Recently, I started noticing a trend that did not initially ring an alarm bell. Whenever I go online to research a particular topic, say “disaster recovery” or “file encryption”, I would get an email from one of the content provider’s “Research Assistant” with links to articles and documents from vendors about data backup, disaster recovery and file encryption. Normally you would say, “great, just what I was looking for”. But I tend to look at it from the other side – how did they know what I was searching for? And more importantly, what else are they tracking other than my search habits? To push it even further, how long has it been going on?

Remember, these are subscription services I signed up for a long time ago. Sure, whenever you download a white-paper (never mind that the piece of crap is only a page long) and you have to fill out a long form asking for every little detail about you, you will get your fair share of spam email. But thanks to recent regulations, you also have the option of putting a stop to the nonsense by opting out. In some stubborn cases as was my recent experience with Preplogic, you simply add them to your block list (yes, I will name this company because of their unethical behavior after I tried to unsubscribe four times and was still getting their “promotions”. I had to block their list address from sending me emails!).

[As an aside, I do hope companies realize that it is not the amount of emails you bombard us with on a daily basis that spurs our purchase (listen up Amazon!); rather, it is our need for specific products at specific times. After all, I came to your website to buy something in the first place. If I need something else, I know how to get to your website. Clogging my Inbox with useless "promotions" just pisses me off and could surely guarantee that I will not buy from you next time].

I had a suspicion that my internet searches were being tracked by this content provider (through IP tracking). IP tracking can be used to track people’s online behavior in a way that eliminates their anonymity online,  and recent tests have shown that IP addresses can perfectly identify about 30% of U.S. households.  That means that from your IP address, it is possible for a site to know or approximate your exact physical or home address).

So I did a little experiment (as a regular day-to-day user) to test my theory. I installed a fresh copy of Mozilla Firefox and set it up to always start in private browsing mode and to clear the cache on exit. I then used Adobe’s Flash Settings Manager to lock down (I thought)  flash cookies. Over a period of three weeks, I went online and searched for three different unique subject areas.

The first was “Identity Theft”. To my surprise (and to be honest, a little alarm), about 15 minutes later, I got an e-mail from the content provider’s “Research Assistant” with the following:

RECOMMENDATIONS:
Linking identity and data loss prevention to avoid damage to brand, reputation and competitiveness

Next, I searched for “Risk Management” and like clockwork, the “Research Assistant” came back with:

RECOMMENDATIONS:
Managing Risk an Integrated Approach

Finally, I searched for “Security Compliance” and got an e-mail from the “Research Assistant” with the following:

RECOMMENDATIONS:
Video Whiteboard: Managing Risk and Compliance Proactively

Were these three case coincidental? Possibly, but I find it really interesting that their email robot would send me messages “To assist you with your IT research”  and recommending “following related content, which other readers have recently requested. I am tempted to believe that despite the steps I had taken to shield myself from invisible “eye-balls” following my every move online, these content providers have found a clever and invasive way of keeping tabs on us all the same. The good thing is they (or some at least), provide an option to “opt out”. Whether that is just a window dressing to cover their butts is the anyone’s guess.

My recommendation is that you should be aware that nothing you do online is anonymous. More and more content providers are sharing subscriber information these days and tracking is the way they fulfill these barter arrangements. The goal is targeted marketing, but the psychological effect on us is a little stressful. There is so much going on in our daily lives that many of us do not have the time to look at the stuff working in the background as we go about our daily “surfness”.

Be careful out there.

Tweet This Post

Well, Disney is in hot water right now for something similar but far more disturbing – Flash Cookies. Flash cookies are a new way of tracing your movement and storing a lot more information about you than with normal cookies and you can’t locate them in your browser. They are not shown in the list of cookies that you can see when you take a look at the cookies that are currently saved in your web browser. Even more disturbing is the fact that while normal web browser or HTTP cookies cannot save more than 4 Kilobyte of data, Flash cookies can save up to a whopping 100 Kilobyte.

That is a lot of storage space for snooped personal information through the use of LSOs, or locally shared objects with the ability to gather detailed user information over long periods of time without a trace. To make it worse, a recent paper by UC Berkeley researchers exposed the ability of Flash cookies to “re-spawn” themselves. This means that even if the user deleted the cookies, they automatically re-generated, like a virus.

This is not a new development as the dangers of Flash cookies were exposed way back in 2007.
The Disney case involves the use of Flash cookies to track highly personal information about their users, many of whom were minors by the company and its subsidiaries. Specifically, it is the “re-spawning” aspect of the suit that should concern “ordinary” users who do not have enough time or interest to dig into the inner workings of the more technical aspects of web browsing.

According to the suit filed in US District Court in Los Angeles against Walt Disney Internet Group, Clearspring Technologies, Warner Bros. Records, and several other companies that shared the cookies, the affiliates engaged in “covert online survellance” by failing to adequately warn users about the information-sharing arrangement. They are also alleged to have allowed “zombie cookies” to be restored even after a user had gone through the trouble of deleting them. In one stated instance, the “re-spawning” allowed Disney affiliates to track the habits of one individual who researched articles on depression.

The companies are alleged to have violated several laws, including the federal Computer Fraud and Abuse Act, the California Computer Crime Law, the California Invasion of Privacy Act and trespass and personal property statutes by:

• “…hack(ing) the computers of millions of consumers’ computers to plant rogue, cookie-like tracking code on users’ computers” which could not be easily detected, managed or deleted without notice or consent;
• “circumventing the users’ browser controls for managing web privacy and security”
• scheming to “obtain personal identifying information, monitor users, and to sell users’ data and to use the hacked profiles to track users’ across numerous websites;
• Spotting and tracking users when they accessed the internet from different computers, at home and at work.

There is a laundry list of information collected which, even though we know this stuff goes on, is a little troubling:

• viewing choices
• Gender, age, race, number of children
• Educational level, geographic location, household income
• What the user looked at, what the user bought, the materials the user read
• Details about financial situation, sexual preference, name, home address, email address, telephone number, health conditions etc.

So what can you do to protect yourself?

• Adobe Flash has a “Settings Manager” that can be used to control how Flash cookies work on your computer, but the tool is buried on the company’s website and is not readily available through the controls on your web browser. You can access the tool here. Go through the settings and make “deny” the default for everything. You can also set the allowable storage to 0. The setting can always be adjusted if necessary.

• In addition, get into the habit of using other web browsers than Internet Explorer that give you more granular control over what your web browser can do and you do not have to dig through hidden menus and locations to adjust them as is the case with Internet Explorer.
  Firefox, Opera and Chrome for example, have add-ons that can help you fight the invasion of privacy that is being driven by the need to gather more information about your browsing habits so companies can better target what to advertise to you.

• You can also try not using your real name for your computer account. Use a nickname instead. Encrypt personal data with tools like Truecrypt and Axcrypt. If you are using Internet Explorer 7 and above, Opera or Firefox, there is an option for private browsing where cookies are not saved. t is not perfect, but it can reduce the amount of trash content providers leave on your computer.

• Use spy-ware scanning tools like Spybot Search and Destroy, MalwareBytes etc. By occasionally scanning your computer for spy-ware, you may be able to detect some irregular files dropped on your computer by a content provider.

Sadly, many computer users take the issue of privacy and safe computing for granted, until something terrible happens.

Tweet This Post

According to a post on the blog of the developers of Office 2010:

“When designing Outlook 2010, we worked hard to ensure that the colors, shapes, and text used within the product provide a pleasant experience and make it easy for you to get work done. We have done this by redesigning parts of the user interface to give Outlook a clean, crisp, high-quality look that is free from distracting visual elements. By simplifying many parts of the user interface, we’ve allowed your e-mail messages and meetings to shine in the foreground better than ever before! Let’s take a look at some examples of how the new visuals improve Outlook.”

I have tried all three themes and it is still ugly. The blue actually looks more like gray-blue and the silver is just blah. It looks like a patchwork of disparate parts that makes Office 2007 a world apart in terms of being together. I do not even know where to start. They removed the orb that was just starting to grow on us ( a lot of people hated it when it first arrived, as with all new things). They threw menus all over the place…I am at a loss for words to describe my disappointment with this iteration of Microsoft Office.

Take a look at the images below and tell me which one “shines”:

Take the black color scheme in Outlook for example: It totally looks out of place. You have these gray (not black) panels on three sides with a white box slapped in the middle. We have square icons which look clunky, to say the least. I never really noticed it before but the ugly color is across the entire suite! So I get to stare at depressing silver-gray whether I’m using Outlook, Word, Excel, PowerPoint or Access. To rub the ugliness in, they have some weird pink highlights on the menu in Access to go with the gray theme (shudder).

Don’t get me wrong. We are not discussing functionality here. In that area, I like what they’ve done and you can read about the nifty stuff you can do with the new version here. Upgrade from Enterprise edition to Professional Plus went smoothly and the backstage thing is cool. But man, the interface in Outlook takes you back to the NT days and makes that of Office 97 kind of cool.

My take is that this will get everyone bemoaning the curse of a monopoly all over again. Microsoft, please hire some Linux developers or borrow some from Apple to help out with UI designs – imagination runs wild in those places. Appearance does matter.

Tweet This Post

As a business person, I am always on the move – seminars, conferences, client visits etc. At the same time, I need to keep up with what’s happening and more importantly keep up with trends in the industry. To that end, my smart-phone is virtually my computer and speed is essential. I get my emails on my phone, hold video conferences on it when possible and browse the web. To make these a little faster, I disabled flash and JavaScript on web browsers and disabled HTML rendering on my email client.

Lately, due to an ever tighter schedule, I have had very little patience for emails, newsletters and web sites that insist on using JavaScript, Flash and  HTML rendering or nothing. They would not open for you to at least get a gist of the content. My guess is that this is all driven by the need to track users or capture some ad dollars, but the inexperience is annoying, to say the least. The easiest thing to do is immediately move away from the web site of simply delete the email or newsletter. This is sad because some of them do have great content that one would like to read. But as soon as I see:

Oops! You may not be able to view this message in your mail client as HTML. Please copy blah-blah-blah to the address field of your browser

I just hit the delete button. If in 2010, some people are too lazy to program their messages to render as plain text if HTML is not available, they do not deserve my time. As a matter of fact, I am so disgusted with some that I simply unsubscribe from their list. It does not have to be pretty for people to get your message. Just get the message across as many have found ways to do. I read the newsletters and emails of these folks who get it. If I am interested enough and want more information, I go to the web site and put up with the annoying Flash or JavaScript, and the stupid request for my life history before I can download a crappy 2-page “White Paper”.

The same goes for a web site. Unless you have JavaScript and/or flash enabled, some sites just remain blank! No text, no static images, nothing. This is the height of laziness. Just because you bought a flash or JavaScript infested template does not mean you should not do some work to at least show something. When I encounter websites like these, I simply leave. They do not deserve my time no matter how great the content may be. A simple online search for the topic gives me equally great sites and content without the hassle of JavaScript and/or Flash. These technologies are meant to enhance a web site, not be the web site.

Tweet This Post

The Symbian Foundation has announced the availability of its web application development toolkit for the open-source Symbian^3 mobile platform. The new platform allows programmers and web developers to augment their skills with the use of “just a few more JacaScript APIs” in order to access capabilities like contacts, camera, location etc. on a symbian powered handset.

According to a statement from the foundation, anyone who can create a web page can create an app for Symbian^3, as coders only need standard development tools including HTML, CSS and JavaScript.

“Now anyone can create fantastic applications for devices such as the Nokia N8, the world’s first Symbian^3 device. These Symbian web application development tools provide an ideal entry point for web developers targeting the vast, new development opportunities offered by the Symbian^3 platform and the wider mobile marketplace, where compelling applications are proving their ability to fuel communities,” Symbian Foundation chief Lee Williams said in the statement.

The Symbian web app development toolkit is available for Windows, Mac and Linux. Other web development environments can be used to write apps for Symbian, but the foundation is promoting features of its toolkit that include mobile-specific application preview, debugging and deployment capabilities”.

Read the rest of the story here.

Tweet This Post