Memo to frequent-traveler programs: Kids shouldn’t need their own e-mail addresses

Our almost-six-year-old is already in multiple marketing databases, and it’s all my fault: Once our daughter couldn’t depart with us for free, we started signing her up for frequent-travel programs. The price of miles and points are already baked into the tickets we buy for her, so we might as well take part–and besides, you’ll never hit million-miler status if you don’t start sometime.

JetBlue River Visual viewBut tending these accounts has been more work than I imagined, because some companies have a hard time grasping that children represent a special group of customers who can’t be expected to have their own e-mail addresses.

At first I thought I’d solved this problem with “sub-addressing”creating a new e-mail address on my existing Gmail account by adding a plus sign and additional text to my username. It’s an Internet standard, and I had no issues creating accounts for our daughter at United Airlines, JetBlue, American Airlines, and Amtrak with a “plus-ed” address.

But when I tried logging into our daughter’s United and JetBlue accounts a week ago and was greeted with various errors, I saw that both airlines had stopped accepting sub-addressed e-mails.

The problem was worse at JetBlue, since your TrueBlue ID is your e-mail address. I had to call and provide our kid’s account number and the no-longer-accepted e-mail address; the rep told me she needed her own e-mail address but then accepted a version of my Gmail account with a dot in the middle of my username. It’s weird to have to go through such a workaround when JetBlue’s site has a separate workflow to create a child account.

At United, I could change her e-mail to a dotted version of my Gmail handle after logging in, since MileagePlus account numbers double as usernames. United’s Twitter account then told me I could have put in my own e-mail for her account from the start. I would not have guessed that, since UA’s account-opening UX assumes you’re a grownup–and the e-mails sent to our kid suggesting she jet off to the likes of Australia, Brazil and Israel don’t exactly speak to the under-10 demographic.

Meanwhile, Amtrak and American Airlines still seem to tolerate plus-ed e-mail addresses. (I can’t speak to Delta, as that airline’s network doesn’t work for us.) But after the last week, I won’t be surprised if our little one gets unexpectedly locked out of either account; I just hope I don’t have to spend too much time on the phone to fix that problem.

Dear Android gesture typing: Enough ashtray with this one autocomplete error

About 95 percent of the time, the “gesture typing” built into Android’s keyboard is one of my favorite parts of Google’s mobile operating system. I trace a fingertip over the letters of the word I have in mind, that item appears in an overlay before I’m halfway through inputting it, I lift my fingertip, and a Scrabble winner like “deoxyribonucleic” pops into a tweet, e-mail or note.

Ashtray forbiddenBut then I have to try to gesture-type the $10 word “already,” and Android will have other ideas. Specifically, cancerous ones: It keeps subbing in “ashtray.”

I could take some comfort in the privacy-preserving thought that Google’s sense of my interests is so off that it thinks I write about cigarettes all the time. (This post probably won’t help!) But, really, I only want to write a common adverb without having to tap keys one letter at a time, like some kind of an animal.

And because I’m in the same abusive relationship with autocorrect as everybody else, I keep hoping that this time, Android will finally realize I have no interest in tobacco products. That’s when it will humor me by inserting “airway” instead of “ashtray.”

I just don’t know what could lead Google to misread me so consistently. The path you trace to gesture-type “already” requires going significantly farther east on the keyboard than the route for “ashtray,” and Google’s own search results suggest the former word is used about 143 times more often than the latter. Who would see any upside from this pattern of error?

As I said, this is annoying because it’s so unusual. The only other common word that Android gesture typing botches halfway as often is “conference.” And there, it’s at least more creative: The software will sometimes choose to read my attempt to enter this noun for an occupational hazard of my job as me gesture-typing “cicatrice.” Yes, real word: It’s a Middle English-derived noun for tissue that forms over a wound and then becomes a scar.

One thing I do know about this mystery: If there’s a tech conference with “already” in its name, I may have to decline all of its invitations to preserve my own sanity.

Mail encryption has gotten less cryptic, but some usability glitches linger

I seriously underestimated you all late last year. In a Dec. 7 post about encryption, I wrote that I hadn’t gotten an encrypted e-mail from a reader in years and said I expected that streak to continue.

PGP keysIt did not. Within a week, a dozen or so readers had sent me messages encrypted with my PGP public key (under subject lines like “Have Faith!” and “Challenge Accepted”), and several others have done the same since. That’s taught me that the crypto user experience has, indeed, gotten pretty good in GPG Suite, the Pretty Good Privacy client of choice in OS X.

But at the same time, some awkward moments remain that remind me the woeful state of things in the late 1990s.

Most of the them involved getting a correspondent’s public key, without which I could not encrypt my reply. When it was attached as a file, dragging and dropping that onto the GPG Keychain app had the expected result, but when it came as a block of text in the decrypted message, I (like other users before me) wasted a few mental processor cycles looking for an import-from-clipboard command when I only had to paste that text into GPG Keychain’s window.

I should have also been able to search keyserver sites for a correspondent’s e-mail address, but those queries kept stalling out at the time. One reader did not appear to have a key listed in those databases at all, while I had to remove a subdomain from another’s e-mail address to get his key to turn up in a search.

One more reader had posted his public key on his own site, but line breaks in that block of text prevented GPG Keychain from recognizing it.

The GPGMail plug-in for OS X Mail is in general a pleasure to use. But its default practice of encrypting all drafts meant that I could no longer start a message on my computer and finish it on my phone–and one e-mail that I’d queued up in the outbox while offline went out encrypted, yielding a confused reply from that editor. I’ve since shut off that default.

It’s quite possible that the upcoming stable release of GPG Suite for OS X El Capitan will smooth over those issues. But that version was supposedly almost ready in late September, and there hasn’t been an update on that open-source project’s news page since. I suppose having to wonder about the status of a crucial software component counts as another crypto-usability glitch.

 

Why I don’t and (probably) won’t use an ad blocker

It will cost me a few hundred dollars to try iOS 9’s new support for ad-blocking tools, courtesy of that feature not working on my vintage iPad mini. (Thanks for not documenting that and other incompatibilities, Apple.) But even after I upgrade to an iPad mini 4, I probably still won’t treat myself to an ad-reduced mobile Web by paying for such popular content blockers as Crystal or Purify.

IiOS 9 ad blockers mentioned the reasons why in a comment on my Yahoo Tech post Tuesday, but the answer deserves a little more space.

It’s not about a sense of professional loyalty, although I would feel more than a little dirty undercutting the advertising revenue that helps news sites pay me and my friends in the business.

(Ars Technica founder Ken Fisher made that argument well in this March 2010 post.)

This is more a case of me trying to keep a little of the common touch online. In general, I stick with default settings so I will experience the same issues as the average Web user (also, I’m lazy). I will depart from defaults to keep my devices secure–that’s why Flash isn’t on this laptop–but installing extra apps to get a cleaner Web experience gets me too far from that ideal.

In particular, relying on ad blocking invites me to recommend sites without realizing their annoyance factor. If a site’s going to throw a sign-up-for-our-newsletter dialog before you can read every story, I don’t want to learn about that behavior afterwards from grumpy readers.

(My occasional client PCMag.com often presents that kind of newsletter dialog. And yet I gladly refer people there, because their journalists do good work. See, it’s complicated!)

I also need to know if my regular clients are getting obnoxious with the ads–remember, I was at the Post when an overload of ads and social-media widgets began to bog down everybody’s reading–on the chance that my complaint to management improves matters. You’ll tell me about that kind of problem, right?

What posting a Facebook Offer taught me about Facebook’s privacy rules

Some months ago, a PR person for Gogo handed me a few freebies I probably couldn’t use: three free passes for that company’s inflight WiFi service. (Ethics aside, almost all of my transcon flights are on planes that don’t employ its connectivity, while on shorter flights Gogo’s unintentional free access to Google apps suffices.) Many weeks later, I finally remembered that I could try giving the passes to readers with the Offers function on my Facebook page.

Gogo WiFi passesIt seemed simple enough: You create a special post on your page with the image and brief description of your choice, you set an expiration date and limit how many people can claim the deal, and you watch the audience love roll in.

But I didn’t realize, by virtue of not reading the documentation before, that readers would have to take an extra step to collect this freebie. The lucky winners got an e-mail with this instruction: “To use the offer, visit Rob Pegoraro and show this email.”

As the page owner, meanwhile, I only got a notification that the offer had been claimed–without a hint of who had won it. As Facebook’s help explains: “To protect the privacy of the individuals who claimed your offer, you will not be able to see any of their personal information.” They’d have to get back to me somehow.

I wasn’t planning on any face-to-face interaction, but I didn’t get much of the digital sort either. One longtime reader left a comment saying he’d redeemed the offer–I took him at his word and e-mailed one of the three Gogo alphanumeric codes–and nobody else responded, even after I posted comments imploring them to e-mail me.

That’s bad in the sense that I have some readers wondering why they never received the free inflight WiFi they sought. But it’s good in the sense that Facebook seems to have defaulted to privacy at the expense of marketing convenience.

That, in turn, matches up with such Page limits as my not being able to send messages to fans unless they’ve sent me one first. So if you were holding off on Liking my page because you didn’t want your name in lights–go ahead, since even I probably won’t know unless I spend a lot of time scrolling through Graph Search results for “people who like Rob Pegoraro.”

(Whoever can see your profile will, however, see your new Like. If they already mock you for your taste in tech news, you might want to hold off on the appreciation.)

In the meantime, I have two Gogo passes left. Let’s do this instead: E-mail me about how you’ll make great use of them, and the first two people to send a persuasive story will have the codes in their inboxes soon after.

It’s 2015, and I still use RSS (and sometimes even bookmarks)

A couple of weeks ago, I belatedly decided that it was time to catch up on my RSS reading–and try to stay caught up on my Web feeds instead of once again letting the unread-articles count ascend to four-digit altitudes.

RSS Twitter Google Now iconsAfter a couple of days of reacquainting myself with using various RSS apps to read the latest posts at my designated favorite sites, I had another overdue realization: Much as Winston Churchill said of democracy, RSS remains the worst way to keep up with what’s new on the Web, except for all the others.

“Really Simple Syndication,” a standard through which sites can automatically notify an RSS client about each new post, is old-in-Web-years and unfashionable. But it retains a few core advantages over its alleged replacements. One is control: my RSS feed only shows the sites I’ve added, not somebody else’s idea of what I should know. Another is what I’ll call a tolerance of time: A site that only posts an update a week is less likely to get lost when it occupies its own folder in the defined space of my RSS feed.

The third, maybe most important feature: Nobody owns RSS. When Google shut down Google Reader, I could export my subscriptions and move them to any other RSS host. I went with Feedly and have since been contentedly using that site’s free iOS and Android apps and the third-party Mac program ReadKit ($6.99 then, now $9.99).

I know many people now employ Twitter as their news feed, but I can’t make that work. I love Twitter as a social space, but in practice it’s been a miserable way to get the news. That’s not the fault of the service or its interface, but because it’s full of humans who often get excited about the same things that are really important to them in particular. The result: constant outbreaks of banter about inconsequential-to-normal-people developments like the addition of custom emoji to a chat-room app.

Twitter does help me learn about things happening outside of my usual reading habits, alerts me to breaking news hours faster than RSS and provides an incredibly useful way to talk to readers and hear from them. And yet the more I lean on Twitter as a communications channel, the worse it functions as a news mechanism.

(Facebook… oh, God, no. The News Feed filter I need there most would screen out all updates sharing outside content, so I’d only see things written, photographed or recorded by friends instead of an endless stream of links to content posted in the hope that it will go viral.)

Google Now’s cards for “Research topics,” “Stories to read,” and “New content available” can serve as an RSS substitute in some contexts. Unlike RSS, they’re not stuck with your last settings change and instead adjust to reflect where Google sees your attention wandering and where readers have clicked at the sites you visit. And unlike Twitter, these cards don’t get overrun with me-too content.

But relying on Google Now puts me further in Google’s embraces, and I think I give that company enough business already. (I’m quasi-dreading seeing cards about “RSS” and “Google Now” showing up in Google Now, based on my searches for this post.) It’s also a proprietary and closed system, unlike RSS.

I do appreciate Now as a tool to help me decide what sites deserve a spot in my RSS feed–and, by virtue of Feedly’s recent integration with Google Now, as a way to spotlight popular topics in my RSS that merit reading before others.

Safari favorites headingAs I was going over this reevaluation of my info-grazing habits, I realized that I haven’t even gotten out of the habit of using bookmarks in my browsers. Yes, bookmarks! They remain a major part of my experience of Safari and the mobile version of Chrome–thought not, for whatever reason, the desktop edition.

Mine are embarrassingly untended, littered with lapsed memberships and defunct sites. But they also let me get to favorite sites by muscle memory and without excessive reliance on auto-complete (less helpful for going straight to a particular page on a site) and search (like I said, Google gets enough of my time already).

And my bookmarks would work better if there weren’t so many of them. I really should edit them today… right after I see if my signature file needs new ASCII art.

Cert-ifiable: How my Mac didn’t trust a new secure site from the Feds

For about three minutes on Monday, I thought I’d uncovered a gigantic security flaw in a new government site set up to push other .gov sites towards secure browsing: When I tried visiting The HTTPS-Only Standard, my iMac’s copy of Safari reported that it couldn’t verify that site’s identity and its copy of Chrome said my connection wasn’t private.

https.cio.gov cert errorBut when you think you’ve uncovered an obvious error in a site that’s been out for over a week, it’s usually your own setup at fault. And within minutes of my tweeting about those warnings, I got a reply from the guy who configured the site saying he couldn’t reproduce the problem.

After some quick testing on this computer, my MacBook Air, my iPad and my phone (during which I silently congratulated myself for editing some accusatory sarcasm out of that tweet before posting it), I realized this fault was confined to Safari and Chrome on my two Macs. Every other browser, including Firefox on my iMac, got through to that HTTPS-Only site normally.

Further Twitter conversations pointed me to each Mac’s store of saved site certificates, accessible in the Keychain Access app. For Safari and Chrome to encrypt a connection to that government site, OS X needed to match its digital certificate against a sort of master key, a “root certificate” stored in the system.

old Comodo certificate(For a better description of how the mathematical magic of encrypted browsing happens, consult my friend Glenn Fleishman’s 2011 explainer for the Economist.)

Both Macs had an old copy of Comodo Group’s root certificate, one not listed on Apple’s inventory of trusted root certs. I tried deleting that certificate, figuring it probably wouldn’t make things worse–and that was all it took for the HTTPS-Only site to work as advertised and for one or two other sites to stop coughing up security warnings.

With my encrypted browsing back to normal, I’m left to wonder how my system keychains got tangled up like that. Any theories? Before you ask: Yes, I’ve done a full scan with the ClamXav malware scanner and haven’t found any issues.