Michael Jay Lissner

Enabling Two-Factor Authentication

2013-02-02T14:27:15-08:00

This post is as much Public Service Announcement as anything else. I didn’t realize that two-factor authentication had finally taken off. It’s practically vital for your email account (you’re asking for trouble without it), but in the past year or so, a bunch of other services have begun offering it.

Today I went on a little security binge, and found that I could turn on two-factor authentication at:

Google/Gmail
Yahoo
Dropbox
Charles Schwab (they send you a fob for free)
Facebook
Paypal
Amazon Web Services

One note about Charles Schwab is that getting their fob is great, but it’s hardly all you should do to secure your account. You should also set up what they call a “verbal password” that you have to provide whenever you call in. Without it, it’s pretty easy to get into an account via their surprisingly weak phone security.

Anyway, this is a pretty good list so far. The companies are using a handful of different techniques for doing this, but they all seem pretty solid in the end. Google’s, naturally, seems to be one of the most robust, but I’m impressed there’s so much offered.

Go set these up!

Testing Deletion Speed of Online Photo Sites

2009-11-14T16:28:44-08:00

Updates

2014-08-22: While updating this blog to a new platform, I wound down these tests and put notes about each service’s final result. After nearly five years, some of these sites still haven’t taken down the image.
2010-03-08: Added an image at drop.io
2010-01-28: Added an image at Orkut.com
2010-01-28: At the FTC privacy round table today, Facebook’s director of public policy, Tim Sparapani, claimed that information deleted from Facebook cannot be retrieved even by Facebook staff, because it is almost instantly deleted. I informed him this was not true in the case of pictures, and he said he would look into it. Will update this post when/if I hear more.

Background and Threat Model

Imagine an embarrassing photo of you is placed online by one of your friends. You ask them to take it down, and they do. Now, imagine that your enemy had gotten a link to that photo, and had posted it to their blog. You’d hope that your friend taking the photo down would in fact delete the photo, but I’m sorry to say that isn’t always the case.

Inspired by Jacqui Cheng’s article, I decided to test some of the more popular online services for photo hosting to see what happens when you press the delete button on a photo from their site. On November 14^th, 2009, I uploaded and then deleted the following image of a black box with white text to Facebook, Flickr, Picasa, MySpace, Photobucket, Shutterfly, Twitpic and WalMart. A few months later, I also added drop.io and Orkut:

When you look below, if you can see the black box for a site, that means that it was not truly deleted and is still live. You can verify this by clicking on the image. This is checked each time this page is loaded, so the information is constantly verified. If the image has been deleted, you will see the date that it was deleted.

There are a number of reasons why photo services might be lazy about properly removing images from their site, but until they have proper deletion mechanisms, we should all think twice about what we upload.

If there’s a service that is not shown here that you’d like to see, please let me know. And now, without further ado, I present, the ongoing results of the test:

Facebook

Facebook properly deleted the photo from their server as of May 27, 2010.

Flickr

Flickr began showing the following message approximately an hour after the image was deleted.

Picasa

Picasa properly deleted the photo from their server as of at least November 15, 2009.

MySpace

At an unknown time, MySpace began showing this photo instead:

Photobucket

Photobucket properly deleted the photo from their server as of at least November 14, 2009.

Shutterfly

As of 2014-08-22, Shutterfly still shows the original image on their server.

Twitpic

Twitpic properly deleted the photo from their server as of at least November 14, 2009.

Walmart

As of 2014-08-22, Walmart still shows the original image on their server.

Google Orkut (added 2010-01-28)

Despite being nearly shut down completely, as of 2014-08-22, Orkut still shows the original image on their server.

Drop.io (added 08 March 2010)

Drop.io properly deleted the photo from their server as of 8 March 2010, the day it was added.

Log Your Friend Out of Gmail

2008-07-04T12:16:16-07:00

I keep having this problem where I want to use somebody’s computer to check my gmail, but I know that if I go to mail.google.com, I will see their email. I was thinking about this last night, and I came up with two solutions. The first was to bookmark the gmail logout link into their browser or maybe del.icio.us so that I could visit it without having to go to their gmail, and the second solution was to post that link here.

So, if you know that you want to log out your friend from gmail without seeing their inbox, all you have to do is click here.

Marvelous RSS, Marvelous Google

2008-01-27T15:36:34-08:00

I’ve been working on the site a fair amount lately, and have added a couple of new features. The first one is a set of those ubiquitous bookmarking buttons for Technorati, del.icio.us, etc. that you should be seeing if you are reading this online. I’ve been trying to optimize this blog for a bit, and I figured I probably need these sooner or later.

The other thing I added today is the “Subscribe” block, which for the moment is listed on the left under the recent music. I did a little playing around in the heart of Drupal, and modified this block so that it has text links for RSS and for an email service I just discovered from Google.

Search Concept

2008-01-15T18:00:04-08:00

There’s this ongoing problem I’ve been having in that search engines do not have the ability to search the insides of password protected sites. It’s a little frustrating from time to time because so many sites have gads of information that search engines just can’t get to, which means that you have to rely on the site’s search engine, which invariably does not work very well.

So, here’s the concept. The search engine creates an opt-in program wherein websites (like banks for example) can give the engine a generic login and password, and then the search engine can get in, crawl the site, make an index, and then get out. Later, when you search for content, you can search for that information, if you desire, but to see it, you’ll need to log in.

Similarly, if you are a person who uses the secure site, you can give the search engine the ability to log in as you, and then crawl the site for your information. Thus, if you gave the search engine the login to your bank, you could later search for all your transactions at Cha Cha’s restaurant….or whatever. Actually, this might be a privacy concern…but it’s a thought.

The Prettiest Ratio and Google

2007-11-30T16:43:36-08:00

In case you haven’t heard about this before, the Golden Ratio is the concept of how to define the most aesthetically pleasing ratio between two lengths, and can be found pretty much everywhere dating back all the way to the Egyptian Pyramids of Giza. Examples abound in the world around us. Books, tables, laptops, screen sizes. Essentially anything that looks like a well-proportioned rectangle probably fits pretty closely into the Golden Ratio.

You can kind of see what I mean by looking at the picture of the Parthenon at right that I found on Wikipedia. The idea is this: The length of the smaller of two distances should be related in the same way to the longer of two distances as the longer of two distances is related to the sum of the shorter plus the longer distance.

If that’s too confusing, perhaps this will help:

Still confused? How about this: The Golden Ratio is 1.61803399.

I went online a few days ago to figure out how to dimension an applet that I was making, and discovered yet another cool Google tool. Googling for “400 * golden ratio” yields the search result of 647. Very cool.