Why we can’t have nice things

Subtitle: How we get nice things and then they make them too expensive.

Recently contractors for Comcast/Xfinity have been all over Louisville drilling holes along the utility easement to lay conduit for fiber optic cabling for Internet and cable. The city has a brief here on the project which is supposed to be complete by the end of October 2018. Bad news if you are a customer in the service area, the city release says:

Comcast customers will experience an outage from 30 minutes to 6 hours with the typical outage being 2 ½ hours. Any outages for this kind of scheduled work is typically done between 7:00 AM and 4:00 PM.

The full Comcast Q&A/FAQ is here.

Once the conduit/piping was laid at my house along the outside of back fence, things went quiet. Then today there were literally 15 trucks outside and across the street while they had a team meeting.

If you are stuck with little more than dial-up modem Internet speed, either because of cost, or because a faster service is not available to you, no doubt you’d think this is great. I already have CenturyLink 1Gbps fiber service, and this will likely be very good in the short term as competition drives down prices.

In the long term, this isn’t good news. The only winners will be Comcast.

Legislating hacking/data exposure responses

I don’t know enough about the European Union General Data Protection Regulation (GDPR) but at least on basic reading it seems inadequate in meaningful individual action requirements and legislation that benefits the actual user/person whose information has been exposed.

I’ve been signed up for haveibeenpwned an excellent website by Troy Hunt. You enter your email, and it tells you what breaches your personal information has been found in.

I was going to say “if any”. But of course your data will be there, especially after breaches like the River City Media (RCM) “spammer gate” where 1.4 billion peoples’ email accounts, full names, IP addresses, and often physical address, were exposed. Suffice to say, my two primary email addresses have been exposed in more than 20-breaches.

haveibeenpwned was a great start. CapitalOne, at least among my financial providers, has stepped up the game significantly. Their creditwise arm has incorporated Credit & Identity Alerts in to the app and website. Numerous times recently I’ve received alerts, and while initially the alerts didn’t contain enough information to take action, the most recent alerts have had all the detail I needed.

Creditwise Email
Email alert from Creditwise
Creditwise Alert
via website or app

Among the websites my data has been exposed this year include:

  • linkedin.com
  • kickstarter.com
  • ticketfly.com
  • bitly.com
  • myspace.com
  • last.fm
  • zomato.com

Some of these websites did individually send emails disclosing the breach. Of these, only ticketfly had any form of financial data that might have been breached. I have all my emails from them going back to 2012. Not a single word about a data breach or other exposure of my personal data.

The same is true for more sites than not. No notification. When you login to the site to at the very least, change your password to a new unique one, they more often than not also give you no indication. For many of them it’s also nearly impossible to find out how to delete your account. In the case of ticketfly, I submitted a trouble ticket asking how to delete my account but retain tickets for future events, so far nothing but a generic ‘we’ll get back to you’ response.

It’s time for legislation about what websites/businesses are required to do when they find a data breach. They must be held accountable, and not just through financial penalties that mostly just go into government coffers.

I’d like to see at a minimum:

  1. Mandatory requirement to notify by email, and if the business has a real mail address, by mail.
  2. A default opt-out and deletion period. At discovery, if data breached includes significant personal and/or financial data, the account must be deactivated. After notification, if the business has not heard from the user whose data is breached within 14-days, and the account is not already deactivated, it should be deactivated.
  3. Recovery of a deactivated account should NOT depend on any data exposed in the breach.
  4. When the user whose data is breached logs-in to their account following notification or during account recovery, they must be presented with clear information on what data was exposed. Two, they must be given a simple option at this point to permanently delete their account.
  5. If the user opts to delete their account, any consequences of the deletion must be made obvious at that time. For example, in the case of ticketfly, where I’ve already paid for tickets to future events, those tickets must still be available to me, even after my account is deleted.

In the era of “big data” and “everything online” the only way these businesses/websites will really put privacy and security first is not fines. It’s the actual loss of the customer/user and their data. These companies are often over valued, and paying government fines is just moving magic money from one bucket to another. It has a short term impact on their profitability, their quarterly results, not much else.

The Facebook scramble to rewrite history

As Facebook scramble to try to head off prohibitive legislation in the UK, Europe and the USA, it’s trying to reinvent it’s history and mission.  I’m no Facebook historian, developer, professional watcher but it’s worth remembering some of it’s actual history, bugs, screw-ups and the often terrible defaults it implemented with new features.

I’d long imagined that Mark Zuckerberg was the embodiment of Zeke Hawkins character in the 1993 movie, Sliver. One of the things Hawkins said in the movies about his surveillance was the Google-esq:

We’ll do only good things.

All of the recent disclosures about access to Facebook data isn’t about hacking or other malicious activity, it is about poor design decisions; defaults in privacy that were good for Facebook but not for the user; and ultimately necessary for Facebook’s’ business model. They were not, as Facebook and Zuckerberg oft refer to them as data breaches.

As the voiceover says at the end of the Sliver trailer:

The view from the outside is nothing…. compared to the view…. inside.

My history with Facebook goes back to when it was “thefacebook”. I’d been a regular speaker and panelist at the Silicon Valley World Internet Center between 1998 and 2003 when I gave my last session on Open Source. The center was housed at Stanford University. Over my time there, I made contacts with many professional and personal contacts.

I started using livejournal as an emerging platform for “blogging” and tracking news for my then key triathlon interests in January 2004.  That April, through one of the contacts I’d made at the World Internet Center, I was offered a userid to take a look at “thefacebook”. I didn’t spend much time on it, it was fascile, juvenille and voyeristic. I wasn’t surprised to hear that in 2003, the Harvard University administration had charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy.

That set the path that Facebook has followed since then, their design decisions, their defaults, everything has been aimed at making your information publicly available, searchable and collectable. As I texted a few days ago, none of this need happened if Facebook actually cared about privacy. Each and every time they implemented a new feature, they did so by setting the user privacy to the least private allowed.

While Facebook claimed they were not selling data, which was probably legally true, but they were always selling access to the data. If privacy was really central to Facebooks management of data, then they would have made the defaults very different than they did.

All those infuriating apps and quizzes that your “friends” were playing Farmville, Candy Crush, etc. let alone the apps that wanted to know actual personal information, like where you’d travelled to etc. For a while in 2007 there was even a class at Stanford known as the “Facebook class” where students, many of whom went on to make hundreds of thousands of US Dollars, were instructed on how to make Facebook apps.

As early as 2010, many of us were imploring people not to give companies like OK Cupid and apps like Lover of the Day access to your data, it was only ever going to end badly for someone.

Lover of the Day was installed nearly a million times. If every user that installed it had at least one hundred “friends” on Facebook,  that meant through a single app, four hundred million facebook users data could have been exposed and scraped. Even if “Lover of the Day” hadn’t overtly exploited this, it was totally naive rather than malicious.

By the end of 2010, there were hundreds of website scams that were, as far as I can see, just there to harvest your data, and that of your friends. There were numerous websites set up to track these, of which Facecrooks, was and still is one of the best.

When I got my Facebook data, before #DELETEFACEBOOK, I spent an hour searching through the data and my timeline to find interesting posts, pleas that I’d made to my friends about the lax controls, bad defaults and bad app choices they were making.In 2010 alone, I posted the following on my wall.

January 10th: “Well get used to it, the Facebook founder says your privacy is a relic of the past, everything should be public!”

March 2010: “So, not paying attention to the FB Privacy issue? Well last night the dumb ass’s made a change which made everyone’s email address public for about 30-mins even if you said not to or your settings… “

May 2010: “So yesterday Facebook blew their privacy yet again revealing private friend to friend conversations, allowing one friend to see outstanding friend requests of other friends…”

May 2011: When discussing the Symantec revelation that Facebook was leaking information to Third parties, I ended the post with – friends don’t give their friends personal information to strangers, don’t do the same on facebook!

By 2011, music streaming startup, Spotify, was known to be aggressively using and promoting their business through facebook by exploiting the weak/lax Facebook privacy. If anything, the US Government Federal Trade Commision hearings lead to facebook changes that were in marketing speak “more transparent” but reality, more opaque. They made it easier to stop sharing, but harder to know what was being shared.

In 2015, the scraping of user data was still rampant, I found a number of examples of warnings, mostly in so called “Big company” giveaways.

March 2015: Friends don’t invite friends invite to the SW Airlines ticket give away. It’s scam, they are harvesting Facebook id’s, friends lists and email addresses and who knows what else!

It was followed by a long bullet list of ways you could tell if the giveaway was a scam. My post ended in

If don’t doesn’t have at least two of those it’s a scam… It’s not harmless, it’s like showing up at an orgy and not using a condom.

When Zuckerberg and Facebook try to rewrite history claiming these were a breach of trust, or they didn’t sell data, or they acted as soon as they were notified, I don’t know what the hell they are talking about. They knew, they just didn’t care until the politicians got hurt, and now the optics look really bad.

Next. What should be done.

FCC and Net Neutrality – Fraud in your name?

After this weeks hugely disappointing repeal of the net neutrality. The ACLU has their take on the repeal, here.

I’m more concerned though with the claim that up to 2-million comments supporting the repeal were submitted to the FCC using fraudulent identities. I actually don’t don’t think it would have made any difference given what we know about the commission members who voted in favor of repeal.

Still, I wanted to be sure my comment was actually the comment I submitted, and no one else had submitted a comment using my identity. You can check here. Simply add your name to the form and click search. You’ll have to go through the comments submitted by people with the same name to check your comment is there, or that a comment was submitted on your behalf. Make sure to check all the people with your name, lots of comments seem to have been submitted using older addresses.

If you find a comment submitted that claims to be from you, that you did not authorise someone else to submit, or did not submit your self, please do 2-things

  1. Complete the remainder of the form to lodge a complaint
  2. Write, preferably a paper letter, to you States Attorney General.

A number of US States Attorney Generals are suing the Federal government over this issue. However, many have not joined that effort, including mine, Colorado.

Here is my comment, as submitted.

US Broadband and cable Internet access is already one of the most expensive in the developed world. It is also fragmented and suffers from overcharging for access to services. This proposal will only allow this to get worse, and potentially hamper both the development of small business services, and the use and consumption of both those and existing services. This must NOT be allowed to proceed. I write as a former IBM Distinguished Engineer and Member of the IBM Academy of Technology, and more recently, a Senior Distinguished Engineer and Executive Director at Dell Inc.

And finally the Presidents Tweet. Because I assume #NetNeutrality is too complex for him to understand, he assumes it’s too complicated for everyone else. Note the #NetNeutality auto-correct/mistype in the Presidents tweet. Explain it? He can’t even type it.

Fear of Automation

ZDNet has a good summary of a few recent reports on automation, a subject I’ve covered here more than once.

The more interesting survey report is from a Harris Poll for ZipRecruiter, an online employment marketplace.

ZipRecruiter’s nationwide data shows 60% of job seekers believe fears around robots taking away jobs are overhyped while 2 in 5 employed job seekers (41%) believe their current job will be automated within their lifetime.

This is more than likely because workers asked, don’t see the big picture. They don’t get involved with decisions and discussions about how to cut cost and risk from their workflow.

I’m not saying that we’ll wake up one day and everything will be taken over by robots, that’s not the case at all. It’s worse than that, automation is insidious and for the most part, invisible.

The ZDNet article by  for Robotics also links to recent reports from MckInsey and Redwood Software. Greg points out that:

  • 4 in 5 job seekers agree that the current technology boom has left certain people (84%) and cities (78%) behind.
  • Half of job seekers (50%) say the introduction of the Internet has generally done more harm than good. Employed job seekers are more likely to agree with this sentiment than unemployed job seekers (53% employed vs. 40% unemployed).
  • 2 in 5 job seekers (44%) believe there is no such thing as a bad technological advancement.

What this ignores, for the 50% that thinks the Internet is good, is that without it, and the automation and communication it has enabled, the workplace would be very different today. And that is one way the creep of insidious automation has been taking over.

Goodbye the evil empire?

I’ve become more and more concerned about posting on facebook, and being part of a massive data collection and analysis machine

A wordpress question to my blog followers, both by email, and especially on wordpress. Do you use any of the following reasonably new wordpress features?

If yes, can you post a link to your blog below. I’m looking for some examples. Why?

serveimageI think I’ve mentioned before, I’ve become more and more concerned about posting on facebook, and being part of a massive data collection and analysis machine. So I’m looking for ways to post the same sort of content I would post on Facebook, here. The main problem is I don’t want to clutter my blog post page with daily links, youtube videos, soundcloud and mixcloud audio etc.

It did think about adding an additional page, and adding an RSS feed to the page to pull saved links from paper.ly, instapaper, shareaholic, pinterest and so on, I’ve got a basic page going here, but there is no obvious way to control the RSS update frequency. I can’t add plugins to my site as it is hosted on wordpress.com. While it is a premium site, no plugins can be added.

I can subscribe via the sidebar to an RSS feed, but thats not really desirable, unless anyone knows how to increase(significanty) the size of the sidebar in the twentysixteen theme. So, what I’m looking for is examples, got one?

Post a comment below. I’ll add your blog to my blogroll, and if there are any really good examples and you are willing to share “how-to’s” via email or similar, I’d be willing to make a paypal or amazon gift card payment.

Dear Time Warner Cable

wpid-wp-1446745456076.jpgI keep getting these marketing letters from Time Warner. It appears they’ve got nothing better to do than review my account… trying to sell me on a 300Mpbs upgrade.

I sent a response today by USPS. I doubt they’ll stop sending, so at least I can post the response here and get some mileage from it 🙂

Thank you for your letter. If you were really reviewing my account you’d see I’m only have a 50Mpbs modem for my existing 100Mpbs service. It works fine.

Want me to upgrade? Provide a free modem for my existing service. Thanks. Mark Cathcart.

 

Can’t get enough Fiber

So, it’s formally announced, Google Fiber is coming to Austin in 2014.

This is potentially a great announcement. The focus will be on the speed, which in my view is wrong. It should be on the affordability and open access. For the most part, as I’ve blogged numerous times, Time Warner Cable is more than fast enough for most homes, its just uncompetitively priced for most, and not affordable for many.

I’ll be especially interested to see how they do this, right down to if they lay new cables underground, using existing or new carrier pipes; hopefully it wont just be more optical cable strung between poles. Obviously what will also bet interesting is the plan, which neighborhoods first etc. The devil is in the detail though, here are some of my first thoughts on it.

  1. Not one to look a gift horse in the mouth, but there is nothing revolutionary about google fiber. Many communities already have this sort of speed, it’s just not from google
  2. When and if it arrives in the ’04, it will come with a bunch of infrastructure that will require users to give up more data on themselves and what they do, what sites they visit etc. How much should google know about you?
  3. On the plus side its competition for TWC, which if you’ve been following along, is what I’ve been campaigning for, writing letters, making calls.
  4. They have a free offering. How this is used, who it is made available too is key; with more and more services going online we can’t afford a class of citizens who are denied access. Should we look for ways to subsidize the install/sign-up fee?
  5. If they just string fiber optic cable between existing polls, boooo. On the other hand, if they do it right and runs the optical fiber(glass cable) underground, are you ok with them digging up the streets. I am. We need to get all the cables underground to improve service, reduce maintenance costs, and get rid of the visual mess it creates.
  6. If you just have a one or two wireless devices, you are unlikely to notice the speed-up, and thats OK. Sure there are new standards that will enable a wireless device connect to the Internet at a theoretical speed that matches your Internet connection, as others have pointed out, Wireless N can already exceed the basic TWC services. Except for multiple people gaming, a couple of HD movies streaming though, you’ll be hard pushed in most homes to notice the difference.
  7. Start downsizing your TWC services now, I effectively shaved $60 off my monthly total bill for TV, HBO, Internet access, TWC need to understand that they can’t depend on the fact y’all have too much money and are too apathetic to go through the change. Lets create some real competition…

It’s no coincidence then AT&T, apparently smarting from the widely leaked google announcement, I can’t even get their service on my urban, less than a mile from city hall street, despite the fact they have two poles and cables on my block, responded by saying “we invest more than any other public company.”. Not here you didn’t.

TWC Shift upgrade costs to customers

Those of you like me who’ve not been able to get a decent alternative Internet provider might want to check your bills.

Starting November, TWC added a $3.95 Internet modem rental charge. They did this even though many of us have had the same modem since the service was installed, in my case 6-years ago.

There is a class action lawsuit about this, they feel its unjustified price gouging; TWC claim its for maintenance and support, and they are now doing what the other companies have always done. This is of course total BS and exactly the behavior you’d expect from a monopolist, or at best a duopolist and is one of the reasons why even in urban America we are slipping further and further behind, the focus is on financial engineering rather than product engineering.

TWC do offer you the ability to purchase your own modem online from a very limited set of approved modems, then you register with them and they will remove the $3.95 fee. However, this is likely to come with its own problems, when you have problems with their service. In an age where everything is going integrated for simplicity and reliability, it makes no sense for TWC to do this as it will almost certainly increase their costs.

On reflection though, I’ve realized this isn’t a modem rental fee at all. It’s a surcharge on people who don’t read their bills, don’t buy to buy their own modems, and ultimately it is a back handed way for TWC to pass the cost of upgrading modems to the customer rather than absorb it themselves. In the future, rather than have to upgrade their modems, they’ll just tell you to get this feature, you need to buy a new modem. It gets them out of the purchase and support of the modem, it also gets them out of sending someone out to upgrade/replace the modem.

A cheap Internet Modem can be bought for as little as $29.99; the TWC approved modems are surprising all $59.99 and more expensive. Given TWC’s enormous purchasing power, and the very cheap, limited functions modems they supply, they can probably get modems for less than $10 each. Assuming you pay the $3.95 for 3-years, you’ll be paying circa $150 for that same modem. TWC will be raking in another $500 million, to $1-billion per year, for little or nothing.

But that’s still not the point. The point is that in the future, when TWC is dragged screaming and shouting to provide the kind of bandwidth that is common, cheap, and comes with a free modem in most western countries, TWC will just tell you, you have to upgrade your modem if you are an existing customer.

I’ve kept a spreadsheet of charges I’ve paid for utilities since I moved to Austin. Yeah my property taxes have gone up, by otherwise all my other charges have increased only marginally. My monthly TWC bill bill though has gone up on average $40 per month for no discernible improvement in service. In total since I’ve been in Austin, with a total of less than $200 spent on movies, over 6-years I’ve paid Time Warner Cable nearly $14,000 US Dollars. That’s huge, it’s expensive, and it’s increased significantly in the last 12-months.

I got on their support chat system last night to find out why. It tooks me two full hours to get the answers, you can read the full transcript here. The summary follows, written by me and agreed by a TWC Supervisor, Melva F.

  • TWC feel I have an excellent deal on Internet speed; I feel its overpriced for what I get;
  • TWC suggest the only way to reduce the bill is for me to buy my own modem; I feel this is a penalty on a loyal customer who has paid over $10,000[closer to $14,000] in fees, on time, for not buying my own modem;
  • TWC are unable to remove the basic cable channels I don’t use; [and allow me to keep HBO which I do watch.]
  • TWC confirmed that the modem will still be used for phone service if I cancel Internet, but I won’t pay the $3.95 rental fee for that [same] modem;
  • I’ve spent 75-minutes on chat, got pretty much nowhere it terms of understanding how to reduce my monthly bill without cancelling my service

Melva F.>That is correct. Everything that you’ve mentioned above is correct.

So there you have it, legalized highway robbery. If you read the full transcript you’ll learn that sometime last year, I was put on a promotional rate that apparently included Showtime in additional my regular HBO, that expired after 12-months and now I’m paying an additional $10 for that; $3.95 Modem surcharge, and then a rate hike of some $15, add other random fee increases and taxes, and bingo, that covers my $40 increase per month.

Now the question is, what to do about it. My immediate reaction is to cancel my contract entirely but that has practical issues.