Tinder hacking update


Well, it appears I wasn’t only one receiving these fake profiles yesterday, the Tinder twitter account has been inundated with similar complaints. Symantec even has a page about it. Tinder is claiming these are “spambots” which is a curious choice of words, since it implies that (although automated) these are regular, albeit fake, profiles being filled out and submitted. A better choice of words would be hacked, since in order to do the kinds of things they are doing, they would need access to other parts of the Tinder system. So while I (guess I) believe Tinder now when they say this isn’t their doing (although it still could have been a test on their part that went awry), it is pretty worrying that all that private customer data is being accessed by whoever is hacking them. It implies, obviously, that their systems are not secure.

Who sold my f$#%!ñ& information?


The bane of everyone’s internet existence is unsolicited mail, also known as SPAM. Over the years, I have relied on a series of strategies to combat it including software filters, fake email addresses, throw-away email addresses, and simply refusing to give out my email address except when absolutely necessary. These have had varying degrees of success, but for the most part I have not been overly burdened by SPAM in the past few years. And most big email providers have gotten pretty good about filtering out unsolicited mail. But recently, (at least in my email boxes) there has been an ever growing number of slips, with unwanted mail making its way past the filter and into my inbox. The reason for the vast majority of these is that they are from “legitimate” mass mailing companies who are complying with SPAM laws that allow an opt out or unsubscribe link at the bottom. So, even though I have never subscribed to any of these lists in the first place, I am bombarded with their crap and have to click an opt-out message with ever increasing frequency to get off their list. There is one main reason why one is added to these lists in the first place, and that is that one of the companies you have given your email to has sold your name and others to one of their “trusted” partners (also known as “anyone who will buy them”). The frustrating part in all of this is you have no idea how to trace it back. Who is the evil entity that sold you out? How can you disassociate yourself with them and refuse to use, buy or promote their services anymore? How can they be held accountable for selling you out?

This morning I implemented what is an imperfect solution, but should give me more information and help me to call out and shame the companies that are sharing my (and your) info, and stop doing business with them. I will maintain a list of the abusers and try to draw attention to them in the future so that others may benefit. This is not a solution that everyone can implement, but many can. For the more technical among you, here are the steps, and what you will need (before actually following these steps, read the update below):

1. Create your own domain or subdomain for this purpose (you can do this using any hosting company or for free –minus the cost of domain purchase — at Google Apps for example: http://www.google.com/apps/intl/en/group/index.html)

2. Create a “catch all” email address for the domain. This is an address that will catch any email sent to the domain, and most providers will offer one.

3. Start using this domain whenever you have to provide an email address to a website. So for example, if I am a new user of facebook, I would probably use the following format for my address: “facebook@mydomain.com”. If I am signing up for a flikr account, I would use something like “flikr@mydomain.com”.

Because I am using the name of the service I am signing up for, if I ever get an email going to that address that isnt directly related to that website, I will know who the culprit is. For example, if some magazine is trying to sell me a subscription at “flikr@mydomain.com” I will know that flikr sold me out. I can then blacklist or publicly shame that company. If enough people do this, maybe companies will think twice before disclosing your information without warning you.

UPDATE: As I was writing the above and verifying some information, I came across this site which makes it much easier (for anyone with a gmail account) to set up their own catch system for this type of thing. Go here to check it out. It would probably be a good idea to setup a separate gmail account for this purpose, though.


Beyond estimation of toast


I (like many people) am a user of several IM networks (AIM, MSN, Yahoo, GTalk) in order to allow me to chat with friends in each of these networks. (As a side note, I use a really nice single application called Adium to connect to all of them at the same time.) These networks each have their strengths and weaknesses, but Yahoo’s seems the most prone to being hijacked for spreading spam or viruses or whatnot. Being on a Mac, I am mostly immune to this sort of thing, but the rare messages popping up in Yahoo IM windows from complete strangers are annoying anyway.

This morning I got a message sent to me in Arabic. It was several paragraphs long and since I don’t speak the language, completely incomprehensible. Curious nonetheless to investigate the cultural differences between Arabic and English spam, I headed over to Google Translate to try to decode the message. What resulted was pretty nonsensical. Although there were a few words that alone had meaning, almost none of them taken together mean anything at all (at least in English). However, one phrase did stand out to me as pure poetry: “beyond estimation of toast”.

Thank you, voice from the ether. I will be pondering the mystery of this koan for some years to come.