An End to Profanity

By Jeremy Wagstaff

We all want to encourage our grandparents, children, and others of a sensitive disposition, to venture online. But not if they end up on a video-sharing web-site like YouTube, where the comments appear to have all been written by people in extreme emotional pain, or a Facebook group, where robust language is considered de rigeur.

And how about those online gaming sessions, where you can pit your Xbox skills against someone you’ve never met? What’s made this more fun in recent years is the advent of services that let you speak to the other people you’re playing with at the same time. Great, except for the fact you might find, in the words of one web-site, “the profanasaurus on the other end of the mike is a schoolboy still at the age where yelling random insults at strangers seems amusing.”

Technology, belatedly, is coming to the rescue. Microsoft—maker of the Xbox–has just received a patent for something called an “automatic censoring filter” that can remove undesirable speech in real-time. The undesired word or words would be made unintelligible or inaudible. Of course, many of us would be happy to apply this kind of technology in our daily lives, at home or in the office.

Which, to a certain extent, we can. If you use the popular but not overly popular Internet browser called Firefox, you can install an extra add-on which allows you to do your own web-page censoring. It’s quite simple, really: just choose the words you don’t want to encounter in your daily browsing, and when they appear on a page they’ll be replaced by a gap, or by words of your own choosing. (You can find more details here: http://is.gd/4m1L)

A comment on YouTube, for example, would now look something like this: hey you [charming expletive], why don’t you [charming expletive] my [charming expletive] you [charming expletive]. It’s not Shakespeare, but it won’t make Gran blush and you can still catch the writer’s drift.

All these ribald comments, however, may be a thing of the past. A cartoonist called Randall Munroe recently drew a comic strip in which someone writes a computer virus forcing people who leave sophomoric comments on YouTube to listen back to what they’ve written before they post it. Needless to say they realize how stupid they sound and stop. (You can find the comic strip here: http://xkcd.com/481/)

YouTube seem to have taken the idea to heart, and have now added a button below the box where you add your comments that says Audio Preview. Press it and a robotic voice will read back what you’ve typed in the box. (And yes, it will include any profanity you care to include.) The hope? People adding absurd and insulting comments may realize how puerile they sound before they hit the post button.

This is an excellent ruse, but I fear that those people who think vulgar language is a form of rapier wit are already lost. The battle would seem to be to try to help those who make poor choices in their online interactions only when under the influence of alcohol. These might involve impassioned declarations of love or hate for ex-partners, say, or recommendations to bosses about where they might put their staff assessments, that would never have been made in the cold hard light of day.

Technology can’t really save you from such poor choices, but it can throw up a few road blocks. A mobile phone service in Australia, for example, has introduced a service called Dialing Under the Influence which allows you to blacklist numbers you think you might feel the urge to call at some point during the evening when you’re not thinking as clearly as you should be.

Google has just introduced an online equivalent for their Gmail program called Goggles, that requires the sender to perform some simple math problems before sending any email to an ex or to your entire staff when you’re at your most vulnerable: late at night at weekends, for example. The thinking is that if you’re sober enough to be able to do the math, then probably your message is not going to get you into trouble. (Details here: http://is.gd/3D55)

All good helpful and public spirited stuff. Sad, though, that technology has now taken on the role of trying to save us from ourselves.

©2008 Loose Wire

Jeremy Wagstaff is a commentator on technology and appears regularly on the BBC World Service. He can be found online at jeremywagstaff.com or via email at jeremy@loose-wire.com.

Why You Should Pay for Your Email

image

Screenshot from Search Engine Journal.

(update Dec 2011: Aliencamel is now more, unfortunately, and Fastmail has been sold to Opera.)

Using free email accounts like Gmail is commonplace, but not without risk. As Loren Baker, an editor at SearchEngine Journal, found to his cost, when Google disabled his account without warning. (At the time of writing there’s no explanation why his account was suspended, nor whether it had been resolved.)

The comments are supportive, but also point out the dangers of relying on a free service for business. This point, in particular, struck home; when it’s “free”, we’re not really the customers, except insofaras we’re the recipient of ads:

[such services] see the money coming from the investors rather than the users. Without monetary payment they are not even “customers”.

So what are the alternatives? Well, hosted email makes a lot of sense. If you’ve got your own domain, better to use that. But there’s also paid email services which, until Gmail came along, were where the smart users usually went.

So I asked a couple of them, AlienCamel and Fastmail, to give me five reasons why paid email services are better than free. Here’s what they had to say:

Here are Sydney Low’s of AlienCamel:

  1. No ads, no robots crawling through personal stuff
  2. Email infrastructure is expensive, you get what you pay for
  3. We backup your emails in US and in Europe
  4. Our spam blocking technology – pending email advisory – is patented and unique
  5. We’re limiting our growth to 2500 accounts – so it’ll always be fast and good

As a follow-up I asked him to elaborate on the last point: the logical thing would be that a larger provider would provide better support. His response:

Syd: scaling email backend is not linear – to go from about 3000 accounts and have the features and backup/redundancy, we would have to build a platform that would go to 10-20,000 accounts as a fixed cost business, we would need to not only spend $ on the infrastructure, we would have to spend $$$ on marketing to get the customers to pay for that infrastructure so, the business grows in complexity, cost, and we lose the closeness to the customer.

Jeremy: so a ’boutique’ email service is probably a better bet, in your view, than a mega one?

Syd: I believe so.

Here’s what Jeremy Howard of Fastmail had to say (abbreviated for space and fairness). Fastmail has been in the business a while, and is the provider of choice for those groups like Falun Gong who fear hacking by nefarious agents of the enemy (Chinese government, cough): 

  1. Support. FastMail has help for for pre-sales/configuration help and ongoing help
  2. Specialization. Free accounts are all about maximising ad revenue, not maximising your productivity
  3. Archival and compliance: FastMail provides 2 levels of archival – journalling of all of a business’s sent/received mail to a separate (searchable) archive mailbox, and on-line per-folder backups which can be used to restore a complete folder on demand. Also: searchable, complete, unmodifiable journal of all sent and received email for compliance.
  4. Supervision and control of staff’s use of business email, for security, policy-enforcement, and training purposes.
  5. Reliability.  Every email on FastMail’s systems has five levels of redundancy – Redundent HDD storage (i.e. RAID) on both a primary and real-time replica system, plus a complete on-line backup (accessible at a per-folder level).

It’s interesting stuff. It also highlights how we are perhaps being a bit too cavalier with the most important part of our lives—email has crossed the line between private and business, so many of us use our email accounts for both (Palin, cough.) Given that, we need to think hard about how we use that email, and whether free email is a false economy.

Should Journalists Pay for Information?

A tricky one, this, and easy to get on one’s high horse but not analyse one’s own self interest. 

Robert Boynton here does a good job of exploring this in more detail, concluding:

As professional skeptics, though, we should be suspicious of the knee-jerk way in which journalists invoke the “no money for information” rule. How convenient that our personal gain and our profession’s ethical principles are so perfectly aligned! Isn’t it possible that this prohibition is simultaneously true and a way of banishing awkward questions of money and exchange from our moral calculations? In the murky intimacy that comes with immersion reporting, we owe our sources everything. Perhaps this is why we try so hard to avoid the topic.

I quite agree. In Asia it’s hard to draw a line somewhere, and I’ve covered sleazy politicians and (even sleazier) tech PR companies, all of whom expect to get something for something. One former minister in the Habibie government insisted on money for an interview after he’d retired, arguing that it taught journalists the value of information (I argued it only taught them the price of it) and another, a senior politician and minister who is now a presidential candidate, demanded 9 million rupiah (then a little under $1000) for an interview. (We didn’t pay.)

But it’s easy to get all pompous about this. As Boynton points out, it’s sometimes easier to teach the ethics of journalism (the theory) than to teach good journalism (the practice).

And, more important, I think journalism is under far more serious threat from the other side: journalists accepting payment or making financial compromises in exchange for print space. More on that anon.

In the meantime, this all came up because I was asked to explain the ethics behind refusing to pay for information and found I couldn’t, at least in a way that made any sense. The example arose with a school run by nuns reportedly demanding money for access to records of a former pupil, now famous. They were tired, I guess, of the time and effort of catering to sweaty film crews stomping through their office.

They have my sympathies, and if one crew agrees to pay, a precedent has been set in the nuns’ eyes that is hard to quarrel with. They’re not out to make a buck; they’re just tired of diverting resources to something that they’re not being hired (or asked by God, presumably) to do.

Good luck to them. But they need to see it from the perspective of the journalist, too. Paying a nun for information isn’t likely to compromise the information very much, but how about if the person was a pimp/drug dealer/thief/killer/banker? How tainted is the information—and the relationship between the journalist and her source—then?

I guess my advice in that situation would be for a journalist or news organisation worried about such perceptions to offer money to a charity of the source’s choosing but from which they would not benefit directly;  the purpose of giving the money is to acknowledge the time and effort that went into providing the information, but not actually attaching a value to the information itself. It’s also acknowledging the more important principle: that, however much we’d like to think otherwise, information is money in our business—indeed that is our business, turning information into money–and we shouldn’t be too prissy about acknowledging that fact.

CJR: Checkbook Journalism Revisited

Serial Number Killers

image

I’ve been mulling the issue of registering and activating software of late, and while I feel users generally are less averse to the process of having to enter a serial number or activating a program before they can use it than before, I think there’s still a lot of frustration out there.

And I know from clients that it’s a balancing act between upsetting users and not encouraging those who seem unable or unwilling to pay to have a free ride.

It seems to me to boil down to this: Users who have paid for software expect to be able to use it out of the box. It would be like taking a bread maker home and having to call the manufacturer before you can start making bread.

What’s more, customers shouldn’t have to cope with silly technical problems that aren’t their fault. The example above is from my efforts to test Adobe’s latest version of Acrobat. The initial installation failed, and now it’s blocking the legitimate serial number it previously accepted—on the same machine. I still haven’t found a way around this problem, so my ardour for things Adobe has diminished a little.

The problem is that it’s fixable. I can yell at Adobe and hopefully I’ll get another serial number. But that’s not going to happen now—when I need it. It’s going to happen in 24, 48, 72 hours’ time. By which time I may feel like a mug for buying the software in the first place.

Here’s a possible solution: An automated temporary serial number that will work until a proper serial number can be available. This could be delivered online—say, a bot on IM, where you enter the serial number that’s not working and get issued a temporary one that does. Or a product could come with two serial numbers, one a permanent one and one a backup one.

Once customer service comes online and fixes the problem, the emergency serial number can be deactivated. As it lasts only for, say, 48 hours it would be relatively worthless to pirates. It will also push software companies to ensure they get back to frustrated customers within the allotted time or risk further wrath.

Either way, software manufacturers have got to make it easy for users to get around the limitations, and frailties, of the registration and activation process. Users should never be left in the lurch for even an hour if they’re a legitimate customer. It’s up to the software companies to address this issue. Perhaps something like this already exists, but if not I think an emergency serial number might be an answer.

How to Set Vacation Email Messages

I’ve written elsewhere of the hazard of setting a blanket auto-respond email message in Microsoft Outlook. Many programs and services have ways for you to tweak these settings so that only your contacts—those people in your address book—receive these messages. (This does not remove the chances of revealing information you don’t want to bad guys, but it does significantly reduce it):

Gmail

In Gmail, got to settings

image

and then scroll down to vacation responder.

image

Make sure you check the button at the bottom of the window Only send a response to people in my contacts.

image

Hotmail

in Hotmail, you’ll find the same option in Options/Vacation reply.

image

Microsoft Outlook 2007

Outlook has something similar, so long as your account is on the Microsoft Exchange Server (usually meaning you’re on your office network). There you can also select whether the auto-replies go to people outside or inside your organisation, etc:

image

Mozilla Thunderbird

There’s no in-built way to do it. Here’s a workaround, explained in more detail here, but it’s not pretty, and it depends on your computer remaining on and connected.

(My thanks to Brett Roberts of Microsoft New Zealand for suggestions.)

Watch Out For the Big Skim

By Jeremy Wagstaff

For those of you nervous about doing your banking online, here are some comforting words: It may be just as dangerous to do it at an ATM machine.

That’s because scammers have figured out how to steal your account details and PIN number straight from the machine. And they’ve been doing it for a while. And they’re getting better at it: Think of it as an industry with its own standards, supply chain and, well, ethics.

Here’s, roughly, how it works. A scammer walks up to an ATM machine. He chooses one in a place that’s not too busy, where there aren’t too many surveillance cameras, and where there are lots of tourists or rich people. He reaches into a plastic shopping bag and pulls out what looks like the card slot of an ordinary ATM machine—the bit on the panel where you slide in your ATM card.

Actually, it is the slot of an ATM machine, only it’s got an extra card reader built in. He sticks this over the top of the existing slot; it fits so well that unless you look carefully you won’t see anything odd. The only thing is that now the magnetic strip on your card would be read twice as it goes in—once by the bad guy’s reader and once by the bank’s machine.

The other part is the PIN reader. This can be done in a couple of ways: either by laying an extra key pad over the existing one, in much the same way he’s laid an extra card reader over the legitimate one. This will just capture your PIN number as you key it in.

Another way is to hide a little camera somewhere near the screen to record you tapping in your PIN number. This could be hidden in a fake speaker—which is where an alert customer found one in Pennsylvania last year—or a leaflet holder, or over the customer’s head.

(If you’re interested, you can watch some alleged bad guys installing this gear in less than a minute here: http://is.gd/41XO.)

All this information is stored on a flash card or something inside the fake keypad or card slot. Now the scammer has all the information necessary to make a fake card, program it with your account, waltz up to an ATM machine and enter your PIN number.

(Oh, and before you ask, you can buy a machine that makes a credit or ATM card, complete with magnetic strip, online for a few hundred dollars. Legitimately.)

This may be news to you, but it’s certainly not new. ATM skimming, as it’s called, has been on the go for quite a few years—at least 2004, but probably earlier. And it’s big business: Turkish police last month (Sept) arrested a man who, they said, had sold skimming devices to 10 countries including in North America and Europe. The police footage of his house—which has a swimming pool, by the way—includes boxes of ATM slot covers, keypads, and what looks like either a sun-bed or an ATM card maker. (You can watch the raid here: http://is.gd/41Xz.)

He also ran an online network which had details of at least 15,000 credit cards. Members bought gear, swapped stories, sold and bought credit card numbers, bitched about the neighbors and the FBI. The web-site was shut down earlier this month, but there’s bound to be another one up soon.

Now you may think that your visit to an ATM should be safer than this. OK, you might say, I can understand that my bank can’t be sending folk around to my house to check my computer is free of viruses, trojans and key-loggers, but surely they can have someone go around and periodically check that their ATM machines don’t have dodgy bits stuck on them, like extra card readers or keypads?

And if that’s too tricky, how about looking out for the more obvious stuff like speakers and brochure holders that weren’t part of the original design? Surely if a customer can spot these things, an employee should be able to? If you thought that I think you’d be thinking straight.

The thing is that banks do seem to be getting smarter. The problem for bad guys is that until recently they would have to go back to the ATM machine to pick up their gear and download the data. This is the risky bit, because the banks are beginning to wise up, figured out something is amiss and may be waiting for them.

So now they’re getting smarter. (The bad guys, not the banks.) They are putting cellphones or wireless chips inside the card slots or keypads or speakers or brochure holders to transmit the data back to Starbucks or wherever they’re waiting.

Now they don’t need to pick up their gear. Skimmers, as these people are called, can now buy a complete device which would transmit more than 1,800 cards via short message service before needing a re-charge. The whole kaboosh for $8,000. Or they could dial into the device when they like and download the data. By then they’ve probably got enough ATM data to buy their own bank.

In other words, you got to feel slightly sorry for the banks. This is sophisticated stuff. And it’s getting more so; according to some security consultants, there are indications that the slot covers that these guys use so closely match the ATM machines in color, material and dimensions that they well be made by the same manufacturer. As the blurb to one skimmer’s brochure put it:

Thus, we achieved the full and precise compliance of the paint’s tone, gleam, hue at the different light angles, the paint’s surface feelings to the touch etc. In the real situations the skimmers really look like an integral part of ATM.

The scammers are clearly getting smarter—either by being in cahoots with the employees of the companies that make these machines, or else by studying the material very carefully.

Either way, it looks like the banks are woefully out-gunned. They’re trying a few things—one is ‘jitter’, which moves the card around while it’s being read, confusing a scammer’s reader—but this means replacing all the old ATM machines. I can’t see that happening any time soon.

Bottom line? This may not happen everywhere, and it may not happen very often. But it makes sense to use ATM machines that are in your bank (i.e. not in a mall or the middle of a red light district), that you’re familiar with, and that you’ve thoroughly inspected for oddities—from extra card readers to brochure holders with little cameras coming out of them.

©2008 Loose Wire. All rights reserved.
Jeremy Wagstaff is a commentator on technology
. He can be found online at
loosewireblog.com or via email at jeremy@loose-wire.com.

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spoke in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

The Financial Crisis in Charts

Thought I’d offer a brief history of the financial crisis as seen through Google Insights, which measures the popularity of a search term over time.

image

Interest in the word subprime spiked a couple of times in 2007 (above) before we figured out it was all about toxic debts (below):

image

and credit crunches:

image

Then we realised suddenly we had to learn a bit more about Freddie Mac and Fannie Mae:

image

and even basic terms like liquidity:

image

Useful information. And it wasn’t just an economics lesson. We had to gen up on countries that we had recently given little attention to, like Iceland:

image

Although it’s worth keeping it all in perspective. Search for the word meltdown, a commonly used term to capture the excitement of the past few weeks, and you get this. Clearly rising interest, but that spike in 2005? It’s linked to Ice Age: The Meltdown, which grossed $70 million at the box office in its debut week:

image

Hollywood still trumps global financial disaster, I guess.

Fail, Seinfeld and Tina Fey: A Zeitgeist

I use Google Insights quite a bit—I find it a very useful way to measure interest in topics. Here’s one I keyed in just for the hell of it. Red is the word success and blue is the word fail. The chart covers from 2004 to today:

image

What seems to have happened is a surge of interest in the word fail relative to the word success.

To the point where, in the past week or two, it’s become a more popular word to include in search terms than the word success, for the first time in four years.

Just to magnify that last bit:

image

What does this mean? Probably not very much. But I found it intriguing. Are we now more interested in failure than success, or is it just this ridiculous new fascination with the word FAIL?

I think these Google searches reveal a lot more than we’re really giving them credit for. If nothing else, I believe they offer a pretty good idea of a celebrity’s career trajectory.

Take these clowns, for example. Here’s the gradually declining interest in Bill Gates (red) and Seinfeld (blue), revived, briefly, by the Microsoft ads:

image

(The blips in 2006 and 2007 for Seinfeld, by the way, are ‘Kramer’s’ racial slurs and Seinfeld’s aptly titled The Bee Movie, by the way.)

Here are the two comediennes, Sarah Palin and Tina Fey, their careers apparently forever intertwined. Palin is of course red:

image

A close-up reveals that Palin might be on the decline, whereas Tina is on the up:

image

Because all these things are relative, put Seinfeld and Tina Fey (red) in the same room and you get an idea of how big a shot she has become this year:

image

Just to stress that last spike:

image

Seinfeld was right when he said he was a has-been. Still a funny guy though.

And I can’t resist taking a look at how Techcrunch and Scoble (blue) face up:

image

Ouch. Seems Scoble started losing ground in in 2006. But hey, who knows? With this new dotcom crunch, maybe he’ll have the last laugh. Gotta admire someone who’s kept his own for 4+ years.

Talking of not leaving the party after it’s over, how does Vista shape up against XP? The chart is surprisingly revealing. Vista (red) enjoys a spike in early 2007 on its launch, but never seems to be able to shake off the XP shadow:

image

That’s one FAIL, I reckon.

Who says graphs are boring?

Social Engineering, Part XIV

image

Further to my earlier piece about the scamming potential of Web 2.0, here are a couple more examples of why social engineering is a bigger problem than it might appear.

First off, governments and organisations are not as careful with your information as you might expect them to. There are plenty of examples of CD-ROMs and laptops going missing, but often even that doesn’t need to happen. Some governments openly publish such information on the Internet. Indonesia’s minsitry of education, for example, has published the names, addresses, age, date of birth, school and education number of 36 million Indonesian students in easily downloadable XLS format.

Who might use such information? The mind boggles at the possibilities. But one hint might be found in this Straits Times article from neighboring Singapore, which reports a growing wave of faux kidnappings: Gangs phone someone with enough information about their loved one—child, spouse, or whatever—to convince them they’ve been kidnapped and the mark must pay the ransom immediately. In the past six months employees at one bank alone have foiled 14 such attempts—merely by alerting the victims trying to withdraw large amounts of money that they’re being conned.

In the first half of this year, according to the newspaper, 21 people have been scammed out of S$322,000 ($216,000) in this way. Such scams rely on having access to just the kind of information contained in the ministry of education’s database: Knowing kids’ names, their class, their home address, their school chums—all would be invaluable in doing a scam like this. Or any other number of scams.

The point is that we need to think beyond the narrow confines of single channels of data. Scammers don’t: They use a combination of techniques to build up enough information about their mark to be able to either impersonate them or convince them of something. In the above case, it’s that they have kidnapped a relative. In this (still ongoing) Hong Kong-based scam, it’s that they are their bank.

I’m not suggesting Web 2.0 is going to breed a different kind of scam, it’s just going to breed a new kind of opportunity. Social engineering relies on gathering just the sort of data that social networking and presence tools base themselves on.