WeChat, but I can’t

SHANGHAI–It wasn’t until shortly before I left for CES Asia that I realized showing up here without a WeChat account would mark me as some kind of hick. I’m now about to head home, still bereft of a WeChat account. But I tried!

WeChat, for those as uninitiated as I once was, is the service AOL Instant Messenger became in an alternate universe. Tencent’s messaging app not only connects almost one billion users in real time, it functions as a wallet, a business card, a news feed and a great many other things.

So I downloaded the Android app, plugged in my Google Voice number–as the work number on my business card, it’s what I ordinarily use without a problem on phone-linked messaging systems.

But what worked in WhatsApp and Signal did not in WeChat. After creating an account and entering the security code texted to my number, I got this error message:

“This WeChat account has been confirmed of suspicious registration in batch or using plugins and is blocked. Continue to use this account by tapping OK and applying for an account unblock.”

Whoops. I tapped through to a “Self-service unblock allowed” screen, tapped its  “Read and accept” button. That presented me with CAPTCHA prove-you’re-not-a-robot interface that had me tap the letters in one graphic that matched those in another.

But after going through that, I still couldn’t log in. Instead, the app told me to get another WeChat user to verify my existence on their phone. I’ve now tried that a few times with both U.S.-based and local users, and after each try the app has offered a vague error message about the other person not being eligible to vouch for me.

After some further research, I think the problem is my using a Google Voice number. That possibility goes unmentioned in WeChat’s English-language online help, but a Quora post reports that Tencent quashed that option years ago.

And thinking about it, it does make sense: I can’t imagine that the Chinese government would look fondly on any communications service that allows people to use a number likely to be untethered from a billable address.

When I get back to the States, I will see if I can’t get WeChat to work with some kind of a burner number still attached to a real account–maybe from a loaner phone. Otherwise, I guess I’ll have to set up WeChat with my “real” phone number. I can’t stay illiterate in this service forever, right?

Advertisements

What made this Facebook post bot bait?

I never quite know what I’m doing with my public Facebook page, but I can usually count on this much: Only a small fraction of however many people see something I post there will Like it.

Something different happened with the link I shared on Saturday to my USA Today recap of Mobile World Congress. Of the 516 people it reached, 320 have liked it. Which would be nice, except that so many of them appear to be fake accounts that I should have put scare quotes around “people” in the previous sentence.

My new fans all appear to be young women of excellent health and are almost all dressed for the beach, an evening out, or an evening in. Some of them apparently use the same first and last names to make it easier to remember them: Alyssa Alyssa, Isabel Isabel, Kate Kate.

So while my page does desperately need a better gender balance–Facebook’s analytics report its audience is 71% men, 29% women–I don’t think my page’s new pals reflect a genuine shift. Question is, what made this one post draw out the bots when others don’t? And can I at least get some of them to click on the USAT story itself and maybe linger over an ad or two?

Do I really have to use Snapchat?

Snapchat filed for its initial public offering Thursday, which makes it a good time to admit that I completely suck at Snapchat.

I have the app on my phone (I installed it first on my iPad, which should exhibit how confused I am about the whole proposition), but it’s among the least-used apps on that device. And that doesn’t seem likely to change.

Self-portrait using Snapchat's snorkel-and-fish lensFew of the friends from whom I’d want to get real-time messages number among its 158 million daily active users, and even fewer seem to use it actively versus lurking on it. I will check out the occasional Story from a news or entertainment site, but that slightly longer-form medium has yet to become a regular part of my info-diet.

I could use Snapchat as yet another way to connect with readers. But without any clients or readers asking me to do this–and with a surplus of social-media distractions already on my various devices–I’m struggling to see the upside.

The biggest reason for my holding off is, to put it bluntly, is that I’m ancient relative to Snapchat’s millennial demographic. I didn’t get the initial appeal of the app when it was focused on sexting disappearing messages, and I’ve been stuck in a get-off-my-lawn mentality ever since.

Snapchat’s self-inflicted wounds are part of the story too. This startup had barely been in existence for three years before having a data breach expose partial phone numbers of more than 4.5 million users, after which it accepted a 20-year settlement with the Federal Trade Commission. That’s not the sort of thing that makes me want to give an app access to my phone’s contacts list. It does not help that founder Evan Spiegel hasn’t exactly seemed like the most enlightened founder in tech.

Finally, there’s Snapchat’s cryptic interface, which expects the user to swipe in random directions to see what features might surface. When the clearest explanation of this UI comes as a diagram on page 92 of Thursday’s S-1 filing with the Securities and Exchange Commission, we have a serious failure of discoverability. That, too, does not make me want to spend my time figuring out this app.

As that pre-IPO disclosure to investors itself admits: “These new behaviors, such as swiping and tapping in the Snapchat application, are not always intuitive to users.”

I’m not going to delete the app from my phone or anything. It’s an important part of social media today, and I should stay at least functionally literate in it. But if you were hoping to have that be yet another instant-messaging app you can reach me on… look, don’t I have enough of those to monitor already?

Perhaps I’m wrong. If so, please don’t try to convince me otherwise in a Snapchat chat; leave a comment here instead.

 

Mail encryption has gotten less cryptic, but some usability glitches linger

I seriously underestimated you all late last year. In a Dec. 7 post about encryption, I wrote that I hadn’t gotten an encrypted e-mail from a reader in years and said I expected that streak to continue.

PGP keysIt did not. Within a week, a dozen or so readers had sent me messages encrypted with my PGP public key (under subject lines like “Have Faith!” and “Challenge Accepted”), and several others have done the same since. That’s taught me that the crypto user experience has, indeed, gotten pretty good in GPG Suite, the Pretty Good Privacy client of choice in OS X.

But at the same time, some awkward moments remain that remind me the woeful state of things in the late 1990s.

Most of the them involved getting a correspondent’s public key, without which I could not encrypt my reply. When it was attached as a file, dragging and dropping that onto the GPG Keychain app had the expected result, but when it came as a block of text in the decrypted message, I (like other users before me) wasted a few mental processor cycles looking for an import-from-clipboard command when I only had to paste that text into GPG Keychain’s window.

I should have also been able to search keyserver sites for a correspondent’s e-mail address, but those queries kept stalling out at the time. One reader did not appear to have a key listed in those databases at all, while I had to remove a subdomain from another’s e-mail address to get his key to turn up in a search.

One more reader had posted his public key on his own site, but line breaks in that block of text prevented GPG Keychain from recognizing it.

The GPGMail plug-in for OS X Mail is in general a pleasure to use. But its default practice of encrypting all drafts meant that I could no longer start a message on my computer and finish it on my phone–and one e-mail that I’d queued up in the outbox while offline went out encrypted, yielding a confused reply from that editor. I’ve since shut off that default.

It’s quite possible that the upcoming stable release of GPG Suite for OS X El Capitan will smooth over those issues. But that version was supposedly almost ready in late September, and there hasn’t been an update on that open-source project’s news page since. I suppose having to wonder about the status of a crucial software component counts as another crypto-usability glitch.

 

Why I don’t and (probably) won’t use an ad blocker

It will cost me a few hundred dollars to try iOS 9’s new support for ad-blocking tools, courtesy of that feature not working on my vintage iPad mini. (Thanks for not documenting that and other incompatibilities, Apple.) But even after I upgrade to an iPad mini 4, I probably still won’t treat myself to an ad-reduced mobile Web by paying for such popular content blockers as Crystal or Purify.

IiOS 9 ad blockers mentioned the reasons why in a comment on my Yahoo Tech post Tuesday, but the answer deserves a little more space.

It’s not about a sense of professional loyalty, although I would feel more than a little dirty undercutting the advertising revenue that helps news sites pay me and my friends in the business.

(Ars Technica founder Ken Fisher made that argument well in this March 2010 post.)

This is more a case of me trying to keep a little of the common touch online. In general, I stick with default settings so I will experience the same issues as the average Web user (also, I’m lazy). I will depart from defaults to keep my devices secure–that’s why Flash isn’t on this laptop–but installing extra apps to get a cleaner Web experience gets me too far from that ideal.

In particular, relying on ad blocking invites me to recommend sites without realizing their annoyance factor. If a site’s going to throw a sign-up-for-our-newsletter dialog before you can read every story, I don’t want to learn about that behavior afterwards from grumpy readers.

(My occasional client PCMag.com often presents that kind of newsletter dialog. And yet I gladly refer people there, because their journalists do good work. See, it’s complicated!)

I also need to know if my regular clients are getting obnoxious with the ads–remember, I was at the Post when an overload of ads and social-media widgets began to bog down everybody’s reading–on the chance that my complaint to management improves matters. You’ll tell me about that kind of problem, right?

Nexus 4 update: a little more life with Lollipop

One of the key reasons why I bought my Nexus 4 a little over two years ago was knowing that I wouldn’t have to wait for Google’s software updates. And then I waited weeks to install Google’s Android 5.0 Lollipop update after its first appearance on my phone in late November–the slight risk of the update bricking my phone was not something I wished to run during the combined insanity of the holidays and CES.

Nexus 4 with LollipopI should have waited longer. That 5.0 release and the subsequent 5.0.1 update exhibited a freakish and annoying bug: I could hear the other person in a phone call, but they couldn’t hear me.

The workaround suggested in a reddit thread about changing a developer-level setting made the problem go away most of the time, and it’s yet to resurface in Android 5.1. But I’m still completely puzzled as to how a flaw this widespread could have escaped QA testing

I don’t regret installing this update overall, though–not least since Google does appear to have fixed the problem it created.

The best feature so far has been battery life that seems notably longer than under Android 4.4. And seeing a current estimate of how many more hours the phone’s good for–combined with having its Battery Saver option prolong its runtime for a good hour or so–leaves me feeling a little more in control of this Nexus 4’s useful time away from a charger.

After that I’d rank the updated Quick Settings panel you access by swiping down from the top of the screen. This puts my phone’s hotspot feature one tap away–before, it was multiple levels deep in the Settings app–and finally adds the flashlight feature that previously required adding somebody else’s app.

Android Lollipop Quick SettingsThe rest of the Material Design interface Google made so much of a big deal about at last year’s I/O developer conference hasn’t made as much of a difference as I expected. I’ve quickly gotten used to the idea that different apps will turn the menu bar different colors–except when some of these hues get a little too close to Battery Saver’s bright orange.

And I feel like I can zip through open apps much faster in Lollipop’s recent-apps list, or at least I do since telling Android to show Chrome only once in this list instead of including a preview of every page open in that browser.

I wish I could be more enthusiastic about Smart Lock, the option to bypass the lock screen based on your phone’s proximity to a trusted component of one sort or another. But so far, I’ve only set it to trust my desktop computer via Bluetooth–and because that iMac can be iffy about connecting automatically to the phone, I can’t count on this working.

I should explore the other unlock options available. For instance, I happen to have a spare NFC tag or two around that I could stick in our car’s dashboard for an automatic unlock when I tap the phone to it. But haven’t gotten around to that yet.

The important bit about this update is this: Lollipop has breathed a little more life into a two-year-old phone. And that, in turn, means I don’t yet have to choose between continuing with the Nexus line in the form of the unacceptably huge Nexus 6 or going with another Android phone or even (it could happen…) switching to an iPhone.

Cert-ifiable: How my Mac didn’t trust a new secure site from the Feds

For about three minutes on Monday, I thought I’d uncovered a gigantic security flaw in a new government site set up to push other .gov sites towards secure browsing: When I tried visiting The HTTPS-Only Standard, my iMac’s copy of Safari reported that it couldn’t verify that site’s identity and its copy of Chrome said my connection wasn’t private.

https.cio.gov cert errorBut when you think you’ve uncovered an obvious error in a site that’s been out for over a week, it’s usually your own setup at fault. And within minutes of my tweeting about those warnings, I got a reply from the guy who configured the site saying he couldn’t reproduce the problem.

After some quick testing on this computer, my MacBook Air, my iPad and my phone (during which I silently congratulated myself for editing some accusatory sarcasm out of that tweet before posting it), I realized this fault was confined to Safari and Chrome on my two Macs. Every other browser, including Firefox on my iMac, got through to that HTTPS-Only site normally.

Further Twitter conversations pointed me to each Mac’s store of saved site certificates, accessible in the Keychain Access app. For Safari and Chrome to encrypt a connection to that government site, OS X needed to match its digital certificate against a sort of master key, a “root certificate” stored in the system.

old Comodo certificate(For a better description of how the mathematical magic of encrypted browsing happens, consult my friend Glenn Fleishman’s 2011 explainer for the Economist.)

Both Macs had an old copy of Comodo Group’s root certificate, one not listed on Apple’s inventory of trusted root certs. I tried deleting that certificate, figuring it probably wouldn’t make things worse–and that was all it took for the HTTPS-Only site to work as advertised and for one or two other sites to stop coughing up security warnings.

With my encrypted browsing back to normal, I’m left to wonder how my system keychains got tangled up like that. Any theories? Before you ask: Yes, I’ve done a full scan with the ClamXav malware scanner and haven’t found any issues.