EU cookie tracking law is impotent

9 June 2013 2 comments

So in Europe (I mean the EU but it’s a clumsier phrase) we have a cookie law, and web sites must ask your permission to store data about your web visit using things called cookies. Those in Europe accessing European web sites may have seen little panels at the bottom of the site “by using our site you consent to our use of cookies… click here to dismiss”

Yet there are also tracking services that we seem to be unable to opt out of.

I installed a browser plugin called Ghostery on Firefox and Opera (the only two browsers I really use). It tells me how many tracking web sites are embedded in a page and lets me block them. It can detect thousands of different trackers.

Facebook only has one tracker, the Football Association has two, Heart FM has four, and the Mail Online (I only went to check their count!) has nine. This blog, I’m ashamed to say, has three, but I don’t host it myself, it’s the price I pay for a low-maintenance blog. Except it’s you that’s paying the price D:.

This is just a law designed to protect us failing, and inconveniencing us instead. I’m sure the intention of the law was to save privacy of citizens, but it turned into saving the privacy of citizens only if cookies were used to track them. Law can’t keep up with technology at the moment.

Get Ghostery for five popular browsers here.

Categories: Uncategorized

Facebook is invading

16 March 2012 Leave a comment

Facebook is becoming pervasive. There are many, many sites now offering a “sign in with Facebook” option – in fact, when I signed up for a trial with NetFlix in the UK, this was the *only* way to sign up.

There was an initial backlash when Facebook created this technology and sites included it – sometimes, comments they had made on other people’s Facebook posts were appearing on other sites. The details have been tweaked, and, some time later, I don’t see anyone complaining any more. Those that did complain were in the know (i.e. at least slightly techie) and paranoid.

My friend likes cars, and posts on a UK car enthusiasts site. Based on what he’s said, fe seems to have linked his Facebook account to the car site, and, once the car site went live with an update to their back end, suddenly *everything* he posted on the car site also appeared on Facebook. And he didn’t like that.

Now, as far as I am concerned, Facebook know too much about me. They know a couple of hundred acquaintances of mine, relationships, whom I’ve been photographed with, and stacks of other stuff. I even stupidly put all the countries I’ve visited since I was born in last month. This data (not mine, but everybody’s, combined) is the gold-dust of the coming ten or twenty years. Massive amounts of, personal data. If you’re logged on to Facebook, Facebook can track you as you

In a way, I am really glad that Google+ is not taking off. (For example, there are plenty of “sign on with Facebook” sites, but not many “sign on with Google+” sites.) Because not only would Google collect the data Facebook get, they have years of learning what to do with it, and they can also aggregate it with all the data they get by selling adverts. A quick Google (oh, how ironic!) suggests Google own between 38% and 55% of the search market, so the chance is that if you hit a web site, the adverts are served by Google, and so they increase their knowledge of your surfing habits. And also your shopping habits, your leisure interests, even your hobbies, passions and most secret secrets – if you use the web for that kind of stuff.

I was prompted to write this for two reasons. One was a blog post by some techie dude who tried out a lot of new technologies. He was trying some new social media app and said something like “I usually select the ‘sign on via Facebook’ option because these things need to know about your contacts, and that would mean I have to enter hundreds of pieces of data.” What? He’s obviously a techie (from his blog; truest me on this), so he knows the possibilities, but he chooses to *give* all this data to someone else just to make his life more convenient. He really should know better!

When you sign on via Facebook, you have to install a Facebook app and the Facebook site lists what the app is allowed to do. Here is what an app I used to enter a competition today says it will get access too:

  • Access my basic information
    Includes name, Profile picture, gender, networks, user ID, list of friends and any other information I’ve made public.
  • Access my data any time
    may access my data when I’m not using the application.
  • Post on my behalf
    may post on my behalf, including scores, achievements and more.

Well, all I wanted to do was enter a competition, and now I have granted access to all my networks (that may include you, if you know me on Facebook – sorry!) and data. And, when I actually entered the competition, I had to provide my email address again!

The other reason that’s spurred me to write this is that my son plays an on-line game – an empire building game – and I decided to join him. The game is an established one, there is even a third-party market for things like strategy guide. The producer has released a version 2.0 which – surprise surprise – includes a link to Facebook. You can use Facebook to tell your friends that you’ve made an advance, conquered a rival, whatever. Of course, this is free advertising for them. And to sweeten the deal, you gain resources (an in-game term for wood, iron, etc.) for every Facebook friend you have. But, everyone who does this are giving all that information to another company.

I regularly review my Facebook apps, and trim them. These days if I enter a competition via Facebook, I immediately delete the app. I would encourage you all to review your Facebook apps, and decide which ones you really need.

Again, I’m glad that Google aren’t succeeding in this market yet, because they probably remember more about your web surfing than you do. Really, they probably do.

Categories: Uncategorized


12 March 2012 Leave a comment

It’s been a long time since I posted here. With blogging, you need to keep the momentum going, and I didn’t.

I’ve been involved in a new project. After leaving Luxembourg, I’ve come back home and started working for a company in Hong Kong. I was approached via a recruiter who’d found my profile on LinedIn, we talked, I spoke to two of the people in the startup, and we agreeded terms.

When I was explaining this to one of my colleagues in Luxembourg, he was perplexed. Why have you done this? How do you know they will  pay you? If they don’t, what can you do to reclaim the money?

I just laughed.  Maybe I’m a trusting fool, but everyone I’d spoken to were totally well-behaved, and I immediately developed a rapport with them. They thought I was good, I thought they were good, we’d do cool things together.

Am I old-fashioned, stupidly naive, normal? Different people would give different answers. I just didn’t worry about it until it became a problem, which it didn’t.

Categories: Real Life, Software

Albums of my life #1

16 November 2011 Leave a comment

Albums shape a lifelong love of music. My daughter has one favourite album that she plays almost non-stop.

And so it was for me when I was a teenager.

Back in those days, it was popular to tape your vinyl albums onto tape, and typically it was pick-and-mix as to what went onto each tape. A C-90 (I favoured the TDK ADX, but they did not appear until the nineties) would normally hold two albums (45 minutes on each side). I was lucky that Meat Loaf’s “Bat Out Of Hell” ( I really should sort out my Amazon associate links to earn from the dozens of viewers/readers I have) combined with Thin Lizzy’s “Jailbreak” on the same tape. For one hot summer (and the following autumn, and sporadically afterwards,) this was my musical poison. I’m sure that I didn’t get these albums until the early eighties, as they were released in 1976 and 1977 respectively, but they ended up on the same tape, sometime in the early eighties.

For a young lad living in central Scotland, these were, to a great extent, the taste of something foreign, exotic, and unattainable. Thin Lizzy were big in the USA, and wrote of it. Songs like “The Boys are Back in Town” spoke of a freedom (I was not yet a teenager) that couldn’t even think about. Similarly, Meat Loaf sang about girls, getting to the fourth base, breathless nights, and so on, with a similar effect on me.

Musically, Bat Out of Hell is outstanding. Much of it is shaped by songwriter im Steinman’s piano and Todd Rundgren’s guitar, and the production allows them space to flourish and (especially in Rundgren’s case) show off. I’m pretty sure that no album of that time sounded like this one, it was a true ground breaker, and I’m also sue that they set a precedent of power-rock followed by power-ballad that is still emulated today, influencing bands such as Bon Jovi, Aerosmith and Guns ‘n’ Roses.

Musically, the Thin Lizzy album was a revelation to me. I’d grown up on punk (distorted guitars) and then onto heavy metal (distorted guitars). It was strange to find the clean and intricate guitars of Gorham and Robertson counterposed with distorted riffs, clean reverb-tinged solos and (shock) space for the rest of the song to breathe. Songs like “Angel From the Coast” and “Romeo and the Loney Girl” show this. Of course, the Meat Loaf album also left space, but the piano is a semi-percusive instrument that tends to fill space, and, of course, requires a rhythm to drive it. And remember that I heard all this through the ears of a wannabe guitarist. Even today I realise that these albums, especially the Thin Lizzy one, remind me that there’s more than one way to make a great song, and subtlety is an important tool. I hope that the current production mores, where the sound is compressed to fill all space, resulting in *everything* sounding good, and yet leaving the listener tired after an hour or so, will pass, and we will once again learn to listen to a huge dynamic range and enjoy what the composers and producers intended us to hear, instead of mastering an album to compete with ever other “in your face” mix that abounds.

Both albums have their hits, of course, I’m not backing losers here, even though 30-35 years have passed. Two of Thin Lizzy’s most memorable songs, “The Boys are Back in Town” and “Cowboy Song”, plus, of course, the concert favourite “Emerald,” featuring duelling guitars are on this album. The trademark harmony guitars are in evidence, of course.

“Bat Out Of Hell” spawned singles too – in fact, according to Wikipedia, just about every track was a single, somewhere. Most did not make the top ten, as the singles were not radio-friendly (back in those days, at least, they were not radio freindly; I’m sure they helped to mold the consequent radio-friendly Bon Jovi/G’n’R/Starship type of radio-oriented rock that we get nowadays, and if released again, would all hit the charts hard).

When I listen to these albums now, I’m transported back to my carefree (in retrospect) youth, my easily excited early-teen stage. I can still recall the smells, sights and sounds of that first summer I spent with these albums, falling asleep to the cassettes waking up and switching them back on, and I am reminded of many other memories that are linked to that time – Tom Russel’s Rock Show on Radio Clyde, Tommy Vance on the Friday Rock Show, seeing great bands like Metallica and Iron Maiden, time spent with my friends in their houses, listening to music, driving around in their cars, and many, many more.

Categories: Uncategorized

Google+ spotted in the wild

16 November 2011 Leave a comment

When Google plus hit in typical Google beta-fashion, some people put up an “I’ve moved” profile picture on Facebook, and left, or so their status update said.

Everyone that I saw do this is still active on Facebook. The trouble is that they have 300 contacts on Facebook, 200 on LinkedIn, and ten on Google+. (Actual values may vary, contact your friends for details.)

Forgetting the personal/social point of view, from a fan/corporate point of view, there are lots of “follow us on Twitter” or “like our Facebook page” links on websites, but none that say “Join our circle on Google+.” Until, that is, today, when my favourite motor racing team, Force India (I’m not sure I should put the sponsor’s name in front of that) *tweeted*

Join our circle on Google+ to share even more…

This is the first time I’ve seen this in the wild. And the irony that they used another social media to inform us of their circle is not lost on me. I’m pretty sure that there will be no extra content for me, only extra work for the admins that run the team’s social media, as they now need to tweet, post on Facebook, possibly update blogs or websites, and now update Google+ as well. I’m not sure that Google+ is worth that effort at the moment.

The thing is, that I get overloaded with info. To me, there is no point in liking your Facebook page, if I get all your updates via RSS. And if I get your data from Facebook, I don’t need to see it in Google+.

One thing that really annoys me about messages from Google+ are that they don’t give a useful subject. Instead of saying “Alistair McDonald shared a post entitled ‘The red mist descends'” they just say “Alistair McDonald shared a post with you.” I’m NOT going to click that link, ‘cos I’m pretty sure if it was important, I’ll find out eventually. But, if the subject piqued my interest, then I might click. But clicking into a black hole – no way.

Another way I’m really going off Google is that now so many services require a unified email address/ID. I’ve stopped putting any information into YouTube (Favourites, subscribing to channels, etc.) because they want a Google ID. I already have one – well actually three – but I don’t want to join my email to my videos to my news page, maps page, or news alerts. (I know that Google can, and probably do, track my usage of these sites via cookies or embedded scripts, the point here is not privacy, but convenience for me. For example, I set my home location on to be a zoomed in shot of my home. But since I needed to “unify” my Google accounts, now when I visit or, my home page is *still* in the UK. If you are viewing a UK map, then your searches default to the UK – so you get Birmingham, West Midlands, not Birmingham, Alabama. That’s a good feature. BUT, if I’m visiting the French map site, why on earth would I want to start from the UK, where all my searches are crazily misinterpreted. So, to work around this, I end up first searching for Paris, or Luxembourg, so that Google maps displays the correct country so that my searches will work. [Google pay for bandwidth and processing power, I don’t, so I lose time and they lose money. ] )

Getting back to the subject of Google+, as I said before, they need to get some client apps out there – there are dozens of Twitter clients – and that means that they need to stop trying to be so controlling over data and APIs. Part of the problem is that they are playing catch-up, and many competing services (this is business, it makes money, and so there is a real competitiveness to it) are much more free with, and, remember, Google see the usage data it collects as the most important thing that they have.

Why not take part in a little experiment: inspect the cookies that the browser(s) you use have collected. Maybe even try to delete them and see (a) how many similar ones reappear without you visiting the sites mentioned, and (b) see just how many services you can use after a single login.

The red mist descends

15 November 2011 Leave a comment

So, the winter approaches, and suddenly drivers get a chance to use that button on their dashboard. It is *so* frustrating having a feature in their cars, and not being able to activate it whenever they like. And now, they have an excuse to use it, so they *do*.

I’m talking, of course, about the rear fog lamps. These uber-bright lamps are designed to pierce through fog, spray, and so those following you at an inappropriate speed can avoid striking you.

They are so bright that they can obscure brake lights, and I find that they draw the eye in a hypnotic way. This makes them actually rather dangerous. But many people who use them are unaware of this, and switch them on. leave them on, and forget them. The result is that their brake lights may be missed, or other vehicles near their own may be missed by other drivers, which is, of course, rater dangerous.

So, what’s the deal with these? When should you use them? When can you *not* use them?

I visited the UK government web site, which has this page on driving in adverse weather conditions taken from the latest Highway code, which every driver road user should read every few years, certainly when a new edition is published.

It says (and I love this because it says what you must not do:

236 You MUST NOT use front or rear fog lights unless visibility is seriously reduced (see Rule 226) as they dazzle other road users and can obscure your brake lights. You MUST switch them off when visibility improves.

And, for completeness,

226 You MUST use headlights when visibility is seriously reduced, generally when you cannot see for more than 100 metres (328 feet). You may also use front or rear fog lights but you MUST switch them off when visibility improves (see Rule 236).

Hopefully the geeks can avoid the cyclic dependencies. But there you have it. If you can see 100 metres, then you should switch off your fog lights. A good rule for rear for lights is: If you can see the headlamps of the car behind you, then he can see your normal lights, and so you should switch off your fog lights. Of course, this suggests that you use your mirror quite a lot, and I’m perfectly sure not everyone does. . .

I have a lot to say on middle-lane hogging, which is at least as bad in Europe as it is in the UK. (In fact, on the M25/M20 to and from Dover, the European drivers are *worse* than the UK ones.) But I’ll save that for another day.

Categories: Real Life, Uncategorized Tags:

Hacked email

26 October 2011 Leave a comment

I get emails from people who have had their online email accounts hacked, and spam email is issued. Normally, I just send them an email and hear nothing of it. But today I got a message (via another mechanism) that they were going to trash their email account.

The rest of this post is my message back to them. On reflection, I should have considered that their password was leaked internally from their email provider (one of the “big few” – i.e. google, hotmail or yahoo). And that this could happen from a rogue employee ($0.10 per email, here’s a text file) or from hackers getting illegitimate access.

But here goes:

I don’t think you need to discard the email account, but there are a couple of things to consider

How did you get hacked? Was it malware on your PC (you can pick up malware infections just from things like Adobe Flash-based adverts if there’s a security problem in the flash plugin, for example) or was it someone picking up a session cookie if you were using unencrypted WiFi (coffee shop/hotel) (read this post on cookie hijacking to see how it works). Or did you use someone else’s computer (colleague, internet cafe?) These are the three main categories (I’m discounting you turning into a spammer.)

No matter how it happened, visit on a weekly basis – or more frequently – to check your browser(s) and plugins are up to date – you need to do this for each browser that you use, on each computer that you use.

So, how do you tell which one happened to you? I’d get some anti-virus and scan your PCs and see if they detect anything. If you’re technical enough, then the SysInternals “autoruns” tool tells you *everything* that starts when you start your PC and log in. You can google the various process names shown in Task Manager and ensure they are benign too.

So, if you have malware, the only totally secure thing to do is to wipe and reinstall your OS and applications – although you might want to trust antivirus to detect and repair, it’s not guaranteed. And if you can, try more than one anti-virus product (free versions available for several) but you might have to install one, scan your PC, uninstall it and then install another – they might not co-exist nicely.

If you’re PC is clean, but you use public Wifi, chances are that you have been victim of a cookie hijack. The solution is to either always use HTTPS (which is encrypted so no-one can “sniff” your cookie.) (Most sites now offer it, and I expect your email provider is one of them; google is now offering HTTPS for searches, let alone email/calendar/etc.), OR, if you have one available, *always* use a VPN (Virtual private network), which encrypts everything (including normal unencrypted http traffic, although your VPN provider can “sniff” stuff). Maybe your employer has a VPN, otherwise you can buy the service, I believe. And, best of all, if it was a cookie hijack, you can just log on and change your password, the hijacked cookie will be invalid afterwards. Maybe ask where you were accessing the net in the days immediately before the spam started – can you correlate a location with the date/time.

And if you think you’re the victim of a keylogger, it should appear as malware. Let me tell you that one thing I do when I’m using someone else’s computer is to *not* enter my password in one go. I use the *mouse* to move the cursor between keypresses, and build up my password. So if my password was 12345678, I might start by entering “56” then click (don’t use the keyboard, keystrokes might be logged, including the cursor keys) at the beginning and add “23”, then at click the end and add 8, then between the 3rd and 4th character and add the 4. It takes a bit of mental juggling, and I rarely use a PC I don’t trust.

So, depending on how you were hacked, is anything else at stake? If it’s malware, chances are that a keylogger has been installed, and so every keypress might have been recorded and then might have been transmitted. If you use the same password for many things, e.g. online email, work email, online banking, then you are at greater risk than if you use a different one for each service – even if the usernames are different, your identity might be linked to an account via publically available search info.I use a three-tier system – one password for sites I really don’t care if someone impersonates me on, a second for a few other things (access to my server, and email, and so on), and a third tier, where I use a different password for each system – things like online banking, the UK Government Gateway, etc.

So, the bottom line is that
1: Stopping using the account might not be enough
2: Stopping using the account might not be neccesary

And that’s what I sent. Did I miss anything apart from the password-leak-from-provider?

Update: I added
3: change all your important passwords anyway. Consider a 2/3-tier system.

Categories: online, privacy, Real Life, Software