Blog

This is the Blog of the technical experts at GEN and its companies

Amazon Prime & eBay for Business?

amazon-ebay-logos

Both eBay and Amazon have been major players in the online retail market for many years but How are they to use for business? We've been using eBay for business over the last decade, mostly to obtain hard to find replacement parts for laptops, desktops and servers that we still have on maintenance long after support has been withdrawn by the manufacturer, but Amazon is a new voyage of discovery. Amazon offers a service known as Prime, which for a fixed monthly charge (currently £7.99) gives FREE next day delivery on a large range of products, which in itself can be an attractive proposition for businesses who spend a fair amount on carriage annually. In fact, our carriage bill for the last 30 days is £134.98, so if we could source everything from Amazon we would save £126.99 over the month. We cannot of course purchase everything from Amazon, but we're looking to see if the Prime deal is workable and viable. 

In order to offer a fair comparison we will select a few business consumables and then order them from Amazon, eBay and an online store and review the whole journey. 

Shopping Time

Item Description Amazon Prime Ebay Online
Duracell CR2032 Lithium Battery 2 pack £4.99 (2 days later) £1.69 (next day) £2.89 Curries (next day)
EPSON WF-3620 EXTRA LARGE BLACK CARTRIDGE £33.32 (next day) £30.00 (2 days) £37.59 Cartridge Discount (3 days)
HP 24f Display £99.00 (two days) £109.00 (5 days) £99.00 AO (next day)
HP PREMIUM PHOTO PAPER A4 x20 £13.98 (next day) £13.96 (2 days) £19.76 Photopaperdirect (2 days)
hulker 3 way power strip £15.99 (next day) £23.00 (3 days) £18.99 BlockCube (7+ days)
TOTAL £167.28 £177.65 £178.23

 

Amazon Search me not

The first thing you notice about Amazon search is that EVEN IF YOU SELECT PRIME ONLY, and EVEN IF you select order by LOWEST PRICE FIRST ( both of which you have to do EVERY TIME YOU SEARCH because they reset to Non-Prime and "Featured" ) you are presented with a bunch of items that are not prime and are not what you searched for. In our first search for the Duracell CR2032, with PRIME and SORT PRICE LOWEST FIRST set, we first get double A cells, chargers, and a "Homidy Digital Hygrometer Indoor Thermometer, Xiaomi Mijia Rare 360°HD E-ink Display Room Humidity Monitor Swiss Sensirion Industrial Grade High Accuracy Temperature Humidity Meter" which is so far out of scope it makes no sense at all. HP Premium Photo Paper A4 again Primed and Sorted Lowest price gives you HP Office A4 80gsm, Kodak Premium Glossy Paper, Hp Everyday Glossy Paper - see the issue here, NOT WHAT WE SEARCHED FOR!. This makes purchasing from Amazon awkward and time intensive. Notwithstanding their unreliable search functionality, Amazon used to be country specific, that is, amazon.co.uk was for UK buyers and sold UK goods, but those days seem to have passed and now many of the items you see in search results are from overseas and its made impossible to know which because the fact is nowhere to be seen, and there is no way to filter 'uk only'. Ordering from a non-prime, non-amazon supplier is virtually impossible to avoid and of course you'll soon learn that the prime only delivery and return benefits ONLY apply to goods sold by amazon. Ordering from overseas unintentionally is again almost impossible to avoid with Amazon and I guarantee you will also be waiting 4 weeks for something you expected next day only to find it arrives with a customs charge attached. 

eBay

Unlike Amazon, eBay's search results are actually of the items you searched for, but since its inception you MUST select UK ONLY, and Order Lowest First for nearly every search or you will unwittingly end up buying something from China. That notwithstanding, eBay is fully loaded with fraudulent items, both electrically unsafe, non-compliant right through to outright illegal knockoff copies that underperform, all seemingly in the UK but when your item arrives its invariably from overseas and took 4 weeks to arrive. I don't believe eBay has any intention to deal with this since this has been happening for at least a decade and they've done nothing about it so far. Users can 'report' listing for being in appropriate, fraudulent or otherwise but this doesn't seem to have any effect as I've reported obviously fraudulent listings and they never get removed.  

Compared

Amazon may be a more sanitised marketplace but ONLY if you select PRIME and even then be aware that not all PRIME items are actually delivered by Amazon and guaranteed next day and even the next day guaranteed rarely arrives next day in our experience. eBay is the wild west of Internet shopping, but as long as you select and reselect UK only, check the sellers feedback then its functional search greatly speeds up the experience. With both Amazon and eBay, and other online stores you need to be sharp because anyone can now throw up a believable storefront, list believable items when in fact the seller is in the far east and the items are counterfeit or dangerous. You may think that Trading Standards are hot on the heels of these fraudsters, but no, they actually no interest or activity in this area instead focusing their time on bootleg dvd's at car boot sales and other dangerous goods that threaten our way of life. 

Paying, eBay accept most payment methods but clearly prefer PayPal, Amazon ONLY accept credit/debit cards and no Paypal. This isn't a huge problem for most, and I can understand Amazon's approach given the volume of issues that comes with PayPal, but if you're a PayPal Business user and use this to control and manage your spending then you'll need to think again. 

Price & Performance

As you can see the price performance on these few items swung marginally in favour of Amazon Prime. Don't forget we've paid a monthly fee for the one day free delivery and that one day usually means two or more, but its still less than eBay and Online overall. There are however other issues to consider when using Amazon & eBay as opposed to online stores and retailers. With both Amazon and eBay you are isolated from the seller, more so with Amazon but anyone who's used eBay for a while soon learns that the phone numbers provided in the listings are rarely real numbers. Both eBay and Amazon do provide a method to communicate with the sellers via messages, and eBay has their "Resolution Centre" which is actually quite useable as long as you're prepared to wait 40 days for your refund, but Amazon will only get involved in PRIME items otherwise you're on your own. 

Help me Amazon

Today I'm going to focus on Amazon, simply because this was a new journey into procurement, there was a promise of free next day, and because their communication was certainly lacking. 

Amazon TrackingTaking our first Item, the Duracell CR2032, these were required for part of a presentation system that was being shipped the next day. I ordered them on a sunday for delivery Monday (as is the promise with Prime) but by late afternoon they were still a no-show. I sent someone down to our local supplier to get them for our shipment, but I then thought I'd contact Amazon and enquire as to where they are? Your first greeted with the Orders page, you find the item and hit Track and you'll see something like the screen to the left. Pretty uninformative but gives some hope that its going to arrive today, even if it is long after the office has closed. 

Then you go on a veritable treasure hunt to find the missing contact us page hidden within the depths of the amazon.co.uk website. Even for this article I've spent another 10 minutes trying to find it again. For anyone else being sent around endless help pages looking for it, its at https://www.amazon.co.uk/gp/help/customer/contact-us

Now you've got here, and ignoring Track Package because you've already done that, select "Where's my stuff" then "check status of my order" and moments later you're given the options of e-mail, phone or chat which is recommended. So I enthusiastically clicked Chat and was presented with the screen to the right. Great news, I'm blocked for some reason, and this is the first time I've tried to contact amazon for anything. Never mind I'll use the Phone option, it's probably just as quick. 

Amazon offer a callback service, which makes total sense and saves you from an endless queue of poor quality music. I entered my desk phone number and clicked "Call Me Now". I was excited to receive the message immediately to the right. I have no idea why my number would be blocked, I've never contacted them before but there is a pattern forming here. Amazon BS

Given that attempt 1 and 2 have failed let's see if e-mail is any better. Following the e-mail option you are quickly reminded that email's take 12 hours (normally) to respond, which is of no use today then. I did call the 0800 number and after some time got through to a very nice person who told me simply that it wasn't going to be today and *should* be tomorrow, a fact which I was already aware of since it was long after 17:30 and I was the last chicken in the henhouse. Is this journey indicative of Amazon or did I just pick a bad day? I don't know, all I can show is this day. 

What can we take away from this article? 

Amazon is certainly an option worth considering and overall may save some money at least in the shipping department, but the awkward search and lack of any assistance is a significant downside for business supplies. eBay is great providing you're not in a rush for anything and are happy to live with ordering a proportion of orders from China simply because you forgot to click "Uk Only" every time you search. Online stores I think are going to be increasingly rare in the future with Amazon and eBay taking up ever increasing search engine results with their listings (and there proxies). Ignoring the cost, independent online stores only winning features are accurate search results, contactable and not inadvertently buying junk from China, all of which I don't believe are sufficient to draw market share away from the big two. For us, we are committed to purchasing from distribution in quantity, and that won't change, but one off items such as cartridges where we would normally pay £10 in shipping could be beneficial in the long term. 

As a hardware supplier, the goods we provide are quoted very competitively with margins between 2% and 3%, but we are occasionally told that "I can buy that cheaper on eBay" to which our reply is always, go ahead. This is always going to be a risk reward based decision for any business, if the customer can save £5 and get it from eBay that's great but when it breaks who you gonna call? That's right, no one. 

As always comment if you have something to add, and please take a moment to rate the article. 

 

 

Continue reading
  3626 Hits
  4 Comments
Tags:
Recent Comments
Guest — Cheviz.L
They both are designed to trick you into ordering from Chinese sellers, either by including them in results where you specifically... Read More
Tuesday, 23 July 2019 10:40
Guest — Lin Simco
We do use amazon for some things, but for business their courier sometimes shows up in the evening or weekend when the office is c... Read More
Tuesday, 23 July 2019 10:43
Guest — Jeff
FYI for Amazon you can select if you want deliveries at the weekend or daytime for offices and it works because we use it.
Sunday, 27 October 2019 19:18
3626 Hits
4 Comments

CDN's and the recent trend of Blacklisting Genuine Customers

Screenshot-2019-05-28-at-13.27.34

One More StepThere has been a recent shift towards using Content Delivery Networks to distribute content rather than hosting in a conventional way, and this brings with it a selection of good and bad. One of the regular issues we receive at the HelpDesk is primarily generated by Amazon Cloudflare which offers 'free' content delivery, making it a popular choice for smaller websites. The most common complaint is the screen right "One more step", which prevents the customer from visiting the website without completing the infamous Google ReCaptcha. Given the serious privacy concerns surrounding Google ReCaptcha would it be Amazon or the website owner who is responsible for *not* highlighting this to the end user? Regardless, our standard answer in this case (and it's a canned response now) is "Unless this website is business critical close the tab and select another website". There is some suggestion that these messages are generated in an attempt to rate-limit or reduce load on either Cloudflare or the vendors website but this is unconfirmed. 


So what causes Cloudflare to blacklist business customers from visiting their vendors websites? Amazon will claim that they blacklist IP addresses that exhibit unusual traffic as well as those on commercial blacklists. That sounds great in theory, but in fact with the vast majority of client IP's being dynamic (including mobile devices) this blacklisting simply prevents customers reaching vendors and for no technically good reason. If their blacklisting wasn't inherently flawed then we would not see the volume of Helpdesk requests on this very issue, with genuine customers trying to reach genuine vendors, and its for this reason that we no longer offer Cloudflare as an option on our hosting services. 

Error 1005
Another example of Cloudflare blacklisting, this time suggesting that the website owner enabled this block is the message to the left with "Error 1005". In this case we're shown that the network AS8560 is blocked from accessing the site. This HelpDesk ticket was raised by a customer who was in fact in Germany, using a tablet in a coffee shop and who wanted to check who had been blowing up their mobile. There are of course other sites which I'm sure satisfied their curiosity but the customer was concerned that the message may have been an issue, because quite honestly to the end user it is a little intimidating. 

Access DeniedIn the "Access Denied" message to the left we again have a genuine customer who was trying to access their account on a vendors website, and yet again we're told that its not going to happen, this time suggesting that the client is somehow responsible for an online attack. They are of course not responsible for anything except trying to access their vendors site, but again this sort of message just generates HelpDesk requests, takes time and effort to explain to the customer they've done nothing wrong and that they should consider another vendor in future. In this particular case "Error 1020" indicates that the website operator has established this block as a firewall rule which you would think was intentional but I can't speak for the site or site owner. 

That's enough of Cloudflare, which is after all a free service for most and with that you cannot really complain if you knew it was happening, the very issue here though is that the vendors operating their websites in most cases are unaware that customers are being turned away or impeded from visiting. The prevalence of Cloudflare means that once a customers IP is blacklisted, a good few sites in their daily browsing will all be met with the same resistance. You could say - Contact the vendor, but how do you do that when you can't access their website? 

Cloudflare is not alone and there are a growing number of alternative Content Delivery Networks all bringing their own flavour of issues to the market, preventing customers from visiting vendors and there can be nothing worse to a growing e-business. I understand that protecting the business from 'attack' is a good idea, but in reality we're not protecting them from anything, what is happening is the content delivery network is protecting itself from excessive load at the vendors expense. 


One effective but equally concerning method around this is to use a free proxy server, and the internet is full of them - just search "free proxy server". These servers whilst for the most part are safe, have the ability at the protocol level to intercept your traffic, even that over HTTPS which presents a clear danger. Whilst it's beyond the scope of this article to discuss the technical ramifications of http proxies our recommendation is please do not use them. 

Summary

The idea of CDN's is great and has a mostly positive effect on content delivery and site speed, but when your CDN starts blocking customers, either itself or due to (mis)configuration from visiting your site then you need to asses the overall benefit to the business. In other words what is the likelihood of your website being 'attacked', and in 'attack' we mean an attack that a CDN can block (which is actually very few) verses the potential lost business due to customer rejection. It's a hard one and as CDN's become more popular I think it will be increasingly relevant. 

Looking through 3 months of tickets raised in our Support/Web/Browsing channel and selecting a few from the list I find: 

  • analog.com (analog devices) access denied - customer was looking for components for project - went elsewhere. 
  • semrush.com : various - customer was trying to access account - gave up trying. 
  • moneysavingexpert.co.uk : one more step - customer was following link from google - filled box still rejected. 
  • fiver.com : one more step - customer was trying to buy services because we are 'too expensive', got to love tickets - customer went to seoclerks.com instead. 
  • yell.com : forbidden - customer was trying to find business phone number - directed them to alternative website. 
  • yelp.co.uk : sorry you are not allowed to access this page - customer was trying to check reviews - went elsewhere. 
  • scottishpower.co.uk : one small step/not a robot - customer trying to contact company - agent found phone number for customer and advised them to compare prices. 
  • rswww.com : permission denied - customer trying to purchase components - customer went to another supplier.
  • royal applications.com : An error occurred in retrieving update information - This took 4 hours of helpdesk time to determine that the update url "royaltsx-v4.royalapplications.com" is a cloudflare url and being blocked. 
  • rigol.com : one more step - customer was trying to compare equipment specifications - customer attempted to complete captcha but was then told they were blocked. 
  • talktalk.co.uk : Request Rejected - customer was trying to report a fault on their service - customer was persuaded to source bb elsewhere. 

There are many more, and a lot of tickets don't actually specify the website but you get the idea, from our small subset of customers 46 of them gave up and were advised to go elsewhere. There's no way to tell how many successful customers were able to access these sites and how many we're presented with stupid rejection messages so our sample set is the only indicative data we have, but its statistically significant in this scenario. 

 

 

Continue reading
  2971 Hits
  1 Comment
Recent comment in this post
Guest — Sicar Vandehaus
There you have it! I was in Germany last week, couldn't remember how to use my scopemeter with three wire measurement but I knew i... Read More
Sunday, 09 June 2019 13:28
2971 Hits
1 Comment

SocialMedia, Google, Bing, Yahoo, Amazon, ISP's, Government Tracking and Personal Data Leakage

After our post 'In defence of social media" which itself was a response to the disproportionate news coverage of Facebook specifically, there have been many responses generally accepting that it should have been common sense that nothing is 'free' but that there was a clear mis-understanding on how people are tracked online and what exactly is collected and by who. This isn't unreasonable because the whole tracking and collection industry is shady and insidious, and just for clarity I was correct when I said GDPR will make absolutely no difference. So, how about we look at a few specific examples of data capture from some big players in the market...


Let's start with Facebook, purely because it was the subject of recent news stories. 

ChavbookFacebook of course collects everything you feed into it, this includes you name, address, date of birth (if anyone actually uses their real date of birth), phone numbers, email addresses and so on. This data forms the root record (the record to which everything else is attached). 

To the root record we then add everything you view, everything you like or dislike, everything you post (Images, Text, Links), every message you send and receive and every ad that is displayed or clicked. 

Associations are also added, that's "Friends" and the interactions between you and your "Friends" are also logged and common interests or appearance in common photographs are also recorded. 

If you use the Facebook app on your mobile device then your location (unless you deliberately disable it) is recorded and stored. 

If you are unfortunately enough to have used your Facebook 'login' to login to third party websites then a record of that site, when you use it and for how long is also included. 

Facebook was reportedly paying people to give up their privacy by installing an application that sucks up huge amounts of sensitive data, and explicitly sidestepping Apple's Enterprise Developer program rules. This has now been brought to a shuddering halt by Apple, so thanks Apple. More information on this one HERE.

As you can see, Facebook stores pretty much everything you do and that's their business model, you get to waste hours of your life that you'll never get back and Facebook sells the data they collect from this activity. There's nothing wrong with this business model, it works and has been around for decades. 

Pinterest, Instragram(which is now Facebook), Tumblr and so on

These sites, which are generally 'image' sites record everything you add into the profile, a to that they add everyone you follow, every image you view (and for how long) and further some of these scan the images uploaded, recognise faces and then form internal relationships between the images and users. There's nothing wrong with this business model either of course, except perhaps the fact that the moment you upload your image, its no longer your image but that still doesn't stop people using these services. 

Twitter

TwatterNow Twitter has been around for a few years and is basically a 'feed' services where you follow topics and people and you'll receive updates from them. Its a simple model yet an effective one. Twitter records your posts, reads, follows and followers. It also records every link you follow from posts. Twitter inserts 'ads' into your feed which is annoying but not a show stopper and these are of course paid for by the advertisers. The rest of twitters revenue comes from selling your data to third parties which is again a good sustainable business model. In the early days Twitter was wide open to abuse where 'fake' accounts were created in celebrity's names causing unsuspecting followers to be duped and further be directed to 'donation' or 'malware' sites but Twitter put a stop (mostly) to this by 'verifying' some celebrities to remove any confusion. Twitter also allows the embedding of links, audio and now video into the feed which is great but also brings with it a new set of challenges around protecting users but also provides additional tracking metrics. 

 

Google

The Evil OneGoogle is a huge company with many 'services' most of which are 'free' to use. Let's look at probably the most common service, the "search" engine. There's no denying that Google.com is a great search engine and if your looking for something a little obscure then its your go to engine, but let's look at what's captured. 

When you Search on Google, the search term is recorded along with the results, which results you click on, and the time taken for that click. This simply makes associations of interest between your google profile (if you created one, or a unique identifier if you didn't). This in itself isn't really bad and you would expect them capture this information surely? This information (search history) is further used to focus future searches so the more you use it, the more likely you are to get more applicable results but this is the official line and don't ever believe that Google is the only search engine, its not. Because of the way Google adds sites to its index, sites with large budgets and resources always find their way to the top results even if they aren't applicable at all. Moreover, Google adjust results of political, social, personal or controversial searches to add their bias to the results you see, and many would argue that this 'bias' that most don't even realise is wrong on many levels. Some other search engines such as DuckDuckGo, etc often produce more evenly weighted results and without adding their bias which some may prefer. 

Getting back to Google the company, we need to talk about google analytics which is yet another 'free' service allowing website owners to get insights into visitors which is actually really useful, but for that to work Google needs to be able to connect YOU as a person to that site which it does easily. This gives Google not only your search queries, results, and clicks but also now most websites you visit, when you visit them for how long and what you do on those sites. Now we're starting to collect some seriously valuable data and this is of course the business model again, you get lots of free services and Google makes money from advertisers and the data. Google allegedly purchased shopper data from MasterCard which again when augmented with your online profile just adds a wealth of additional behaviour data. 

That incredibly annoying "I'm not a Robot?" - Well that little thing captures a vast collection of personal data and all you have to do is click some pictures and be annoyed by it. 

Other Services (Gmail, Google Docs, Groups, Google+, Google Drive, and so on)

Google offers a bunch of other 'free' services all of which are quite useful, but to use these services you'll need to provide your mobile phone number, which you are forced to verify by entering a code from a text message. Using these services each bring yet more data to the profile they are maintaining on your behalf. Every email you send and receive via Gmail is scanned, stored and linked. Every document you add to Google Docs is scanned, stored and added, any file you store on Google Drive is scanned Stored and added, are you seeing a pattern here? Nothing you do on any Google service is private. How about Google Maps? A very useful tool if you want to find somewhere, but yet again everything you look at is recorded and added to your profile. If you have an Android phone then your location data is also added to your profile along with your messages, apps installed, app usage, contacts and so on. Google Home is a voice assistant and speaker for your home, but again anything you ask it is stored and added to your profile data. 

YouTube (now owned by Google) again stores the video's you want, channels you watch, comments you make and so on. 

Android, the phone operating system developed by Google as open source has its own class of information leakage in that every app you install and use is tracked and unless you specifically disable it (and there's still a debate if you can disable it) then your location is tracked using your phone's GPS data. Mapping this allows Google to track all the places you visit, shops you visit and for how long. 

Google Chrome is a web browser developed by Google and is again free to download and use. Within this browser there are options to 'store' your credentials and bookmarks in the Cloud and this does then of course give Google this data to further add to the profile. We also noticed that Chrome (unlike other browsers) created several local files storing your search history, browser history, and so on for reasons unknown. The files are unprotected meaning that we (or any malicious or otherwise software) can easily read them to obtain this information. At the time of writing we also noted weak protection of your stored passwords, but this isn't specific to Chome and several other browsers are also easy to crack. 

So Google know what you search, what you view and for how long and how often, what you buy, what you look at but don't buy, how often you buy something, what you read, what you post and what posts you read, what pictures and video's you view, how often and from what websites which is what everyone expected, but wait, google recently were exposed by the EFF for using methods to bypass Apple's protection and capture users screens. Read the linked article HERE for more details. 

Bing & Yahoo

BongBing is a search engine that is pretty useless in fact and is even more unfairly weighted towards sites with $$$ and subsequently doesn't have any significant market share (about 7% at time of writing) but that doesn't mean that they don't store you searches, links clicked etc which they do. There's a 'relationship' between Microsoft and Yahoo which goes back several years and brings Yahoo results into the Bing search engine which is probably a good thing but this also brings Yahoo free services such as Yahoo Messenger, Yahoo Groups and so on into your search footprint. Yahoo itself has been bought and sold several times and the actual ownership is hard to pin down but we do know that the majority is owned by Oath inc (part of Verizon) at time of writing. 

Generally speaking the use of Bing and Yahoo is fairly limited these days with about 4% market share (at time of writing) since Bing's search results are limited and Yahoo's reputation has been shredded with past data breaches. The use of Yahoo mail brings with it the same issues that Gmail has, your email's and everything in them are scanned and stored. Microsoft's Hotmail is exactly the same and why shouldn't it be so, its free after all. Yahoo's Geocities which is pretty much dead now and Yahoo Groups, if anyone still uses them, bring yet more profile cross linking with group 'Members' being associated by topic and post and of course you must have a 'yahoo' account to participate.

GeoData

Pretty much ANY app on your mobile device, for android at least is able to track your location using your device's built-in GPS. For Apple devices it's harder but still perfectly do-able. Collecting this GPS data, as you may suspect would enable the processor of such data to be able to track your movements throughout the day. For modern laptops running windows there is also a leak of GPS data to installed programs and even webpages under certain circumstances. Apple Laptops are by default prevented from leaking GPS data but this can be overcome especially in earlier versions of MacOS. Your Car, if it has satellite navigation, records your start, end and route in its entirety and the more upmarket vehicles ship that data over the cellular network back to base. If you combine this GPS data with detailed mapping information and you can easily link GPS co-ordinates with the places (shops, schools, etc). 

Internet Service Providers (BT, PlusNet, Virgin and so on)

Some reading this may not be aware that your Internet Service Provider has access to every website you visit. They do this via DNS which is the system that converts a domain name into an ip address. Unless you specifically override it your ISP will route your DNS requests to their servers which then accumulate your website requests against your 'session' which is your current IP Address linked to your account. Using SPI (Stateful Packet Inspection) your ISP can also record what you actually do online such as listening to music, watching video, making phone calls, instant messaging, and so on. All this data is accumulated and stored indefinitely and in this country at least is made available to law enforcement without a warrant. 

Amazon

AmazonThe Amazon ecosystem is slightly different to the general model as there's no 'free' services, you need an account to be able to buy online, download books, listen to music or watch videos, but that doesn't mean the company won't collect your data because they do. Everything you search for on Amazon is stored and kept, everything you listen to, read or watch is stored and kept and all this profile data is used to target search responses and advertisements to your specific interests. Amazon don't make any guarantees not to sell your data (that I can find) so its safe to assume they probably do. Amazon also has 'Alexa' which further arguments the profile by storing what you ask and do with the devices but this in itself isn't bad and can be used to tailor responses based on your past history. The Amazon Ring Doorbell on the other hand is nothing but a storm of privacy issues. The doorbell records what it sees from your front door, continuously and that video is stored at Amazon. You, as the purchaser of the device have no rights to the data and it clearly states in the T&C's Ring and its licensees have an unlimited, irrevocable, fully paid, and royalty-free, perpetual, worldwide right to re-use, distribute store, delete, translate, copy, modify, display, sell, create derivative works, in relation to the footage taken from your front door, and you paid for the privilege. Whilst there is no law against recording your street in the UK, giving your live video to a third party who can do whatever they like with it would certainly seem to be unwise if not unlawful. With the application of face and numberplate recognition those third parties could potentially identify people walking and driving on the street which takes this to a whole new level. Can you stop it? Nope, this doorbell only works when the internet works, and when the internet works its uploading your video to who knows where. 

 Local Government & Agencies

The Department of Privacy InvasionYou may or may not know that your local council is at liberty to sell your personal data to anyone willing to pay. They call this the electoral roll but in fact its just a dump of all the people registered to vote + council tax payers. When you combine this with data from a company like Cameo you then introduce affluence and net worth, link that with Experien or Equifax and you now have credit worthiness, loans, mortgages, bank accounts and the list goes on, all free to purchase.

The DVLA is now also selling your details to companies so if you own or are the registered 'keeper' of a vehicle that data is now also up for grabs. 

And of course the Census data, that you MUST complete legally is made available for sale to anyone who wants it and this is of course why the Government is exempt from GDPR along with the Police, the Military, and anyone else who you may want GDPR to actually apply to. 

Paypal

The payment provider allows easy transactions available on many websites and vendors. Paypal collects the product, price, location, currency, and store and records this at point of sale. Whilst this information can easily be justified, Paypal are at liberty to sell this data to anyone else which further compliments your online profile with validated purchases. 

VoIP

There are an ever increasing number of "Voip" Providers, most of which are just reselling someone else's service who are actively pushing Voice over IP to anyone who will listen. There's no doubt that Voice over IP will become the norm in the future, but currently there are significant risks to its uptake. In an earlier article we showed just how easy it is to intercept voice traffic as it passes through the internet and this of course makes is really easy for anyone, government or otherwise to capture and record telephone calls. There are unconfirmed rumours that our own government is already capturing our internet traffic for analysis and of course voice traffic would be part of that. If you're familiar with the abilities of modern voice analytics then you'll know that your conversation can be quickly converted into a transcript and searched and/or archived. If you've taken up VoIP then ask your provider if they are using SRTP (Secure RTP) and you'll be told either No or they will lie to you. As it stands in the UK marketplace we are the ONLY VoIP provider offering voice encryption but be aware that even our voice encryption is only encrypted up to the point it leaves our service meaning we can ONLY guarantee voice security between GEN VoIP Customers/Sites. To many this shouldn't be a concern especially considering how much of your data is already in the wind but for some this is a serious unmitigated concern. 

The Cloud

There are two distinct flavours of "The Cloud". Private Cloud is business class internet based storage and services as provided by a myriad of providers and for those enterprise class providers you can be assured that your data, servers, containers and systems are secure and protected. Public Cloud which is often 'Free' is the sort of services provided by Microsoft (OneDrive), Google (Google Drive), Amazon, DropBox, Apple (iCloud Drive), Datablaze, Box, FlipDrive, HiDrive, iDrive, JumpShare, Hubic, Mega, pCloud, OziBox, Sync, Syncplicity, Yandex.Disk etc, and these services are absolutely NOT SECURE. This is not only because they are frequently compromised but because there is zero accountability because it's 'free' and provided 'as-is'. NO business should ever use Public Cloud services for storing business critical data. If its important to you then use a service that you PAY for and that has a degree of accountability. 

Cross Contamination

Since tracking to your personal profile is done via Fragments left on your computer, or cookies/sessions left by website's or even by your browser screen size and in a recent discovery by your sound card then allocating your activity to you is fairly good but there are some cases, especially in companies where internet access is proxied and where only a few 'login' to accounts that others activity can be falsely attributed to your or others profiles. I have personally seen this whilst writing this article when I requested all my activity from Google. Digging through it and remember I never use Google I found a bunch of searches performed as recently as earlier in the week that were from other users on the network which somehow wound up in MY profile. I have no idea how common this is in the real world. 

Controversy

There are some claims on social media that Google, Facebook and others are always 'listening' using the Microphone in your equipment, but this has largely been disproved by researchers at the time of writing this article. That doesn't mean it categorically does not happen or that it does, simply that the evidence to date suggests not. 

Obfuscation

Services such as VPN's and of course the ever popular Tor Browser are ways to obscure your real identity online, but you'll discover fairly quickly that the services above either don't work at all or are crippled deliberately. Google for example returns some made up message about unusual traffic. As VPN's come and go there will always be a short time before the services get blacklisted but this will never be a viable solution long term and as you'll discover in our article "A VPN will not save you" following this approach requires strict discipline and limitations. 

The sale of data and the data market

All of the above can produce fairly detailed and valuable profiles of your online AND offline activity but when the separate data collections are combined you start to have very complete profiles linked directly to an individual. This is what worries people more than Facebook and Google. Given that your data is bought and sold on a daily basis, some of these companies have a complete record of pretty much everything you do. Let's see what the total footprint of an average teenager today is

  • Your Name, Address, Race, Religion, Ethnicity, Phone Number(s), Email Addresses, family members, friends, loved ones, and associates. 
  • Your bank accounts and balances, credit cards, loans, and payment history. 
  • Your vehicle, make, model and registration, current tax and MOT status and how much you owe on it if anything. 
  • All Google/Bing/Yahoo searches, Clicks and All Sites visited, comments and posts.  
  • Every instant message you've ever sent or received and the content of all. 
  • All your photo's and the date/time and location they were taken along with everyone who can be identified in them using face recognition. 
  • Your location to within 5m at any time of the day and where you've ever been and for how long, how often and with who. 
  • What music, sports, products, services, video's, you like, dislike, watch, download or buy. 
  • Anything you've ever purchased or sold online, be that clothes, shoes, groceries, electronics, etc. 

I think now you must be starting to understand how the data business works and how your pretty powerless to stop it without some radical changes to your lifestyle and even then its too late for most people. Its important to be aware that these companies have done nothing wrong, nothing illegal or even shady, they are all businesses and their business is your data. I personally like Facebook & Twitter and Google is a good search engine but YOU need to make informed decisions on what services you use online, and what information you surrender to those services, because changing a few settings on their website will make ABSOLUTELY NO DIFFERENCE.

Apple

AppleWhether you believe it or not, Apple has taken a fairly adversarial approach to data protection, committing to protecting your data not only on your devices but also online with anti-tracking features in their browser (Safari), but in the scale of things and despite Apples best intentions it's not going to make very much difference in the end. The only way for Apple to make an effective dent in the data collection market would be to block all social media and search engines from users devices, which they won't do for obvious reasons and in the real world everyone has to make their own decisions on what they do and don't use. 

 

The near future

There's no doubt that data collection and dissemination is a business model that's here to stay, and you have to look at both sides of the argument. Imagine how much easier it is for our Police to be able to tell exactly who was where and when, Imagine how pattern analysis of messages and movements can identify possible crimes before they are committed, or imagine a world where your every move is recorded, analysed and reported. There's always two sides to it. 

Notes: 

Although GEN VoIP Encryption can only secure voice communications between GEN VoIP Customers/Sites, We also offer VoIP encrypted to Mobile Phones using a local App so for Company Site <-> Company Mobiles we can guarantee voice security.

 

Continue reading
  55437 Hits
  3 Comments
Recent Comments
Guest — kumar
Consider my suitably enlightened!
Thursday, 06 September 2018 10:09
Guest — jerald g
thank you. I've removed all my files from onedrive and will be storing them on my pc from now onwards.
Saturday, 02 February 2019 10:09
Guest — best online bingo
Monday, 21 October 2019 07:29
55437 Hits
3 Comments