Month: May 2012

The Importance of Transparent Internet Access

Those of you following the UK tech press, or are affected Virgin Media customers, will be aware of an issue that had been affecting some VM users’ access to the Internet.

There was no apparent rhyme or reason to the websites which failed, and in some cases, the site itself may have been working, but made very slow because other collateral hosted on third-party sites (e.g. performance measurement and marketing tools) were unreachable, or very slow.

One of the most memorable articles is the one which contained the comment “The people in the call centre are extremely dumb and it’s like talking to a tree.” (ISP Review).

Much speculation has been directed at some new or changed traffic management, traffic shaping, filtering, or deep-packet inspection (DPI) going awry inside Virgin Media’s network. It’s well known that Virgin Media apply traffic management in their network, such as “clamping” the bandwidth available to super-heavy users who use more than what VM consider a fair share of the bandwidth.

The concern many (especially the various public rights’ groups) have is that the desire some authorities have to increase the amount of monitoring, blocking access to “undesirable sites”, and logging and retaining things such as email conversations, will only serve to increase the amount of unusual, irregular, and hard to trace, service problems such as these.

One thing to bear in mind is that the technology being used in DPI is still an evolving science. This means it has warts and all. I’ve seen DPI devices mangle packets in transit – including packets which shouldn’t have been touched by the DPI, but allowed to pass unhindered – so badly that they were undeliverable to their intended destination.

It seems likely that this is what’s happened here, so it’s not a load of arm-waving about a hollow concern that’s being raised by those who don’t believe in DPI. There’s a real threat here – of unreliability and incorrectly filtered traffic – to legitimate Internet use.

Which brings me on to every cloud having a silver lining, as they say.

In this case, privately owned North West-based provider Zen Internet decided it was time to highlight the Zen approach to Traffic Management – No Throttling, No Squeezing – issuing a news release explaining how they operate a transparent network, with no DPI, and an open, fair and easy to understand pricing policy for internet access, with no complex rules or hidden gotchas.

Good for them.

Disclosure: I am a (happy) Zen Internet customer, they keep my folks’ home online, and do a very good job of it. It just works. I’m also potentially moving to an area where it seems the only high-speed broadband available might be Virgin Media. I spent about half-an-hour trying to work out how their obtuse and opaque pricing structure worked and which was the right “bundle” for me before giving up and hitting the bottle. I’d rather know that what I’m paying for is reliable and unfettered, if slower.

East Coast data hoovering – an update

Before you get too excited, I’ve not heard anything back from the powers that be at UK railway operator East Coast about the data protection concerns I have after booking tickets online. It’s only been a week. Let’s give them some time…

However, I did make the train journey whose booking let me to be concerned about the excessive and irrelevant data they were collecting, which could only be stored for one reason, and that is to improve their market intelligence.

During the journey, I used the on-train wifi, for which it requires you to “register”, and asks you provide another stream of compulsory personal information. While they didn’t want to know my inside leg measurement this time, again they want to know who I am, where I live, what’s my nearest station, and what is my reason for travelling, again as “mandatory” responses, before allowing you to use the on-train wifi service.

I don’t understand how your nearest station, or why you’re travelling, are relevant to allowing you to access the on-train internet access service. Of course, I didn’t actually put any genuine details in this contact form.

This wifi registration page also presents the “opt-in” for marketing email as already ticked – so if you don’t notice and don’t untick the box, you’re opted in to their email marketing. While it complies with the letter of the law, it doesn’t really feel to be in the spirit of the law.

What’s your perception of East Coast’s data collection and retention policies based on what you’ve read?

Once an iPhone user, always an iPhone user?

I happened to come across an interesting graph while looking at the stats which photo-sharing site Flickr collect from the EXIF data that sometimes arrives with the uploaded images.

One of the things contained in the EXIF data is what sort of device produced the image, who made it, what model, etc. Flickr analyses this in the “Camera Finder“.

Here’s the graph of the most popular cameraphones used on images posted to Flickr over the past 12 months.

Graph of most popular mobile phone cameras that upload images to flickr

One thing this seems to confirm is that iPhone users seem to be a faithful bunch.

The other thing it confirms is the theory that many iPhone users don’t upgrade their handset with every generation, but are likely to “skip” a generation – borne out by the step decline in iPhone 3G images matched by a step growth in images posted from the 4S, while the iPhone 4 only sees a small dip coinciding with the release of the 4S.

The 3GS has a steadily dwindling userbase, and it will be interesting to see if and how these jump ship. I still have a 3GS. In the main I’m happy with it and what it does, and there’s nothing which tells me I need to upgrade to a 4S. I guess that places me into the “long tail” of 3GS users.

It’s also interesting to note the Apple domination of the top 5. I wonder if that graph will look the same by this time next year?

IBM Bans Siri – Over an age old concern…

IBM has banned it’s staff from using Siri – Big Blue has allowed it’s staff to BYOD and use their iPhone 4S on the company’s networks, but banned the use of Siri over fears that the sound bites uploaded for processing by Siri could contain IBM proprietary information, which could be stored indefinitely, and analysed by Apple.

This isn’t a new concern for corporates. It came to the forefront when employees commonly used services like MSN Messenger to keep in touch with their colleagues, and of course all but the paranoid thought nothing of discussing company business over IM, in unencyrpted packets, routed over the commodity Internet, to some server farm their employer didn’t have any control over. Who knows if and how long a messaging service could retain transcripts of chat sessions? Or if the packets were “sniffed” in transit and the transcript rebuilt?

Companies then got wise and started to provide internal IM systems which they had control over, and having their IT departments block external chat platforms (let’s assume we’re talking about vanilla users who don’t know how to punch their way through these things for now). This also obviously helped for things like regulatory compliance.

Most recently, this has moved into the social networking arena, with things such as Twitter and Facebook – people have lost their jobs over committing corporate faux-pas on a publically viewable service. This has opened the doors to platforms such as Yammer, a SAAS-based corporate social networking platform, who seek to give the company back some control. All the things your employees know and love about social networking, but just for your company and it’s staff, with you in control of the data and the rules. Your regulatory compliance people can sleep easier at night.

So, while there’s no current evidence to support the notion that Apple are using Siri to spy on Big Blue, it’s fair to say that IBM aren’t bellyaching: I think it’s a legitimate data privacy concern, and it’s one that you should share.

When you post something on Twitter, or Facebook, or write a blog, you know that you’re putting it out into some sort of public (or shared) domain. You expect other people to see it, and you expect it to be stored (though maybe you’re not clear on just how long it’s being stored!).

I think people’s mindset is different when talking to Siri. They have the concept, in their head, they are talking to their phone, and overlook the fact that what they’ve just said has been uploaded to a server farm, possibly in a location outside of their home jurisdiction, to be processed. Do those of you who use Siri even think about that is what happens? Or that what they have just said has been placed into storage, potentially forever?

So many of the geeks I know are horders by nature, so it’s a force of habit for them to turn on lots of logging and want to keep everything forever (or at least until the storage runs out or they can’t afford anymore), “just in case they need it”, and I suspect the backend of Siri is written no differently, because that’s how programmers are.

Given a company the size of Apple, I don’t think there’s any concerns about the storage running out, and the Siri licence agreement doesn’t say for how long you’re consenting to Apple storing the soundbites collected by Siri. With a large enough sample size, statistical analysis also makes it easier to find needles in such haystacks, and we’re getting increasingly good at it.

Could market intelligence generated from analysis of Siri requests even be revenue stream for Apple in due course?

My opinion is that it is a legitimate privacy concern…

Want to book a train ticket? Then we need to know how many children you have…

…at least if you’re UK train operator East Coast.

I thought nothing of booking some train tickets online. I even got a decent deal. I doubt I could have done the journey cheaper in the car. They wanted me to register with the site, but then, most train companies do. They gave you an option to opt-out of email, which I took.

So, you can imagine my surprise when the next day, I got an email from East Coast, which started with “Now that you’re registered with us, we’ll be able to send you exclusive offers by email…

Erm. No, you shouldn’t be…

So, I thought I’d log into the East Coast website and check my communication preferences.

Not only did it show me as being opted in, but in order to untick the box and opt out, you have to complete some mandatory information in the “My account” page, before it will save the preferences and unsubscrive you from their mailshots.

What sort of information is it asking for?

  • My nearest rail station
  • My year of birth
  • How many children I have and how old they are
  • What the purpose of my journeys usually is
  • Who else I buy train tickets from

Now, having to fill this irrelevant information in just to change your preferences and unsubscribe from a mailing list, seems a bit excessive, don’t you think?

Note that you don’t have to give any of this information when ordering the train ticket itself (otherwise I’d have gone to an alternate online ticket seller, if I’d have known), just if you need to change anything in your account.

Yes, it’s very obvious that they are harvesting this information to build market intelligence, but this should not be collected on a mandatory basis.

I also tried the “Unsubscribe” link in the marketing email they sent, however that seems to have no effect on the preferences shown in the account on their website, which still show me as opted in.

Such an attitude to collection and retention of personal data seems a bit cavalier, doesn’t it?

I very sensibly used a + sign and token in the email address I used when signing up with East Coast, which makes the email address they use to reach me unique to them. So if they are seriously cavalier (i.e. stupid enough to sell it on to a third party) then I know whodunnit.

(Another irony is that the input sanity checking in their email contact form won’t accept a + sign token, of course, while their website will as  part of a username.)

It seems East Coast may find themselves foul of the Email Marketing Regulations and the Data Protection Act:

  • Sending marketing email which has not been asked for.
  • An unsubscribe mechanism which appears to be ineffective.
  • Mandatory collection and retention of irrelevant and excessive data.

I had a quick chat with a very helpful person from the ICO helpline yesterday, about how to approach the complaint, they agreed that it didn’t seem right that one had to provide such personal data in order to change one’s email marketing preferences, and told me to conduct all communication with East Coast in writing and keep copies of everything.

I’ve written (yes, snail mail!) directly to a suitably senior bod at East Coast explaining my concerns, and I’ll let you know what I hear.

DR still in the doldrums – An Open Letter to Digital Region

A few months ago, I wrote about what I percieved to be going wrong with Digital Region, the local-authority backed superfast broadband wholesale network in South Yorkshire.

It seems that matters have not improved since then: a Sheffield-based hosting company, KDA, has written an Open Letter to Digital Region, which pretty much confirms that everything which was true several months ago is still true today, and goes on to suggest that there’s enough experience and skill in the tech community in South Yorkshire to turn this around, if only those in charge were willing (able?) to change tack and allow the community to steer the organisation.

It’s also alluded that a cut-price disposal of the network assets, which should rightly be the South Yorkshire taxpayer’s, for a cut-price may already be in hand, and that a failure of DR will be associated generally with the South Yorkshire tech industry, tarring it’s (generally good) reputation.

DR shouldn’t be the way it is – DR should be more agile than the large telcos, and find it easier to be more focused on the needs of the local userbase, but it isn’t. It seems to be strangled by inflexibility and bureaucratic behaviour, which needs to change if it’s to survive, and deliver the promise that the local authorities set out to achieve. But, at the moment, I’m doubtful that this will happen. The peppercorn sell-off probably feels like an easy way out, however much it’s short-changing South Yorks residents and business in the process.

You can read the full text of the Open Letter here.

A table for 25? Not currying any favour with me…

Many of you will know that I’m involved in organising the UKNOF meetings.

Some of you will know that I don’t understand this obsession that many UKNOF attendees have with going en-masse for a curry (usually with someone’s employer picking up the tab) the evening beforehand.

What is the attraction, apart from maybe not having to pay for it yourself, of sitting at a big long table, when all it achieves is you having to yell at the person next to you in order to have a conversation while receiving iffy service of usually disappointing (sometimes downright poor) food?

It’s no good for mixing and networking, one of the attractions of going for dinner with industry colleagues, as you can only bellow your conversation at your immediate neighbours, either because everyone else is pissed and shouting, or just to make yourself heard over the loud sitar music.

Sitting in tables of 6-8 would help a lot with conversation, and probably improve service as well!

It’s also not a good dining experience. The most recent curry being a particular lowlight, when a) I hardly ate any of what I ordered because it was so unpleasant (and it wasn’t as though I’d ordered a phall!), and b) I was later unwell in the middle of the night. I should have seen the warning signs when they handed us each a sticky, laminated menu card, I guess.

While I don’t think of myself as entirely Grumpy Old Man as yet, I still don’t really see the attraction…

I also can’t talk about drunken behaviour in curry houses without a link to Rowan Atkinson’s Indian Restaurant sketch… It is a tricky bit of floor. Deceptively flat…

Diageo in the (Brew)Dog House…

Anyone who pays more than a passing interest in the world of craft brewing will know that Scottish craft brewer BrewDog narrowly missed out on winning an industry award earlier this week, due to the interference of a representative the event’s sponsors, drinks behemoth Diageo.

As wounded as they may be by what’s happened, BrewDog’s glass is half-full, not half-empty.

Had BrewDog won the award, as originally intended by the judging panel, then it would have most likely made just the industry and local press. However, this story has now made mainstream news (such as the Daily Telegraph article, The Times, the Sun, and morning freebie Metro, as well as on BBC Scotland), because no journalist can resist covering a David vs. Goliath struggle such as this.

Tactics such as those alledged to have been used by Diageo have backfired spectacularly. Not only have they revealed that they do consider BrewDog as a serious threat to their beer portfolio, but it’s got BrewDog the sort of mainstream publicity that money can’t buy.

I’ll raise a (half-full) glass to that… Mine’s a 5AM Saint.