An in-app purchase snafu: Apple sets sail on the failboat

It’s been a while since I’ve noticed Apple doing something really dumb. But this was almost shoved in my face, so it was difficult to just pass it by without writing a brief commentary on it.

Jacob Gorban recently wrote and published a short piece about Apple’s new in-app purchases feature that left users annoyed, and left him and his company looking like thieves. From his post:

We started to receive support requests from customers that purchased the “unlock” feature [in an app called Cashculator] but the application was still acting as “locked”. All they saw was a message that the transaction failed, with a very descriptive “Unknown Error” message, and nothing more. The really appalling aspect of this was that they were charged for the purchase ($20 to $30 in our case) but the transaction was marked as failed, the reason being “unknown error”.

Needless to say, such behavior doesn’t make the customers happy about using your app, not at all. Some of them originally thought that they failed to purchase. Imagine how surprised they were to receive a receipt from Apple a day or two later for their “purchase” which didn’t work.

Jacob goes on to state that just a few days ago, Apple finally fixed this bug. And the app upgrades that had been purchased, mysteriously finally started working. You’d think that’s the end of the story, right? Wrong.

Apple never really ackowledged that there was an issue with this, didn’t close my bug report, didn’t delete all the 1-star reviews that angry customers left and didn’t compensate the affected developers for their financial loss. Nothing.
[…]
I’m really not happy with the opaque way in which Apple handled this. […] Having this issue for more than a month and keeping it secret, while developers and customers suffer the consequences is plain wrong.

In other words, Apple quietly fixed this, and never even acknowledged there was a problem. This is not the way any decent company operates. This is one reason (of many) why I do not trust Apple and do not buy or use their products. (I once had to edit a blog post on my mom’s iPad for Quinn’s Big City. It took a lot of willpower not to start screaming profanity in the middle of a coffee shop.)

In my opinion, the right way to handle this, was to immediately investigate the incident, issue a press release stating the problem, and Do The Right Thing for the customers (both the developers and the end users). I am reminded of Microsoft’s absolutely abysmal attitude towards security, taking days or weeks to even acknowledge there was an issue, during the turn of the century, an attitude which (thankfully) Microsoft has learned cannot be sustained going forward. I can only hope Apple learns the same lesson with regard to communication with its customers and acknowledgement of known bugs, especially when they relate to payment handling.

Shame on you, Apple. This is not fixed; the damage done to the reputations of developers who trusted you to do the right thing still needs fixing. And that’s not as simple as tweaking a few lines of code and recompiling.

Misguided “Operation Wardrive” set to happen in Austin today

If this one seems a bit rushed, it is. I just now came across a mention of these two articles in an IRC channel I’m in, and noticed that this is was scheduled to start happening today. Spread the word if you are in Austin.

According to both EFF Austin and KVUE, the Austin Police Department is sweeping the city. Not for pot plants, speeders, reckless drivers, or even jaywalkers. They are sweeping the city for open wi-fi access points.

From the KVUE article (quoted in EFF Austin’s article):

Leaving your wireless network open invites a number of problems:

  • You may exceed the number of connections permitted by your Internet service provider.
  • Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.
  • Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.
  • Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.
  • Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.

Before even getting into EFF Austin’s side of the story, I’d like to analyze these, which it would appear at first glance were ripped straight out of APD’s press release without any vetting whatsoever (I really hope KVUE is better than that, but this is the state of news in 2011). Most of these aren’t even correct or have errors in fact. In order:

  • “You may exceed the number of connections permitted by your Internet service provider.”: Most wi-fi routers assign a private IP address and don’t really differentiate between one, two, five, ten, twenty, or fifty devices on the network (some may run out of addresses at a certain point but this problem can be remedied). It is rare to have a wi-fi access point connected directly to the outside Internet so for the majority of users this doesn’t apply. If your Internet provider does hard-limit the number of devices you can run on your connection, it’s time to switch. (This may, eventually, become an issue again with IPv6, but even then with most users getting a block of 65,000 addresses, this is doubtful.)
  • “Users piggy-backing on your internet connection might use up your bandwidth and slow your connection.”: Most users using an open wi-fi access point will not download excessive amounts of data. The benefit here of invited guests and friendly neighbors being able to borrow your connection usually outweighs the risks.
  • “Users piggy-backing on your internet connection might engage in illegal activity that will be traced to you.”: This is the same argument used to dissuade people from running Tor exit nodes and I would expect most of the same legal advice given to Tor exit node operators would apply here. In summary, an IP address does not uniquely identify an individual Internet user. It is simply routing information.
  • “Malicious users may be able to monitor your Internet activity and steal passwords and other sensitive information.”: This is about the only one that may be true with any regularity, and even then this would only apply to connections in plaintext, not to encrypted connections.
  • “Malicious users may be able to access files on your computer, install spyware and other malicious programs, or take control of your computer.”: Only if your computer is misconfigured, and in the case of malware, only likely if you’re running Windows or possibly MacOS. This doesn’t happen very often in the wild, if at all.

From EFF Austin’s post on the topic:

The EFF Austin Board of Directors finds nothing wrong with this analysis of the potential risks Internet users undertake when intentionally or unintentionally leaving their wireless access points open for shared use. In fact, we could cite a few more. However, these are much the same risks that Internet users undertake when using ANY shared wireless access point, such as those provided by cafés, public parks, or the Austin Public Library.

Missing from the cited analysis is any recognition of potential benefits to be gained from publicly sharing one’s wireless access point. Lately, the virtues of contributing to any shared commons tends to be overshadowed by fears of bad actors (both real and imagined). For some facts, it’s worth reviewing cryptographer and computer security specialist Bruce Schneier‘s discussion on the virtues and risks of running an open wireless network.

I agree in principle with EFF Austin’s argument, and I think it is unfortunate that APD has chosen to go through with this with the misguided belief they are helping keep their citizens safe. (The rest of the article mentions EFF’s Texas Public Information Act request and their concern about exactly what is being collected and why.)

We have maybe a couple of hours before APD’s officers will start knocking on doors to contact computer network owners sharing their Internet intentionally or unintentionally. So I think it’s a good time to remind everyone, especially those in Austin, that it is a bad idea from both a privacy and a legal standpoint to let the police inside your residence or business unless they have a warrant or you called them and they need access to do their job. For more information review this FAQ section at flexyourrights.org.

I suggest either not talking to APD or saying as little as possible if they want to discuss the security settings of your wireless network. Frankly, I think there are better uses of taxpayer money, and I encourage Austin residents who agree to communicate this to their elected officials.

UPDATE: Per entersection’s comment below, this was actually canceled/disapproved by APD. I will be making a followup post about this in the near future (probably by tomorrow night at the latest).

Edit 2023-01-28: The previous link to flexyourrights.org was broken sometime in the last decade and change; it is now updated and working again.

GM enters the spy car business with OnStar T&C update

In the past I’ve written about some pretty evil things done by large corporations: Google, Apple, Microsoft, AT&T, and a few others. What I read today, though, sets a new low, and from a most unlikely source.

Jonathan Zdziarski recently wrote a piece on GM’s OnStar service and a recent update to its terms and conditions. Jonathan was disturbed, to the point where he immediately canceled his OnStar service. And I don’t blame him; from the looks of it, GM vehicles with OnStar are now spy cars–and I don’t mean the James Bond type, either, I mean the type that spy on you. From the article:

OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.
[…]
As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.”

(some emphasis added)

As Jonathan goes on to say, there really is no such thing as anonymized GPS data. It’s a simple matter to find the GPS coordinates where a vehicle is parked at least 12 hours out of the day, and assume that’s probably the owner’s residence. If location is involved at all, the data is not anonymized.

I’m disturbed enough that this data is being shared with law enforcement; if OnStar knows a car regularly exceeds an underposted speed limit by 10 miles per hour or more, and shares that with the cops, that’s problem enough right there. Especially when they know, for example, there are sports car models or high-end luxury vehicle models disregarding the posted limits (i.e. vehicle owners that can definitely afford tickets and are ideal for maximizing revenue). It’d be bad enough if the privacy invasion affected only GM vehicle owners, but the invasion of privacy actually spills over to the rest of us that will never buy another GM vehicle.

Again quoting Jonathan:

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

I couldn’t have said it any better myself.

Particuarly infuriating, is that we, the government, bailed out GM, and they repay our gratitude by doing something that is downright un-American. This country was founded on privacy; see the Fourth and Fifth Amendments to the Constitution (and it’s quite possible other amendments, such as the Ninth and Tenth, apply as well in certain cases). This is a wholesale invasion of our privacy, that has a disastrous effect on all of us, GM customers or not.

I’m horrified. This is inexcusable. Shame on you, GM. I wish you a speedy bankruptcy, this time without a taxpayer bailout.

Action items for my readers:

  • First, be aware of the issue. This affects you if you own, drive, or ride in a GM vehicle with OnStar service, even if the OnStar service is not active, unless the OnStar circuit has been deactivated by pulling the fuse.
  • If you don’t like what GM is doing here, and you own one or more GM vehicles with OnStar capability, cancel the service and remove the OnStar fuse (search in your favorite search engine for “onstar fuse location” followed by the make, model, and model year of your vehicle).
  • If you drive someone else’s GM vehicle with OnStar capability, be aware your privacy basically doesn’t exist if the OnStar circuit is active. Whether or not you pull the OnStar fuse for the time you’re driving the vehicle is your decision; the possible unhappiness of the vehicle’s owner should be weighed against your lack of privacy. Likewise, when you’re done driving that vehicle, put the fuse back in if you took it out (unless the owner instructs you otherwise).
  • Since seat belt information is involved, this technically even affects passengers in a GM vehicle with OnStar capability. Unfortunately, you may not have much choice here, as many state laws now require seat belt usage for all passengers, front seat or otherwise.
  • If you are in the market for a new car, and a GM vehicle was on the list, it’s time to rethink that. It goes without saying I think this is reason enough to disqualify all GM vehicles from consideration.

Warm bodies are still smarter than silicon (When “the cloud” delivers a thunderstorm, part 2)

Recently, I posted about Dylan M and his sudden unexplained loss of his Google account. The aftermath of the story is given in a follow up to the previous article on Consumerist. While it is nice to see a happy ending, the truth as to why Dylan had his account locked in the first place is yet another cautionary tale about trusting cloud-based services.

Quoting Dylan as quoted by Consumerist:

I am a former art student and for the past year I have made my living as an artist. Three years ago I had been preparing a compilation of images to participate in an art show entitled “The Evolution of Sex” featuring a set of images, not my own, which I felt depicted the increasing violence and growing absurdity of pornography over the past 2000 years.

The image that they considered a violation of the Terms of Service is not among them and was more explicit, but it was created by the same photographer as the overtly suggestive last image, whose work is apparently well known and contentious for the obvious reasons of skirting legal boundaries.

Translation: this photog’s work pushes the line of what’s considered kiddie porn. (It would seem that Dylan’s account was flagged simply because he had a picture from a photographer known to test the limits, caught by an automated scan. I’ll get back to this point at the end.)

The only thing that is aggravating is that in the same folder they flagged, which was also titled “The Evolution of Sex,” are images of well known ancient Pompeii fertility statues, pre-historic examples including the Venus of Willendorf, a page from a French anti-pornography series from the 1800’s, one version of a common and well known advertisement that has been snuck into phonebooks nationwide since the 1950’s that is subversively pornographic (check your phonebook, or Snopes, it’s still very common in the UK), the cover from an issue of Rapeman, an infamous Japanese comic book about a superhero who rapes the wives of his enemies as retribution and can also be hired by corporations to rape the wives of thieving employees, and a picture of a vending machine on a street in Japan which claims to sell used young girls underwear.

Google employs an automated system to scan user storage for violations of their ToS and in the process erroneously flagged one of the images in the folder as child pornography… I am not angry at Google about this, as some might suggest… Google was unable to speak with me about it for legal reasons and it was Vic Gundotra who fast-tracked the appeal process once he learned of the situation through Twitter and personally investigated. When I asked him what would have happened had he not intervened he said the case would have gone through the regular appeals process and may have taken weeks to be sorted out.

Translation: We’re Google, we know what’s child porn better than you do, and even if we occasionally seem to be wrong, you can do without your Google account for a few weeks, right?

I can understand Google policing their servers for child pornography. However, I get the impression this was not reviewed by a human. It’s obvious that Dylan is not a pedophile, but an artist. It infringes upon Dylan’s free speech and free expression for Google to be “trigger happy” and assume that one picture from this photographer had to be kiddie porn based completely on that photog’s reputation.

So in some ways it’s worse than I thought. Put an image Google decides not to like on your Picasa account, and one could wind up losing one’s entire Google account, not just Picasa. I think that’s a bit too heavy handed and serves to underscore the need to make backups off of the cloud. There is something about plugging in a USB flash drive, copying data to it, taking it back out, and actually touching the physical medium one’s data is stored on. Maybe it’s just me, I don’t know.

Google definitely needs to find better ways to handle situations like this. I think just locking an account with no explanation is inexcusable. We should not have to do what Dylan did, should the same thing happen to us. At the very least, I will probably never use Picasa after reading about this, and will back up my Flickr and other photo service accounts on a more regular basis from now on.

When “the cloud” delivers a thunderstorm

(NOTE: in the time it took me to get this post ready for publication, Dylan did get his access restored. I will be following up with the conclusion of the story, which raises more points for discussion than I wanted to add to this post.)

I have been cautious with regard to the new wave of “cloud-based” services. I keep backups of all my data on my own media. And I’m sure some of you laugh at me as old-fashioned. Well, wait until you read this story.

A recent post to Consumerist tells the story of Dylan M. (he is identified only by first name in the article; the last initial is on his Twitter account) and the sudden deactivation of his Google account.

Dylan was a happy user of Google’s services for the last seven years, until 2011 July 15 when he found his Google account was deactivated. Dylan has lost “approximately 7 years of correspondence, over 4,800 photographs and videos, my Google Voice messages, over 500 articles saved to my Google Reader account for scholarship purposes… all of my bookmarks… over 200 contacts… my Docs account… my Calendar access… [which includes] not only my own personal calendar of doctor’s appointments, meetings, and various other dates, but I have also lost collaborative calendars, of which I was the creator and of which several man hours were put into creating… saved maps and travel history… my website, a [B]logger account for which I purchased the domain through Google and designed myself” according to his Twitlonger post.

Dylan goes on to write he has been a loyal fan of Google, encouraging the company he works for to use Google Business Apps and purchase storage with Picasa, and encourgaing his friends and family to open a Google or Gmail account and use Google’s Chrome browser. He also goes on to slam Google for behaving in such an abusive, monopolistic fashion.

Note that Dylan went to Twitter to air his greivances? Remember that at one point rumor was that Google was about to buy Twitter? This incident is a prime example of why such an acquisition would have been a disaster for the computing public. Thankfully, it didn’t happen.

So, how do we protect ourselves from what happened to Dylan? Back up your data to a storage medium you physically control, whatever that may be. Keep multiple copies of things that are truly important. Back up everything as though Google’s (or Microsoft’s, Apple’s, etc.) datacenters will lose everything for everyone (or at least everything for you) sometime in the next week.

At the very least, it is a bad idea to trust one company (such as Google in Dylan’s case) with everything. I’m not sure if one can, for example, run both the Delicious and Google Bookmark plugins without fear of conflict. I know that a Gmail account can be accessed via IMAP and backed up using tools such as archivemail for Ubuntu. I don’t use Gmail for truly important email, but if I did, I would back it up with archivemail --copy --all and the appropriate URL and other switches.

If I am ever a significant adopter of cloud-based services at all, it will be a relatively late adoption. With the ubiquity of USB flash drives which can hold upwards of 4 gigabytes being easily affordable (some, such as this one made by LaCie even resemble a door/car key and can easily be carried on one’s existing keyring), I see no reason to put important data “on a server somewhere” which can go down when I least expect it. I have known of exactly two USB flash drives to fail during the timeframe I have used the technology; one (mine) was because I used it like a small hard drive for an Ubuntu install (it actually lasted for almost a year, though it did corrupt quite a bit of data during that time), and the other (my mom’s) failed due to a defective USB hub, apparently melting something plastic on the connector to the point where it won’t even insert into a USB port. My first USB flash drive, a 32 MB Memorex model (which at the latest probably dates from 2005), still works and has been used for everything from moving small quantities of documents to a boot medium as recently as this year.

That said, I still recommend optical discs such as CD-R, DVD-R, BD-R (recordable Blu-Ray), etc for long-term archival of data, particuarly data that should definitely not be changed after it has been written such as legal documents.

As noted above, Dylan did get his Google account back. However, the circumstances under which it was shut down deserve a rant of their own.

[To be continued…]