DuckDuckGo.com

(Image is in the Public Domain)

Every now and then, there's a new search engine released that tries to play with the big boys, but they often fail. Usually its because of speed, maybe financial backing, sometimes user interface, but most often because they don't do the job well.

So here's one that may be worth some attention. Like Google, they focus on keeping very minimal and having a nice interface. But unlike Google, they make an effort to help you find what you are actually looking for:

They also include some summary information right in the search making it possible to skip visiting the site at all if you don't need to or at least getting a better feel for what the site is about before going. And according to their About page, they store NO personal information (which has long been a complaint of mine about Google).

So far, they're doing a lot right, but with Google having just released HTTPS for searches, the competition is even stiffer. I wish them luck.

(Image used under: Creative Commons 2.0 [SRC])

It looks like it didn't take long for them to get the hint. Facebook will now be improving their privacy controls and policy.

From the CNN article:

Tech blogger Robert Scoble... equated the privacy outrage to both Facebook's complicated privacy settings and the company's inability to communicate why users should share their private information with the public.

No kidding. Well now Mark Zuckerberg has admitted to making some mistakes and promises to do better. We'll see.

(Image used under: Creative Commons 2.0 [SRC])

Looks like they're doing it again. This time, they've made a change where even information you've set to private will be fully visible to strangers.

Today, Facebook removed its users' ability to control who can see their own interests and personal information. Certain parts of users' profiles, "including your current city, hometown, education and work, and likes and interests" will now be transformed into "connections," meaning that they will be shared publicly. If you don't want these parts of your profile to be made public, your only option is to delete them.

Of course, this doesn't affect me since my REAL friends already know all that stuff so I saw no reason to enter it into Facebook in the first place, but if you or someone you know has it, tell them to pull it down or put in fake data instead. Why broadcast information to strangers hoping that none of them will use it against you?

Update

It looks like Lifehacker posted an article on how to restore your privacy after the change. Check it out

(Image used under: Creative Commons 2.0 [SRC])

There have been stories in the past of how difficult and how impossible it is sometimes to remove information from Facebook. But if you get sick of it, you can just delete the account entirely using this technique. Tags: Facebook

In Austin Texas, more than 100 customers of a local car dealership suddenly found their cars dead or their horns honking out of control when a vengeful former employee decided to take action using their computerized payment nagging system:

The dealership used a system called Webtech Plus as an alternative to repossessing vehicles that haven’t been paid for. Operated by Cleveland-based Pay Technologies, the system lets car dealers install a small black box under vehicle dashboards that responds to commands issued through a central website, and relayed over a wireless pager network. The dealer can disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due.

While there are questions of the ethics and legality of shutting down someone’s car due to failure to pay, the important lesson here is to avoid using wireless and web-based capabilities carelessly. Many such systems are designed without taking into account hacking or insider threat. In this case, customers who had the “black box” in their cars were at risk to both employees of the dealer and Pay Technologies as well as any random hacker who managed to get into either company’s systems.

The simplest and most effective solution is to avoid wireless and web technologies where there is no clear mission goal or benefit. Even then, they must be implemented with strong security measures designed by specialists.

A completely horrifying service that some people have actually signed up for.

When you first hear about Blippy, the purchase-sharing website, you would think that no one in the whole world would be crazy enough to sign up. You’d be wrong.

Blippy is a service where you can share your purchases on most of the major web stores in real time (similar to Twitter). ALF just got a movie at Netflix (Full Metal Jacket… classic!). Jessestay just bought something at iTunes for 2.99 ( Epitaph One, by Dollhouse). On and on the purchases go. As they scroll by, I learn more about where the people live, what kinds of things they like, and what kinds of secrets they have. One user just purchased an iPhone app to find, let’s say, non-traditional bars in his city.

Believe it or not, the complete transparency of your purchasing habits is the least of your worries on Blippy. This site, supposedly run by four average sounding college graduates, promises good security and protection of your information, but history shows that even major banks and government agencies are hard pressed to keep data safe. Especially if they’re a big target!

So what makes Blippy a big target? Well, you may have heard my advice not too long ago to never give away your e-mail address password to these new sites like Facebook and Twitter that use your address book to add friends automatically. Blippy does the same thing, but for your web stores AND your bank accounts too!

In case you missed it, let me say it again more clearly: Blippy gets their information of your purchases by logging into your iTunes, Netflix, or eBay accounts and constantly monitoring them for new purchases. And not just web stores, but banks and credit cards too. Bank of America, Citibank, Chase, Paypal, and American Express are just some of the ones they’re set up for currently. All you have to do is provide all your usernames and passwords for each service you want to share your purchases for with Blippy.

You don’t have to be a privacy nut like me to find that prospect completely horrifying.

Betcha never meant for that to be public

So Facebook is not exactly known for protecting people's privacy. Besides many grievous displays of poor security, they have only added decent privacy controls over time none of which matter because you can get to the pictures anyway and every installed Facebook app can get all your data too.

All that aside, assume that setting your privacy controls is still better than not setting them. Facebook pulled a real jerk move recently when it required all users when they first logged in for the day to make a decision about their privacy settings. You had to click to keep your current settings, but if you didn't, it would open your profile up using the new default settings.

Though it doesn't probably change anything in the long run, it's quite satisfying to know that Mark Zuckerberg, the founder and CEO of Facebook, fell prey to his own tactic.

In a bit of very interesting timing, Zuckerberg’s photos have been made public to the entire internet, mostly through a post from gossip blog Gawker, after Kashmir Hill at True/Slant discovered and reported that Zuckerberg was sharing photos with a wide circle — friends of friends — and his event calendar with everyone.

Serves him right.

Facebook did not immediately respond to a call seeking comment about whether Zuckerberg’s changes to his privacy settings were deliberate, leadership-by-example-style actions. But in a status update on his profile (pictured above), Zuckerberg says he sets most of his content open and “didn’t see a need to limit visibility of pics with my friends, family or my teddy bear :)”

Sure… He claims that he didn't mind that they were public and that he did it on purpose. Of course it wasn't proof positive that the settings changes are confusing and designed to nudge people out of their privacy into the public eye. Still, some would claim foul.

But why did Zuck suddenly decide to be less private than two months ago, when his settings were uber-private? You couldn’t even friend him before, and you certainly couldn’t see him shirtless..

The fact that Zuck drastically reduced his privacy settings makes me think the Facebook CEO did this accidentally, and now doesn’t want to change back for fear of the resulting PR disaster.

I wonder if Zuckerberg is regretting this move now. He can't go back towards privacy without making it seem that he's a hypocrite. Still, you have to wonder if he's going to start posting less information to his event calendar and photo albums than before since it's been forced for PR reasons to remain public.

(Image used under: Creative Commons 2.0 [SRC])

Of course this isn't a problem limited only to Facebook, but the FBI issued a warning about the rise of hijacking scams. This is where a bad guy gets your login information through various means and then poses as you on your account. They'll send an urgent request for help or money to all your friends who may be fooled and comply (as in the case of Bryan Rutberg).

Remember to use good passwords and protect them especially the password for your e-mail account (which can be used to unlock all your other accounts).

This is a great idea!

(Image source is unknown)

With tweetMyMoney, you can monitor your account balance, deposits, withdrawals, holds and cleared checks with simple commands. And, you can even transfer funds within your account. It’s all available on Twitter, 24/7! And, the best part is, our tweetMyMoney service is free!

(Emphasis mine)

Hello Twitter banking, goodbye money.

Why anyone thought this was a good idea, I don't know. Granted, you can't transfer money to OTHER accounts, only "within you account", but someone who breaks into your twitter account can still get a lot of information about you and move your money around causing you serious overdraft fees.

The issue at heart here is that getting information about your account and moving money around only requires the security of your Twitter account (which isn't to say much). How many people put strong passwords on their Twitter like they do the bank? How much effort does Twitter put into their security?

I think the idea of alerts to your phone is kind of cool, but maybe the bank should have set up its own Twitter-like messaging service instead of using a public one that's a big fat target of bad guys already.

Bad Sears, BAD!

The sick thing about this story is that the spyware wasn't a hack against these companies, but was planned and sanctioned by the companies.

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable. To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.

Remember that there are no laws currently to protect against the abusive data collection and sharing practices that many companies employ. Be careful with your data and don't trust even the most reputable-seeming companies to choose your privacy over the almighty dollar.