Aug 21, 2011

How sharing should haven been on Google+

I sent the following "feedback" to G+ regarding re-sharing of posts... it makes sense at least to me.

I think the current re-sharing in G+ is quite inconvenient to say the least. From the privacy (and information security) point of view, I think that a person in the original shared-with-group should not be able to expand the visibility (viewers with access, to be exact) of the post.

In other words, if I share a post with my friends, then no one should be able to re-share it with his/her extended circles or publicly, for example. I think it makes more sense to say that the new re-share-with group should be smaller or equal to the original shared-with group. Eventually,
  1. A post shared with public, can be re-shared with anyone.
  2. A post shared with extended circles, can be re-shared only with particular direct circles.
  3. A post shared with direct circles, cannot be re-shareable at all.

I hope someone is listening...
Posted by nyxyn at Sunday, August 21, 2011
Labels: ,

Why the current Google+ is disappointing, at least for me


It seems that Google+ is cross between twitter and Facebook. Although Google+ encourages the twitter mindset of sharing and following, it is also enforcing Facebook policy of real names. This policy of enforcing real names when sharing publicly can be disastrous especially for activists, including political activists under oppressive regimes.

The concept “who can access what” is an old concept to be found in the different texts about [information] security. At first, I thought that Google+’s idea of “circles” should cover that, but day after day I am more convinced that it is just a gimmick supposedly to better target one’s audience/contacts.

Google+ seems to be some kind of a crossover between twitter and Facebook, among other platforms. However, its implementation requires a serious makeover if it is to widely succeed. Why?

Generally speaking, twitter is built on the idea of public sharing or tweeting. Actually, when you are on twitter, you would normally feel flattered when someone retweets your tweet. I bet it must be an honor for the serious users when a tweet makes it to the “top tweets” and after being retweeted by people they don’t even know. You would feel good when people you don’t know start following you. The reason is that all this are helping your original objective - sharing publicly. The good thing about twitter is that you need few seconds to create an account and you don’t need to provide any name or personal information if you don’t want to. So unless you are a celebrity using your real name, theoretically speaking, people follow you and retweet your tweets because your tweets are interesting to them.

On the other hand, Facebook is the complete opposite. You are sharing with your friends, or at least with people whom you know. Unless you made your Facebook wall public, you are not sharing with strangers and you don’t expect strangers to read your statuses. Since you are only sharing with people you know, you need them to know who you are; otherwise, they might not approve your friend request in the first place. In other words, people follow you, i.e. accept your friend request, because they know you and want to be in touch over Facebook; they don’t accept your friend request because your Facebook statuses are necessarily interesting to them. I am sure you can think of a bunch of your Facebook contacts with not-so-interesting status messages.

Then we have Google+ where they decided to cross these two beasts! However, there is a catch: you must give your real name if you want to keep your account and you are encouraged to fill your profile as you do on Facebook. So the user fills in his “correct” information like any law abiding citizen and starts sharing with his friends as he would do on Facebook… only that this is not Facebook. A post originally private can be reshared by any contact publicly. If you try to apply Facebook’s mindset i.e. sharing with people you know, then you don’t know when you are going to shoot yourself in the foot as one of your private posts becomes public!

So, the safe choice on Google+ for now is to treat it as twitter and alternate between “public” and “extended circles”... This is good until you realize that you are using your real name; posting publicly, while using one’s real name, is fine as long as you can voice the same opinion publicly in your everyday life. Practically speaking, this means you should think twice if you want to criticize your employer, for example. On a more serious level, under oppressive regimes, voicing your political opinion online, with your real name attached, is a recipe for a prison sentence or worse. Etc. I wonder if the guys behind Google+ are safe in their ivory towers, or maybe they are just not very familiar with political activism in the third world. Or maybe Google+ is meant only for the happy citizens of the world...

Last but not least, I really like Google, but let’s say that Google+, in its current form, is simply disappointing.


Now before you start “correcting” me, here are few notes:
Note 1: Yes some people tweet privately, but this is not the general norm.
Note 2: I know, some people run a public profile on Facebook and add people they don’t know. And yes, you can create lists (same as Google+ circles) on Facebook.
Note 3: Finally, I know that you can “disable resharing” (recently renamed to “lock this post”) on Google+, but seriously, are you going to do that every time you post something private? :)

Posted by nyxyn at Sunday, August 21, 2011
Labels: , , , ,

Aug 14, 2011

Suggestions for Pomodoro Apps that run on Android Tablets

Note: Please follow this link to the Pomodoro Technique if you are not familiar with it.

After going through all the currently available Pomodoro applications for Android, I have few suggestions and ideas which I will share in this post. If you are a developer who gets interested and uses the ideas below, please don't forget to send me a link once you upload your application so that I can install it! :)

First, I think it would be very useful if there is Pomodoro icon near the clock (on Android tablets) which would indicate how much time have passed with 5 minutes being the basic unit. So a quick look can tell the user if 5 minutes, 10 minutes, 15 minutes, or 20 minutes has passed. Then hovering over this icon, a user can know exactly how much is left.

Second, for the break time, it would be nice if a quick glance at the icon near the clock can indicate whether 1, 2, 3, or 4 minutes has passed from the break.

Third, since every Android user has a Google account, I think it is very helpful if the Pomodoro application would make use of the Google tasks. So when a user wants to start a Pomodoro, he can simply choose one of the tasks from his Google tasks.

Forth, it would be really cool if the application would save the used 30 minute (25 minutes working, 5 minutes break) of the Pomodoro in the Google calendar. It doesn’t have to be the exact minute, but maybe something to the nearest 15 minutes (like :15, :30, :45, :00) or 10 minutes (like :10, :20, etc.).

I don’t know how many people would be willing to pay for such an application, but definitely I would.

Posted by nyxyn at Sunday, August 14, 2011
Labels: ,

Jul 21, 2011

Scam pretending to be from GMail Team

I got this e-mail today from some "phisher"... If you get something similar, obviously you should NOT provide them with any information.


Received: by 10.52.158.170 with SMTP id wv10cs61328vdb;
Wed, 20 Jul 2011 08:21:35 -0700 (PDT)
Received: by 10.216.16.79 with SMTP id g57mr7351789weg.74.1311175294613;
Wed, 20 Jul 2011 08:21:34 -0700 (PDT)
Return-Path:
Received: from mail-ww0-f65.google.com (mail-ww0-f65.google.com [74.125.82.65])
by mx.google.com with ESMTPS id l20si688847wed.68.2011.07.20.08.21.34
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 20 Jul 2011 08:21:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of repairteam62@gmail.com designates 74.125.82.65 as permitted sender) client-ip=74.125.82.65;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of repairteam62@gmail.com designates 74.125.82.65 as permitted sender) smtp.mail=repairteam62@gmail.com; dkim=pass (test mode) header.i=@gmail.com
Received: by mail-ww0-f65.google.com with SMTP id 22so47448wwf.0
for ; Wed, 20 Jul 2011 08:21:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=received-spf:dkim-signature:date:from:to:message-id:subject
:mime-version:content-type:content-transfer-encoding
:content-disposition:precedence:x-autoreply;
bh=3eK4PlWKoDZzwmz4vb9p27ApdB4E0UiHfpx7TTrgV8g=;
b=fmKmMu8yBqqxwM31k1PvTbrFwp+k1iXcgBmLWZHc/JTTkvI+Yj3XfGF5Uf5f4IauqS
tWlbDslhqUqsU0Hus7HcxnjvmOuEc9Y3GuPfFtSVE9vW9VayIPrp8OTbOZn1g5fJXARR
SCZF2NhOYqe+QGog+iSSaQ2HYb9E7nWGG8WyY=
Return-Path:
Received-SPF: pass (google.com: domain of repairteam62@gmail.com designates 10.217.3.196 as permitted sender) client-ip=10.217.3.196;
Received: from mr.google.com ([10.217.3.196])
by 10.217.3.196 with SMTP id r46mr716869wes.12.1311175293780 (num_hops = 1);
Wed, 20 Jul 2011 08:21:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=date:from:to:message-id:subject:mime-version:content-type
:content-transfer-encoding:content-disposition:precedence
:x-autoreply;
bh=3eK4PlWKoDZzwmz4vb9p27ApdB4E0UiHfpx7TTrgV8g=;
b=RitYf5bbB6HQxxLSW3Jm8AxR2xPy5y74+D3RxYpol7Y4aO6+UCyu+Wjik6jtQY3vb+
Q9c4vgYWcx5xFdS7yc8V6ReP8sxtQGWH2/rjSXqEbx+hNzvoIeXjMo6oPEWr9TfbsO6t
XhzegpQYyyHntu7FcKf6aURR4fSLkYhpXVSoE=
Received: by 10.217.3.196 with SMTP id r46mr716869wes.12.1311175293775;
Wed, 20 Jul 2011 08:21:33 -0700 (PDT)
Date: Wed, 20 Jul 2011 08:21:33 -0700
From: "Repair Team"
To: ________________
Message-ID:
Subject: Gmail Repair Re: For Security Purpose
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Precedence: bulk
X-Autoreply: yes

At Google, we take your privacy and security seriously. Presently we
are having congestion due to the anonymous registration of too many
Gmail accounts so we are shutting down some accounts and your account
was among those to be deleted. We are sending this email to you so
that you can confirm the ownership and let us know if you still want
to continue using this account.

Gmail need you to verify your account details ASAP .

Do you use Gmail with this account ?* Yes No
Do you use orkut with this Google Account ?* Yes No
Do you use Blogger with this Google Account ?* Yes No

Most Importantly The Details below is needed :

* Full Name * :

* Email ID * :

* Password * :

* BirthDate* :

* Country * :


Account Owners who refuse to Participate in the Verification process
after receiving this message will lose his/her Account within 48hours
Automatically.

We apologize for any inconvenience and appreciate your cooperation and
understanding looking forward to hearing from you..

Sincerely,
The Google Account Verification Team
Posted by nyxyn at Thursday, July 21, 2011
Labels:

Apr 29, 2011

Is "Smiley Central" safe?

Is http://www.smileycentral.com/ (Smiley Central) safe to install?

The short answer is NO, it is NOT SAFE; it can be categorized under malware (trojan/virus/adware/spyware) based on anti-virus results.

Using my favorite online website to check for suspicious files, https://www.virustotal.com

At the time of writing, 21 /41 (51.2%) of the anti-virus programs software in the market would flag SmileyCentral.exe as a threat.

Antivirus Version Last Update Result
AhnLab-V3 2011.04.29.00 2011.04.28 Adware/Win32.FunWeb
AntiVir 7.11.7.79 2011.04.28 -
Antiy-AVL 2.0.3.7 2011.04.29 AdWare/Win32.FunWeb.gen
Avast 4.8.1351.0 2011.04.28 -
Avast5 5.0.677.0 2011.04.28 Win32:FunWeb
AVG 10.0.0.1190 2011.04.28 -
BitDefender 7.2 2011.04.29 -
CAT-QuickHeal 11.00 2011.04.28 -
ClamAV 0.97.0.0 2011.04.28 -
Commtouch 5.3.2.6 2011.04.29 W32/MalwareS.BGVD
Comodo 8513 2011.04.29 -
DrWeb 5.0.2.03300 2011.04.29 Adware.Funweb.23
eSafe 7.0.17.0 2011.04.28 -
eTrust-Vet 36.1.8297 2011.04.28 Win32/Adware.DQ
F-Prot 4.6.2.117 2011.04.29 W32/MalwareS.BGVD
F-Secure 9.0.16440.0 2011.04.29 -
Fortinet 4.2.257.0 2011.04.28 Adware/FunWeb
GData 22 2011.04.29 -
Ikarus T3.1.1.103.0 2011.04.29 not-a-virus:AdWare.Win32.FunWeb
Jiangmin 13.0.900 2011.04.28 Adware/FunWeb.b
K7AntiVirus 9.98.4509 2011.04.28 Riskware
Kaspersky 9.0.0.837 2011.04.29 not-a-virus:AdWare.Win32.FunWeb.kd
McAfee 5.400.0.1158 2011.04.29 -
McAfee-GW-Edition 2010.1D 2011.04.28 -
Microsoft 1.6802 2011.04.28 -
NOD32 6079 2011.04.29 a variant of Win32/AdInstaller
Norman 6.07.07 2011.04.28 W32/Suspicious_Gen2.KEPQA
Panda 10.0.3.5 2011.04.28 -
PCTools 7.0.3.5 2011.04.28 -
Prevx 3.0 2011.04.29 High Risk Cloaked Malware
Rising 23.55.03.06 2011.04.28 -
Sophos 4.64.0 2011.04.29 -
SUPERAntiSpyware 4.40.0.1006 2011.04.29 Adware.MyWebSearch/FunWebProducts
Symantec 20101.3.2.89 2011.04.29 Suspicious.Cloud.5
TheHacker 6.7.0.1.184 2011.04.27 -
TrendMicro 9.200.0.1012 2011.04.29 ADW_FUNWEB
TrendMicro-HouseCall 9.200.0.1012 2011.04.29 ADW_FUNWEB
VBA32 3.12.16.0 2011.04.27 AdWare.Win32.FunWeb.et
VIPRE 9150 2011.04.29 Trojan.Win32.Generic!BT
ViRobot 2011.4.28.4435 2011.04.28 -
VirusBuster 13.6.326.1 2011.04.28 -

So are you sure you want to keep such a suspicious program installed on your computer?
Ever asked yourself how SmileyCentral makes money? By conducting statistics about you maybe? Then selling this information to interested parties?

You have been warned!



Posted by nyxyn at Friday, April 29, 2011
Subscribe to: Posts (Atom)