusing.

Take this one, for example. In the current tough economic times, lots of folks are looking for jobs.


An email with the subject line “Job Offer !” could get just about anyones attention, at least for a moment or two. It got mine, though probably not in quite the way the sender(s) intended, since the first two things that caught my attention were the extra space before the “!” in the heading, and the return address of “jobs@carrerbuilder.com”.


Okay, so maybe the address “careerbuilder” was already taken. But frankly, there are likely enough properly spelled permutations still available to make this a weak excuse. It certainly doesn't excuse that annoying “ !” bit. This left me with a clear first impression: these guys can't use proper punctuation, and they can't spell. For a group purporting to help me build a career, they're not off to a great start. I wasn't impressed by the “no recipient” in the To field, either. I could assume they simply blasted this announcement out to a mailing list, but not bothering to call it something other than “no recipient” is at best lazy, and at worst just plain rude.

The body of the email isn't TOO bad; there are no more egregious spelling errors, although they still seem stuck on putting unneeded spaces in front of punctuation marks. The “job offer” itself isn't too outlandish – there really are mystery shopper programs out there, and legitimate companies do pay people to participate. This, however, isn't one of them.

As a matter of fact, it turns out that emails from “carrerbuilder.com” have already been flagged by several watchdog websites, such as this one, and the domain itself is simply parked. Color me not surprised.


Now, that would normally be the end of it. A lot of these types of phishing emails are sent purely to get the “no recipients” to reply, even if the reply consists of “BUZZ OFF!” (or something more colorful), in order to verify as many “live” email addresses as possible. Spammers will pay more for lists of verified email addresses; it's more profitable to phish in ponds they know are stocked. But these guys went one better: they helpfully included an Application Form, as an .html attachment. As my tinfoil hat is about two sizes too small, I rather doubt it's really an application form. I further doubt it's a benign little .html file that will do nothing more than open locally in my browser and display text, or dollar signs, or happy dancing bunnies. There a lot of file types that can contain executable code these days, code that will run as soon as the file is opened, under the right conditions, and .html files are certainly one of those types.

I'll probably save this not-so-benign .html file for later perusal – under the right conditions, of course. I do hope the helpful hackers at “carrer builder” aren't breathlessly waiting for me to send back my completed application. I don't accept candy from strangers, and I don't open attachments from them, either.

Neither should you.

Wednesday, May 5, 2010

Freedom of choice: yes, having options DOES count

I haven't yet read the draft of the new Privacy Bill, but my at-a-glance reaction is simple. It's about time. Whether not anything constructive will actually come of it is, naturally, a whole 'nother matter.

Of course, the digital jackals are already howling at the prospect of losing easy prey. As usual, their howling isn't making any logical sense. Then again, I don't expect jackals, digital or otherwise, to make logical sense. Ravenous animals don't react logically when you try to take their bones away.

"a 'privacy industrial policy' for the Internet would diminish consumer choice"

Erm, excuse me? I utterly fail to see how giving consumers "a simple opt-out", i.e. a choice, diminishes choice. I just. don't. get. it.

Now, I do see where more consumer choice on what personal data may by default be collected, indexed, aggregated, sold, stamped, folded, mutilated, or disseminated on a thousand daisy-chained social network fan pages by friends of friends of causal acquaintances of complete strangers might limit the jackals' choices. And they are, by definition, voracious consumers. Maybe the prospect of going from open buffet to a la carte is the "diminished consumer choice" they're howling about.

Thursday, March 4, 2010

The dinosaurs that won't die

Just when I think People Who Should Know Better can't come out with another obtuse, groundless, head exploding statement that tops a previous pronouncement, someone out there proves me wrong.  While I can sort of see a (vague) argument for the demise (or at least transforming evolution) of the computer mouse (eventually), I definitely can't see the complete death of the desktop pc itself anytime soon, and certainly not within the next three years.

Now, this is hardly news; the declarations that the desktop is destined to the doom of the Dodo have been around for years; certainly more than three.  I do find it ironic that this time it's the vice president of global ad operations at Google, "a search company that generates nearly all of its revenue from online advertising", who is making this preposterous prediction.  Clearly he hasn't clued into the fact that online advertising pretty much obscures any actual, relevant content on the tiny screen of a mobile device, and therefore is a lot more likely to simply annoy people than generate positive click throughs, unless you count the frustrated clicking of users who are just trying to close that dang pop up or banner ad.  More likely he's running ad blocking of some type.

There's also the simple fact that most people using their smart phone/mobile device for "research" - at least here in Amerika - are doing so because they are, well, mobile.  Whether you're looking up directions, scouting for a good Thai restaurant within a five mile radius, doing a quick email check, or posting a snappy one line response to the latest jibe on your Facebook Wall, if you're doing it from a mobile device chances are you are: A) in transit, or B) stationary at some location away from Home Base, and you need to: A) obtain a certain piece of information right now, or B) communicate a certain piece of information right now.  Sure, I've had friends pass their iPhone to me with a giggled "You gotta check out this video on YouTube", but almost invariably that's followed with "I'll send you the link so you can watch the whole thing later" (a link I may or may not click on later, depending on the video).  I know I'm not the only person who's played Solitaire on a Blackberry, but I think I'd have to hunt far and wide to find even a few folks who've played Runescape on one, and I'd be surprised if among those I found even one who actually enjoyed it. As far as doing any serious work...I tried doing a small spreadsheet on a smartphone. Once. I think trying to get a hair out of my eye with a grapefruit spoon would have been more productive and less painful.

I won't go into the whole cloud computing concept, at least not this time around, other than to note the day has yet to come where I will trust a third party - ANY third party - to be the sole keeper of all my important data, and I'm not waiting with bated breath for that moment of epiphany, either.  I will say that while I see the possible practicality of using a desktop setup that's a pair of giant dual flat panels, a lovely finger-friendly full sized keyboard (AND MOUSE), and a docking station for some sort of tiny form factor, I'm still not inclined to make my primary workhorse computing machine double as my mobile mini-command center , or vice-versa.  For one thing, I don't want to have to remember to yank a device out of a docking station every time I bolt out the front door.  Nor do I want to trot around with my main computer, whatever size and form factor it is, in a hip holster day in and day out.  With my luck I'd get caught in a sudden downpour in a parking lot, or have it fall out in the electronics department at Best Buy.  Oops.

There's something comforting, IMHO, in knowing that as I dash through my day, my trusty desktop is waiting patiently - and safely - at home.  And when my days dashing is done, my desktop will be there, ready to fire up complete with a wide screen monitor and full sized keyboard, to take me places where a mobile device simply cannot gracefully go.  I might even kick back and watch a YouTube video or two.

Thursday, February 11, 2010

Is there a mouse in your house?

It always amuses me when industry pundits predict the "inevitable extinction" of a certain type of tech (sometimes they even go for a vague timeframe with "imminent demise"), if only because so often the tech in question, be it hardware or software, then proceeds to demonstrate an amazing longevity. It's a shame for the dinosaurs some of these prognosticators weren't around to interpret their tea leaves; they might still be with us.

This time we have the inevitable extinction of the desktop mouse. I know some people love trackpads. Personally I can't stand them. Part of it is just personal, as in preference, but a lot of it has to do not only with how I work, but the work I do. I write a lot, and not just plain English. The ability to precisely select blocks of text, be it html, javascript, VB, or whatever, is critical to me - missing one comma or even a space in a selection I need to cut/copy and paste elsewhere can utterly break code, and can send me on a hair-tearing search for the problem. Especially if I've neglected to put on my reading glasses.

I do a moderate amount of image editing as well, and there again precision is key, although to be fair an optical or laser pen would work even better (it'd work better for text selection, come to think of it). That's still using a pointing device, though, not sliding my finger along a touchpad. I like the feeling of something I can wrap my fingers around and grip.

Maybe I'm just old fashioned. But maybe I'm also needing the physical outlet of being able to click furiously on a button in frustration. Like so many others in these hi-tech times, I rely on a cellphone, but I have never been able to hang up on someone in a truly satisfactory manner with one. There's something about slamming a heavy receiver down into a cradle that just can't be beat. Even socking a cordless phone sharply back into its station doesn't quite cut it. The ability to at least SNAP the cellphone shut is one reason I prefer a flip phone to a "candy bar" form factor. I don't care what anyone says, you CANNOT dramatically end a call by just pushing a button.

Likewise I can't see being able to express myself fully with a trackpad. I can not only grip my mouse, and smack the buttons, I can spin the scroll wheel, bang it on my desk, and even throw it across the room.   I do for this reason concede the eventual demise of the wired mouse in favor of the wireless, but certainly not imminently or inevitably; too many people don't like to have to change or charge batteries.   I suppose a wireless trackpad could work well for forehead slamming, but then again that's what your desk is for, or your monitor if you still have a heavyweight CRT.

As far as I can tell I'm not alone in my continued love affair with the mouse. There seem to be a lot of folks who still like to heft something in their hand, and they seem inclined to keep their fingers wrapped around their pointing devices until they're forcibly pried loose. So to those who cry "THE MOUSE IS DEAD!" I will shout back "GET A GRIP!". I know I've already got one - have you? ;-D

Thursday, January 28, 2010

Data Privacy Day Checklist

Rather than add to the previous post, I decided a true celebration of Data Privacy Day deserved a post all its own, and what better way to celebrate the date than with a list of Data Privacy To Dos! Don't think that sounds fun? Put it in perspective: would discovering someone's gone hogwild with your Amazon (or PayPal) account be fun? How about suddenly getting a flurry of unhappy replies from friends and family (or coworkers) to some offensive email you don't remember sending? I don't think that's fun. If you do, I'm guessing this is where you'll stop anyway, if you even made it this far. However, if such or similar scenarios are on your Not Fun List, you might want to check out my list of a few ways to avoid them.

Review all your passwords (and they'd better not be on a large post-it stuck to the bottom of your keyboard, either).
Are they on this list? Don't pat yourself on the back just yet if the answer's "no"; you might want to check this list too. Still in the clear? Maybe - depending on whether you can also answer "no" to the next question.

Do you use one password for everything?
If so, you need to make a list of your own: of all the stuff someone would have access to if they got hold of that ONE little word. Write it all down, look it over, and think about it. Now imagine it in the hands not just of someone, but someone who really, really doesn't like you. Feeling any password creativity yet? If you need a little help, here are some tips:

1. Choose a strong password, with numbers and even punctuation marks as well as letters. Substitute numbers for vowels, for example: p4ssw0rd (NO, DON'T USE THAT). Pick a line from a favorite song or poem, and use the first letters of each word. Mary Had A Little Lamb = MHALL (NO, DON'T USE THAT EITHER). If you've just got to use your pet's name, spell it backwards. If your pet's name is Spot or Rover, give him a middle name (preferably a long one) and use both.

2. Use a different password for all websites/accounts. Write them down if you must, but keep them in a safe place; under your keyboard or taped to your monitor doesn't count. I'm not a keen proponent of the old "stash it in your wallet" routine, either. Yeah, if you lose your wallet your day's already in the toilet, but why add to the booty if someone other than a Good Samaritan finds it? Besides, do you really need to carry all your passwords with you everywhere?

3. Never let websites "save" passwords for you. That cute little "remember me" box next to your Twitter login? UNcheck it. That's actually saving your password to your computer hard drive, usually in a simple cookie and all too often unencrypted. If your computer gets compromised by a malware ridden banner ad or flashing pizza coupon, or your laptop gets boosted in an airport lounge, guess what's the first thing bad guyz look for? Don't trust your computer to remember your passwords or keep them secure. You really shouldn't trust your computer for much of anything, anyway. Ultimately, computers are dumb. You can trust me on that.

Designate ONE credit card for online use, or see if your credit card company offers a virtual credit card service.
Using one credit card soley for online use makes it easier to spot red flag fees or charges, and if you smell smoke and have to put out a fire, you won't also be having to cancel the same card you use for dining out or keeping your wardrobe up to date. "Disposable" or "virtual" credit card numbers are also now offered by many financial services. They're one hoop jump too many for me personally (well, so far), but worth consideration at least for one-time purchases, or trial offers that also "offer" to automatically opt you in for the rest of your natural life - though bear in mind on that latter, if you did implicitly agree to some Neverending Subscription, you could still legally be on the hook. RTFP (Read The Fine Print). Never EVER use your debit card online if you can avoid it, and always practice safe online shopping.

Set up a "junk" email account.
Don't use your primary email address for casual shopping, social networking, or submission to any website that requires one before you can read the last sentence of a tantalizing news article (or leave a snarky comment on the same). Set up a separate email account with one of the many free web email services available, and whatever you do, DON'T immediately import your entire address book into the thing. Don't fill out a profile with your full name, complete home address, and life history, either; that utterly defeats the purpose. The idea is to cut back on the info merchants and advertisers can mine from you, as well as give them someplace else to send their spam.


I'll save my list of browser tips for another post (everyone can stop cheering now), and end here wishing a happy Data Privacy Day to all. If anyone has other tips or tricks to share, please do so! And if (again) it appears my tinfoil hat's a little tight, remember bad things don't always happen just to other people. Someone's got to make up the statistics, and if you don't preemptively stack a few odds in your favor, your number could be next.