* Posts by Harry

425 posts • joined 17 May 2007


A month to go on Cookie Law: Will Google Analytics get a free pass?


Google Analytics is NOT a first party

"we are highly unlikely to prioritise first party cookies used only for analytical purposes in any consideration of regulatory action"

So -- if you are Google -- then you can use Google Analytics. Perhaps -- because even then, Google analytics is a completely separate domain to google.com so technically its a third party even when visiting one of google's own pages.

But -- if you are *not* Google -- then its definitely a third party, so not exempt from being "prioritised" so you'd better stop doing it if ICO ever gets round to working out what a third party cookie really is.

Corny conversations prove plants 'talk'


Plants can talk actual words

I know that for certain because I once overheard a theatre usher mentioning to the manager that tonights comedian was getting a lot of heckling. "You don't need to worry about that", the manager said, "its because there's a plant in the audience".

Google to app devs: Use our pay system ... OR ELSE


"Abuse of a dominant position"

Why is google allowed to get away with things like this?

This sort of thing *should* come fairly and squarely under Abuse of Dominant Position legislation.

However, I'm not sure that it's the supplier that should decide how customers should pay. The *customer* should always have a choice of payments and be able to use whichever is most convenient. There's nothing worse than the idiot company that decides the only acceptable payment method is obsolete, user-hostile cheques.

So, how about :

* A customer must have a choice of at least *three* reasonable and appropriate payment methods.

* One of them must be bank transfer, which must be free to the customer.

* The supplier may nominate one or more *additional* payment methods

* Where a third party (eg google or ebay) provides a significant contribution to the service, the third party may nominate one or more *additional* payment methods.

But above all else, neither the supplier or the third party should be allowed to influence which of the above the customer chooses to make payment through.

Google’s privacy policy: Incoherent and confusing


Of course it is confusing,

Terms and conditions are *meant* to be confusing.

If they were understandable, and anybody bothered to read them, nobody would accept them.

Audi shows off OLED-illuminated concept R8


Re "regs already exist for brightness and clarity".

Regulations and enforcement are, sadly, two different things.

We already have a regulation which says (probably in more technical terms in the official version) that dipped headlights should not dazzle a person whose eyes are 3 feet from the ground. Yet many many times I've seen the bright and sharp silhouette of my head projected against the sun visor from the dipped headlights of the car behind. That clearly wouldn't be happening if the anti dazzle regulation had been enforced. But I've never heard of a single instance where a driver has been prosecuted for doing it.

We should be installing headlight sensors on stretches of straight road.

Google adds Do Not Track button to Chrome


Re "Does the button actually work?"

If its like any other google services, the privacy option will only work if you log in and/or accept cookies.


"Websites ... offer you free content and services because they are supported by advertising"

One major flaw in that argument is that many of the sites where they track visitors are *business* sites whose primary source of income ought to be the actual products and services they are selling or providing, not the sale of tracking information or advertising.

If tracking and displaying of adverts were restricted to sites where the owner has no other income whatsoever there would be less of a problem.

We're! not! a! social! network! yells! Yahoo!


Re "They still bundle the toolbar with Firefox"

The toolbar that's bundled with Firefox is a *universal* search toolbar. Google is its default, but it is preconfigured to work with a number of other search sites (including yahoo) and you can add others with an addon.

That's one of the reasons why foisting unwanted yahoo toolbars on people is unlikely to have achieved more than aggravation. Anybody who wants yahoo as their search only has to click the *existing* dropdown and configure it there. Anybody who didn't want yahoo as their search engine is likely to keep on using the original firefox toolbar (and, if they don't know how to remove it, moaning about the space the unwanted toolbar is using).

Thumb Down

I reckon they're an ANTI-social network,

They have contracted with far too many software vendors to "accidentally" install unwanted Yahoo toolbars.

That by my definition is highly ANTI-social.

If the only way you can get people to visit your site is to foist unwanted toolbars on them, then its pretty much a confirmation that you don't think your site is good enough for people to want to visit purely on its merits or lack thereof.

BT reveals ultra-fast cable blowing plan for homes, biz


Re "But I was hoping to go beyond"

I've never been there myself, but I'm told that if you go beyond infinity you might never look back.

MasterCard joins Visa in pushing PINs into America



I can't speak for Canada, but in the UK there's a part of the authorisation that's invisible to the customer -- CCTV logging of your registration plate, often followed by a 10 second delay which is quite possibly long enough for an automated validity and/or reported stolen vehicle check.

TripAdvisor: OK, not all our reviews are trustworthy or real


"if they think a review is fake, say so"

I can see it now.

Reviewer: A magnificent place, fantastic staff, I enjoyed every minute of it.

Hotelier: You couldn't possibly have been staying at *our* hotel then.

Europe exposes its stiff data protection law this week


2% is not enough

It should be "2% or the amount of your turnover that involves privacy invasion".

Otherwise, phorm-like companies will say "I can do whatever I like, knowing that even if I'm found guilty, 98% of my income will be untouchable".

ASA upholds customer complaint against eBuyer


"ASA are just folding to pressure from a moaning nonce."

I disagree. The ASA is, for once, doing what the ASA *should* be doing.

A shop doesn't have to publish customer reviews at all, but if it does then the reviews have to be genuine and representative of the true range of opinions of buyers.

Current Comet owner hit with half year loss


"planning to sell off Comet for just £2"

Shouldn't that be £1.99 ?

But I shudder to think how much they will ask for the three year warranty that the salesman will try to insist on you having along with it.

‘Blogger not a journalist’ says Oregon court


"broadcast station or network"

A web site -- any network, even if it has only one user -- is part of a network.

If the web site has two or more users then that probably makes it a *broadcast* network..

Facebook, FTC settle over privacy ‘deception’

Thumb Up

So, everybody must stop using the words PRIVACY policy ?

If your policy says "we disclose your information to carefully selected ... " etc, then it is a privacy INVASION policy and should be titled as such.

Only if your policy says "we will not under any circumstances disclose ... " is it genuinely a privacy policy.

Ebuyer knocked out by own £1 deals site


Re "Dabs isn't all that bad"

Unless you happen to be a business customer.

As a business customer, you cannot checkout via dabs.com but will instead be automatically diverted to btbusiness.com -- which preserves the contents of your basket and shows some of the prices appearing to be 10% lower.

Fine, except that those 10% lower prices are now vat exclusive -- which means they're actually 10% more expensive.

I work on the basis that charging higher prices to a subset of customers is dishonest, and I don't do business with dishonest companies. So I don't do business with dabs or BT.

Data Protection Directive revamp: UK looking sidelined?

Thumb Up

"it would sure upset the Brits."

It may upset the government, MPs, ministers and quangos but the citizens -- the people who pay their wages -- will be glad to have a long overdue reform -- provided that it really does give them the right to insist that their information not be sold or disclosed to irrelevant third parties.

Amongst other things, we're sick and tired of companies telling us that we *must* waive our privacy rights to do business with a company. The companies need to be told that privacy is a fundamental human right and that they have no right to refuse to do business with, or charge extra to, people who choose to *keep* their privacy.

UK to big brands: Get off our Facebook, mate!


"people were slightly more likely to leave praise ..."

Or more likely, the page hosts were very much "more than just slightly" likely to DELETE complaints than praise.

And on the facebook site I just looked at (no names, no pack drill) I notice that most of the people who have left positive comments are other members of the staff -- though you wouldn't know that as an ordinary user, unless you happened to know their names because they don't declare themselves as staff.

eBay boss declares era of e-commerce is over


"paid to ebay directly who old them prior to both parties agreeing release of funds to the seller"

That option already exists, and has done for many years.

It's called escrow, and it costs an arm and a leg so very few sellers operate it. But realistically any such service is going to cost an arm and a leg. You can automate the payment mechanism, but it inherently doubles the cost of the transaction (because there are always two payments not just one). Then dealing with the problems that arise in a dispute needs an army of real people who don't work for peanuts.

BT cable ballsup hooks up punters to wrong numbers


"and a tendency to push problems to other groups"

That's exactly what BT always did, so splitting it up has probably had little effect.

You report a problem and an engineer comes to the house but "Its an outside fault mate" and the engineer isn't qualified to work outdoors at 15 degrees C

So you have to wait while somebody with a coat is sent from miles away. Who eventually arrives, decides the fault is inside but he can't come in because he's wearing a coat and not qualified to work inside.

Next day the original engineer comes back, does nothing much, goes away again. Two days later the line accidentally starts working again when somebody rebooted the exchange.

OK, I made all this up. But its based on numerous true stories nevertheless.

ps -- *no* joke alert, because its BT and we all know BT is a joke without having to be told.

US telcos agree to warn users before they bust their tariff


"so the FCC deserves credit"

It deserves *some* credit, maybe, but not too much. Because its only half of the *sensible* answer.

Yes, a notice is better than nothing, but far far better would be for the FCC to require operators to cease those dishonest "our business model is based on fleecing the customer" tariffs.

That could be done at a stroke by insisting that the excess can never be charged at more than pro-rata (so if you use 10% more than estimated, you pay at most 10% more than you estimated).

Any fixed costs such as line rental and administration have to come out before performing that pro-rata calculation, even if they were not separately disclosed.

Verizon users must 'opt in' for privacy


"legislators stand ready to knock them back at the first sign of customer backlash."

I truly wish that were the case.

In practice, all that the legislators will do is to mumble quietly below their breath in a manner which makes the customers *think* the legislators are trying to protect them. Meanwhile, the laws they pass will be watered down to ensure that businesses are substantially free to ignore their customers privacy.

The most they will do is to insist on giving customers a "choice". Which the suppliers will interpret as meaning "If you don't like it, buy from somewhere else".

A "choice" is no help whatsoever in a business where there are a limited number of suppliers and all of them have the attitude "If you don't like it, buy from somewhere else".

The laws need to make it cast iron clear that privacy is a legal right *and* give the supplier a universal service obligation, such that they *cannot* refuse to supply those who choose to opt out and cannot enforce their wishes by charging extra or providing a lesser service.

Survey: Most TV viewers surf while they watch


Less adverts, more visibility

With a 5 minute advert break, you can guarantee that most of the viewers will not be watching beyond the tenth second.

Cut down the breaks to a minute, and most people will stick around.

What's worth more to advertisers? Five minutes of adverts that will not be seen beyond the tenth second, or one minute of adverts that will probably be seen by most?

Chances are that the advertisers wouldn't have to pay 5 times as much for their adverts either. If all the faces that appear were paid 20% of what they presently get, most of them would *still* be overpaid relative to their true contribution to the world at large.

Wales says no to outing Wikipedia users on Facebook


Some intelligence at last

Hopefully, it will become infectious and companies worldwide will start dropping unnecessary third-party-hosted material from their sites.

Facebook: 'We don't track logged-out users'


Browsers should be designed work round this sort of abuse.

Every browser should do several things, and it should be a legal requirement that they do so by default ...

a) By default, cookies should not never be supplied to third party sites.

b) If in a specific case the user chooses to allow a cookie to be supplied to a third party site, then that cookie should be unique depending on the first party site. So, if I'm visiting bbc,co.uk and there is a FB image in it, FB can at the most tell which other bbc.co.uk pages I've visited but if I subsequently visit itv.co.uk and that too has FB images in it, FB should not be able to tell that I am the same person.

c) Ideally, the browser should deliver different cookies depending on whether a person is logged in to the site.

Firefox can probably do most of the above with appropriate extensions, but setting them up is beyond the ability of many users and needs to be the default behaviour in all browsers.

Google plan to kill Javascript with Dart, fight off Apple


If a new language is really needed, then ...

* it needs to be developed and controlled by an independent standards body, eg W3C

* it needs to be specifically designed to ensure that browser extensions can continue to detect and block any spyware, unwanted animations and other nuisances that unenlightened webmasters insist on using to clutter their sites.

* it needs to be easily supported unencumbered in all browsers

Google's aims are going to be the complete opposite of both of the above.

Google's slogan these days is fast becoming "Mainly do evil". Google constantly watches us, but nobody watches the watchers.

Ofcom begins crackdown on auto-renew telco contracts


If you really can't do it NOW ...

... then at least make it retrospective -- ie, in December all auto-renew "service-only" contracts no matter when signed immediately become terminable without penalty and hardware contracts become immediately terminable if and when they have been in force for a year.

Ofcom should have seen these contracts were anti-competitive the day they came in and could and should have put a stop there and then to them. They cannot claim not to have complaints. That they have taken such an unreasonably long time to put a stop to them is nothing more than a tribute to Ofcom's incompetence.

That they have deliberately delayed implementing the change is evidence of just one thing -- that Ofcom listens too strongly to the vested interests of the industry and ignores the general public that they were theoretically set up to protect.

Laptop batteries made of jelly invented


Well, here's an idea ...

... that's not to be Trifled with.

W3C announces web-tracking privacy protection group


Re "What's wrong with DNT?"

There's nothing wrong with DNT but its not enough on its own.

Firstly, recognising and obeying DNT is not a legal requirement -- so to a spyware company intending to steal your personal data, its about the equivalent of putting a sign on your front door "please do not burgle here".

There's never going to be a total international acceptance of any privacy legislation, even if the more enlightened countries can be persuaded to adopt some. And those countries that are most likely to adopt any privacy legislation will write it with the primary intention of allowing companies to *invade* privacy rather than to ensure it. Just like they already did with the "you can spam" act.

So when DNT becomes widespread, will the worst sites unnecessarily redirect you to a "you have DNT so you can't come in" page -- just like some of them already do if you try to visit with javascript disabled?

Next, DNT is either on or off. OK, that's a start -- but that's a bit like saying everybody must choose whether or not to have sex. If they choose NO, then they can have sex with nobody whatsoever. If they choose yes, they must be willing have sex with everybody else who wants it. I'm guessing, but most people could not comfortably choose either of those two options.

Equally, there's a difference between tracking for the efficient operation of the site and tracking to obtain saleable data. I don't mind if a site knows I've visited the site before or even what pages I've seen there, but it absolutely should *not* be possible for some other site to know that I've been there, or to any other site for that matter.

Clearly, there's an argument for something in between. At the very least, a middle ground version of DNT that says "OK, but keep it totally confidential" when visiting the first party site, but gives an "absolutely not" when accessing third party sites whose content has been embedded in the page.

My feeling though is that an enhanced DNT isn't going to work -- if only because the worst of the data thieves would simply ignore it. So it is more important to work on technical standards that would require the browser not to deliver information in a form that allows third party tracking.

For example -- I visit abc.com and it uses some API from google. If google requests my cookie, then it should get one, but it should not be the same cookie that it gets when I visit google direct, so it should not be able to track me through any google log in. Then if I subsequently visit def.com and that also uses some API from google, google should get yet another cookie that prevents it knowing that I've visited abc.com. So, separate cookies for each third party site depending on where it is being visited from.

That's a bit simplistic and there are other spyware problems (eg Etag) that need to be similarly defeated. If there is no better way, then separately cache google's images for every site you visit it from.

Whatever is needed, the solution which would work best is the one which is controlled within the browser. It simply doesn't give trackable data to the third party site -- and it would be best for most people if that is what happened by default unless they choose to allow otherwise.

Maybe there's a part to be played by my ISP, which could be required to falsify my IP address in packets passed to third party sites. Or maybe all traffic, if there's no easy way to identify third party traffic.

But ... and here's where the W3C as a standards body could sensibly step in to the picture ... the standards should stipulate that users and their browsers are entitled to inhibit tracking and should require all sites to continue to work with proper third party anonymity (as well as with flash, javascript and similar all disabled in situations where there is no absolute functional need for them).

Facebook deletes hacked Pages, destroying years of work

Thumb Down

Simple answer ...

Don't use facebook or similar for important business purposes.

Put it somewhere you have a reasonable amount of administrative control -- like a properly hosted *real* web site.

Not only will you be able to control your own backups but you will also be able to ensure better privacy, both for you and your users.

Google+ offers new 'Ignore' feature


It already had one.

I and probably numerous others have *completely* ignored it from day one.

And shall continue to do so, despite the fact that we now have a mechanism for ignoring what we have hitherto ignored without any such need for a specific mechanism to help ignore it.

'The most ambitious project at eBay for a long, long time'


Ebay's search is better than most.

I've used it for years. It works and it doesn't throw up stupid and totally irrelevant results like some others.

With far too many sites, if you search for paper tiger, you get *everything* made of paper and everything about tigers. The first are *sometimes* more relevant than others, but the relevance breaks down as soon as you try to sort them in a sensible order, like price ascending. Stupid search -- if I wanted to search for *anything* made of paper, why would I have added the word tiger ???

I searched tesco for "drain cleaner" and it gave me nothing whatsoever of relevance and a whole lot of total garbage -- including RICE. Apparently it can't tell the difference between grains and drains.

Better ATM skimming through thermal imaging


""you could always whip out a tin of freezer spray "

But carrying around a biro might be less cumbersome, and would transfer very little heat to the keytops.

Firefox 6 silently released ahead of official unwrap date

Thumb Up

"In 6 months we will have firefox 12"

How about Firefox 201204 ? That way you can have a major release every month without resorting to decimals and everybody will know precisely what it means and how old it is.

Reusable e-paper rolled out


No doubt they will want to patent it ...

... but there's a little matter of CD-RW as prior art.

OK, so that picture had a little more contrast than the average rewritable CD. But the *mechanism* is exactly the same.

Google points finger at human after robo car accident


"It's also pretty hard to distract a machine."

Dunno about that.

I imagine taping a mirror to the sensors would have a detrimental effect on the system's health. It could even drive it completely round the bend.

'War texting' hacks car systems and possibly much more


You can get the same with burglar alarms

The one I was looking at yesterday says it can be set and unset by SMS.

Naturally, there is a user password which has to be part of the SMS. But it is just a simple user-defined string of digits and it is the same string of digits every time. So anybody who can capture SMS (which must include some of the staff at the telcos operating the sending and receiving devices, and possibly others with the right eavesdropping equipment) knows exactly how to disable your alarm.

Probably not a sensible feature to enable until somebody comes up with a reliable encrypted SMS replacement.


"and turn off the engine thus trapping the little sod"

Sounds like fun, especially if he happens to be doing 80 on the motorway and somebody is tailgating him at 90.

He probably wouldn't pinch another car after that ... he probably wouldn't be able to. And the chap who's tailgating might think twice about doing it again. But it is probably not going to help get your car back, not in a usable condition anyway, and the insurance people might ask some awkward questions too.

4G-auction rural notspot scheme would actually be illegal


Simple answer ... change the law ???

Just because something is thought to be illegal under *present* law does not mean that it will still be illegal next month, next year or at some other future date.

OK, so changing the law isn't quite as simple as somebody in Ofcom or elsewhere deciding that the law needs to be changed, and nor should it be.

Nevertheless, if the conclusion is that the public would benefit from something that is presently illegal and enough MPs can be convinced of the merits of the change, then such a change is surely possible.

Phishers go after your Google AdWords account


The dodgy site – google-oa.net ...

... still resolves as a valid domain.

That surely is the biggest part of the problem. A domain is known to have been registered for a fraudulent purpose, yet it still resolves and continues to direct traffic to the known-fraudulent site.

Moreover, in this case it would have taken only a cursory glance once reported at the domain name to conclude that something clearly intended to look like a google site but not having been registered by google was indeed an intentionally fraudulent registration.

Ofcom ignores radio in annual report


"14 per cent of new cars have DAB as standard"

What's the point of reporting how many cars have something that everybody *knows* is unlikely to work reliably?

More meaningful would be the proportion that can also support DAB+ or something better.

Indeed, with ofcom still refusing to understand that current DAB is a dead duck perhaps the best thing would be for the manufacturers to gang up, bypass ofcom and install equipment that can support FM abd DAB+ but *not* support DAB.

That would surely force ofcom into what they must surely know they *ought* to be doing -- phasing out the old DAB and not promoting it.

Half of Virgin Media broadband ads are wrong, says ASA


Only half of them ? Really?

I've never seen an advert for virgin (or any other telco) which advertised the whole truth in large print.

Stupid ASA thinks its perfectly OK to make a "half-true" statement in the large print, and then "correct" it in small print that the advertiser intends that most people won't bother to read.

ASA will remain a total waste of time until it reviews its policies and judges adverts according to the only bit the advertiser intended to be seen -- ie, the large print of a printed advert, the opening sentence of a radio advert, etc.

If the large print isn't true for MOST of the people who will read it, then its misleading and should not be allowed -- no matter what disclaimers may follow.

Nice try, Amazon: 'One-click' payment too obvious to patent

Thumb Up

"Inventions must be new ..."

"Inventions must be new, take an inventive step that is not obvious and be useful to industry to qualify for patent protection."

US patents office please read.

And now read it again, because you obviously didn't understand it the first time.

And now read it a third time, because we really don't believe there is anybody in the US patents office that is capable of understanding it.

Now all of you, resign and lets have your replacements fully and fundamentally tested on their understanding of the above.

Lights go out at Telecity in London data outage


"we have no official response."

We'd like to tell you what happened, but we're completely in the dark at the moment.

Pissed-off elves bombard Icelandic town with rocks


Moral ... before dynamiting rocks ...

... make sure you understand the Elf and Safety implications.

One per cent of world's web browsing happens on iPad


And in other news ...

Ninety five percent of the world's web browsing happens on devices other than iPads (with the remaining 4 per cent being tolerance for experimental error).

Gambling companies must be extra careful with personal data


"security requirements and restrictions extend to any sub-contractors"

I'd go further than that.

Make sure your site has no live third party content. And not just for gambling sites, but for any site that ought to be expected to have respect for its customers.

No scripts hosted on third party sites, no third party supplied feeds, no adverts, no google analytics, no ... absolutely nothing whatsoever that isn't being served from your *own* dedicated servers.

You may trust google, your ad server and the company that has given you some free widgets, but your customers probably don't. And even if they do, they probably shouldn't.

dabs.com says sorry for delivery debacle


Best thing BT could do ...

... would be to sell the business back to David Atherton for a fiver. If it's still worth that much.

I used to be a very regular customer, in fact we rarely bought from anybody else.

I stopped buying when I found that although I could log on at dabs.com and see good prices, it wouldn't let me buy at those prices. Oh no, it recognised us as a business customer and therefore checkout had to be done through BT Business Direct not through Dabs. But as soon as it transferred my basket to BT, the prices had mysteriously become close on 15% higher.

I don't do business with dishonest suppliers, and a company that expects business customers to pay 15% more than private customers for no benefit whatsoever is in my opinion the height of dishonesty.



Biting the hand that feeds IT © 1998–2020