Facebook scams and dodgy ads – a grumpy old man’s perspective

I’ve just spent a happy hour dealing with a Facebook scam encountered by a family member on their business account. The process is depressing and has reinforced my personal antipathy towards Facebook. Let me explain …

Fake warning message
Fake[?] Facebook warning message

The scam

The scam in question threatens to suspend your account if you don’t follow a link to confirm some account information. So far, so classic, and my scamtenna immediately screamed ignore the message. As a business user however the recipient was naturally worried that their account could disappear and they would be cut off from their “fan base”. Further investigation was necessary to reassure them that the message was false; call Google (or Siri if you prefer).

The message is definitely a scam with variations of it discussed on scam/hoax busting sites across the web so time to get Facebook involved. This proved to be impossible on the iPad, device of choice for couch surfing, even following the advice in the help centre. Hauling out a “proper” computer we were able to report the message as spam and hopefully it gets attention because of that. However the GOM in me can’t leave it at that; there are a couple of things that I needed to follow up on.

Firstly the iPad difficulties.

As mentioned it’s the device of choice for many internet users (up to 50% now on some areas of our web site), and to have a missing function when you are trying to deal with such a dodgy event is bloody annoying. I’m “Mr always reads the manual” & couldn’t report it on their app. Maybe it’s possible, I didn’t see it.

Another problem on touch screen devices is the difficulty of inspecting anything. This is particularly bad on the iPad, with Apple’s aversion to user control but I’d bet I’d have the same problem on my Nexus. On a desktop I’d immediately hover and see the underlying link in the status bar or right-click and check. Unfortunately, in this case, that wouldn’t have helped because what you see is a genuine link to somewhere on the facebook.com domain.

I’m going to reproduce the link but for your safety I’m directing it to a safe destination:

https://apps.facebook.com/notifyforfanpages

Fake[?] Facebook Page Verification
/notifyforfanpages Facebook “app”

Secondly the link bait issue.

So the link is genuine and on the facebook.com domain so it’s easy to see how the less aware might be tempted to click through. If they do, as a good scam it now displays a convincing “Security Center” page. I followed it this far but left it at that. Various scam/hoax sites describe what happens next: give us your intimate details and some financial information “just for confirmation”. And the scammers have enough to fleece you and use your Facebook account for nefarious purposes.

How does an app masquerading as an official Facebook system get through the verification process?

Dodgy Facebook ads
Dodgy Facebook ads
Another annoyance are the right column ads which seem to be an endless stream of dodgy dating sites, nutritionally suspect diets and other link bait. As part of experimenting with the profile I added a fair amount of (hopefully) innocuous information and watched as these ads changed from mostly suspect diets and other products to mostly dodgy dating sites as Facebook found out I was a mid 50s UK male. It’s almost insulting and certainly irritating to be bombarded with this sh*t!.

Goodbye Facebook, hello less intrusive sites!

Most people just post child and animal pictures, stalk their older children and like other users’ cat posts so are unaffected by these scams. I’m particularly sensitive to security issues so I’m easier to drive away which is what happened with my personal account. I found myself feeling queasy about what was being shared where. I still can’t picture where the various items could end up or how, and grew fed up of having to review my settings every time Facebook changed something. The abiding picture I do have is of Randi Zuckerberg’s reaction to some new Facebook feature which in the ultimate irony ended up all over the internet. In spite of her resources it’s still around.

So I retired and now have a “professional” account I use as a kind of DEV system.

I’m far more comfortable Twittering and posting on WordPress where the intention is to share with everyone and you behave accordingly. For limited posting I’m experimenting with Google+ although I admit to not having mastered that to my entire satisfaction yet so could encounter similar problems (so far though no diet & dating dross).

I’ve posted the message I sent to Facebook as an aside below. I don’t expect a reply but I feel better having flagged it for some robot to categorise, auto-respond and shred.

Message to Facebook

A family member just received a threatening message about abuse and termination of her business pages within 24h for "violating policies".
In spite of reassurance (and evidence from Google searches that this is a known scam) she is still concerned so hopefully Facebook are too.
The particular cause for concern is the link embedded in the message which purports to be https://apps.facebook.com/notifyforfanpages. Naturally we have not clicked the link & being on the iPad it is difficult to investigate whether it is a true link (problem 1).
Assuming it to be spam I tried to report it on the iPad but even following the help center advice I was unable to find the icon to click (forward/share) and was unable to do so (problem 2).
At this point I decided to investigate on a "proper" computer & found they the link was not false; in other words https://apps.facebook.com/notifyforfanpages exists and looks very convincing, titled "Security Center on Facebook". Naturally seeing a page like this on the Facebook.com domain many people would assume that they have to follow instructions to confirm their details (problem 3).
I don't have the sandboxed system I'd need to test further - and am already uncomfortable opening the above page which has who knows what running in the browser trying to infect my device - so can't say what may be extracted from the unwary. I leave it to Facebook to investigate further.
I realise you cannot stop every dumb user from clicking through to links which may harm them or their bank balance but the above message is particularly worrying because of its use of the Facebook.com domain. I therefore expect you to take prompt action to close the /notifyforfanpages "app" for the protection of the unwary, and at least investigate how you can stop app developers using them to lull users into following link bait.
A good proportion of your user base is business engaging with their clients/customers on Facebook which is now embedded in our daily lives. Not all businesses have highly qualified technical security teams they can rely on to catch this abuse and, like my family member, are vulnerable to it. I believe it is therefore in Facebook's interest to move rapidly on this one.
Regards Nigel Boor
(Infrequent but concerned user)

Missing the Open Source point and spawning “Rats-to-Splat”

Being a local government web manager with severely limited and diminishing resources I’m always looking for ways to save money and generally do things better. A recent report in the Grauniad about the UK government switching to open source software was obviously a real eye catcher.

It’s beginning to happen at work (a shire county) with FileZilla, Firefox and The GIMP appearing on our desktops, but we are wedded to MS Office and there have been no signs of it being replaced by open source alternatives. A move by the UK central government to Open/Libre Office would certainly get the attention of local government. Interesting.

I’ve used open source extensively on my personal computers for quite some time and even contribute a bit as a beta tester and documentation writer to a few projects in the spirit of contributing something back. Despite the leeching aspect of the cost cutting reasoning behind switching to open source, I was genuinely and pleasantly surprised to read this piece and immediately went in search of greater detail.

The Grauniad piece has many quotes but no source links (and roughly 750 comments of the “yay, stuff it to M$” and “open source is unreliable crap” variety). Not helpful if you want to know how the switch is to be achieved. Worryingly though there are no quotes supporting the headline about switching to open source software; the more accurate quote in the subhead concerns “plans to standardise on open formats” which is entirely different.

I’ve traced the source of all this to a speech by Francis Maude to Sprint14 at the end of January. Sure enough there is no mention of booting out MS for Open/Libre Office, rather a well-reasoned section about “Open standards for document formats” and even a specific statement that “It’s not about banning any one product”. All sensible stuff and really about making sure our documents can be read by anything, not locked in to one company. If we then choose to use MS Office because that’s the best value, fine.

The Grauniad should force whichever sub-ed came up with the “switching from MS Office” slanted headline to write his resignation in [open source] LATEX on [proprietary] Windows Notepad.

But what else did Maude say? Splat-the-Rat!

I read Maude’s entire speech before posting these comments and something else he covered in the “Exemplars” section was the drive to cut down on the plethora of government web sites. In my job I can sympathise with his “splat-the-rat” comment about sites popping up faster than you can decommission them. I saw an email yesterday which mentioned two more we’ve spawned; I’ve also had four conversations in the past two months about new sites and seen one launched in world record time promoting a local initiative. Infuriating if you are trying to fell trees so your users can see the wood.

With all the cuts in budgets you would expect the default position on new web sites, which are a continuing expenditure and demand staff time to maintain, would be to keep them to a minimum. Unless it fulfils one of three criteria it should never get off the ground.

  1. it allows 24/7 transactions for the consumer which are more convenient for them and cheaper for us
  2. it provides some vital information not easily discovered via Google*
  3. it pays for itself by supplying services users are prepared to pay for

So how did one of the sites I mentioned above get commissioned? Proudly displayed in the footer among the logos: “Funded by The Department for […]“. And where is the Df[…] website? The rat has been splatted and is to be found at www.gov.uk.

It happens too frequently. Some central government initiative sprays funding around and local government uses it to create what are effectively vanity publishing web sites. Scrutinise this Mr Osborne if you want to make some “efficiency savings”.

The phenomenon has to stop. Initiatives like sustainable transport, public health, recycling/waste reduction and consumer protection have the majority of their content in common, with some aspects which are local. For example, advice on measles is the same whether you are in Norwich or Northumberland; all that is local are the locations of pharmacies or medical centres. Why should every local health authority produce web pages giving the same advice? Can’t we all get our respective acts together to co-ordinate single resources on nationwide sites which include location aware components to display anything that might be specific to a locale.

This is not a new concept. I’ve re-blogged Richard Copley’s recent post on this subject although he restricts himself to just a local www.gov.uk.

So over to Francis Maude, Eric Pickles and all those local authority politicians and officers whose vanity gets in the way of co-operating because they can’t agree how to share funding and refuse to sacrifice their identity and use national sites.


* Other search engines are available

Let’s Replace Council Websites with Local.gov.uk – a GDS for Local Government

Originally posted on Richard Copley MSc, BSc, SMSITM (and CIO):

140 characters is not a lot of space, but sometimes a tweet can contain a very big idea. In December 2013 Dominic Campbell (@dominiccampbell) tweeted:

dctweet

“I reckon it would be possible to build a GDS platform for all #localgov for the price of the new Birmingham Library website” 

If you’re not sure what GDS is then click here.

GDS certainly seem to have no appetite to attempt to tackle local gov – they have too much on their plate already. They have offered to share code, standards, APIs, frameworks etc – the philosophy being that we create a service of ‘small pieces loosely joined’ (a phrase which was originally used as an analogy to describe the Internet) – this means that responsibility for implementing this stuff would be devolved to individual Councils. It’s nice of the GDS to offer to share this knowledge, but I don’t…

View original 1,801 more words

Apple and how to p*ss a customer off

Here I sit doing something I haven’t done since my days with Windows 95 – a clean OS reinstall. The really annoying thing is that it’s an OS X Mavericks reinstall. Apple’s bulletproof software has been misbehaving.

This all started on October 22 when Apple released OS X 10.9 – Mavericks. (Actually a bit earlier but more of that later.) A MacBook user since Christmas 2011 I’ve become used to the ‘just works‘ nature of the OS and upgraded without hesitation. My problems were apparent from day 1 and have only become worse in the weeks since.

We won’t mention here the hours spent on the original download and upgrade; but only because it doesn’t compare too unfavourably with the Windows 8.1 upgrade I performed around the same time. Neither is for the faint hearted or those with a slow internet connection.

Immediate symptoms were laggy scrolling in Launch Pad, sometimes for example needing three or four sideways swipes to move between screens. Irritating but not fatal & Apple will fix it, right? No!

Then other laggy behaviour developed. Even an Apple Genius I know noticed and ran their diagnostics which gave the hardware a clean bill of health. I started seeing the beach ball more often and in the past few days I’ve had several complete freezes; a couple were long enough that I gave up waiting, and since even command+option+escape doesn’t get you out of these freezes, I’ve hard restarted with the power switch.

So today (Saturday) I’ve created myself an install USB and I’m giving the clean reinstall a try.

My first WTF moment; OS X counts down the time remaining to complete the install & stops at ‘one second remaining’ which, considering the reason for this install, is worrying. Luckily I’m sitting here with a Nexus 7 so I Googled it (deliberate plug for Apple competitor inserted, again I’m going to come back to this one). Apparently this is normal & ‘one second’ should say ’20 minutes’ – good job I didn’t believe the screen & abort. Actually I did at about 15 minutes so this is my second ‘one second remaining’ stall.

So we get to setting up the account which is where I again get stuck, with the ‘creating account’ message spinning away. Google and the Nexus to the rescue again with another unbelievable solution, but before that back to the other Apple annoyances.

I would probably just live with these if the recent problems hadn’t arisen but let me say I hate Apple’s ‘walled garden’ and their apparent unwillingness to play with anyone else’s kit. Sharing anything with non-Apple systems is such a b*ll-ache I’ve given up on the idea of switching from Google to iCloud; it would mean investing in Apple for phone, tablet and desktop to be sure I could reliably get at my own data.

Egregious example: daughter goes on holiday and offers me access to her photo stream. No chance unless on a Mac and signed in to iCloud. This is the era of Google (second honourable mention), Facebook, Twitter and Instagram, any of which would happily share with any kit capable of rendering HTML. Come on Apple, get with the 21st century cloud and out from behind your defensive garden wall; stop behaving like CompuServe or AOL from the last millennium.

Back to the reinstall and having got as far as ‘creating account’ twice, now apparently I need to skip the iCloud step. You know, the one Apple asks you to complete during setup. Even factoring in breaks this has taken five hours and too much help from Google.

At this point I should change the title of this post. I’m not just p*ssed off, I’m absolutely furious, fuming and f*cking p*ssed off. I’m facing another hour of deceptive progress bars. Windoze 8.1 may spray around messages about collecting information and just making a few more adjustments but it finishes and never promises ‘one second to go’ before making you wait 20 minutes or offering to create an account then completely failing to finish the process. Does no one at Apple even think to include loop/timeout functions in their install routines?

Reinstall done, the job took several more hours of recovering my files and reinstalling only the apps I really use and need. It probably would have been simpler to let Time Machine restore everything but my confidence that things would ‘just work’ was shaken and I took the chance to tidy things up.

Footnote: iPhoto is missing in base Mavericks. You have to restore it from backup; it seems to work but we’ll see how it survives the long term.

I reiterate, this has felt like a weekend with Windoze: the OS goes on the fritz, no advice or help on support.apple.com and eventually a complete rebuild. In fact it’s been worse because the Mavericks installer has a couple of truly inexcusable bugs, something I’ve never experienced with a Windows install.

Before anyone shrugs this off as some old duffer having a senior moment I should point out that I have some expertise in computing:

  • started with a Commodore 64
  • experienced user of PCs with every possible OS from DOS 3 through Windows 1.0 (runtime), 3.0/3.1, 95, 2000, XP, Vista, right up to 8/8.1
  • Novell network install & admin
  • Centura and Oracle database install & admin

Not exactly a newbie then!

I’m relatively new to Mac though, and am a big fan of the kit (even at Apple premium prices) and the usability of the OS in general; the trackpad and gestures are streets ahead of anything else. However, Apple have fallen from the pedestal they were on, placed there by their own marketing and the legions of fans -including slavish media- who will insist APPL can do no wrong. They now have feet of clay!

This clean reinstall had better make my MacBook run buttery smooth Apple – just saying…

Windows 8 two days in

Getting a better handle on this Win8 beast and I probably owe it an apology – the WiFi problem is adapter specific. I installed the latest Belkin drivers, assuming (as you do) that the later the better. However they are hardware version specific but I had to dig out a magnifying glass to read the 3 point type that tells you what version you have. The adapter is now happily working on the ancient computer & this one is cabled.
 
On the actual Win8 front I’m beginning to get the hang of tiles and the start panel. Move your mouse to the bottom left of the screen (as you would for the old start button) and you get the start panel which then takes over the screen instead of a start menu flying up. Basically the same behaviour and I can see why it would make sense for a tablet OS, it just takes a bit of getting used to on a desktop – you lose sight of running apps (not programs).
 
To see your apps you either need to get the start panel out of the way or hit the top left of the screen with your mouse cursor. At this point it gets a bit confusing. Win8 seems to have two kinds of apps: the new all screen type that seem to be available mostly through the app store, and the old type with the borders which sit on a separate desk top. Full screen apps show themselves in a strip along the left of the screen if you send your mouse to the top left then move downwards. The desktop apps lurk in a pack on the single desktop shown in this strip (the empty desktop does not appear if there are no apps on it).
 
Confusingly, Win8 comes with both types installed out of the box, the native file explorer runs on the desktop rather than as a full screen app. I swear that the first time I ran Internet Explorer 10 it was a full screen app too but currently it is a desktop version, suggesting that apps might be switchable. I can’t confirm this because I can’t switch IE back to full screen mode.
 
There is only one desktop so apps which run on the desktop are all gathered here meaning you have to go to the desktop and use the taskbar on the bottom edge of the screen to see what is there. You can still cycle through running apps with Alt+Tab which shows full screen apps and desktop apps. Rather oddly it also shows the empty desktop as if it were a running app.
 
Overall I’m struggling a little to see the method behind the madness of doing things this way on a desktop; although I appreciate some of this makes sense when you start using a touchscreen. However, on the touchscreen, the desktop apps will surely become difficult to use unless the menus adjust somehow to allow for fat fingers and the absence of a hovering mouse cursor.
 
I did discover a very handy YouTube video Learn Windows 8 in 3 minutes (OK, it’s really 4)
 
p.s. This was written in the Worpress app which is a bit bare so excuse any formatting glitches.

Installing Windows 8

Having used a Macbook Pro for the past 10 months I’ve been neglecting the Windows desktop; running Windows Update now and then. Tonight I thought I’d take advantage of the £24.99 update offer for Windows 8. 

Maybe it’s because my Dell is 3 years old, maybe it’s because it’s a Dell, or maybe I just forgot how painful it can be working with Windows. This was a far from straightforward process. 

First you go through the Windows 8 upgrade check. At this point you learn that from Vista you can’t keep your apps, everything must be reinstalled. OK I’ll grit my teeth and live with that. Then the upgrade check comes up with a list of problems, mostly associated with hardware drivers.

Cue visits to several sites linked from the problem list. 

One goes to Belkin and appears to upgrade the wireless USB adaptor but afterwards the upgrade check still identifies the newly updated software as a problem.

The references to Intel web sites are rebuffed by Intel as being unrecognised hardware after installing their hardware update checks.

Try visiting Dell and after installing yet another so called update checker I’m presented with a list of urgent, recommended and optional updates. I choose to download everything just to be safe ten run the first download to be told it’s trying to upgrade the BIOS from 1.0.18 to 1.0.1. Update 2 is a BIOS upgrade to 1.0.18; in other words no upgrade. Some of the rest seem to update stuff, others fail with mysterious errors, some seem to repeat the same upgrade just run.

Frustrating, as even after all this the Windows Upgrade check still lists all the same problems. 

At this point I should have given up but…

Biting the bullet I hope that the Windows install will overcome all the problems listed and fish out the debit card to pay the £25 (opting to shell out an extra £12.50 for a DVD + postage). 

Now I have a 2Gb download to wait for – 20 mins on my broadband. This is followed by quite a lengthy “preparing files” phase but roughly an hour later I’m ready to install. 

I choose to install from media so have to burn the iso file to DVD, another 15 minutes. Finish that and follow on with the install which seems to take ages (I’ve stopped timing things & just get on with other things). 

A couple of reboots later and I have a wizzy Windows 8 screen but no internet and no way of easily updating the wireless adaptor. My computer is a paperweight. 

More fiddling with Ethernet cables ensues switching them between wired computers and my desktop (awkward because of the distance being further than the available cable length). Find and run the network troubleshooter to get Ethernet connected to the internet and download the Belkin drivers again – this time the Win7 version the Windows 8 Upgrade checker failed to point out before the upgrade. This is a temperamental upgrade, stubbornly asking for the device to be plugged in then not recognising it. Even the Microsoft site only offers “hope this will help” when recommending the Win7 driver. I’ve got news for them and Belkin, it doesn’t work with Windows 8. 

At this point I give up on wireless and dig out the long Ethernet cable, sacrificing the connection of  a lesser used machine. Eventually I have a working Windows 8 machine with no wireless. A less than optimal solution but it’s half past midnight, I started this a 8 pm and am now mightily pissed off. Sorting out the wireless will have to wait. 

Apple might be annoying me by sueing all and sundry then trying to avoid complying with court orders they don’t like, but at least their software is easier to deal with.

Back to basics with Google Analytics

So I’ve been using Google Analytics for quite a while now but like most local government types all we produce are the pageview/visitor reports the bosses want. It’s time to change that and use some of the more advance features to analyse visitors not just visits. Here is where the usual trial and error method of learning a product falls short; time for a more organised approach and I hope writing it into a blog will cement the knowledge somewhere in my leaky memory.

Step 1: get away from the office; the place is too noisy for any kind of study. My boss has kindly agreed to a Wednesday afternoon at “Google University”.
Step 2: get organised; Google provide quite a bit of online study material.
Step 3: get sidetracked; holiday, sickness, new projects, the day job, all conspire to derail the bet laid plans.
GoTo Step 2!

Having managed to get a bit of introductory work done before Step 3, I’ve spent the last day or so organising myself a course based around Google’s “Analytics Learning Centre” – it has all the free resources you need to get started with GA. If you want to go on, they point you toward advanced courses you can buy.

So, tonight it’s reviewing the set up process. It seems like going back to baby steps but worth the effort I think; I remember being frustrated because one of our original properties had no profiles that tracked search data.

Get straight the difference between:

  • Accounts, (Your access point for Analytics)
  • Users, (You add users to an account)
  • Properties, (One or more Resources of the same type – no mixing apps & websites)
  • Profiles, (a distinct view of data from a property)
  • Resources, (Website, mobile application, blog, etc)

(This list took two drafts to get right!)

Relationship between Analytic entities

On the work account, I gather data from a half dozen or so resources. Most people call them web sites (we have no apps yet). Some ofthose resources post data to dedicated properties, some we combine into a single property. The split should be logical but as I mentioned at the start, we set things up in a pretty haphazard way so this is not entirely the case. This is an early lesson and I will map out the proper relationships shortly & see what we may need to change so our reporting is properly organised.

Profiles also got out of hand in the original set up. At the time it seemed a good idea to produce a profile for every consumer of analytics and turn them loose to play with their data. While this may have been useful the one or two more savvy users, most just opened the dashboard and either read off the desired statistic (usually unique pageviews) or ran off a standard report from the same dashboard element. Most profiles were a waste of effort.

Invaluable advice is to have one unfiltered profile. It is too easy to create a property which gains a default unfiltered profile then create more profiles and in a clean up delete that unfiltered one, because “you’re not using it are you?”

After that there are only one or two profiles per property that are worth setting up:

  • External traffic only
  • Profiles to separate out traffic to particular areas of responsibility
    The sensible method of doing this is to organise the site using directories but of course modern content management prefers arcane URLs only a computer could love. For the sake of the user experience and to make your filtering possible, do all you can to get URLs that a human (and usefully search engines) can read.

The only sensible way to create profiles is with filters. At this point, geriatric Perl developers rejoice! Filters make extensive use of regular expressions (regex).

At this stage you might want to generate a set of standard filters:

  • Lowercase the URLs
    Amazingly some people insist on using UPPERCASE or CamelCase in URLs. GA is like Unix and respects case so you’ll get multiple entries in assorted case for the same resource unless you do this.
  • Exclude internal visitors
    Easy to do by excluding your own IP addresses
  • Remove junk
    If your stats are littered with admin type requests

Just blogging while reading the online material has been useful & I’ve got a few things I want to go over tomorrow at work.

Next up is conversion and goals. Something I really hope will make Google a more useful tool so we:

  1. Sit down and set out some concrete goals for the web site
  2. See how well the site is doing delivering them.

Occasional thoughts, maybe some insight

Follow

Get every new post delivered to your Inbox.