Loyalty Cards are used to spy on  your purchases, and not just with the vendor

The story of how that Sudafed ad got to me begins at Walgreens. As I bought tissues and Afrin, I keyed in my phone number so I could get loyalty points.

Source: Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic – WSJ

Stores use your loyalty card to identify you and all of your purchases. Your purchase transactions are then sold to other marketing companies. This data, in turn, can and is matched to your Facebook account and other online data using the phone number that you gave to the store and to Facebook or Google.

Think about how Facebook, Twitter and other online services are constantly pestering you to give them your phone number. Once they have your phone number, anything else you do that is linked to your phone number – such as using a loyalty card when buying stuff at Safeway or Walgreen’s is then accessible.

Everyone is also using the tracking data that Google collects on your Android phone to monitor where you are. Remember, that too is tied to your phone number. As I described on my other blog, the Facebook dossier even tracks what apps you have on  your phone and data mines that to identify potential marketing opportunities.

Google and Facebook are doing highly invasive surveillance and almost no one understands what is being done or what this means.

 

Advertisements

Total information surveillance society

Law enforcement agencies are now using systems, even mobile devices, that automatically and quickly perform facial recognition of subjects. This data is being stored into databases to create dossiers that could eventually track all of us as we go about our daily lives.

Without restrictive limits in place, it could be relatively easy for the government and private companies to build databases of images of the vast majority of people living in the United States and use those databases to identify and track people in real time as they move from place to place throughout their daily lives. As researchers at Georgetown posited in 2016, one out of two Americans is already in a face recognition database accessible to law enforcement.

Source: Face Off: Law Enforcement Use of Face Recognition Technology | Electronic Frontier Foundation

The tech industry arrogantly believes everything in life is a tech problem that can be solved with the application of more tech. Systems like this, however, will always be plagued with significant false results. At some point, you will hear the tech promoters say something along the lines of “that is the price we must pay to be safe”. Watch and see.

Governments set to regulate and issue their own cryptocurrencies

Why the Bitcoin bubble may explode when it pops:

One reason for regulating blockchain-based cryptocurrencies, also known as digital tokens, is the growing concern that the virtual money they represent could be used for nefarious activities, such as money laundering. Cryptocurrencies could also be a threat to the current financial system because they have at times encouraged unbridled speculation and unsecured borrowing by consumers looking for a piece of the crypot action.

Source: Governments eye their own blockchain cryptocurrencies | Computerworld

Government or central bank issued, blockchained-based cryptocurrencies could be far more useful for legal transactions than the underground currencies like Bitcoin. Bitcoin is great for secret or questionable transactions that do not want to be tracked, of course, but most transactions are not in the camp.

(Note “blockchain” is an important bit of technology that has numerous applications other than cryptocurrencies.)

Google issues near death sentence to all non-encrypted web sites by summer of 2018

Google in July will start inserting a ‘not secure’ label in the address bar of every website that uses HTTP connections between its servers and users.

Source: Chrome 68 to condemn all unencrypted sites by summer | Computerworld

Initially Chrome will say “Not secure” but will later add a red danger icon. (There is nothing dangerous about looking at an unencrypted web site about cats.)

Google previously announced that it down ranks unecrypted web sites in search results.

Just as Youtube is killingly off new Youtube channels (to qualify for advertising, new channels must have at least 1,000 subscribers and an even tougher, 4,000 measured hours of views during preceding 12 month), Google is now working to kill off small personal web sites where many find implementing https is more trouble than its worth.

In effect, the distributed content of the original web (personal blogs, web sites, and RSS feeds) is largely pushed to migrate to Google and Facebook platforms, where Google and Facebook control everything.

My coldstreams.com web site now uses an annually purchased digital certificate, and 3d.coldstreams.com uses a “free” digital certificate for security. Unfortunately, the free certificates expire every 90 days, must be renewed and re-installed manually. For small and personal web sites, this is a bit of bother. My ISP can also issue a self signed digital certificate but that results in a different error message presented to the web visitor – not an improvement.

Related: Twitter and Facebook are increasingly trying to clamp down on fake news, conspiracy theories, hate speech, and who knows what else using many methods. One method, obviously, is to simply make it more difficult for individuals to place their own content online. No idea if this is what is happening but it is a potential side effect of the changes that are underway.

Related: I originally moved my coldstreams.com blog to coldstreams.wordpress.com to use their https services, their faster servers, and to let them do the frequent software updates. A side effect is it looks like Google down ranks searches for content hosted on *.wordpress.com web sites – by a lot. Consequently, I am considering moving this blog back to coldstreams.com. Truth is, I had – and still have – far more readers on the old blog than the *.wordpress.com blogs have ever gotten. Search traffic barely ever reaches the *.wordpress.com web sites whereas I still get lots of search traffic, every day, to my original and dated web sites. For that reason, I am giving serious though to moving back.

AVOID MAIL.COM URL: Unreliable, unacceptable cloud-based email service

What is “Mail.com”

Last fall, I switched my email accounts to an email service hosted at the url mail.com which provides “free email” at your choice of up to about 200 possible domains that they have registered.

The email service is free, paid for by sponsored advertising. The ads take the form of simulated mail messages in your inbox (since they are not real email messages, you cannot mark them as spam). They also take the form of full screen ads when you first access your email via the web – typically its a full screen ad trying to convert you to a paid premium email account. Similarly, on the Android app, sometimes when selecting a mail message to read, you will see a full screen ad before you can access your email message. As before, these ads are often from the mail service itself trying to convert you to a paying customer. If you pay a subscription fee, the ads allegedly go away.

SEE UPDATES AT END

Our Experience

When I tried to login one day in February 2018, I received this message saying access to my account was “blocked” due to “irregular activity”:

I contacted Customer Service using their online form (the only way to reach them) and received this 24 hours later (to my alternate email address):

The service, arbitrarily, without any explanation, shut off access to my email and calendar for reasons having nothing to do with me. In fact, this shut down occurred overnight while I was a sleep. Clearly, this is not something I caused. Yet they refuse to provide any explanation.

I contacted them a third time to ask for an explanation and they sent a form response saying a “ticket” had already been opened on this issue and dealt with (see above) and, basically, further requests to them will be ignored. They actually say that “Customer Support is our main priority” which empirically is not true.

The Aftermath

I looked online for reviews of “Mail.com” and I learned two things:

1. There are many fake review web sites with titles similar to “Top Ten Best …” where every product or service is wonderful.

2. There are also many user community web sites that had many negative comments about “Mail.com”. My experience is apparently not unusual with Mail.com.

Some of the comments voiced a suspicion that Mail.com blocks accounts after several months if you have failed to convert to a paid subscription account. Since Mail.com is unreachable, it is impossible to discuss this allegation with anyone at Mail.com.

Better Business Bureau

The parent company of Mail.com is 1 & 1 Mail & Media Inc. The company, in various places, is shown with an address in Pennsylvania but may be based in Germany.  It appears to be connected to 1&1 Internet, Inc as some of their IP addresses map back to 1&1 Internet.

According to the Better Business Bureau report for the Washington, DC area only, they have received 30 complaints, 1 negative review and 1 positive report. BBB assigns them an A+ (based on separate experience I have documented with BBB, BBB ratings are meaningless). The negative complaints generally involve having their credit card billed for services the user says they did not authorize and the great difficulty that paying customers have in deleting their account and getting Mail.com to stop billing them.

The company tries to have you to install various add-on software components to your Internet browser, ostensibly to give you instant notice of new mail. However, many reviewers say you should not install these components and if you do, should remove them. 82% of IE users uninstall the component within one week of installing the add on. Many “free” browser extensions are actually used to spy on your online behavior, to track your online web access, and to create marketing dossiers about your possible interests. This data is then sold to organizations wishing to target people like you, to sell you products or services. We do not know if the “free” Mail.com browser add ons perform this feature (as noted, Mail.com is unreachable and makes it impossible to ask them questions).

When You Lose Access to your Data

When you lose access to your email account abruptly and without warning, you need to immediately update your email contact information with all accounts you have elsewhere, plus you need to alert all of your email contacts that you have lost your email service.

Worse, however, is that we typically save various messages – often important ones – in online folders for future reference. For example, emailed receipts or invoices.

When your account is cut off, you lose access to potentially substantial amounts of critical information. Effectively, Mail.com is stealing your personal data – and their terms of service even spell out that they can do this.

Furthermore, Mail.com does not tell you anything about the “irregular activity”. You have no way of knowing if the security breach is potentially worse – has your personal information in your account or folders been accessed? This is a critical security problem. What happens to the data in your account after they block it? Is the information securely erased?

  • MAIL.COM’s account death sentence, without any explanation, is 100% unacceptable from any provider and renders their email services 100% unreliable.
  • By not providing an explanation, we do not know if there are other legitimate security issues that we need to address.
  • By blocking access, without warning, and providing no recourse, Mail.com effectively steals your intellectual property (again, which they assert a right to do in their terms and service agreement).
  • Other online reviews indicate our experience is not unusual with Mail.com.

Empirically, Mail.com is 100% Unreliable. Based on our actual experience outlined above, we strongly recommend avoidance of MAIL.COM

Their customer service is awful – there is no way to contact them except through a single online form with a 24 hour turn around (others report turn around time up to days to weeks).

They claim to have excellent customer support. When they offer no assistance on issues as critical as loss of all your email and provide no information about their actions, their customer support claims are empirically false.

Unfortunately, there is no way to contact the company. They refuse to acknowledge any further contact through their online customer support feature. It is impossible to ask them for their perspective on the items outlined above.

Lessons learned

  • NEVER EVER USE MAIL.COM
  • NEVER RELY ON THE CLOUD FOR CRITICAL DATA

After this, I am transferring important items like emailed receipts, documents and other data to offline storage and/or printing them on paper.

Switched to Outlook.com

I have switched to reputable nline mail services offered by Microsoft and also to my own email server that I control. Using the Outlook email application, mail that was been stored in cloud email folders is also configured to be stored as a local copy on my own computer. This is a fantastically better solution than cloud-based only systems like Mail.com.

Keywords: MAIL.COM REVIEW, MAIL.COM ACCOUNT BLOCKED, MAIL.COM SUSPICIOUS ACTIVITY, IRREGULAR ACTIVITY

—————————————————————————————————–

Update: Many people have had problems with them in the past, exactly like others are also reporting this week. There are many reports on Twitter this week of others losing access to their email too. A online comment at an online forum looked up their server IP address and found that their servers are blacklisted by anti-spam systems. This suggests defects are causing their systems to be either hacked or abused for the purpose of sending spam – indicating they have little idea how to manage an email system.

CONFIRMED: As of Feb 16, 2018 at least one of their IP addresses is blacklisted on anti-spam lists. I confirmed that the IP address 74.208.4.200 belongs to 1&1 and it is presently blacklisted.The second 1&1 IP address I checked later is also blacklisted.

Their terms of service say they can and will terminate your account and delete your private data, for any reason what so ever, whenever they feel like, without warning.

There are rumors online that

1) mail.com’s servers were hacked (this has reportedly happened before)

2) mail.com had a pre-announced system upgrade about 24-48 hours prior to the loss of accounts. The rumor is the upgrade failed.

3) As a consequence of either (1) or (2), mail.com is said to have possibly lost all user data connected to the accounts,

4) Or, that mail.com routinely blocks access to free accounts if the user does not convert the free account to a paid premium account within a few months.

I have attempted to contact mail.com through their online customer support tiny-form and via Twitter and they have not responded to anyone. It appears that you cannot get telephone support unless you upgrade to a paid premium account. Does that mean blocking accounts and then having to convert to a paid account to contact support to restore service is a protection racket? We have no way of knowing as Mail.com does not respond to customer inquiries.

Avoid all use of 1&1 and mail.com products and services. Run away fast.

Update 2/27/2018

Two weeks later they sent this insulting email. I have a B.S. in computer science, an M.S. in software engineering and have taken additional graduate course work in information security. You’d think I might know a few things… they still have refused to provide any information as to what their security systems detected. My mail.com account remains blocked. I have moved everything to a Microsoft hosted email system which has been secure, solid and reliable.

Update February 28th, 2018:

MaildotcomFeb27-2018

And … the account remains blocked in spite of what their tech support said.

Update March 5, 2018

And at last, 3 weeks later, I can now log in again to my mail.com email address. I have already switched over 149 accounts, groups, vendors, etc, to my new email address, plus am now forwarding all of my stored mail, from mail.com to my new email address at a new service provider.

My account at mail.com had been set up as my primary email address for handling all email correspondence. Being abruptly cut off for 3 weeks, with no explanation, and initially, with a statement from the vendor that  I was cut off permanently, is insane.

Autonomous self driving cars’ sensor arrays may be used for intensive public surveillance

Autonomous self-driving cars are continuously surveying their surroundings using an array of sensors and recording this to memory.

In the event of an accident of malfunction, this data can be retrieved for analysis.

However, this data could also be retrieved as surveillance data – even when the vehicle itself has not been in an crash.

Consider, a bike versus human driven car crash at an intersection. Two other vehicles at the intersection are autonomous vehicles and they have recorded the entire scenario, in detail, including subject and object positions and travel speeds.

All of this data is available to the police. Police agencies that today operate their own license plate readers and intersection surveillance cameras might choose to contract with autonomous vehicle companies for use as public data collection systems. When your autonomous vehicle is connected to your EV charging station, it might communicate over WiFi to upload collected data to a master database.

This is not particularly difficult or far fetched and police may already have the legal authority to pursue this collection.

Source: Why cops won’t need a warrant to pull the data off your autonomous car | Ars Technica

The primary business of the Internet is surveillance

Similar to Uber’s “God View” scandal, Lyft staffers have been abusing customer insight software to view the personal contact info and ride history of the startup’s passengers. One source that formerly worked with Lyft tells TechCrunch that widespread access to the company’s backend let staffers “see pretty much everything including feedback, and yes, pick up and drop off coordinates.”When asked if staffers, ranging from core team members to customer service reps, abused this privilege, the source said “Hell yes. I definitely looked at my friends’ rider history and looked at what drivers said about them. I never got in trouble.”

Source: Former employees say Lyft staffers spied on passengers | TechCrunch

Web site Quartz recently discovered that Google routinely logs quite a bit of information in your Location History, plus uses Bluetooth devices as an additional source of location information – even when you have Location turned off. Even on phones not having a SIM card installed.

Surveillance and privacy violations are the primary business purpose of the Internet.