Where did Noivad go?

The Ads really got to me (see prior post). So, after an update with a bad UI, I moved my blog. I really didn’t WANT to host it myself, but if you want something done right…

Anyway, I’ll see anyone that cares to follow me at my ad-free blog http://blog.noivad.net/ now with slick push notifications! :)  Oh, and if you care, I’ll soon have another media outlet, but it will be focusing on a different realm that I have written a bit about here and there. I would announce it now, but we are still setting everything up and I do not want to jinx it. I will say that we are reviving a production I did about 15 years ago that I greatly enjoyed working on. But perhaps I have said too much already?

Thanks for reading.

Why It is Stupid to Buy a SmartTV

There are no regulations concerning what information can & cannot be collected with smart devices, nor how that information is transmitted. This article from the BBC explains how LG’s SmartTV sends the names of his family members in clear text across the internet— something that most people would be uncomfortable having publicly available.

Besides selling your private information to any and all advertisers or 3rd party entities willing to pay for it, none seem to have anyway to prevent those 3rd parties from transferring it to others (aside from legal clauses — which would be hard to prove & a lengthy process to fix). Nor it there anyway to redact information once released to 3rd parties.

But this is only part of the threat to personal security because it would be trivial for a person with the technical ability or a warrant to obtain any and all information collected by such devices. Smart devices — those with convenience features tied to internet connectivity — are trojan horses for violations of privacy far more invasive and covert than anything else and rely of consumer ignorance to operate unfettered:

http://www.bbc.com/news/blogs-echochambers-29826642

The only solution is to either never connect the devices to the internet, block all traffic or not purchase them at all.

Email Worst Practices

I had to send this “support request” email today because of some seriously bad error in judgement when someone hit the sent button today. Seriously folks, this is 2014… have web companies and their employees learned nothing?

Hi,

this morning I got an email asking me to click a link embedded in the email to verify my email address as a condition of maintaining my *********

The email is worded exactly like a phishing attack: requiring fast compliance, threatening a disconnection of service, lacking a link to verify this policy anywhere and the email is unsigned by anyone.

Someone in security who works there must be aware most phishing attacks are carried out exactly this way, and that you should NEVER encourage a user to click a link whether it is a legitimate reason or not in an unsolicited email because of the bad precedent it sets.

Instead, you should give the user a one-time unique token to enter and tell them to login into their account, and enter the token on their account page to verify the email was receive and in fact they do own the account. Not doing so would allow anyone with access to a client’s email account to potentially hijack the account with your service.

If you disagree, then I will have to look for a more competent company to *********. Please escalate this email until it gets to a policy-maker that understands the importance of why this is ““worst practice.”” If this does not happen, I might as well cancel my account because it is only a matter of time before your customers or your client-facing DBs are hacked.

Thanks.

Just to clarify, the raw headers show it was sent from their mail server, and the message looks legitimate, but maybe someone hijacked that through completely unrelated blunder. Anyway, the moral of the story is: do not click links in unsolicited emails. If this was a case of a password reset I requested or a two factor auth thing, or even a newsletter I opted-in for, those are totally understandable, but in this case it was probably just bad form. To allow the company time to correct their policy (or regain control of their mail server) I have not mentioned exactly which web services company this is… but this is yet another case of sloppy work in the IT sector. And, as Danny Glover once said in a movie where he co-starred with a crazy guy, “I’m too old for this shit.”*

Thanks for reading.

*luckily this last word is no longer banned from TV, and thus — in this usage — it is appropriate to describe a distinct lack of professional behavior from a commercial company.

Another round of Dropbox Scam Emails Spikes my Blog

I have gotten about 10 or more fake dropbox invites this past few weeks, and a funny thing happened: my blog stats spiked like crazy! So, given that fact, I want to help people by reposting the link to that article that should show up in searches as being a fresher piece of info. Again, the advice remains the same, timeless in its wisdom: look before you click.

https://noivad.wordpress.com/2012/06/21/dropbox_invite_scam/

As previously commented: I seriously doubt Dropbox had anything to do with the release of email addresses. Instead, I think that the people phishing have compromised some end user systems and gathered data on who else might have dropbox installed.

Why Dropbox Would Sell Email Addresses

Someone commented that they wondered if Dropbox sold user email addresses. Based on what email address the phishing scam is going to, I would say no. Also, I mentioned that Dropbox makes its money by people upgrading their accounts, and would alienate paying customers if they did. So, the marginal income they would get for selling any customer info would easily be outweighed by the loss of revenue from customers going to one of the many other cloud backup and sync providers.

Personal Cloud Devices

Speaking of cloud or cloud like data access, I am close to purchasing Connected Data’s personal cloud device the Transporter once they can answer a few simple questions. Or I might go with Hyper or Akitio’s Personal Cloud devices. If anyone has experience with these devices, please contact me on app.net (the user name is the same), or comment here. Thanks for reading.

Bye the way: you tech heads need to make sure this Dual 2.1A USB adapter & extension cord succeeds because I need this product. I get nothing out of it but my reward level for backing it, BTW. However, by my estimates, nuPlug will miss funding by 3 days unless we help it out. So please pass this link to NuPlug’s Kickstarter. Daddy needs a new charging solution. I have stepped on extension cords; had to use 2 chargers for a 2.1A iPad and another device, and I have seen companies charging as much (or more) for just a Dual 2.1A USB charging adapter!

Q: Why Join App.net? A: Privacy & No Advertising

App.net might look like just another social service to some. And, in fact, it currently looks very much like Twitter was when it started: It is just a lot of tech-savvy people talking freely and enthusiastically about app.net and whatever strikes their fancy: No celebrities promoting themselves, no ad-spam, no fake users, no incredibly stupid posts—although there are some stupid posts, there’s no one stupid enough to post public calls to kill government officials as one woman who has disappeared did. App.net is just a lot of signal with very low noise.

I get at least a few invites each month to join a new SoNet. The invites usually get a tossed into the trash almost immediately. Few get me to look at the site. But that’s usually it. Even if I do sign up the to site, I often let it languish and simply forget about it until they start spamming me to use their site, “log in with…” or want me to link my other SoNets to it.

Paying not to Share but Selectively Share

App.net is 180° away from ll of these sites though, because their interests align with my interests:

Continue reading

Hope DaltonC makes it…

I have been following Dalton Caldwell on Twitter and reading his blog posts for sometime now. A vast majority of the time, I am nodding along to each of his points, as he points out a company or industry’s fundamental breach of trust or lack of sense in some new strategy that will revolutionize the industry.

This time Dalton is trying to kickstart a new social network with a twist: App.net. Instead of selling you, the user, and having you do all the work by posting content and telling the company what you like, only to have them turn around and sell your data to marketing and advertising agency. So, they can resell it to businesses looking for people in your demographic as a higher priced “targeted ad,” he aligns the social network with users by having the money come directly from the users. Dalton—being a “very smart guy”—knows the idea of paying for a service that is usually free in order to get better treatment has come.

When live journal, tribe, friendster and myspace were all trying to figure out how to monetize their social networking sites, the public at large, didn’t understand how valuable having a way to broadcast to the internet was. Now, that the public has had a taste, the idea and acceptance of social networks being a valuable way to communicate with friends has allowed people like Dalton to finally offer a service that people know the value of paying for. Tribe, Friendster, MySpace, LiveJournal, etc. were all trying to ride the wave when it was still out at sea while also getting towed be boatloads of advertising cash. Facebook, Google and Twitter are now trying to catch a line from the advertising boat, and alienating some of the people generating the wave.

They could easily turn around and offer a paid, ad-free service, however the real damage is with their selling and sharing of your data—things such as you email address, name, age, sex, address, zip code, etc. Once sold, the Facebooks of the world cannot redact any of that information. There is no mechanism to pull your data once it is let out to a third party app or game a person tries even just once. While FB’s compliance policy says the app maker must delete your data if you remove their “free” game, there is no enforcement, nor any auditing to make sure this is actually happening. So, really, it is time for a new entity with a clean slate to start with a center that is based on serving the people who pay for the service rather than the advertisers and companies that pay lip service to privacy concerns.

The saddest part is, even when a big company such a Google or Facebook adopt practices that are gross violations of privacy or make errors that would land a person in jail, they get what amount to a slap on the wrist, and publicly apologize, saying, “it will never happen again.” But we all know that their profit-margin from either alleged “mistakes” such as bypassing a DO NOT TRACK header, or sneaking persistent ID cookies in there to follow your browsing habits far outweigh any penalty once they get caught.

For instance an executive at BP could have sat in his office knowing full well they would be forced to cough up up to 2B for gross negligence (as long as they kept their mouths shut and never admitted wrongdoing), but also the net profits will be up 50% to 15B. That 2B dollar fine is just the cost of doing business and still a 30% jump above last year. (All of this is speculation, and I haven’t even checked their numbers, but you get the idea.) The same could go on every day at a large company in the social network space as well. An executive could weigh the risk-reward ratio of any illegal action, and figure that with enough spin, plausible deniability and legal fees and decide that the penalties are far enough down the road, and that public scrutiny only lasts so long.

I see BP gas stations today and they are doing business as usual with pump prices holding steady a lot higher than before the explosion in the Gulf, because people don’t care unless it is convenient for them to. If it is inconvenient to not use a product or service that they know is from an ethically deficient company, they generally make excuses or just admit, “I don’t care” if they are a more honest person. In fact as long as their interests align, they are willing to put up with a few questionably ethical practices.

The thing is, if one of these companies deices that their quarterly profits are worth more than a permanent injury to a group of people (such as their identity being stolen and their credit destroyed) or the environment (such as sea life mutating thanks to oil dispersants used in concentrations that would affect cell replication), then you or the victim of their risk-reward calculation are fucked. Because all that will happen will be a slap on the wrist, and lip service. There is no such thing as a corporate death penalty for accidents, nor gaming the system. But there should be.

That’s why I hope Dalton succeeds. If his service takes off the ground and holds to its ethical center of “people over profit (but a profit is needed)” then companies like his will take care of killing the parasitic companies and the sociopathic companies for us. So, while I haven’t backed the project yet. I will definitely earmark part of my budget for it, and help by telling people. I do the same for any company that “gets it,” such as duckduckgo.com: because face it, Google’s “‘do no evil’ mantra” has evolved into (as George Carlin would say) “pure bullshit.”

I am not against making money, but I think no company should ever place the basis of their revenue stream at odds with sound ethical practices. If their is ever a question, then obviously you are in the wrong business or talking to the wrong people. Advertising and marketing are usually at odds with maintaining honesty and privacy, and those are the areas I would never work in. For instance: What would I say if asked to develop a system to help people find information when they want it? “Great!” Develop a system to monitor what people are doing with this tool? “Fuck off.” Why? because it’s a basis of freedom, and the word “freedom” does not mean “We will monitor what you do, so only do what we want you to.”

So, yeah, I have $50–$100 for dalton because I value people who put their business practices inline with my concerns for privacy and ethical behavior. Do you? Ask yourself if you really do too. Are you concerned enough to pay someone for this so they can erode those that are paying the numbers with your health, safety and security as their poker chips?