Weekly output: Facebook customer dissatisfaction, Facebook meddling in the Middle East (x3)

Tuesday has me departing for Las Vegas for the Black Hat and DEF CON information-security conferences, aka Hacker Summer Camp. In addition to the usual risk of getting pwned, this year I and other attendees will also have to deal with a plague of grasshoppers.

Yahoo Facebook ACSI post7/30/2019: Study shows Facebook’s customer-satisfaction scores plunging, Yahoo Finance

A new survey from the American Customer Satisfaction Index showed people’s contentment with Facebook plummeting to depths you could call Comcastic–except the cable company still rated lower in ACSI research earlier this year. If this post seems somewhat familiar, you may remember me writing up a similar set of ASCI findings in 2010. The issue of what we’ve learned about Facebook in the intervening years is left as an exercise for the reader.

8/1/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

The Arabic-language news channel had me on air live–twice in this day–to talk about Facebook’s announcement that it had booted hundreds of accounts and pages run out of Saudi Arabia, the United Arab Emirates and Egypt for “coordinated inauthentic behavior,” its phrase for disinformation campaigns.

8/2/2019: Facebook catches meddling from Saudi Arabia, United Arab Emirates, Egypt, Al Jazeera

Saudi Arabia misbehaving on social media put the Qatari network into flood-the-zone mode–not difficult to understand, given the enmity between the kingdom and Qatar–and so AJ had me on for a second day in a row to talk about this story. If you don’t care about Gulf politics, please consider that the Facebook-meddling move here of impersonating local news sources could work in the many U.S cities and towns now starved for local news coverage.

Advertisements

Weekly output: #DIV/0!

For the first time since two Augusts ago, I have no new bylines in a week. I did file one story, not yet posted, and get much of the reporting done for two others–after losing much of the first two days from having our schools closed after last weekend’s snowstorm–but it’s still annoying to have this post equate to a divide-by-zero error.

And that happened even though I worked for a good chunk of this weekend: I spent most of Saturday at the Shmoocon cybersecurity conference in D.C. I connected with people much better-informed than me, picked up some useful insights that I hope to turn into a post, caught up with an old friend, and enjoyed spotting the hilarious National Security Agency recruitment ad pictured at right. (No, I did not plug in my phone.)

Having this con take place at the Washington Hilton provided a bonus level of amusement. I’ve been at the venue Washingtonians call the Hinckley Hilton for many other events, but none had involved so many people with hair dyed interesting colors and on-message t-shirts (e.g,, “Crypto means cryptography”). That was an excellent change-up from this hotel’s usual overdressed look.

Black Hat priorities: don’t get pwned, do get work done

LAS VEGAS–I took my own phone and laptop to the Black Hat USA security conference here, which is often held out as a bad idea.

Before I flew out to Vegas Tuesday, I got more than a few “Are you bringing a burner phone?” and “Are you leaving your laptop at home?” questions.

Black Hat backdropBut bringing burner hardware means dealing with a different set of security settings and doesn’t address the risk of compromise of social-media accounts. And writing thousand-word posts on my phone risks compromising my sanity.

So here’s what I did with my devices instead:

  • Put my laptop in airplane mode, then enabled only WiFi to reduce the PC’s attack surface to that minimum.
  • For the same reason, turned off Bluetooth and NFC on my phone.
  • Set the Windows firewall to block all inbound connections.
  • Used a loaner Verizon hot spot for all my data on both my laptop and phone–I even disabled mobile data on the latter gadget, just in case somebody set up a malicious cell site.
  • Connected only though a Virtual Private Network on both devices, each of which were set to go offline if the Private Internet Access app dropped that encrypted connection.
  • Did not plug in a USB flash drive or charge my phone through anything but the chargers I brought from home.
  • Did not download an update, install an app, or type in a password.
  • Did not leave my laptop or phone alone in my hotel room.

Combined, this probably rates as overkill–unless the National Security Agency or a comparable nation-state actor has developed an intense interest in me, in which case I’m probably doomed. Using a VPN alone on the conference WiFi should keep my data secure from eavesdropping attempts, on top of the fact that all the sites I use for work already encrypt their connections.

But for my first trip here, I figured I’d rather err on the side of paranoia. (You’re welcome to make your case otherwise in the comments.)

Then I showed up and saw that everybody else had brought the usual array of devices. And a disturbing number of them weren’t even bothering to use encryption for things as basic as e-mail.

Weekly output: 5G possibilities, Comcast-NBC revisited, switching to Windows, big-media serfdom, Face ID hack, online abuse

Good luck with your Thanksgiving family tech support, everybody!

11/13/2017: 5G’s Economic Prospects: Flexibility and Fuzziness, FierceWireless

Researching this piece about possible business models for 5G wireless helped inform me about story angles I’ll want to look into over the next few years. As with my past work for Fierce’s e-book bundles, you’ll have to cough up an e-mail address to read this one.

11/13/2017: Comcast + NBCUniversal Produces Mixed Bag, FierceCable

Disclosure: Comcast’s purchase of NBCUniversal has benefited me directly, in the form of Comcast PR inviting me to NBCUniversal movie screenings in D.C.

11/13/2017: How Apple sold me on buying a Windows laptop, Yahoo Finance

An angle I didn’t have room to address in this post: Windows 10’s “tablet mode” represents a long-delayed fulfillment of the promise of Windows XP’s watching-not-creating Media Center interface.

11/14/2017, Barry Diller says big media will be ‘serfs on the land’ of tech giants, Yahoo Finance

The media mogul’s pessimistic assessment of traditional media’s future was an easy sell from the Internet Association’s Virtuous Circle conference in San Francisco.

11/17/2017: You should still use the iPhone X’s Face ID even though hackers say they beat it, Yahoo Finance

I’ve written a few posts over the past year or two on the theme of “security nihilism”–the unhelpful belief of many infosec types that if a defensive measure can’t protect you from the most experienced and motivated attackers, then it’s worthless. Maybe this was more persuasive than the others?

11/16/2017: Technical and Human Solutions to Problematic Behaviors, Family Online Safety Institute

I moderated this panel at FOSI’s conference about ways to deal with people being jerks online. My thanks to TeenSafe’s Tracy Bennett, Verizon’s Ginelle Brown, Twitter’s Patricia Cartes and the Born This Way Foundation’s Rachel Martin for making me sound smarter on the subject on a day when I had to function on about four hours of sleep after a fuel leak forced my flight back from SFO to divert to Denver, after which I didn’t land at Dulles until after 1 a.m.

Weekly output: net neutrality, cybersecurity advice, Photobucket

In an alternate universe, I’d be heading to New York Tuesday for CE Week, but I had a panel invitation here and none there. I also recalled how low-key last year’s conference was, so I decided to stick around here after I’d already put in for a press pass. To everybody who’s pitched me about their CE Week exhibits or events (which seem to be more numerous than last year’s): Sorry!

7/3/2017: How open-internet rules are actually helping consumers, Yahoo Finance

Yet another net-neutrality post? Yes. This one covered two angles I had not addressed adequately before. One is how Internet providers’ own deployment figures show they’ve kept on expanding their networks after the advent of open-Internet rules. The other is the poor odds of a small ISP getting the time of day from a major streaming-media service, much less inking a paid-prioritization deal that would yield enough money to finance broadband buildout.

7/3/2017: ICD Brief 47, International Cybersecurity Dialogue

This group’s newsletter quoted my critique of the cybersecurity lessons offered in a French TV report. I didn’t find it much more helpful than much of the infosec advice you’ll see in mainstream coverage.

7/7/2017: The big lesson from Photobucket’s ‘ransom images’ debacle, Yahoo Finance

It’s been years since I last uploaded any pictures to Photobucket, but only a decade ago it led the market for online image sharing. Its subsequent descent into a) becoming an ad-choked hell and b) demanding that free users who had accepted its invitation to embed their photos elsewhere switch to paying $400 a year is sad on a lot of levels.

Weekly output: CES recap, United fleet site, cybersecurity coverage, wireless phone plans, inauguration wireless coverage, T-Mobile One alternatives

I got a little extra publicity this week from the Columbia Journalism Review when its editors illustrated their open letter to President Trump from the White House press corps with a photo I took of the White House press briefing room. It’s been flattering to see that people actually read photo credits! I would have liked to see CJR link to the original–I believe that’s a condition of the Creative Commons non-commercial-use-allowed license under which I shared it on Flickr–but the reply I got was that their CMS doesn’t support links in photo credits.

That photo, incidentally, comes from 2014’s White House Maker Faire–exactly the sort of event I don’t expect to get invited to over the next four years.

1/17/2017: Techdirt Podcast Episode 105: The CES 2017 Post-Mortem, Techdirt

I talked with Techdirt founder Mike Masnick about my experience at this year’s show. I did the interview using a podcasting Web app I hadn’t tried before, Cast. My verdict: great UX, but that name is horrible SEO.

Screenshot of Air & Space story1/18/2017: Get to Know Your Airliner, Air & Space Magazine

I finally wrote a story for a magazine I’ve been reading on and off since high school, which is pretty great. The subject: the United Airlines Fleet Website, a remarkably useful volunteer-run database of United planes that I’ve gotten in the habit of checking before every UA flight. The story should also be in the February issue, available at newsstands in the next few days.

1/18/2017: What you should really know about every major hacking story, Yahoo Finance

I put on my media-critic hat to write this post about what too many cybersecurity pieces–and too many mass-media conversations on the subject, up to and including those started by Donald Trump–get wrong.

1/19/2017: The Best Cell Phone Plans, The Wirecutter

We decided last summer that having separate guides for the four major wireless carriers and for prepaid and resold phone plans didn’t help readers who should be considering all of their options. That also imposed extra work on me. The result: a single guide that’s much shorter and will be easier to update the next time, say, Sprint rolls out some new price plans.

1/19/2017: How carriers will keep D.C. online during Trump’s inauguration, Yahoo Finance

The real test of the big four networks came not during President Trump’s under-attended inauguration but the Women’s March on Washingtoh the next day. To judge from the experience of my wife and others, the carriers did not acquit themselves too well: Her Verizon iPhone lost data service for part of the day, and I saw friends posting on Facebook that they couldn’t get photos to upload.

1/22/2017: Am I stuck with T-Mobile’s flagship plan?, USA Today

T-Mobile’s decision to limit its postpaid offerings to the unmetered-but-not-unlimited T-Mobile One gave me an opportunity to provide a quick tutorial on the differences between postpaid, prepaid and resold services.

Weekly output: Game of Thrones, security, augmented reality, T-Mobile, phone insurance

Happy Easter!

DisCo Game of Thrones post

3/27/2013: Ethicists Make Lousy Economists, And Other Lessons From the Endless “Game of Thrones” Debate, Disruptive Competition Project

This started life as a draft here a year ago, when I’d gotten fed up by seeing the same old arguments thrown around on Twitter and in blog posts about the HBO series. Then I set it aside, which turned out be a good thing when I had a paying client interested in the topic.

3/29/2013: Social-Media Trend To Watch: Security That Doesn’t Have To Suck, Disruptive Competition Project

With Dropbox, Apple and, soon, Evernote and Twitter following Google’s lead in offering two-step verification as a login option, I’m cautiously optimistic that this competition will yield more usable security than what the efforts of corporate IT have yielded so far. The skeptical comments this post has since gotten have me wondering if I was too optimistic.

3/29/2013: Augmented Reality Doesn’t Need Google Glasses, Discovery News

I revisited a topic I last covered in depth in a 2009 column for the Post. Part of this post recaps how I still use some of the apps I mentioned back then, part suggests some other possible applications, and then I note how Windows Phone 8’s “Lenses” feature could foster “AR” on that platform. I’m not sure all of those parts hold together.

3/31/2013: Q&A: Is T-Mobile’s new math a good deal?, USA Today

The wireless carrier’s no-contract plans may not save you much money if you buy a new smartphone exactly every two years, but if you upgrade less often–or buy an unlocked phone from a third party–they can work well for you. (And if they foster the growth of a carrier-independent market for phones, they would work well for the rest of us.) The post also includes a reminder to watch out for phone-insurance charges on your bill.

Sulia highlights: calculating how much you’d spend on an iPhone 5 and two years of service at the four major wireless carriers; noting the belated arrival of threaded comments on Facebook pages; explaining why Google Maps doesn’t offer real-time arrival estimates for Metro and other transit systems; critiquing the woeful setup experience on a Linksys router.