The only downside to that is that people *want* to believe this stuff
so badly that they'll just stop sending it to you instead of listening
to reality. So, you'll stop getting useless bullshit, but the other
people involved won't stop believing it.
That's been my experience.
Showing posts with label email. Show all posts
Showing posts with label email. Show all posts
Monday, April 4, 2011
Found in Email
I'm cleaning my email and I found this gem:It's in reference to my wife debunking one of those worthless chain mailings. It couldn't be more true.
Friday, June 5, 2009
Neither Blonde Nor Female, But Apparently Real
I received this email the other day, one of those somewhat worthless humor forwards. Normally I ignore it or laugh. This one seemed fishy to me, though.
I smelled a photoshop job. Looking at the image up close showed a lot of blur and an undue amount of compression artifacts around the lower right pillar. I was determined to find out where the picture was from and prove that it was doctored.
I started my search with the blue sign. I didn't believe that it was an American street sign. Convinced that I had seen something like that in pictures from England I searched for "blue sign London." Soon I had found an image hailing from Manchester with a very similar sign, so much so that I initially thought I'd found the same sign. It was not the same, but I kept looking.
Image search eventually failed me, so I turned to Google Maps Street View. I wasn't able to find much using that but I was bored and it was sort of neat to virtually tour Manchester. After a bit of traveling down Quay St. I stumbled upon the corner of Quay and Gartside. Long after I'd given up, I was able to find what I was looking for.
View Larger Map
Unfortunately, I was unable to prove it false. I don't know exactly how the van was extracted, but it appears that the pillars are there and in the same configuration as in the forwarded picture. Even with the failure, it was kind of fun to research and rewarding to know that you can still find pretty much anything on the Internet.
I smelled a photoshop job. Looking at the image up close showed a lot of blur and an undue amount of compression artifacts around the lower right pillar. I was determined to find out where the picture was from and prove that it was doctored.
I started my search with the blue sign. I didn't believe that it was an American street sign. Convinced that I had seen something like that in pictures from England I searched for "blue sign London." Soon I had found an image hailing from Manchester with a very similar sign, so much so that I initially thought I'd found the same sign. It was not the same, but I kept looking.
Image search eventually failed me, so I turned to Google Maps Street View. I wasn't able to find much using that but I was bored and it was sort of neat to virtually tour Manchester. After a bit of traveling down Quay St. I stumbled upon the corner of Quay and Gartside. Long after I'd given up, I was able to find what I was looking for.
View Larger Map
Unfortunately, I was unable to prove it false. I don't know exactly how the van was extracted, but it appears that the pillars are there and in the same configuration as in the forwarded picture. Even with the failure, it was kind of fun to research and rewarding to know that you can still find pretty much anything on the Internet.
Thursday, February 26, 2009
Solution for My Time Sheet Problem
I have to fill out a time sheet at the end of every week. It's due by Monday at noon. Each week I find myself filling in 40 hours to the main project that I worked on, then wondering to myself, "Okay, what did I do this week that took away that time, kept me late, and made me miss lunch?"
It's a perplexing question. Even with my attention draining habits, I still feel that I am putting in over 40 hours of real work per week. Yet I rarely feel that all 40 of those hours were spent working on my current primary objective.
I've found that the times I keep detailed logs of how I use my time that I have dozens of interruptions during the day. These are interruptions for various business reasons, not my own attention wandering off to the realms of the Internet, I tend to simply discount those times from my time sheet. I feel that it is a disservice to myself not to somehow indicate that these interruptions occur.
The problem is that it is another attention draining task to stop and note each interruption. It also magnifies the impact of small interruptions, which I can sometimes regain my focus immediately after. So I resort to keeping clues around by way of emails, notes, and phone logs. Then my time sheet exercise is to find all of these notes, combine them with other events that I remember but did not note, and rebuild my week in an honest fashion.
Doing this on a weekly basis is hard. It also doesn't mix very well with the whole Inbox Zero thing. It's too much work to get this information all into a single store, and if I immediately process and file it then it is that much harder to reference it by date.
With Outlook 2007, I think I've finally found a workable solution, at least for my email. I created a category "For Time Sheet" and assigned that to the category quick click event. This allows me to quickly mark the items that are interesting for my time sheet. Next, I file these items in my personal archive. On my personal archive I have created a For Time Sheet search folder that lists all of these items. I added this folder to my favorite folders list.
Now with a single click I have access to all of the items that are interesting for my time sheet, regardless of what folder they reside in. I can remove the category as I record the time I spent working on these items, allowing me to limit the list to only the current time sheet. Since I try to use email as much as possible for correspondence this unobtrusive process does most of the work for me.
It's a perplexing question. Even with my attention draining habits, I still feel that I am putting in over 40 hours of real work per week. Yet I rarely feel that all 40 of those hours were spent working on my current primary objective.
I've found that the times I keep detailed logs of how I use my time that I have dozens of interruptions during the day. These are interruptions for various business reasons, not my own attention wandering off to the realms of the Internet, I tend to simply discount those times from my time sheet. I feel that it is a disservice to myself not to somehow indicate that these interruptions occur.
The problem is that it is another attention draining task to stop and note each interruption. It also magnifies the impact of small interruptions, which I can sometimes regain my focus immediately after. So I resort to keeping clues around by way of emails, notes, and phone logs. Then my time sheet exercise is to find all of these notes, combine them with other events that I remember but did not note, and rebuild my week in an honest fashion.
Doing this on a weekly basis is hard. It also doesn't mix very well with the whole Inbox Zero thing. It's too much work to get this information all into a single store, and if I immediately process and file it then it is that much harder to reference it by date.
With Outlook 2007, I think I've finally found a workable solution, at least for my email. I created a category "For Time Sheet" and assigned that to the category quick click event. This allows me to quickly mark the items that are interesting for my time sheet. Next, I file these items in my personal archive. On my personal archive I have created a For Time Sheet search folder that lists all of these items. I added this folder to my favorite folders list.
Now with a single click I have access to all of the items that are interesting for my time sheet, regardless of what folder they reside in. I can remove the category as I record the time I spent working on these items, allowing me to limit the list to only the current time sheet. Since I try to use email as much as possible for correspondence this unobtrusive process does most of the work for me.
Thursday, August 21, 2008
Use Filters to Pare Down Your Spam Folder
The biggest problem with spam filters is false positives. The very prospect of a false positive means that you cannot erase all of your spam without at least quickly scanning through it. If you do, you're in for trouble.
As the amount of spam that I receive at my gmail account grows, I have been adding filters to delete email that is definitely spam. This significantly cuts down on the amount of spam that sits in the spam folder. Less spam in the folder means less spam to scan.
The drawback of this is that I have to pick my filters carefully to avoid any false positives in them. This means that I may not want to filter for "pharmaceutical", but I can filter "Paris Hilton" with impunity.* It's also difficult to filter foreign language spam, though that's easier to scan through.
A couple minutes spent setting up a filter now can save me a couple minutes every week or so when I check my spam for legitimate email.
*If you send me legitimate email about Paris Hilton it will be deleted. It's a false positive that I'm okay with.
As the amount of spam that I receive at my gmail account grows, I have been adding filters to delete email that is definitely spam. This significantly cuts down on the amount of spam that sits in the spam folder. Less spam in the folder means less spam to scan.
The drawback of this is that I have to pick my filters carefully to avoid any false positives in them. This means that I may not want to filter for "pharmaceutical", but I can filter "Paris Hilton" with impunity.* It's also difficult to filter foreign language spam, though that's easier to scan through.
A couple minutes spent setting up a filter now can save me a couple minutes every week or so when I check my spam for legitimate email.
*If you send me legitimate email about Paris Hilton it will be deleted. It's a false positive that I'm okay with.
Monday, July 28, 2008
BlackBerry Conundrum
As I previously stated, I had a BlackBerry temporarily for work which prompted me to buy one for personal use when I had a chance. So far, I'm very happy with my decisions. I was happy to turn in the other unit, as I feared it would soon become a leash. I also like the convenience and connectivity afforded my personal BB.
So, I'm not sure why I feel compelled to mix the two, but that's what I've attempted. I asked at work if I could connect my personal BlackBerry to their enterprise server. The way I saw it, this would be a good mix of potentially increased productivity without increased expectations. Plus, by paying for the unit and the service I'm not stepping on any toes with the request. The sort of thing where if nothing changes then nothing is lost, but if I can work more efficiently then I look better and am a better value for the company. It's a win/win situation, right?
Not quite.
The losing starts with the roadblock in my plan. My company's policy does not allow personal devices. It is mostly due to the support problems that causes, and that the engineers at the firm live in an alternate reality where our IT is responsible for any technical problems they, their clients, relatives, friends, acquaintances, neighbors, etc... may encounter. So, I can't have my own phone and hook it into the corporate mail system.
But wait! There's a Plan B. Plan B is for me to cancel service for my new phone and get a BlackBerry from work instead. This would save me $40/month by eliminating the family plan and data service. I would have an unlimited data plan and could link it to my personal email. I would have enough minutes allocated for all my calling needs, and my boss assures me that I can make personal calls within reason, so I wouldn't have to carry multiple phones (which would be a deal breaker for me).
The problem with that idea is it would mean that I'm essentially selling my private usage data to the company. Essentially, they would own a device that I use extensively for personal communications, including phone calls, instant messages, and email. At any point they could fire me with no notice and rifle through the device spying on my personal communications. Without going to such extremes they could still easily track the calls I make, which is something I'm not comfortable with, even if my calling habits are fairly mundane.
Is there a solution? I'm not sure. One solution would be to forget about the whole thing and leave my work email at work when I leave at 5. [Ha ha! More like 7.] There would be no expectation of increased productivity or availability, but I would also miss out on the benefits.
Another solution is to forward my work email to a personal account. This is the one I will try starting tomorrow. There are a few problems with this method. I won't be able to properly reply to the emails unless I log in to the email system or reply from my personal account. There will likely be a longer delay between the time the email is sent and the time I receive it. Also, I'm likely violating some risk management/email retention/privacy policy with every email that forwards, creating a vague possibility of legal ramifications. I'll want to be more proactive to filter the noise, because all of that email will end up in 3 places (work inbox, personal inbox, BB). Hopefully this will give me some of the benefits without introducing the nastier problems. I'm flirting with the boundaries of work/life balance.
So, I'm not sure why I feel compelled to mix the two, but that's what I've attempted. I asked at work if I could connect my personal BlackBerry to their enterprise server. The way I saw it, this would be a good mix of potentially increased productivity without increased expectations. Plus, by paying for the unit and the service I'm not stepping on any toes with the request. The sort of thing where if nothing changes then nothing is lost, but if I can work more efficiently then I look better and am a better value for the company. It's a win/win situation, right?
Not quite.
The losing starts with the roadblock in my plan. My company's policy does not allow personal devices. It is mostly due to the support problems that causes, and that the engineers at the firm live in an alternate reality where our IT is responsible for any technical problems they, their clients, relatives, friends, acquaintances, neighbors, etc... may encounter. So, I can't have my own phone and hook it into the corporate mail system.
But wait! There's a Plan B. Plan B is for me to cancel service for my new phone and get a BlackBerry from work instead. This would save me $40/month by eliminating the family plan and data service. I would have an unlimited data plan and could link it to my personal email. I would have enough minutes allocated for all my calling needs, and my boss assures me that I can make personal calls within reason, so I wouldn't have to carry multiple phones (which would be a deal breaker for me).
The problem with that idea is it would mean that I'm essentially selling my private usage data to the company. Essentially, they would own a device that I use extensively for personal communications, including phone calls, instant messages, and email. At any point they could fire me with no notice and rifle through the device spying on my personal communications. Without going to such extremes they could still easily track the calls I make, which is something I'm not comfortable with, even if my calling habits are fairly mundane.
Is there a solution? I'm not sure. One solution would be to forget about the whole thing and leave my work email at work when I leave at 5. [Ha ha! More like 7.] There would be no expectation of increased productivity or availability, but I would also miss out on the benefits.
Another solution is to forward my work email to a personal account. This is the one I will try starting tomorrow. There are a few problems with this method. I won't be able to properly reply to the emails unless I log in to the email system or reply from my personal account. There will likely be a longer delay between the time the email is sent and the time I receive it. Also, I'm likely violating some risk management/email retention/privacy policy with every email that forwards, creating a vague possibility of legal ramifications. I'll want to be more proactive to filter the noise, because all of that email will end up in 3 places (work inbox, personal inbox, BB). Hopefully this will give me some of the benefits without introducing the nastier problems. I'm flirting with the boundaries of work/life balance.
Friday, July 25, 2008
A Quick BlackBerry Post-Mortem
I recently carried and returned a BlackBerry 8820 for my job. I did this on a temporary basis as a stipulation of my vacation, since not enough notice was given I had to be on-call for at least two of the five days. My experience overall was a positive one, I was able to be responsive and somewhat productive what out of the office.
I never finished this one. Long story short, I found myself checking my mail too often. I felt slightly leashed to work. The 8820 was too big for my liking, and the keys too small. Yet, through all that I was able to be away from work without worrying too much that I'd miss out on things. I could communicate still, and I was able to make a big contribution with only a small amount of my day.
I decided not to press for a BB through work, but to get one for personal use. Last weekend I did just that. I chose the Pearl because it's more phone-like yet it has larger buttons that are easier for me to use. I'm trying to work something out where I can get my work email on this phone without the attached expectations of having a work BB. That way I can use my free time to help my productivity without my boss (or her boss, more importantly) feeling that they command 24 hours per day of my time. We'll see how that goes.
I never finished this one. Long story short, I found myself checking my mail too often. I felt slightly leashed to work. The 8820 was too big for my liking, and the keys too small. Yet, through all that I was able to be away from work without worrying too much that I'd miss out on things. I could communicate still, and I was able to make a big contribution with only a small amount of my day.
I decided not to press for a BB through work, but to get one for personal use. Last weekend I did just that. I chose the Pearl because it's more phone-like yet it has larger buttons that are easier for me to use. I'm trying to work something out where I can get my work email on this phone without the attached expectations of having a work BB. That way I can use my free time to help my productivity without my boss (or her boss, more importantly) feeling that they command 24 hours per day of my time. We'll see how that goes.
More Chain Mail Lunacy
In retrospect, I should have posted this one as-is back in November...
Last time, I was complaining because a coworker used me as a source rather than doing a simple two second search to verify the validity of a piece of chain mail, and I commented on how the email actually linked to the snopes.com article that invalidates it. This time it's far worse. This time the CIO actually forwarded one of these messages, claiming a new computer virus is spreading, to the IT Department.
Last time, I was complaining because a coworker used me as a source rather than doing a simple two second search to verify the validity of a piece of chain mail, and I commented on how the email actually linked to the snopes.com article that invalidates it. This time it's far worse. This time the CIO actually forwarded one of these messages, claiming a new computer virus is spreading, to the IT Department.
Wednesday, June 18, 2008
Mistaken Identity, Mistaken Outrage
As I've said before, I have an old email account that is fairly simple to type and remember. Unfortunately, that means that a few people through the years have mistakenly attributed my email address to someone else. As of right now someone thinks that they are emailing Jeff "Rusty" Rouston and someone else thinks that I'm a sheriff's deputy in Indiana.
The deputy mistake is mildly entertaining. If nothing else, I get an interesting insight into public event security planning. The Rusty mistake has been annoying more often than not, usually it's chain mail forwards that I would debunk for any friend. Last night, my Rusty persona received an email from Janet, who is apparently outraged by Obama's policies on defense spending, specifically one YouTube video posted with an anti-Obama slant and a blog post (linked from the email) that reinforces the same opinion.
I'm going to highlight some aspects of the video and Janet's reaction. It really is interesting, because I don't think I personally know anyone who would be so outraged by so little. First, here is Janet's reaction, which was originally in a 20 point bold red font:
Now the video she's responding to:
So, let's look at what Obama is saying: He will end a war that has become completely indefensible. He will cut unnecessary and unproven defense spending. He will try to slow other defense spending by limiting research into future weapons. Also, he will increase oversight of spending. Lastly, he will attempt diplomacy with other nations so that we don't need to spend so much because we won't have so many staunch and powerful enemies.
Uh, why is this scary? Notice that what he's said is that he'll get rid of unnecessary, unproven, and failed things. He's not saying that we won't have guns and missiles, or that we'll start defending our country with flower power. He also isn't promising any huge cuts in existing successful programs. No where did he claim that he would cut the military's size in half like George H. W. Bush started and Bill Clinton finished. He doesn't even promise to rid us of nuclear weapons, just to take them off of constant alert status. These aren't huge changes, unless you're a defense contractor or a warmonger.
Now, let's dig into what Janet said. Whether you're a Democrat or a Republican you should be scared by Obama's stance is a ludicrous statement. He's repeating the same stance that many Democrats, and a few radical Republicans (I hate to mention the name, but Ron Paul springs to mind), have held for decades. More importantly, she unknowingly reveals the real problem she has: she wants to feel safe, she's far less concerned with being safe.
What she wants is the current security theater where we spend trillions to fight an attack that will never happen while we are in the middle of an economic crisis. To her, and people like her, we must pump money into a system where we seem imposing, instead of putting effort into a system where others recognize that we are not a threat. She's scared because Obama might provide real security, but it isn't security she can touch, it's security she simply must have faith in.
She, like so many others, has lost faith in people. When we have no faith in each other then we build barriers that look omnious, are dubiously effective, and serve to destroy others' faith in us. She didn't even have faith in me when I replied to her email last year and said that I'm not Jeff "Rusty" Rouston.
The deputy mistake is mildly entertaining. If nothing else, I get an interesting insight into public event security planning. The Rusty mistake has been annoying more often than not, usually it's chain mail forwards that I would debunk for any friend. Last night, my Rusty persona received an email from Janet, who is apparently outraged by Obama's policies on defense spending, specifically one YouTube video posted with an anti-Obama slant and a blog post (linked from the email) that reinforces the same opinion.
I'm going to highlight some aspects of the video and Janet's reaction. It really is interesting, because I don't think I personally know anyone who would be so outraged by so little. First, here is Janet's reaction, which was originally in a 20 point bold red font:
Whether you are democrate or republican..........This should scare you!!! It scares me!!! I want to continue feeling safe in my counrty. -janet
Now the video she's responding to:
So, let's look at what Obama is saying: He will end a war that has become completely indefensible. He will cut unnecessary and unproven defense spending. He will try to slow other defense spending by limiting research into future weapons. Also, he will increase oversight of spending. Lastly, he will attempt diplomacy with other nations so that we don't need to spend so much because we won't have so many staunch and powerful enemies.
Uh, why is this scary? Notice that what he's said is that he'll get rid of unnecessary, unproven, and failed things. He's not saying that we won't have guns and missiles, or that we'll start defending our country with flower power. He also isn't promising any huge cuts in existing successful programs. No where did he claim that he would cut the military's size in half like George H. W. Bush started and Bill Clinton finished. He doesn't even promise to rid us of nuclear weapons, just to take them off of constant alert status. These aren't huge changes, unless you're a defense contractor or a warmonger.
Now, let's dig into what Janet said. Whether you're a Democrat or a Republican you should be scared by Obama's stance is a ludicrous statement. He's repeating the same stance that many Democrats, and a few radical Republicans (I hate to mention the name, but Ron Paul springs to mind), have held for decades. More importantly, she unknowingly reveals the real problem she has: she wants to feel safe, she's far less concerned with being safe.
What she wants is the current security theater where we spend trillions to fight an attack that will never happen while we are in the middle of an economic crisis. To her, and people like her, we must pump money into a system where we seem imposing, instead of putting effort into a system where others recognize that we are not a threat. She's scared because Obama might provide real security, but it isn't security she can touch, it's security she simply must have faith in.
She, like so many others, has lost faith in people. When we have no faith in each other then we build barriers that look omnious, are dubiously effective, and serve to destroy others' faith in us. She didn't even have faith in me when I replied to her email last year and said that I'm not Jeff "Rusty" Rouston.
Wednesday, February 27, 2008
Shades of Spam
Why don't the major email services have a way to separate email they know is spam from email they think is spam? If they did this then false positives would be less troublesome, and they could even tweak their filters to capture a few things the currently slip through. I know that this is possible and some people already do this sort of thing, but why don't the big three (Google, Microsoft*, and Yahoo) do this?
Imagine if Google had a "possible spam" tag where items that scored within a certain range in their spam filters would go. Then you could tweak whether you wanted these items to go to your inbox or your spam box, and they would be easy to filter through in either one. Or, maybe if Yahoo showed the percentage of which they were convinced that the email was spam. The default view in the spam folder could be sorted by this field, ascending, so that the least spammy emails would float to the top.
Since no spam filter is perfect, you have to choose between more spam in the inbox or more false positives in the spam folder. I'd rather have some control over the threshold for this, it'd make me more confident that I don't have to sort through the stuff that I know is spam just to get to verify that nothing of value got lost in its midst.
* I haven't used Microsoft's offering since shortly after they bought Hotmail. To my knowledge this post applies to them as well, though.
Imagine if Google had a "possible spam" tag where items that scored within a certain range in their spam filters would go. Then you could tweak whether you wanted these items to go to your inbox or your spam box, and they would be easy to filter through in either one. Or, maybe if Yahoo showed the percentage of which they were convinced that the email was spam. The default view in the spam folder could be sorted by this field, ascending, so that the least spammy emails would float to the top.
Since no spam filter is perfect, you have to choose between more spam in the inbox or more false positives in the spam folder. I'd rather have some control over the threshold for this, it'd make me more confident that I don't have to sort through the stuff that I know is spam just to get to verify that nothing of value got lost in its midst.
* I haven't used Microsoft's offering since shortly after they bought Hotmail. To my knowledge this post applies to them as well, though.
Thursday, November 1, 2007
Chain Mail Lunacy
Earlier today I received a forwarded piece of chain mail with a simple request, "Is this real?" That didn't surprise me, I've made myself known for my intolerance of chain mail misinformation. What surprised me is that the very link that I used to verify the legitimacy of the email was included in the email itself.
The email, if you must know, was one about crystal meth being distributed at grade schools as Halloween candy. I barely read any of it; all I needed was enough to search for a key phrase. I was using much the same procedure I always do. After I found a good phrase and searched, the first hit was a Snopes article.
It wasn't until I went to reply that I noticed the word Snopes in the original email. Then I realized that it was the same link I was going to send. I did my duty and replied with the most accurate synopsis that I could, but I was still bothered by something: Why should I have even taken the time to answer someone who would even think of believing that the serious subject matter of the email is true without even reading it?
It's really sad. Not only does false information get passed around so easily, but it's so openly accepted that people don't feel the need to bother reading it. At least my coworker was skeptical enough to ask me, I suppose. Unfortunately, there were probably a hundred other email addresses included in the forward. At least 5 people had forwarded this email, who knows where they got it and how many others have passed it on. All without bothering to read all of the information included in the email.
I do think that it's mildly clever to use the most widely known chain mail debunking site as a resource to make your claims seem more valid. I wonder if the person who started that incarnation of the email going actually thought that so many people wouldn't bother to check. It's a sort of audacity that you'd only expect from someone who's telling the truth. Think again.
The email, if you must know, was one about crystal meth being distributed at grade schools as Halloween candy. I barely read any of it; all I needed was enough to search for a key phrase. I was using much the same procedure I always do. After I found a good phrase and searched, the first hit was a Snopes article.
It wasn't until I went to reply that I noticed the word Snopes in the original email. Then I realized that it was the same link I was going to send. I did my duty and replied with the most accurate synopsis that I could, but I was still bothered by something: Why should I have even taken the time to answer someone who would even think of believing that the serious subject matter of the email is true without even reading it?
It's really sad. Not only does false information get passed around so easily, but it's so openly accepted that people don't feel the need to bother reading it. At least my coworker was skeptical enough to ask me, I suppose. Unfortunately, there were probably a hundred other email addresses included in the forward. At least 5 people had forwarded this email, who knows where they got it and how many others have passed it on. All without bothering to read all of the information included in the email.
I do think that it's mildly clever to use the most widely known chain mail debunking site as a resource to make your claims seem more valid. I wonder if the person who started that incarnation of the email going actually thought that so many people wouldn't bother to check. It's a sort of audacity that you'd only expect from someone who's telling the truth. Think again.
Monday, October 1, 2007
Sweetly Poisoned Information
Recently a coworker asked me about an email forward that she received. The email, entitled "Sweet Poison (A MUST READ)," was little different than most junk that's forwarded around. In my response I included the process I use to discredit, and very occasionally verify, the factuality of chain mail. It's pretty simple and I suggest everyone who's confronted with these things adopt a similar solution.
As I'm fond of saying, the best way to fight misinformation is with truth. My reply is as follows:
As I'm fond of saying, the best way to fight misinformation is with truth. My reply is as follows:
http://www.breakthechain.org/exclusives/aspartame.html
In this case it appears that the information contained is disputed at best. Also, this appears to be a grassroots marketing campaign. If you search for “Sweet Poison” you’ll find that it’s a book written about “exposing aspartame dangers.”
As for debunking, there’s a process I use:
- Anything, and I mean anything, written in 20 point green fonts, interspersed with varying paragraphs of other font colors, faces, and sizes, is likely junk. 99.999% of the time this holds up to be true. I’ve never found any reliable information contained within an email like this.
- The mere fact that several AOL users have forwarded this around is a sign that the content isn’t worth reading.
- Once we’ve established that it’s likely worthless we can take two courses of action:
- Delete the email
- Reply with information proving it worthless:
- Pick a phrase from the email or subject and paste it into the google search input. Usually the subject itself or the first sentence or two works, just make sure it’s somewhat unique.
- Search for it. Look through the first page or two of results. If you see snopes.com, breakthechain.org, etc. then click on the link.
- Unless you already know what the link says, read it. It’s best to be informed.
- Send an email back to the sender. Ask them to forward the truth around to everyone who they sent the original email to, as well as the person who sent it to them.
- Be prepared for an argument. Forwarded emails are often successful because it’s easier to accept the lie than it is to swallow the truth. People confronted with the truth will often get defensive of the falsity that they propagated and will resort to tactics such as attacking you for wanting to be right.
Sunday, September 2, 2007
Follow up to Your Account
Last time I detailed a problem when people enter email accounts that don't belong to them but the service doesn't allow you to remove the account.
In response to this, a friend of mine suggested that I mention Mailinator. It's a service that allows you to make up an email on the fly and check it. There's no passwords and no expectation of privacy but that's better than sending information to someone else. It's a great idea if you just want to check out a service.
Also, I received an email today about a new Yahoo! account that was created with my account as a secondary. I was impressed that Yahoo! has a system that allows you to remove your address from the account. Simply click a link and then a button to confirm. Of course, I spent a few seconds analyzing the URL before I went to it.
One of the big problems with situations like these is that they can be used to verify that your email address is valid. That may make removing your email from an account tantamount to clicking a link from a spammer. I don't have any evidence of this, and it does sound like a lot of work, but it is possible. That's why I think that the best way for a site to handle this is to require validation upfront but don't allow the user to know if the account owner ever validated. Just remove the account after a short time without validation, a week or a month should be enough.
Lastly, it should be noted that this is somewhat related to the newly defined BACN. This is a little different. It's like getting someone else's BACN. It's also unsolicited so it's a little more like SPAM. You can assume that someone might want it but you're not that someone.
In response to this, a friend of mine suggested that I mention Mailinator. It's a service that allows you to make up an email on the fly and check it. There's no passwords and no expectation of privacy but that's better than sending information to someone else. It's a great idea if you just want to check out a service.
Also, I received an email today about a new Yahoo! account that was created with my account as a secondary. I was impressed that Yahoo! has a system that allows you to remove your address from the account. Simply click a link and then a button to confirm. Of course, I spent a few seconds analyzing the URL before I went to it.
One of the big problems with situations like these is that they can be used to verify that your email address is valid. That may make removing your email from an account tantamount to clicking a link from a spammer. I don't have any evidence of this, and it does sound like a lot of work, but it is possible. That's why I think that the best way for a site to handle this is to require validation upfront but don't allow the user to know if the account owner ever validated. Just remove the account after a short time without validation, a week or a month should be enough.
Lastly, it should be noted that this is somewhat related to the newly defined BACN. This is a little different. It's like getting someone else's BACN. It's also unsolicited so it's a little more like SPAM. You can assume that someone might want it but you're not that someone.
Thursday, August 23, 2007
Your account, whether you like it or not.
Have you ever gone to a website that you just wanted to check out, so you gave it a bogus email address? Did you ever think of what may happen if there were a real person on the other end of that email? I may be that person.
I have an email at Yahoo! that's fairly "clean," and by that I mean that it isn't 15 characters of jibberish with a 10 digit number at the end. It's a concatenation of two short words. (It's also been my user name since 1995 and a real life nickname from junior high.) Unfortunately, I've been paying for this benefit in the form of SPAM since the onset of that problem. Lately I've had a new problem, one that shouldn't be happening.
Well, perhaps it isn't new. I've had this sort of thing happen to me for years. Bogus accounts created to my email address isn't really that new. The new part of the problem is that I can't do anything about these accounts. Once they're created I can't even access them. I can't control the contact settings. I can't control whether my email is published or not. The account isn't mine and I have no way to do anything about it.
I used to be able to simply go to the site and request "my" password. Then I could login and change the email to something else. Sure, sometimes I would vandalize the account. That's the risk you run when you give an email address that you don't control nor know whether it's active. Next time don't be lazy, create your own throwaway account or just use your email address. Use an account that you know doesn't exist, it's not hard to check and see what domains aren't reserved. At the very least, don't use simpleaddress@popularemailsite.com.
Why can't I access accounts assigned to my email address? Well, first the website allows the user to put in any email address. That's standard, you can't help that. Then the website doesn't email the initial password, it's either returned on the screen or set by the user. Lastly, in order to retrieve your password you have to answer a personal question before it is emailed to you, it's often asking you to provide your date of birth.
See how that setup allows for an account to be created but the email address owner has no say in it? The truly sad part of this story is that the websites allowing this to happen aren't small shops that can't invest in a usability expert or at least some focus testing. These are established businesses, both online only and corporations that just have a web division. These are websites that have no excuse to not address this issue.
There are several steps that can be taken to avoid this.
The most obvious is to validate that the person creating the account has access to the email address they provide. This is a good practice for any registration system. If you don't validate the email address then you may as well not require it. At that point it's just useless information. If you continually email someone based on this unverified information you're sending unsolicited mail, it's unsolicited because I didn't solicit it. If the only way to stop this emailing is to log in to the system and change your options then it's unacceptable to not verify the email.
Next, you can email the user their password after it's assigned. This is good customer service, as it allows them to have a record of how to access the account. Unfortunately it's poor security, which is probably why it isn't done. If you do this, though, it will discourage the use of fake email addresses (or at least ones that may have a person on the other end) and will give the owner of the email address some recourse, even if that may be a liability to the user.
Allow the email address owner to retrieve or reset the password. Most of the concerns here mimic those above. Unfortunately if you require information provided by the person who created the account, yet the account creator provided an email they don't own, then the email owner doesn't have this information. If you're worried about security then this doesn't work, but it's not always a horrible idea otherwise.
Lastly, provide some way to opt out on the website without logging in. It's really simple to make an opt out application. You only need the email address and then to validate it. You could, at that point, require that the offending account verify their email address, change it, or disable the account. This is a good implementation merely because it will allow you to prevent further accounts from being created for an email address that has opted out.
Of course, if a system isn't in place for me to remove myself I can, and will, email customer service. That is a major annoyance, though. Beyond that, at some point I have to prove that I really own the email address by... having it verified. Otherwise anyone with minimal information could spoof an email and cause havoc.
As an aside I'd like to mention the very worst site that I've dealt with on this issue, CBS Sportsline's Fantasy Football. Someone created an account on this service early last year with my email address. I started getting weekly emails about the service, as well as other random junk. I went to the website to try to fix the situation and could not get in. I could not get the password without the account creator's date of birth. What's worse is that the website has no support contact information available without logging in. I wasn't about to provide them with another email address just to report that I didn't sign up with my other one. I tried to reply to the emails I was getting to no avail. After a month of this and another twenty frustrating minutes of searching I was able to find a support phone number. I called and spoke to a real person, who I explained the problem to. I asked him to change the email address on the account to anything else. He told me he would and I thanked him and hung up. I never stopped getting the emails.
I started marking them as spam. Every time I see a CBS Sportsline email in my inbox I mark it as spam. It's unsolicited. I told them to stop and they didn't. I can only hope that they are increasingly flagged as spam by Yahoo!'s spam filters. Really, that's the only answer that the end user has in this circumstance: Do everything you can to call attention to the issue and then declare the sender a spammer. If they don't give you a way to opt out and you've informed them that you didn't opt in then they are a spammer.
I have an email at Yahoo! that's fairly "clean," and by that I mean that it isn't 15 characters of jibberish with a 10 digit number at the end. It's a concatenation of two short words. (It's also been my user name since 1995 and a real life nickname from junior high.) Unfortunately, I've been paying for this benefit in the form of SPAM since the onset of that problem. Lately I've had a new problem, one that shouldn't be happening.
Well, perhaps it isn't new. I've had this sort of thing happen to me for years. Bogus accounts created to my email address isn't really that new. The new part of the problem is that I can't do anything about these accounts. Once they're created I can't even access them. I can't control the contact settings. I can't control whether my email is published or not. The account isn't mine and I have no way to do anything about it.
I used to be able to simply go to the site and request "my" password. Then I could login and change the email to something else. Sure, sometimes I would vandalize the account. That's the risk you run when you give an email address that you don't control nor know whether it's active. Next time don't be lazy, create your own throwaway account or just use your email address. Use an account that you know doesn't exist, it's not hard to check and see what domains aren't reserved. At the very least, don't use simpleaddress@popularemailsite.com.
Why can't I access accounts assigned to my email address? Well, first the website allows the user to put in any email address. That's standard, you can't help that. Then the website doesn't email the initial password, it's either returned on the screen or set by the user. Lastly, in order to retrieve your password you have to answer a personal question before it is emailed to you, it's often asking you to provide your date of birth.
See how that setup allows for an account to be created but the email address owner has no say in it? The truly sad part of this story is that the websites allowing this to happen aren't small shops that can't invest in a usability expert or at least some focus testing. These are established businesses, both online only and corporations that just have a web division. These are websites that have no excuse to not address this issue.
There are several steps that can be taken to avoid this.
The most obvious is to validate that the person creating the account has access to the email address they provide. This is a good practice for any registration system. If you don't validate the email address then you may as well not require it. At that point it's just useless information. If you continually email someone based on this unverified information you're sending unsolicited mail, it's unsolicited because I didn't solicit it. If the only way to stop this emailing is to log in to the system and change your options then it's unacceptable to not verify the email.
Next, you can email the user their password after it's assigned. This is good customer service, as it allows them to have a record of how to access the account. Unfortunately it's poor security, which is probably why it isn't done. If you do this, though, it will discourage the use of fake email addresses (or at least ones that may have a person on the other end) and will give the owner of the email address some recourse, even if that may be a liability to the user.
Allow the email address owner to retrieve or reset the password. Most of the concerns here mimic those above. Unfortunately if you require information provided by the person who created the account, yet the account creator provided an email they don't own, then the email owner doesn't have this information. If you're worried about security then this doesn't work, but it's not always a horrible idea otherwise.
Lastly, provide some way to opt out on the website without logging in. It's really simple to make an opt out application. You only need the email address and then to validate it. You could, at that point, require that the offending account verify their email address, change it, or disable the account. This is a good implementation merely because it will allow you to prevent further accounts from being created for an email address that has opted out.
Of course, if a system isn't in place for me to remove myself I can, and will, email customer service. That is a major annoyance, though. Beyond that, at some point I have to prove that I really own the email address by... having it verified. Otherwise anyone with minimal information could spoof an email and cause havoc.
As an aside I'd like to mention the very worst site that I've dealt with on this issue, CBS Sportsline's Fantasy Football. Someone created an account on this service early last year with my email address. I started getting weekly emails about the service, as well as other random junk. I went to the website to try to fix the situation and could not get in. I could not get the password without the account creator's date of birth. What's worse is that the website has no support contact information available without logging in. I wasn't about to provide them with another email address just to report that I didn't sign up with my other one. I tried to reply to the emails I was getting to no avail. After a month of this and another twenty frustrating minutes of searching I was able to find a support phone number. I called and spoke to a real person, who I explained the problem to. I asked him to change the email address on the account to anything else. He told me he would and I thanked him and hung up. I never stopped getting the emails.
I started marking them as spam. Every time I see a CBS Sportsline email in my inbox I mark it as spam. It's unsolicited. I told them to stop and they didn't. I can only hope that they are increasingly flagged as spam by Yahoo!'s spam filters. Really, that's the only answer that the end user has in this circumstance: Do everything you can to call attention to the issue and then declare the sender a spammer. If they don't give you a way to opt out and you've informed them that you didn't opt in then they are a spammer.
Subscribe to:
Posts (Atom)