For finding things, it’s hard to beat Google, whether it be concept, place or thing. If you are looking for a local business using Google Maps, that information is provided by another Google platform called “Places”, which consists of listings provided by business owners and “crowdsourcing”, which can either be a boon or bane to your business, especially if you were unaware that your business even has a Places listing. A restaurant owner in Virginia found out the hard way how impactful the internet can be, despite the low tech way he ran his business. The Serbian Crown only discovered that it had a Google Places listing after it was on a rapid decline in weekend receipts that eventually led to its closure. After months of struggling to find out why, the owner received a call from a regular who asked why they were closed on Saturdays, Sundays and Mondays. They weren’t, but Google’s search results said they were. The owner hired a consultant to take control of the places listing and correct the information, but the damage was already done.
What this means for you:
It’s unclear whether the misinformation found in the above Google Places listing was a mistake entered by an anonymous visitor just trying to be helpful, or deliberate sabotage by a competitor. Though the Serbian Crown’s owner alleges the latter and has sued Google for creating a platform that enables this sort of sabotage, Google has dismissed the claim as meritless. Anyone who has done any work managing a brand online, especially through Yelp, can understand how the Serbian Crown’s downfall could be wrought. The restaurant spent months walking around unaware with the equivalent of a “Kick me” sign stuck to its back. As more and more people get their information from the Internet, how your business appears online matters immensely, regardless of what service you perform, and it’s essentially impossible for any organization with a public-facing element to remain invisible or “off the grid.” If you don’t actively maintain an online presence, it’s still important to regularly search for your organization online to see what the internet has to say about it.
Ahead of a court order that is still pending, Google has blocked delivery of a single email mistakenly sent to a wrong address at the request of the sender’s employer. As most of you can attest, doing something like this, while technically possible within certain parameters, is usually not done for a variety of reasons, not the least of which is opening the Pandora’s box of requests for Google to do the same thing for every email sent to the wrong address or for the wrong reasons. In this particular instance, the sender was a contractor for Goldman Sachs, and the email in question contained significant sensitive customer data sent to the wrong address. Rather than risking a signficant exposure for the customers whose data was contained in the email, on top of saving Goldman Sachs from considerable liability, Google acquiesced to the request, which normally requires a court order.
What this means for you:
The only reason this was even possible in the first place was because the unintended recipient hadn’t actually accessed the account since the email was sent, and therefore Google knew for certain that the email wouldn’t have been read, and there could be “un-sent.” You may have experienced both the relief and disappointment of attempting to “unsend” emails via your own company’s Exchange server, which can call back unread emails, but once the email has been opened by the recipient, intended or not, there’s no way to unsend it. What you should really be taking away from this was why someone was using email to send a report with such sensitive information in the first place. In this case, convenience and ease of use led to a near-catastrophic breach. Do you use email to exchange confidential information with other parties? If you do, you should carefully consider the consequences of a mis-delivered email, and what it might cost your organization.
Canadian lawmakers have finally had enough spam in their email boxes and just passed legislation which essentially outlaws all unsolicited commercial emails. If you want to send commercial email to a Canadian, you must have their express consent, regardless of where your company is in the world. At first blush, you may be tempted to say, “Good for them. Fight the good fight, Canada!” and you’d be counted sane to believe this was enacted with good intentions, but we know where those types of roads sometimes lead. As many others have pointed out, this will likely negatively impact the businesses and organizations we do want to hear from, and will have little to no impact on spammers who already ignore laws, ethics, logic, spelling and common sense. Rather than having an inbox filled with all sorts of email, Canadians can look forward to only getting spam from scofflaws. Oh, and a ton of emails from companies asking for their permission to keep their addresses on their lists.
What this means for you:
If you send commercial email to your clients or customers, and some of them happen to be Canadian, you now have to sort them out and get a positive confirmation from them, regardless of whether they had actively or tacitly agreed to be on your mailing list. In other words, you have to send out what is likely to be viewed as an unwanted email to someone who already has too much email, asking if they are OK with you sending emails to them in the future. The fines for violating CASL are quite stiff (up to $1M for individuals), so you can be sure businesses with Canadian customers are taking this very seriously. And this law isn’t just limited to advertisement emails. This newsletter is technically an email with commercial intent, and if I were to send it to Canadians without their express consent, I could be held liable. Is a law similar to CASL likely to be considered in the US? Seeing as our politicians have trouble agreeing on just about anything lately, I’d say we’d only have to worry about the Spam Mounties for the moment.
Image courtesy of renjith krishnan / FreeDigitalPhotos.net
It’d probably be criminal not to share with the small handful of you who haven’t already heard about this story, but you might be surprised to find out that Facebook is once again creating trust issues with its userbase. This time around the dust-up was caused by a research study conducted in 2012 wherein Facebook purposefully manipulated an undisclosed number of newsfeeds to first emphasize emotionally negative posts, and then positive posts in an attempt to demonstrate that one or the other could “infect” readers with that emotion and cause them to post similar negative or positive posts. Recently published results seem to bear out that theory, but that’s not what has everyone in a dither. The problem is that Facebook didn’t bother telling any of the subjects (that would be me and you and everyone else on Facebook during the time of the experiment) that they were part of this experiment.
Most who utilize social media apps are aware to a greater or lesser degree that whenever an app as “useful” as Facebook is free (and even when they are not free), you are actually paying for the use of that app via your demographic potential (advertising) and via data generated by your interaction. The more cynical among us will just nod their head at the above and mutter a resigned, “Told ya so,” or “Why am I not surprised?” but there are still plenty of folks out there who (bless their hearts) believe that Facebook has their best interests in mind all the time. The only thing surprising to me about the above news was that it took this long for Facebook to admit that manipulating its billions of users was something that it was doing to make sure people kept using Facebook.
What this means for you:
At first, Facebook seemed to be surprised that people were upset about this study, and quickly pointed out that everyone had already consented to this by accepting the Facebook Terms of Use (you read that fine print, right?). Not so fast, says the internet. At the time of the study, Facebook’s TOU did not include the wording that would (however obliquely) cover your consent in participating in said “research”. That wording only appeared 4 months later, almost as if they knew what might be coming. The Cornell researcher who published the paper on the study has already publicly apologized for upsetting the internet, and Cornell University is backing away from any association with the study like it was radioactive waste.
What are the take-aways? Facebook has yet again betrayed user trust. Fool me once, shame on you. Fool me twice, shame on me. Will people stop using Facebook because of this? A small percentage might, but the majority will shrug it off, as they have other infractions in the past. By my count, we are well past two instances of Facebook not always looking out for its users’ best interests. “Buyer beware” is all I can say in this regard. And in case you are still “new” to today’s technology landscape, this isn’t restricted to Facebook. Everyone is doing it: Microsoft, Google, Yahoo, Amazon all the way down to the thousands of scrappy startups. Data is this century’s gold rush, and as before, people and companies can and will do many, many unscrupulous things in the mad rush for profit.
(In)famous fast-food chain KFC (AKA Kentucky Fried Chicken) made news headlines a few weeks ago when a news story surfaced about a little girl disfigured in a dog attack being asked to leave one of its restaurants because her appearance was disturbing other customers. The story quickly went viral and the Facebook page garnered a massive outpouring of support as media outlets pounced on yet another example of big business stepping carelessly all over the less fortunate. KFC flacks quickly and publicly apologize, and pledged a large monetary donation to the growing pile of money already gathered on Facebook for the little girl’s medical bills. However, not every news organization was so easily taken in. Following up on leads from anonymous sources, a local Mississippi newspaper uncovered many discrepancies in the family’s story, pointing to a hoax, the same conclusion that an internal KFC investigation came to as well.
What this means for you:
The internet is a powerful weapon, and depending on the hands wielding it, it can be a force for great justice or incredible harm. Unfortunately for the world, the less scrupulous can easily take advantage of social media’s lack of fact-checking and millions of heartstrings waiting to be tugged, and this won’t be the last time we get “got”. I’d like to believe this little girl’s grandmother told a small whopper out of love for her granddaughter (and maybe just a wee bit of personal attention-getting) that just spiraled out of control thanks to gung-ho Facebookers. In the end, this little girl and her family have a nice opportunity to lift her up past her horrible trauma, but do the ends justify the means? It’s possible that her family may end up doing more damage than good to her future, as the Internet never forgets, and it definitely never forgets when it gets duped.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Hacktivist group Anonymous is at it again, this time targeting Brazilian websites apparently in protest of Brazil’s costly hosting of the FIFA World Cup. While more traditional protests had been going on for many months with only nominal impact and attention, Anonymous immediately gained the media spotlight after claiming through Twitter to have hacked over 100 websites, including Brazil’s federal police website. Many of the website attacks consisted of Denial of Service assaults or simple defacements, but Anonymous sharply made their point by posting a list of logins and passwords purportedly from the police website, as well as claiming to also have harvested numerous operations documents and email exchanges.
What this means for you:
Just like any hot media item, hackers will be leveraging the globe’s enthusiasm for the World Cup, and it’s likely you will see spam and phishing attempts based around news, events and celebrities of the sport. As always, avoid clicking links in emails unless you can verify they lead to legitimate websites. Cybercriminals will also be counting on plenty of people searching for news about World Cup matches, so make sure you examine your search results carefully and only visit websites you know and trust. Don’t rely just on your antivirus software to protect you – use your common sense laced with a healthy dose of skepticism to avoid hackers scoring a goal on you.
Telecommunications giant AT&T disclosed on June 13 that three employees of one of its vendors used their privileged access to hack a server containing sensitive customer data, including Social Security Numbers, birth dates and cellular phone numbers. Thus far, AT&T hasn’t revealed how many are affected by this breach, and for the moment it appears that the hackers gained unauthorized access for the purposes of unlocking older generation AT&T phones for use on other carrier networks. The breaches happened in April, but AT&T is only just now notifying affected customers.
What this means for you:
Unlike previous data breaches, the exposed customer data hasn’t appeared for sale (yet!) on the internet black market, but AT&T is offerring a free year of credit monitoring as a mea culpa to its affected customers. If you were affected by this breach, you should have already received a notice from AT&T of the potential exposure. This latest breach demonstrates an important point about security: no matter how much you invest in protecting your perimeter, serious threats may already be behind your “firewall”. As an individual, there is very little you can do to help AT&T be more secure, but you can take your credit history and activity seriously, and always keep your eyes peeled for unusual activity on any online account, regardless of whether they are financial services or not.
If you’ve spent any time at all on the internet, you are probably painfully aware of how people can do and say dumb things on online. For most, it’s probably fortunate that their antics were merely foolish, as the American justice system has begun to take a rather dim view of online threats by throwing internet loudmouths behind bars. Among those made an example of is Anthony Elonis, a Pennsylvanian man who served nearly 3 years in prison for making a variety of threats on his Facebook page against his ex-wife, co-workers and law enforcement. All the alleged threats were, according to him, merely expressions of creativity, “rapping to his Facebook friends.” Surprisingly, the US Supreme Court has decided to hear Anthony Elonis’ appeal of his conviction on the basis that he never intended to carry out these threats, and there may be legal precedents that support this position.
What this means for you:
I’m no Supreme Court Justice, but I do know that things published on the internet, particularly social media sites like Facebook, rarely stay private, and I think it’s a safe bet that publishing something on Facebook means that you want people to notice what you posted. However, things like Facebook and the Internet also cloud the determination of whether the poster actually intended for offended or threatened parties to view that content at all. The cynical among us will say, “Of course they wanted this to be read by everyone, including their target. This is the Internet. Nothing is private.” But, Facebook promises us that our posts will only be as public as we allow them to be, right? Only our small circle of Facebook friends can see this, right? A US court has already ruled in favor of one internet loudmouth who, in a drunken stupor, threatened to shoot the President on a Yahoo discussion forum.
Were these online bozos behaving poorly and exhibiting terrible judgement? Absolutely. Did they commit an actual crime? It’s still up for debate, says the Supreme Court. For the time being, my advice on this subject remains the same: Never say anything online (email, Facebook, Twitter, whatever) that you wouldn’t want plastered all over the CNN website front page the next morning.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
As if having your Windows computer files and iPhone being held for ransom wasn’t bad enough, Android-based devices can now “enjoy” that ignominious fate as well. Security researchers are reporting that hundreds of Android devices, primarily in Russia and the Ukraine are being infected by a Trojan called “Pletor” which can do just like it’s Windows based counterparts: the victims were tricked into installing the trojan by fake websites, apps and games, and once the victim’s content is encrypted, the trojan demands a ransom of approximately $30-35 USD to unlock the data.
What this means for you:
Though it has happened before, it’s still extremely rare for a Trojan like the above to make it through the screening process that Google performs on all the apps that are available through the Google Play store, and even if one does, it’s pulled quickly. Google can even reach out retroactively to affected phones to remove the harmful app. That being said, it’s not hard to “side-load” apps on Android devices, which is primarily the way Android malware spreads. The easiest way to keep your Android devices safe: don’t side-load apps. Only install apps published through Google’s Play Store. Keep in mind, for everything not a Kindle Fire, installing apps from Amazon’s App Store is considered side-loading, and should only be done if you really know what you are doing. And if you just can’t live without side-loading apps, make sure you don’t store any important information on your device, and keep it well away from sensitive business data. The more risky your activities are on the device, the more likely it is that device will get compromised.
In case you were wondering where that whole “Network Neutrality” debate ended up, legislation/regulation is still being ruminated upon by the policy wonks at the FCC, Congress critters are still confused about “tubes”, but the knives have come out between content providers and ISPs. Netflix and Verizon are currently spatting over a particularly accusatory “error message” Netflix has been “testing” that shows a warning to its subscribers that Verizon’s network is too congested for them to enjoy Netflix content in HD. This, not just weeks after Google started its own page that shows you how well your ISP does when transmitting YouTube videos to you. In case you were wondering, most consumers weren’t pleased that Google & Netflix confirmed their worst suspicions: their ISP sucked when it came to watching videos, and it’s a safe bet that video watching wasn’t the only thing suffering from poor performance.
What this means for you:
Nothing as of this moment. Google and other content providers have been very vocal in the Network Neutrality debate, but when it comes to dealing with the government, “vocal” means writing a very stern letter and rounding up lobbyists to start scratching backs and/or eyes. But over here in the real world, the ringside bell just signaled another round of sparring and Netflix came out swinging. Verizon immediately lawyered up and sent its own sternly worded demand to Netflix to cease and desist, who just shrugged and said, “Hey, it was just a test. But we might be doing that again in the future. And oh, by the way, this is really your fault to begin with.” We’re fairly certain that it got a ton of attention from (allegedly) poorly served Verizon customers, who, like millions of other Americans, are basically stuck with zero choice when it comes to internet broadband. Get settled in, this is going to be a long fight, and those of us on the sidelines will probably get bloodied just as much as the titans, because, in case you hadn’t noticed, we’re all players on their gigantic chessboard.
Image courtesy of jasadaphorn / FreeDigitalPhotos.net