Plaintext passwords
Whenever some website emails me MY OWN PASSWORD in plaintext, I feel like pulling my hair out.
1. You should not be storing passwords in plaintext!!! NOT! EVER! There is no excuse for that, no excuse, I don’t care how small and insignificant your website is, that is unacceptable, simply unacceptable!
2. You should never email such significant information over an unsecured channel such as email. Again, NOT EVER.
2b. Because you do the stupidity of emailing me my password, anyone looking over my shoulder can see it too, they don’t even need to know what a sniffer is. WOW, thank you!
3. Why would you ever email me my own password? WHY?! It’s like calling me and telling me my name, then asking me what my name is then telling me my name again to see if I still remember it! No actually, wait, that would not be as moronic because my name is NOT A SECRET ONLY I SHOULD KNOW!
So, kids, that’s why you should NEVER have the same passwords for things that are really important like email and bank accounts and crappy websites that can’t even do hashing and salting.
Facebook or Spambook?
Facebook has brought the ability to spam to a whole new level. Now when I say spam, I don’t mean Nigerian princes and Viagra, I mean just unsolicited emails about stuff I don’t care about, that I never wanted to get and I can’t stop receiving. It’s incredible! Here, let me explain.
Case study 1:
Let’s say I want to email some twenty people about something important. Last time I tried to do that in GMail, it wouldn’t allow me. Said something about me possibly trying to spam and to use Google Groups instead for such situations. It annoyed me greatly, but I thought it was a good feature to have. I will guess that some other major email services have similar ways of protecting against spammers.
But, then again, there is NOTHING preventing me from sending a message to the almost three hundred friends I have on Facebook right now. Will they all get emails to notify them of those messages? Most probably. If I have a group or event of sorts, then this could be up to hundreds of thousands of messages at the click of a button.
Devil’s advocate objection: It’s not spam if you signed up for it. Being in a group means you’re accepting to get all of that, so Facebook can’t do anything about it, it’s all your fault. Which brings us to the next case study.
Case study 2:
Let’s say groups and events don’t cut it anymore. I mean a group will only be joined by those who care about it, so it’s hard to use it to advertise to people who know nothing about it in the first place. How do you still get your propaganda across? Well using, friends of course. Enter… “promoters”.
I mean, if a group annoys you, you’re just going to leave it. But are you going to remove a friend from your list just because they send you messages? Probably not (note: when I say friend, I mean a real person that you actually know outside of the social networking realm). So here we are with people sending spam to their friends, as a job. The most common case of that I see is promoting for a club. At some point I used to get tens of emails each week, from friends, advertising events at clubs.
This is a list you can’t sign out of. This is a message you can’t filter out. Remove your friend and… well…you’ve removed a friend, it breaks the whole social networking idea. Keep the friend and BOOM, spam all over the place.
So, what now Facebook? Are we going to allow this to keep happening? Or are we planning to do something about it? It comes down to whether you think you will either gain or lose money through this. Since its advertisement going through your channel that you’re not directly making money off of, and it has high potential of annoying your users to the point where they will start removing friends or quitting, I think it doesn’t take too many marketing research models to figure out the answer. But would I know about that, I’m just an engineer.
PS: I’m only picking on Facebook because I’m using it and it’s popular. I think any other social network can be used in a similar manner to propagate unwanted messages. It’s a problem inherent to the business model, but not a problem that can’t be fixed.
Design outside the box
These have been the best 28 minutes of my week. The following video has Jesse Schell (a CMU professor, game designer and imagineer) take us through games as they are today and as he envisions them tomorrow, where the entire world will be a potentially huge RPG. This trip is a bit about technology, but a lot more about psychology, sociology, economics and business, so I think it’s a must-see for everyone. Enjoy!
