Let’s Try To Be Nice To Everyone, Not Just The Cleaners

Chris Guillebeau, author of The Art of Non-Conformity (Amazon, Book Depository), published a post last week worth reading titled Be Nice to the Cleaners. While interviewing entrepreneurs for his next book, someone gave the advice “be sure you are nice to the cleaners”.

SoapPerhaps he/she was meaning that you shouldn’t give people who have access to sensitive information reason to abuse it, but digging deeper, maybe the message is: treat everyone with respect no matter their position, your mood or how they treat you.

Chris says “you can learn a lot about someone by watching how they treat the people in supportive roles around them”, which reminded me of this. One of the Kardashians’ boyfriends gets a new assistant and ends up berating him in front of the crew for a photo shoot. Apart from generally just being a dicky thing to do, it’s unlikely to impress anyone he planned to continue a professional relationship with. The assistant quits and calls him an “egotistical pompous asshole”.

A handful of recruiters commented on the post saying that they often check with reception and admin staff and base hiring decisions on the candidate’s treatment of them. In one case the boss was actually sitting behind the reception desk. The guy got the job because he was the only one who actually treated the “receptionist” well.

This is another reason to take better care of ourselves.

When you’re at your worst, tired, stressed and worn out… that’s when people find out who you really are, that’s what people will judge you on. That’s when you have a chance to really show who you are. Do you take it out on someone else? Or do you dig deeper and show compassion anyway?

I tweeted yesterday about an email I sent to multiple recipients, of which a few took offense to the wording of, which wasn’t intended. Flipping the above quote around, I can’t change how I worded the email, or change how it was interpreted, but I can choose how to reply to their reaction.

The Do Not Call List could be a good idea if calls from telemarketers are annoying.

Let’s try to be nice to everyone, not just the cleaners.

Image credit: B.G. – Oodwin

A Bad Diagram

Anyone who has driven on New Zealand’s roads knows that there’s a lot of drivers who don’t seem to know the rules surrounding indicators in roundabouts.

Know your way around roundabouts

This is from a NZTA brochure called Know your way around roundabouts from 2005. Well intentioned as it is in trying to simplify the roundabout rules, the diagram seems to suggest that in the middle of the roundabout, when going around the roundabout, drivers can just stop indicating. If someone actually followed this advice, a car waiting at the opposite side of the intersection might think that this car was going straight (which is when you don’t indicate on entry and indicate left on exit) and pull out in front of it. When turning “right”, like in the picture, the driver should really be indicating right until the picture shows to indicate left.

Drivers who don’t know the actual rules probably think they’re doing it right. It wouldn’t hurt to look at the clarity of material released by NZTA.

The Life of a Spam Email

Cans of spamA group of researchers have published a very interesting paper: Click Trajectories: End-to-End Analysis of the Spam Value Chain (pdf). Using three months of spam data and by purchasing over 100 products advertised by spam emails, the researchers followed the life of a spam email and investigated where the money from purchases actually goes. They found that the people behind 95% of spam-advertised pharmaceutical, replica and software products are using just a handful of banks for their merchant services. Anti-spam efforts focus on the delivery aspect of spam, but there is potential for the quantity of spam to be significantly reduced if the banks the spammers are using are targeted.

Purchasing from spam emails

The researchers collected spam-advertised URLs and data about the hosting infrastructure and DNS of the spammed websites. They grouped the sites by content structure, category of goods and affiliate program and/or storefront brand. The most popular goods advertised in spam: pharmaceuticals, replicas and software were focused on. Pornography and gambling weren’t focused on for “institutional and procedural reasons”.

Purchases were made from each major affiliate program or store “brand” and they tried to order the same types of products from each site to try to gain insights into the differences or similarities in product suppliers that are used. A specialty issuer of prepaid Visa cards teamed up with them and let them use a different card and obtain the authorization and settlement records for each transaction. For legal reasons pharmaceutical purchases were limited to non-prescription goods like herbal and over-the-counter products. Software purchases were limited to products which the researchers already possessed a license for.

120 purchases were made, 76 of which were authorized and 56 of which were actually settled, though half of those failed orders were from one affiliate program which researchers attribute to the large order volume raising fraud concerns.

The honest spammers

A finding I found interesting from the paper is that the likelihood is quite high that you’re not going to be ripped off when ordering through spam emails.

Out of the 56 “successful” orders, 49 of the products were delivered and received. Only seven of the products weren’t delivered. Out of those seven: four sites either sent packages or said they’d send packages after the mailbox lease had ended, one said that the money had been refunded (however the refund hadn’t been processed three months later). Only two “lost” orders received no follow-up email.

The researchers explained the reasoning behind actually fulfilling orders would be so the site would get any potential repeat orders and because their relationship with payment providers could be jeopardized if chargebacks were made by customers who didn’t receive items.

Update: One of the researchers, Stefan Savage, confirmed to me that none of the Visa cards used on the spammed sites were subsequently used fraudulently. It also looks like the pharmaceutical products were legitimate. He says “we only ordered a small subset of goods so any results aren’t representative.  However, we did some limited mass spec testing of a few pills against reference samples and the active ingredient was found to be the same and in a similar proportion — note we only tested for the active ingredient and didn’t look at things like binders, contaminants, etc.” Software was pirated, but malware free.

Research done by F-Secure supports this: almost all of their goods ordered from spam emails were delivered, none of the credit cards they used for orders were “stolen” and email addresses used to order the goods didn’t receive an increase in spam.

New Zealand’s fulfillment role

By volume, most herbal products shipped from the United States, but China and New Zealand were also in the mix.

Spam Shippers

A Christchurch based company turned up in results—Etech Media Ltd. Ironically, this: Etech Email is the email address listed in their whois record.

Perhaps unsurprisingly, the company in question and its owner aren’t new to the spam game. Sole shareholder and director, Shane Atkinson was fined $100,000 in 2009 for sending spam under the name ‘Herbal King’. His occupation listed in the 2005 electoral roll was “pro spammer”. The Herald “understands” that Etech Media’s office was one of the addresses searched in spam raids in 2007. In 2003, Shane admitted to sending up to 100 million spam messages a day, that spamming allowed him to have a nice car and house and said he “had no qualms about it”. “In a later interview, Atkinson said he had given up spamming.”

Perhaps not entirely?

I’ve emailed Etech Media to see if they’d like to comment.

The spam bottleneck

The researchers tried to identify bottlenecks in the spam value chain—stages where few alternative options are available and ideally where switching costs for spammers are high. Which intervention would have the most impact?

For the 76 authorized transactions, there were only 13 banks acting as “acquirers”. Herbal and replica purchases generally cleared through St. Kitts & Nevis Anguilla National Bank. Most pharmaceuticals through Azerigazbank in Azerbaijan and DnB Nord (Pirma) in Latvia. And most software purchases through Latvia Savings in Latvia and B&N in Russia.

Spam BanksThe researchers say that the banking/payment component of the spam value chain is the most critical. Payment infrastructure has “far fewer alternatives and far higher switching cost”.

  • Only three banks provided payment services for over 95% of the spam-advertised goods in the study:

    Spam Bank Stats

  • There are only two main payment networks in Western countries—Visa and MasterCard.
  • The replacement cost of a bank is high in setup fees, time and overhead. Acquiring a merchant account requires a lot of coordination and time. Banks used by the major affiliate programs were either still the same four months later or had changed to another one in the set identified above (only one new bank appeared four months later—Bank Standard in Azerbaijan).

Perhaps a solution is for banks that issue credit cards in Western countries to refuse to settle certain transactions with banks that support spammed goods with specific Merchant Category Codes when the card is not present. All software purchases were coded as Computer Software Stores and 85% of all pharmacy purchases were coded as Drug Stores and Pharmacies. There were some exceptions however “generally speaking, category coding is correct”. “A key reason for this may be the substantial fines imposed by Visa on acquirers when miscoded merchant accounts are discovered ‘laundering’ high-risk goods.” Similar policy has been implemented with MasterCard and Visa not allowing US-based customers to transact with online casinos.

The paper concludes: “the payment tier is by far the most concentrated and valuable asset in the spam ecosystem, and one for which there may be a truly effective intervention through public policy action in Western countries.” However spam is probably profitable for banks and payment processors too, so they might be hesitant to do anything about it.

How much spam do you receive at the moment and how much makes it to your inbox? Do you know anyone who has bought something through a spam email?

Image credit: freezelight

Freedom Camping Bill

Camping, tent with mountainsThe Freedom Camping Bill passed its first reading earlier this month and is now at the select committee stage.

It sets out to fine people who camp outside specific areas or incorrectly dispose of waste and will try to improve information available to freedom campers with consistent signage and a website.

Obviously people who are incorrectly disposing of waste should be able to be fined. However banning freedom camping ruins a good thing because of a small minority. Green Party MP Kevin Hague says that’s there’s little evidence about the size of the problem and he suspects it’s relatively small.

If people dispose of waste correctly, are they causing that much harm by camping outside of camp grounds?

Kevin Hague said the smart approach was to create more places with toilets and rubbish facilities. “While there are some ratbags who don’t care, for the most part these people who rent these campervans would look after our environment if they could.”

Do you think freedom camping is a big issue? If someone leaves only footprints are they doing anything wrong?

Image credit: me

Whoops

Labour leak index

Labour accidentally left a server open for anyone to have a look around, and people looked. Using a website that checks what other sites are hosted on a specific web server, Cameron Slater (Whale Oil) says he found that Labour’s healthyhomeshealthykiwis.org.nz was hosted on the same server as lets-not.co.nz. Healthyhomeshealthykiwis.org.nz turned out to list the files and directories on the server. Drilling down, Cameron found that backups were on the server which contained records of donations and email addresses from Labour’s mailing lists. He explains further in a video on this post.

Stealing?

Comparisons to someone stealing something from an unlocked house (or in one comment I read, looting quaked houses in Christchurch) seem misguided. This is more like someone from Labour standing on the street and accidentally including email addresses and donation information in handouts.

Release of personal information

Cameron was going to, but now has said he won’t release the personal information of individuals obtained from the server, a decision which I support as there is no public interest in identifying the Average Joe donator or mailing list subscriber.

Labour leak site indexNational’s involvement

John Pagani (former senior adviser to Labour leader Phil Goff) was apparently given access to the logs (I’m not sure why it seemed like a good idea to Labour to further spread the access logs, complete with IP addresses) and says that the second IP address to access one of the backup files was 202.20.0.120 which resolves to mail.national.org.nz—a National party mail server. So if that’s true, National knew of the security hole in Labour’s website. In the perfect world, even though it’s not their job to, they would have informed Labour, but apparently chose not to. John continues that the logs prove that National tipped Cameron off about the gaping security hole as Cameron appears to be the next person to access this specific backup file. This is plausible, but isn’t proven by the logs. Neither of the above excuse the fact that the server should have been secure to begin with.

Credit card information

Labour says that “no credit card details were held on the site. All people whose privacy may have been compromised have been informed.”

Flo2Cash who handle Labour’s credit card payments say: “All donor credit card data is fully encrypted… the Flo2Cash system… is completely isolated from the Labour Party website… the recent Labour Party website breach has not resulted in any compromise of donor credit card data.”

Do you think National should have let Labour know about the security hole, or, if they did: tip Whale Oil off about it?

New Zealand Post’s Lifestyle Survey

New Zealand PostShop DevonportToday in the post we received New Zealand Post’s “lifestyle survey”, a controversial data collecting tool that’s recently been in the news because the information collected is used to market your address to other companies. The survey is sent to 800,000 households by post and 125,000 by email and asks 56 questions about various things, split into sections on your interests, vehicles, home, finances, shopping habits and travel. New Zealand Post sells names and addresses of respondents, “but not the information they provided in the survey”, for companies to use once. Information is also used to furnish New Zealand Post’s direct marketing tool named Genius which says it helps clients “gain deeper insights and understanding into your customers, particularly around wealth, life stage and lifestyle”.

2009 version

Reports ordered by the Privacy Commissioner concluded that the 2009 version breached privacy principles and violated marketing industry standards for not providing “adequate, non-misleading information about the survey’s (primary) nature and/or purpose” and asking respondents to answer questions about their partners”. Professor Malcolm Wright, head of communications, journalism and marketing at Massey University say that it shouldn’t be called a survey but “an opportunity to join a direct mail database”. Auckland University former marketing lecturer Linda Hollebeek says that a lot of people won’t be aware that New Zealand Post is shifting into a more commercial strategic direction including the compiling of databases for on-selling to marketers.

Wave around a chocolate bar (or $15k) to get what you want

Privacy Commissioner, Marie Shroff argues that people are often dazzled by competitions and giveaways and might foolishly give away personal information. I think this has been shown to be true by numerous research projects where people are happy to hand over their passwords for a chocolate bar, pen or for the chance to win a trip overseas. Close Up in conjunction with NetSafe offered a Moro bar up for grabs for anyone on Auckland’s Queen Street who was willing to answer a short survey, of which the first question was “what is your password?”. 59% of people gave their password (about half of people use the same password everywhere) and those conducting the survey said that the answers to other questions suggested the majority of passwords were legitimate. You can watch the full video here (apologies if it’s blocked in your country). The shorts for tonight’s episode of Fair Go (22nd June 2011) shows a man on the street asking people personal questions, which I’m guessing most people answered. If you’re interested in the New Zealand Post survey it will probably be interesting to watch.

New Zealand Post thinks they’re being clear

John Tulloch, New Zealand Post’s communication manager said the survey states numerous times that it’s optional and the information “could be used by other companies”. I call bullshit.

New Zealand Post Lifestyle Survey 2011 Cover

(I’ve uploaded the full version of the survey here (pdf).)

Spot where New Zealand Post states “numerous times” that the information could be used by other companies. Hint, about once.

The top paragraph states: “New Zealand Post wants to help you receive more relevant mail. We invite you to complete this voluntary survey and tell us about you and your household, so we can help tailor the messages that you receive. These messages will be from companies with products and services related to your interests” (emphasis is theirs).

I’m not counting this one because I don’t think this is clear that companies will actually be given your information. For example, Fly Buys forwards material on behalf of places you’ve shopped at, but the shops never see your personal information. Nor am I counting the text at the bottom of the page: “in addition to receiving selected offers addressed to you through the mail…” as this doesn’t state at all that those offers won’t be from New Zealand Post.

The one time I’m counting (and only other time in the whole form sharing of information is mentioned) is the fourth small print bullet point under “Here’s how it all works” which states:

Privacy: If you participate in The New Zealand Lifestyle Survey, your name, address and other information you supply (including your email and telephone numbers if you tick the boxes below), may be provided to companies and other organizations from New Zealand and overseas to enable them to provide you and/or your household with information about products and services relevant to your responses to this survey. New Zealand Post may also use that information for the same purpose.

Sure I’ll give them that they’ve made it clear that the survey is voluntary (mentioned about four times on the front page). But they only say that information may be provided to other companies, even though that’s the primary purpose of the survey. There is no mention of the information being sold in the whole form.

Blinded

So it’s still true that you need better eyesight to find out that your information is going to be shared than to learn of the cash, television sets and travel packages on offer for participants (if you happened to not be blinded by them, they’re shown in the massive images that take up a third of the first page).

Engaging in direct marketing services is part of New Zealand Post’s job according to the State Enterprises Act. Maybe we need a law change.

Would you fill out this survey? Do you care that New Zealand Post is selling names and addresses?

Image credit: Chatani

The 2011 Budget and KiwiSaver

Piggy bank savingsKiwiSaver will be affected by National 2011’s budget, but it will still be a worthwhile scheme for nearly everyone under 65 to be in.

  • The member tax credit from the Government (which doesn’t apply to under 18s) accruing from July 2011, is going to be cut in half from $1 per $1 matching to 50 cents to $1 matching. So to get the full match you’ll have to save about $20 a week ($1040/year) and will get a $10 match ($520/year) from the Government.
  • To balance this out, minimum contributions will be raised for employees and their employers to 3% from April 2013 (the other employee options will stay as 4% and 8%).
  • However the employer contribution will be taxed from April 2012 (the 2% minimum will end up being about 1.34-1.79% depending on your tax rate, the new 3% about 2.01-2.685%).

This will affect the un/self-employed because their tax credit will be reduced with no balancing employer contribution. Increased employer contributions will benefit people planning to buy a first home using their KiwiSaver savings as they’re unable to withdraw member tax credits anyway. A likely reduction in pay rises because of the increased employer contributions will affect KiwiSaver and non-KiwiSaver employees.

Standard and Poor’s says that the changes “could push New Zealand further into debt and would need to be part of an overall package to boost national savings.”

The $1000 Government kick-start, the up to $5000 first home deposit subsidy and the requirement of being in the scheme for at least a year before you’re able to go on a contributions holiday are staying.

The kick-start, tax credit and employer contributions are still free money.

Ramit Sethi has an excellent book called I Will Teach You To Be Rich which is available from Amazon and The Book Depository—who have free shipping to basically everywhere. He recommends young people invest about 10% of their income and take advantage of available employer/tax benefits. Eg. contributing the minimum into KiwiSaver, getting the employer match (and if necessary topping up contributions to $1040 to get the $1040/$520 government match, but set it up so it’s done automatically each pay period), then invest the rest of the 10% in a non-KiwiSaver scheme. The main benefit of a non-KiwiSaver scheme compared to KiwiSaver is laxer withdrawal rules—the withdrawal age is likely lower, plus if it’s employer based, employers may contribute a higher amount than in KiwiSaver)

I like SuperLife as a KiwiSaver fund provider because of, among other things, their AIMAge Steps fund which automatically re-balances asset allocation from assets like shares to assets like cash as you age. Mary Holm has a book called The Complete KiwiSaver which is from 2009 but will still be largely relevant to making decisions about things like funds and providers.

Are you in Kiwisaver and why or why not?

Image credit: Alan Cleaver