Datamining public profiles

November 30, 2006

Courtesy of Mike Murray and Steve Patton:

Try these Google searches: <your-company-name> <your-company-name>

As Mike points out, these are only the profiles that users have chosen to make public.

Checking book prices from your mobile phone

November 30, 2006

I’m on the way down to Bristol this morning with a couple of colleagues, and as the train was delayed we paid a visit to W H Smith. They are doing a deal on books: buy one, get the second half price.

I remembered reading about a service that allows you to check book prices by text message, but didn’t have the name to hand. Anyway, the service is Txtbux, and it gives you the current prices from

It’s easy to use:

1. Enter basic registration details

2. Confirm registration code sent to your phone

3. Send a text message: txtbux <ISBN number> to the Txtbux SMS number (standard message rates)

Here’s an example reply:

Schott's Almanac 2007
by Ben Schott: £7.65
(Save 55%) in 24hrs.
Pstg £2.16+59p/book=
£10.40 total. Added to
your list @

Txtbux makes its money from Amazon referral fees, so the site is relying on you to click through from your saved search list to Amazon if you decide to buy the book.

The First Month

November 29, 2006

So, I wrote the first post just over a month ago and since then I’ve added entries on surveillance, music, security and social software.

I assumed when I started out that the logical choice was to focus on technology (since that’s my job), but I haven’t written about this (specifically software) as much I was expecting. At the moment I get paid to design and build enterprise software, not blog, and I’ve found that my posts have been more about what I discover outside of work. However, I’ve still got some ideas along the lines of lessons learned, and trends, and the 1000ft view of software development that I plan to cover.

I’ve found that putting together a coherent post can take a while (the last one took me 3 hours), and I’m working on integrating the writing into my routine.

My most popular post so far was the coverage of Social by Design. It seems to me that timeliness of coverage is important, so I’m going to work at this, as well as posting more frequently.

Henry Porter’s “Suspect Nation”

November 25, 2006

I’ve been watching a recording of Suspect Nation, first shown last Monday on More 4, in which journalist and author Henry Porter covers the privacy and security aspects of mass surveillance in the UK. He was supported by programme consultants Adam Laurie and Heather Brooke. Early in the fim Porter meets Professor Clive Norris, one of the founding editors of the journal Surveillance and Society, who asserts that we have moved away from the idea that you should only target those that you have reasonable suspicion of, to a point where we are saying everybody is suspicious, and we have a right to target everybody.

Porter quotes from an e-mail exchange he had with Tony Blair earlier this year in which the Prime Minister attempts to justify these developments with: “… this is as much an issue of modernity as liberty. We are trying to fight 21st century crime by 19th century means. It hasn’t worked. It won’t work. The terrorism is different. The street crime is different.”

To cope with the increasing level of CCTV surveillance, London Underground is trialling a system that allows automatic detection of undesirable behaviour. On the roads, Porter states that a reported 3000 numberplate recognition cameras are being installed in a nationwide roll-out; the system will log the time, date and location of every car that passes its cameras, and keep the information for up to 2 years. (The police want to extend this to 5 years.) Porter also cites the
Oyster Card system, which maintains a record of your journeys on the London Underground for the previous 8 weeks. Heather Brooke reports that from August 2004 to March 2006, there were 426 requests from the police to search the database, whereas in the last 6 months there have been around 170 requests per month for access. And in London, the numberplate recognition cameras used for congestion charging are left running over the weekend because (according to Transport for London) it would be too expensive for someone to go round and “flick a switch” on each camera.

The government is planning, at a cost of more than £200M, to create a database containing the personal details of around 11M children, which will be accessible by 400,000 public sector workers. Top politicians and celebrities will be able to opt out of this database for security reasons.

Given that the prevention of terrorism is one of the main justifications for increased surveillance, Porter visits America to see what measures have been implemented there five years after September 11th. He mentions the AT&T phone tapping case, and also that SWIFT has systematically breached European data privacy laws since 2001 by sharing personal data of EU citizens with the U.S. He meets Jay Stanley, of the American Civil Liberties Union; when people say that they’ve never done anything wrong (so why should they be worried?) Stanley points out that “there are a lot of (complicated) laws on the books, where the prosecutors and police have discretion to interpret the laws and if they decide that you are the enemy, and they can go through your life with a fine-toothed comb (because your privacy has been destroyed), the chances are pretty good that they will find something”. (Consider the case of David Mery, mentioned in my previous post on surveillance, who was arrested for spurious reasons at Southwark tube station.)

Porter meets Al Gore, who says: “The use of fear to acquire power has a rather old provenance … politicians from time immemorial have used that tactic … it’s always been effective.”

When Porter asks whether Gore thinks that blanket surveillance is a good way of tracking people, Gore responds with an analogy from an FBI expert: “We are looking for needles in haystacks and the Bush-Cheney administration keeps piling more hay on top of the stacks. The routine mass-collection of all of these conversations and communications is not only an invasion of privacy, it’s also completely impractical as a way of finding threats to security that are legitimate … they had the names of the hijackers on 9/11 … they had their telephone numbers … [two of them] were listed in the book under their own names and yet they had so much hay to sort through they ignored those pointed facts and said ‘oh, we need to collect more mass data'”.

Gore also says, when asked about a national ID card: “In the U.S. context, a national ID card has always been resisted precisely because it has been seen as a very powerful tool, which in the hands of the wrong kind of government could be a means for abusing privacy”.

The final part of the programme examines the security of some tracking technologies.

As well as being used to track goods, RFID chips have been implanted in some U.S. patients with degenerative brain conditions. Each chip contains a 16-digit code that can be used to access the patient’s medical records. Verichip implants were originally designed to tag pets, but the CEO has also suggested that they be used on migrant workers and the military. Adam Laurie points out that he can easily buy another writable RFID chip, copy the code in Henry Porter’s chip
and then have it implanted. Laurie also shows how he was able to obtain CCTV footage of Porter meeting Heather Brooke (by using a radio frequency receiver to intercept the CCTV signal), and record their conversation. He achieved this by registering Brooke’s mobile phone in a tracking service, then following Porter and Brooke until he spotted them. He then sat around the corner and connected to her phone via Bluetooth, using a known vulnerability to get the phone to call him back and he recorded the conversation.

This is a rather contrived example, because it depends on Bluetooth being enabled and the target phone being vulnerable, but it does demonstrate how a variety of techniques can be used together to build a composite picture.

Laurie’s final demonstration is to read the electronic information from one of the new UK passports, which was covered at length in the Guardian a few days earlier, and also on SecurityFocus. Laurie established that the cryptographic key required to read information from the embedded chip is based on the date of birth, passport number, and expiry date. The Home Office comments that the chip contains only the same information as is shown inside the passport, and you need to know the passport number (or be able to guess it). Note, however, that the decoding of information does not have to be done in real-time, as the attacker could read data exchanged wirelessly between the passport and the reader, and then decrypt this later. And the chip could also potentially be cloned into a new passport.

I’ve covered this programme because I feel that we all need to be mindful of how surveillance is evolving and what it means for each of us. I understand that covering the country with cameras is more cost-effective than spending the money on police, and these tracking technologies do help to catch criminals (and generate revenue) but I think it’s also clear that this is being done at the expense of our privacy.  

Suspect Nation will be shown again on Wednesday 29th November at 10pm GMT on More 4.

Blogroll Updated

November 22, 2006

As well as updating the About page, I have added some of my feeds to the Blogroll. Here’s a summary:

There are two feeds from Ryan Carson and co. from Carson Systems, namely Bare Naked App and Vitamin. Ryan’s posts on the process of building and latterly negotiating to sell DropSend have been very enlightening, and I’ve been impressed with the way that he has been prepared to share figures that I think other companies would guard jealously. I’ve signed up for the UK Future of Web Apps conference in February. (The podcasts from previous FOWA conferences are highly recommended.)

There are a couple of feeds associated with UK innovation: Beers and Innovation, and TechCrunch UK. It’s encouraging to see increasing awareness around the talent that we have in the UK.

I don’t recall how I came across JP Rangaswami’s blog, Confused of Calcutta, but I enjoy his writing style and he explores a variety of topics which often give me food for thought.

Joel Spolsky, Eric Sink and Michael Lopp a.k.a. Rands in Repose all provide practical enlightenment on software engineering and other matters. I came across these from reading Joel’s compilation: “The Best Software Writing”. Then there are a number of feeds that cover trends: Dion Hinchcliffe’s Web 2.0 blog, O’Reilly Radar, Esther Dyson’s Release 0.9 and Don Dodge onThe Next Big Thing (Don is a Director in Microsoft’s Emerging Business Team).

Jeremy Wagstaff writes for the BBC and the Wall Street Journal, and covers a variety of technology topics in his Loose Wire blog; I also find TechBeat and Tech Dirt good for general technology news.

Niall Kennedy covers “Blogs, search, RSS, Atom …” (areas I’m currently following closely) as well as “… business news and general geekery”.

As a developer I have come across Kathy Sierra’s “Head First Design Patterns” book, and then I saw her speak at at Ruby on Rails conference in London back in September. She and her colleagues focus on “how the brain works and how to exploit it for better learning and memory”. Finally, I’ve included links to David Heinemeier Hansson and Simon Willison. David is the creator of the Ruby on Rails framework and member of the 37 Signals (blog) team. I don’t claim to be fully immersed in Rails development yet (which is where his blog generally focuses), but I have included this because David does come up with gems that are applicable to non-Rails frameworks. Simon is creator of the Python-based Django framework, and works at Yahoo; his blog covers some very informative technical stuff around web applications.

(Updated: There aren’t going to be any more posts to Bare Naked App, so I’ve replaced this with the link to Carsonified.)

Social by Design

November 16, 2006

On Tuesday I was at the Beers and Innovation: Social By Design event at the Albannach bar. This was fully booked, and started off with panel members saying their bit, followed by a lively debate. Neil McIntosh chaired the session.

Panel member Tim Morgan focused mainly on the specifics of Islandoo, which is a social networking site originally created for people who want to be on Channel 4’s Shipwrecked show. He commented the site tends to attract alpha types. More generally, the software makes it very easy for users to chat, which greatly improves their experience on the site, and users provide constant feedback on new features.

Tim was joined by Meg Pickard, of AOL Europe, and Philip Wilkinson of Crowdstorm, who provided some other useful perspectives. Meg observed that we are moving from identity-based to topic-based networks and whereas the mantra was previously “content is king” we should now be thinking “context is king” for social networks. (In what context is the user using the site? What value are they getting from it?) Philip commented that social
software which reflects human behaviour is good … with a limited user base we need ways to gain attention.

Philip suggested that we should focus on a problem to be solved, and came up with a list recommendations for building a site:

  1. Don’t try to change user behaviour (e.g. forcing the user to upload photos to a photo-sharing site before they can use it)
  2. Usability is very important (you may not get a second chance if someone visits your site and doesn’t find it easy to use)
  3. Find a way to stand out; user’s have limited time and attention
  4. Every user is important (including the anal ones)

In the discussion the panel were asked how well they thought tagging worked. Philip Wilkinson replied that it works well in some cases but you need to think about why it’s there, as opposed to treating a tag cloud as a must-have feature of a social networking site. He also noted that because some items are difficult to categorise you can end up with a long list of tags when you try.

Another question was “How do we progress users [as their needs and motivations change]?” Meg didn’t answer the question directly but suggested that AOL are looking at this.

Given the event’s title, one attendee asked “Where is the design [… look at Myspace]?”. Tom Coates (in the audience) replied that the design we are talking about isn’t just graphic design … it’s about how well the site fulfils what the user wants to do … Myspace did very well with their marketing, and establishing a strong seed community.

Some examples of more altruistic sites were given, including (from Tim Morgan), and a networking site in Africa for people with HIV/AIDS. Meg cited the Digital Islands project (mentioned in her post on the event), which could have done more to allow the the islanders to communicate among themselves rather than with Edinburgh.

A few other take-aways:

  • Someone asked the panel about ROI, and where they thought the value was in social networking sites (notwithstanding Myspace’s $950M advertising deal with Google); Meg commented that we should be thinking about metrics of attention and engagement when measuring the value.
  • Tom Coates refuted the assertion that this is really all about advertising, observing that Flickr is profitable and this revenue doesn’t come from advertising but from Pro subscriptions (that is, people are prepared to pay for extra features)
  • The popularity of Second Life was covered (apparently IBM use this for virtual meetings); Meg pointed out that this is a synchronous environment, which is fine for meetings, but other sites such as Myspace and Bebo are better for asynchronous communication, where you can’t get everyone together at the same time.

Captcha Techniques in Spam

November 15, 2006

The majority of my spam recently has involved stock recommendations encoded as an embedded GIF. Examples of some less grammatically-challenged subject lines are: “garbage can Frisbee”, “official espresso”, “noisy symmetry”, “crutch innuendo”, “fabricate hiccup” and “depraved give-and-take”.

Today I received an e-mail that illustrates how spammers are adopting image manipulation techniques used in captchas to encode their images.


I think this is interesting as the spammers are using a technique that has previously been deployed against them (to hinder automated sign-up for free e-mail accounts and blog comment spam, for example).

Personally, I use the Qurb white list e-mail filter which does a good job of catching these messages.