This issue has bothered me for quite some time. It is the practice of vendors, publishers and everyone in between offering “free” software, whitepaper, Mp3s, “special” reports and useless one-page drivel that makes you want to do some harm to the producers of such garbage in exchange for your personal information.

It happens so frequently these days that I think many of us have just assumed that it is the norm. But it is so wrong on many levels not just for the ethical dishonesty involved, but for the fact that it could lead to privacy issues, and in the long run detrimental to the goals of the perpetrators of this somewhat deceptive practice.

Worse yet, it may actually lead to the opposite result of what the “offer” is trying to achieve – land a new subscriber, a potential client, a partner etc. Not necessarily because these victims do not want your product, but because you scared them away in the first place. More important, it drives people who are sick and tired of being bombarded with useless emails and annoying phone calls to give false information.

You get an email or run across a link that screams “FREE! PDF Download; “Free Software”; “Free Report”; “Free eBook” etc. and you go to the website to get this “free” whitepaper or software or book, magazine etc and the next thing you know the site is asking for your name, daytime phone number, your evening phone number, email address, and country. Really? For a “free” offer, you need my daytime phone and evening phone numbers?

Wikipedia describes free as “Something given or supplied without payment (gratis)” and goes on to explain gratis thus:

“Gratis is the process of providing goods or services without compensation. It is often referred to in English as “free of charge” (FOC) or “complimentary”. Companies, producers, and service providers often provide certain things free of charge as part of a larger business model or pricing strategy.”

That is right, free is giving or supplying something WITHOUT compensation. So when that vendor above starts asking for your name, daytime and evening phone numbers and your country (for crying out loud), it is no longer offering a free product. Free is when I go to distrowatch and see a new version of a Linux distribution that I want and I click on the download button and the download starts. No stupid forms to fill out, no harassing phone calls two minutes after I hit the submit button.

Free is when Oracle offers a virtualization software like Virtual Box and they give you a direct link to the software without as much as asking for your email address. I know it has a lot to do with marketing, building databases of potential clients and making money through affiliation marketing etc., but please remove the deceptive tag of “free”. It is not free when you are exchanging your product for an email address or phone number. What that means is that you are expecting compensation or payment in exchange for that “free” offer.

Take the two examples below as symptomatic of this problem:

Here you see a page that loads up after clicking on a link offering a “free” eBook called Open Networks:

Notice the bevy of questions you have to answer just to get this “free” eBook.

On the flip side, here’s another website offering the exact same eBook, but without asking for any compensation and actually giving away the book in different formats (PDF and Docbook):

This to me is what “free” means – giving away something without asking for compensation.

I have seen a few websites that seem to get the deceptive nature of the practice of making “free” non-free offers and are now visibly letting potential victims know that “registration is required” to view or download a product.  Now that is as clear as can be. It tells me that if I want to read their whitepaper on a subject of interest, I have to give something back. It could be my email address, name, daytime phone number, evening phone number, country, spouse, number of cars, type of toothbrush, favorite curse word, GPS location, whatever. I know that this is an exchange. No “free” nonsense. The ethical nature of this act alone makes up for the annoying phone call that is bound to follow.

The next time you are tempted to dangle a “free carrot” on your website in order to “force” people to give you their email addresses so you can spam them, please let them know that “registration is required”. Doing otherwise is unethical and is pushing the envelope on deceptive practice.

Believe it or not, not many people are comfortable giving you their personal information these days. Moreover, if you are confident about the value of what you are offering, why not give it away with no strings attached? If the reader sees something they like and want to do business with you, they will find you.

If you insist on your subtle deception of using “free” to “capture” leads, the result is not what I would want as a business or organization trying to build a credible database. What you get will be a database full of fictitious names, bogus phone numbers and email addresses and a lot of stressed out sale people because most of the “victims” they call trying to run a pitch at will not be very receptive especially if all they wanted to do was read a good article or ebook.

Happy computing.

With that, Facebook announced Login approvals,  “…a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer.”

The idea behind the new feature is to help users combat unauthorized access or the now infamous “I have been hacked” incidents that have plagued users of the Social Network. The new feature, which is currently optional is expected to add a second layer of protection to users’ login process.

What exactly is it? Here is Facebook’s explanation of Login Approvals:

In essence, the process works in three steps:

1. Turn on Login Approvals
2. Confirm that you have access to the phone you are using
3. Enter the security code you received from Facebook to confirm that “you are who you say you are”

In other words, if you want to avail yourself of this “Two-Factor” authentication, you have to first, give Facebook your mobile phone number and second, incur text message charges from your provider.

But the idea of treating this as a token-based two-factor authentication is a little misleading and the explanation given by Facebook is very weak at best, to wit:

“…Similar features on other websites require you to download authentication apps or purchase physical tokens to act as your second factor”

That is not quite true. A couple of sites make you set up static second factor that could be numbers or an image which you have to enter or reference before final login. And you do not have to pay anything for it. Most online investment brokers provide this feature which seems to work really well.

Then there is this bizarre claim that two-factor authentication as implemented by other websites “…require a lot from the user before being able to turn on the feature”. Again, not true. When you set up an account with most sites that offer two-factor authentication, you are made to create the second factor during the setup process and it is a one-time deal until it is time to renew the password or “token”. Plus, how difficult can it be to enter a 5 or 6 digit preset or random PIN that expire at given intervals? There are even applications that users can install that will generate random tokens without opening up another attack vector – SMS spamming.

The second issue is, why are users being tied to a specific device or computer? There seems to be a tacit assumption that all Facebook users have their own computers and that is clearly not the case. Some users access their accounts in multiple ways – desktop in the morning, an internet Café in the afternoon and in a different city in the evening? So what happens to people who traverse continents regularly and do not want to be gouged for “roaming charges”?

The weakness in this implementation have caused some critics to downgrade Login Approvals to “part-time” two-factor authentication because once you have approved the browser instance you use to login daily, it does not require execution of the second authentication until you have removed it from the list.  Moreover, the user will be forced to re-authenticate from a different browser. So if you are like most people these days who use Chrome, Firefox, Opera and Internet Explorer on the same computer, albeit for different purposes, you will be doing a lot of authentication texting which could be another headache for Facebook as users may now have to deal with text hijacking by the “bad” guys. What happens if the database holding the phone numbers gets compromised? Don’t be surprised to see spam texters chomping at the bits for this scenario to play out.

Here’s the link to Facebook’s Login Approval announcement page.

The thing flashes and rolls and blinks and…, oh my. Even when you open an email to read, the banner sits pat and for every new email you open, a new ad shows up. Don’t get me wrong, I understand that this is about money, but do we have to go blind because of free email accounts? Google does not think so.

Compared to Gmail, Yahoo! email on the web is a Flash and JavaScript haven!  Gmail serves ads on GMail, but they are subtle and small portion of the right side of the screen. More important, the ads are without images. Yahoo! Mail pushes ads at you and they are in your face like you won’t believe. Even when you sign out, the onslaught does not let up.

Here’s what I mean:
Here’s an image of Yahoo!’s initial screen with JavaScript and auto images on – notice the billboard. Then look at Gmail’s initial screen after login.

Yahoo!:

GMail:

Google offers free email accounts, up to seven Gigabytes per user, I might add, and they do not attempt to destroy our vision by bombarding us with all kinds of flashing images, text, and anything else that they could lay their programming fingers on, including solicitation from unknown women:

And last time I checked, Google was making money.
I got sick of dealing with the Flash and JavaScript annoyance and finally decided to fight back and the tool of choice was Mozilla’s Firefox. Firefox has a quick and easy way for you to turn off JavaScript and freeze those annoying dancing boobs. Opera has an even faster way (Tools | Quick Preferences | Enable JavaScript).

But it looks like Yahoo! (and most Flash and JavaScript dependent websites for that matter) has wizened up to the fact that their antics might tick off a few folks and force us to take drastic measures (like turning JavaScript off and putting a leash on Flash) so they now also have images that still dance even if you turn off JavaScript. My counter, turn off automatic loading of images or install an add-on to do it for you.

Here’s how you turn off JavaScript. In Firefox, click on Tools | Options. Click on “Content” at the top. You now have the options to block pop-up windows, load images automatically and enable JavaScript. Uncheck the boxes for “Load images automatically” and “Enable JavaScript”. Click OK and refresh the browser. All those annoying images will go to sleep while you read your emails in peace. You can always enable JavaScript and automatic image loading when you need them.

Another option is to install an add-on called Flashblock – “an extension for the Mozilla, Firefox, and Netscape browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content.”

Here’s what happens after the Flashblock tool is installed:

The good thing about this tool is that you can enjoy the benefits of Flash and JavaScript without the scrolling texts, rotating banners, flashing images that are so annoying and tend to hurt the eyes. Not to mention the fact that they are a major distraction.

Opera and Chrome browsers may also suffice, although I have not used them much. Google won’t let me download Chrome without JavaScript and agreeing to some “contract”, so I passed. I have not used Opera in a while, although I hear version 11 is good. Internet Explorer is not an option here because of the way access to features are “hidden”. The hassles of turning things on and off in IE are just too much. And the major factor here is speed – being able to turn things on and off quickly.

Recently, I started noticing a trend that did not initially ring an alarm bell. Whenever I go online to research a particular topic, say “disaster recovery” or “file encryption”, I would get an email from one of the content provider’s “Research Assistant” with links to articles and documents from vendors about data backup, disaster recovery and file encryption. Normally you would say, “great, just what I was looking for”. But I tend to look at it from the other side – how did they know what I was searching for? And more importantly, what else are they tracking other than my search habits? To push it even further, how long has it been going on?

Remember, these are subscription services I signed up for a long time ago. Sure, whenever you download a white-paper (never mind that the piece of crap is only a page long) and you have to fill out a long form asking for every little detail about you, you will get your fair share of spam email. But thanks to recent regulations, you also have the option of putting a stop to the nonsense by opting out. In some stubborn cases as was my recent experience with Preplogic, you simply add them to your block list (yes, I will name this company because of their unethical behavior after I tried to unsubscribe four times and was still getting their “promotions”. I had to block their list address from sending me emails!).

[As an aside, I do hope companies realize that it is not the amount of emails you bombard us with on a daily basis that spurs our purchase (listen up Amazon!); rather, it is our need for specific products at specific times. After all, I came to your website to buy something in the first place. If I need something else, I know how to get to your website. Clogging my Inbox with useless "promotions" just pisses me off and could surely guarantee that I will not buy from you next time].

I had a suspicion that my internet searches were being tracked by this content provider (through IP tracking). IP tracking can be used to track people’s online behavior in a way that eliminates their anonymity online,  and recent tests have shown that IP addresses can perfectly identify about 30% of U.S. households.  That means that from your IP address, it is possible for a site to know or approximate your exact physical or home address).

So I did a little experiment (as a regular day-to-day user) to test my theory. I installed a fresh copy of Mozilla Firefox and set it up to always start in private browsing mode and to clear the cache on exit. I then used Adobe’s Flash Settings Manager to lock down (I thought)  flash cookies. Over a period of three weeks, I went online and searched for three different unique subject areas.

The first was “Identity Theft”. To my surprise (and to be honest, a little alarm), about 15 minutes later, I got an e-mail from the content provider’s “Research Assistant” with the following:

RECOMMENDATIONS:
Linking identity and data loss prevention to avoid damage to brand, reputation and competitiveness

Next, I searched for “Risk Management” and like clockwork, the “Research Assistant” came back with:

RECOMMENDATIONS:
Managing Risk an Integrated Approach

Finally, I searched for “Security Compliance” and got an e-mail from the “Research Assistant” with the following:

RECOMMENDATIONS:
Video Whiteboard: Managing Risk and Compliance Proactively

Were these three case coincidental? Possibly, but I find it really interesting that their email robot would send me messages “To assist you with your IT research”  and recommending “following related content, which other readers have recently requested. I am tempted to believe that despite the steps I had taken to shield myself from invisible “eye-balls” following my every move online, these content providers have found a clever and invasive way of keeping tabs on us all the same. The good thing is they (or some at least), provide an option to “opt out”. Whether that is just a window dressing to cover their butts is the anyone’s guess.

My recommendation is that you should be aware that nothing you do online is anonymous. More and more content providers are sharing subscriber information these days and tracking is the way they fulfill these barter arrangements. The goal is targeted marketing, but the psychological effect on us is a little stressful. There is so much going on in our daily lives that many of us do not have the time to look at the stuff working in the background as we go about our daily “surfness”.

Be careful out there.

According to a post on the blog of the developers of Office 2010:

“When designing Outlook 2010, we worked hard to ensure that the colors, shapes, and text used within the product provide a pleasant experience and make it easy for you to get work done. We have done this by redesigning parts of the user interface to give Outlook a clean, crisp, high-quality look that is free from distracting visual elements. By simplifying many parts of the user interface, we’ve allowed your e-mail messages and meetings to shine in the foreground better than ever before! Let’s take a look at some examples of how the new visuals improve Outlook.”

I have tried all three themes and it is still ugly. The blue actually looks more like gray-blue and the silver is just blah. It looks like a patchwork of disparate parts that makes Office 2007 a world apart in terms of being together. I do not even know where to start. They removed the orb that was just starting to grow on us ( a lot of people hated it when it first arrived, as with all new things). They threw menus all over the place…I am at a loss for words to describe my disappointment with this iteration of Microsoft Office.

Take a look at the images below and tell me which one “shines”:

Take the black color scheme in Outlook for example: It totally looks out of place. You have these gray (not black) panels on three sides with a white box slapped in the middle. We have square icons which look clunky, to say the least. I never really noticed it before but the ugly color is across the entire suite! So I get to stare at depressing silver-gray whether I’m using Outlook, Word, Excel, PowerPoint or Access. To rub the ugliness in, they have some weird pink highlights on the menu in Access to go with the gray theme (shudder).

Don’t get me wrong. We are not discussing functionality here. In that area, I like what they’ve done and you can read about the nifty stuff you can do with the new version here. Upgrade from Enterprise edition to Professional Plus went smoothly and the backstage thing is cool. But man, the interface in Outlook takes you back to the NT days and makes that of Office 97 kind of cool.

My take is that this will get everyone bemoaning the curse of a monopoly all over again. Microsoft, please hire some Linux developers or borrow some from Apple to help out with UI designs – imagination runs wild in those places. Appearance does matter.