It’s your potty and they’ll spy if they want to

scary toilet croppedIt’s no secret that virtually anything that runs on code can and will eventually be hacked. There’s no dearth of examples. Our desktops, laptops, smartphones and tablets are really just the playthings of any attacker with sufficient skills and time.

But now it’s getting personal. Hackers are hitting us where it really hurts.

Yes, I’m talking about our crappers. As the BBC reported earlier this week, it seems so-called smart toilets aren’t so smart after all. Researchers at Trustwave’s Spiderlabs recently discovered security flaws in a $6000 commode that could allow attackers to control the John remotely. The Beeb reports:

The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis. But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.

The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave’s Spiderlabs information security experts reveals.

"An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner….Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user."

In other words, using an extremely simply hack, an attacker could gain roto-rooter access to the device’s OS.

Admittedly, I don’t know anyone who owns a $6000 toilet. Then again, if I owned a $6000 toilet – which from the description above sounds more like a Ty-D-Bol-Man-sized personal valet — I’d probably never leave the house.

In Japan, where smart toilets were invented, higher end models are able to do sophisticated analysis of one’s, umm, personal effluvia, and email the results to your doctor. Imagine if a hacker could get his hands on that. Talk about your data dumps.

Though this particular scenario is ripe for potty humor, the problem is unfortunately real. As all of the devices around us become “smarter,” the opportunities for mischief and mayhem multiply. If there’s anyone out there is working on serious security solutions for these devices, I haven’t found them – and I’ve looked.

Most technologists are so focused on getting these new gizmos to work, and adding groovy new features, that security tends to get second or third billing. Exhibit A is Google, which shipped beta versions of Google Glass to 8000 pasty white guys with exactly zero security controls built in.

And that’s how we end up an $80 million yacht whose GPS navigation system can be commandeered by a handful of college kids. And smart cars that can be controlled remotely via a dingus plugged into the onboard computer, not to mention smart charging stations for electronic cars. And pacemakers whose settings can be altered via WiFi and forced to deliver shocks of 830 volts. The whole realm of digital medical devices is just waiting to be exploited. Good luck finding anyone who can tell you what security will be built into them.

Security by design is not a new concept, but it’s often ignored in the race to be first with the latest digital whatever. These devices may be smart, but this approach is stupid.

Live long enough, and you will probably have a smart toilet in your smart home. Hopefully the manufacturers will have flushed out all the security bugs before then. And if they don’t?  I for one don’t intend to take that sitting down.

This post originally appeared on InfoWorld.

Scary toilet image courtesy of Sodahead.

Love trees? Hate meat? You too may be a terrorist.

NSA_Logo_Prism_Self_SpyingRead any good spy stories lately? It’s all I’ve been doing for the past five days. Thanks to a 29-year-old disgruntled security geek named Edward James Snowden, we all know quite a bit more about what our nation’s spies are probably doing than we did just a few days ago.

While the details are still sketchy and the stories often contradictory, just about all of the paranoid conspiracy theories you’ve heard about the NSA and the 15 different spy organizations underneath its umbrella appear to be true. There’s enough material here for half a dozen LeCarre novels or at least one more Jason Bourne movie.

According to Snowden, any NSA agent with sufficient clearance can call up the phone, Internet, financial, and other activities of any American, anywhere in the world, going back for years. In a video interview with The Guardian, Snowden made the following claim:

I, sitting at my desk, certainly had the authority to wiretap anyone – from you or your accountant to a federal judge to even the president if I had a personal email….

Even if you’re not doing anything wrong you’re being watched and recorded.…. It’s getting to the point you don’t have to have done anything wrong, you simply have to eventually fall under suspicion from somebody – even by a wrong call – and then they can use the system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with, and attack you on that basis to sort of derive suspicion from an innocent life and paint anyone in the context of a wrongdoer.

Even if Snowden is exaggerating or lying – and I don’t think he is – those sentences should make you reconsider your use of electricity in all forms.

Let me simplify the issues. There are really only two things you need to worry about. One is accidental mistakes; the other is intentional mistakes.

1. The Accidental Terrorist

As we know from Snowden’s first leak, for at least the past seven years the NSA has been hoovering up metadata from our phone records – who we called, when we called, and where we were when we made the calls. In other words, if you are a heavy cell phone user, the the NSA could make a pretty thorough map of your movements over time, if it chose to.

In its official defense, the NSA insists it’s only spying on foreign nationals. The problem with that argument: How do they know you’re a foreign national based on your phone calling records? The only way this could work is if, as Snowden says, the agency collects all the data about all users – including phone records, financial transactions, Facebook posts, etc — analyzes it, then ignores whatever doesn’t fit its definition of “terrorist.”

And if you happen to fit the definition of terrorist, even though you aren’t one? Consider the case of Khalid el-Masri. In December 2003 the unemployed car salesman, a German citizen of Lebanese descent, was crossing the border between Serbia and Macedonia on a bus. He was hauled off the bus by Macedonian police and handed over to the CIA. From there, he was tortured for months on end in a secret American run prison in Afghanistan known as the Salt Pit.

Khalid el-Masri’s crime: His name was phonetically similar to Khalid al-Masri, who was suspected of aiding the 9/11 bombers. Also, the CIA agent overseeing his capture “had a hunch” he was dirty. When the spooks finally realized they’d made a mistake they drove el-Masri out to a deserted road in Albania and let him out to find his own way home.

In December 2012, ten years after el-Masri’s abduction, the European Court of Human Rights unanimously condemned the CIA’s treatment of him as inhumane and illegal.

2. Intentional Mistakes

In el-Masri’s case, the CIA made an “honest” mistake. Agents sincerely believed he was linked to al Qaeda. The odds of that happening to any of us are slight, though the consequences could be terrible.

Still, that’s not the scary part, and it’s not why Snowden leaked those documents. The reason Snowden came forward is that he realized the enormous potential for abuse such surveillance enables.

Beyond the case of el-Masri and a handful of others, we know very little about what the CIA and various other arms of the NSA did to innocent people.

But we know a bit more about what happened with the FBI after 9/11 and the passage of Patriot act. We know, for example, that the Patriot Act has been used almost exclusively for crimes totally unrelated to terrorism. We know that the FBI has abused the use of National Security Letters to collect information about American citizens without having to show probable cause before a judge. We know that some of the groups investigated for alleged terrorist activities from 2001 to 2005 included Greenpeace, People for the Ethical Treatment of Animals, and The Catholic Worker.

And we only know this because the FBI is subject to far more regulatory and judicial oversight than the NSA and any of its other shadow organizations.

The problem is that powers granted for one purpose (fighting terrorists) are inevitably employed for another purpose (fighting crime, identifying political dissidents, making life uncomfortable for government critics).

When the decision about whom to spy on is made in secret by some wonk with a hunch who will never be held accountable for his actions, then our personal liberties have been eviscerated. When tree-huggers and vegetarians can be considered terrorists, then none of us are safe.

This post originally appeared on ITworld.

Cool NSA logo courtesy of The People’s Cube, comrade.

Love Pentagon II: Electric legal bugaloo

david petraeus jill kelley abc

Poor Jill Kelley. All she wanted was fame and fortune, and all she ended up with was fame and misfortune. But that last part may soon change, if she wins the civil suit she and her husband just filed against the US government for the “willful, malicious, and unlawful violation of [their] constitutional and statutory privacy rights” during what became known as The Love Pentagon (aka, Petraeus-gate).

Per the complaint, filed in the US District Court district for DC on Monday:

Jill Kelley was held out as an object of ridicule, moral opprobrium, scorn, and derision… costing Mrs. Kelley positions of trust, responsibility, and diplomatic status, and costing the Kelleys public respect, lost income, and significant lost financial, business, and investment opportunities. The Defendants unforgivably transformed Mrs. Kelley’s reputation from that of a respected business and community leader and energetic entrepreneur who volunteered to support our troops into a woman of dubious virtue and integrity.

Translation: The Kelleys are accusing the FBI of leaking their names to the press, and now they want to get paid for their pain and suffering.

It’s a long and juicy story, full of more dramatic twists and turns than a Mexican soap opera. What follows is the tl;dr version. (Readers already familiar with the details may want to skip the next three graphs, or just view this flowchart created by Gawker and the more detailed and even snarkier version here.)

It started when Kelley received a series of vaguely threatening anonymous emails of the “get away from my man, you hussy” variety. Instead of ignoring them or blocking the sender, Kelley sicc’d a pal in the FBI on the anonymous emailer. The agent, Frederick Humphries (better known as “Agent Shirtless,” thanks to some semi-clothed photos he had shared with Kelley), dives into the Yahoo account and figures out that it belongs to Paula Broadwell, a national security analyst. He also uncovers email correspondence between Broadwell and then-CIA chief David Petraeus that indicates some high-level cloak-and-dagger hanky panky.

Agent Shirtless passes this information up the chain and waits. When nothing happens, he decides a cover-up is afoot by the Obama administration and leaks the story to Republican Congressman Dave Reichart, who tells top GOP rep Eric Cantor. Cantor goes to the DOJ and says ‘we know who Petraeus was boffing last summer.’ DOJ contacts Petraeus, who like a good solider falls on his sword, resigning his post.

The mainstream media, to whom a juicy political-sex scandal is like a wounded gazelle in front of a pack of hyenas, reacts predictably – diving into the belly of the beast and tearing out every hunk of meat they could sink their teeth into.

Which is how we learned more than most of us care to know about Kelley, her ambitions to become the Kim Kardashian of the Southeast, her extended flirty email string with the top US General in Afghanistan, her appointment as Honorary Consul General for South Korea (!), her troubled twin sister, and assorted other details of what it’s like to climb the social ladder of Tampa Bay one military uniform at a time.

Last January, Kelley and her husband published an opinion piece in the Washington Post declaring that the media reports about them were totally false. Maybe some of them were bogus, but I doubt all of them were. Even so, I’d bet all the money in my checking account that the Kelleys didn’t write a word of that op-ed. It has the aroma of a highly paid PR crisis management team all over it.

Kelley didn’t ask to become the lead story on TMZ. But she did try to use her military and FBI connections to track down her ‘cyberstalker,’ and those actions lead to the take down of some very powerful people.

I’m having a hard time sympathizing with her here. Can you tell?

If the Kelleys are so concerned about the loss of their privacy, why file a splashy suit bringing all of these issues back to the forefront? Jill Kelley was a footnote to history. Now she’s front page news again. I can’t help thinking that was the real plan all along.

The real outrage here is how a lone FBI agent with an agenda could create such havoc without a single crime having been committed. That seems to have gotten lost in the hubbub. Guess it’s just not sexy enough.

Petraeus-Kelley smooch courtesy of ABCnews.

Who can you trust with your data? Twitter, yes. Apple, AT&T and Verizon, not so much.

who has your back-large

You may not be aware of this, but: We are officially in the middle of Privacy Awareness Week, according to the FTC. To mark it, the Electronic Frontier Foundation published its annual “Who Has Your Back?” report, which details how major Internet companies share data with the government.

Seeking a company that will stand up to Uncle Sam? Look at Twitter and Sonic.net. Worried about service providers who’ll rat you out behind your back? Best avoid MySpace and Verizon, then.

Those are the broad conclusions of the 2013 report, which grades 18 ISPs, social networks, cloud storage vendors, and email providers on how they treat our data when Johnny Law comes pounding on the door.

Only Twitter and Sonic.net earn perfect scores on the EFF’s six criteria. Verizon and MySpace also got perfect scores – they went 0 for 6. Everyone else landed somewhere in between.

The EFF scores largely rate how transparent these companies are about their data sharing practices. They’re less about how successful they are at keeping the feds out of our business. For example:

Do these companies publish the guidelines they use to determine what kinds of user data they share with law enforcement and under what circumstances? Facebook and Foursquare are among the dozen who do; Apple, AT&T, and Yahoo do not.

Do they require a warrant before handing over your data? Google, Dropbox, and nine other companies do; Comcast and Verizon are among those that don’t.

Do they fight for user privacy rights both in court and in congress? Only four companies meet both of those criteria: Amazon, Google, Sonic.net, and Twitter.

Do they support Digital Due Process – ie, reforming the Electronic Communications Privacy Act to require warrants for sensitive data? Comcast, Verizon, MySpace, and Yahoo are all MIA.

In its report [PDF] the EFF holds a few giants’ feet to the fire, in particular huge ISPs like AT&T and Verizon, as well as Amazon, Facebook, and Yahoo:

Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when their data is sought by the government, produce annual transparency reports, or publish a law enforcement guide. Facebook has yet to publish a transparency report. Yahoo! has a public record of standing up for user privacy in courts, but it hasn’t earned recognition in any of our other categories.

And though Google’s score has slipped slightly, due in part to changes in how the EFF rates companies, it earns kudos for challenging a National Security Letter in the courts – an extremely rare event in any field.

Overall, scores for companies are improving, according to the report. Google, LinkedIn, Dropbox and Spider Oak all earn five stars, while companies like WordPress, Tumblr, and Foursquare all earned their first stars this year. 

But I suspect the reason behind the higher scores may be less cheery. Governments worldwide have wised up to these companies as sources of information about alleged criminals (or dissidents, or anyone else on their radar) and are stepping up their attempts to claim that data for their own.

Companies that didn’t used to worry about producing guidelines for when the feds come calling, now do. Cloud storage providers have woken up to the fact that they are a big fat juicy target for government agents with an insatiable appetite for data and minimal limits on what they can obtain.

That’s something to keep in mind as we ‘celebrate’ Privacy Awareness Week. These days that really should be every week.

This post originally appeared on Infoworld.

What the hell am I doing on the BBC?

So this week I’m on the BBC blabbing about how Web tracking companies are out to get us. What did the Beeb want with me? Read on for the details.

It started with this blog post I wrote a few weeks ago about how certain ads – one in particular for Jitterbug smartphones – were stalking me across different Web sites. I’d finally had enough of that and went into the Digital Advertising Alliance page to opt out. That’s when I discovered an “interests profile” compiled on me by a company called BlueKai that detailed 471 categories I might fit into, including “trendy homemaker” and “soccer mom.”

That post caught the eye of Matt Danzico, a reporter for BBC America based in New York City. He flew down to my office to film me in the act of being tracked online, talking about what I’d found and what shenanigans Web advertisers get up to. But, being the creative sort, Matt also had some fun with it. He filmed me walking down the street outside my office, with him hiding behind trees and lamp posts and jumping out at me unexpectedly, as if he were a spy. (Or possibly an elf.) He coerced total strangers to pretend to stalk me. He got us kicked out of a downtown café. (I still haven’t gotten up the nerve to go back.)

He then did the same thing to Peter Eckersley of the Electronic Frontier Foundation in DC, and filmed Direct Marketing Association CEO Linda Woolley in her New York office. (Not surprisingly, he skipped the stalking bit with the DMA.) Danzico edited hours of footage down to a tidy 3 minutes and 41 seconds, added an appropriately sinister spy movie sound track, and posted it to the BBC America Web site. It will be broadcast to an unsuspecting nation of Brits sometime this week.

I’d embed the video here to save you the trip, but the BBC does not countenance such tomfoolery. It’s worth watching, despite some scary close-ups of yours truly.

I do, however, have a few post-video fact checks to add.

1. In the video, the DMA’s Woolley makes the following statement:

“I think most people in the United States do know they’re being tracked online. And I also think that they’re OK with that. They get the economic model of the Internet. And the economic model of the Internet is quite simply that free content is supported by ad revenues.”

Actually, surveys by the Berkeley Center for Law and Technology, Harris Interactive, the University of Pennsylvania, Gallup and others consistently indicate a majority of Americans are not OK with being tracked online.

She also said this: “You can opt out of all behaviorally targeted ads with one click.” As I pointed out in a recent blog post (“Why opt out is such a cop out”), Woolley’s numbers are slightly off.

You can indeed opt out of 86 members of the Network Advertising Initiative (NAI) with a single click. If you want to opt out of the 480-odd members of the Digital Advertising Alliance (DAA) AdChoices program, however, it will take at least 271 clicks – and probably close to double that number. And you’ll have to do that for every browser you use. That’s not counting the 800+ tracking companies that aren’t located in either database and may not offer any opt out at all.

2. In the BBC story, the EFF’s Eckersley estimates that 5 to 10 percent of online ad revenue is related to online behavioral tracking – making the point that online advertising doesn’t need to collect your browsing history to support free content. The figures I’ve seen, courtesy of Abine’s Sarah A. Downey, are closer to 15 percent, and those are just an estimate. The Interactive Advertising Bureau doesn’t break out separate revenue figures for online behavioral advertising (OBA), but my guess is its significantly higher than that, and that OBA will very soon become the primary way ads are delivered.

3. I made sort of a misstatement myself near the end of the piece when I said “Here’s the ironic part. You opt out of Web tracking cookies by setting a tracking cookie.” Later I wondered, are these opt out cookies really also tracking cookies? Did I misspeak?

So I asked Rich Shay,  a fourth-year doctoral student in the School of Computer Science at Carnegie Mellon University, who’s been doing research into cookies along with a team lead by Lorrie Faith Cranor.

The answer? Yes and no, says Shay.

“There is evidence that some NAI/DAA members continue to track users who have opted out, while some stop tracking. A number of NAI/DAA members explicitly state in their privacy policies that they do not track users who have opted out of online behavioral advertising. Some opt-out cookies have very generic values, meaning that those cookies would not be suitable for the purpose of tracking. Other opt-out cookies have what appear to be unique identifiers, meaning they would be suitable for tracking. Further, under the NAI/DAA’s own rules, companies are allowed to continue to track users who have opted out. “

And there you have it. One day I’m an obscure privacy blogger, the next day I’m an international media superstar, and two days later I’m back to utter obscurity. Ah fame – so fickle, so fleeting.

Got a question about social media or privacy? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Web trackers are totally out of control

Further adventures in data mining, or welcome to my Lear Jet Lifestyle

Four reasons why Do Not Track turned into Do Not Trust

Why opt out is a cop out

OptOutAbout a week ago I wrote a piece asking why RapLeaf, a data mining company with a controversial history, had failed to remove my personal profile from its database, despite my strong recollection of having opted out some two years ago.

With some help from RapLeaf, I finally figured out what happened: I did in fact opt out two years ago, but I did so using a different email address than the one attached to the profile I found last week.

First: Apologies to RapLeaf for implying that it does not honor opt out requests, which is a fairly serious charge for a data mining company these days. My bad. Tell the FTC to call off the hounds.

Second: This is a classic example of why opt out as a form of privacy protection is almost totally useless.

Now RapLeaf operates a little differently than most data mining companies on the Internet. It actually ties your identity, via your email address, to your data. So when you opt out of RapLeaf’s database, you do it across all devices and browsers at once.

Of course, if you’re a geek like me, and have several working email addresses, you need to opt out of all of those addresses if you really don’t want RapLeaf building a profile of you.

That sounds bad, but it’s actually far better than how most Web tracking/data mining companies operate. They collect data anonymously (or pseudonymously), using browser cookies to identify you. That means if you want to opt out of being tracked, you have to do it for every browser on every device you use. Again, if you’re a geek like me, that means three or four browsers on my desktop and laptop, as well as browsers on my tablet and phone. And of course, whenever you get a new device, you have to do it all over again.

Wait, it gets worse. The Network Advertising Initiative offers a global opt out for 86 of its members. Check a box, click Opt Out, and you’re done. The Digital Advertising Alliance has its own opt out page listing some 480-odd tracking companies. But when you select global Opt Out there, it only works for 210 of them. If you want to opt out of the other 270 companies, you have to visit each of their Web sites, one at a time, and find the opt out link (if there is one).

And then do it for every single browser, on every device you own.

This is beyond onerous. You’d have to be an insane person (or writing a book about this) to go through that level of pain. And that is deliberate. There may be technical reasons why all of these companies can’t use the same opt out cookie, but the real reason is that nobody wants you to do it. They make twice as much money from delivering targeted ads than non-targeted ones. And the market for profile data outside of advertising has barely been tapped.

There are a few other rather sizable problems with opting out of tracking. One is that, because the opt out mechanism relies on a third-party cookie, if you happen to clear out those cookies, you’ve essentially opted back in to tracking.

The other problem: Opting out of tracking is not the same as opting out of data collection. These companies will continue to hoover up data about you and your Web habits, they just won’t use it to send you targeted ads. What is less clear is whether these firms can collect profile data and use it for purposes other than advertising. That’s where the rubber really meets the road. I’ve been seeking an answer to that question, but I haven’t gotten one yet.

So, to summarize: Opting out is not a solution. Yet it is the only solution Web trackers are putting on the table. What’s wrong with this picture? Everything.

This post originally appeared on ITworld.

Happiness is a Warm Murfie

My son, who is 16, was humming a tune to himself the other day as he got ready for school. It took me a minute before I realized what it was: “Happiness is a Warm Gun” by the Beatles.

Now I love the Beatles, but we don’t play a lot of it around the house (my wife is allergic), so I don’t know where he heard it. But it was stuck in his head, and he was about to head over to iTunes to buy it for $1.29 – or worse, spend $2 for a 20-second ringtone snippet — when I stopped him.

Instead, I went to Murfie.com and bought the entire White Album for $3. Then I played the song on our Sonos box in the family room. It totally ticked off my wife, but that was just a bonus. And then I got to bore him with Beatles trivia until he ran out the door headed for school. (At least he wasn’t late that day.)

The funny thing is, that $3 actually bought me a CD, but one that I never have to touch. Because that’s what Murfie does: It takes your CDs and turns them into MP3s you can listen to on your Sonos system, PC, and now iPhones and iPads with Murfie’s newly launched app. It also lets you buy and swap new and used CDs with other Murfie users. That’s how I found the copy of the White Album for $3.

A few months back I took a big chunk of my CD collection, tossed it into a box, and shipped it off to Murfie’s warehouse in Madison, Wisconsin. Now whenever I want to listen to “Exile on Main Street” or “Dusty in Memphis”; I just dial it up on one of my devices, and Murfie streams it to me. Or I can download the MP3s and carry them around with me on the device of my choosing.

I don’t have to hassle with storing my discs, but if for some reason I change my mind and want to hang onto all that plastic, Murfie will happily send my CDs back to me for a small fee.

My first thought was after discovering Murfie was that when the recording companies hear about this, they’re going to have their legal eagles descend upon Murfie from a great height, and that will be that. No more CD streaming, downloading, or swapping. But when I asked Murfie co-founder Matt Younkle about this, he had an answer prepared.

These are my CDs, he assured me. I owned them. Each one was literally ripped by hand by Murfie’s team of minions and stored on the company’s hard drives. So if 100 Murfie members owned a CD of The White Album, that’s how many digital copies they stored on their servers. And if I sold mine, my digital copies would be transferred to someone else. (Which is why if you download an album’s songs you can no longer sell them on Murfie – because that would be cheating.)

Younkle says Murfie is negotiating with the record companies right now for rights to access the master files for each artist, which would allow them to skip the ripping and stream a single copy of each album to multiple users. As Murfie grows – it’s now storing some 350,000 CDs, worth $5 million when new – that’s going to be essential.

I remarked to Younkle that Murfie reminded me a lot of the early days of Lala.com, before it was purchased by Apple and turned into Ping. Lala was essentially a social network built around discovering new music. He says that’s a direction they’ve been exploring too. Younkle said he’s noticed how people like to interact on Murfie, so they opened up the service to allow members to explore the musical collections of others with similar tastes. He says they plan to build more social tools into the service over time.

Murfie isn’t free, of course. My Gold membership costs $29 a year; there are  $1 transaction fees when non-Goldies buy albums, and other assorted fees. Not surprisingly, the music selection is somewhat random and changes day to day. It’s much more like a very large used record store than iTunes or Amazon Music, one where you can happily kill a lazy afternoon just flipping through discs.

I don’t often find services or products I like all that much. What can I say? I’m a curmudgeon. But Murfie is definitely one of my faves. When I need a music fix (cause I’m goin’ down), it’s where I head first.

Are there any Web services you just love? Share them below or ping me on Twitter.

This originally appeared on ITworld.

Faster copycat – shill, shill!

faster_pussycat_kill_kill_towatcghpile-755x1024One of the unwritten rules in Hollywood is that if something is remotely successful, a sequel is virtually inevitable. It turns out the same is also true in the blogosphere.

Last November, I wrote about a reader of mine named Stephen G. who discovered Apple’s iCloud was censoring the emails of his clients without telling anyone.  Anything with the phrase “barely legal teen” in the email body or an attachment was automatically sent into the ether – not shunted to a Spam folder, just 86’d without notice.

Stephen G. creates software used by screenwriters, one of whom couldn’t figure out why emails containing PDFs of his 109-page opus kept disappearing on the way to his agent. Then they figured it out. Copies of the script containing the words “barely legal teen” were blocked, those without the offending phrase went through without a hitch.

I went back and forth with Steven on email, tried to contact Apple for comment (fat chance), wrote about it, and then moved on to other topics.

Last week I was scrolling through my Twitter feed when I saw a tweet a that read: “It appears that Apple has gone insane. They absolutely have to address this publicly” with a bit.ly link. Who could resist that? I clicked the link and was surprised to find my November blog post – or rather, a rapidly summarized version of it – on the Cult of Mac blog. The author, Buster Heine (that’s his real name, I swear), had tried to send emails containing the offending phrase via iCloud and couldn’t. Like me he also tried and failed to get comment from Apple. And that’s about it.

Why, I wondered, was this suddenly “news”?

Two days after that, a longer but otherwise identical story appeared in MacWorld UK, InfoWorld’s IDG sister site across the pond. Displaying a Ninja-like command of the passive voice, editor-in-chief Mark Hattersley wrote: “Apple’s iCloud email service deletes all emails that contain the phrase ‘barely legal teen’ it was revealed today.”

Hattersley did a scosh more testing than Heine, but otherwise it was the same story, based on something I wrote four months ago. A few hours later Dan Moren and Lex Friedman of MacWorld US did a follow-up with more rigorous testing and came to the same conclusion. However, they at least managed to get someone from Apple to comment, kinda sorta. Per Apple:

“Occasionally, automated spam filters may incorrectly block legitimate email. If the customer feels that a legitimate message is blocked, we encourage customers to report it to AppleCare.”

MacWorld responds, quite rightly: “Of course, that introduces a sort of existential dilemma here: How do you report the non-arrival of an email that you never received?”

From there, the story blew up. It appeared on the Web sites of several UK and US newspapers, Gizmodo, Gawker, VentureBeat, HuffingtonPost, Ars Technica, BoingBoing, and TheVerge, among others. All of them credited one MacWorld or the other as the source of the story. Only one of them linked here.

Of all dozen or so stories I scanned, only The Unofficial Apple Weblog (TUAW) and Read Write Web noted that the blog you are now reading was the original source of the story, as well as the fact it was four months old, in the lead. Thank you, Randy Nelson of TUAW and John Paul Titlow of RWW for actually clicking the link in the MacWorld UK story and reading it. Shame on the rest of you.

Why did a post I wrote nearly four months ago suddenly become a hot topic on the InterWebs? I decided to find out. It turns out Cult of Mac’s Heine blog saw my original post highlighted on the BuzzFeed FWD twitter stream. Twenty five minutes later, Buster had his version online.

I asked BuzzFeed Tech editor John Herrman where he found the story. He says he first saw it on on his Twitter stream, posted by a Mac/iOS developer in Oregon named Justin Miller. For his part, Miller says he heard about it on an IRC chat with some friends.

The Cult of Mac story was posted on Hacker News by a security geek named Ryan Lackey, and garnered hundreds of comments. It was also posted to Reddit but got very little attention there.

Via Twitter, I asked Hattersley, who “revealed” the story to him, but have yet to get a response. My guess is he saw it on Hacker News, Twitter, or Cult of Mac. Or maybe it came to him in a dream. But in any event, he hit the Web lottery jackpot: Unlike Cult of Mac’s version, his story got hot on Reddit, garnering nearly 1800 comments.

macworld uk tweet

MacWorld UK wrote a follow-up about the story, and even attempted to claim credit for a partial outage of iCloud that happened around the same time:

We wondered whether we encouraged people to start testing whether Apple was filtering phrases such as "barely legal teen" and if that influx inundated to Apple’s spam fitters and caused the servers to fall over.

Thanks to that one story we saw as much traffic to our website in one day as we saw in the three days preceding it, luckily our servers didn’t fall over.

Why did this story go viral? There are a few obvious reasons.

1. Apple obsession. The Internet loves all things Apple — far in excess of how people in the real world love all things Apple. This explains the seemingly infinite number of Apple-centric blogs, not to mention all those general tech sites that spend at least a third of their time slavishly covering everything that comes out of Cupertino.

2. Big corporations behaving badly. Everyone loves a story about the bully getting caught with his pants down – and when the bully is Apple, it’s even juicier.

3. Salaciousness. If this were about Apple blocking phrases like “cheap home mortgages” or “lose weight instantly” in emails I don’t think anyone would have bothered. But “barely legal teen” allows Web sites to both stand the moral high ground yet benefit from get all that traffic. Wink wink, nudge nudge.

4. The narrative. This story fits perfectly into a well-established storyline about Apple as control freak prudes. The blog post practically writes itself. No wonder it only took 25 minutes.

5. Dumb luck. The Cult of Mac story died on Reddit, but the MacWorld UK story blew up there two days later. Only God and Reddit CEO Yishan Wong know why, and Wong is probably just guessing.

What effect did all this have on InfoWorld? Almost none. Though the original stories linked to my post, most of the rest did not. And this, in a nutshell, encapsulates everything that’s wrong with how news is reported on the Web.

This wasn’t exactly a Pulitzer Prize winning effort on my part. But I did engage with my source over a period of days, asked him to test out different scenarios to suss out whether iCloud really was blocking those messages or something else was to blame. I looked through the iCloud terms of service to locate the bits where Apple reserves the right to censor anyone’s content at any time without notice, and contacted Apple asking for comment. (As if.)

In other words, I spent more than 25 minutes on it.

People in the Web “aggregation” business always use the same argument in their defense. Yes, we may take your story, do almost nothing to improve it, and still manage to grab many more eyeballs for it than you did. But at least we are bringing you attention and link love you would not have otherwise gotten.

That’s the alleged quid pro quo in the new millennium. But it’s all BS. The paltry amount of “extra” traffic you may get does not somehow pay for the cost of the original reporting, even for something as simple as this story. It’s nowhere near an equal exchange. Which is why organizations that do original reporting are struggling, if not dying outright, while the copycats thrive.

At some point, and we are rapidly approaching it imho, this model breaks down completely. When the reporters are gone, what will be left for repeaters to rewrite? Press releases, corporate news, and government spin – written mostly by the same folks who used to be on the other side, reporting on it.

Remember, you read it here first. But probably not last.

This post originally appeared on InfoWorld.

Faster Pussycat poster found just about everywhere.

Pussies use smartphones. Real men wear goggles.

Sergey-Brin-Google-Glass-ReutersSergey Brin said it, so it must be true. Smartphones are emasculating.

Speaking at a TED conference earlier this week to show off the latest version of Google Glass, the Google cofounder opined thusly:

"You’re actually socially isolating yourself with your phone," Brin told the audience. "I feel like it’s kind of emasculating…. You’re standing there just rubbing this featureless piece of glass….

"I whip this out and focus on it as though I have something very important to attend to," Brin added later, holding up his phone. "This [Google Glass] really takes away that excuse.”

As a general rule, I try not to think about Sergey Brin whipping things out of his pants and rubbing them. But I have to admit he has a point. Brin is, after all, one of those rock solid icons of masculinity, someone you talk about in the same breath as Arnold Schwarzenegger, The Rock, or Chuck Norris.

And it’s true: Girlymen use smartphones. Manly men wear Goggles that make them look like Poindexter McNerdipants on his way to the AV Club dance.

But it got me to thinking about how emasculating much of our other technology is. Take tablets, for example. You call an iPad a computer? That’s not a computer. It’s an Etch-a-Sketch with an attitude.

What do you do with a tablet? You tap, swipe, and pinch. Did you ever see John Wayne tapping, swiping, or pinching? No, you did not. Real men rustle, wrangle and punch.

In fact, a true manly man (or manly woman) uses a liquid-nitrogen-cooled 16TB sextuple-core beast that requires 15 minutes’ notice to the utility company before he turns it on. And when he’s traveling (on horseback, or barefoot over the badlands of South Dakota) he carries a 15-pound ruggedized laptop with broken glass Krazy Glued to the keyboard.

You know what else is emasculating? Social networks. What do you do on Facebook, Twitter, and Linkedin? You ‘friend’ people. You like the things they post. You follow them, hoping they’ll follow you back. You ask them to please pretty please link to your profile and – just maybe – endorse your pathetic set of unmanly skills. In short, you act like a complete and utter wuss.

Real he-men and she-men don’t ask other people to be their friends. They acquire targets and then conquer them. They impress others into servitude. And when that person has outlived his or her usefulness, they ‘defriend’ them by reaching into their rib cages with their bare hands, ripping out their still beating hearts, and devouring them.

Also emasculating: Working from home. Admit it, you know the only reason people work from home is so they can wear a dress all day. That or go full commando. No wonder the FedEx refuses to come to the door any more.

Telecommuting is for wimps. You know what’s not for wimps? Spending two hours each day crawling through rush hour traffic or packed like sardines in a commuter train with a bunch of strangers who smell like offal. Drinking day-old coffee that tastes like battery acid, eating junk food out of a hallway vending machine, and arguing about the size and location of your cubicle. Real he-men and she-men are happy to waste endless hours in meetings where only one person ever talks and everyone else stares out into middle space with eyes like dead fish.

That’s manly. No wonder Marissa is such a fan.

Emasculating: Using a store bought operating system like Windows or Mac OS.

Manly: Coding your own OS from scratch using your own fork of Yellow Dog Linux. And then documenting every single g-ddamned line. In Sanskrit.

I could go on, but you get the point. It’s not enough to be using the best technology, or the smartest, fastest, cheapest devices. You must also choose the tech that makes you look most like a testosterone-fueled knuckle-dragging brute.

You know, like Sergey.

This post originally appeared on InfoWorld.

He-man Sergey pic courtesy of Dvice.

The Internet: You broke it, you own it. Now fix it.

you break it you buy it you own itI am hereby declaring the Pottery Barn Rule to be in effect for the entire Internet. Memo to all hackers worldwide: You broke it, you own it, now fix it.

Let’s just recap the last week or so.

We have the Mandiant report, published earlier this week by the New York Times, which details how Chinese Army hackers wormed their way into more than 140 US and Canadian organizations over the last six years, including (ahem) the New York Times.

Then there’s the Twitter follies:  Several major brands were taken over by pranksters this week, among them Jeep, Burger King, and Fitzer Automotive.

Some of these hacks were clearly just juveniles messing around. Like the ones who changed Burger King’s Twitter handle and image to “McDonalds,” then blasted out tweets like this:

Shortly thereafter, presumably the same delinquents changed Jeep into Cadillac and began riffing:

Other more commercially minded hackers were trying to pocket a few buck by spewing out spammy affiliate links:

Of course, the news here isn’t all bad. Burger King’s Twitter account gained 60K new followers after the hack. And had you ever heard of Fisker Automotive before today? I hadn’t. 

Still, that’s the lighter side of hacking, which seems to mostly involve guessing sites’ Twitter passwords. Other attacks were less benign.

Employees at Facebook, Twitter, and Apple found their systems compromised after they visited the iPhoneDevSDK forum. That geek haven was targeted by a “watering hole” attack – drawing javabeests to the hole only to pounce upon the old and the weak, infecting them. There are likely to be many more by the time the dust finally settles.

According to the HitmanPro blog, a number of NBC.com sites were compromised to serve up malware that turns any visitors’ system into a botnet zombie.

The Zendesk customer support service database was breached, spilling email addresses and more for customers of Twitter, Pinterest, and Tumblr.

Have I left any out? Probably.

So I’m here to say that I, for one, welcome our alien hacker overlords. Game over. You won. But now that you’ve bollixed your favorite plaything, you need to fix it.

I’m serious. Think how much better things would work if all these talented code monkeys used their powers for good and not evil. They could certainly offer better customer support than most companies do. Maybe that’s why Zendesk got targeted.

So the next time my crappy cable Internet connection goes on the fritz (ie, in about 17 minutes), I’m not calling Time Warner, I’m calling you, Mr. Anonymous.

Hate Facebook’s latest whatever privacy sapping feature, or Apple’s incessant iTunes updates? Send a tweet to AntiSec.

And when Elon Musk wants to call a New York Times reporter a liar and a fake, he needs to take that up with Wen Jiabao.

Spammers nearly destroyed email; now hackers threaten to do the same to the Web. If they’re going to treat the Net as their own private playground, the least they can do is clean up afterward.

This post originally appeared on ITworld’s Thank You For Not Sharing blog.

Online security? It’s dead, Jim. Now what?

leonard mccoy hes dead jimA couple of days ago I received a scary sounding email from Twitter. It started like this:

Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We’ve reset your password to prevent others from accessing your account.

My first thought was that this email was bogus – a phishing attempt to capture my Twitter log-on credentials. So I ignored it and logged on to my account directly from another device to see if there was any strange activity (at least, stranger than usual). There wasn’t.

Still, just to be safe, I changed my password to something more obscure and secure. Then I saw the news reports. I was one of the 250,000 Twitterati whose accounts had been hacked. There was a time where that might make me feel special in a perverse way. But those days are gone. Increasingly, hacked is the normal state of being.

Last week, the New York Times published a detailed report of how agents most likely working for the Chinese government had hacked into its computers, located and decrypted its users’ passwords, and were roaming freely around its network like teenagers at a mall. A day later the Wall Street Journal published a me-too story, as did the Washington Post. Reuters and Bloomberg have also reported being hacked.

Yesterday I tried to dial up a story on ZDnet about how Anonymous had leaked personal details for 4000 bank executives, when I ran into this warning message in Chrome:

Turns out that NetSeer, an advertising network used by ZDnet, had been attacked by a malware injection exploit. NetSeer says its ad network was not affected, but any sites that carried NetSeer ads were automatically flagged as dangerous by Google.

Here’s the deal. My Twitter account didn’t get hacked because I did something stupid. It got hacked because someone else – most likely a developer of a third party app that hooks into my Twitter account – did something stupid.

The Times got hacked most likely because somebody on its payroll fell for a phishing email that allowed the attackers to infect the network with malware — kind of like leaving a ground floor window unlocked for a burglar. Still, the attackers had to hunt around to find where the passwords were kept and then spend a few weeks decrypting them. Aside from the employee who got duped, the Times didn’t do anything stupid, but everyone who worked there paid the price.

Similarly, if you visit a site whose ads have been infected by a malware injection scheme, you’re the one who’ll be punished. Your security software and/or browser might catch it in time, or it might not. More likely the latter – security software is increasingly useless against zero-day attacks.  But you don’t have to do anything stupid, you just need to be unlucky.

Twitter’s blog post about the hack is pretty chilling. Director of Information Security Bob Lord wrote:

This attack was not the work of amateurs, and we do not believe it was an isolated incident. The attackers were extremely sophisticated, and we believe other companies and organizations have also been recently similarly attacked.

In other words, these aren’t your father’s script kiddies. And the fun is only just beginning.

Unfortunately, Lord proceeded to spoon out the usual advice everyone serves up a spate of hack attacks – keep your security software updated, choose complex passwords for every site using upper and lower case letters and numbers blah blah blah.

You know what? The usual advice is wrong.

The solution isn’t to create a ridiculously complex password that looks like a ransom note for every single site you visit, or to install a password manager like LastPass or FastLane or RoboForms on every single device you use. Nor is keeping your pricey anti-malware package religiously updated going to do you much good.

Remember, Twitter’s own password database got hacked – and it wasn’t because they forgot to update their antivirus software. The New York Times network got infected by 45 separate pieces of malware, only one of which was detected by its Symantec security suite. Most “secure” passwords are only slightly harder to crack than insecure ones, especially when the attackers have all the time in the world to do it.

So stop focusing on secure passwords. Think about secure identities. By this I mean it’s time uncouple your real identity – the one you use in three-dimensional meat space — from your online identity. You should assume your public accounts and even your corporate email are going to be hacked, and put all your effort into protecting the things that really matter: your banking credentials, your cloud data, the email account where your password recoveries are sent.

The simplest solution: Create an email address you use only for those accounts, ideally on a domain you own (and use only for that purpose).  The $12 a year you’ll spend on the domain, plus a few bucks a month for some email inboxes on that domain, is well worth it. Use a unique address for each account you want to protect. Don’t publish it. Don’t share it with friends. Couple it with a looooong username you can remember, like a song lyric you’ve memorized. Or the first letters of each word in that lyric – like this: PYOABOARWTTAMS@noneofyourgoddamnedbusiness.com.

Can you identify that song? (I picked an easy one.)

Do the same for your password. Since you’ll only have a few to remember, it won’t seem quite so painful or impossible. And let the rest of your accounts go.

Is this a perfect solution? Hardly. Someone could eventually identify that domain and brute force that email address. But it will be a lot more work, and because the first thing they’ll use it for is spam, you’ll have a clue it’s been compromised when the first Cialis ads start showing up in your junk folder. Then you’ll know it’s time to pick a new one.

You might think, Twitter schmitter – who cares if someone has hacked my account? Well, that could be the first step in unraveling the rest of your identity – as Wired’s Matt Honan can tell you. That’s why it’s time to hide in plain sight, and to start separating your real identity from the ones you use on Twitter, Facebook, Tumblr, etc.  Do it now, I’ll wait.

As a journalist, I’m kinda stuck – I need to be a semi public person, because I need to give strangers a way to reach me in order to do my job. But you may not have to.

I’ll bet my readers have better ideas about how to deal with the “security is dead” problem. What would you do?

This post originally appeared on ITworld.

RIP Aaron Swartz (1986–2013)

aaronswartz-v2Large swaths of the Internet are in mourning for Aaron Swartz, the 26-year-old hacktavist who took his own life last week. I didn’t know Aaron and didn’t know much about him besides the thumbnail sketch that has now been repeated thousands of times across the Web. But it’s a heck of a thumbnail.

At age 14 Swartz invented Really Simple Syndication (RSS), which revolutionized how blogs were distributed and consumed. As a Stanford undergrad he started Infogami, a wiki platform that was later absorbed into Reddit – and made him independently wealthy when Reddit was bought by Conde Nast in 2006. Swartz helped to develop the Creative Commons standard that governs copyright and fair use for millions of Web sites. More recently he had been attempting to bring the “information wants to be free” ethos into reality, breaking into closed systems of information and trying to open them to the public.

On Friday evening Swartz hanged himself in his New York apartment with his own belt, leaving no note. His death has been attributed to the combination of a lifelong battle with depression and Swartz’s realization that he would soon have to do prison time for a crime he committed as an act of hacktavism.

In September 2010, Swartz entered an unlocked server closet at MIT, connected his laptop, and began downloading millions of files from JSTOR, a fee-based trove of academic papers. For that crime he was facing up to 35 years of federal prison time at the time of his death. This is despite the fact that Swartz returned the files and JSTOR opted to drop charges against him in June 2011.

MIT and federal prosecutors apparently decided to make an example of Swartz. Well, they got their example.

The more I read about this, the angrier I become. Lawrence Lessig, the Harvard Law professor who was both friend and advisor to Swartz, sums up the outrage rather nicely:

Here is where we need a better sense of justice, and shame. For the outrageousness in this story is not just Aaron. It is also the absurdity of the prosecutor’s behavior. From the beginning, the government worked as hard as it could to characterize what Aaron did in the most extreme and absurd way. The "property" Aaron had "stolen," we were told, was worth "millions of dollars" — with the hint, and then the suggestion, that his aim must have been to profit from his crime. But anyone who says that there is money to be made in a stash of ACADEMIC ARTICLES is either an idiot or a liar. It was clear what this was not, yet our government continued to push as if it had caught the 9/11 terrorists red-handed.

Look at the aggressive prosecutions surrounding the Anonymous hack of Stratfor, or the reprehensible treatment of Bradley Manning in captivity, and you’ll see the same pattern.

True, Manning’s leak of 250,000 government cables to WikiLeaks – and WikiLeaks’ ham-fisted handling of those files, resulting in unredacted copies spilling out onto the Internet – probably caused real harm to real people. Still, it’s hard for anyone to justify what happened next: Being held for three years without trial in conditions similar to those at Guantanamo Bay.

But what harm has the Stratfor email leak ultimately caused? Who has been damaged by the downloads from JSTOR?

This not unlike the well-documented differences in sentencing for cocaine in its powder and crystalline forms. Despite recent reforms, possessing a small amount of crack can still earn you a much more severe prison sentence than the equivalent amount of powder, and we all know why that is.

Here instead of a racial divide there’s a cultural one, with the forces of law and government on one side, and the geeks on the other. Yes, government has its own troves of geeks, but they’re generally not the ones writing laws or making policy. By and large, those who are creating legislation and turning the creaky wheels of justice not only don’t understand technology, they’re afraid of it. These are not crimes they or their well-connected cronies would ever commit; who cares what happens to those who do

So when a massive international bank is found to be laundering money for terrorists and drug cartels, it gets a hefty fine, which is of course paid by its customers and shareholders. No executive gets to wear an orange jumpsuit.  Nobody at HSBC is looking at doing 35 minutes in jail let alone 35 years, not even in one of those Club Fed prisons where bad rich white men who got caught are forced to play tennis. They don’t even lose their country club memberships or the keys to the Lexus.

But when a skinny kid with a laptop downloads papers nobody other than a few miserable PhD candidates will ever read, the feds bring out the big guns. What’s wrong with this picture? Everything.

By the way, two days before Swartz killed himself JSTOR made its archives available to the public, free of charge. That stolen property the government says is worth “millions”? Apparently worth a good deal less.

So JSTOR finally agreed with Swartz: Information wants to be free. So do we, the people. But our government apparently has other ideas.

This post originally appeared on InfoWorld.

Online branding and media planning

Editor’s Note: This is a sponsored post from MediaDiscovery. In other words, I didn’t write this.

The right image for a company is a necessity when competing in a vibrant business environment and getting your profile seen on both, the online and offline markets on a global level will generate the desired traffic your brand deserves. With display advertising becoming an integral part of a brand’s make-up with its rapid evolution over a short space of time, it’s the only way in which a consumer can be heard above a saturated market.

MediaDiscovery banner

Targeting online portals specific to the brand by cross-platform campaigns has become somewhat an art form in a myriad of social networks with sites such as Bebo, Facebook and Twitter prevalent on the Internet. Only with a team of dedicated specialists would you be able to drive a brand’s profile forward efficiently by forming partnerships with smaller likeminded sites, this is often referred to as “targeting the long tail web”.

The best brand marketing experts will concentrate on getting the drive of traffic towards the website as opposed to quick visual offline adverts that may not turn viewing into visitors. Looking at the long-term plan is something that needs to be addressed for optimum results rebutting flash-in-the-pan PR exercises. That’s why diverting and carefully targeted audiences towards your website or product will save marketing spend thus reducing the archetypal campaign pitfalls. The filtering of the demographics look at the longevity of the campaign, it gives the client a sense that the campaign is not only important but a work in progress.

Among the leading online marketing and media planners globally, Media Discovery has a team of over 200 dedicated experts in all disciplines of online branding, PR and much more. With a global workforce dedicated to providing a 24-hour service to their clients they make sure that your budget isn’t wasted on misguided campaigns. “Online branding campaigns deliver a 25% to 35% higher return-on-investment than using standard direct marketing metrics” states Jupiter Media Metrix. So, for Media Discovery to reach the level they are at now, they’ve utilized their specialist operatives to their full potential in order to get the very best results at the forefront of the market place. They prudently select potential ad spaces that meet the guidelines and demographics of the client’s campaigns and attract the power-buyers to them. Resulting in a diverse platform to promote a client’s product and broadcast it across a multitude of disciplines and channels.

Would you trust a LinkedIn endorsement from someone wearing a banana on his head?

Stop me if this has happened to you. You open your inbox one morning and see a message from an old work colleague named Bob, sent via LinkedIn. It looks something like this:

Eager to find out what wonderful things Bob has to say about you, you click the “See endorsements” link in the message, where you are then thrust into a series of ethical and moral dilemmas.

First, of course, is the question, What about Bob? Should you reciprocate and endorse him back? It is after all the polite thing to do, even if Bob is a knuckle-dragging troglodyte with personal hygiene issues who couldn’t spell “cat” if you spotted him the c and the t. Everyone has some good inside them and – more important – Bob might one day be in a position to offer you a job.

So you dutifully visit Bob’s profile, endorse him for his Strategic Planning and Microsoft Excel skills, and add a few new ones to his CV, like “Eating” and “Breathing.”

But wait, you’re not done. LinkedIn now wants you to endorse four more of your contacts for their various and sundry skills. In fact, LinkedIn’s going to make it easy for you by letting you endorse all four at once by clicking a single button. And, because you’re in a generous mood, it will let you click that Endorse button again and again and again.

In less than a minute, you’ve become a virtual recommendations engine, spewing out kinds words about gracefully aging colleagues and people you may have once met at a cocktail party, maybe. And of course, having received your endorsements, most if not all of these folks will feel obligated to scratch your virtual back by endorsing you in return.

It is stupidly easy. Just messing around, I endorsed 100 people in less than two minutes — click click click click –  and I could have seemingly kept going forever, if I didn’t get bored.

The question, of course: Are these endorsements worth the paper they’re not printed on? That depends on whom you talk to.

If you’re using the service as intended, says LinkedIn spokesperson Julie Inouye, you should only be connected to people you actually know, and you should only be endorsing them for skills they actually have. From that perspective, offering one-click endorsements is much easier and faster than asking people to crank out a written recommendation.

“It takes the writers block out of the equation,” she says. And it gives your colleagues a chance to add skills you have but may not have thought of to your profile, she adds. For example, her LinkedIn profile boasts 14 endorsements for event planning, a skill that someone else suggested for her.

From LinkedIn’s point of view, endorsements have been wildly successful, coming in at a rate of more than 10 million a day – more than 500 million since LinkedIn rolled out the program last September. Some 95 percent of the new skill endorsements suggested by colleagues are ultimately accepted by the endorsees.

On the flip side, LinkedIn has made it far easier to make connections with near-total strangers; once you connect with someone, it serves up an endless stream of suggestions for more people you may or may not know, based on who is in your network.

Two or three years ago LinkedIn used to be much tougher about who it let in your network. You could only ask to connect with people who worked at the same company, or if you got introduced via a mutual acquaintance, or if you knew their email address. To keep from getting completely waxed by the explosive growth of Facebook and Twitter, however, LinkedIn clearly decided to make things easier. Now all you need to know is how to click your mouse.

Of course, you have some control over the endorsement process. You’re not forced to endorse anyone; just click the little x in the upper right corner of each box.  (You will have to do this every time you use LinkedIn, however; Inouye confirms that there’s no way to keep the endorsements products from nagging you.) You can unsubscribe from emails notifying you about endorsements from others. And you can control what skills are displayed on your profile.

If a colleague endorses your Pole Dancing skills, for example, you have the option of showing or hiding that on your profile. (Though why you’d want to hide that I have no idea.)

You can also see the name and photos of every person who’s endorsed you along the way. That of course raises more questions. Like why did my old colleague Owen endorse me for Publishing but not Social Media? And why did Aaron E., a person I’ve never met, endorse me for a job I haven’t had since he was a small child, and why does he appear to be wearing a banana on his head?

I look at LinkedIn endorsements the same way I look at Klout – a temporary ego boost that ultimately means very little. When I asked my non-banana-wearing colleagues what they thought of LinkedIn endorsements, most of them replied, “Not much.” One, however, had an interesting take.

Bobbie Carlton, principal of Carlton PR & Marketing, said she’d been pondering this question for a while and finally decided that endorsements are a kind of litmus test that tells you what other people think you do for a living.

“It’s like a word association game – ‘Say the first thing that comes to mind when I say someone’s name’,” she says. “I have to believe endorsements will eventually serve a higher purpose; if I am looking for someone with a specific skill, the people with the most endorsements might rise to the top.”

Of course, that’s also somewhat dependent on which skills LinkedIn offers you the chance to endorse, and how promiscuous you are with your own endorsements. For me, what rises to the top is Blogging, which gets twice as many endorsements as Editing and Journalism, and five times as many as Writing. That’s the reverse of how I’d describe myself, but it might be how I look to the world at large.

My name is Dan Tynan, and I endorsed this blog post. Honestly.

This post originally appeared on ITworld.

What will absolutely, positively happen in 2013

scrambled-toast-crystal-ball-300x285Well, looks like we made it through the Mayan apocalypse after all. That means we’re faced with another year – and more predictions about what that year may hold in store.

As faithful readers may recall, last year I successfully predicted the Facebook IPO (and subsequent face plant), that Windows Phone would become the third most popular smart phone (and still get no respect), and that Mitt Romney would be the Republican nominee for president (and still get no respect).

However, I unsuccessfully predicted that Apple would produce an iOS based HDTV, RIM would be acquired by either Google or Microsoft, and the Geico Gecko would become a third-party candidate for president. Also, there was that whole Mayan prophecy thing. Who knew they had more than one calendar?

Still, with a track record like that, I couldn’t resist doing it again. Here’s what’s going to happen over the next 12 months – you can bank on it. Expecially if you bank at Leon’s House of Savings and Waffles, like I do.

Prediction No. 1: This year I am renewing my prediction that Apple will bestow a new apps-friendly HDTV unto a grateful planet. Why? Because a) it has to happen eventually, and b) what else do they have left? The number of devices that can be doused in magical sparkle sauce (aka the Apple iOS) is dwindling rapidly.

Prediction No. 2: After being named 2012 Person of the Year in Time.com’s Internet poll and “sexiest man alive” by The Onion, North Korea’s Kim Jong Un will stun the world by making an appearance on The Voice. His signature song: “My Way – Gangnam Style.”

Prediction No. 3: Agents working for Iran will launch a major cyber attack on the US, crippling critical parts of our domestic Internet infrastructure. This will go largely unnoticed by US netizens, who will be too busy arguing over the latest language changes in Facebook’s terms of service.

Prediction No. 4: After finally identifying the Higgs Boson (aka the “God particle”), researchers at the Large Hadron Collider in Geneva will announce they’ve identified the Atheist particle. It will turn out that it was on Quora all along.

Prediction No. 5: Tim Cook will introduce the iBlender, a miraculous device that allows user to make delicious life-changing smoothies by tapping on a touchscreen, provided you only use ingredients pre-approved by the Apple Store. (Sorry, no Blackberries.) The Internet will spend the next three months tearing down the iBlender to price out its component parts, writing about how blended drinks have changed everything forever, and speculating when the next, even smaller, model will appear.

Prediction No. 6: Six months later Google will introduce the Blendexus, a kitchen appliance with razor sharp titanium-coated blades that can render any object to an recognizable pulp within five seconds. However, a bug in the Android 5.3 OS (aka “Krispy Kreme”) will cause it to occasionally go beserk and start attacking household pets.

Prediction No. 7: China will release malware that targets SCADA systems at US utility companies, rendering one third of the nation without power. The other two thirds won’t notice because they’ll be too busy complaining that Twitter is acting really wonky.

Prediction No. 8: Foxconn will announce sweeping new reforms in its electronic sweatsh– err, manufacturing facilities, most of them involving replacing human workers with robots. Six months later the robots will go on strike, citing intolerable working conditions.

Prediction No. 9: Members of US Congress will introduce several major pieces of legislation targeting content piracy, all of them ghostwritten by Hollywood lobbyists. These will fail after Reddit exercises its supreme veto power, as dictated by the US Constitution version 2.0.

Prediction No. 10: A software malfunction at a crumbling ICBM facility in Novosibirsk will accidentally launch a first strike nuclear attack on US cities. An autonomous counter-strike driven by a long-forgotten COBOL routine buried deep within NORAD’s mainframes will result in total global destruction, one year behind schedule. Web surfers will be the last to realize this, because they’ve been too busy creating animated GIFs of Kim Jong Un singing “My Way.”

This originally appeared at InfoWorld.

Fortune teller image borrowed lovingly from the Overly Positive blog.

Murder 2014: Colonel Mustard, in the chat room, with the Internet

colonel mustarg webIn a couple of years the Internet might just kill you. At least, that’s one of the 2014 predictions from one security company.

This is the time of year when everyone and their dog posts their predictions for what will happen in the wacky world of tech in 2013. The reason? Nobody wants to work over the holidays, and a predictions post is one of those you can whip up ahead of time and just pop in the microwave when it’s time to publish. (Look for one coming from me over the next week or so.)

But I gotta hand it to the folks at net security firm Internet Identity. They decided to beat the rush, skip right over their 2013 predictions and go straight to 2014.

What’s in store two years from now? Murder and mayhem – literally, says IID president and CTO Rod Rasmussen. He says, and I’m not making this up, that in 2014 we will see the first homicides committed remotely using the Internet as the murder weapon.

Per IID’s release:

With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders. Examples include a pacemaker that can be tuned remotely, an Internet-connected car that can have its control systems altered, or an IV drip that can be shut off with a click of a mouse.

“With so many devices being Internet connected, it makes murdering people remotely relatively simple, at least from a technical perspective. That’s horrifying,” continued Rasmussen. “Killings can be carried out with a significantly lower chance of getting caught, much less convicted, and if human history shows us anything, if you can find a new way to kill, it will be eventually be used.”

I see a new TV spinoff: “CSI: Internet.” Quick, get me Brian Dennehy and Rene Russo. No, make that Shia LaBeouf and Khloe Kardashian.

To be fair, I have spoken with a number of security folks about the possibility of medical devices being turned against us, and they agree it is entirely possible. Then again, such devices have always been vulnerable to some kind of attack, says futurist Anders Sandberg, a research fellow at Oxford University’s Future of Humanity Institute.

“In the good old days the people who made these devices were just happy that they worked,” he says. “They didn’t think about security. The old pacemakers could be controlled by putting a magnet on someone’s chest and twisting it.”

The question, he says, is who would want to? OK, if you were in the same room with Dick Cheney, you might think about it. Otherwise, he says, the attacker’s motives are unclear.

If an hacker discovers a vulnerability within a particular medical device that can be exploited randomly, it’s theoretically possible they could use it to blackmail the manufacturer, adds Paul Koster, CEO and chief scientist at Cryptography Research. But it’s not very likely to pose a danger to patients, and the vulnerabilities aren’t likely to be around much longer in any case.

“Over the last couple of years, device makers have finally started to pay attention to the security of medical systems,” he says. “Having your pacemaker hacked makes for a good story, but climbing into a car and driving to the grocery store – or even the heart condition the pacemaker is there to fix – are greater risks to your health.”

IID’s other big prediction for 2014: Even if the Internet doesn’t kill you, it is likely to pick your pocket via insecure Near Field Communications apps.

“The [number] of banking and point of sale e-commerce apps that are being developed utilizing NFC is astronomical,” said IID Vice President of Threat Intelligence Paul Ferguson. “This is a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money.”

The company also predicts more widespread attacks from government generated malware, a successful hack attack on the power grid or other major infrastructure, and some attacker hijacking military drones.

Cheery folks, those guys at IID. And I bet you were worried about what awful things people were predicting for 2013. They don’t seem so bad now, compared to being killed by the Internet.

This post originally appeared on InfoWorld.

Share a hyperlink, go to prison?

buster keaton behind bars with URLDon’t look now, but there’s a crime wave surging across the Webbernets. Everywhere you look people are recklessly sharing dangerous and illegal hyperlinks. Lock up your children, barricade the doors and windows, throttle your broadband connection, and pray that the FBI gets to these scofflaws in time. 

Am I being a bit too sarcastic? Maybe. But not if you ask Barrett Lancaster Brown, former self-anointed spokesperson for the Anonymous movement. Last week a federal grand jury in Dallas indicted Brown on 10 counts of aggravated identity theft, one count of “access device fraud,” and one count of trafficking in stolen “authentication features” related to Anonymous’s hack of Stratfor Global Intelligence last December.

Broken down into its essentials, the indictment says Brown had 15 or so credit card numbers and card verification values (CVVs) in his possession, which were taken from Stratfor during the Anonymous hack. It doesn’t say he broke into Stratfor’s computers and stole them. It doesn’t say he attempted to use them to purchase something. It doesn’t say he tried to sell them for a profit. It merely says he had possession of them. And that, according to federal law, is enough to put him away for 15 years or more.

But it’s the last count that’s got everyone’s attention, because the court is accusing Brown of violating the law by copying a URL from one IRC chat session and pasting it into another. That Web address was a link to a data dump consisting of 5,000+ credit card numbers for subscribers to Stratfor’s newsletters. Per the grand jury indictment,

“…by transferring and posting the hyperlink, Brown caused the data to be made available to other persons’ online without the knowledge and authorization of Stratfor Global Intelligence and the card holders.”

Brown is no great gift to humanity, as you can learn by watching the YouTube video he posted last September in which he threatens FBI agent Robert Smith (leading to his initial arrest). But the notion that you are guilty of a crime merely by linking to evidence of it is more than a bit troubling.

Taking that to its logical extreme, anyone who posts a link to information obtained through less-than-legal means could be subject to prosecution. That touches a great many journalists, including yours truly.

Personally, I try to be careful about what I link to. For example, if I write about some hacker who has posts credit card numbers or other personally identifiable information to Pastebin, I make it a point to not include links to that cache, to avoid doing further damage to his or her victims. I can’t swear I’ve done a perfect job of that, though, and I know other journos who are less scrupulous about that sort of thing. 

Most of the time the lines are pretty fuzzy. For example: The Anons posted 5 million illegally obtained Stratfor emails to WikiLeaks last March. It’s extremely likely there was personally identifiable information – possibly even credit card numbers – in some of those emails. Am I now suddenly liable for damage caused by the spilling of those emails because there’s a hyperlink to them in this post? That’s nuts.

Then there are whistleblower sites like WikiLeaks and Cryptome that routinely post actual information obtained “without the knowledge and authorization” of their owners, not just links to it. Are they headed straight for the pokey too?

Someone asked Cryptome’s John Young this question last week. His answer:

The purpose of Cryptome is to publish what officials don’t want published. Cryptome welcomes publication by you and others of Barrett Brown’s hyperlinks as well as links to Cryptome’s files and thereby encourage others to join the opposition to official chilling of free speech online and elsewhere — the very thing Stratfor did and does for profit…. Of course, why else flaunt democracy on the Internet than to heartburn the innards of authoritarians. Barrett Brown is a stellar burner of cold, cold hearts.

Last year when I wrote about the original hack attack, I described Stratfor as “the shadow spook organization that operates without government oversight at the behest of private corporations and occasionally Uncle Sam.” That was overstating it just a bit, as it turns out. Stratfor is really just a purveyor of $40 a month newsletter that analyzes how news events affect global security.

It does, however, command the attention of a lot of powerful folks in DC. Among its more notable subscribers was apparently one Paula Broadwell, national security analyst and former snugglebunny to desposed CIA jefe General David Petraeus. Her email address was allegedly one of those snagged by Anonymous.

You gotta figure there were a lot of well-connected people on that list of credit card numbers made public by Anonymous, which would explain the government’s keen interest in prosecuting the hackers over it. You don’t see nearly as much attention being paid to the dozens of other attacks perpetrated by the Anons and their offshoots.

That fact, combined with Brown’s public threats against one of the FBI’s own, are what’s behind this indictment as much as anything, I suspect. Somebody decided to make an example out of Brown, who is at best a bit player in this drama. To me, that’s abuse of power.

Worse, though, is the impact this prosecution could have on anyone who values freedom of speech, as well as those of us who make our living at it. If hyperlinks are illegal, then we are all criminals. See you in prison.

This post originally appeared on InfoWorld.

RIAA + MPAA: STFU ASAP

zombie smallYou know how in horror movies when the beast/zombie/alien monster/ ghostly apparition looks it’s finally been vanquished but you know it’s still going to rise up one more time to scare the bejesus out of you?

Meet the real life equivalent: the RIAA and the MPAA. Despite being beaten like a drum last year over SOPA and PIPA, two badly written bills that aimed to curb piracy and counterfeiting at the cost of free speech, the content cartel is alive and poised to lunge at you.

Yesterday, MPAA president and former US Senator Chris Dodd addressed the Content Protection Summit, calling for a partnership with the same companies that helped to shoot down the idiot twins SOPA and PIPA last year. Per Variety:

"Hollywood and Silicon Valley have more in common than most people realize or are willing to acknowledge," he said. "Not only does Hollywood work closely with Silicon Valley to create and promote films; Hollywood film and television creators are tech companies. They celebrate innovation through the world’s most cutting-edge content, and they embrace technology as imperative to the success of the creators in their community."

Early next year we’ll start to see major ISPs — AT&T, Cablevision Systems, Comcast, Time Warner Cable and Verizon – roll out the Six Strikes system, where would-be pirates are given a series of escalating warnings and may have their Internet connections throttled if they don’t quit downloading.

The argument, which Dodd made yet again last month in an op-ed for the Huffington Post, goes thusly: When you’re Bit Torrenting MP3s and MPEG files, you’re hurting artists, not fat white male corporate hooligans wearing $2,000 suits.

Dodd uses the recent Facebook copyright hoax to draw comparisons between how people view their own content on Facebook and how media companies view it.

The Facebook incident demonstrates that the average Internet user recognizes this fact, especially when they feel their personal content — photos, videos, ideas, etc. — is in jeopardy. But it also provides average Internet users with some insight into the point of view of the creators of movies, music or other artistic endeavors whose work has been subject to online theft.

The livelihoods of these innovators depend on strong copyright protection policies so they can benefit from their work and continue to create more of it. Without robust intellectual property protections, innovation has no incentive to thrive.

Dodd’s concern for content creators is deeply moving – or it would be, if it weren’t total BS. The music and movie industries have been ripping off these same “artistic innovators” for decades.

Rolling Stone recently ran a series of stories this fall over how musicians like James Taylor, Cheap Trick, and the Allman Brothers have had to sue their own labels to get the money rightfully owed to them. The issue at hand? Royalties for digital copies of their work.

So, to summarize: Record labels want to sue you for downloading these files illegally, but are unwilling to share the profits they receive from legally sold copies with the people who produced them. Remember, you’re not supposed to steal from artists – that’s their job.

I’ll just say this again for the record: Downloading pirated content so you don’t have to pay for it is wrong. Period, full stop. Still, I totally understand why people do it. Not just because they’re cheapskates. It’s because they don’t want to give these a-holes the money.

This is why comedian Louis CK’s experiment last year was so gratifying. He sold his own concert recording direct to his fans for $5 a shot and banked more than $1 million from it. He asked for a reasonable amount of money, made it as easy as possible for people to download the file, trusted them to not rip him off by spreading it around for free, paid his staff well, and donated $280,000 of the proceeds to charity

He’s since offered two audio recordings for $5 per and is selling tickets to his current concert tour for $45 apiece, all seats all shows all fees included. As anyone who’s attempted to buy concert tickets lately can tell you, that’s a bargain.

In short, Louis CK did essentially what the illegal downloaders do – bypassed the middle man and went direct to the source. And because he bypassed the middle man, he was able to offer it on the cheap and still make more money than he would have going the traditional route.

This is what the RIAA and the MPAA are so terrified of. It’s not that people are getting creative content for free, thus destroying the market for it; it’s that the Internet has made content distribution and marketing companies (the middle man) almost entirely irrelevant. That’s the real horror show for the content cartel, one that will eventually spell their doom.

This post originally appeared on InfoWorld. HT for headline to @pneyu. Disgusting zombie image courtesy of 1889 Labs.

A few semi-coherent thoughts about this election

romney obama

I don’t usually write in a serious way about politics, and this essay may prove an excellent example as to why. But these thoughts are banging around inside my head and I need to get them out before next Tuesday. If naughty language puts your knickers in a twist, please don’t read any further.

I began this election season thinking Obama had fucked up. Yes, he’d rescued the country from Great Depression 2.0. Yes, he’d managed to have Bin Laden located and killed – the only real job the Bush chickenhawks had after 9/11, yet they couldn’t even manage to do that. He rescued GM and Chrysler while wing nuts were screaming “socialist” at the tops of their lungs. He repealed Don’t Ask, Don’t Tell. He’d extracted us from Iraq and Afghanistan (eventually) without getting us into any new wars. He put a little distance between us and Israel (not enough in my opinion). And though the ongoing civil war in Syria is horrifying and the future of the Middle East is still very dicey, I think the Arab Spring is a good thing. I seriously doubt it would have happened with McCain (or God help us, Sarah Palin) in the White House.

But Obama did nothing to reverse Bush-era surveillance of citizens. He hasn’t closed Guantanamo. He poured all of his energy into Hillary’s agenda (health care reform) and came up with half a solution. Worse: He did nothing to pursue the Wall Street bastards who screwed us and got rich doing it. Financial reform? My ass.

The single greatest symbol of Obama’s failure to deliver Hope and Change was the Occupy Wall Street movement. Obama had lost the support of the young and the Left.

Obama mostly fucked up the way Clinton fucked up during his first term: by trying way too hard to make a deal with the people who wanted stab him in the throat and jump up and down on his corpse, politically at least (and in some cases more than politically). The reason the economic recovery has been so lackluster is the simple fact that the Republicans did everything in their power to make it fail, and the Democrats were too inept to overcome that. It’s an old story, one that predates even Clinton.

So I began this year thinking, ok, fine. If Obama had to lose, we could do worse than Mitt Romney. He seemed like a boring but sane plutocrat with a reasonably high IQ. I figured he must at least have some progressive political leanings in his gene pool, otherwise how could he become governor of Massachusetts? He was not, at any rate, the second coming of George W. Bush. And his hair was extremely presidential.

As long as Romney wasn’t forced to climb aboard the crazy train and ride it back in time to 1842 he might prove a tolerable alternative. But as the Republican primaries wore on, it was clear the wingnuts had taken control. The succession of Anyone But Romney frontrunners – Pizza Man, Scary Lady with the Gay Husband, Crazy Cowboy Who Can’t Count to Three – showed how desperately the crazies wanted one of their own to lead the way. So Romney became their guy. He climbed aboard the train and put on the engineer’s cap, then he picked Paul Ryan to shovel coal into the engine.

But even Romney’s skewed mathematics couldn’t turn the Tea Party minority into a majority. Despite what he might tell a room full of fatcat donors, Romney knows the US populous isn’t 53 percent crazy – at least, not yet. So starting with the debates, he systematically and cynically changed his positions on almost everything. He did everything in his power – up to and including a spray tan – to convince independents that he was just like Obama, only smarmier.

Then of course the crazies were outraged at the bait and switch. They started calling him Mitt “Hussein” Romney, the nominee of the Muslim Socialist Party. They doffed their tri-corner hats, hoisted their amusingly misspelled placards, and took to the streets, complaining that Romney’s candidacy was endangering the Constitution and threatening to rip apart the very fabric of this nation.

Actually they didn’t do any of that. They supported him throughout. Every flip, every flop – it was as if they never happened. With the exception of Chris Christie — who, let’s face it, was never really one of them and was up to his manboobs in floodwaters at the time — they stood behind Romney.

The fact that none of the crazies have complained about Romney’s sudden makeover can mean only one thing. He wasn’t really abandoning them. He was still their guy. He would win the election by any means necessary and then govern the way they told him to govern. Essentially he would hand the budget reins over to Ryan, the same way Bush handed foreign policy over to Cheney. (We all know how well that worked out.) He’d pick someone to the right of Scalia for the next Supreme Court opening (if only Hermann Goering were still alive). He’d bomb Iran, at Israel’s request. He’d gut the EPA and the SEC and Housing and Human Services. No billionaire would be left behind.

The things he wouldn’t do: Balance the budget, roll back the deficit, or make our tax system rational. None of which would matter to the Tea Partiers anymore, because they got what they really wanted: control.

This is why I call Romney the Manchurian Candidate. Flip over the right playing card and he will do your bidding, no matter what the job entails.  That to me is the most frightening aspect of a Romney victory. It’s the notion that he has no principles besides an overwhelming desire to be president; that he’ll say whatever it takes to get there and be willing to do anything once he’s made it.

I’ll say it here, even though I’m superstitious and fear I might throw a jinx on all of this: I think Obama will win on Tuesday. I think he’ll get a very thin plurality of the popular vote – less than a million vote margin — and a more substantial portion of the Electoral College (300+). That’s a total gut prediction, no Nate Silvering involved. And I think the Republicans will scream bloody murder and vow (once again) to make the next four years even more hellish than the last four. They may very well succeed.

Is that a great outcome, bristling with Hope and Change? No. But it beats a zombie apocalypse. And it’s why anyone who’s thinking about voting for Romney in two days should think long and hard about who it is they’re really voting for, and what they’re likely to get.

When privacy collides with politics, privacy loses

donkey_elephant_20081020114646_320_240At this point in this especially insane political season there’s still no telling who will end up winning it all next Tuesday. But it’s very clear to me who has already lost: You and me. More specifically, what little personal privacy we may once have had.

The amount and scope of data collection employed by both presidential campaigns this year is unprecedented. Both sides have been hoovering up data about voters using every means possible: mobile apps, online tracking, public records databases, third-party demographics clearinghouses, and data mining on social networks. And it looks like this is how political campaigns will be conducted from now on.

Last week I wrote about how generous the Obama and Romney campaigns are with our data, and what you can do to opt out of that (ie, not much). But that’s really only the tip of the databerg.

Take, for example, the Obama For America app. It extracts public voter registration records and overlays them on a map, so you can see the names and addresses of likely Democratic voters within a half mile of your location, along with their age and gender. Yes, this is totally legal; the records are public, after all. But OFA also makes it pretty easy to stalk strangers – say, young women with whom you share a political affiliation. Creepy? Just a little.

Screenshot borrowed with gratitude from Pro Publica.

Or take the GOP’s Project ORCA Web app. Come election day, some 34,000 Republican poll watchers will be using the app to record the names of every person who shows up to vote, which will then be relayed to local campaign headquarters. Presumably those who fail to show up at the polls will get a phone call urging them to vote (at least, some of them will). Inside the packet given to each ORCA volunteer is a PDF containing the names of every person registered to vote at their particular precinct. A volunteer in Virginia shared his PDF file with me; the list of names was more than 50 pages long.

So when I go to vote, some stranger will be standing there eyeballing me to determine if I look Republican and ticking me off a list. I find that a bit creepy too, don’t you?

It’s not just the candidates. The super PACs are getting into it as well. I installed the Vote Early 2012 Facebook app from Karl Rove’s American Crossroads political action committee to see what it would do. Mostly what it seems to do is mine my Facebook profile for information.

Ever since then, I’ve been seeing a heckovalot more pro-Romney ads show up on my Facebook news feed. Are these two things related? Hard to say.

The worst data collection, however, is the kind that goes on invisibly as you surf. Visit either candidate’s Web site and your browser will quickly be festooned with dozens of trackers that will follow you around the Web.

Evidon, the folks behind the Ghostery browser add-on and the Ad Choices program, released a report last week detailing the number and types of online trackers used by the campaign Web sites. Using data gathered from more than 7 million Ghostery users, Evidon found that the number of trackers used by both parties has more than doubled over the past six months, and that the Obamanistas use almost twice as many trackers as the Romneyans.

As Evidon blogger Andy Kahl notes:

Instead of managing their campaign websites as though they were traditional content sites, both campaigns are managing them as though they were sophisticated online commerce sites.  This anonymous tracking of users across the web empowers the campaigns to target them with advertising messages to win their vote the way an e-commerce provider targets consumers to win a transaction.

Of course, that information costs money. In a campaign whose total cost may exceed $6 billion, many hundreds of millions have been spent on obtaining and refining data.

Abine, makers of the Do Not Track Plus browser app, have launched a Web-based calculator that lets you determine exactly how much your vote is worth in real dollars. It’s essentially identical to the Val-You Calculator Abine launched last May about how much you’re worth to Facebook, only the questions and weighting are a bit different.

If you’re a male in a nonswing state who doesn’t spend a lot of time online and votes regularly, your vote may be worth as little as $5, says the luminous and compelling Sarah A. Downey of Abine. If you’re a first-time female voter in a hotly contested state like Ohio with a lot of Facebook friends, you could be worth as much as $50.

“You’re worth more to the campaigns if you’ve never voted before,” says Downey. “To them that means you’re fresh meat and thus easier to influence.”

Meat is right. After the last six months of political news, lies, analysis, debates, fact checks, spinning, and spam, I feel like I’ve been tenderized to a pulp and fed through a grinder.

My only solace: In about five days it will all be over. Then we’ll have  blessed four years before we have to do it all over again.

This post originally appeared on ITworld.