To all web designers everywhere…

I don’t want to subscribe to your newsletter. I get spammed enough by the people I actually do business with.

Side note: If you are sending me more than one email per week, you need to rethink how much you are pissing me off! I have stopped doing business with people JUST because they are totally annoying.

If I want to subscribe to a newsletter, I will look for how to do so. You should make that easy. (As you can see above, I do get email from people I am interested in doing business with.) Don’t send more than 1 per week.

I don’t want to let your website send notifications to my browser. Thank you to Firefox; one of the newer versions added a “block all future requests for notifications” in options. (And who thought that was a good idea in the first place?)

I don’t want to share my location with you, you creepy stalker.

And no, I’m not going to disable the ad-blockers/privacy extensions just because you ask nicely. I am not a product for Google, or any other ad company to be tracked.

There should be a special place in hell for designers and web architects who think all this crap up.


Google+ Hack Convinces Google to End Google+

Or maybe it was the backlash after they covered up a data breach. Google+ to shut down after coverup of data-exposing bug.

A security bug allowed third-party developers to access Google+ user profile data since 2015 until Google discovered and patched it in March, but decided not to inform the world. When a user gave permission to an app to access their public profile data, the bug also let those developers pull their and their friends’ non-public profile fields.

They didn’t admit to any of this because – according to a company memo – they didn’t want the Cambridge-Analytica-style publicity. OK, now they have their own bad publicity.

Now Google+, which was already a ghost town largely abandoned or never inhabited by users, has become a massive liability for the company.

When will companies take security seriously? When an executive who makes a boneheaded decision – like either not funding security, or covering it up – is held accountable in a court of law. Nothing else is going to get it done.

Keyboards Make a Difference

Wow. Why did I wait so long to upgrade?

So after a run in with a runaway cup of coffee (and some other issues), but my generic keyboard, and my entry-level gaming mouse were toast. Actually they both continued to work, but were not 100%, and it got to the point that it was driving me crazy.

While I only replaced the entry-level gaming mouse with another of similar quality, I decided it was finally time to really upgrade the keyboard. I went with a mechanical keyboard with “Red” switches from Cherry. (Red isn’t the color of the backlit LEDs, but the model of the switch.)

The keyboard is noticeably louder, but who cares. It feels more like an IBM typewriter. I am typing faster (though that is introducing more spelling errors), and I haven’t even been using it very long.

I went with a relatively generic keyboard, given that it is using somewhat premium switches, because the switches are the important bit.

The Glasses From They Live (Sort of)

If you haven’t seen the classic (well, maybe) 1980s SciFi movie starring Roddy Piper, They Live you are missing out. These appear to be the 1st shot at actually producing those glasses. IRL Glasses block screens when you put them on.

Digital screens are everywhere: on buses, in cabs, on people’s wrists, and even on the doors of refrigerators. This proliferation of screens seem to constantly vie for our attention on a daily basis.

The antidote in the form of a pair of sunglasses called IRL Glasses. When you wear them, screen appear black.

They are almost ad-blockers for the real world. They are only in Beta Testing at this point. My guess is that they will be expensive.

Hat tip to Claire Wolfe and her Friday Links. Which you should check out, because this is only one of the stories. (Though she sends you to a different site.)

‡ The scene that introduces the glasses in the movie is below the break.

Continue reading

Surge in the Stealing of Credit Cards Online

When you check out online, it says it is secure, but is it? Magecart Attacks Grow Rampant in September.

Magecart is a hack where hackers steal a copy of the credit card data you type into an online form when you purchase something online. It’s also known as formjacking. The data goes both places – to the hacker and to the merchant – so you get whatever you purchased, the vendor gets their money. But the hacker gets everything about your credit card.

The most publicized incidents resulting from these attacks are from cybercriminal campaigns known as Magecart, with one group apparently being responsible for compromising the websites of Ticketmaster, British Airways, Feedify, and Newegg.

Even ESET – the antivirus/web security firm – apparently got hit.

Some of the antivirus companies will detect it, or some of it, but not all. There are people fighting against it, but if the September numbers are an indication, there is some way yet to go.

The Internet was fun while it lasted.

Chrome 69 Won’t Delete Google’s Cookies

Ask to delete all cookies, Google won’t delete all cookies. Chrome 69 Keeps Google’s Cookies After You Clear Browser Data.

Because Google knows better than you. And they dropped their “Don’t Be Evil” goal, and seem to be doubling down on being evil.

It has been discovered that when you try to clear all cookies in the Chrome browser, every cookie will be deleted except for authentication cookies created by Google. This means that after clearing cookies, you will be logged out of every site that you are currently logged into, except for Google.

This “Let’s not delete our own data” behavior from Google is on top of them logging you into the browser, when you didn’t ask them to. If you logged into Gmail or YouTube, Google would log you into Chrome – even if you didn’t want them to. Log out of YouTube, and Google kept you logged into the browser. They say they didn’t scoop up all of your browser history, but given how evil they’ve become, do you believe them?

Chrome 70 will walk back some of these “evil” changes, but I’ve stopped using Chrome in the interim. You may want to reconsider your use of browsers.

I use a bunch of different browsers. Opera and Vivaldi. Firefox. Chrome. Very rarely Microsoft’s Edge (when I need to test something that isn’t working because of all the privacy extensions I have in the other browsers). I even have an old version of Pale Moon installed, though I need to see if there is a new version available. And of course the TOR Browser. I may have to drop the use of Chrome.

I do this because websites love to track you. And one of the ways they do that is by tracking all kinds of things about your browser. Version, size of display, etc.

Seems like I’m not alone: Why I’m done with Chrome. Matthew Green is a cryptographer and professor at Johns Hopkins University. He takes issue with the “forced login” policy.

If you didn’t respect my lack of consent on the biggest user-facing privacy option in Chrome (and didn’t even notify me that you had stopped respecting it!) why should I trust any other consent option you give me? What stops you from changing your mind on that option in a few months, when we’ve all stopped paying attention?

Hat tip to Security Now.