Big Brother - it's not who you think

George Orwell foresaw a future with no privacy and no security from government control. We aren't there yet. Not with the government. With corporations it's almost completely a done deal. But that can be changed.

It can be changed, but only if enough people are willing to take charge of their own information. Willing to be inconvenienced by denying cookies and turning off scripting. Willing to use private browsing all the time. Willing to leave Facebook until it the privacy policy is improved and enforced. In short, willing to force corporate America to change the way they gather marketing information.

Don't think it will be easy. The tracking information gathered when we search, buy, or just surf the web has become almost indispensable. Or at least corporations think it has. They won't willingly give it up.

I'm not sure most of us will be willing to give it up, either. A lot of the convenience of the web is a direct result of that data gathering. The nice personalized pages, the suggested items on eBay, Amazon, etc. are all a result of gathering and keeping data. Using your Facebook or Twitter sign-in to log-in to other sites requires gathering and sharing data.

Most of these things could probably be done with less tracking and data gathering. But they won't be unless we insist on it. And without insisting on simplified privacy policies written in plain English things will go back to the way they were. The sad truth is, even with privacy policies, the data gathered and held is still outside of our control.

The truth is, to enjoy any activity there has to be give and take. It only becomes a problem when one side either doesn't know what it's giving, or the exchange is far more beneficial to one side than the other. Most people do not realize just what they are giving up simply by participating in online life. If they did, they might not think they were getting their money's worth. They should be given the opportunity to make that choice.

If you would like to get a basic idea of just what can be figured out about you online you might try searching for your own name in Google, Bing and Yahoo. Depending on how active you are online, you might be surprised.

Accept credit cards on your mobile device.

In his NYT column yesterday, David Pogue reviewed the offering of a company called Square. Their product is a sweet software/hardware combo that allows anyone to accept credit card payments on their iPod, iPhone, Ipad, or Android phone. And do it at a reasonable cost.

I have to admit that I haven't paid any attention to processing credit cards on your cell phone. This looks like a cool idea, but apparently it's not the only option out there - although it may be the most palatable for some. In the comments to the article the reaction seems about even between the "This is great!" and the "This is a waste" crowds. There are a couple of people concerned about fraud, but I don't think the risks any worse than anything we already face on a daily basis. No worse than giving your credit card to the waitress at your favorite restaurant, anyway - and probably not as bad.

Square makes it possible to accept credit cards at your garage sale, or your booth at the local trade days, flea market, or for services you provide. It makes it possible to accept credit cards even if you only need to once or twice a year. And it makes it possible without having to have a merchant account or a paypal account, which is a big plus to some. Will it take off? I think it has a good chance, but only time will tell.

A blip from Blippy

A few months ago a new social networking service started up, one with a model I thought would never take off. Blippy posts your credit card purchases online in short, twitterlike 'blips'. The information posted includes what was purchased, where, and for how much. It's not supposed to include your credit card number. But according to Gigaom.com's Liz Gannes, for 196 transactions last week that's exactly what happened. According to Philip Kaplan, cofounder of Blippy, the transactions were from early in the services beta period, but was still being cached by Google. The problem has since been fixed - the search that had revealed credit card numbers doesn't now.

But this just brings us to the burning question in my mind. Why would you want this information to be published online, even without the credit card number? I do see a bright spot, however. Whenever I tried to use Blippy NONE of my accounts showed up to be shared. I guess they know how I really feel about their service.

Update: Blippy has since apologized, contacted affected users and promised to help them with any issues that might come up from the exposed data. They have also commited to hiring a Chief Security Officer (they didn't have one?!!!).

Hotels highly hackable

The ID Security Solutions blog reports that Data Breaches are Heaviest at Hotels. According to the post, both Trustwave's Spiderlabs and Verizon Business found that in 2009 Hotels were the had more data breaches than any other industry. That's not very encouraging when you realize that there's not a lot we can do as consumers to protect our data once we've turned it over to the hotel.

To make it worse, the weakest link appears to be the point of sale software. The software is often administered by third parties who log in to systems remotely. If they don't change default passwords, use weak password, or leave passwords blank, then it's easy pickings for data thieves. But I'm not sure I believe that most of the breaches are caused by poor password practices. The Heartland breach that occurred from late 2008 to early 2009 took place after they had passed security audits. Whether the audits were for Sarbanes-Oxley or PCI-DSS compliance, having blank or default passwords would not have passed.

As we move to more and more plastic based economy our financial data becomes more dependent on the security of the businesses we deal with. That is something we have little control over. I'm not sure what the best answer is, but we need to find one.

Facebook, Twitter used to scam brides-to-be, vendors

This is an interesting tale. Setup a Facebook page, garner followers (real or not), get a Twitter account, and rake in the dough. These internet entrepreneurs created a facebook account and tweeted about a nonexistent bridal show, and sold upwards of 5000 tickets, plus getting booth fees from hopeful vendors and a free radiospot in exchange for a reduced booth rental. Not a bad scam. I first read of the scam on Ars Technica in an article by Jacqui Cheng.

It seems that almost $150,000 was scammed from attendees and vendors with this scam. The Facebook page is down, and the twitter account probably is, too. The bad thing is, short of calling the convention center to see if the event is really scheduled, I don't know how you could see through this scam. Maybe the fact that payment was taken through paypal? That's not really an indicator. I'm sure we'll see more about this, and more examples of similar scams in the future.

Contactless card breach

Finextra reports a contactless card breach in Queensland, Australia. Somehow cash from one card was transferred to another card held by a person with the same name as the holder of the first card. It's not clear how the transfer happened, although it is being blamed on staff failing to follow longstanding security procedures.

It may not seem like a big deal, but its important to know how the switch happened. It's unlikely that the switch was caused by the cards. I've never liked RFID enhanced cards, be they ID's or credit cards. But this time I'm fairly certain the card is not the culprit. It is most likely either human error - which seems to be the official line - or a computer error. I'm sure the hope is that human error really is to blame. Then the solution is training or replacement. If it's computer error, it might not be fixable until the next system upgrade - and that could be bad news. System upgrades might be years down the road. Meanwhile, your metaphorical tail is left swingin in the breeze.

As we see more of these stories, will we come to realize that we would have been wiser to slow down and make sure things work the way we think they will before becoming very dependent on them for our wellbeing?

Eternal Ignorance

There was an interesting thread on one of the lists I subscribe to a few days ago. I'm going to share some of it with you. I'll be using screenshots of the emails so you can see the actual conversations, and see how some people will not learn. I hope you find it interesting, or perhaps even amusing, as only the pigheadedness of people's desire to get something for nothing (or at least at a heavy discount) can be.

The original poster (OP) was looking for cheap software:

[caption id="attachment_640" align="alignnone" width="419" caption="Seeking deals in spam"][/caption]

Everything about this deal screams "SCAM". Others agreed.

[caption id="attachment_643" align="alignnone" width="466" caption="Pointing out his error"][/caption]

OP disagreed with everyone (there were many more, "Don't Do it!" posts.

[caption id="attachment_656" align="alignnone" width="432" caption="Does he really believe this?"][/caption]

Did anyone actually read the first graphic? Do you remember him saying his VISA card was compromised in December, and he has no idea why.

I finally tried to explain why he was wrong. It didn't do any good.

[caption id="attachment_661" align="alignnone" width="600" caption="I weigh in"][/caption]

The moderator killed the thread, but not before it was obvious that, no matter the risk, this guy was going to try to buy from spammers. Of course, part of the problem was his definition of spam. To him, any mention of a product in an electronic medium is spam. I know this because he used a thread about the Magic Jack internet phone service as an example of legitimate spam.

The rest of his problem was he didn't want to be educated. He asked for advice, then completely disregarded it. I'm sure one day he will be wondering how somebody found out enough about him to rack up hundreds of thousands of dollars worth of debt. Or maybe only tens of thousands. Either way, he could have gone a long way toward avoiding it by just not using spam to shop with.

Oh, and that link to check websites is: http://www.siteadvisor.com/
Enter the URL of the site you want to check in the box on the right:

[caption id="attachment_664" align="alignnone" width="600" caption="One useful tool"][/caption]

Of course, if you are using current versions of most browsers, many have built in sitecheckers. But it's hard to overtest these things.

Hope this was helpful. Keep your eyes open and keep safe