Michael N. Dundas » Uncategorized

Verified by Twitter is just silly

Clear2Go — Thu, 04 Mar 2010 22:03:06 +0000

Have you ever seen the Verified by Twitter logo. It is suppose to give the public assurance that the person that holds the account is the real person and not someone pretending to be them. Off and on over the last few weeks I have been trying to find out what the procedure is? What are the requirements? How to they prove the individual is who they say they are? Does Twitter intend to role it out to everyone? I have had no luck. Any queries seem to go into a vacuum. They have this page which says:

To prevent identity confusion, Twitter is experimenting (beta testing) with a ‘Verified Account’ feature. We’re working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis. Accounts with a Verified are the real thing!

The first and last statements are what interests me, “To prevent identify confusion” and “Accounts with a Verified are the real thing!”.

I have always been a fan of the music group The Corrs. One of the members, Sharon Corr has gone out on her own and is creating some songs and getting ready to release an album. I have been following her on Twitter. She has a Verified by Twitter account. Her twitter ID is @Sharon_Corr. If I look at her account, from the picture and links to her website and videos I can be reasonable certain it is her. However, what if you were looking for a different Sharon Corr. There must be more than one Sharon Corr in the world. So I randomly tried @SharonCorr. This person appears to be someone who writes poetry. But is her name really Sharon Corr? What if it is and she applies for a Twitter verified account? Will Twitter verify it and give her the Verified by Twitter logo? If her name is Sharon Corr, then they should. But that might confuse someone like myself, looking for the singer Sharon Corr, so maybe they won’t.

How does Verified by Twitter make me feel safe as a user of Twitter? If they fully roll this program out, they will encounter multiple people with the same name that all have verified accounts. Maybe they use the URL on the profile page as the key. If I see that the URL points to Sharon Corr’s website and there is a Verified by Twitter logo I can be certain that the person that has the website URL, also owns the Twitter account. Of course that would confirm the relationship between the twitter account and the website, not the actual person Sharon Corr. This of course assumes they know what I am looking for? How do they know which Sharon Corr I want?

I looked up Taylor Swift for fun. Her account is Verified by Twitter. Her ID is @taylorswift13. There is also a @taylorswift13x. If you look at the two accounts they are very similar.

Taylor Swift’s real account (I think)

The website doesn’t help, because the URL points to itself. We know Taylor Swift is popular so if you look at the followers count and combine that with the tweets and news articles you can conclude this is her account … maybe.

A fake Taylor Swift account (I think)

This is probably the fake one because of the follower count. But then again, maybe this persons name is Taylor Swift and maybe this is the person I am looking for, not the popular one. I am very confused now and Twitter said in their statement above that they were going “To prevent identify confusion”. In order to do that, you actually have to know what identity I want to find, you can’t just guess. But that is what they are doing ‘guessing’ what I want based on popularity. I think Verified by Twitter is just security theater. The verified account doesn’t help. Verifying someone is a complex problem and putting a logo on a page just doesn’t cut it.

Maybe the logo should really be “Twitter verifies this to be the popular person you might be looking for logo”?

Youtube and Warner Music

Clear2Go — Wed, 24 Dec 2008 04:48:00 +0000

I wrote an entry the other day on how I felt that music artists should start to force the record labels to do what they want and not the other way around. Recently, Youtube is in battles with Warner Music about the posting and revenue sharing of videos. After reading that article, it is all the more reason for artists to take control. With sites such as Youtube, Metacafe and others I am not sure why these big record and video companies are needed anymore especially if they resist changing their business models to service todays consumer demands.

Analysis of spam marketing conversion

Clear2Go — Tue, 11 Nov 2008 21:41:00 +0000

I’m sure you have heard a statement along the lines that says spam is profitable. The reason usually given is because spam still exists despite the improvements in anti-spam technology. The spammers keep finding new ways to get around the anti-spam technology so it must be profitable. Have you ever seen any real research and numbers to support this theory? This study attempts to show just that. How many users actually are fooled and make a purchase from a spam e-mail in their inbox and is it actually profitable. In the study they actually manipulated the architecture of the storm botnet; specifically the proxy nodes and hijacked them to conduct the study. They created an inline program that swapped C&C, template and spam data before it was transmitted to the storm ‘worker’ nodes.

They were able to count who downloaded versus actually clicked on the software that would infect a user with the storm botnet. Other data included number of targets, number of MTAs that accepted the spam, number of users that visited a site by selecting the link, time it took for a user to receive the e-mail then become infected, and response rates per country.

It is obvious a great deal of time, thought and technical effort was put into this research. It would be exciting to be a part of something like this.

Its not information overload, its filter failure

Clear2Go — Mon, 29 Sep 2008 22:09:00 +0000

Good presentation from WebExpo2.0 Expo by Clay Shirky on information overload and filters. Especially like his view on Chris Avenir, the Ryerson student almost expelled for using Facebook as a medium for a study group. Shirky suggests that every educational institution has an ‘inside’ message and an ‘outside’ message. What Avenir did that upset Ryerson was collide these two flows. Interesting viewpoint.

How ISPs peer and sell transit

Clear2Go — Wed, 03 Sep 2008 00:33:00 +0000

Good article complete with diagrams and clear explanations on how service providers peer or sell transit to each other. The difference between each is discussed as well as how the economics work. Border Gateway Protocol (BGP), Autonomous Systems (AS) and ‘Hot’ and ‘cold’ potato routing are defined but that is as technical as the article gets. Good for non-technical types that want to understand how the Internet ‘connects’ everyone.

p2pnet.net down

Clear2Go — Tue, 03 Jun 2008 14:05:00 +0000

UPDATE II (2008/06/04 – 12:53EST): An anonymous reader commented that the reason was due to a large outage at a service provider, which coincides with the traceroute.

UPDATE I (2008/06/04 – 07:25EST): P2PNet is back up. No reason as to the downtime. Must have been a network glitch I guess. When these things happen, I wonder if it is due to the controversial nature of the sites.
—————————-
Looks like p2pnet.net is completely down. I tried going to an article there this morning and it timed out.
Traceroute shows:
……
5 POS5-0.PEERA-CHCGIL.IP.GROUPTELECOM.NET (66.59.191.106) 14.950 ms 14.934 m s 14.911 ms
6 ge-1-7.r01.chcgil09.us.bb.gin.ntt.net (129.250.12.145) 18.847 ms 18.096 ms 18.057 ms
7 xe-0-1-0.r21.chcgil09.us.bb.gin.ntt.net (129.250.3.13) 19.018 ms 18.403 ms 18.380 ms
8 p64-2-2-0.r21.dllstx09.us.bb.gin.ntt.net (129.250.2.22) 42.074 ms 41.378 m s 41.359 ms
9 po-2.r02.dllstx09.us.bb.gin.ntt.net (129.250.2.174) 41.815 ms * *
10 xe-4-4.r03.dllstx09.us.ce.gin.ntt.net (157.238.225.6) 39.827 ms 40.671 ms 40.405 ms
11 et1-1.dsr01.hstntx2.theplanet.com (70.87.253.50) 46.372 ms 46.912 ms 47.4 02 ms
12 * * *

DNS is up, but it appears server used for web and mail is down:
<> DiG 9.5.0a6 <> mx p2pnet.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21615
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;p2pnet.net. IN MX

;; ANSWER SECTION:
p2pnet.net. 85981 IN MX 10 mail.p2pnet.net.

;; AUTHORITY SECTION:
p2pnet.net. 47234 IN NS ns2.rackspace.com.
p2pnet.net. 47234 IN NS ns.rackspace.com.

;; ADDITIONAL SECTION:
mail.p2pnet.net. 85981 IN A 207.44.164.50
ns.rackspace.com. 125281 IN A 69.20.95.4
ns2.rackspace.com. 125281 IN A 65.61.188.4

;; Query time: 1 msec
;; SERVER: 216.240.1.1#53(216.240.1.1)
;; WHEN: Tue Jun 3 09:54:27 2008
;; MSG SIZE rcvd: 145

;; QUESTION SECTION:
;www.p2pnet.net. IN A

;; ANSWER SECTION:
www.p2pnet.net. 85797 IN CNAME p2pnet.net.
p2pnet.net. 47136 IN A 207.44.164.50

;; AUTHORITY SECTION:
p2pnet.net. 47136 IN NS ns2.rackspace.com.
p2pnet.net. 47136 IN NS ns.rackspace.com.

;; ADDITIONAL SECTION:
ns.rackspace.com. 125183 IN A 69.20.95.4
ns2.rackspace.com. 125183 IN A 65.61.188.4

;; Query time: 1 msec
;; SERVER: 216.240.1.1#53(216.240.1.1)
;; WHEN: Tue Jun 3 09:56:04 2008
;; MSG SIZE rcvd: 142

Sending requests to their server 207.44.164.50 which does both web and email gives no response. Wonder if it was shutdown at month end?

-mike.

Is Facebook protecting their turf?

Clear2Go — Sun, 01 Jun 2008 11:02:00 +0000

I have a facebook account. I use it mainly in fun to keep abreast of my colleagues and friends happenings. It is a great way to quickly post pictures for interested people when you are traveling as well. One of the features is the ability to Import an external RSS feed. I have used this for a while now, to import posts on my personal blog to Facebook. When Facebook imports a post it adds it as a note which will appear in your mini-feed. An individual can click on the note in the mini-feed to see the full note, which is a copy of the post.

Up until the other day, viewing the full note, included a link at the top entitled “view original post.” Selecting this link would bring users off Facebook to where the original post was located. This has suddenly disappeared as an option. Given the recent discussions around Facebook, Google, and others, I hope this isn’t part of a grand plan to “Keep what is their’s” ….. theirs being “your data” and attempt to stop external linking and access. I am of course not naive enough to believe it is not.

There is a general problem that companies and start-ups love the Internet and the openness it brings when they are beginning and it works for them. But as they grow, become more dominate, and business and money become part of the equation the openness of the Internet changes from a benefit to a threat. There arises the need to “protect what is ours.” You can see this in most internet businesses.

I have sent a note to Facebook customer support asking them what has happened to the “view original post”. I am hoping it is just a change in code and the functionality got missed — I’m not holding my breath mind you.

Responsibility of security breeches

Clear2Go — Sun, 03 Feb 2008 13:54:00 +0000

Credit card companies a few years ago were dealing with the problem of stolen credit cards and expiry dates. If you have a bunch of these and an Internet connection you can get a lot of things and do a lot of damage. Attempting to mitigate this problem, credit card companies came out with the idea of a CVC (Card Verification Check) number on the back of the card. The idea being that if you are not swiping the card, you would have to give this number as well in order for the transaction to proceed. This would prove that you physically have the card in your possession. But the key to this working is that no one ever stores the CVC. You enter the CVC during the transaction, it is transmitted for verification and it is NOT stored. Of course you are relying on businesses to not store this number. Nothing to stop them from actually doing it. This is what happened at Geeks.com. Geeks.com sent a letter to their affected customers basically stating they are sorry for the breech, but it is now the customers problem to deal with. Does anyone see a problem with this? A business fails in its security measures that they decided on to protect customer data and it is now the customers problem.

The answer here to me is obvious. Businesses can not be trusted to do the right thing. They can be trusted to do what makes the most financial sense and they always will take this path. We have seen this time and time again and there are way too many examples to list. People like Bruce Schneier have commented on this over and over again for years. Loren Weinstein has an excellent example of this.

The answer to this is easy. Put the burden on the companies, financial institutions and anyone that stores third party financial information. I’m not a lawyer and this would have to be legally worded but the something like this:
“If for any reason you in anyway use or store for any period of time third party financial or personal information for any purpose, you are completely and totally responsible for any breech of this information directly or indirectly for as long as you in anyway have possession of the data. You are legally and financially responsible for any misuse resulting from the breech of this information.”

We need to make it the businesses problem. I think this is fair. The businesses decide their security measures. The businesses decide how to protect the data. The businesses decide what level of competent experts to hire to design, monitor, and secure their systems. As a consumer, I have no say or control in these matters. I am forced to trust them. Trust that they are secure. Trust that they are competent. When that trust that has been imposed on me is breeched they should be responsible. If the businesses are financially and legally responsible they will fix the problem. Business will fix the problem because as we have historically seen over and over again they do this by nature. They do what makes the most financial sense for them. By making them legally and financially responsible it becomes in their best interest to do what makes the most financial sense for them, protect customer data.

The only right thing geeks.com did here was to contact law enforcement.

Super Soldiers – be all that you can be

Clear2Go — Tue, 13 Mar 2007 00:34:00 +0000

Having success with making soldiers super strong and resistant to pain and environmental conditions.

Can’t help but think this will do something bad to them when they are older.