Scott Hanselman

The Privacy Chain - Your Site's Privacy Policy as the 3rd Party services pile up

March 23, '12 Comments [7] Posted in Musings
Sponsored By

There are so many really innovative products online right now. A good friend was showing me amazing product called Intercom that lets you see who of your users are online, their social profiles, even direct message/chat them live on your site.

You just add this JavaScript to your site. Here's the snippet from their home page:

<script id="IntercomSettingsScriptTag">
var intercomSettings = {
app_id: 'tx2p1ufd7g30c',
email: 'john@example.com',
created_at: 1234567890
};
</script>
<script>
(function() {
function async_load() { var s = document.createElement('script'); s.type = 'text/javascript'; s.async = true; s.src = 'https://api.intercom.io/api/js/library.js'; var x = document.getElementsByTagName('script')[0]; x.parentNode.insertBefore(s, x); }
if (window.attachEvent) {
window.attachEvent('onload', async_load);
} else {
window.addEventListener('load', async_load, false);
}
})();
</script>

My buddy was thrilled and thought this was an amazing product. It totally is. With modern browsers and modern JavaScript we can more quickly integrate applications like Intercom, Google Analytics, UserVoice, JanRain and a thousand others into our websites. It's a LEGO web, indeed. Just add some JavaScript like above and you're off.

However, after looking at this for about 5 minutes, I rained on my friends parade.

"Hey, is that the user's email address there?

"Yes! The 3rd party needs that so they can populate their dashboard and keep track of who's who."

"Ah, OK, but you're sending that email to them, right?"

"Yep."

"And they're storing that, right?"

"Yep."

"So, what's their privacy policy and how will it be added into yours? There's a chain of privacy policies that needs to happen here. What 3rd parties does this company use? And theirs?"

"You're totally raining on my parade. But you're right."

We emailed the folks at Intercom and they knew immediately what we were talking about and answered exactly as they should. Here's their email:

Sure thing, firstly our official terms & privacy policy are here:

http://docs.intercom.io/#PrivacyAndTerms

The short summary is...

1. You own your data, when you kill your account we don't keep it. We never sell it. We never contact your users. We will never do anything with your data that we wouldn't be proud to tell the world about.

2. We have a feature where we use a 3rd party service called FullContact, to augment your data, for example find an twitter/linkedin/facebook/github account that matches an email address. This can give you extra insight into the types of users  you have. You can easily disable this in your app settings.

Regarding updating your privacy policy, you obviously should note that you send data to Intercom for the purposes of providing support and extended communication with your customers. You might already have this covered under other areas (for example if you use helpdesk software, certain analytics packages, etc then you're already doing precisely this)

Ultimately you should check with your lawyer who created your privacy policy to ensure that using Intercom doesn't violate your existing privacy and find out precisely what changes are necessary.

Exactly. Knowing is half the battle. Are you using a number of 3rd party services? Are you integrating "on the glass" with JavaScript? Step 0 is making sure your Privacy Policy reflects the chain of Privacy Policies for all the products you use.


Sponsor: Again, I want to thank my friends DevExpress for sponsoring this week's feed. There is no better time to discover DevExpress. Visual Studio 11 beta is here and DevExpress tools are ready! Experience next generation tools, today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Technical Analysis: The Abercrombie and Fitch Brown Pants Fiasco, "Splogs," and you

March 22, '12 Comments [25] Posted in Blogging
Sponsored By

Offensive Abercrombie and Fitch Pants on a Chinese Knockoff SiteWARNING - This post will ultimately lead you to sites using offensive racial terms.

My Twitter friend Wesley pointed me this apparent Abercrombie and Fitch website advertising a pair of N***** Brown Pants. Here's a screenshot if that link dies. After the shock and frustration wears off, you ask yourself "How could this happen?" This link is spreading all over Twitter and the social web right now, and I'm sure that the Abercrombie PR machine will jump on it when their Twitter person wakes up.

Let me walk you through a few things.

  • First, what a technical-type person does (or should do) in this situation.
  • Second, why the internet is WAY WAY more screwed up than you ever thought
  • Third, why no one should really be buying anything on the web.

The Technical Details

While it's possible that an idiot at Abercombie entered the N-word text, my eye immediately went to the domain:

abercrombie-and-fitchoutlet.com

Note the dashes and the "and?" No internationally-known and copyrighted brand would have such a lousy domain. I'd expect Abercrombie.com, full stop. In fact, it is.

I loaded up Domain Tools to see who owns this obvious knockoff. Like actual physical knockoffs of pants, there's no good way to tell what's real and what's not. I hit: http://whois.domaintools.com/abercrombie-and-fitchoutlet.com

Registrant Contact:
   su ye
   ye su 
   +86.095156230147 fax: +86.095156230147
   NO.217 North Street, Yinchuan Qinghe
   yinchuanshi ningxia 750000
   CN

The domain is registered in China. OK, this is NOT Abercrombie's site. It can also be confirmed by the poor English on the site's about page as well as the throwaway reference to Chinese piracy:

A&F is the favorite brand of American college students, a lovely deer printed on the front of the youth fashion. Its fashion and personalized style always the certain reason some youngsters follow. Nowadays, Abercrombie and Fitch piracy in China has spread to unimaginable proportions. Soft cotton is comfortable in the apparel.

OK, so how much of a problem is this and these pants? The combination of the N-word along with a unique brand-name like Abercrombie makes for a good hash. That means these words together, especially if you add "pants," makes for a search term that is unlikely to happen in the wild.

It's worse than you think

If we then Google for the four words together (forgive me) you can see hundreds if not thousands of fake domains. For Example:

  • newabercrombies.com
  • abercrombieandfitchoutletsale.com
  • abercromibesaleonlione.com
  • marvelousabercombie.com
  • afsonlinesale.com
  • cheapabercrombiestore.com

You get the idea. There are at least hundreds. All with the same pants, all registered in China. I can't imagine, sadly, that there's ANYTHING that Abercrombie could do about this except try to get the domains shut down - one by one.

How could your Mom possibly know this?

These are automatically generated sites, like "splogs." Splogs are spam blogs. They aren't real stores, there aren't real people behind them. They are almost like computer viruses, except they make stores. In this case, it appears that someone in China at some point designed a system that could churn out fake stores from a single database. That's why these pants keep appearing on hundreds of other sites.

Imagine if you just wanted a regular pair of pants and didn't see this pair? How could you possibly tell if this the site you want? There's no good way. Here's what you CAN do.

  1. Make sure the URL starts with https:// when you are checking out.
  2. Click the lock in your URL and see if the company name looks legit. Sadly, these can be faked also, but it's a start. HTTPS (SSL) doesn't mean "I can trust this site," it means "this conversation is private." You still might be having a private conversation with Satan.
    Check the lock
  3. Even better, if your Address Bar is green, click on it! This is a special "high trust" certificate that says you are really talking to who you think you are. This screenshot means "I am having a private conversation with a company that is KNOWN to be Twitter." Banks and big companies often use these special certs.
    Green Address Bar is good

Ultimately, you, me, Mom and the Web need to develop a better "Internet Sense of Smell." The bad guys want our credit card numbers and will do everything they can to get them, even make ten-thousand fake Abercrombie and Fitch sites.

UPDATE: Thanks for the comments! If you (or Mom) had the Web of Trust installed, this is what you would have seen when visiting an evil site like this. I'm installing this free tool on Mom's machine today.

web of trust

Good luck out there. It's a messed up web.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Why You Should Never Argue in 140 Characters or Less - Geeklist

March 22, '12 Comments [39] Posted in Blogging | Musings
Sponsored By

There is a fascinating "storify" (a list of tweets with commentary that make up a story of what happened on Twitter) by Charles Arthur about an uncomfortable back and forth on Twitter between Shanley Kane, an engineer at Basho, and Christian Sanz and Reuben Katz, the founders of Geekli.st.

UPDATE: Here is a link to Geekli.st's apology.

The nutshell is that Shanley came upon this ridiculous video (photos here) of a girl in her underwear dancing around with a Geeklist T-Shirt. According to the Geeklist site, it is an "achievement-based social portfolio builder" for developers. Programming is an intellectual pursuit and any kind of "-ism" is totally inappropriate. In this case, immature sexism is a huge turn off. It's been a week of sexism in technology on the Internets.

But this post is less about that, as we can all agree that girls dancing in their underwear is a poor way to promote programming. I want to talk about Twitter, your Customers, your Brand, and Bile.

Shanley tweeted to the founders of Geeklist a totally reasonable question.

At this point, Geeklist should have recognized what Shanley was really saying. This was a chance for them to re-notice the video in context and be reminded it should probably not exist. Instead, they replied with a non-answer answer with no recognition of the underlying question.

OK, a little dense, but here's where it goes south. Shanley, who is clearly and rightfully upset, asks that they take it down but she drops an F-bomb. Fine, she's pissed, not the point.

Boom. Stop there. You've got a customer who is upset, rightfully so, about an -ism, also a hot button. She's reaching out to you to validate her frustration AND most importantly handle your business. Every time a person reaches out to you on Twitter, it's a chance for you to put your best foot forward. This is the first impression. Get it right. You have only 140 characters.

At this point there's no turning back. It doesn't matter at this point that the video in question was made by a friend of Geeklist. It doesn't matter that Geeklist is/was a good product. What matters is that the founders were thoughtless in their response on Twitter.

Twitter is not chat, it's not IRC. And even it it was, the thing that I see companies forget over and over and over again is this. Companies need to know: You're on the Internet. Things that you say here matter and will be archived forever and repeated.

Shanley then nails it with this tweet:

This is Geeklist's last opportunity to fix this. They should watch their tone, fall on their swords and handle their business. Surprisingly (or not) they go on for two dozen more tweets. It's really hard to read. Good on Shanley for not backing down. Note Charles Arthur's commentary:

[Shanley] Kane complained about a video. [Geeklist's Christian] Sanz took offence because of how he was addressed, rather than treating it as a legitimate complaint about content. Now both he and his co-founder are subtly signaling that they will make life difficult for her and her company

Stop here. Note. You will never win an argument on Twitter. You think arguments on the Internet are hard? Counting the characters until someone invokes Hitler? Pardon me while I quote myself, via Twitter.

Acknowledge your mistakes, be kind, stay positive, respond with respect and thoughtfulness. You are in public  and you are teaching people how to treat you. You likely cannot win an argument on online, and you can never win one on Twitter.

This story is a great example about how not to manage your brand on Twitter. Of course, in this case they were also totally wrong, but trying to argue their point in 140 characters just dug the hole deeper.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Extending the Visual Studio 11 Web Browser Chooser and Browse With Menu to include Developer Profiles

March 21, '12 Comments [18] Posted in ASP.NET | ASP.NET MVC
Sponsored By

I talked about some new features that have snuck made their way into the free version of Visual Studio for Web. One of the more useful ones is the Browser Chooser that allows you to quickly launch debug sessions with different browsers from within VS. I've actually been pushing on this for about 18 months, and even blogged about it in August of 2010 in "how to change the default browser in Visual Studio programmatically with PowerShell and possibly poke yourself in the eye."

In Visual Studio 11 Beta you get a nice dropdown with all the browsers (plus the new Page Inspector).

Browser Switcher built into the toolbar

However, I got a good comment from blog reader Abhijit who said:

The browser is a welcome addition (though past versions of VS do something similar). I'd like to make one suggestion though.
I use multiple Firefox and Google Chrome profiles. One for regular browsing and another for web development/debugging.
For ex: To launch a profile named 'dev' in Firefox, you'd use
firefox -p dev --no-remote in the shortcut/command line
This ensures that I don't mess up my history/profile/cookies etc with my development activities. However, the feature you've described launches the browser with no command line parameters.
So, is there a way I can add/update/customize the parameters used to launch the different browsers? And if not, is too late to suggest this as a feature request for VS11?

This is a not only a great tip, but a very useful bug/feature request. The tip is to use different profiles for when developing so you aren't accidentally combining your history and cookies for development with your personal stuff.

The feature is interesting because he wants to know how to customize the Browser Chooser. Digging into it, it turns out that it's totally possible but totally not discoverable. That means there's an opportunity to make this feature WAY WAY more useful.

First, here's the way to change it today on the Beta. Then I'll suggest a possible change to the feature to make it easier.

That list is initially auto-populated with the browsers we find on your system. You can add to the list with the "Browse With..." menu that you get when you right click on an .ASPX file in Visual Studio. Ah! But there's where the trouble starts. You can currently only see that menu when you right click on an ASPX page. This is great for Web Forms folks, but if you don't have an .ASPX file in your project then you're out of luck.

So, for now, add an ASPX file (you can delete it later) and right click:

Browse With is only visible when right-clicking on an ASPX file

That brings you to the list of browsers in the Browse With dialog:

All your browsers listed in the Browse With dialog

At this point you can add your dev profile browser. (It would be nice if you could edit also, but you can't today.) Here I'm adding Firefox with a "dev" profile. Note that I'm naming it differently from existing browsers.

Adding a Firefox Dev Profile with "firefox.exe -p dev"

Here's my updated Browse With using the new Firefox dev profile. You could do with this Chrome also if you like.

Browse With showing my new Firefox Dev Profile

Now my browser chooser menu in the toolbar is updated with the my new browser. You can put whatever you like in that menu.

Menu in VS dropped down showing my new Firefox Dev Profile

Ok that's today with the Visual Studio 11 Beta. Here's a Paint.NET proposal of what I'd like to see. It'd be nice for the "Browse With..." to appear inline in the drop down menu. Having in the Right Click menu is too confusing.

MOCKUP - Browse With Proposal with added menu - photoshop

This is just a Paint.NET but you get the idea. Thoughts?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Features NO ONE NOTICED in Visual Studio 11 Express Beta for Web

March 20, '12 Comments [57] Posted in ASP.NET | ASP.NET MVC
Sponsored By

There's a bunch of new stuff in Visual Studio 11 Express for Web that I suspect not everyone noticed. Remember that Express is our free version of Visual Studio. Sometimes I hear folks complain that Express isn't advanced enough, even though its free.

Unit Testing is Built-into Visual Studio Express

For example, no one noticed that Unit Testing is in Express. You can add a Unit Test to an existing Web Solution. I'll add a Unit Test Project, the right click on References and add a reference to System.Web.Mvc to my ASP.NET MVC Application.

Note the new Add Reference dialog? It's got a search box, it's multi-threaded, and I can add multiple references by checkbox. That's new stuff, friends. Subtle, but it is one of those "death by a thousand tiny cuts" things that the team is trying to fix.

Reference Manager

I can setup a bunch of tests for my ASP.NET MVC application and run them by right clicking "Run Tests."

Unit Test Explorer in Express

Browser Chooser/Launcher in the Toolbar

When you hit F5 or Ctrl-F5 to check out or debug your website you often want to try it in different browsers. You can easily switch between browsers now, directly:

Browser Switcher built into the toolbar

Image Thumbnails on Hover in the Solution Explorer

If you hover over an image in the Solution Explorer you'll see a preview thumbnail of that image.

Hover preview

CSS Color Picker built-in

Not only does the new CSS editor support lots of snippets like @media as well as outlining and vendor-specific prefixes, it also has a lovely color picture that is smart about your color scheme. Hint: select a color in a CSS file and press Ctrl-J.

CSS Color Picker

Quick Launch

You know how you're always going Tools | Options | Text Editor | Languages | JavaScript | References, blah blah blah? Now just press Ctrl-Q and type "references" (or whatever), and go right to it. Don't remember how to get there, just go there.

Quick Launch

Smarter JavaScript references

If you do make it into the JavaScript references dialog, check out the relative references.js file. You can put in your global-scoped JS files with documentation and get nice JavaScript intellisense WITH documentation...

JavaScript References

...that looks like this. That's lovely jQuery documentation, as you type.

Great JavaScript Intellisense

Page Inspector

Sometimes when you get partial views inside master pages with editor templates and other nested things in a large application it can be hard to figure out the answer to something simple like "what line of code made THAT line of HTML?" There's a new feature built into Visual Studio Express for Web called "Page Inspector."

It's hard to explain, so here's an animation. You hover over an item in the browser and it shows you what line of code make that HTML. You can also do live CSS editing.

Round Tripping

You know how you never want to install a new version of Visual Studio because you're afraid it will upgrade your existing project files and mess up the whole team? Round Tripping works now between Visual Studio 2010 SP1 and Visual Studio 11. Here's the same .NET 4 application opened in the VS11Beta and in VS2010SP1. Oh, and by the way, don't sweat the color thing, I'm confident it will turn out OK.

VS2010 and Dev11 living together and no one is freaking out

Note the dropdown in VS11 Beta. I can develop any .NET app from .NET 2 (!) and up with the one IDE. I'm using the beta as my main IDE currently.

IIS Express

IIS Express is now the default website host inside of the older "ASP.NET Development Server." That means you can test on a real IIS without being Admin. It runs when you run your app, then it goes away. Things that works in IIS Express should work the same way in IIS because it's the same core web server. As my friend Damian showed me, I can even test under SSL with just a doubleclick:

SSL Enabled = True

The Big Secret Thing No One Noticed

I'm surprised no one has figured this one out yet, but I'll post on it a little more as I start to share more of the "One ASP.NET" plan. Check out Tools | Extensions. See those template packages? ASP.NET templates (those are the File | New things) are actually extensions...VSIXs, in fact. We can update them as we like now. ASP.NET can do interesting and innovative things (and NuGet plays a part in this) without waiting for a new version of Visual Studio. Starting to see why that'd be useful?

ASP.NET Templates are extensions now

That's just the stuff I can think of off the top of my head. Point is, better free tools and more open source continues to be the goal with our team. There's lots more details and videos up at http://www.asp.net/vnext. You can get Visual Studio 11 Express for Web here. Let me know if you find any good bugs and I'll get them straight to the team, or better yet, put feedback on our UserVoice site.

Related Links


Sponsor: My thanks to DevExpress for sponsoring this week's feed. There is no better time to discover DevExpress. Visual Studio 11 beta is here and DevExpress tools are ready! Experience next generation tools, today.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.