Tuesday, January 30, 2018

Strava - SHARE! SHARE! SHARE! What, you shared? It's your fault!

Whenever you sign up for a free service, it's important to the service provider to have access to your data so that it can be sold. For that reason, service providers usually default accounts so that the account information is public.

What could go wrong?

An interactive map posted on the internet that shows the whereabouts of people who use Fitbit and similar devices also reveals highly sensitive information about the location and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.

The GPS tracking company Strava published the Global Heat Map, using satellite information to map the movements of subscribers to the company's fitness service over a two-year period by illuminating areas of activity.


Normally that isn't much of an issue - if you're in the Los Angeles area, for example, there are a ton of people with wearables.

But what if you're in another part of the world? Such as...Afghanistan?


Now since the Taliban don't seem to be the type to run out and buy Fitbit, those few data points in the area can become VERY significant.

Zooming in on those brings into focus the locations and outlines of known U.S. military bases, as well as of other unknown and potentially sensitive sites - presumably because U.S. soldiers and other personnel are using fitness trackers there.

So people are now reacting reactively, and asking why Strava would threaten to end civilization as we know it.

Strava's reply? It's not our fault:

“We are committed to helping people better understand our settings to give them control over what they share,” the company said, sharing a blogpost from 2017 which detailed eight things users can do to lock down their privacy on the service, including specifically opting out of the global heatmap by unchecking a box in the settings page.

Perhaps this whole thing can be chalked up to unintended consequences. The military wanted to battle obesity, so it encouraged personnel to wear the fitness trackers. Strava probably didn't think through the consequences of posting this information.

But if Strava is truly committed to the safety of its community...then why is the default privacy setting set to this?

The basic level is to choose to not use any privacy controls and make your info available publicly, like it would be on Twitter, for example.

And if you don't know the answer to the question of why privacy defaults to no privacy at all...here it is.

You own the information, data, text, software, sound, photographs, graphics, video, messages, posts, tags, or other materials you make available in connection with the Services (“Content”), whether publicly posted, privately transmitted, or submitted through a third party API (e.g. a photograph submitted via Instagram). You grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any Content that you post on or in connection with the Services.

Basically, when there is no privacy, Strava has a LOT of data that it can use for...things.

Oh, and by the way...

You understand that you, and not Strava, are entirely responsible for all Content that you upload, post, email, transmit or otherwise make available via the Services.

Again - it's YOUR fault, stupid user, for not correcting the privacy gap that we put into the software.

THOSE are the legal parameters that Strava - and many, many other companies - consider as binding. Not the non-binding "Nothing is more important than the safety of our community" feel-good statements.

Thursday, January 25, 2018

Benebit - Bene who?

So I was doing industry research on LinkedIn and ran across a post that began as follows:

Dear Cryptocurrency Community,

Another scam has been discovered👇🏼

Benebit, one of the ICOs that was quite hyped, has pulled an exit scam taking somewhat $2.7 million of investor funds. Other estimates claim it could be even $4 million 💸

The red light was switch on when it was discovered that the executive team photos had been stolen from a school website🚨

All of these people: John Leverty, Howard Sharp, Ian Livingstone & Victoria Ellison are scammers. Their profiles are fake, just as their project ‼️


The post itself didn't offer proof that Benebit was a scam, and it ended with this:

So please tag anyone that should read this. Share this with others. These people need to be banned, caught and imprisoned.

The "please share this with everyone" plea gave me an uneasy feeling about this post. Was it being posted by an enemy of Benebit, as an attempt to dampen the company's aspects?

Obviously this needed further research. I started at Benebit's LinkedIn page:

Benebit is a disruptive network for the cashback and loyalty market based on blockchain technology. The unbeatable social component of Benebit’s model is professionally designed to meet the highest standards of business/consumer interaction for securely storing and exchanging all kinds of user and brand data for the promotion of discounts, special deals, cashback and loyalty programs.

Benebit simplifies and introduces a new way for businesses and consumers to interact, which drives traffic, increases loyalty and trust, and enhances convenience and security.



Disruptive! Blockchain! "Unbeatable social component!" Coincidentally, I had recently read a Mitch Wagner post that was intentionally buzzword-loaded. So this Benebit description sounded smarmy enough, but didn't necessarily indicate that it was a scam.

Until I found this article on bitcoin.com that corroborated the LinkedIn statement.

Benebit, one of this year’s most hyped ICOs, has pulled an exit scam, making off with a reported $2.7 million of investor funds. Other estimates put the figure as high as $4 million. The fraud only came to light after someone noticed that the team photos had been stolen from a school website. Once this happened, the Benebit team scampered, taking their ill-gotten gains with them. The case is believed to be the largest ICO exit scam to date.


More disturbingly, before the discovery of the school photo "appropriation," everyone thought Benebit was just fine.

The ICO platform had wide support, with over 9,000 Telegram followers and a positive rating on ICO review sites. As soon as the scam surfaced, those sites wasted no time in scrubbing their reviews or updating them to reflect the change of circumstances, despite having previously green-lighted the project.

As late as January 5, publications such as this one were writing about Benebit's plans. And while this particular site noted that its aspirations were "obviously a difficult feat," the article writer assumed that Benebit would still be a going concern a few weeks later.

Could someone have gotten through the hype before the Benebitters ran off with millions? Hard to say. While there are a number of "news outlets" that do nothing more than regurgitate press releases (or now-deleted LinkedIn profiles), even those outlets with questioning journalists might have been stymied by Benebit's act. Startups are justifiably protective of the technology they are developing, so it would be expected that the executives would not be forthcoming about all of the details.

But it would have been nice to meet the executives in person - something that obviously didn't happen.

The fallacy of "minimum qualifications"

Even though I left my proposals job (for the second time) in early 2015, I still receive emails from the Association of Proposal Management Professionals - and I actually LIKE to receive these emails.

One of these recent emails advertised an available proposals position with a particular company.

While reading the position description, I realized that I would not have qualified for this position when I started my first proposals job in 1994. In fact, I wouldn't qualify for this position today, despite over ten years of proposals experience.

Why not?

Because the position has "minimum qualifications" - and since it was written for (and possibly by) proposal professionals, I am forced to assume that the minimum qualifications are truly MANDATORY. If you know anything about proposals and RFPs, you know that in a well-run organization, requirements are requirements are requirements.

So why would I not meet this company's criteria? Take a look at the first minimum qualification.

Must have Bachelor's Degree in Journalism, Communications, English or another relevant field

I have a Bachelor's Degree...in ecomomics.

Never mind the fact that to obtain this degree, I had to write an undergraduate thesis.

Never mind the fact that between my graduation and 1994, I had written a variety of technical manuals, and had even co-authored a paper that was published in a journal in 1991.

Never mind the fact that between 1994 and 2015, I had amassed a ton of proposal experience.

Of course, that in itself was a problem, because it meant that I failed to meet another minimum qualification.

Two years of experience in a technical writing position

"But John," you may be asking, "didn't you actually EXCEED this requirement?"

Um, re-read the requirement again. It does not specify "Two years OR MORE" of experience; it explicitly specifies "Two years" of experience. And since it was written for (and possibly by) proposal professionals, I am forced to assume that the writer meant what he/she said.

"John, you're being silly," you may be saying. "They would obviously look at your resume and determine that you are qualified for the position."

But remember the essential truths of HR resume review:

Your resume will most likely never be read in its entirety, and the real thought process when reading it is...

“Is there anything in here that knocks this person out from further consideration?”...

Because of the volume, [reviewers] must make a judgment on each [resume] in a very few seconds


In practice, the resume review process would probably work like this.

Boy, the traffic was terrible this morning. Ah, here's a pile of papers from my boss, with a note. "Please go through these resumes for the proposal position and get me the ones that meet the minimum criteria."

OK, let's start with the education requirement. Wow, there are a lot of resumes to go through here!

Jones, bachelor's degree in English - looks good.

Smith, high school graduate - discard.

Johnson, bachelor's degree in physics, master's degree in journalism - better ask the boss.

Bredehoft, bachelor's degree in economics - discard.


Just as well. I'm not sure that I'd want to rejoin proposals for a third time.

Thursday, January 18, 2018

My response to Dorothy Jake from The Facebook Inc

One of my posts in the "Silicon Valley is Devoid of Reason" series partially touched upon the 2013 Federal Government shutdown. Since there's a chance that we'll reprise this in 2018, I dragged out the old post and shared part of it on Google Plus.

And, wonders of wonders, that post received a comment.


Hello Mr John Bredehoft how are you doing overthere and your families , we hope this text meets you in a good state of mind??
I'm Agent Dorothy Jake from the Facebook Inc and i was authourized to get in touch with you on here by the Facebook Officails
I'm here to pass a good news about your Facebook Account and i will love to chat on Hangout for more explanation pls...........dorothyjake5@gmail.com

Thanks as we wait for your swift reply

1 Hacker Way, Menlo Park, CA 94025


Now I could have simply responded to the esteemed Ms. Jake on the original Google Plus post, but her outreach is so impressive that I wanted to share it here, so that everyone knows how great The Facebook Inc is.

So, without further ado:

Dorothy,

Thank you for your outreach to me, and thank you for the wonderful work that The Facebook Inc is doing. In these times of impenetrable silos, I am amazed that The Facebook Inc would not only maintain an outreach portal on Google Plus, but that you would also actively encourage the use of The Facebook Inc Messenger competitors such as Google Hangouts. You are a living example of the outreach work of the late Dr. Rodney King, and have helped to prove that we CAN just all get along.

And I am impressed by your other examples of outreach. Perhaps similar changes will happen at The Facebook Inc, which currently seems to put a damper on sexy talk?

I was so impressed by your outreach that I checked The Facebook Inc yourself for, but strangely enough I wasn't able to find you.

Then it hit me.

You had clearly communicated that you were on "The Facebook Inc," not "Facebook Inc," which is a different company (and happens to host a very popular social networking platform).

Since I don't have an account on The Facebook Inc, you obviously must have me confused with someone else.

Thursday, January 4, 2018

Sears. Titanic.

So this happened (PDF):

Sears Holdings continues its strategic assessment of the productivity of our Kmart and Sears store base and will continue to right size our store footprint in number and size. In the process, as previously announced we will continue to close some unprofitable stores as we transform our business model so that our physical store footprint and our digital capabilities match the needs and preferences of our members. The company on Thursday, January 4 informed associates at 64 Kmart stores and 39 Sears stores that we will be closing these stores between early March and early April 2018.

Eligible associates impacted by these store closures will receive severance and will have the opportunity to apply for open positions at area Kmart or Sears stores. Customers can use the store locator function on our web sites to find the location of their nearest Kmart and Sears stores. Liquidation sales will begin as early as January 12 at these closing stores.


Ah, where to begin.

How about the fact that in 2018, companies are still using the euphemism "right size"?

Oh, and this little statement "we will continue to close some unprofitable stores as we transform our business model so that our physical store footprint and our digital capabilities match the needs and preferences of our members"? As I noted in an Empoprise-IE post on the local impact in Ontario, California:

I'm beginning to suspect that the members' preferences for Sears' physical store footprint is around zero.

Back in 2016, I visited one of the stores whose closure was just announced. While taking care to note that my observations were clearly anecdotal and not necessarily reflective of the entire Kmart chain, I did share some observations (and some pictures).

I approached the Kmart on East Fourth Street in Ontario a little after noon. The employees were nice enough, and the problems that one employee was having with a store computer may not necessarily mean anything. But after a few minutes of walking around this particular store, something struck me.


If I were to walk into a Costco or a Walmart on Sunday at noon, I would usually be fighting mobs of people. And while there were people in some sections of the Kmart, other sections were oddly empty and quiet. I was told later that traffic usually picked up in the afternoon, but it still seemed strange to be in a major store on a weekend afternoon and to see empty aisles in some places.

More here.