Check Your Email Addresses for Crying Out Loud!

Dear people of the internet, please help yourself out by verifying that the email address you sprinkle to every web site, sweepstakes form, shopping cart, government entity and social network is actually an address that belongs to you. I’ll even tell you how to do this, just follow these simple, basic steps:

  1. Open your email client (Outlook, Thunderbird, Mail) or web mail site (Hotmail, Yahoo Mail, Gmail, etc.)
  2. Create a new email message.
  3. In the “To:” field, type in the email address you give out to everyone online.
  4. In the “Subject:” field, type “This is just a test”.
  5. In the body of the email, put in a trivial bit of text that only you should know.  It could be something simple like “I have three cats” or “I really like chocolate bacon.”  It doesn’t matter what it says, it just has to be unique to you.
  6. Hit the “Send” button.
  7. Wait a few minutes.
  8. If you receive the email you just sent without any error messages and it looks exactly like what you typed in above, congratulations! You win at using the internet. The rest of this article is not for you.
  9. If you didn’t get a response back, wait another few hours. If you still didn’t get the message, you need to read on…
Generally speaking, I am a nice person to be around (or so some people have toldme). I try to help people out when I can and offer suggestions when people get stuck or need some assistance. This is a courtesy I often extend to people I encounter on the internet as well, but to be fair, I don’t know for certain that these so-called internet people are actually real.

Over the past year I have started getting an increasing and alarming amount of personal and private emails delivered to my Gmail address. Normally, when I see an email that clearly has nothing to do with me I delete it or mark it as spam and be on my way. But during the past 12 months some of these internet people have really been pushing the boundaries of what I would consider safe or secure information to share online.

In at least three separate occasions that I can recall, I was so worried about the outcome of these internet people not getting these private emails that I directly intervened by calling the sender (using that old school voice telephone technology) and letting them know that they most certainly did not reach their intended receiver.  In each of these cases the sender was shocked that I wasn’t the internet person in question and then asked me to verify that I was who I said I was.  After the disbelief sunk in, they asked me, sheepishly in many cases, to please delete the messages and disregard any further emails sent from their address.  But this isn’t the sad bit of this story.

The really terrible thing is that these internet people just keep using my email address as their own, and on some pretty important forms and sites.  A small sampling of these repeat offenders are:
  • A notice from your landlord that your rent check bounced and that eviction is imminent
  • An official letter from your university that you have been put on academic suspension and have been asked not to return
  • Multiple emails attempting to confirm your financial records for a car and home loan from your bank
  • Appointment emails setting up and moving the times and places for your job interviews
  • Forms you must fill out to qualify for your state’s unemployment benefits
  • Confirmation emails for hundreds of dollars of computer equipment to be shipped overseas
  • Notices from your auto insurance and health insurance companies letting you know that your coverage has been dropped, the cost raised, or your claims were denied
  • Discrete FedEx tracking emails to let you know that your vibrator shipment is delayed
This doesn’t include the dozens of friend and family emails attempting to find out where you’ve been for the past month, why you won’t return their calls, why you were so drunk at that party last weekend and to let you know that your grandfather just died.  You would think that somewhere these internet people would wonder “hey, where did all of my friends, family, job, healthcare, insurance and banking emails go?”  But you would be wrong.

So consider this my plea to you, humble internet visitor: check your email addresses and make darn sure that the ones you are handing out actually belong to you.  Because I’d hate to be the one to tell you that your trip to Florida was cancelled after you spent all that money booking hotels and plane tickets, just because you didn’t get your confirmation numbers.

Your helpful internet do-gooder,

MS

Droid X Gingerbread Update: from First to Worst in one Download

Motorola Droid XMy day job is spent getting technology products and services made, shipped and into consumer hands as quickly and efficiently as possible. With such a job comes pressures to release things that aren’t quite ready or have known issues in order to secure time-to-market or competitive advantages. I sometimes have to put a companies best interests ahead of the consumer, even if I worry about the outcome. I state all of this up front so that people will have a clearer view into my thoughts on the process of software updates and the need to just ship something.

However, given everything I just said I am here to say that the latest Gingerbread release of Android (2.3.3 for those keeping score at home) on the Motorola Droid X is an unconditional and complete failure. Very few software updates in recent memory have done so much harm to a well respected product, to so many people in such a short period of time.  Don’t just take my word for it, go look at the US forums for the Droid X and see just how many people are having issues.  It isn’t just a few upset customers, it is thousands of them.

What makes this entire process all the more terrible is that Motorola had an early access program for select users to allow them to “soak test” the release before the general public got it.  Instead, it seems that the early access folks had only 48 hours or so with the update before Motorola and Verizon pushed this mess out into the world.  Worse still, many of these folks were reporting issues and asking to slow the roll out until at least some of the problems were fixed.  That didn’t happen, and now the Motorola employees on the forum have gone silent or suggested that the customers are simply not understanding the new update.

I am now left with a previously fantastic phone that reboots at least once a day, a battery that runs down in 7 hours, no working phone service if I dare turn on WiFi, a confused GPS sensor and an uglier user interface than I thought was possible to have.  Worse, because this new update is “better” than the previous Froyo release, there is no root access and thus no way to copy off the system log files or take screenshots to prove that all of this bad behavior is happening.  Bravo Motorola, you’ve turned my once useful phone into an expensive, defective paperweight.

I have certainly learned my lesson from this exercise. The next time I buy a phone I will make sure that it is fully unlocked, fully modifiable by the user and completely supported by the manufacturer rather than hoping that support folks will step in and do “the right thing” to help customers out.  Shame on me, indeed.

Sony’s Hack Leaks 77 Million Users Data

I try to not mention things related to past employers or clients but the scope of this issue is so vast that I feel something must be said.

The short story is that Sony had some kind of hack attack that exposed the full data set of all of their users. And by full data set I mean names, emails, home addresses, passwords, purchase histories and credit card numbers. And by all of their users I mean 77 Million people world wide. Let all of that sink in for a minute. What would you do if every bit of information needed to make a purchase or impersonate you was made available, along with almost all of the security data needed to answer a password question or reset security at any online site?

In my case I had to do something that I should have done long ago: change scores of passwords.  I don’t often reuse passwords but I do sometimes create a single master password seed and then add bits to it at the beginning or end.  Such was the password that I had on Sony’s PlayStation Network and Qriocity services before this break-in. As of today I’ve now had to slog through the password change procedure for dozens of sites that previously used a variation of what I gave to Sony.  I’ve had to start thinking what secret questions and answers are used on the hundreds of sites, banks and other institutions that could now be known to hackers. I had to call my credit card companies and inform them that I am one of the unlucky 77 million suckers who just had their info stolen. And all the while I have to wonder where we are today on privacy and security.

You see, as much as I want to blame the big companies who have all my data and can possibly lose it all (or partner with someone who does) I also have to accept at least a little responsibility for caving in and giving up all of this data in the first place.  Worse, since I am also a technology product consultant (product manager or strategy provider, if you will) I have helped to devise and have recommended asking and capturing of some of the very data that is now out in hackers hands.  It gives me pause to think that somewhere there’s a nefarious, dark group of criminals using data that was formerly held by someone I worked for and that somehow I may have helped to gather or at least brought customers into that environment.

So although I am many years removed from being a Sony employee I am both angered by and sympathetic to the plight we now find ourselves in.  Short of disconnecting from the internet, mobile network devices and credit card companies forever I must find a way to work within and around this system of interlocking and now inter-sharing worlds. I don’t have all the answers but I do know one thing: I will certainly be recommending far less personally identifiable data capture and I will be asking much tougher questions about data security from all my clients, prospective employers and future service providers.

For those folks (users or customers) on the outside of these big companies all I can say is be vigilant with your personal data and make very sure that whoever you give it to really needs all of it AND can protect you when (not if) the next data breach happens. If you can’t get satisfactory answers to how safe you and your data will be with a provider then it’s time to leave and find a provider that will give you that information.

UPDATE: I must have some kind of bad luck.  Not even 12 hours passed before another break-in at another online site that compromised my personal data.  This time the site was using another one of my “seed passwords” that caused me to spend 3 hours contacting sites and resetting accounts.  The idea of disconnecting from the internet completely is starting to make some sense, in a bunker-mentality kind of way.