Saturday, July 31, 2010

You get what you pay for - beware of

My wife has an iPhone which has cracked on the back plate. I went in search of replacement parts online and decided to take the chance with due to good pricing. The web site didn't have reviews online and I decided to take the gamble. I purchased the iPhone 3G Black Housing unit and waited to see what I had purchased. After a couple weeks, the product (made in Hong Kong) showed up and I was exited to use it. I opened it at the post office and found that the plastic seemed really cheap. But I knew the weights and densities might feel different with the metal internals of the phone connected to it. As I went to begin the iPhone cosmetic surgery (with the knowledge that doing this could void any remaining warranty), I found that the tools they had said they would send were not the right tools at all. The "X" and "-" screwdrivers were star-screwdrivers that don't fit at all. I went on to compare the weights and densities of the housings to find that the OEM one was in fact more dense and felt stronger than the one sent by I decided that the risk wasn't worth it and left my wife's phone with the OEM parts. My caution to those interested in is to know that you get (sometimes less) than what you pay for. On that note, does anyone want a new iPhone black housing kit?

PS. When I was waiting for the shipment, I got a notice from them saying "if your package has any questions, we'll let you know via email." I guess they know me better than I do.

Thursday, July 1, 2010

Spokeo - Helpful or Hurtful?

Some people may not have yet heard about, a service that allows people to find others by email, name, phone number, or friends. This alone seems innocent enough, but what happens when they decide to aggregate (or collect) too much personal information about people. What if they had information like how much you make, what your house is worth, your likes/dislikes, contact information, personal pictures of you, phone numbers, address, ethnicity, relationship status, occupation, and credit scores. The fact is they claim to have all this and more.

Spokeo has created a program that searches the web to collect information on you as a person. They store all this data on their servers (which by doing happens to violate most social networking site's terms and conditions).  This information is then sold at a price to others who want to find out your details.

Target Marketing: By having all your information marketing companies can potentially search you out by your salary or other qualifications with regards to what they are trying to sell and then call you, email you, or send you snail mail in attempts to gain your business. This data is worth quite a bit of money to them and the sad part is, you don't get anything but spam for your personal information.

Targeting Youth: Web sites that provide a service are required to inform their users that they must be 18 or older. This has to do with laws in the United States that protect underage kids online. Spokeo however has banners on the web site show underage teenagers (most likely high school kids) using their service to dig up data on friends. While those under the age of 18 (but older than 13) are allowed to use the web site, it is illegal for the company to collect and store information for individuals  under the age of 18. Despite the attempts of Spokeo to filter their collections, they are not able to verify the age of users in their system offering others a way to search and target underage kids. (These girls are most likely looking at people their own age...)

Unencrypted passwords/Password storing: Spokeo offers to connect to your email to download your contact list into their database (they will make money on these emails but you will make nothing) and possibly show you information about your contacts. They don't use any HTTP encryption when you provide this information. This makes it easier for hackers to see your password running over the web and obtain access to your email account to use for whatever illegal activities they desire. This can be especially dangerous when you have this email account linked to bank accounts, auction sites, and other personally sensitive information on the web. Secure HTTP is not difficult to implement, but it does cost about $15-$30 a year, a price they are not willing to pay to keep your passwords safe.

Potential Dangers: With a service providing so much information it definitely opens the doorway for more spear phishing (when people intersect your personal information and use it against you to get money or other things they want). In this case if I was to use Spokeo to get information about your house and I looked up your bank with your unencrypted email account and password, I could then call you pretending to be a bank and tell you that your previous mortgage payment did not go through and that you needed to provide a credit card and make the payment now to avoid various fines. Now of course doing this would be a little more work than the average internet user can do, but definitely could be done by a hacker.

Removing Yourself from Spokeo: If you search yourself and find that you are listed in the system you can ask to have your personal information removed from public view (I doubt this would prevent them from selling your data, but will prevent from others using their system to find you.) To remove yourself do the following:
  1. Go to in your browser and then search yourself by name.
  2. Select your state and city until you find yourself. If you are not listed, you have evaded them for now but you may show up in their system later. Unfortunately you can remove yourself from the system until you are in it.
  3. If you do find your self, load your profile. You may not see all your data since they only show 'previews' of information (these are the same for everyone - but only paid subscribers can see all the data available on you). 
  4. Copy the URL address of your profile. 
  5. Click on the privacy link in the bottom right of the web site. When this page pops up paste the URL into the URL field provided, then provide a junk email address that you have email access to and type the alpha-numeric code. 

You can do this 1 or 2 times with that one email address. This is nice to remove a spouse, family and friends. If you have several junk email accounts you can remove even more of those you care about.

Spreading the word: Send this post to friends and family to spread the word of warning and help others to remove themselves from the Spokeo service.

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Review