Keeping a Facebook page would be less work if Facebook were less tolerant of scammers tagging my Facebook page with other Facebook pages impersonating Facebook

Living a public work life on social media can be tiresome under many conditions, but my occupational outpost on Facebook–facebook.com/robpegoraro–has been feeling especially tedious lately.

And I can’t even blame random Facebook commenters for that! Instead, it’s the random Facebook scammers that have been nibbling away at my social-media attention span by staking out fake Facebook pages that impersonate Facebook itself, and which then tag my page with grammatically-iffy posts threatening to have my page suspended (for example, “someone has reported you with non-compliance with the terms of service”) if I don’t click/tap to verify my page ownership at a site that is obviously not at Facebook.

(Pro tip: Facebook is an American company and, AFAIK, does not have any substantial presence in Vanuatu that would require it to point users to a .vu domain name for terms-of-service compliance.)

I resent being treated like an idiot and I resent having my time wasted, but I also resent seeing a gigantic social network with country-sized resources fail so badly at stopping its own tenants from impersonating it. Every single time, the scam page has a big blue “f” icon matching Facebook’s and calls itself something like “Pages Identity Policy Issue,” which combined should seem like easy bait for a company with Facebook’s machine-learning capacity to quash or at least quarantine.

Instead, I get to play Whac-a-Mole with these idiotic impostors, and Facebook doesn’t even make that efficient.

Here’s the workflow on my iPad if I want to report the tagging post itself: Tap the ellipsis menu at the top right, select “Find support or report post,” select “False information” from the menu (“impersonation” isn’t an option), select “Social Issue,” (other choices being “Health,” “Politics,” “Something Else”), confirm that the post goes against community standards, then tap “Submit.” That last step doesn’t remove the tag, which takes another tap or two to zap.

If, however, I tap the fake page itself (which, in the most recent incident, had been set up for a construction firm in 2013 and then renamed this week, presumably after a hack), I tap the ellipsis menu at the top right, select “Find Support or Report Page,” select “Scams and Fake Pages,” then choose “Misleading Page Name Change” (had I not seen that switcheroo, I would have picked “Pretending to be Another Business” or “Fake Page”). Then it took another tap to block the page’s tag from my own page.

My gripe here isn’t so much with the number of clicks Facebook required but with the gap between its apathetic enforcement against con artists ripping off its own identity and its aggressive and punitive reaction against the New York University researchers who invited readers to install a browser extension that would track which ads Facebook served them, so that we might learn a little more about how that advertising gets targeted. What’s the priority at Facebook?

It’s yet another reason–on top of of the recurring nags to spend money on Facebook ads–to make me wonder why I keep up that Facebook marketing output when it’s so much more work than my other social-media presences. And yet if I want to see how the advertising machinery works, I feel like I have to stick around, scammers and all.

Not cool: freezing my credit after yet another data breach

The text message I was especially uninterested in receiving hit my phone Sunday morning. “T-Mobile has determined that unauthorized access to some business and/ or personal information related to your T-Mobile business account has occurred,” it read. “This may include SSN, names, addresses, phone numbers and dates of birth.”

T-Mobile’s texted non-apology for a data breach affecting tens of millions of subscribers went on to note that “we have NO information that indicates your business or personal financial/ payment information were accessed,” as if those data points were the ones I couldn’t reset with a phone call or three.

Instead, I got to spend part of an evening at the sites of the three major credit bureaus to freeze my credit, just in case any recipient of the stolen T-Mobile data was going to try to go to town on my data. In the exceedingly-likely event that you, too, will have to clean up after a corporation’s carelessness with your data, here’s how that went down.

At Experian, at least I didn’t have to clutter my password manager with another saved login. After providing my name, address, complete Social Security Number, birth date and e-mail, the site asked me to verify my identity by answering a personal-data pop quiz (for example, picking previous cities of residence or a cost range for my monthly mortgage payment). After passing that test and starting the credit freeze, Experian generated a 10-digit PIN I could use for subsequent access.

Things were not quite as easy at TransUnion. I had to create an account and provide almost as much personal information as Experian demanded, except that TransUnion only required the last four digits of my SSN. On the other hand, the sign-up workflow included a tacky invitation to sign up for marketing spam: “Please send me helpful tips & news about my service, including special offers from TransUnion and trusted partners!” The site asked me to pick a security question from a preset menu, none of which would have been too difficult for a stranger to research had I answered them truthfully, and then verify my identity in another personal-data quiz.

The company that had itself lost my data before, Equifax, offered the easiest on-ramp. After coughing up another mouthful of personal data–including my full SSN as well as a mobile number–I was able to create an account and, after clicking through a link sent in an account-confirmation e-mail, put a freeze in place. I did not have vouch for my identity by picking a ballpark figure for my mortgage payment or identifying a phone number I’d used before… and I’m not sure that’s a good thing.

I do know it’s not a good thing that T-Mobile kept information like Social Security Numbers that it could not have needed after checking my credit–a failure its apologies have yet to acknowledge. Firing them for that data hoarding, compounded by weak security, might offer a certain emotional closure. But I have no reason to think that switching to AT&T or Verizon and then handing over the same personal data wouldn’t open me to the same risk, because I’m struggling to see anybody at the giant telcos who gives a shit about data minimization.

Weekly output: locked phones, tax-return fraud

BARCELONA–Mobile World Congress officially starts tomorrow, but I’ve been here since Saturday morning and have already attended five vendor events here. The one you’ve read most about, Samsung’s unveiling of the Galaxy S9 and S9+ smartphones, is also the one MWC event I knew beforehand that I wouldn’t have to cover–my regular clients all got pre-briefed before the show and had copy ready when Samsung’s embargo expired. That freed me to take notes and play with the S9’s AR Emoji feature at my relative leisure instead of hunkering down with my laptop to file a report.

2/22/2018: Verizon’s decision to stop selling unlocked phones means travelers need to plan ahead, USA Today

Verizon’s impending move to lock phones it sells for some period after subscribers activate them won’t be as strict as its competitors’ policies, but it also reinforces the argument I’ve been making for years: Don’t buy your phone from your wireless carrier. So does the $70-above-list prices three of the big four carriers announced tonight for Samsung’s new phones.

Yahoo tax-return-fraud post2/23/2018: Tax return scammers are taking a big hit, Yahoo Finance

A year and a half ago, I’d started gathering string for a post about the problem of tax-return identity-theft fraud–sparked by my seeing a Facebook post from a friend who is both a privacy professional and a serial victim of that problem. For various lame reasons, I failed to turn those notes into a story at the time. But tax time inevitably rolled around again–and then the IRS served up a novel and more interesting news peg by making serious progress in reducing this problem.

Weekly output: financial and tax insecurity, Solo drone, future of radio, lost location apps

My trip to the NAB Show ended with a red-eye flight home to the East Coast, something I don’t think I’ve done for business travel since 1996. Let’s just say I can’t rally from the experience as well as I did back then.

Yahoo Tech tax-return fraud post4/14/2015: The Other Reason Tax Prep Should Make You Nervous, Yahoo Tech

I had meant to file this piece about financial-account security and tax-refund fraud before heading out to National Airport for the first of two flights to Vegas but instead pretty much wrote the whole thing on the ORD-LAS segment.

After reading it, please look over last year’s tax-time column: a recount of how Intuit, the company whose weak security helped grease the skids for a fair amount of identity-theft refund fraud, has worked to ensure it won’t face competition from federal or state governments when it comes to online tax prep.

4/15/2015: 3D Robotics’ Solo Drone Can Fly Circles Around You, Yahoo Tech

I’m still not sure what possessed 3D Robotics to debut this drone at a convention for the broadcast media, but I thought the product fascinating enough that it was worth writing up the experience. My one disappointment: Nobody besides my editor seems to have picked up on my “a Solo can shoot first” line.

4/15/2015: The Journalists Panel, NAB Show

My primary reason for going to the NAB Show was to participate on this panel, in which longtime radio exec Jeff Simpson quizzed Radio World editor Paul McLane and I about the competition AM and FM stations face from online alternatives. I emphasized locality: Stations should try to sound like where they are, something a worldwide app like Pandora can’t do. If only more commercial FM stations would follow my advice when it comes to music programming.

4/19/2015: How location-aware app can get lost on WiFi, USA Today

I’ve touched on this topic before, but this time I had the benefit of talking to some smart mobile-app developers who clued me into some important differences in how location-based apps work in iOS and Android.