Blog

This is the Blog of the technical experts at GEN and its companies

How to annoy your visitors with Google ReCaptcha

Screenshot-2019-04-30-at-14.05.55

I'm not a robotFor many years now there has been a steady proliferation of Google ReCaptcha - A free service provided by Google which is used to verify that a human is actually filling out your form. It was annoying when it first arrived on the internet, but the latest rendition takes annoyance to a whole new level with poor quality images, multiple pages to select and more. So why do so many websites choose to irritate their visitors with Google ReCaptcha?

Well, firstly its free, and readily integrates with most hosting platforms. Secondly its thought to be effective and Finally for whatever reason people think it's a good idea. In reality, that's not at all the case, it is free, but there are serious privacy concerns and its not effective as it can be bypassed easily with a browser plug-in or broker service and finally I don't think there's a complete understanding of just how annoying it is especially for those on small screens or those with imperfect vision or hearing. But first let's talk about privacy as that's a hot topic these days. 

Privacy Concerns

If you click Privacy or Terms from the Google Re-Captcha box then your taken to generic Google Privacy or Terms which make no reference to ReCaptcha or what it will collect. This odd behaviour could only be by design. If you dig deeper into the Privacy Policy for ReCaptcha which is nearly impossible to find you discover the following. 

  • reCAPTCHA is a free service from Google that helps protect your website and app from spam and abuse by keeping automated software out of your website.
  • It does this by collecting personal information about users to determine whether they’re humans and not spam bots. reCAPTCHA checks to see if the computer or mobile device has a Google cookie placed on it. A reCAPTCHA-specific cookie gets placed on the user’s browser and a complete snapshot of the user’s browser window is captured.
  • Browser and user information collected includes: All cookies placed by Google in the last 6 months CSS information The language/date Installed plug-ins All Javascript objects

Blimey, who knew? After reading that do you still believe Google Re-Captcha is a good idea for your website? 

  • The Google reCAPTCHA Terms of Service doesn’t explicitly require a Privacy Policy. However, it has the requirement that if you use reCAPTCHA you will “provide any necessary notices or consents for the collection and sharing of this data with Google

But this is often if not always overlooked by website owners, in fact I cannot think of a single website using ReCaptch that actually notifies you prior to its use that your going to be sharing a bunch of data with Google just by clicking "I'm not a Robot". Let's review and expand on the Privacy Policy and what is collected...

  • A complete snapshot of the users browser window captured pixel by pixel
  • All Cookies placed by Google over the last 6 months are captured and stored and an Additional Cookie is stored. 
  • How many mouse clicks or touches you've made
  • The CSS Information for the page, including but not limited to your stylesheets and third party style sheets. 
  • The Date, Time, Language, Browser you're using and of course your IP Address. 
  • Any plug-ins you have installed in the browser (for some browsers)
  • ALL Javascript including your own custom code and that of third parties. 

So at this point, you as a website owner are obligated to disclose to your users that by clicking on the I'm not a robot re-captcha you as a visitor AGREE to all the above being shared with Google, which is not only an inconvenience but pretty much no one does it because in most cases they don't fully understand what data is being shared. This can be a real problem especially in the EU now where GDPR has caused many websites to display mandatory and equally annoying cookie confirmations, and even restricts access to a large number of really useful sites from within the EU.

Annoyance

CrosswalksTry again laterIn a recent survey conducted by GEN with our business customers we included a question about Google ReCaptcha and asked users to rate how annoying it was from 1 to 10 with 10 being the most annoying, and we came back with 94% who though it was the most annoying. Now its a small sample set of a few thousand users but it does indicate a general appreciation of the inconvenience it presents. Personally, when I see the 'Im not a Robot' box unless its absolutely critical I'll just close the page and move on to something else, and this is a view shared collectively at this office as it probably is a most. 

For those outside of the USA, a crosswalk is what the Americans call a pedestrian Crossing, in the pictures its the white lines across the road but of course in most of the rest of the world these are black and white or black and yellow. This is a regular mis-understanding as is Palm Trees which are the trees with the leaves at the top, and never seen in many countries. 

If your Not a Robot and I am certainly not then its easy to wind up with the dialogue to the right after getting a couple of images incorrect, after which your screwed and cannot continue to submit your form without closing the browser, re-opening and filling the whole thing out again. That is really really Annoying. 

Alternatives

There are a whole myriad of alternatives to Google ReCaptch, most of which are self hosted and have none of the privacy issues associated with Google ReCaptcha. The general trend these days with Captcha is that its not required anymore since form submission mechanisms have evolved to use a hidden captcha which is in fact a generated seed on the form that is passed and validated server side on submission. A robot (or bot) would want to POST the form without filling it in which this hidden captcha easily defeats. Further validation of field types can pretty much eliminate bot POSTing and removes the need for anyone to click traffic lights, fire hydrants, store fronts or any other collection if images whilst providing Google with your personal information. 

SummaryCars

  • Google Re-Captcha is not infallible and can be defeated by browser plug-ins or brokers. 
  • Google Re-Captcha has serious privacy issues especially in Europe. 
  • Google Re-Captcha is annoying to visitors and deters customers. 
  • Google Re-Captcha can present images of such poor quality (to the left) that no one can accurately guess them. 

If you are using Google Re-Captcha on your website then look for alternatives, there are many out there and many of those will not require the customer to enter anything and work silently in the background. If you have a GEN Hosted website and would like assistance in replacing your Google Re-Captcha then please raise a ticket at the HelpDesk and we'll do our best to assist you. 

In writing this article, we rely on sources from Google's website and others. We make every effort to ensure accuracy but things do change especially terms and policies so be sure to check the current status. 

Continue reading
  2 Comments

Copyright

© 2019 GEN, E&OE

Recent Comments
Guest — Baranee Bjoha
Great, I was just about to order food via UberEats and guess what... "Try Again Later" bullshit. I wonder how much business they l... Read More
Friday, 24 May 2019 12:04
Guest — Moe Badderman
reCAPTCHA is the biggest waster of time on the 'Net, but the lack of instruction for the comment form of this website is a runner-... Read More
Saturday, 30 May 2020 05:41
2 Comments

The Food Delivery War (Deliveroo, Just-Eat, UberEats) Comparison and Analysis

food-delivery

There is no doubt in my mind that being able to order food online and have it arrive at your home or business half an hour later is a wonderful thing, but not all services get it right, and some get things badly wrong. We collectively decided in our office that we'd use each service daily for 1 month and review the performance and shortcomings of each on this blog. This isn't a conventional tech related article but we think its something of interest. We'll go through each service provider in the order we tested them and provide an insight into the strengths and weaknesses of each service, finally we'll summarise the three and give our views. If you find this article useful and interesting then please rate it. 

 

 

DeliverooDeliveroo

Now Deliveroo is probably the best known provider in the market, and I do like the branding even if its a little juvenile, but how about the actual service?

Deliveroo has a phone App, and a website, both of which work fine. You are required to supply your email address and phone number (which can be a landline which is great). The entire registration journey was simple to follow and easy to do.

The selection of outlets available via Deliveroo is reasonable (we're in the city centre here) and the general layout and operation of the website is good. 

Placing an order is a simple matter of selecting the restaurant, selecting food by adding it to a basket and then checking it out. Some restaurants allow changes to food items such as add/remove sauces, topping, and so on, but some don't and that's more the restaurant than deliveroo's fault. 

Once the order is placed, your taken to a map showing the outlet and your home/office which updates every few seconds. There can be a significant delay between the ordering and the assignment of a rider, the rider arriving at the restaurant and any changes on the map, and this is because delivery agents (riders) can pick and choose which delivery they will take, meaning the restaurants further out can be waiting literally HOURS for someone to transport your food. Regardless, Deliveroo keeps you informed of the process so you know when someone has taken the job and when the food is actually collected, after which the map will update showing the location of the agent (rider) and this is really helpful in judging arrival time. 

The competence of the delivery agents is extremely variable with some unable to read street signs and house numbers whilst others able to quickly arrive at the correct premises. In our test period we found that around 80% of agents found the property quickly and easily (it is very obvious and clearly marked) with the other 20% ranging from wandering around, going to the wrong premises and even just dumping the food and running after marking it delivered. There is no way on Deliveroo to rate the agent (rider) or even the restaurant so deliveroo has no way to track performance and penalise those who fail miserably and this I think is an area that needs urgent improvement. 

In the event that the agent just cut and run, or delivered the wrong order, Deliveroo were quick to respond and just refunded our order, which was great for us but I'm not sure if that information is fed back into the network to penalise the rider or outlet for their respective cockup. 

 

UberEatsUberEats

A latecomer to the food delivery business, Ubereats seeks to capitalise on its taxi business by using that same resource to deliver food, and why not. The UberEats website rejects our email address as 'invalid' even though its not of course, and further demands a mobile phone number before it will proceed. We used an iPad Pro with a SIM card as the mobile number, and had to register up a gmail account to get past the invalid email nonsense. Poor design and coding aside we eventually managed to get registered and a text message was sent to our iPad with a code to verify and we're up and running. This 'verification code' isn't a one off, you'll be hassled to enter it time and time again for some unfathomable reason and this is a real pain. 

The ordering process is very similar to Deliveroo, with a matrix of restaurants to select, food items to select and then the old basket add before checkout. One thing you do notice with UberEats is the multiple entries for the same restaurant at a different location. For McDonalds as an example we have 6 different listings for 6 different locations, and we have to choose which one we want. That makes no sense. Surely we should have one listing and UberEats Decides which outlet to order from based on distance? 

After we've check'ed out were presented with a similar screen to deliveroo showing the outlet and delivery agent and again this map updates periodically. As with Deliveroo UberEats suffers the same loooong delays on some deliveries simply because they don't have enough resource and allow delivery agents to pick and choose what they collect and deliver, but unlike Deiveroo, UberEats doesn't keep you informed of the process and your just left watching the map with the expected delivery time shifting further into the future with each update. In one instance we were waiting just over 2 hours for a delivery and there's no way to cancel it and no indication as to the holdup. This can be frustrating especially when your dinner break is an hour between 12:00 and 13:00. 

When considering delivery agents and their competence, UberEats was slightly better than Deliveroo with approximately 90% of agents finding the location and delivering the food quickly and easily. The remaining 10% just drove into the street and tried to call the mobile number that we'd been forced to use during registration, this is as I said before a SIM card in an iPad Pro so its not going to ring no matter how many times you call it. Some agents eventually prized themselves out of their cars and came to the gate whereas others just marked the food as delivered and drove off. UberEats DOES have a system to rate the delivery agent AND the restaurant and that's awesome, but, you don't get to choose who you have deliver the next order. When ordering your shown the rating of the delivery agent, but whether its 50% or 99% is pot luck and you don't get a say in it. The rating is however quite accurate and those with a low rating were indeed the ones who didn't show up or delivered our food elsewhere. One guy actually refused to come through our gate claiming he had a phobia of gates, but seriously how can you delivery food to the door when you can't get through a gate?

When there was a cockup, UberEats was nearly impossible to reach with us eventually having to leave a message via their website, and even then just trying to convey the issue presented many challenges. Out of the three, Ubereats has by far the worst support should you ever need to contact them. If you loose access to your email address or phone number then you are literally screwed as ubereats will only contact you on those and you can't change them without being able to reply to an email FROM the address you're trying to change. Considering this level of stupidity from Ubereats you may find yourself burning through a few accounts as its easier to just register up another account than try to fix the one you have. 

One point to note here, UberEats has absolutely no facility to change the mobile number you used when your signed up. We would have loved to change that to the office landline so we'd be able to receive calls, but we can't and we're stuck with a number from an iPad pro. 

 

JustEatJustEat

Just-eat has been around for a while now and tends to offer restaurants that are further out of town and not available on the other two which is nice. Just-eat unlike Deliveroo and UberEats is not limited to city centre restaurants and for that we're grateful. 

The sign-up process was painless and unlike UberEats it accepted our email address and allowed us to enter a landline. The range of restaurants was reasonable and accessing them was also ok. The ordering process is a little more clunky than the other two but it's certainly do-able once you get used to having to 'Add' a subtraction to an order. The checkout process was fine but the post order tracking was less comprehensive. There was delivery tracking once it left the restaurant for some outlets and that seemed to work well but not for all. Each restaurant will use its own people to make the delivery so just-eat is simply the order taker, not the deliverer. 

Delivery times were rarely what was quoted with an hour being the norm, but Just-eat does allow you to enter a delivery 'note' into which we could enter "Press door phone and side entrance" which was a neat future and meant that some delivery agents actually came direct to us without going to reception first. Just-eat has a rating system allowing us to rate both the food and delivery time but not the delivery agent and its not immediately obvious how to get to this screen. 

Just-eat does allow you to have more than one address which we found especially useful so we could use the same account for both office and home whereas the other two needed a separate account for each that was awkward to use and was unable to be used with their APPs.

Just-eat provide online chat and a number to call when it all goes wrong and they were fairly quick to respond and issued a refund where needed. 

Notwithstanding the delivery times and lack of tracking, we felt Just-eat did ok and we'd certainly use them again. 

 

Price Variance

In order to correctly study the price differences between services we found a restaurant that is on all three services, and we ordered the exact same items on each, here's how they compare...

Service Food Cost Delivery Charge Total
Deliveroo £21.00 £3.15 £24.65
UberEats £19.35 £2.50 £21.85
Just-Eat £21.00 £2,50 £23.50

 

On a single order your looking at a saving of £2.80 (or 11%) when selecting UberEats over Deliveroo, but over a year of ordering assuming you're spending £50 a week on deliveries over 48 weeks you would save £264. Its worth noting at this point that Deliveroo offers a monthly payment plan of £11.49 which then gives free delivery on all orders (delivered by Deliveroo) and Ubereats has for months been suggesting its going to offer something similar. If your a regular buyer then this may work out in your favour but we didn't take this option and its not included in the table above. If you are considering such an inclusive delivery option then check out the small print because there could be restrictions that are going to make it less economic. 

 

Summary and Thoughts

Some studies we've read suggest that 70% of restaurant business will be via delivery, but there's no guarantee and the services above are going to be the ones leveraging that change but is it all good news? Well not for the local Pizza, Chinese or Indian takeaway's who traditionally dominated the home delivery market with their own drivers, now relegated to the sidelines by the big three, and we're hearing of restaurant owners who are being pressured into paying the big three to delivery their food over and above the delivery fee that we're paying, but for us as consumers it can only be good. 

Whichever you prefer, you may well have to use all three because of the exclusive deals done by each. For example McDonalds is exclusively UberEats, BurgerKing is UberEats and KFC is Just-Eat and this is unlikely to change anytime soon. Independents are often represented on two or more as this makes most sense. 

From an ecological perspective, Deliveroo is mostly riders on bicycles, whereas Ubereats is mostly cars claiming to be bicycles. Just-Eat is almost always vehicles. I would hope that in the future, the use of bicycles and electric vehicles would be an order option or be otherwise highlighted as an initiative. Likewise, all three should do their best to leverage a reduction in plastic packaging and waste, highlighting those restaurants who comply etc. 

If you have a problem, then Deliveroo were quick to address it, Just-eat were slower but always responded positively, and Ubereats simply isn't worth your time so let it go. 

None of these services allow ordering from more than one restaurant at a time. When you have a city centre environment and our office we often found some people wanted food A and others food B but we could only order one. This wouldn't seem to be an impossible issue to solve and would give one provider a lead over the other but no sign of it yet. 

We also found the 'delay' before anything was delivered to be annoying but understandable. A suggestion here would be to have a realistic delivery time based on capacity and an option to cancel the order if its too far in the future. 

We sincerely hope you find this article of use and would appreciate your comments and ratings. 

 

Continue reading
  0 Comments
0 Comments

SocialMedia, Google, Bing, Yahoo, Amazon, ISP's, Government Tracking and Personal Data Leakage

After our post 'In defence of social media" which itself was a response to the disproportionate news coverage of Facebook specifically, there have been many responses generally accepting that it should have been common sense that nothing is 'free' but that there was a clear mis-understanding on how people are tracked online and what exactly is collected and by who. This isn't unreasonable because the whole tracking and collection industry is shady and insidious, and just for clarity I was correct when I said GDPR will make absolutely no difference. So, how about we look at a few specific examples of data capture from some big players in the market...


Let's start with Facebook, purely because it was the subject of recent news stories. 

ChavbookFacebook of course collects everything you feed into it, this includes you name, address, date of birth (if anyone actually uses their real date of birth), phone numbers, email addresses and so on. This data forms the root record (the record to which everything else is attached). 

To the root record we then add everything you view, everything you like or dislike, everything you post (Images, Text, Links), every message you send and receive and every ad that is displayed or clicked. 

Associations are also added, that's "Friends" and the interactions between you and your "Friends" are also logged and common interests or appearance in common photographs are also recorded. 

If you use the Facebook app on your mobile device then your location (unless you deliberately disable it) is recorded and stored. 

If you are unfortunately enough to have used your Facebook 'login' to login to third party websites then a record of that site, when you use it and for how long is also included. 

Facebook was reportedly paying people to give up their privacy by installing an application that sucks up huge amounts of sensitive data, and explicitly sidestepping Apple's Enterprise Developer program rules. This has now been brought to a shuddering halt by Apple, so thanks Apple. More information on this one HERE.

As you can see, Facebook stores pretty much everything you do and that's their business model, you get to waste hours of your life that you'll never get back and Facebook sells the data they collect from this activity. There's nothing wrong with this business model, it works and has been around for decades. 

Pinterest, Instragram(which is now Facebook), Tumblr and so on

These sites, which are generally 'image' sites record everything you add into the profile, a to that they add everyone you follow, every image you view (and for how long) and further some of these scan the images uploaded, recognise faces and then form internal relationships between the images and users. There's nothing wrong with this business model either of course, except perhaps the fact that the moment you upload your image, its no longer your image but that still doesn't stop people using these services. 

Twitter

TwatterNow Twitter has been around for a few years and is basically a 'feed' services where you follow topics and people and you'll receive updates from them. Its a simple model yet an effective one. Twitter records your posts, reads, follows and followers. It also records every link you follow from posts. Twitter inserts 'ads' into your feed which is annoying but not a show stopper and these are of course paid for by the advertisers. The rest of twitters revenue comes from selling your data to third parties which is again a good sustainable business model. In the early days Twitter was wide open to abuse where 'fake' accounts were created in celebrity's names causing unsuspecting followers to be duped and further be directed to 'donation' or 'malware' sites but Twitter put a stop (mostly) to this by 'verifying' some celebrities to remove any confusion. Twitter also allows the embedding of links, audio and now video into the feed which is great but also brings with it a new set of challenges around protecting users but also provides additional tracking metrics. 

 

Google

The Evil OneGoogle is a huge company with many 'services' most of which are 'free' to use. Let's look at probably the most common service, the "search" engine. There's no denying that Google.com is a great search engine and if your looking for something a little obscure then its your go to engine, but let's look at what's captured. 

When you Search on Google, the search term is recorded along with the results, which results you click on, and the time taken for that click. This simply makes associations of interest between your google profile (if you created one, or a unique identifier if you didn't). This in itself isn't really bad and you would expect them capture this information surely? This information (search history) is further used to focus future searches so the more you use it, the more likely you are to get more applicable results but this is the official line and don't ever believe that Google is the only search engine, its not. Because of the way Google adds sites to its index, sites with large budgets and resources always find their way to the top results even if they aren't applicable at all. Moreover, Google adjust results of political, social, personal or controversial searches to add their bias to the results you see, and many would argue that this 'bias' that most don't even realise is wrong on many levels. Some other search engines such as DuckDuckGo, etc often produce more evenly weighted results and without adding their bias which some may prefer. 

Getting back to Google the company, we need to talk about google analytics which is yet another 'free' service allowing website owners to get insights into visitors which is actually really useful, but for that to work Google needs to be able to connect YOU as a person to that site which it does easily. This gives Google not only your search queries, results, and clicks but also now most websites you visit, when you visit them for how long and what you do on those sites. Now we're starting to collect some seriously valuable data and this is of course the business model again, you get lots of free services and Google makes money from advertisers and the data. Google allegedly purchased shopper data from MasterCard which again when augmented with your online profile just adds a wealth of additional behaviour data. 

That incredibly annoying "I'm not a Robot?" - Well that little thing captures a vast collection of personal data and all you have to do is click some pictures and be annoyed by it. 

Other Services (Gmail, Google Docs, Groups, Google+, Google Drive, and so on)

Google offers a bunch of other 'free' services all of which are quite useful, but to use these services you'll need to provide your mobile phone number, which you are forced to verify by entering a code from a text message. Using these services each bring yet more data to the profile they are maintaining on your behalf. Every email you send and receive via Gmail is scanned, stored and linked. Every document you add to Google Docs is scanned, stored and added, any file you store on Google Drive is scanned Stored and added, are you seeing a pattern here? Nothing you do on any Google service is private. How about Google Maps? A very useful tool if you want to find somewhere, but yet again everything you look at is recorded and added to your profile. If you have an Android phone then your location data is also added to your profile along with your messages, apps installed, app usage, contacts and so on. Google Home is a voice assistant and speaker for your home, but again anything you ask it is stored and added to your profile data. 

YouTube (now owned by Google) again stores the video's you want, channels you watch, comments you make and so on. 

Android, the phone operating system developed by Google as open source has its own class of information leakage in that every app you install and use is tracked and unless you specifically disable it (and there's still a debate if you can disable it) then your location is tracked using your phone's GPS data. Mapping this allows Google to track all the places you visit, shops you visit and for how long. 

Google Chrome is a web browser developed by Google and is again free to download and use. Within this browser there are options to 'store' your credentials and bookmarks in the Cloud and this does then of course give Google this data to further add to the profile. We also noticed that Chrome (unlike other browsers) created several local files storing your search history, browser history, and so on for reasons unknown. The files are unprotected meaning that we (or any malicious or otherwise software) can easily read them to obtain this information. At the time of writing we also noted weak protection of your stored passwords, but this isn't specific to Chome and several other browsers are also easy to crack. 

So Google know what you search, what you view and for how long and how often, what you buy, what you look at but don't buy, how often you buy something, what you read, what you post and what posts you read, what pictures and video's you view, how often and from what websites which is what everyone expected, but wait, google recently were exposed by the EFF for using methods to bypass Apple's protection and capture users screens. Read the linked article HERE for more details. 

Bing & Yahoo

BongBing is a search engine that is pretty useless in fact and is even more unfairly weighted towards sites with $$$ and subsequently doesn't have any significant market share (about 7% at time of writing) but that doesn't mean that they don't store you searches, links clicked etc which they do. There's a 'relationship' between Microsoft and Yahoo which goes back several years and brings Yahoo results into the Bing search engine which is probably a good thing but this also brings Yahoo free services such as Yahoo Messenger, Yahoo Groups and so on into your search footprint. Yahoo itself has been bought and sold several times and the actual ownership is hard to pin down but we do know that the majority is owned by Oath inc (part of Verizon) at time of writing. 

Generally speaking the use of Bing and Yahoo is fairly limited these days with about 4% market share (at time of writing) since Bing's search results are limited and Yahoo's reputation has been shredded with past data breaches. The use of Yahoo mail brings with it the same issues that Gmail has, your email's and everything in them are scanned and stored. Microsoft's Hotmail is exactly the same and why shouldn't it be so, its free after all. Yahoo's Geocities which is pretty much dead now and Yahoo Groups, if anyone still uses them, bring yet more profile cross linking with group 'Members' being associated by topic and post and of course you must have a 'yahoo' account to participate.

GeoData

Pretty much ANY app on your mobile device, for android at least is able to track your location using your device's built-in GPS. For Apple devices it's harder but still perfectly do-able. Collecting this GPS data, as you may suspect would enable the processor of such data to be able to track your movements throughout the day. For modern laptops running windows there is also a leak of GPS data to installed programs and even webpages under certain circumstances. Apple Laptops are by default prevented from leaking GPS data but this can be overcome especially in earlier versions of MacOS. Your Car, if it has satellite navigation, records your start, end and route in its entirety and the more upmarket vehicles ship that data over the cellular network back to base. If you combine this GPS data with detailed mapping information and you can easily link GPS co-ordinates with the places (shops, schools, etc). 

Internet Service Providers (BT, PlusNet, Virgin and so on)

Some reading this may not be aware that your Internet Service Provider has access to every website you visit. They do this via DNS which is the system that converts a domain name into an ip address. Unless you specifically override it your ISP will route your DNS requests to their servers which then accumulate your website requests against your 'session' which is your current IP Address linked to your account. Using SPI (Stateful Packet Inspection) your ISP can also record what you actually do online such as listening to music, watching video, making phone calls, instant messaging, and so on. All this data is accumulated and stored indefinitely and in this country at least is made available to law enforcement without a warrant. 

Amazon

AmazonThe Amazon ecosystem is slightly different to the general model as there's no 'free' services, you need an account to be able to buy online, download books, listen to music or watch videos, but that doesn't mean the company won't collect your data because they do. Everything you search for on Amazon is stored and kept, everything you listen to, read or watch is stored and kept and all this profile data is used to target search responses and advertisements to your specific interests. Amazon don't make any guarantees not to sell your data (that I can find) so its safe to assume they probably do. Amazon also has 'Alexa' which further arguments the profile by storing what you ask and do with the devices but this in itself isn't bad and can be used to tailor responses based on your past history. The Amazon Ring Doorbell on the other hand is nothing but a storm of privacy issues. The doorbell records what it sees from your front door, continuously and that video is stored at Amazon. You, as the purchaser of the device have no rights to the data and it clearly states in the T&C's Ring and its licensees have an unlimited, irrevocable, fully paid, and royalty-free, perpetual, worldwide right to re-use, distribute store, delete, translate, copy, modify, display, sell, create derivative works, in relation to the footage taken from your front door, and you paid for the privilege. Whilst there is no law against recording your street in the UK, giving your live video to a third party who can do whatever they like with it would certainly seem to be unwise if not unlawful. With the application of face and numberplate recognition those third parties could potentially identify people walking and driving on the street which takes this to a whole new level. Can you stop it? Nope, this doorbell only works when the internet works, and when the internet works its uploading your video to who knows where. 

 Local Government & Agencies

The Department of Privacy InvasionYou may or may not know that your local council is at liberty to sell your personal data to anyone willing to pay. They call this the electoral roll but in fact its just a dump of all the people registered to vote + council tax payers. When you combine this with data from a company like Cameo you then introduce affluence and net worth, link that with Experien or Equifax and you now have credit worthiness, loans, mortgages, bank accounts and the list goes on, all free to purchase.

The DVLA is now also selling your details to companies so if you own or are the registered 'keeper' of a vehicle that data is now also up for grabs. 

And of course the Census data, that you MUST complete legally is made available for sale to anyone who wants it and this is of course why the Government is exempt from GDPR along with the Police, the Military, and anyone else who you may want GDPR to actually apply to. 

Paypal

The payment provider allows easy transactions available on many websites and vendors. Paypal collects the product, price, location, currency, and store and records this at point of sale. Whilst this information can easily be justified, Paypal are at liberty to sell this data to anyone else which further compliments your online profile with validated purchases. 

VoIP

There are an ever increasing number of "Voip" Providers, most of which are just reselling someone else's service who are actively pushing Voice over IP to anyone who will listen. There's no doubt that Voice over IP will become the norm in the future, but currently there are significant risks to its uptake. In an earlier article we showed just how easy it is to intercept voice traffic as it passes through the internet and this of course makes is really easy for anyone, government or otherwise to capture and record telephone calls. There are unconfirmed rumours that our own government is already capturing our internet traffic for analysis and of course voice traffic would be part of that. If you're familiar with the abilities of modern voice analytics then you'll know that your conversation can be quickly converted into a transcript and searched and/or archived. If you've taken up VoIP then ask your provider if they are using SRTP (Secure RTP) and you'll be told either No or they will lie to you. As it stands in the UK marketplace we are the ONLY VoIP provider offering voice encryption but be aware that even our voice encryption is only encrypted up to the point it leaves our service meaning we can ONLY guarantee voice security between GEN VoIP Customers/Sites. To many this shouldn't be a concern especially considering how much of your data is already in the wind but for some this is a serious unmitigated concern. 

The Cloud

There are two distinct flavours of "The Cloud". Private Cloud is business class internet based storage and services as provided by a myriad of providers and for those enterprise class providers you can be assured that your data, servers, containers and systems are secure and protected. Public Cloud which is often 'Free' is the sort of services provided by Microsoft (OneDrive), Google (Google Drive), Amazon, DropBox, Apple (iCloud Drive), Datablaze, Box, FlipDrive, HiDrive, iDrive, JumpShare, Hubic, Mega, pCloud, OziBox, Sync, Syncplicity, Yandex.Disk etc, and these services are absolutely NOT SECURE. This is not only because they are frequently compromised but because there is zero accountability because it's 'free' and provided 'as-is'. NO business should ever use Public Cloud services for storing business critical data. If its important to you then use a service that you PAY for and that has a degree of accountability. 

Cross Contamination

Since tracking to your personal profile is done via Fragments left on your computer, or cookies/sessions left by website's or even by your browser screen size and in a recent discovery by your sound card then allocating your activity to you is fairly good but there are some cases, especially in companies where internet access is proxied and where only a few 'login' to accounts that others activity can be falsely attributed to your or others profiles. I have personally seen this whilst writing this article when I requested all my activity from Google. Digging through it and remember I never use Google I found a bunch of searches performed as recently as earlier in the week that were from other users on the network which somehow wound up in MY profile. I have no idea how common this is in the real world. 

Controversy

There are some claims on social media that Google, Facebook and others are always 'listening' using the Microphone in your equipment, but this has largely been disproved by researchers at the time of writing this article. That doesn't mean it categorically does not happen or that it does, simply that the evidence to date suggests not. 

Obfuscation

Services such as VPN's and of course the ever popular Tor Browser are ways to obscure your real identity online, but you'll discover fairly quickly that the services above either don't work at all or are crippled deliberately. Google for example returns some made up message about unusual traffic. As VPN's come and go there will always be a short time before the services get blacklisted but this will never be a viable solution long term and as you'll discover in our article "A VPN will not save you" following this approach requires strict discipline and limitations. 

The sale of data and the data market

All of the above can produce fairly detailed and valuable profiles of your online AND offline activity but when the separate data collections are combined you start to have very complete profiles linked directly to an individual. This is what worries people more than Facebook and Google. Given that your data is bought and sold on a daily basis, some of these companies have a complete record of pretty much everything you do. Let's see what the total footprint of an average teenager today is

  • Your Name, Address, Race, Religion, Ethnicity, Phone Number(s), Email Addresses, family members, friends, loved ones, and associates. 
  • Your bank accounts and balances, credit cards, loans, and payment history. 
  • Your vehicle, make, model and registration, current tax and MOT status and how much you owe on it if anything. 
  • All Google/Bing/Yahoo searches, Clicks and All Sites visited, comments and posts.  
  • Every instant message you've ever sent or received and the content of all. 
  • All your photo's and the date/time and location they were taken along with everyone who can be identified in them using face recognition. 
  • Your location to within 5m at any time of the day and where you've ever been and for how long, how often and with who. 
  • What music, sports, products, services, video's, you like, dislike, watch, download or buy. 
  • Anything you've ever purchased or sold online, be that clothes, shoes, groceries, electronics, etc. 

I think now you must be starting to understand how the data business works and how your pretty powerless to stop it without some radical changes to your lifestyle and even then its too late for most people. Its important to be aware that these companies have done nothing wrong, nothing illegal or even shady, they are all businesses and their business is your data. I personally like Facebook & Twitter and Google is a good search engine but YOU need to make informed decisions on what services you use online, and what information you surrender to those services, because changing a few settings on their website will make ABSOLUTELY NO DIFFERENCE.

Apple

AppleWhether you believe it or not, Apple has taken a fairly adversarial approach to data protection, committing to protecting your data not only on your devices but also online with anti-tracking features in their browser (Safari), but in the scale of things and despite Apples best intentions it's not going to make very much difference in the end. The only way for Apple to make an effective dent in the data collection market would be to block all social media and search engines from users devices, which they won't do for obvious reasons and in the real world everyone has to make their own decisions on what they do and don't use. 

 

The near future

There's no doubt that data collection and dissemination is a business model that's here to stay, and you have to look at both sides of the argument. Imagine how much easier it is for our Police to be able to tell exactly who was where and when, Imagine how pattern analysis of messages and movements can identify possible crimes before they are committed, or imagine a world where your every move is recorded, analysed and reported. There's always two sides to it. 

Notes: 

Although GEN VoIP Encryption can only secure voice communications between GEN VoIP Customers/Sites, We also offer VoIP encrypted to Mobile Phones using a local App so for Company Site <-> Company Mobiles we can guarantee voice security.

 

Continue reading
  3 Comments

Copyright

© (c) 2018 GEN. E&OE

Recent Comments
Guest — kumar
Consider my suitably enlightened!
Thursday, 06 September 2018 10:09
Guest — jerald g
thank you. I've removed all my files from onedrive and will be storing them on my pc from now onwards.
Saturday, 02 February 2019 10:09
Guest — best online bingo
Monday, 21 October 2019 07:29
3 Comments

In defence of Facebook and Social Media

a_glossy_vector_facebook_icon_by_lopagof

There's a lot of hysteria in the news around Facebook and personal data, and that's fine it's a slow news week, yet the real truth is that Facebook did nothing wrong. 

Facebook, like all social media, is a business, plain and simple. Their business model is to provide a free service to you, and from that collect information and then sell that information to third parties for the purposes of advertising, marketing, market research, and analysis. A wise man once said in relation to internet services,

"If you don't pay anything for a product, then you Are the product"

and its true of Facebook just as it is for Twitter, Pinterest, Instagram, Snapchat, WhatsApp and so on. You use the service for free, and the company running the service and spending significant sums to develop and maintain it gets free and unrestricted use of your data. Sounds like a fair deal to me. 

Facebook will tell you its in the agreement you accept when you setup an account, and it is, but its also just common sense. So, delete facebook if you wish or keep using it in the knowledge that they will collect and sell your data as part of their business. This same framework applies to all social media, the majority of 'free' apps you can download for you phone, and other free services such as google, gmail, yahoo, bing and so on.

If, for whatever reason you object to any of these business models and do not want your personal data scanned, analysed, sold and so forth then that's your right, but don't whine about it on the very service you're complaining about! 

Outraged

To those still outraged at the idea that Facebook sold their data, Facebook is just one of many that you will undoubtably use and they are all doing what Facebook does, so singling out Facebook does indicate a certain online naivety. For anyone who uses 'free' email, did you know every email you send and receive is read and analysed by the company operating the service? Did you know that every time you use google to search for something they track not only what you search, but how long you spend looking, what you click on and for how long? Did you know that every picture you've ever uploaded to a photo service such as tumblr, pinterest, instagram, and so on is then scanned and faces recognised and cross linked between users? Did you know that the Chrome browser stores everything you've ever searched for in a file on your PC? 

I could go on and on so get with the programme and understand the model at work here and then make informed choices about what you will and won't participate in. 

Loss of control

One subject that has been asked a few times recently is how do you withdraw your consent for your data to be used? and the short answer is besides some 'settings' that change very little, you cannot. Whilst you can write to some companies and express your wish they have no obligation to take account, and further since they've already sold your data many times over the chances of you being able to track down all renditions and withdraw them all is zero. If you've used social media, search engines, free email then it's simply too late, but you have an opportunity to educate your children and ensure they make informed choices. 

This article generalises the business model although it is understood that each company may vary their model specifically for their users. There is no complaint or blame here, just education. E&OE. 

Continue reading
  0 Comments
0 Comments

GoToAssist, problems or end user chaos?

GoToAssist

For many years we have been a customer of GoToAssist from Citrix (now LogMeIn) as a reliable method of providing remote support where its needed with the minimum of effort. The end user client can be downloaded from fastsupport.com on Windows & Mac (No Linux Support at present) and a simple 9 digit key connects the client to our support team. Because of the way GoToAssist works using HTTP channels for the connection it can operate through most firewalls and proxies without special considerations which puts it ahead of other point to point remote control tools. You can even remotely support users and servers from an iPad with a well implemented app. You can get a 30 day trial on the GoToAssist website.

For unattended machines such as servers or regular clients you can setup 'Unattended Support' which will allow you to remotely connect to a machine without the client having to do anything. Over the last few months we've intermittently noticed machines on our 'unattended' list that we don't recognise but as there's several people who use it regularly I had reasonably assumed it was one of my colleagues. 

Today I noticed three new Unattended hosts.

I took the time to ask around who had created these and to my surprise no one had any idea. Clicking on one of them established a remote session with a machine at a site that we knew nothing about and didn't setup. Moments later the workstation was unlocked and were given desktop access. We immediately terminated this connection and contacted GoToAssist for Support. Despite their support line dropping our calls and their community forum preventing us from posting they did get back to us quickly and conducted an investigation. 

LogMeIn, who took over GoToAssist identified that some of the workstations we were seeing on our account were in fact linked to our account and they went a step further to identify that the unique code used to identify each account was in fact ours. Further research identified that our copy of the GoToAssist unattended installer had been downloaded from our support site and that same copy had been installed on this clients machine. 

Using this installer will silently setup unattended support on the clients machine and link that back to our account. Whilst this download is rarely used by us and only in circumstances where a browser is unable to work correctly such as old windows 2003 servers with ie6 etc, the file had been downloaded 266 times. So let's consider the risks here. 

Firstly, having an unattended installer, which installs silently and without any user interaction is a good thing, it means we can in a worst case scenario use SMB to push the file onto a server and then persuade that file to be executed under the system or administrator context using the task scheduler, registry or by replacing a windows file and forcing a reboot. We can also distribute and auto-install unattended support on a corporate network by using a logon script to pull it from a server and execute it as part of the logon process and again the user doesn't get a choice. The unattended support installer does create a start menu item, but there's no 'uninstall' in there just the program so clients who have the control panel restricted can't subsequently uninstall it without permission. 

So how did we get machines on our account from the other side of the world ? Well that's simple, they downloaded the GoToAssist client from our website and installed it. Even more bizarre is that they then proceeded to enter their login credentials into the unattended client using the notification icon. Hold that thought and instead let's consider that someone less honest was to seed the internet with their installer and instead of "The GoToAssist client for receiving remote support from us" they linked it from something like "Get GoToAssist remote for FREE" or "30 day free trial of GoToAssist", then those users would be opening their PC up to whoever without realising it and that might not end well. The unattended client does have a notification icon on windows (nothing on mac), but using the registry, powershell or some vbscript that can be hidden as part of the install making it invisible to the end user. 

But taking a step back for one moment, the technical scope for abuse is about the same for GoToAssist as it is for any other remote control solution with the difference being that GoToAssist can pull the plug on any account they suspect is involved in abuse whereas some of the other products that are point to point don't have that safeguard. If you really want to stop GoToAssist, Teamviewer, RAdmin, VNC, and the rest then specifically block them at your firewall and the risk is gone. If you want to monitor their use then your firewall or proxy logs are your friend. 

Summary

This has been a voyage of discovery for us with end users again doing the unexpected and causing chaos and confusion. We've pulled the downloads from our support site now and will look at a more selective method of file distribution going forward. If I were to make a product enhancement suggestion to LogMeIn then it would be to add the IP Address, the method of install and whether credentials were stored to the unattended machines window. Having the IP Address would let us track down poorly named or unknown clients quickly and knowing that it was installed within a GoToAssist session or via a downloaded installer would further clarify the situation. Knowing if credentials were stored would save time in having to establish a connection, find they are not then disconnect, lookup the credentials and reconnect. These are only suggestions and not complaints. 

 

Continue reading
  0 Comments
0 Comments

Data Security of Warranty and End of Life Drives

I'm sure everyone has had to return a failed hard drive or replace drives that are end of life and this process is well documented in many security policy, but how do you ensure the data is irrecoverable before disposal or return? 

You would be surprised to learn just how much data can be recovered from a seemingly destroyed hard drive, and we are well aware because we spend a great deal of time every month recovering data from Hard Drives, SSD's, tablets, phones, USB sticks and more with significant success rates. 

So, in order to satisfy this need the group has decided to offer *FREE* non destructive hard drive data destruction for all our customers. Simply return the drive to us and we will securely erase the data using a device which emits very strong magnetic fields in patterns desgined to purge data from magentic media. If the drive is a warranty return then we will take care of the return to the manufacturer for you too, again at no charge. 

Thank you for taking the time to read this post and have a great week!

Continue reading
  0 Comments

Copyright

© (c) 2016 GEN Partnership

0 Comments

The Tools are back!

The Tools are back!

When we moved from the old HTML4 GENSupport website we left behind the heavily used 'Diagnostic Tools' section and we promised to rebuild it on the new site. Well, its taken a few months but we've done it and the new tools section can be found at the GENSupport website under Tools

We're going to be adding the rest of the lesser used tools over the coming weeks as we rewrite them on the new platform. 

If anyone has any issues using the new tools then raise a ticket or drop a post in the forum and we'll get right on it. 

 

Continue reading
  0 Comments

Copyright

© (c) 2016 GEN

0 Comments

Counterfeit HP Consumables

Counterfeit HP Consumables

Hewlett Packard are not by any stretch the only manufacturer to loose revenue to cloned consumables, but they are by far the largest supplier effected by corporate procurement of counterfeit items. GEN as a HP partner will of course only supply HP branded consumables and we're confident that our supply chain is trustworthy, but in December 2015 a large IT distributer was found to have a significant stock of counterfeit HP consumables and had of course supplied those to corporate customers. 

There has always been an argument that counterfeit supplies somehow help to control the price of genuine products but its rarely backed up with any evidence and if you actually analyse the cumulative effect that counterfeit consumables have then the opposite is far more likely the case. The reason for this article is that one of our good customers has recently returned a HP Laserjet printer to us for repair still containing a counterfeit cartridge. The damage to the printer was as a direct result of the failure of that cartridge and as such we are in a difficult position. In all likelihood we'll repair it at our cost under its warranty and then speak to the customer about the risks of counterfeit items, but how many times must we take the loss before we simply have to start charging for the repairs? 

And its not just us that will loose out, of course HP in many cases make zero (or less) profit on the actual hardware but instead rely on revenue from the consumables to fund future development. If the market becomes saturated with counterfeit consumables then, (a)  HP will have no other choice but to charge more for the hardware, (b) HP will not honour its warranty where fake consumables have been used and (c) HP will have its reputation for high quality products tarnished unfairly by printer failures resulting from sub-standard fake consumables, and who looses out in the end? We do. 

Now identifying counterfeit consumables is actually quite hard as they are deliberately manufactured to be 'clones' of the genuine article but the key indicator is the cost. If your suddenly offered consumables (in small quantities) at significant discounts then they are almost certainly fake and/or substandard. 

The only advice we can give is to purchase your consumables from HP Authorised distributors or Partners and that way your assured genuine items. 

HP have their own pages dedicated to counterfeit consumables which I'll link in HERE

Hardware, consumables and duty are the three factors that any business must factor into a price performance calculation when looking for a new hard copy solution and we would always do that for you, but if your a business that has purchased a number of HP printers and are now having issue with the cost of consumables then do talk to us as we can in many cases offer bulk pricing which over time can provide a significant saving. 

Continue reading
  0 Comments

Copyright

© GENADMIN

0 Comments

The Evolution of Business Communications with Gigaset Maxwell

The Evolution of Business Communications with Gigaset Maxwell

Introducing the Maxwell 10 from Siemens Gigaset

The way the world does business is changing rapidly – and your office communication devices need to keep up. That’s why we built the amazing new Maxwell 10. Maxwell is an all-in-one business communication marvel that does it all – from high-quality corded, cordless and handsfree phoning, to videoconferencing, e-mailing, web browsing, business apps and much more. Combining the power, convenience, and expandability of a multi-featured, multi-touch-enabled communication platform with the superb comfort and sound quality of traditional desktop telephony, Maxwell 10 ushers in a whole new era of advanced unified communication solutions for modern business professionals.

The first thing you’ll notice about Maxwell 10 is its display. With a full 10.1 inch display, it is perfect for getting things done. The scratch-resistant, 1280 x 800 resolution screen is illuminated by more than a million pixels, so everything is sharp, clear and in brilliant high definition. As the display is multi-touch-enabled, everything you need to do – from web browsing, to launching business apps. Generating a voice call is done with nothing more than a tap or two. Maxwell is optimally mounted on a stylish metal base, making it perfect not only for single user viewing, but also ideal for sharing information with others in the room.

We designed Maxwell 10 to be the most powerful and flexible office communication device ever. Therefor the choice for Android 4.2.2 fit the bill perfectly. It is making it the ideal complement to Maxwell’s wide range of powerful features. And Android’s endless customization possibilities mean it’s an OS as flexible and expandable as any office setting requires – so users can get the most out of their business interaction with speed, ease, and the utmost pleasure.

Keeping in touch with video calls reduces travel and mobile phone costs – and makes business communication more personal and effective. To ensure that video chats are the best they can be, we built Maxwell 10 with a gorgeous, high-definitiondisplay, and an integrated, state-of-the art, HD video camera. Together they offer picture quality that rivals real life, taking business via video to a new level of clarity and convenience. Maxwell offers unparalleled video quality and convenience, for simply better chats. Whatever video or photo needs an office has, Maxwell 10 lets users do business the smart way: in total clarity.

Maxwell 10 connects to just about any device, any technology, at any time. With full USB, Micro-SD, Bluetooth, HDMI, LAN, Wi-Fi, RJ-9 and electronic hook switch compatibility. Maxwell 10 works wonderfully with a huge selection of devices ranging from keyboard, trackpad, mouse, headset, projector, monitor and Wifi Access-Points – for the ultimate in office convenience that enables the maximum in productivity. And naturally Maxwell also supports full cloud and Google account connectivity, so users can access contact lists, calendars, e-mails and all external data quickly and easy. Simply put: Maxwell 10 is the perfect fit for any office.

 

Maxwell 10 is a true, business phone, with professional telephony features built into the hardware, as opposed to other devices that use a software-based application delivering inferior sound quality. Phoning with Maxwell 10 means reduced delay effects and echo, for superb audio quality and better conversations. And talking via speakerphone is just as nice. Thanks to Maxwell 10’s three built-in speakers and integrated front microphone, hands-free sound quality both heard and delivered is simply impeccable.

We can supply the Maxwell 10 for your existing IPPBX or a complete new IP Telephony System designed from the ground up specifically for your Business - Contact us TODAY!

 

Continue reading
  0 Comments

Copyright

© Content and Images copyright GEN and Siemens.

0 Comments

OS X El Capitan

Apple OS X Logo

OS X El Capitan is the upcoming twelfth major release of OS X

Apple Inc.'s desktop and server operating system for Macintosh computers.

It is the successor to OS X Yosemite and focuses mainly on performance, stability and security. 

 

Its due to be released to the public today (September 30th 2015) and many of our customers are already asking if they should upgrade. Well, the long answer is yes. Whilst in Microsoft Land we often recommend against an upgrade especially as so many issues are generally related to upgrade, in Apple Land upgrades rarely break anything save for some low level device/fs drivers. As with OS X Yosemite, there will be changes, but nothing so severe that you'll be unable to use your device. Just like iOS9 it will take a little getting used to but its worth the effort. Apple will undoubtably continue to support Yosemite for the foreseeable future, but with El Capitan comes a new graphics layer called Metal, which is going to hopefully open the gates to really immersive gaming and high end graphics applications on the apple platform. 

A summary of changes and features is available on our friends at Wikipedia (Donate to them if you can, its an invaluable service) and the official Apple page is available Here

If you run into any problems with the upgrade, or usability after the upgrade, then don't hesitate to utilise your GEN Support Contract for assistance as we Fully Support OS X.

Continue reading
  0 Comments
0 Comments

GEN OfficeGateway ExtremeCX4

One of the latest configurations to enter the OfficeGatway family is ExtremeCX4 which can provide your business with 600Mbps downstream, and 80Mbps upstream for as little as £260 per month*

OfficeGateway has been around since the days of dial-up modem, where it was PC based and would dial-on-demand to provide a LAN with internet access. Those days are long gone, with speeds available up to 90Gbps symmetric at 1:1. The OfficeGateway now consists of several units depending on configuration to provide security features, web cache, site to site encrypted VPN's and a range of IDS and Packet Shaping options. Our basic OfficeGateway service, operating at just 80Mbps and providing a SPI firewall, VPN and user access control starts at as little as £69 per month*. The best part about OfficeGateway is that the entire solution from the hardware on site, the configuration and the connectivity are all totally managed so should anything ever go wrong, we'll fix it!

* UK Only, Site survey often required. Prices for installation depend on services, connectivity and features. 

For more information, and for a formal quotation contact us today!

Continue reading
  0 Comments
0 Comments

The Truth about Unlimited

For many years the term 'Unlimited' has been used to describe broadband and Internet access services in general. In the early days, unlimited was about as misleading as it possibly could be with service providers closing accounts, limiting customers and imposing fines for 'unfair usage' but like all good things the law eventually caught up and that little scam was left by the roadside. Now days 'Unlimited' still features unanimously in advertising with such commonality that it now has to be combined by yet more pointless adjectives like 'Totally' as below: 

Of course Totally Unlimited broadband is much better than just Unlimited right? 

Nope, You can get Totally Unlimited Extra, which is of course even better right?

Or maybe 100% Unlimited is the one to go for because the Totally Unlimited isn't 100% Unlimited maybe? 

I'm not sure how many people are actually taken in by this sort of mis-use of compound adjectives but judging by the fact that every residential ISP is using them, it must have some impact. Regardless, the reality is that there is nothing like Unlimited about broadband in any sense of the word. Let's look at how it all connects together: 

There are Four main sections in the service provision between your premises and the internet when looking at FTTC (Aka Fibre Broadband): 

Premises to Cabinet: This is provided over copper pairs and provides a throughput of up to 80m/bit/s by 20m/bit/s, this section is limited by the line conditions and not everyone gets anywhere near this throughput. In addition, a profile (aka BRAS or IP Profile) deliberately limits this rate to 82% of the sync speed (note: ISP's can vary this rate depending on how much you pay etc). Regardless of the BRAS and SYNC speeds it is far from Unlimited. 

Cabinet to Exchange: This is provided over 10G/bit/s Fibre Connection, but each 10G/bit connection will be shared over all the connected premises, meaning that you are only guaranteed a percentage of that 10g/bit/s. To be fair in most area's, bandwidth exceeds subscription so there shouldn't be any contention here. 

Exchange to ISP: The connection over BT's high speed packet network to the ISP that your currently paying for broadband all depends on (a) the capacity in the BT network and (b) the capacity your chosen ISP has purchased, some can be as low as 10g/bit/s others more and this information isn't publicly available. 

ISP to Internet: The connection from your ISP to the internet is again not publicly available but can be as low as 10g/bit/s and will be shared with hosting, email, etc. 

So, where in this service scenario is there anything unlimited? Well, nowhere and it never has been. To add fuel to the fire, many residential ISP's use a technology called 'packet shaping' to slow down certain types of high bandwidth traffic such as bittorrent and P2P, and of course there's the ingress of net censorship in the UK where certain companies have managed to convince a judge to grant an order for ISP's to censor certain websites. The list so far (as of September 2015) is: 

 

Date of Sealed Court Order

Identity of parties who obtained the Order

Blocked Websites

27/04/2012

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

The Pirate Bay 

05/07/2012

Members of the MPA (Motion Picture Association of America Inc)

Newzbin2

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

KAT or Kickass Torrents websites

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

H33t

28/02/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Fenopy 

26/04/2013 and
19/07/2013

Members of the MPA (Motion Picture Association of America Inc)

Movie2K 
Download4All

01/07/2013

Members of the MPA (Motion Picture Association of America Inc)

EZTV

16/07/2013

The Football Association Premier League Limited

First Row Sports

08/10/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Abmp3
BeeMp3
Bomb-Mp3
eMp3World
Filecrop
FilesTube
Mp3Juices
Mp3lemon
Mp3Riad
Mp3skull
NewAlbumReleases
Rapidlibrary

08/10/2013

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

1337x
BitSnoop
ExtraTorrent
Monova
TorrentCrazy
TorrentDownloads
TorrentHound
Torrentreactor
Torrentz

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

Primewire
Vodly
Watchfreemovies

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

YIFY-Torrents

30/10/2013

Members of the MPA (Motion Picture Association of America Inc)

Project-Free TV (PFTV)

13/11/2013

Members of the MPA (Motion Picture Association of America Inc)

SolarMovie
Tube+

18/02/2014

Members of the MPA (Motion Picture Association of America Inc)

Viooz website
Megashare website
zMovie website
Watch32 website

4/11/2014

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited 

Bittorrent.am
BTDigg
 Btloft
 Bit Torrent Scene
Limetorrents 
NowTorrents 
Picktorrent 
Seedpeer 
Torlock 
Torrentbit 
Torrentdb 
Torrentdownload 
Torrentexpress 
TorrentFunk 
Torrentproject 
TorrentRoom 
Torrents 
TorrentUs 
Torrentz 
Torrentzap 
Vitorrent 

19/11/2014

Members of the MPA (Motion Picture Association of America Inc) 

Watchseries.It
Stream TV
Watchseries-online
Cucirca
Movie25
Watchseries.to
Iwannawatch
Warez BB
Ice Films
Tehparadox
Heroturko
Scene Source
Rapid Moviez
Iwatchonline
Los Movies
Isohunt
Torrentz.pro
Torrentbutler
IP Torrents
Sumotorrent
Torrent Day
Torrenting
BitSoup
Torrent Bytes
Seventorrents
Torrents.fm
YourBittirrent
Tor Movies
Demonoid
Torrent.cd
Vertor
Rar BG

20/11/2014

Cartier International AG Montblanc-SImplo GmbH Richemont International S.A.

CartierLove2U
IWCWatchTop
ReplicaWatchesIWC
1iwc
MontBlancPensOnlineUK
MontBlancOutletOnline

5/12/2014

Cartier International AG 

Pasmoldsolutions
PillarRecruitment

17/12/2014

Members of BPI (British Recorded Music Industry) Limited and of Phonographic Performance Limited

Bursalagu
Fullsongs
Mega-Search
Mp3 Monkey
Mp3.li
Mp3Bear
MP3Boo
Mp3Clan
Mp3Olimp
MP3s.pl
Mp3soup
Mp3Truck
Musicaddict
My Free MP3
Plixid
RnBXclusive
STAFA Band

29/4/2015

Members of the MPA (Motion Picture Association of America Inc)

afdah.com
watchonlineseries.eu
g2g.fm
axxomovies.org
popcorntime.io
flixtor.me
popcorntime.se
isoplex.isohunt.to
eztvapi.re
eqwww.image.yt
yts.re
ui.time-popcorn.info

7/5/2015

The Football Association Premier League Limited

Rojadirecta
LiveTV
Drakulastream

21/5/2015

Members of The Publishers Association

Avaxhm
Ebookee
Freebookspot
Freshwap
Libgen
Bookfi
Bookre

Of course these court orders did nothing to stop traffic as even the most basic user can download Tor, but its just another example of the word 'Unlimited' being abused. 

 

So, in summary, Can it be unlimited? No. 

But it can be better if you have a fat enough wallet. GEN for example who exclusively supply business customers can provide (a) a guaranteed bandwidth from the cabinet to exchange, (b) Prioritised traffic from the exchange to our networks, and (c) guaranteed bandwidth to the internet but it all costs money which is why residential broadband is so cheap, and business class is comparitively expensive. Bandwidth is bandwidth and the cost is the same, the more users that share the same bandwidth the cheaper it is for each - Its as simple as that!

E&OE - Credits to BT, Talktalk and Plusnet for their banner ads and absolutely no disrespect to their services is intended and they are just examples and in no way exclusive. Congratulations to the MPAA for publicising "ThePirateBay" to the world, most of whom had never heard of it before. All opinions given are that of the author. 

 

Continue reading
  0 Comments
0 Comments

GEN CCS a valuable addition to our SAS service offering

VPN or Virtual Private Networking has been around for decades and the technology has come relatively mature and secure provided it is implemented correctly (which is rarely the case). 

GEN has been offering SAS (Secure Access Service) based teleworker access to our corporate customers networks for just under 5 years now and we currently have around 2500 users daily. To use SAS the teleworker has a username and password that they use to authenticate after which they are offered a number of services such as access to thin client web services, terminal services, NFS and file services, etc. 

The risk however, comes when a username/password is compromised and/or when a user does something stupid like write the credentials on the laptop or save them on the desktop etc. Even with the comprehensive set of security controls within the SAS service offering we cannot protect against users behaving in a way which is likely to compromise your network security. 

Introducing GEN CCS (Compound Cryptographic Service) as an add-on to SAS, CCS provides two factor or multi factor authentication using a number of methods depending on the application scenario. Some example scenario's that are currently available are detailed below: 

Daily PIN as a secondary authentication factor

In this scenario, each day a randomly generated PIN code of 4 or more digits is delivered to each SAS/CCS user via text message or iMessage and this PIN code is required to access SAS after the usual Username & Password. This second factor authentication means that users will not write it down, instead preferring to keep it on their mobile device and using it on the day as required.

Qualified PIN as a secondary authentication factor

For companies more serious about security the CCS console can be provided to a team of staff who can generate a PIN code on demand, giving it over the telephone to the remote user when requested. In this scenario the PIN code can last for the session, the hour or the day. The team handling the calls and issuing the PIN codes should rely on some form of validation process to ensure the remote user is clearly identified as an active employee with clearance. 

On Demand PIN Delivery

In this scenario an authenticated user on SAS is initially rejected and a PIN code generated and delivered to the mobile telephone of the user who's account was used, this PIN is then used to complete the authentication when reconnecting. PIN's generated in this way can last for the session, an hour or day as required. 

These services are not for everyone, but for corporates who are increasingly conscious that network security is as critical to the business as physical security, GEN SAS and CSS get the job done. 

For more information and an demonstration please contact us. 

Continue reading
  0 Comments
0 Comments

AntiSpam and AntiVirus Defence

GEN's development team is pleased to announce the general availability of our new Anti-Spam service for corporate email gateways and domains. Maxim extends our standard Anti-Spam and Anti-Virus gateways by providing process intensive enhanced spam and virus detection which greatly reduces the volume to Spam to virtually zero.

We asked 47 professional users of the GENZone platform to participate in the trial of this new service by subscribing an IMAP folder called 'Maxim' and moving any spam received into that folder. Using this feedback we were able to fine tune the system to maximise its effectiveness and gather valuable performance metrics. 

The fight against Spam

The detection of spam is a continuos battle between the spammers and companies like us who are dedicated to eliminating it. As we evolve so do the spammers and we have to invest ever more complex and expensive technologies to counter them. Some of the technologies are outlined below: 

Standards: The internet is governed by a set of standards known as RFC's and the email delivery protocol is specified by RFC822 and RFC5321. The standards exist so that email can be interoperable between all platforms and servers, but spammers using email bots don't care about being compliant. By enforcing the standards and rejecting violations we can eliminate a percentage of spam, and of course legitimate email from organisations who can't configure their email system correctly. 

The blacklist: A number of worthy organisations like Spamhaus, SpamCop, etc are dedicated to maintaining lists of domains, hosts and subnets which are used to originate spam. Using these blacklists is an expensive but effective tool to eliminate a good percentage of spam at the first gate. Blacklists however are not realtime, and there is always a delay between a spammer launching a mass mailing and the blacklists listing it. 

Authentication: Several technologies exist to verify sender domains and hosts such as SPF & DKIM and these can serve (where used by the receiving server) to block spoofed spam which constitutes the vast majority of scams. For example, the HMRC who are under constant attack from scammers specify in their SPF records two hosts that are allowed to send email for @hmrc.gov.uk and of course the spammers cannot originate email from those addresses so SPF wins the day and any email coming from, say refund@hmrc.gov.uk that doesn't come from the two hosts listed in the SPF record are canned. This however all falls down then either the receiving server doesn't check, the sending organisation doesn't use it, or the sending organisation has been compromised.

DNS: The domain name system is that which coverts gen.net.uk to 212.140.242.10 and back again, and when you send email to someone @gen.net.uk DNS gives up the address of the mail server that is designated to receive that email, in this case farpoint.gen.net.uk. The RFC1124/1124 which form part of Internet Standard 1 specify clearly that every host on the internet should have forward and reverse DNS, that is gen.net.uk to 212.140.242.10 and 212.140.242.10 to gen.net.uk. So, when a host spamer.com connects from 212.140.242.50 to our mail server, we (a) check that 212.140.242.50 corresponds to spammer.com, that spammer.com has a valid MX record and that the host listed in the MX record actually exists on the internet. This is particularly hard for a spammer to forge and therefore this check eliminates a percentage of spam as well as a percentage of legitimate email from companies who don't know how to setup DNS correctly. 

Content Filtering: By far the most effective tool at eliminating spam which passes all the above tests is pattern matching. This involves looking and detecting elements in the body of an email and assigning a score to each detection. An example would be a HTML only email which scores 3 points, external links to pictures which scores 0.2 points each and so on. The more spammy the email the most points it will accumulate and once a threshold is reached the message is flagged as spam. Content filtering can make use of content lists which are maintained by third parties and provide known phrases and content to score. 

Bayesian Probability Filtering: A gross simplification of this would be that email which is known to be spam can be 'learned' and that data used to identify 'similar' spam. The area of mathematics is complex and the techniques even more so, but the result is the same in that spam that looks like spam based on learned data can be flagged as such, usually by giving it a score, such as +10

When you combine all these techniques together you wind up with a spam detection system that, in our tests has an effective performance of 99.67% which is exceptional in the market. Spammy email is passed through with subject modifications for your gateway to filter (or not) as you require, or for individual users to filter using IMAP or similar rules. Full Diagnostic information is provided in email headers to permit more complex filtering based on spam score or infection type should this be required by your IT Team. 

Customers with GENX and GENZone and those with gateways and dedicated services can have this added to their email feed for a nominal charge. 

For more information or to request a demo please contact us today.  

Continue reading
  0 Comments
0 Comments