Tag: Privacy

Still Messin’ With My Passwords

Big Brother is bugging me. Again.

Programs and Web sites that treat you as if you were too lazy or stupid or unconscious to take good care of yourself online and try to proactively help you get better at it are incredibly annoying. I’ve written here before about the idiotic requirements various Web sites place on passwords.

This afternoon a colleague sent me a document via his Dropbox link to it. I clicked the link in the email and was given the option of directly downloading it or logging in with my own Dropbox account to have it stored online. I chose the latter.

Up pops a page that says my password on Dropbox has expired because I haven’t changed it for a while. WTF?! Where do you get off expiring my password, you busy-bodies?! I mean, suggesting that I change it because I haven’t for a while is one thing, but just flat-out barring my access because you don’t like how long it’s been since I changed my password? Out-freaking-rageous.

And what about any apps I have that are interconnected with Dropbox? Are they now going to stop working and require me to update passwords as well? Why should I do that if I’m perfectly confident in the security of my password and my data?

Sometimes, doing things just because you can isn’t a great idea. This is one of those times. Stop “helping” me.

Back Off Restricting Passwords, Big Web!

I've had it up to here with Web sites that demand certain specific characteristics of the passwords they'll accept. I'm always seeing messages like, "Must contain at least one upper case letter and one number" or "Must contain one upper case letter, one number and one special symbol character." We have Big Pharma, Big Brother, and Big Government. Now we have Big Web.

It's my frigging password, OK? Let me pick one I can remember. Tell me if it's weak or strong or very strong (I like that feedback) but don't restrict my password so that accessing your site in the future is going to be a huge PITA for me.

The most egregious example of this I've seen to date came from my efforts to create a new account at Clickbank. The "error message" i got there after using one of my passwords that generally gets a Very Strong rating from sites that provide such feedback said:

We require that your new password contain the following:
 2 upper case letters
 2 lower case letter
 2 numbers
 2 special characters (examples: !@#$%^&*)

I'm sorry but that's just bullcrap. This is a tech engineer and/or security expert toying with my mind. Such restrictions have actually caused me to elect not to join a specific site or program in the past. In this case, I have to use Clickbank because of a client requirement but I can guarantee you that every time I have to use the site, I'm going to get a little angrier. My opinion of Clickbank, which started out at maybe 7, is now at 2. You put a barrier between me and using your site, you see less of me than you otherwise would.

Yeah, I know these guys are "doing it for my own protection," but I don't need a Big Brother, OK? Just let me pick a password, let me know if it's weak, and move on.

Sometimes Targeted Ads Are Cool!

There's been a lot of stuff in the press lately about online privacy, companies tracking your browser sessions and using the information they glean to target ads specifically for you. Much of the news of late has centered on Google, Facebook and interestingly enough The White House. As a result, I've been thinking a lot about what I call The Boundary of Privacy and Convenience.

I've long been a supporter of giving users maximum control of their online privacy. In my own Web practices, I err on the side of allowing more tracking than less, because I'm not terribly fearful of the generally benign, if annoying, results of such tracking. I have read numerous horror stories of people who have been harmed by such a policy but the number of such incidents seems to me to remain a minuscule portion of all online users.

Today, I got two reminders of why sharing personal information can be a good thing. 

My birthday is part of my public record on Facebook (and other sites, too). It's coming up relatively soon. Today, i got two email notices from people I've Friended on FB about my birthday. One was from a local restaurant offering me a free dessert any time during the month of March by presenting their coupon. Sort of like a long-standing Birthday Club tradition without the hassle of my joining it. Cool! The other was from a group on FB called Causes that I Friended a while back. They sent me an email suggesting that rather than ending up with a pile of stuff I don't want for my birthday, I might want to post a Causes Wish List item that would suggest that those who wish to buy me a gift, instead contribute to one of my favorite causes. Good idea! Our family has been doing this as an option for several Christmases.

I also notice, of course, that FB adds to a great job of targeting me, much better than Google AdSense. For example, I recently saw an ad that said, "We're looking for seniors in Monterey to give a free iPad." I clicked on the ad. Sure, I knew it was a come-on, but hey, they were talking to me! They knew my age range, city and that I'm interested in technology. I'd a lot rather read that ad than one for a product aimed at twenty-something females. 

So invasion of privacy is ugly and justifiably illegal. But info tracking and ad targeting? Not so much, at least in my view.

Stop Telling Me How to Create My Password!!!

I am fed up to here with Web sites that presume the right to tell me — sometimes with annoying precision, equally often with annoying vagueness — what constitutes a “valid” password.

It’s my information.

It’s my account.

It’s my freaking password. 

“Must contain at least eight and no more than 16 characters and include at least one letter one number and one special symbol.” Bullpuckey. Says who?

Sometimes the rules make it impossible for me to create a passsword I can remember. So what do I have to do? Write it down. How’s THAT for secure, you lame-os?

If I want to be stupid enough to use 1234 as my password or my name or whatever else, what the heck business is that of yours?

Keep your grimy mitts off my passwords!

There. Now I feel better.


Wikipedia Blackout Ill-Advised, Wrongly Targeted

Wikipedia has announced that it will black out the English-language version of its hugely popular site tomorrow in protest of pending legislation in the U.S. Congress that would, in their mind and the minds of millions of others, open a wide door to censorship of the Internet.

I am in complete agreement and sympathy with Wikipedia's position but I think they could and should have found a smarter way to demonstrate their opposition. By blacking out the site, they inconvenience millions of users, a minuscule number of whom are government employees of any stripe. What makes them think the firmly ensconced, well-trained corporate cronies who occupy legislative seats in D.C. will notice or care?

Instead, they could have:

  • rerouted all incoming traffic to a page explaining the pending rules and why they oppose them, thus educating without interference;
  • replaced the top half of all pages with an explanatory black banner (larger than the one they have on their site today to warn of the blackout) so users would get the same message but still be able to scroll to their content;
  • selectively blocked only DC-area IP addresses (I know that's not 100% feasible or effective, but I bet they could figure out how to have a big impact that way on folks who are actually the idiots making the decision).
In addition, several of the 6,000+ comments on the Wikipedia page announcing the blackout suggested that Wikipedia needs to deal with the real problem: an increasingly restrictive U.S. government that seems to be operating more and more from fear and which might well impose well-intentioned more draconian measures in the future. Wikipedia needs to divorce itself from the United States and its rapidly disappearing ideals of freedom.

I'm sure there are many other ways they could have found to make their feelings known without cutting out millions of school kids, college students, researchers and journalists who rely on Wikipedia to do their work. (Oh, and I'm not one of those, so this has no real impact on me personally.)

Google Tiptoes into Rep Management; I’m Skeptical. Twice.

Google has entered the slowly burgeoning field of so-called "online identity protection" with a new "Me on Google" service that leverages the seldom-used Google Profile feature that's been in place for some time.

Color me skeptical. Twice.
First, I'm skeptical of the entire field of reputation management. If the Internet remains more akin to the Wild American West than to modern "civilized" cities, reputation management is kind of like saying you could order the town gossip to stop talking about you and have the desired outcome. If someone posts a message about you anywhere on the Internet and you find out about it (not likely unless you're famous or have a friend who's a Net junkie), the most you can do is ask the poster politely to remove the inflammatory or erroneous message. Forcing them to do so would be nigh impossible unless you are a lawyer or have enough money to hire one to chase down the perp (I like that word; I watch too much detective TV).
In the story today, Michael Fertik, CEO of Reputation.com, admits that the field in which his company specializes is pretty limited in what can be done to repair a broken reputation. (Identity protection, on the other hand, offers some promise and Reputation.com along with a handful of other firms can help you sort out the best way to prevent a bad image in the first place.) There are a lot of reasons for this but all of them have their roots in the very nature of the Internet, which was designed to route around censorship, even well-intentioned censorship.

Second, I'm skeptical Google can really help with this problem at all. The new service is apparently built around Google Alerts, which are widely acknowledged to be far less than comprehensive and which are so limited by the inability of search in general to hone in on the right version of a term that they can be pretty useless.

For example, I've had a Google Alert on my name for months. Every day I get an alert with anywhere from one to a dozen mentions of "Dan Shafer" on the Net. I have watched fairly carefully and results are so spotty as to be useless. If I know about a post with my name and I monitor the Alert for even several days afterward, it very often fails to make an appearance. On the other hand, my name isn't as uncommon as I once thought. I share it with a young musician, a college professor, a city official in New York, and probably dozens of others. My Google Alert isn't smart enough to figure out that I only want to see alerts with my identity associated. I've tried refining the search term but even when it got to 250+ characters in length, it was still letting the "other" Dan Shafers through.

Oh, and I should say that these remarks are all based on news reports, not personal experience of "Me on Google," which, as far as I can tell at least, hasn't been turned on in my little corner of the gWorld.

How Do I Rid Myself of MagicCoffee Spammer on FaceBook?


I am being plagued by an offensive and exceedingly annoying criminal on Facebook. I've blocked and reported this reprehensible individual three times. I've sent him direct email demanding that he leave me alone. Nothing has worked. I am prepared to take any action within the law to make this person pay for being an inconsiderate slob. Any ideas?

His latest name is Charles Mitchell, though he seems to use lots of aliases. He's promoting some BS called Magic Coffee that he says is an aphrodisiac that works on both sexes. Clearly he's pitching an MLM. The attached image shows his alleged photo and other contact info. 

It is unfortunate that Facebook can't figure out how to stop this guy. Or gal. Or dog.