Shiny, happy advertisers. Really!

I finally logged into Facebook this morning to do a bit more than just make sure I remembered my password. Poking around the "My Account" section for the first time since the Great Privacy Update, I received the following popup when I hit the "Facebook Ads" tab:


Advertisers using my photos? Misleading rumors? Get the whole story? I'll give 'em this: they know how to hook a person.

The Facebook blog entry is an interesting read in and of itself, but more interesting to me is the reference to "two entire advertising networks" being unfriended by the big FB itself (actually the number now stands at four). Turns out there's also a list of ad networks that are still considered friendly, for the time being anyway.

Presumably Facebook is aware of the members on this list, even if the "providers are not approved by nor affiliated with Facebook", since the content on the Facebook Developer Wiki "is created by the Facebook team with help from our developers". You still might want to weigh just how evenly matched your social standards are with Facebooks, seeing as how RockYou! isn't very careful with its users passwords, Offerpal recently ditched a foul-mouthed CEO, and Zedo-induced spyware/adware has long been a gift that keeps on giving. Neither of these latter two are getting great reviews from my trusty Firefox plugin, either. I could spend the rest of the day playing in this sandbox with my little bucket and shovel, but I think you get my drift.

Granted it's possible to dig up dirt on just about anyone or anything, and everybody's got a skeleton or two rattling around (I've never kicked a puppy, but I've stuck a few mirrors in front of Siamese Fighting Fish). Facebook taking a shot across the bows of lowend malvertising is a step in the right direction. The Facebook community trying to set some standards with a list of who is nice (or at least not blatantly naughty) is another step in the right direction. That doesn't mean it should be taken at face value, or that the shiny, happy advertisers who made the Nice List are there because they met a bar, rather than just slid underneath it.

It is a place to start, at least for the conscientious crowd who have their eyes set on a long term, sustainable business model as opposed to a short term, rake-it-in-and-run racket. If consumers back them up by voting with their wallets, there may even be a light at the end of the "Scamville" tunnel.

Facebook updates gone wrong

Evidently there are people out there who really, truly don't care about their online privacy OR the new Facebook privacy controls. I admit I'm wondering if this guy, in addition to keeping his fugitive status updates current, is also updating his photo album...? And does he prefer Farmville or Mafia Wars? My play money is on the latter.

Anyone else think the cops should check to see if he's reporting in on Foursquare as well?

Update: as of 12/27/09, "Lazie" is still keeping in touch, so at least he's not slacking there. Apparently he has a little help, as he's given public kudos to his "admin staff".

Um...admin staff? Now there would be some interesting profiles on LinkedIn.

The guy needs to give his admin staff a poke and have them get serious about an advertising campaign. They might start by studying the "relevant" ads that are showing up on his Facebook page. Car insurance? Not so much (although an agency whose ad shows up on Lnych's page is probably not too picky). Drop blood pressure by as much as 60 points? Now that's relevant.

There's plenty of affiliates I'm sure who would fall all over themselves, and if he pimps the right products*, he could make a tidy sum. That might come in handy for bail one of these cold, rainy days.

*no, I'm not going going there. Well, not yet anyway.

Facebook's new path to privacy - a call to common sense

A friend of mine asked me recently if I planned to write any fiction. I gave her my standard response: "No, because I couldn't make this stuff up". Seriously, I can't, and I have a pretty active imagination. They say sometimes life just hands you material. I say life always hands you material; you just have to be able to gather it all up. Right now, my basket is overflowing.

First there was the gathering storm of Facebook revamping its privacy controls, which some viewed as a tempest in a teapot. Then came the rollout. Then came the fallout, with cries of outrage ranging far and wide. To prevent this post from becoming nothing more than a collection of linkbait (and it's already hovering dangerously close), if you want a sampling of these cries, just plug "Facebook privacy fiasco" into your favorite search engine and knock yourself out.

The fun, however, was really just beginning. The highlight for many people - I know it was for me - was the revelation that Mark Zuckerberg, Facebook's own BMOC, apparently didn't understand the new privacy controls himself, and inadvertently left a bunch of less than flattering photos available to friends of friends of friends of casual acquaintances of total strangers, or something like that. This was followed by stout claims that he really meant to do that, although the hypocrisy of these claims is hard to overlook in view of the fact that Zuckerberg's transparency clouded over shortly after it went massively public. I personally also have to question some of the justifications put forth, certainly in the piece I just referenced:

Bottom line: People don't care about the concept (really an illusion) of privacy nearly as much as other people think they do.

Maybe I'm wrong, but I think they do. Based on the thousands of comments I've seen over the past week, I think I'm right.

I think people do indeed care about their privacy, and more than other people think they do (or at least more than the executives at large internet companies think they do *cough*). What a lot of people don't understand is the difference between the illusion and the reality. In the world of the intarwebs, there is a wide gulf between the two, and for many people "using various Web sites to post personal stuff in a very public way", it is an invisible divide. Out of sight, out of mind. Until something happens which brings the invisible divide into sharp relief.

Among the various opinions being voiced at varying volumes regarding this latest spotlight on the illusion versus the reality of online privacy are calls for action ranging from lynchings to lawsuits. Even the FTC may be getting involved (whether they want to be or not).

What really needs to be happening is a wake up call to common sense. Maybe, with a little luck, that is what's happening, and maybe Facebook is the trumpet sounding (whether they want to be or not). They probably don't want to be the blast that opens a lot of eyes - especially when those eyes are mostly glaring at them with anger - but what's not so good for Facebook could, ultimately, be good for a whole lot of other folks. It certainly will be if it gets a whole lot of folks to finally grok that the "concept" of "privacy" is "really an illusion".

Online privacy is an oxymoron to begin with. I'd like to have that on a bumper sticker. Or a t-shirt. Or both. Anything to help raise awareness that out in cyberspace, the only one who can really safeguard your privacy is YOU.

Might even help a few people avoid getting their insurance canceled.

Some things are better left unsaid

For better or worse (I lean towards the former, frankly) there's been a huge flap over Google CEO Eric Schmidt's recent interview comment (er, gaffe):

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place,"

with reactions ranging from slightly paranoid to more calmly practical. Now, predictably, the Google PR Parade is attempting damage control with the tried and true It-Was-Taken-Out-Of-Context defense. So I decided to take a brief break from picking on Facebook (but don't worry, I'll get back to it) to offer Mr. Schmidt a piece of advice he seems to rather desperately need:

If you have something to say that could come across as atrocious if taken out of context, maybe you shouldn't say it in the first place.

Especially not in an interview with CNBC. Yes, Mr. Schmidt, judgment matters. A complete lack thereof can matter even more. Mmmm'kay?

Facebook's new path to privacy (or not)

Facebook today pushed out its new and improved privacy settings, under the guise of giving users "more control" over their information. The Electronic Frontier Foundation has a pretty good rundown of the "good, the bad, and the ugly" here. Another useful commentary can be found at ReadWriteWeb, and as it appears to be a running one it's probably worth watching. For the snarky side of the story, El Reg has a nice sarcastic spin. There's plenty more coverage of this Big Event; these are just a few that topped my own reading list.

At a surface scratching, the good does indeed appear fairly good, but the bad has the potential to be very bad if you don't pay close attention to what you're doing (c'mon, social networking is about getting everyone else to pay close attention to what you're doing), and the ugly, examined closely, looks to give Freddy Krueger a comparative cuteness score of 9.5 on a scale of 10.

First things first though, and since I have a Facebook account myself (against my better judgment), time to get hands on with this Brave New Facebook World.

Okay, so I start by seeing a "Privacy Announcement":

"We're making some changes to give you more control of your information and help you stay connected. We've simplified the Privacy page and added the ability to set privacy on everything you share, from status updates to photos."

Liar, liar, pants on fire!!

With that knee jerk reaction out of the way, I am amused by how they throw giving me more control of my information into the same sentence as helping me stay connected. Facebook is going to make money via the latter, not the former. Ergo, it's the latter I'm going to pay close attention to - that's where their attention is focused, I'm sure.

"At the same time, we're helping everyone find and connect with each other by keeping some information—like your name and profile picture—publicly available."

Ah HA. Now we're talking, or at least they are. Thank you SO much for "helping" everyone, including me, by deciding for me to "keep" some of my information publicly available.

Unfortunately I don't use Facebook often enough to remember exactly what information I had previously decided to NOT keep publicly available, only that I had my settings cranked to paranoid. But that's okay. Facebook knows what's best for me.

"The next step will guide you through choosing your privacy settings. You can learn more about how privacy works here."

Riiiight. Let's see how this "guide" works.


Looks like my Old Settings pretty much run counter to Facebooks recommendations, other than Email Addresses and IM, and Address, which we seem to agree should be shared with Friends. Evidently in Old Settings I had not specified Only Friends, but I'm sure Facebook and I also agree on the difference between the two, and hopefully at some point they'll explain it to me. I trust them, really I do. Not enough, however, to take any of their other recommendations.

I do award them a point for putting an obvious truth in writing, although they fudged the wording ever so slightly. It's still close enough for government work, and a nice bit of CYA.

I changed the email/IM setting anyway, just to see what happened.


Cool, now my email and IM are set to Only friends. I do still have to wonder what separates the new privacy setting of "Friends" from the old privacy setting of "Only Friends". It seems there is a difference, or else why would there even be an option to change it? Facebook doesn't seem inclined to clarify that. Meh, whatever.

DISCLAIMER: The Privacy Settings Screen did NOT say "email and IM screen name" for Only friends can see, nor "EVERYTHING ELSE" for custom settings. That's my own screenshot tweak. If I want my email and IM screen name limited to only friends, I'm not gonna turn around and post 'em here in a screenshot (besides, you can find what info I'm willing to share via this blog in my profile :)). And the finer details of what all I choose to keep private really isn't anybodys business (except mine and Facebooks). If you're that curious, go check your own Facebook Privacy settings. In view of what's going down, you really should do that anyway.

Having made that recommendation, I am both out of time and Facebooked-out, so my own under the hood digging regarding the new and improved privacy settings will have to wait. I've little doubt it will prove...educational.

Oh, that bit of obvious truth that Facebook fudged ever so slightly?

Facebook version:

"Information you choose to share with Everyone is available to everyone on the internet"

Well, like I said, they're close.

Here's the real version:

"Information you choose to share with Everyone is available to everyone on the internet"

Folks, out there on the intarwebs, that is as private as it gets.

Hello, Video Professor? This is Barbara Streisand calling.

Even after all my years in tech, there are still a few things that surprise me. One of them is how supposedly tech savvy people, and companies, will commit an utterly avoidable mistake, even after others before them have committed the same mistake, and often on a fairly spectacular scale.

If you follow tech news at all, you should be aware by now of the brouhaha stirred up by the TechCrunch exposé (among others) regarding "scammy" adverts in online social network games, with Facebook primarily profiled as the poster child. Even if you don't follow tech news, you've probably seen some reference to the whole sordid mess, as it got picked up by mainstream outlets like The Washington Post and Time, as well as the far geekier Slashdot. I'd love to write a post about it all myself, but so much has already been written, and so well, that anything I might have to add would likely be more noise than signal.

Amongst all the noise - and signal - was a brief reference to an ad for the "Video Professor". You've likely seen the TV commericals, where this guy who looks a bit like a cross between J. Jonah Jameson and the Monopoly Banker tells you he can make you a whiz-bang wizard with Microsoft Word, or Excel, or Powerpoint, or whatever, with his comprehensive, interactive lessons, all available on CDs with a free trial blah-blah-blah . Yeah, you can tell how those ads had me riveted. For one thing, I don't need to learn -->insert program here<--; of the stuff touted by the Video Professor, either I already know it or I don't use it. If I do need to learn a new trick in Microsoft Word (or whatever), there are plenty of available online resources, some from Microsoft themselves, and I don't have to check out these resources as a "free trial", they are just plain free. For another thing, I need more software CDs like I need a hole in the head (BTW, if anyone out there wants some nerdy drink coasters, drop me a line).

Since I never gave the venerable Video Prof more than a glance in passing, it never occurred to me to stop and take a hard look at him as a possible scammer. Not until now, that is. You'd think a company that claims to be in the business of teaching people how to use computers would be familar with the Streisand Effect, and would know better than to put themselves squarely on the map with it. Evidently the Video Professor missed this lesson, and has managed to get the undivided (and no doubt unwelcome) attention of the watchdogs at TechCrunch, going from being just a "side note" to a target on which TC (and MA in particular) is focused "like a laser". Oops.

Of course, the Streisamd Effect once set in motion generates its own self-perpetuating momentum, so naturally references to the "Video Professor Scam" are popping up on the 'net like mushrooms after a spring rain, ranging from side notes (that one's a single sentence mention following list item #5) to focused lasers. I'm sure more references will pop up, including this one as soon as I post it. For my own safety, I'm going to shield myself with that journalistic device Mike Arrington so hates (even though I Am Not A Journalist) and declare that the opinions expressed in any and all articles linked here are not necessarily my own. It is up to you, Gentle Reader, to judge the sources on their own merit and decide for yourself if the Video Professor's schtick does indeed qualify as a scam.

Now, I will go out on a bit of a limb here and state that at the very least, I think you could find a much better value for your money than the Video Professor's CDs, starting with a set of second hand dish towels and some macramé plant hangers from your local garage sale or flea market. That most definitely is my opinion, and it is, as always, absolutely free.

Are we having fun yet...?

Did you have fun this weekend? If so, did you post photos of this fun to your Facebook account? And if you did that, did you (hopefully) stop to consider whether those photos could get you into trouble with your significant other, your boss, or your mom? Maybe you think you don't have to worry about that, because your S.O., boss, or mom were with you (so you've got still more photos to ensure they will withhold any judgement), or because the fun was so innocent (or within their definition of innocent) that they wouldn't care. Maybe you don't care, because such opinions have no influence in your life, or because you've locked your Facebook account down so the only people who can see your photos are the friends you've approved (and therefore will presumably approve of you).

If you think no one whose opinion could literally change your life might see your Facebook photos, you're probably wrong.

If you think no one other than the friends you have approved can see your Facebook photos, you're wrong. Period.

And if you think you don't care who sees your Facebook photos, ask yourself if you'd care if your insurance company saw them - and then dropped you.

The story above concerns health insurance, but raises questions about what else insurance companies might find useful out there on the intarwebs. If your fun this weekend was marred by a fender-bender and you took pictures of it, I would strongly suggest you hold off on posting those pictures to your Facebook page...at least until you get those pictures to your auto insurance company, and you are sure of their judgement.

And if you took pictures that could be in any way be construed as you having the remotest bit of fun at the scene of the accident, I would strongly suggest not posting those pictures to your Facebook page at all.

Period.

Loyalty can be bought - has yours?

There's a few reasons why I have one credit card designated solely for online shopping, but up until now having to beware of being surreptitiously signed up for some fee-charging "loyalty program" wasn't one of them. This definitely makes my "WHOA!!" list.

Read the above linked article thoroughly, and more than once if the first time doesn't make you mad enough. Then check the statements of any credit cards you've used online - thoroughly. If you find you've been getting charged for "loyalty" you didn't definitively declare, I'd suggest you make some "customer noise" with the volume cranked up to max. Yeah, buyer beware, caveat emptor, RTFP (that's my acronym for Read The Fine Print, before anyone thinks I got it wrong), and all that, but even in the grey area of letting people hang themselves with their own rope there's a difference between someone sticking their head in a noose that's more or less visible, and a noose that gets slipped over a person's head while a sleazy advertiser distracts them by hollering "HEY LOOK, OVER THERE - CASH BACK AND A COUPON!!".

For myself, I've never made a purchase via Classmates.com either directly or through an ad on their website, but I'm nixing my account there ASAP. I check it only once in a blue moon, and any true classmates of mine who haven't already found me via other (and better) channels are probably people I don't care to hook back up with anyway.

Yes, it's a jungle out there. That still doesn't give supposedly legitimate online businesses (or their affiliates) a free pass to act like starving jackals.

p.s. Techcrunch has a got plenty of scoop here. Many of the comments are as enlightening as the article itself, so settle back with a favorite beverage if you have time for a bit of reading.

Oh, and have some aspirin handy.

A Phew Phishing Phacts

Hopefully by now, everyone who's had an email account for any length of time has not only heard the term "phishing", but actually knows what it is. Almost certainly anyone who's had an email account for any length of time has gotten at least a few phishing emails (for varying values of "a few").

CNET recently posted sort of "phishing primer" article that's worth the read. In a nutshell, phishing is, in its most common form, that scary/shrieking/somber missive in your inbox that proclaims to be from ->insert official organization and logo here<- and tells you to click the embedded link and log in to verify your information now or risk having your PayPal/eBay/CheckFree/Amazon/whatever account shut down.

Alternatively you may be facing an audit (or a refund!) from the IRS, or your bank has just been declared "failed" (I got one of these the other day, which made me smile - I've already given my bank a "FAIL" many times over the years, so I hardly need an email notice about it); the list goes on and on. One of my personal recent favorites is the one proclaiming to be from the email provider itself, warning that the "servers" are due to be "upgraded", so all user account information needs to be verified beforehand. Yeeeeah...so I guess they're not planning on backing up all that "account info" themselves prior to the "upgrade", and in fact have never stored or backed it up at all. C'mon, folks, if your email provider has to email you to provide them with your basic email account information via an email reply...think about it. Have some aspirin handy.

There's a few more phishing facts worth elaborating on:

The warnings to be wary of .exe file attachments are all well and good. Problem is, malicious code can be embedded in .doc files, .xls files, .ppt files, .zip files, .gif files, .pdf files - bascially any kind of file that can have executable code embedded in it. So be wary of any attached file you aren't specifically expecting. And do yourself a favor - turn off the preview pane in your email client. Now. The days when you had to explicitly open an attachment for it to deliver its payload are long gone; just opening the email it's attached to can be enough. The content of the email itself can be enough, if it's got Evile Dancing Bunnies in it and you have your email client set to render .html when you open a message. Guess what the preview pane for your inbox does?

If you feel irresistibly compelled to call a phone number contained in a suspicious email, do not call from your cell phone. Call from a land line you don't care about, or borrow a cell phone from someone you don't like. The scammers will happily settle for a working phone number they can sell off to telemarketers or use for SMS spam if they can't get the goods via email.

If you've clicked on an embedded link and been directed to a website, it's too late to worry about being fooled. Chances are good you already have. Shut down your web browser, kick off a complete virus scan, and go play outside while it runs. If you don't have a working and updated antivirus installed on your computer, slap yourself sharply across the face and then go shopping for one. When you get back, start looking for those restore CDs that came with your computer. You might need them.

Finally, as always, never EVER respond to any sort of spam, even to give the spammer what-for and demand they blot your email address forever from their consciousness. All you're doing is confirming for them that A) your email account is in fact active, and B) you opened their email. Jackpot for them, but no cookies for you. Well, except the ones they may have scattered all over your hard drive while they sold your verified email address to fellow spammers for the highest bid.

Time for me to wrap up a post that's turned waaaay longer than I intended...I need to go check my email. :)

Oldies but goodies

Who says legacy hardware can't still be useful in production? And I've had people point and laugh because I run a MacIntoaster...

Traffic Signal Computer On The Blink.

"This is a rather old computer. It's probably 25 to 30 years old. It's a 1980s-vintage Data General main frame computer. Parts are not really available."

Well, okay perhaps in this instance it's not exactly useful - at least not at the moment - but, still in production. Better than I expected, actually; I was thinking maybe they had a 20+ year old workstation running OS/2. And while security by obscurity is definitely not a recommended approach, I know my PPC 7100 is secure, certainly as long as there's no land line handy for connecting the modem. ;-)

(bonus question for anyone under 30 reading this: what's a land line, anyway?)

Okay, back to watching my Cube's bouncing beach ball. :-P Hey, so it's slow at times, but it is still both in production AND useful.

Facebook: Why I'm even on it

Yes, after so long of scowling, scolding, and even snarling at friends, family, users, and random people I've stopped in the street (okay, I don't do that, at least not that I'm aware of), I have finally gone to the Darkside. Predictably, the response from those who know me has been comparable to catching Jane Fonda on a wild midnight binge at Krispy Kreme. I have also promptly been the recipient of various requests, invites, and gifts (I intend to speak privately to the old friend who offered me a goat - there is a hidden message there, I am sure of it), none of which I have accepted. I do appreciate the spirit in which these communiques are made (sometimes perhaps more than the sender intended), and I certainly don't want to hurt anyones feelings, but that's not why I joined Facebook.

I actually joined Facebook after being reunited with a longtime BFF, who urged me to sign up to see her family photo album. So no, I didn't finally lose it, I got conned by pictures of cute kids. I do have a soft spot here and there (I keep trying to patch them, but duct tape gets expensive). Once I had set foot on Enemy Territory, I figured I might as well do some reconnaissance and get a better feel for this wildly popular phenom that, coincidentally, is often a source of business for hubby 'n me. Anyone who knows what we do for a living ought to stop and think about that for a moment.

Although I don't try to hide the fact that my tinfoil hat may be a little tight, I'm not saying Facebook is going to infest your home computer with a dozen backdoor trojans and browser hijackers hosted by identity-stealing cyber-criminals the minute you sign in. I'm also not saying you're immediately going to get run off the road on the I-264 interchange by distracted, iPhone texting teens in beat up SUVs. However, both of these environments are inherently hazardous.

If you're careful and alert, you CAN safely navigate both Facebook and rush hour traffic. Like just about anything else, a little common sense goes a long way. Me, I can't avoid the interchange no matter how hard I try, so I'll just keep driving defensively with my seatbelt on and my thumb hovering over my horn. At this point I can't completely avoid Facebook either (not without missing out on future cute kid pictures), but like all lanes on Al's Information Superhighway, I'll be driving defensively there as well. ;-)

Facebook: Why I don't answer

Just a quick post here, and a link to a good (IMHO) article on Facebook:

Facebook May Not Be For Everyone

I've gotten a few offers of pets, glitz, and farm animals myself, and I too will appreciate the thought while politely declining to accept.
I don't have time for farming via Facebook anyway; when I do have the rare few minutes of free time to play, I'm working on my mage level in Runescape.  My farming level there ain't bad, either.  ;-)

URLs in short

There's an old saying that "a shortcut is the longest distance between two points". When it comes to "tiny" URLs, this is literally true. If you like to share interesting links with friends and family, you may find URL shortening services quite useful. If you like to send links via Twitter, SMS, etc., they are invaluable, due to the character length restrictions on messages. Of course, it hasn't taken long for bad guyz (and galz) to find these services invaluable in other ways. It only makes sense: why bother trying to scatter links to your malware all over a bunch of websites if you can hack one shortening services server and point ALL their hosted links somewhere else?

This approach also neatly addresses (bad pun not intended) the problem of canny websurfers who use anti-phishing tools, or who simply hesitate to clink a link that shows its true destination as "http://www.hacks4u" at the bottom of their web browsers.

Since URL shortening services require that you hand off control of where the shortened URL points to, and trust that your intended destination remains the actual one, the best defense is a good offense. If you send, choose your carrier carefully. If you receive, be aware of (and wary of) the delivery guy. The wrapping may be pretty, but as another saying goes, "beauty is only skin deep - ugly goes to the bone".

Update: More news keeps popping up on nefarious uses of shortened URLs. Tiny URL does offer a preview feature, and for one extra click, I would recommend its use. Do yourself, and the people you send links to, a favor. ;-)

Quitcherclickin'...!

"Clickjacking" isn't really news - it's been around in myriad forms for a while - but the proliferation of it is somewhat newsworthy, even if a mass takeover of home webcams is unlikely (if you're seriously worried about peeping hackers, at least be creative and put something more entertaining than a post-it over the lens). It's certainly a trap to be aware of and avoided whenever possible. Personally I think a lot of it can be avoided simply by not merrily clicking away on every link/button/picture/monkey-doing-the-macarena a website throws up in your face, but maybe that's just me.

Obviously as long as people will click on links that actually say "DON'T CLICK THIS", clickjacking will be a popular and easy path to pwnage. And if you didn't click on that, you were at least tempted. Don't try to deny it. You know you're tempted by this one, too.