Snowden and the Fate of the Internet

July 28th, 2013 by Dylan 1 comment »

A Guardian/Observer article titled Edward Snowden’s not the story. The fate of the internet is has turned up dozens of times on my Facebook and Twitter timelines and is, as I write this, the number two link on Reddit.

I haven’t written anything about the Snowden/NSA story although I’ve talked about it on Discourse a bit and engaged in a few Twitter discussions on the subject.

The title of the article is correct – Snowden isn’t the story, and perhaps the fate of the internet is. But I also don’t think the thrust of the story is right, and I’m frustrated that in most stories about Snowden’s revelations it seems that the elephant remains undisturbed in the corner.

The Guardian story, and most stories I’ve seen on Snowden’s leaks, have focused on the internet providers listed in the NSA Prism slides. The initial Guardian story by Glenn Greenwald grabbed the most attention by claiming that the NSA had “direct access” to servers at Facebook, Google, Microsoft, Yahoo and others. Subsequent releases don’t appear to support that claim. Instead painting Prism as more of a streamlining operation – simplifying the process of applying for interception orders and then receiving the mandated data from providers.

Focus has effectively, and unreasonably I think, remained largely on the internet companies at the centre of the scandal. Later headlines were generated with the sensationalist claims that Microsoft “handed the NSA access to encrypted messages” while ignoring why that was the case.

These companies have not freely chosen to hand over data to the NSA whenever they are asked. They are given no option in the law – and that’s the issue that still seems to be largely brushed aside in news coverage of the NSA scandal. The companies involved aren’t just throwing their users’ data at the NSA and, arguably, the NSA isn’t doing anything it’s not supposed to. The laws to make this possible are deliberate and secretive.

Companies like Google and Microsoft can’t reasonably be expected to refuse to co-operate with US law – who knows what the consequences may be? And the highly secretive nature of the laws involved wouldn’t offer them the opportunity to publicise their fight.

So while the media focuses on Snowden, the NSA and various internet companies, they are largely ignoring the legal reality that all this is occurring within. Google, Microsoft and the rest are treated as co-conspirators when in reality they are as much victims of the law as the US (and global) citizens who have been spied on however the media have barely moved on from the initial suggestion that internet companies where happily letting the NSA rifle through their records whenever they pleased – something that’s not supported by any of the leaked information.

The NZ Telco Rap Battle

July 19th, 2013 by Dylan No comments »

A brief rap battle broke out on Twitter today between NZ telecommunication companies – it was inspired by some Australian companies doing the same, and they were in turn inspired by the British.

Vodafone and 2 Degrees started the battle, then Telecom joined in briefly but it seems like they may have been a little out of their depth…


Password Security

April 24th, 2013 by Dylan No comments »

The Associated Press had their Twitter account hacked and someone posted a breaking news tweet stating that there had been two explosions at The White House and that Barack Obama was injured. It was retweeted widely and had an immediate impact on the US share market.

twitter-ap-news-hacked

So attention turns to how such things happen – the easy answer is, probably, poor password security. Or at least that’s how it happens to most people – we reuse passwords on multiple sites because that’s the easiest thing to do. The risk, of course, is that once a password is stolen from any one of those sites our security is potentially threatened on all the other sites we use.

Then how do we avoid that risk? It’s easy – don’t use the same password on multiple websites. But that’s a problem because how many passwords, especially “good” ones, can we actually remember?

There are two approaches – one is to use a product like 1Password which will store random passwords for every site you use, you never even need to know them. The other commonly recommended option it to have tiered passwords – a throw away password for sites you don’t really care about, a more secure one for you social media accounts perhaps, another that you use for sites like TradeMe and PayPal, and then a totally separate one for you email accounts. This concept is outlined, for example, by the MIT Technology Review.

The first is good and very secure. But I don’t like it. It requires that I either use a third-party app or website to store everything – and I have to then access that app or site whenever I want to login to a website. It makes it difficult to get to my accounts on someone else’s computer, for example.

The second doesn’t reduce the risk, it just compartmentalises it. If you follow that regime then when someone hacks your Facebook password they will also have your Twitter, LinkedIn and Tumblr passwords. Sure it means that attacks of the softest targets (message boards, blogs etc) aren’t going to let people get into your email, but that’s only a little bit better.

A Better Way

I don’t remember where I saw this idea first, but it made a lot of sense to me and I’ve been using it ever since.

Use a different password on (almost) every website, but remember them all. Easy, right?

Here’s how it works… Make up a moderately secure base password (letters, numbers, some symbols maybe – not a word) that you’ll be able to remember. Within that password you have a couple of variables that change for every website you visit.

Let’s imagine your chosen password was P4s$w0rD (not actually a great example) – you’d then decide to add variables at the beginning and the end perhaps, so now it’s xP4s$worDx – where x will change on each site. Now you decide how to determine your variables – maybe you pick the 1st and 3rd letters of the domain. So for Twitter you password is tP4s$w0rDi and on Facebook it’s fP4s$worDc – you’re remembering a password and a function for modifying it and you’re getting a password that’s unique to (almost) every site you use.

You can then also add tiers to this – have a different base password and method for different types of sites perhaps.

The only risk now is that someone gets at least two of your password and actively compares them to attempt to determine your methodology. Depending on your base password and method this could make it possible to guess the password you’d use on a third site, but it’s fairly unlikely you’d be targeted to that degree.

To combat that problem you could also add complexity to your password creation method – use 1st and 3rd letters for sites starting with A-M and 2nd and 4th letters for sites starting with N-Z for example. You can make it as complex as you like – all you have to remember is how to modify your base password for a given website.

I Just Got Facebook Black

March 20th, 2013 by Dylan No comments »

I’ve seen half a dozen of these in my Facebook timeline now…

facebookBlack1

 

A user (usually one I don’t know) posts an image and tags dozens of people, some of whom I do know, so the image shows up on my timeline as one of my friends was tagged. The user will then post a couple of comments with links so we can all get Facebook Black (how exciting!)

It’s clearly not real, but it sort of, maybe, looks a bit real. When I first saw it I did a little Googling and found a few references to the scam from late 2012 and slightly earlier in 2013, but they seem to be a little out of date and describe a slightly different approach.

The scam now seems to be based around a Chrome extension. If you follow the link it will send you to a Facebook Application which will then redirect your to and external website (the last few times I’ve looked it’s ended up at phototart.com) where you will be prompted to install a Chrome extension.

FacebookBlack2

 

Installing the Chrome extension is a bad idea. I’m unsure exactly what happens after this point because, frankly, I haven’t installed the extension. It obviously makes a Facebook post on your behalf, and could potentially do many many other unpleasant things.

Each time I’ve seen it, the Facebook application has been quite new (often created in the last 20 minutes) and I’ve seen at least two different Chrome Extensions. Therefore it appears that the creators of this particular scam are playing a cat-and-mouse game with Facebook and Google. It’s frustrating really that neither company has a better oversight process for their application platforms.

If you’ve been unfortunate enough to be hit with this scam, or have a friend who has, then you should immediately check your Facebook Apps settings and remove any suspicious or unrecognised apps. Also remove any suspicious Chrome extensions (you can type chrome://extensions in the address bar to do that) – the ones I’ve seen have had names like “Install Black”

It looks likely that this only (currently) affects Chrome users as following the link from Firefox brings up a notification window styled to look like Facebook which informs you that you’re a winner (never a good sign online, you’re not a winner). Clicking any of the links from there will take you down the path of endless online survey scams. Just don’t do it.

FacebookBlack3

 

Twitter is the Pub

March 15th, 2013 by Dylan 3 comments »

Here I am, again, writing about issues that stemmed from the social media strategy of local startup MyFoodBag. I wasn’t going to write any more about it – I’ve written two posts here, traded more than 100 tweets about it and I even talked about it on Discourse for about 20 minutes (all without receiving any free food, I might add).

I wasn’t going to write any more about it, but then one of the people I was trading tweets with on Monday night decided to. And he wrote about it in the country’s most widely read newspaper and anonymously paraphrased (incorrectly) a tweet of mine as the main thrust of his three paragraphs on the issue.

I got caught up this week in a Twitter debate about the rights and wrongs of media tweeting plugs for free meals, and whether these plugs should attract the #ad hashtag which identifies them as advertising.

One tweeter believed legal obligations that affect publishers, such as the laws of libel, could not apply and that social media was akin to people having a chat over a beer at the pub. But given that that person had more than 3100 followers, you would have to say the pub conversation would have to be held at a big booze barn.

If tweeters are confident they are outside the law and have views about the ethics of wealthy businessmen they could test out the theory by letting rip online.

– John Drinnan, NZ Herald, 15 March 2013

 

I am one tweeter in the above. I say the paraphrasing was incorrect because I didn’t suggest anything of the sort about lack of legal liability. In fact I said precisely the opposite – it’s hard to follow given the back and forth of it, but this was my tweet in reply to Drinnan’s suggestion that a making a negative statement about someone would test whether Twitter was ‘publishing’…

My point there was that it clearly was actionable but that Damian Christie’s tweets were his responsibility not his employer’s. And while there are laws about libel that apply to Twitter, I’m not aware of any that would affect someone’s ability to speak about a product they are using (for free or otherwise).

Anyway, here is the pub comment in question – I was suggesting that statements on Twitter were more akin to talking to friends than they were to ‘publishing’ in the sense that we understand it. Even in the days before the internet if a journalist got a product or service to review he was likely to tell his mates in the pub about it.

In this respect I think Twitter is the Pub. The things we communicate on Twitter, even celebrities, are effectively things we’re saying to our friends. There are legitimate publications on Twitter that would possibly be held to a higher standard, but overall I think the important thing in making these judgements is the context of the person’s Twitter stream. All the people who tweeted about #MyFoodBag on Monday night are genuine people using Twitter in a personal way that includes frequently tweeting about things they are using/doing/seeing/eating/watching.

The number of people I’m addressing on Twitter does not change the way I use it. The things I say on Twitter are very similar in content and tone to the things I would say in person with a few friends in a bar. They are, however, public and archived so they do potentially make me more likely to face legal liability for my comments in certain cases – but tweeting about something someone gave me is not one of those cases as far as I am concerned. The same, I assume, is true of all the people who chose to tweet about the bag of free food they received this week.

Of course I much more clearly outlined by various thoughts about Twitter marketing and the My Food Bag tweets specifically in subsequent posts here which I believe John Drinnan saw, but he still chose to paraphrase my position very oddly, although it was anonymous so I guess he’s safe from the laws of libel 🙂

A clear lesson from all this is that Twitter is a crappy place to have a debate. It’s hard to clearly make points and it’s even harder to know if other people are interpreting them correctly. But of course we’ll keep doing it because, a lot like the pub, it’s a great place for sharing and challenging opinions and ideas.

Tweet or Ad?

March 12th, 2013 by Dylan 1 comment »

Yesterday I wrote about the #MyFoodBag twitroversy – my conclusion was that the small barrage of tweets about the new cook-it-yourself meal plan product were the result of a well executed product launch with a focus on social media. The product was put in the hands of people who would talk about it.

I have been thinking more about it – there was a insistence by some people still that it was all a little sleazy or sneaky, rather than being ‘genuine’ tweets (and Facebook updates) from the people involve. I think some people feel that the purity of their social media interactions have been abused.

It’s an easy thing to understand – the thing we value most, I think, with Twitter and Facebook is the genuine and unfiltered connection we have with our friends and followers. We exchange all manner of minute detail about our lives and shared experiences. The idea that those interactions have been manipulated (or, worst of all, bought) can be unnerving to say the least.

But is that what happened here with My Food Bag? Is it what happens with other tweets sent by people taking advantage of freebies? I think it comes down to context. In all the cases I’ve seen with My Food Bag the tweets involved people who, let’s be honest, are over-sharers. These are people who’ll tell us about all many of products and services they take use – the good, the bad, free and paid for.

I am like this myself – I have regularly praised and promoted various products and brands I use. I’ve also expressed disappointment and frustration with those same brands and products. It’s just the nature of my Twitter presence. If a company puts a product in my hand (one that suits and interests me) I’m going to tweet about it. They don’t have to ask, or suggest it. It will happen.

Some people criticise these tweets as not being balanced as they’d expect from a review, which is true. But they aren’t reviews, they are reports. The people involved will tweet their experiences as they happen. If the product is good and the PR or marketing people have done their jobs then the tweets will probably be mostly positive too – it should ideally be a good product in the hands of someone who will appreciate it.

Obviously, however, when you’ve been given something for free there is a tendency to feel grateful for it, but I don’t think we should assume that colours these social media interactions too much – as I said we should assume that it is a good product to start with, in the hands of someone who will appreciate it.

Ideally we need to trust the integrity of the people we’re interacting with – follow people who are a bit like you. Hopefully the PR people putting products in the hands of these influencers are being responsible too, and not putting anyone in a position where they feel compelled to betray their own integrity. Pick carefully, put the right products in the right hands – if someone tends to dislike the type of product you’re pushing don’t give it to the, or if you do you need to be really up front about it… “Hey @nzben we know you hate Android, maybe our new phone can change your mind? Up for it?”

Twitter and Facebook are the new “word of mouth” – the holy grail of advertising – it’s visible and accessible, a marketers dream, but it’s also a very personal medium and those marketers especially have an obligation to respect that.

As for the title – when is it an #ad? For me I think that line would be quite black and white, I think an explicit exchange is required – money or goods specifically in exchange for a tweet or tweets. In reality, in the NZ Twitterosphere I think that is probably uncommon to say the least. I certainly hope so.

My Ad Bag?

March 11th, 2013 by Dylan 9 comments »

There was a little Twitter tsunami today… Suddenly and without warning a gaggle of NZ Twitterers regaled us all with 140-character endorsements for the brand new My Food Bag service.

It seemed a lot of influential people got some free meals and wanted to tell us all about it. However, not everyone was happy with the meal announcements, and some took a very negative view of the campaign.

So is it an #ad? I don’t think so.

Once upon a time I worked in PR –  in a time before Twitter. The concept of PR is closely tied to the idea that word of mouth is the best advertising, but since it is impractical to actually get lots of individuals to talk about your product (less so now with social media) you instead try to get people with an audience to talk about your product. This is typically journalists or personalities. You give them stuff and hope it all works out. The trick is finding the right people for a given product. Giving someone a product totally unsuited to them isn’t going to generate any good publicity, and it could possibly have the opposite effect.

Now, with Twitter and Facebook, word of mouth is MUCH more accessible – instead of 10 or 20 people each with an audience in the tens of thousands with magazines and TV we have hundreds of people each with a much more interactive audience often in the low thousands. But they are people who interact with their audience about all sorts of things and they often do it compulsively.

If you give those people a product they like they are very likely to tweet and Facebook about it, just as they do about the warrant of fitness and sore feet. They share the things that happen to them, and a free thing that interests them is definitely going to cross that threshold.

Back to the beginning – is it an #ad? I don’t think so – I’m assuming no one was paid to tweet, and I’d be highly surprised if posting to Twitter or Facebook was somehow required for these people to receive their Food Bag. Instead it was the natural result of mixing social media extroverts with a new thing. Should those people have disclosed that they were receiving something for free? Maybe, but I’m not convinced. It was certainly clear from many of the tweets that these people were being given a trial of the product.

In fact, the only failure I see in the campaign by Pead PR at all is that there was a small onslaught of tweets about the same topic all at once – it was enough to create an instinctive negative response in some people. Of course this was probably unavoidable and I doubt it was intended that way. These types of launches tend to be an all-at-once thing – and if you send ingredients and a recipe for dinner to a bunch of Twitter addicts all at once then there’s a very good chance they’re all going to tweet about their special dinner all at once.

Television Drives Fibre?

February 11th, 2013 by Dylan No comments »

Paul Brislen, of TUANZ, recently visited Malaysia to get some insight into their fibre deployment and uptake. He’s returned convinced that IP-based Television is the key to making fibre work – the driver to bring in customers…

While I don’t deny that’s the case in Malaysia (and has been a big help elsewhere) I just don’t think it will work in NZ.

It’s a chicken and egg situation really. Currently there are so few fibre customers, and so few providers that the it’s simply not an appealing market. Until there is a seriously significant base of potential customers (those with fibre connections already, or able to get them) then no one is going to be willing to make the massive investment in establishing an IPTV operation here.

There are other problems too – the way retail internet in NZ is managed isn’t well suited. In the US and Asia the ISPs providing the fibre and IPTV services also own the infrastructure. Here, however, ISPs provide their services through wholesale connections provided by Chorus, meaning that any given customer has their choice of dozens of providers. It’s even more unlikely, facing that sort of potential fragmentation, that ISPs could afford to establish appealing IPTV operations.

And then there’s content. Where will the content for tens, or hundreds, of IPTV stations come from? There are comparatively few likely choices (look at Sky TV’s listings for a good overview). In Asia and the US there are already many channels operating and providing multiple pay TV providers. That’s not really the case locally. A provider here would only easily have access to the Australasian channels (mostly already carried by Sky) and the Infrastructure required to carry those channels is massive.

Any ISP wanting to establish an IPTV operation here would be looking at tens of millions of dollars expenditure in initial broadcast infrastructure, as well as massive ongoing licensing costs to provide the content to end users.

I simply don’t think New Zealand has the population to support more than a couple of subscription TV providers, especially through the rather niche medium of IPTV.

There is perhaps room for one or two providers to be established and on-sell services through ISPs but that’s not going to be a viable business until there is a large potential audience of fibre users. It’s the chicken. Or the egg? Certainly one of them.

Mega Piracy

January 23rd, 2013 by Dylan 2 comments »

I’m going to assume you know that Kim Dotcom recently launched Mega, his new cloud storage system. I’m also going to assume you’re aware of his previous venture Megaupload, a popular file locker site that is currently at the centre of a major legal battle.

The allegation is that Megaupload was complicit in large scale media piracy that was taking place on their site. The fact that people used Megaupload for hosting and distributing pirated media and software is not in dispute, but how much Megaupload did to encourage that usage is at the heart of the legal battle.

So it’s unsurprising that some people believe that Dotcom’s new venture, Mega, is simply an attempt to recreate what existed before – arguably a haven for piracy.

Mega’s primary point of difference is it’s client-side encryption. In principle this means that any and all data you upload to Mega is encyrpted with keys known only to you, the uploader. No matter how much they want to (or others might demand) Mega is unable to see the contents of the files you upload to the service.

On the face of it, and listening to Kim Dotcom, this is a move designed to reclaim privacy online. It’s a valid concern when we increasingly have personal data stored in servers all over the world subject to many different countries’ laws.

However a more cynical view is that this encryption serves Mega’s interests in that they can’t possibly be held liable for the any data they host given that they are entirely unable to inspect it at all. It is this interpretation that people point to as evidence that Mega has been established to again be a haven for piracy with an extra layer of protection for the company.

I just don’t think that makes sense, at all, and the reason is simple: Money.

Mega currently offers users up to 50GB of storage for free. Their business model is based on premium accounts – like Dropbox. The don’t host advertising on their site or on downloads like Megaupload did and sites like RapidShare still do. The file locker sites also sold premium memberships that allowed users to download faster or with fewer limits – this is another thing missing from Mega.

50GB is a lot of media – probably 25-40 feature films, or 200 episodes of TV. It’s free to the user and requires no more than an email address to setup. Mega has to pay for the storage space and traffic requried to store these files.

A pirate isn’t going to pay a premium rate to Mega to host their files when they could simply setup a new account to get an extra 50GB. And Mega stands to make no money from high-volume downloads with advertising as Megaupload did.

Also the account structure, even on premium accounts, doesn’t suit large-scale distribution of the sort Megaupload is accused of – traffic limits are 2x storage limits – a free account is limited to 100GB traffic per month. They would quickly be exceeded if Mega accounts were to be used for broad distribution.

It doesn’t make sense for Mega to attract pirates as they would effectively be subsidising these downloads. In fact, if anything, it’s in their interests to avoid that usage as it would cost more to service those users than others who are using only a little of their storage and not transferring a lot of data.