https://join.app.net/p/fslwwbkldg
https://join.app.net/p/hvgflxyyjf
https://join.app.net/p/jksgszbrky
https://join.app.net/p/snbbvmnhls
https://join.app.net/p/nkyjxyjhnv
https://join.app.net/p/hnxhdbwhtl
https://join.app.net/p/mlpqsqmmlk
https://join.app.net/p/svhcytwybt
https://join.app.net/p/vhkfkfnkpf
https://join.app.net/p/gwgcqjywxl
https://join.app.net/p/jmkphlmlfd
You can find me here: https://alpha.app.net/koehntopp
You may have heard of or used Klout, a service that claims to calculate your “Social Media Score” or “Influence”. Well, they sure appeal to your vanity – we all want to be recognized as influencers, don’t we?
Unfortunately Klout is a privacy desaster – they harvest you’re data even if you’re not a member, and do A LOT of very very weird things – read GigaOM and Charles Stross for more details.
They also make it extra hard to leave – fortunatelty Martijn has a detailed post on how to do that exactly – go there NOW.
Want to see something really weird? Look what you need to do to make them stop looking at your tweets:
So they need to SEE WHO I FOLLOW in order to delete my data?
Wow.
Don’t forget to remove those Twitter and Facebook application authorizations!
I know you all want to use secure passwords especially after reading this weeks hacks of LinkedIn, eHarmony and LastFM. So why don’t you?
If you use LastPass in your browser, it will happily create 16 character gibberish passwords for you and fill them in automatically.
Unfortunately this all breaks down once you start using your smartphone. Yes, initially it’s ok to look up the password and fill it into the settings of your mail or Twitter application. But when you’re on the road and want to share something from an app to Facebook, the app will often pop up a Facebook login. This is when you need to remember and type that gibberish password, and unfortunately neither LastPass nor any other password manager will fill it in for you.
The same is of course true for desktop apps, like your ERP system. So what do you do? You either use simple passwords that you can easily remember _and_ type on a mobile device, or you think of one really good password and start using it everywhere.
From a security perspective – not what you want. But completely understandable.
iOS and Android need to come up with an API to allow passowrd managers to do their thing. Better still, App developers should start using built-in identity providers like Twitter in iOS 5, or Twitter and Facebook in iOS 6. We have to get rid apps asking for a new password all the time, or password hacks will be a topic that will be with us for a long time.
If you ever tweeted something with “iPad” in the text this probably has happened to you: within a few minutes you’ll receive a tweet like the one above with some cryptic link, or the promise of a new iPad. While I discourage clicking on links in any case (we spent years educating users to verify links from unknown sources, the Twitter and its shortlinks came along…), this just shouls not be possible in the first place.
Behaviour like this should be easy enough to catch, really.
If you identify this, block the account for @-replies until they can somehow verify. Or set a quota for the number of followers vs. @-replies.
Really annoying, it’s a disgrace Twitter has not been acting on this yet.
