Dear App.Net, you owe me some money…

Screen Shot 2013-11-11 at 14.27.46

Screen Shot 2013-11-11 at 14.27.46

When App.Net started it looked like a great idea. Not only did it offer an escape from the Twitter 140 chars limit for more intensive discussions, it had other novel features as well. In short, it seemed worth supporting, so I did (see above).

A few months in I found that it basically has the same people discussing the same things on Twitter, with minor variations. While it still had interesting stuff (it seemed to form more deeply connected groups easier, for example, maybe because it lacked a lot of the spam?) I found it tedious to check yet another network. I’m mainly active on Twitter, look into Facebook now and then and started using Google+ for photography related things.

I decided I could not find the time for App.Net in the near future, so I cancelled my paid account. I had another 5 months to play with it, so I could always reconsider, right?

Then this happened:

Screen Shot 2013-11-26 at 14.07.40

What the…. seriously? You’re kicking me out while I’m still on a paid account? I think you owe me something…

Has this happened to anyone else?

Twitter verkauft Deine Browser-History

Screen Shot 2013-07-04 at 11.16.31

Auch ein Unternehmen wie Twitter will Geld verdienen, und wie immer bei kostenlosen Diensten tun sie das mit den Daten ihrer Nutzer. Nein, diesmal geht es nicht um die NSA – Twitter will ‘lediglich’ dafür sorgen dass die gezeigten Anzeigen besser auf den User passen.

Um das zu ermöglichen können Werbetreibende hashes der EMail-Adressen oder Cookie Daten von ihren Usern an Twitter senden, Twitter versucht das dann zu matchen und den Usern die auch auf Twitter sind gesponsorte Werbung anzuzeigen.

Wer das nicht mag (…) kann es in den Einstellungen deaktivieren:

Screen Shot 2013-07-04 at 11.16.31

Das zusätzliche “Do Not Track” darüber empfehle ich ebenfalls zu aktivieren. Kann man übrigens auch in den meisten Browsern einstellen, hier bei Google Chrome:

Screen Shot 2013-07-04 at 11.19.48

Fazit: (ok, der Titel des Posts ist vielleicht etwas irreführend, aber so ging es heute durch die Medien): Twitter gibt zwar Deine Daten nicht aktiv raus, erhält aber von Werbetreibenden Daten über Deine sonstigen Vorlieben. Auch nicht unbedingt das was man möchte…

Getting out of Klout

You may have heard of or used Klout, a service that claims to calculate your “Social Media Score” or “Influence”. Well, they sure appeal to your vanity – we all want to be recognized as influencers, don’t we?

Unfortunately Klout is a privacy desaster – they harvest you’re data even if you’re not a member, and do A LOT of very very weird things – read GigaOM and Charles Stross for more details.

They also make it extra hard to leave – fortunatelty Martijn has a detailed post on how to do that exactly – go there NOW.

Want to see something really weird? Look what you need to do to make them stop looking at your tweets:

So they need to SEE WHO I FOLLOW in order to delete my data?


Don’t forget to remove those Twitter and Facebook application authorizations!

iOS, Android an impediment for secure passwords?

I know you all want to use secure passwords especially after reading this weeks hacks of LinkedIn, eHarmony and LastFM. So why don’t you?

If you use LastPass in your browser, it will happily create 16 character gibberish passwords for you and fill them in automatically.

Unfortunately this all breaks down once you start using your smartphone. Yes, initially it’s ok to look up the password and fill it into the settings of your mail or Twitter application. But when you’re on the road and want to share something from an app to Facebook, the app will often pop up a Facebook login. This is when you need to remember and type that gibberish password, and unfortunately neither LastPass nor any other password manager will fill it in for you.

The same is of course true for desktop apps, like your ERP system. So what do you do? You either use simple passwords that you can easily remember _and_ type on a mobile device, or you think of one really good password and start using it everywhere.

From a security perspective – not what you want. But completely understandable.

iOS and Android need to come up with an API to allow passowrd managers to do their thing. Better still, App developers should start using built-in identity providers like Twitter in iOS 5, or Twitter and Facebook in iOS 6. We have to get rid apps asking for a new password all the time, or password hacks will be a topic that will be with us for a long time.

Twitter needs better anti-spam heuristics

If you ever tweeted something with “iPad” in the text this probably has happened to you: within a few minutes you’ll receive a tweet like the one above with some cryptic link, or the promise of a new iPad. While I discourage clicking on links in any case (we spent years educating users to verify links from unknown sources, the Twitter and its shortlinks came along…), this just shouls not be possible in the first place.

Behaviour like this should be easy enough to catch, really.

  • New account, no or extremely few followers, tweets all @-replies
  • Almost all posts include linls, which are mostly identical (or lead to the same site)

If you identify this, block the account for @-replies until they can somehow verify. Or set a quota for the number of followers vs. @-replies.

Really annoying, it’s a disgrace Twitter has not been acting on this yet.