Why It is Stupid to Buy a SmartTV

There are no regulations concerning what information can & cannot be collected with smart devices, nor how that information is transmitted. This article from the BBC explains how LG’s SmartTV sends the names of his family members in clear text across the internet— something that most people would be uncomfortable having publicly available.

Besides selling your private information to any and all advertisers or 3rd party entities willing to pay for it, none seem to have anyway to prevent those 3rd parties from transferring it to others (aside from legal clauses — which would be hard to prove & a lengthy process to fix). Nor it there anyway to redact information once released to 3rd parties.

But this is only part of the threat to personal security because it would be trivial for a person with the technical ability or a warrant to obtain any and all information collected by such devices. Smart devices — those with convenience features tied to internet connectivity — are trojan horses for violations of privacy far more invasive and covert than anything else and rely of consumer ignorance to operate unfettered:

http://www.bbc.com/news/blogs-echochambers-29826642

The only solution is to either never connect the devices to the internet, block all traffic or not purchase them at all.

Tech Crime & Punishment

In a recent article Sophos had a poll asking what the appropriate sentence for tech related fraud — such as fake “Windows Support” call saying you have a virus and asking for $300 to fix it over the phone. I have covered what to do with any unsolicited phone calls before (The “short” answer: do not believe any claim of identity and ask for proof such as their employee ID#, the company they are representing {which they are often obligated to give you}, the case number for your issue, & a callback number and hang up. Then look up the company contact info — make sure the company is on the up and up {has a physical address, look up consumer complaints about the company, etc.} — and call the official number with your case number if it all checks out. And never be afraid to get a second opinion — if a person tells you not to bother contacting someone else for a 2nd opinion — or worse discourages contacting a 3rd party — it is a huge red flag.) 

Excuse the outlandishness of this idea — it is just an idea that needs further refinement. If you are extremely narrow-minded or think “nothing can change/nothing will help” please stop reading now, to avoid reading something that might upset you. You have been warned…

Continue reading

Bistro turns the tables on Yelp, offers discounts to customers for 1-star reviews

I have heard several small business owners complain about Yelp’s “sleazy” and “crooked” (their words) tactics. I think that while ruled legal, Yelp advertising itself as a fair and honest ratings is deceptive. It is clearly a conflict of interest that they control the order of listings, and take money for advertising and placing advertisers higher in the results. When they tell businesses they can increase their star-rating by buying ad-space, or decrease it by not, that is hardly fair, nor honest. People have been led to believe Yelp star rating are accurate—they keep advertising it as such. But when Yelp is free to manipulate the listings, it is clear that “hard bargaining” is corporate speak for “manipulative coercion.” Despite its legal standing, Yelp’s practices are far from ethical—especially since it advertises ratings it publishes for businesses as genuine.

Hope DaltonC makes it…

I have been following Dalton Caldwell on Twitter and reading his blog posts for sometime now. A vast majority of the time, I am nodding along to each of his points, as he points out a company or industry’s fundamental breach of trust or lack of sense in some new strategy that will revolutionize the industry.

This time Dalton is trying to kickstart a new social network with a twist: App.net. Instead of selling you, the user, and having you do all the work by posting content and telling the company what you like, only to have them turn around and sell your data to marketing and advertising agency. So, they can resell it to businesses looking for people in your demographic as a higher priced “targeted ad,” he aligns the social network with users by having the money come directly from the users. Dalton—being a “very smart guy”—knows the idea of paying for a service that is usually free in order to get better treatment has come.

When live journal, tribe, friendster and myspace were all trying to figure out how to monetize their social networking sites, the public at large, didn’t understand how valuable having a way to broadcast to the internet was. Now, that the public has had a taste, the idea and acceptance of social networks being a valuable way to communicate with friends has allowed people like Dalton to finally offer a service that people know the value of paying for. Tribe, Friendster, MySpace, LiveJournal, etc. were all trying to ride the wave when it was still out at sea while also getting towed be boatloads of advertising cash. Facebook, Google and Twitter are now trying to catch a line from the advertising boat, and alienating some of the people generating the wave.

They could easily turn around and offer a paid, ad-free service, however the real damage is with their selling and sharing of your data—things such as you email address, name, age, sex, address, zip code, etc. Once sold, the Facebooks of the world cannot redact any of that information. There is no mechanism to pull your data once it is let out to a third party app or game a person tries even just once. While FB’s compliance policy says the app maker must delete your data if you remove their “free” game, there is no enforcement, nor any auditing to make sure this is actually happening. So, really, it is time for a new entity with a clean slate to start with a center that is based on serving the people who pay for the service rather than the advertisers and companies that pay lip service to privacy concerns.

The saddest part is, even when a big company such a Google or Facebook adopt practices that are gross violations of privacy or make errors that would land a person in jail, they get what amount to a slap on the wrist, and publicly apologize, saying, “it will never happen again.” But we all know that their profit-margin from either alleged “mistakes” such as bypassing a DO NOT TRACK header, or sneaking persistent ID cookies in there to follow your browsing habits far outweigh any penalty once they get caught.

For instance an executive at BP could have sat in his office knowing full well they would be forced to cough up up to 2B for gross negligence (as long as they kept their mouths shut and never admitted wrongdoing), but also the net profits will be up 50% to 15B. That 2B dollar fine is just the cost of doing business and still a 30% jump above last year. (All of this is speculation, and I haven’t even checked their numbers, but you get the idea.) The same could go on every day at a large company in the social network space as well. An executive could weigh the risk-reward ratio of any illegal action, and figure that with enough spin, plausible deniability and legal fees and decide that the penalties are far enough down the road, and that public scrutiny only lasts so long.

I see BP gas stations today and they are doing business as usual with pump prices holding steady a lot higher than before the explosion in the Gulf, because people don’t care unless it is convenient for them to. If it is inconvenient to not use a product or service that they know is from an ethically deficient company, they generally make excuses or just admit, “I don’t care” if they are a more honest person. In fact as long as their interests align, they are willing to put up with a few questionably ethical practices.

The thing is, if one of these companies deices that their quarterly profits are worth more than a permanent injury to a group of people (such as their identity being stolen and their credit destroyed) or the environment (such as sea life mutating thanks to oil dispersants used in concentrations that would affect cell replication), then you or the victim of their risk-reward calculation are fucked. Because all that will happen will be a slap on the wrist, and lip service. There is no such thing as a corporate death penalty for accidents, nor gaming the system. But there should be.

That’s why I hope Dalton succeeds. If his service takes off the ground and holds to its ethical center of “people over profit (but a profit is needed)” then companies like his will take care of killing the parasitic companies and the sociopathic companies for us. So, while I haven’t backed the project yet. I will definitely earmark part of my budget for it, and help by telling people. I do the same for any company that “gets it,” such as duckduckgo.com: because face it, Google’s “‘do no evil’ mantra” has evolved into (as George Carlin would say) “pure bullshit.”

I am not against making money, but I think no company should ever place the basis of their revenue stream at odds with sound ethical practices. If their is ever a question, then obviously you are in the wrong business or talking to the wrong people. Advertising and marketing are usually at odds with maintaining honesty and privacy, and those are the areas I would never work in. For instance: What would I say if asked to develop a system to help people find information when they want it? “Great!” Develop a system to monitor what people are doing with this tool? “Fuck off.” Why? because it’s a basis of freedom, and the word “freedom” does not mean “We will monitor what you do, so only do what we want you to.”

So, yeah, I have $50–$100 for dalton because I value people who put their business practices inline with my concerns for privacy and ethical behavior. Do you? Ask yourself if you really do too. Are you concerned enough to pay someone for this so they can erode those that are paying the numbers with your health, safety and security as their poker chips?

Quick Shot: Too Long for a Tweet, Too Short for a Page

Okay,

Quickly: This month has been a “lurning [sic] experience.” I am juggling multiple projects which are all related only by the fact that they’re simply making me a better designer. New tricks are being learned, etc. Sites are going up and being moved, and I’ll be updating everything and essentially leveraging what I learn in one place and using it in another.

I finally figured out I needed to buy more RAM for my laptop: sometimes there is less than 16MB of free RAM and over 700K page-outs in a few days of heavy use. The thing would slow to glacial pace during heavy loads. It’s really been holding me back. Who knew 4GB wasn’t enough!?!? So, I broke down and ordered a few more gigs. Luckily, installing is a piece of cake on my MBP. I was in and out of a friend’s machine in less than 15 minutes without cutting any safety corners. I also need to get another HD and replace the optical drive. OR I can just breakdown and backup over WiFi and offload some files. But I like the idea of having everything with me.

Another, non-web, but information related project is advancing slowly, but it is way too soon to even talk about. I am still researching to decide the best approach. Some of my closest friends know about it, and I think about it all the time. It is currently possible: all the building blocks are there, but no one has put them together yet. I should probably stop spouting off about it to people who work for huge computer companies though. But for all I know someone has already patented it? I dunno, I heard if you research a patent it is worse if you get sued. :\

Anyway, my plan is to release it under a non-commercial open licensing scheme, so that pizza fueled one man ops can use it freely, and large corps that can pay may license it. But as I said, someone might have already patented the pieces, but I think this would probably fall under derivative works. I’m not sure because I am not a patent lawyer. It sucks that I have to keep the cards close to my vest because copyright: originally designed to encourage innovation, is now a club that large corporations use on each other daily. Recently I read about a patent lawsuit about emoticons in a pull down menu on Ars, It seems silly to anyone, but that’s how whacked patent law is. The funny thing is, within my circle of friends I probably have all the people I would need to start developing this thing in earnest, but first I’ll go in sideways with build-up projects.

A big thanks to those people with everything from bachelors to PhD degrees in CS and related fields that I have the greatest conversations with. I learn something new every time I get a chance to pick one of these people’s brains.

Apologies about any incorrect punctuation marks or typos. I’m typing this on the fly before heading off somewhere. Cheers!

Tech News Doesn’t Stop When I Have Other Things to Do

Unfortunately, I might have bigger fish than CSS3 to fry soon. In the past week I heard about Google spying on people, even those in private mode (I would link to the video, but Google has apparently buried it since the station reporting it uses Google for their search and video); Facebook arguing in court that everyone is “Famous” to their friends so they can use your pictures and name in advertisements; another security flaw that makes 4 out of every 1000 RSA certs easy to crack; Nortel networks that were completely pwned by chinese hackers for a decade, recycled botnet code repurposed for stealing passwords, SoNet’s inflated user number (not a surprise — about 50% of the social network accounts are fake or unused), the Megaupload seizure, and the list goes on! Much of that I read on Ars.

The interesting thing about the Google story is that a person interviewed for the report said that to Google, its users are the product… hmmm, someone I know wrote that a few months back, hehe. (Sadly, not many saw it because it was rejected by Dice.) Anyway, I still have to write my Apps o’ Fame list, but I’m not sure whether to submit it and wait for a month or two or just post it here without editing or delay. (Thus why this update is posted here.)