Experian, T-Mobile and third party security risk

T-Mobile’s security woes at the hands of Experian show trust cannot be outsourced

Another day, another corporate security breach (or six). This time telco T-Mobile has revealed up to 15 million customers’ data has been compromised.

Notable in this story is that T-Mobile are firmly putting the blame on credit monitoring company Experian.

For both companies this is extremely embarrassing with T-Mobile stating, “our vendors are contractually obligated to abide by stringent privacy and security practices, and we are extremely disappointed that hackers could access the Experian network.”

T-Mobile, like most telcos, sees a major opportunity in being a trusted provider of security services and this setback hurts them in a key market.

Experian on the other hand have shown their slack attitude to user data previously, having been caught selling consumer details to identity thieves.

That a company in such a privileged position as Experian can be constantly caught this way will almost certainly increase the push to see penalties for corporate data breaches start to get real teeth and the United States’ cavalier attitude to public privacy and online security will take another dent.

For T-Mobile and most other companies, the lesson is start and clear. Trust starts with your own contractors and business partners, it cannot be outsourced.

Similar posts:

  • No Related Posts

It’s tough in YouTube land

The problems for YouTube channel owners illustrates the business risks of relying on one social media service.

For owners of YouTube channels life has been tough in the last few months as Google plays with the service and its features.

The first irritant for YouTube administrators was the integration of Google Plus into the comments that now requires commenters to have an account on Google’s social platform.

Google’s reasoning for this is some transparency in YouTube’s comments will improve the services standards of conversation and there’s no doubt that YouTube comments truly are the sewer of the internet with offensive and downright deranged posters adding their obnoxious views to many clips.

Unfortunately the objective of improving YouTube’s comment stream doesn’t seem to have worked which casts the effectiveness of Google’s identity obsession into doubt, but it has had the happy – and no doubt totally unintended – effect of boosting user numbers for the struggling Google Plus service.

The latest blow for YouTubers has been Google’s copyright crackdown where the service is removing posts it claims are in breach of owners rights. Many channels, particularly game review services, are being badly hit.

Of course the Soviet attitude to customer service that Google shares with many other Silicon Valley giants doesn’t give these folk many options of getting their problems resolved.

All of which illustrates the risks of being dependent on one social media service which the poor YouTubers are finding this the hard way.

Watching this play out, it’s hard not wonder how vulnerable services like YouTube are to disruption, while they have the network effect of being the leader it’s not hard to see how alienating the people who create the platform’s content opens up opportunities for new players.

Similar posts:

  • No Related Posts

Crumbling cookies

Internet cookies are dying, what will replace them?

On the last ABC radio spot we looked at how our data is being tracked, in the following 702 Sydney program with Linda Mottram we looked at the role of Internet cookies and online privacy.

Cookies – tiny text files that store visitors’ details on websites – have long been the mainstay of online commerce as they track the behaviour of web surfers.

For media companies, Cookies have become a key way of identifying and understanding their readers making these web tracking tools an essential part of an already revenue challenged online news model.

Cookies also present security and privacy risks as, like all Big Data, the information held within them can be cross-referenced with other sources to create a picture of and often identify an internet users.

These online data crumbs often follow us around the web as advertising platforms and other services, particularly social media sites, monitor our behaviour and the European Union’s Directive on Privacy and Electronic Communications is the first step by regulators to crack down on the use of cookies.

Similar moves are afoot in the US as regulators start to formulate rules around the use of Cookies, in an Australian context, the National Privacy Principles apply however they are of limited protection as most cookies are not considered to be ‘identifiable data’, the same get out used by US government agencies to monitor citizens’ communications.

Generally these rules promise to be so cumbersome for online services Google is looking at getting rid of cookies altogether .

Ditching cookies gives Google a great deal of power with its existing ways of tracking users and ties into Eric Scmidt’s stated aim of making the company’s Google Plus service an identity service that verifies we are who we say we are online.

Whether Google does succeed in becoming the web’s definitive identity service remains to be seen, we are though in a time where the questions of what is acceptable in tracking our online behaviour are being examined.

For the media companies and advertising, putting the control of online analytics in the hands of one or two companies may also add another level of middle man in a market where margins are already thin if not non-existent.

It may well be that we look back on the time when we were worried about  internet cookies tracking us as being a more innocent time.

Similar posts:

  • No Related Posts

Managing your digital estate

What happens to our social media and cloud accounts when we pass away?

Everyone who goes online leaves “digital footprints“, a trail of the things we’ve done on the web. When you pass away, what happens to those status updates, comments and documents you’ve left on the Internet?

Dealing with the passing of a loved one is always difficult but today we have an added complexity of dealing with the online problems of social media sites suggesting people still “like” the deceased or valuable documents locked into cloud computing services.

With more of us storing information into cloud computing services, having important data locked away becomes a real risk and how online storage or software companies deal with deceased estates becomes important.

Online services don’t have a standard way of dealing with the data of someone who has passed away, here’s a quick sampler of some of the different policies.

Facebook

The social media giant has the easiest way to manage a deceased’s profile, simply fill in a form and swear you’re telling the truth. Facebook will then “memorialize” the account.

“Memorializing” is an interesting way of dealing with user’s passing. Rather than deleting the account, Facebook will lock out everyone but friends who are still able to post to the deceased’s wall. In some aspects, this is quite an elegant solution.

LinkedIn

One of the features of LinkedIn is that it gives upfront suggestions of who should be in your network. If you’re a heavy user of the service, you’ve almost certainly encountered a suggested contact that is either inappropriate or distressing so the stakes for LinkedIn in keeping their contacts up to date is high.

LinkedIn’s process of dealing with a deceased’s passing is an email to customerservice@linkedin.com with the word “deceased” in the subject line. You need to give some details on the user’s passing and their account.

Google

With Google offering both social and cloud computing services, they are probably the most important service of all. Google’s requirements for handing over account details are rightly stringent.

Google’s procedure for deceased accounts involves the person first reporting the user’s passing to identify themselves first. Interestingly this has to be done by post.

Twitter

Like Google, Twitter requires anyone reporting a user’s death to mail proof of identity along with a death certificate. Once they are satisfied the user has passed away, they will deactivate the account.

PayPal

“When contacted in regards to a deceased estate we move quickly and with respect to close the customer account.  Our policy and process is similar to many large financial institutions including banks  When PayPal is notified that an account holder is deceased immediate steps are taken to suspend the account to prevent any unauthorised transfers from the account. 

To close the account of someone who has died, PayPal needs to be sent paperwork including; details of the Executor of the Estate and a copy of the death certificate for the account holder. The documentation is reviewed and, once authenticated, the account is closed. If there are funds in the PayPal account, then these will be issued to the Executor of the Estate. 

With bankrupt estates we refer this directly to our legal team who deal with them on a case-by-case basis and take action according to the instruction provided by the person or company handling the bankruptcy.

Apple

No specific policy, the company recommends “customers needing guidance in relation to a deceased estate contact iTunes support at http://www.apple.com/support/itunes/contact/“.

Amazon

No clear policy. The company has been approached for comment.

Digital estate management services

There’s a number of services which help manage digital identities after someone passes away. Mashable reviews a number of these.

Sharing passwords

One simple solution is to share passwords with your next of kin, but that is a horrible security risk which isn’t recommended.

A slightly different solution is to split passwords in two and give half to different people, that still has risks and can get complex.

Probably the biggest problem with passwords is they change. Even if you write the password in your will or share it with trusted loved ones there’s a good chance it may have changed in the meantime.

Central email accounts

Probably the easiest, albeit still risky solution, is to have all online services pointing to one email address. almost every service has a “recover my password” feature which an executor or loved one with access to the central address will be able to recover most account login details.

Should everything else fail there are the courts and every major online service will obey a properly executed legal order although anything involving lawyers invariably ends up messy, difficult and expensive so that course should be the last resort.

As with everything online, balancing security, convenience and privacy is a difficult task for both individuals and companies. It’s not made better by the distress and grief when someone passes away.

Ideally we’d all plan these things and it would be easy on our loved ones although things often don’t turn out that way. It’s as true online as in any other aspect of life.

Similar posts:

ABC Nightlife Computers: The Internet Name Wars

How the Internet’s name wars can affect you

The online empires want our names and identities, are the real costs of social media now being exposed? Our September ABC Nightlife spot on September 22 from 10pm looked at these issues and more.

Paul and Tony discussed how Google’s “Name Wars” or “nymwars” came about, why social media sites like Facebook and search engines want you to use to use your real names.

The podcast from the program is available from at Nightlife website, more details of Tony’s programs can be found there as well.

Is this a good thing or are there costs we should consider before handing over our intimate details to a social media or free cloud computing service?

Some of the topics we covered included;

  • What are the “name wars’?
  • Why do companies like Google and Facebook want us to use our ‘real’ identities?
  • How can they use the information they gather?
  • What problems does that cause for Internet users?
  • Can these problems spill into real life?
  • Are all web services doing this?
  • What are the risks to businesses using social media?
  • Is this the real cost of social media?

Some of the information we mentioned can be found here;

The cost of lunch: Google and Information Revenue
Google’s real names policy explained
Google’s Eric Schmidt on being an “identity service”, not a social network
Google’s company philosophy (note item two)
Why Twitter doesn’t care what your real name is

We’ll be adding more resources in the next few days, the next ABC Nightlife spot is on 20 October and our events page will have more details. If you have any suggestions for future programs or comments on the last show, please let us know as we love your feedback.

Similar posts:

Re-evaluating social media

How are you using social media services in your personal and business life?

We often forget the Internet as we know it is less than thirty years old and many of the social media tools we use have been around for less than five.

In such a new field, we’re all learning and experimenting which means some tools become essential while others are recognised as yesterday’s shiny toys.

As the depth of the name wars and the related privacy issues become apparent, it’s worthwhile re-evaluating how we use these services. Here’s how I’m now using some of the online social media platforms.

Foursquare

I quite like Foursquare, the idea of knowing which friends are nearby when you’re out on the town is great. But as someone who has a dismal social life, it was wasted on me.

The gamification angle is interesting, but the privacy implications of the service make me uneasy. I’ve stopped checking in and will probably close down my account pretty soon.

Empire Avenue

As a sociological experiment on the rampant egos and deep insecurities of the social media community, Empire Avenue is wonderful. Otherwise, it’s just another spammy online application trying to harvest personal information – I came, I saw, I decided life was too short.

Quora

On first glance, Quora looked good, but the changing of posts by moderators concerned me, the cliqueiness of users was the killer and I closed my account. I suspect Google Plus will kill this platform.

Google Plus

Apart from being a Quora killer and having some interesting collaboration feature, there doesn’t seem to be a compelling reason to use Google Plus instead of Facebook.

While it’s in its early days, I’m finding it less than compelling while Eric Schmidt’s claim it is an identity service rather than a social media platform deeply unsettles me and makes me less likely to engage in conversations on the service.

Facebook

When Facebook first became available I was intrigued as able to connect with relatives along with past and present friends always struck me as being one of the Internet’s killer apps. As various business features evolved, it was clear Facebook was a serious online tool.

The problem with Facebook has been the way strangers become friends, not to mention how acquaintances and relatives have a habit of posting private things you don’t particularly care to know about, along with the wave of invites to games and applications that come and go.

Overall, I’ve been using Facebook for business purposes rather than sharing private information for nearly two years now. That works, but it isn’t the intended use and I’m probably not getting the maximum benefit although I am preserving some modest degree of privacy.

Linkedin

As a means to establish your professional credibility, LinkedIn is unbeatable. For those with a lot of time, the various professional LinkedIn groups can be a valuable way to show your industry knowledge.

One thing that surprises me is how many people notice your status changes so it is certainly a good way of keeping your business network up to date with what you are doing.

The concern with LinkedIn is similar to Facebook and Google Plus in that there’s a lot of market intelligence being gathered on our professional networks and the recent attempt to ‘enhance’ social advertising around our online personas does not fill me with confidence that LinkedIn is the best platform to be displaying our professional abilities.

Twitter

I’ve had a turbulent relationship with Twitter and it took me three attempts to really see the point. I’m still careful about what I post and who I follow.

However Twitter has become my main news source and I find it keeps me ahead of the major media outlets. For this reason alone, Twitter has become the social media service I use the most.

What occurs to me in writing this is that these social media tools are really about listening, not talking or marketing. Perhaps that is the point we’re missing in the noise generated by these services, that listening is where the real power lies in these online platforms.

The six tools I’ve listed are just a small subset of a massive range of social media services, I’d be interested in hearing which ones you find useful and why.

Similar posts:

How Google’s identity obsession hurts

How the search engine giant is damaging business and its own reputation

Imagine giving a presentation at a conference where you fire up a live demonstration of a product you’ve been urging the audience to use and the audience start giggling.

You turn around to find a bright red message at the top of the screen stating your account has been suspended. It wasn’t there the night before and you certainly didn’t receive an email warning you this had happened.

Embarrassing or what?

That happened to me with Google Local earlier this and the many stories like it illustrates a serious management problem within the world’s biggest search engine company.

Local search – where businesses can be found online based on their location – is one of the main web battlefields with Google and Facebook, along with outliers like News Limited and Microsoft, are competing to get business of all sizes to sign up.

Recently though Google seems to be going out of its way to squander the massive opportunity they have in this sector despite the CEO, Larry Page, identifying local services as one of their priorities.

Despite Google’s intention to promote Places – as their, and Facebook’s, local search platforms are called – many businesses are finding the company’s arbitrary and often incorrect application of its own rules and Terms of Service difficult to understand and use.

“I have found that with the ‘moving target’ Google is presenting to businesses” said Bob, a commenter on one of my blogs, “is paralyzing them from doing exactly what Google wants, which is updating and providing fresh content on their listings pages.”

In many ways, this is a small front on the “nymwars” that has broken out since Google introduced their Plus social media service and started enforcing their “rules” on “real names”.

Unfortunately their real names “policy” – and I use inverted commas deliberately – is vague and arbitrary with users finding their accounts suspended despite signing up with “the name your friends, family or co-workers usually call you” as required by Google.

Account suspensions are wide and varied; some people, quite legally, have a name without a surname, others have a combination of languages such as Chinese or Arabic, while others have simply fallen foul of the computer and Google’s secretive bureaucratic culture.

This secretive bureaucracy would be funny if it wasn’t so downright hypocritical. Any correspondence with Google about account suspensions either on Places or Plus is signed off by an anonymous functionary from “no-reply” email address. So it appears real identities, and accountability, don’t extend to the company itself.

Last week at the Edinburgh International TV Festival, Google’s chairman Eric Schmidt, announced Plus is not a social media platform, but an “identity service”. Good luck with that, Eric as your staff’s arbitrary and often incorrect interpretation of the company’s own rules doesn’t engender confidence in any identity verified by Google.

That announcement by Google’s chairman should worry investors, as this is a company that is first and foremost an advertising company powered by the best web search technology.

Management distractions such as becoming an “identity service” or buying a handset manufacturer distract focus from the core business and result in the mess we’re seeing around business and private accounts.

For the moment, Google Places remains a service that businesses must list on given the visibility the results have when customers search the web for local services and products.

If you aren’t already on Google Places, do sign up but make sure you get your listing right first time as editing your profile once it’s up risks your account being suspended or cast into “pending” purgatory.

Should you have already an account, leave it alone as any change risks coming the attention of Google’s anonymous bureaucrats.

Hopefully, this madness will pass and Google will clarify their policies, ground them in the real world then enforce their terms fairly and consistently. Until then, you can’t afford to rely on your personal and business Google accounts.

Similar posts: