Category Archives: Corporate Insanity

Facepalmbook

What could possibly go wrong?

Facebook has begun conducting a pilot where it solicits intimate photographs of women – and it will soon offer the service in the United Kingdom. Anxious exes who fear their former partner is set on revenge porn will be urged to upload photographs of themselves nude.

There are already plenty of candidates for worst idea of 2017. It’s nice to see that the Zuck doesn’t want to be left out.

Flattr this!

Quote of the Day: Don’t believe the hype

So the role of the programmers was one of silent insubordination: the goal was to save management from themselves. And we’ve seen this replayed with a succession of technology hypes ever since.

Andrew Orlowski

I’m reminded of a remark from Frank Soltis that I saw many years ago. The gist of it was that if you want to know the next big thing in IT, you should read in-flight magazines. His reasoning was that executives travel they flick through these magazines — they probably don’t understand what they’re reading, but by the time they land they do want to know why we don’t have a purple database.

Flattr this!

Password Rules Are Bullshit

Jeff Atwood makes the obvious point that the worst, of many bad things, about passwords is password rules:

Password rules are bullshit

  • They don’t work.
  • They heavily penalize your ideal audience, people that use real random password generators. Hey guess what, that password randomly didn’t have a number or symbol in it. I just double checked my math textbook, and yep, it’s possible. I’m pretty sure.
  • They frustrate average users, who then become uncooperative and use “creative” workarounds that make their passwords less secure.
  • They are often wrong, in the sense that the rules chosen are grossly incomplete and/or insane, per the many shaming links I’ve shared above.
  • Seriously, for the love of God, stop with this arbitrary password rule nonsense already. If you won’t take my word for it, read this 2016 NIST password rules recommendation. It’s right there, “no composition rules”. However, I do see one error, it should have said “no bullshit composition rules”.

I would add that possibly the worst password rule is the one that demands you change your password on a regular basis. Either people will start writing down their passwords, or come up with a pattern that ensures their passwords are always easy to guess.

Password rules aren’t just bullshit, they are actively counter-productive.

Flattr this!

Stupid never learns

From the terms of use of the London 2012 Olympic website (handily archived for posterity by Index on Censorship):

Links to the Site. You may create your own link to the Site, provided that your link is in a text-only format. You may not use any link to the Site as a method of creating an unauthorised association between an organisation, business, goods or services and London 2012, and agree that no such link shall portray us or any other official London 2012 organisations (or our or their activities, products or services) in a false, misleading, derogatory or otherwise objectionable manner. The use of our logo or any other Olympic or London 2012 Mark(s) as a link to the Site is not permitted. View our guidelines on Use of the Games’ Marks.

In other words, they didn’t want anyone linking to them unless they were going to say something nice.

This time around, ESPN (via Gizmodo) reports that it’s the turn of the United States Olympic Committee to fire up the stupid with a letter to companies that sponsor athlete but don’t have a commercial relationship with the USOC or International Olympic Committee.

“Commercial entities may not post about the Trials or Games on their corporate social media accounts,” reads the letter written by USOC chief marketing officer Lisa Baird. “This restriction includes the use of USOC’s trademarks in hashtags such as #Rio2016 or #TeamUSA.”

The USOC owns the trademarks to “Olympic,” “Olympian” and “Go For The Gold,” among many other words and phrases.

No-one has claimed a trademark for the hashtag #Facepalm2016 or the phrase “Grab for Cash”.

The letter further stipulates that a company whose primary mission is not media-related cannot reference any Olympic results, cannot share or repost anything from the official Olympic account and cannot use any pictures taken at the Olympics.

At this rate, the 2020 Olympics are going to be remarkably quiet when someone tries to prevent any coverage of the event by anyone.

Flattr this!

Bad Facebook. No Cookie.

Facebook’s ongoing attempt to get around EU privacy legislation in Belgium has taken a turn for the semantic:

Facebook has appealed a ruling from the Court of First Instance that supported the Belgian data authority’s demand that the social media network stop tracking users.

The court’s ruling contained some English words — like cookie, homepage and browser — which could violate a Belgian law that says all rulings must be in the official languages of the country: French, Dutch and German. Facebook has said this means the whole ruling must be annulled.

Facebook’s lawyers need to get out more. They’re not fooling anyone with this.

Privacy lawyers not associated with the case told POLITICO this is a “desperate, petty and last-ditch” attempt to avoid Belgian justice.

And that’s putting it mildly.

Flattr this!

Facebook and the droppings of a male cow

A couple of weeks ago, I mentioned that Facebook had reacted to a Belgian privacy ruling by blocking access to any Facebook page to anyone in Belgium who isn’t signed in to their Facebook account. And now I have actually been affected by this.

We decided, for various reasons, that a takeaway would be a good idea and agreed on which takeaway to go to. Not being particularly familliar with the restaurant in question, I looked them up on Resto and clicked through to their website to see if I could find a menu.

Their “website” turned out to be a Facebook page, so what I was presented with was this.

Sorry, this content isn’t available right now. We have implemented additional security features that require you to log in to Facebook to view this page from Belgium. Learn why.

Being curious, I clicked on the Learn Why link. And here’s what I learned:

Keeping your account secure is extremely important to us.

But I don’t have a Facebook account. And the reason my access is blocked is because I don’t have a Facebook account. So to claim that this is to keep my account secure seems disingenuous at best.

Because of demands made by the Belgian Privacy Commission, we recently had to limit our use of one important security tool, the datr cookie. Please read on to learn how this tool works and why we’re no longer showing public Facebook pages and other content in Belgium to people who don’t have Facebook accounts.

I’m reading…

This cookie is a security tool we’ve used for more than 5 years around the world to help us tell the difference between legitimate visits to Facebook by real people and illegitimate ones (by spammers, hackers trying to access other people’s accounts, or other bad actors).

This cookie can help us secure Facebook by providing statistical information about a web browser’s activities, such as the volume and frequency of requests. Our security systems analyze this browser data to help us tell the difference between regular people logging into their accounts and potential attackers.

So what Facebook appears to be telling me is that they need to suck up my browser history in order to work out whether or not I’m a legitimate visitor.

And, it turns out that this is exactly what they are saying.

The Belgian Privacy Commission, however, has required that we stop using the datr cookie when people without Facebook accounts in Belgium interact with Facebook. In the absence of this tool, we have to treat any visit to our service from an unrecognized browser in Belgium as potentially dangerous and take additional steps to help keep you and other people secure on Facebook.

Really? You can’t just serve up a static page?

I believe that Facebook is written in PHP, in which case the pages are generated on the server and served as HTML. If I’m not logged in, I can’t — and wouldn’t expect to be able to — access any dynamic content and a plain old HTML file is about as secure as you can get.

We recognize that these measures unfortunately may limit and interrupt your experience on Facebook.

I’m sure you do.

Flattr this!

Facebook: No access if we can’t spy on you

Back in November, a Belgian court ruled that Facebook should stop tracking Belgians who are not signed up to the site or pay a daily penalty of €250,000. This is on the basis that, if you are not signed up to Facebook, and have not given them explicit permission to track you, then they are not allowed to just assume that it’s okay to start monitoring your online activities.

The company failed to reach an agreement with the authorities and announced last Tuesday (1st December) that that they would comply with the ruling. Their idea of complying is to deny access to any Facebook pages to anyone in Belgium who isn’t logged on. This applies to personal web pages, businesses, charities, and any other activity organised through the Zuckernet.

Privacy secretary Bart Tommelein is not happy:

They’re a major player, and the impact of their decision is major, but we are not giving in to blackmail. Everyone has to abide by the privacy laws. Without privacy, there can be no freedom.

I have a couple of thoughts about this. The first is that Facebook needs to understand that they are not above the law. If not being allowed to spy on random individuals harms Facebook’s business model, then it’s the business model that needs to change. On a related note, it’s worth remembering that data protection laws exist at the EU level, so similar privacy cases can be brought in any other EU country.

The other point to bear in mind applies to the businesses, charities and other organisations that depend on Facebook for their online presence. Proprietary networks may look like a quick and convenient way to get online, but you are entirely dependent on an organisation that has absolutely no interest in your business, your revenue or your activities. These organisations really should take control of their own online presence.

Flattr this!