In the car I hired last weekend, it had a load of built-in tech – Ford’s Sync system – that was quite interesting, not least for the fact that it worked really nicely and easily. Connecting my phone to the car was a doddle, the satnav worked well (and better than my usual stand-alone device in several ways) and it all just seemed pretty easy.
However. It’s obvious that it was designed for a standard “family car” scenario, rather than a vehicle that would be hired to many different users. Which makes sense, but leads to an interesting longer-term problem…
Basically, people are lazy – and don’t think about their data. So the convenience of connecting one’s phone to the car system for hands-free calls etc is great, as is the simple download of the phone’s address book to the system. But if you then don’t delete it when you take the car back to the hire place, it’s all available to the next user. The same applies to the satnav system – ‘recent destinations’ is a goldmine of activity, right down to house number and location. (And I suspect, with a bit of work, one could connect the destination to a phone number in that downloaded phonebook)
It just interests me, how little people care (or understand) about their information. I cleared down the whole car system before I returned it, which took less than five minutes all told. So it’s not much work, but it’s still work, which most people don’t seem willing to undertake.
I’ve suggested to the hire company that it should perhaps be part of the car sanitising process when it’s returned (or before it’s hired back out, whichever) although I realise that makes it more hassle for them, and there’s a lot of different setups in the various cars.
Of course, it’d be better if people cleaned up after themselves – or the car tech had a “forget everything” button/process (although that would still be too much effort for most people) that did the job. But that won’t happen until people realise how important this shit can be, and sadly that tends to only happen by negative paths/occurrences/events, and will always be learned too late.
Every so often, I’ll see a scenario that just leaves me utterly gobsmacked. Sadly, they’re usually based around security of some sort – for whatever reason, it’s something I’m generally pretty tuned in to, and aware of.
Yesterday’s one was an absolute blinder – and caused by a complete lack of thought/awareness.
While I was walking at lunchtime, the person in front of me was paying a bill over the phone. Using hands-free, so it was all done out loud. (I don’t quite get why some people use hands-free for conversations on mobiles while walking – particularly when they’re still holding the mouthpiece to their mouths anyway. People be weird)
That wasn’t so bad – he was entering the card details using the keypad, so in that aspect it was fairly secure. Not how I’d have chosen to do it, but hey, I’m not one to judge.
The bit where it all went tits up, though, was that the payment line then reads the numbers back to the user, as a confirmation. “If this is correct, press 1“.
It’s a scenario where the developers etc. have thought about how to confirm the card data, and it makes sense to read it back. They’ve just not seen the real-world situations where people then do these things in public, on hands-free speakers. But it meant that – were I a bad person – I’d have all of that guy’s card information (it even read back the CV2 validation number) which I could have made use of.
And in case anyone’s wondering, I did tap him on the shoulder when he’d finished the call, and explained that he really should get that card changed ASAP. If I could hear it, or if he does that on a regular basis, then the card is compromised, and it’s only fair to make him aware of it.
It’s up to him, of course – but the fact I told him his card number, expiry date, and CV2 (correctly – I really do need to get out more) certainly seemed to focus his mind somewhat…
It’s November, so in the last few days we’ve seen the clocks go back and had some seriously thick fogs in the mornings and evenings. That means people are (or at least should be) driving with lights on and so on – and it also illustrates that plenty of them don’t have everything working.
As usual, I find it utterly gobsmacking how people can drive along – while maintaining the same speeds they’d drive at on dry roads with decent visibility – with broken headlamps, no lights at all, and no foglights. (And, of course there’s then the ones who leave on foglights well into clear weather, or use them at night when there’s no need at all)
I lost count of the number of – usually pale/grey – cars with no lights at all, in visibility that could be measured in feet, at best. I don’t understand what goes through someone’s head, that whole “well, I can see fuck-all, but I’ll keep my lights turned off, because even though I can’t see, it’s Day Time, so I don’t need lights” kind of process.
Equally, I don’t get how people can consistently drive with a broken/non-working headlamp, and the massively-reduced visibility that gives. I know it happens, that they can just blow without warning – I’ve had it happen. But when it has happened, it gets replaced rapidly – particularly in Autumn and Winter. Even in the poorest days, you (or at least I) still make sure that the car is safe.
But that doesn’t seem to be the case with a lot of people, and it’s a mindset I just don’t get.
Yet again, today there’s a story about another place revealing a confidential list of customers in emails – and as usual, in what’s known as a Corbett round here (courtesy of a certain Irish marketing person) it’s looking like the leaker sent the email using CC instead of BCC.
In this case, the information is even more sensitive than usual, as it’s people who’ve used a particular STI clinic in London, and may have also revealed their HIV status. Oh, bloody whoops.
It amazes me how often this seems to happen – and how easy it should be to fix.
The first answer is, obviously, train people.
But after that, it’s about defending against laziness and stupidity. But even that’s pretty easy.
All it really needs is a block on recipients in CC. If you’re sending an email and it’s got more than (say) 10 addresses in the CC field, it simply asks if you’re sure you want to send it with those people in CC rather than BCC. That’s an email-client thing – but is easy to do.
It can’t be that difficult – my own email clients all already ask if I want to send an email with no attachments if the message contains keywords like ‘attached’ or ‘CV’, after all.
A similar thing could be done on the mail-server as well – put in a rule that if there’s more than [defined limit] of addresses in the CC, it doesn’t send without an authorisation, an acknowledgement that this is OK.
There will still be the odd blithering fucktrumpet who manages to send out a whole mailing-list in CC (or even To) – but at least make it harder for them to do so.
Surely that’s not asking too much?