Monday, August 22, 2011

Microsoft caught with hand in Cookie Jar

Film at eleven! Well, okay, maybe not, but an amusing read is available now.

Of course, Microsoft quickly published their side of the story, which is already collecting amusing comments from people who aren’t completely buying it.

Trail of crumbs, anyone?

Thursday, August 11, 2011

LinkedBook - or just InYourFace?

A lot of us have come to expect, if not completely accept, that Facebook will farm out their users data to advertisers faster than a crop-crazy Farmville aficionado, given half the chance and a way to slide it into some New and Improved User Preferences. LinkedIn, that quasi-professional counterpart in the major social media arena, has seemed less inclined to stoop to such unprofessional tactics.

Until now.

I don’t much appreciate the irony that only recently did I decide to go ahead and share my one and only photo on Linkedin. Being somewhat camera-shy, I was careful to make sure it was shared only with those already in my network. Granted, anything posted on the intarwebs is out there for all to see if they really know how to find it. That doesn’t mean I want my social networking venue furtively taping my image to the cyber-walls as they see fit for fun and profit (it's bad enough that I just gave people I actually know tacit permission to do so). It doesn’t mean I’m automatically agreeing to be affiliate advertising fodder, either.

Considering that one of the main things people do on LinkedIn is business related networking, the ramifications of having your profile information and/or your photos affiliated (bad pun absolutely intended) with advertising you may or may not want to endorse - or you may or may not even feel is appropriate - are potentially more than simply annoying or embarrassing. LinkedIn promises you'll be connected to ads "related" to content you have publicly endorsed. The problem is, the term "related" is open to a lot of interpretation, and the further down the chain it goes, the more (mis)interpreted it can get, especially if that interpretation is being done by marketing algorithms. I'm sure we've all gotten search results sprinkled with suggestions that were pretty well removed from what we were actually looking for. I've definitely gotten "You might also like" suggestions that I definitely would NOT want to "like", not even on Facebook. Most certainly not on LinkedIn.

The delivery method leaves a bit to be desired, as well. Opt outs are, IMHO, all too often underhanded tactics used to get people to consent to, or even purchase, services and goods they would otherwise avoid, given full disclosure. I suppose I shouldn't complain. A good part of my income comes from cleaning bloatware off computers where the user wasn't careful enough to opt out of everything but what they intended to install. Still, both from a consumer advocate perspective, and a LinkedIn user perspective, this is one option I couldn't opt out of fast enough.

Before you decide this is yet another privacy-tempest-in-a-teapot, you might want to let your imagination run a little wild on how your endorsement of streaming cable TV could ultimately wind up being represented. Some of that late night programming might not be the kind of fare you want paired with a personal photograph...or, then again, it might (and if it is, you probably should at least make sure your photo is "appropriately" flattering...*cough*). Then you can decide if you want to opt out of LinkedIns latest offering - or not.

Update: Attitudes can result in adjustments.

It's nice to know the noble motivation comes back to that ubiquitous excuse of "delivering useful ads" . Personally, I've never yet had an ad delivered that I found useful. I suppose it could happen someday, but I'd still rather not find myself making a surprise appearance in one.

Tuesday, May 17, 2011

Phun With Phishing

I have a lot of friends stranded overseas, and a lot of relatives who left me bzillions of dollars after dying fortuitously in a vehicle crash, and more than a few people who trust me enough to invite me to help them transfer a huge trust fund for orphans to safe haven in a US Bank account, at least according to some of the unsolicited email I get. I generally ignore these, simply because there are too many to answer them all, and it would be unfair to answer only a few and leave the others twisting helplessly in the wind, and also because 99% of them get caught by my email spam filter and routed to the most appropriate folder (the trash). Every once in a while though, one gets through, and sometimes it's even barely interesting, or else vaguely amusing.

Take this one, for example. In the current tough economic times, lots of folks are looking for jobs.


An email with the subject line “Job Offer !” could get just about anyones attention, at least for a moment or two. It got mine, though probably not in quite the way the sender(s) intended, since the first two things that caught my attention were the extra space before the “!” in the heading, and the return address of “jobs@carrerbuilder.com”.


Okay, so maybe the address “careerbuilder” was already taken. But frankly, there are likely enough properly spelled permutations still available to make this a weak excuse. It certainly doesn't excuse that annoying “ !” bit. This left me with a clear first impression: these guys can't use proper punctuation, and they can't spell. For a group purporting to help me build a career, they're not off to a great start. I wasn't impressed by the “no recipient” in the To field, either. I could assume they simply blasted this announcement out to a mailing list, but not bothering to call it something other than “no recipient” is at best lazy, and at worst just plain rude.

The body of the email isn't TOO bad; there are no more egregious spelling errors, although they still seem stuck on putting unneeded spaces in front of punctuation marks. The “job offer” itself isn't too outlandish – there really are mystery shopper programs out there, and legitimate companies do pay people to participate. This, however, isn't one of them.

As a matter of fact, it turns out that emails from “carrerbuilder.com” have already been flagged by several watchdog websites, such as this one, and the domain itself is simply parked. Color me not surprised.


Now, that would normally be the end of it. A lot of these types of phishing emails are sent purely to get the “no recipients” to reply, even if the reply consists of “BUZZ OFF!” (or something more colorful), in order to verify as many “live” email addresses as possible. Spammers will pay more for lists of verified email addresses; it's more profitable to phish in ponds they know are stocked. But these guys went one better: they helpfully included an Application Form, as an .html attachment. As my tinfoil hat is about two sizes too small, I rather doubt it's really an application form. I further doubt it's a benign little .html file that will do nothing more than open locally in my browser and display text, or dollar signs, or happy dancing bunnies. There a lot of file types that can contain executable code these days, code that will run as soon as the file is opened, under the right conditions, and .html files are certainly one of those types.

I'll probably save this not-so-benign .html file for later perusal – under the right conditions, of course. I do hope the helpful hackers at “carrer builder” aren't breathlessly waiting for me to send back my completed application. I don't accept candy from strangers, and I don't open attachments from them, either.

Neither should you.