Archive | Dan Dreifort RSS feed for this section

CheapoDrugs.com Database Hacked?

29 Jan
cheapodrugs-blog

Not all companies care about privacy

Update: 7/1/2017
If you use CheapoDrugs.com, stop. If you put any faith in the CIPA, stop. Neither of these organizations seem to take cybersecurity seriously. I don’t consider them good stewards of your personal information. Neither organization will address evidence of a breach. …The CIPA at least gave me lip service for a while, before blowing me off.

Is CIPA legit? If CIPA doesn’t hold its members accountable, it’s worthless and you should ignore its recommendations and “certifications”.  Check out the Wikipedia entry for more evidence. Malarkey.

Original post follows

For almost 20 years, because I’m a big nerd, I’ve been using unique email addresses for every single website. e.g. the email address I give VictoriasSecret.com is different than the one I use to sign in to Fredericks.com.

When I start getting spam at an email address, I can quickly turn off that one address.

Problem solved. No more spam.

For those of you thinking, “That multi-address thing sounds like an ongoing hassle!” All addresses come into a single inbox. It’s easy. …It wasn’t necessarily easy to setup, but that was forever ago. Who even remembers that? 😉

Canary in an internet coal mine

Anyhow, if I start getting spam to an address, and its content is unrelated to the site/business where I used the address, something is amiss. If it’s a biz/site I don’t care about, I just kill that address. However, when it’s a biz I care about, I let them know. I’m a canary in a coal mine. But much larger, and figuratively in email databases instead of literally in a coal mine. I also lack feathers.

Most of the time these businesses are thankful when I have an opportunity to act as an email canary. They listen. I tell them, “I don’t know how it happened, but somebody got into your database. I don’t know what they didn’t get, (credit cards? social security number?) but I can tell you that they for sure have your email list.”

How did somebody get our database?

There are three likely routes:

  • One of your employees or contractors grabbed it and sold it or is using it themselves.
  • Somebody hacked into your system and stole it.
  • A computer/laptop with your db and/or email list got infected with malware, which then sent the list to its devious hacker makers.

There are other options, but those three methods account for the vast majority of email leak incidents.

Why oh why is he blogging about this?

Cheapodrugs.com. I used ’em. …And while I still sometimes use Canadian pharmacies for my sweet, sweet drugs, I haven’t used Cheapo Drugs in a few years.

How strange then, that a little over a week ago I started receiving emails to the address I only gave to Cheapo Drugs. Within these emails I’m encouraged to use a coupon code to save on drugs at safemedspills by clicking on a tinyurl.com link. Nope. Not. Clicking. That.

What’s worse, the email contained evidence that the spammers also have access to other Cheapo Drugs’ clients’ information. (Full name, address, etc.)

I emailed Cheapo Drugs and let them know what had happened and shared with them the three possibilities (see above). In their reply, Cheapo Drugs confirmed that, shocker, they had not sent me the spam emails. The only other substance in their missive was, “We guarantee our patients that we do not sell their information to any phishing websites.” …I never said that you sold your address list. Idiots.

I went back and forth with Cheapo Drugs customer support a few more times trying to help them understand, but was met with a stonewall of non-customer-service. I even called and talked to somebody. I’ll spare you the frustrating details and summarize: Cheapo Drugs does not take proof of a database leak seriously. What to do?

Reporting a pharmacy to CIPA

I contacted CIPA, the Canadian International Pharmacy Association. Let’s see if CIPA takes this more seriously than Cheapo Drugs. …It would be hard not to. I’ll report back.

Sidenote: Now that Gmail’s spam filtering is so on fleek, I’ve considered using my gmail address more, in lieu of the system above. However, doing so isn’t as secure as using a different address for every site. Especially if you use the same password for multiple websites. Natch, I use unique passwords for each site, too. hashtag: nerd.

I am white privilege

16 Jan

What is white privilege?

I was born in 1973. With a bachelor’s degree, I am the least educated person in my immediate family. My parents had a computer in the house before most people knew that personal computing was a thing.

pics-from-slider-201203 032

Our author’s great bangs

I was sent to “enrichment camp” five days a week the summers after third and fourth grade where I learned to code in three languages, how to write poetry, speak French, and other smartypants stuff.

When I was 11, my maternal grandparents, both immigrants, died and left my mom about $60,000. We moved to a new home in a better school district. The high school had a planetarium. I never finished my junior year of high school.

I got my GED and applied to and was accepted by two colleges.  In college, I met other geeky, white people and helped start an Internet service provider where I worked for ten years.

Now I work from home, staring at palm trees from my sit/stand desk, helping companies with esoteric niche digital marketing concerns.

I am white privilege.

2015 in review

31 Dec

2015 was dismal for dandreifort.com blogging. The report’s well done though! If you’re a fan of data visualization, you’ll like it! Enjoy, and happy new year.  -DD

 

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 5,000 times in 2015. If it were a NYC subway train, it would take about 4 trips to carry that many people.

Click here to see the complete report.

Reduce Facebook Ads the Supai, Arizona Way

13 Jul Soylent Facebook
Soylent Facebook

IT’S PEOPLE!!!

UPDATE:
I should note, days after this post, Facebook demanded I prove my identity. As my name is not Danakin Skyjacker, I was unable to satisfy their idiotic documentation criteria. They closed my account. I switched to one of my other fb accounts, with an even goofier name. The good news? Even less advertising. That fb profile has never had a hometown or a current city associated with it and it had “liked” almost nothing. Pure minimal-ad Facebook experience achieved. If you don’t want to open a new Facebook account, stick with the method below.

Original post follows:

I’ve been increasingly inundated with advertisements on Facebook, especially on their iOS app.

Cause 1: Facebook continually finds new ways to monetize its product. (You. You’re the product!) (Go on, click that link. It’s fun!)

Cause 2: Until today I’d told Facebook I lived in Honolulu, one of the most hip, expensive, and cosmopolitan cities in this hemisphere. (I don’t.)

Minimize Facebook Ads

So I changed my current city and hometown to Supai, Arizona, the most remote town in the United States. It’s not even accessible by car! Supai is the only place in the United States where mail is still carried out by mules.

RESULT: Fewer advertisements on fb. I am no longer ostensibly part of a cherished target demographic. (I never was.)

Sure, I might start seeing ads targeted to native Americans, and if Facebook advertising is on its game, I might even see ads related to sprucing up my imaginary new home in Supai. So far–worth it.

Concerned about your privacy? …Or just tired of ads?

Won’t you join me in Supai?

When not generously providing free table tennis lessons to hacks at the Triple Crown Pub, Dan Dreifort consults on SEO, user experience, and other aspects of digital marketing.

Help Lucy Get a Cat Stroller

9 Apr Give me a cat stroller!

Dearest Blog Reader,

Lucy’s a cat. …a boy cat. He can’t go outside anymore because–

Ah hell. I’m not going to spoil the whole story. Please give a buck or two to Lucy’s gofundme cat stroller campaign.

All extra dough goes to one or more great animal welfare organizations. (Sorry PETA, not looking at you.)

Thanks for giving!

-Dan

Give me a cat stroller!

Lucy back when he could still go outside 😦

Beware Donating to Collectibles with Causes

4 Nov

Keen readers will notice my last blog post discussed parting ways with my beloved comic book collection. I painstakingly entered each book first into a spreadsheet and then into an online database. If I’d carefully packaged and sold the lot, spread out into a hundred or so auctions, I probably could have received $5,000 or so.

Collectibles With Causes Legit? Unknown. Sketchy? Yes.

Collectibles with Causes, also known as With Causes, Works of Life International Ministries, and dozens of other names, is a charity that accepts collectibles, sells them, and then uses proceeds for good works, When I found them in August 2014, I did my research, like any good donator would. While I found nothing indicating proceeds would be used for hateful/exclusive causes, their EIN (26-0903224) appeared in neither the California nor the USA register of charities. I called the IRS and they confirmed that they had no record of their non-profit standing. Furthermore, none of the charity rating services have an entry for them. Not a deal-killer, but cause for concern.

The only third-party mention of With Causes/Works of Life I could find pertains to their Christmas 2011 gift of a house to a large family whose house had just burned down. Here’s an article/video. Works of Life is still milking it; one of their most recent (2014) Tumblr posts gives a shout-out to this same charitable effort.

Nonetheless, I was attracted to Collectibles With Causes. I really liked the idea of a win-win-win. I get a tax write-off for my comics and don’t need to spend dozens of hours selling them. The charity sells them and my beloved comic books find new, loving homes. Finally, people benefit from the good works/proceeds of the sale. Three wins–at least! But is it too good to be true?

Communication Problems

Collectibles with Causes might not want to reimburse your shipping expenses even when you follow their instructions.

Collectibles with Causes might not want to reimburse your shipping expenses–even if you follow their instructions.

I sent them the details of my donation on September 3, 2014 and received a canned response thanking me, providing shipping instructions, shipping reimbursement instructions, and other information. I asked for clarification on 9/7/14. On 9/9/14 I still hadn’t received a response so I pinged them again. Later in the day, no response forthcoming, I called them. Ginger finally checked the info@withcauses.org inbox and responded.

Five days later, on 9/16/14, I shipped eight boxes/about 280 pounds of comic books to:

Works of Life
ATTN: Collectibles with Causes
1175 Shaw Avenue #104-135
Clovis, California  93612

Their canned reply mentioned that, “The best method for shipping a volume of comics is USPS PARCEL POST or MEDIA MAIL …costing only approx $25.00 per long box and less than half of that for a short box.” Alas, you’re unable to ship anything with advertising via media mail. (Newsflash: comics have ads.) The plot sickens: USPS Standard Post (known as Parcel Post, until May 2007,) is much more expensive than $25/box. My shipping bill totaled $484.49. I sent them the original receipt as requested.

I notified them of the shipping cost and problems with media mail, and asked them how long it would take to get reimbursed the large shipping outlay. Amazingly, I got a reply the same day, 9/18/14, “Shipping is reimbursed once we receive your books and the shipping receipt. I will let you know once the books arrive.”

Tracking information let me know that the books arrived on 9/26/14. Ginger did NOT let me know. I sent an email on 9/29/14 asking if the books arrived. No response. I sent another email on 10/8/14 asking for an update on shipping reimbursement. No response. On 10/27/14, I emailed again. No response. (I should note that I called a couple of times in that month-long period too.) I then called on 10/28/14 and was told Ginger no longer worked there and that I’d receive a call back in a couple of days. That didn’t happen.

I called on 11/3/14, and they’re now apparently reluctant to reimburse shipping, because actual expenses don’t gel with the dream-world figures in their horribly out-of-date canned response. They asked me to scan and send another copy of the receipt. I did. Again, they said they’d get back to me. …24+ hours later, I’m not holding my breath.

Is Collectibles With Causes as Scam?

I’m not sure if Collectibles with Causes is a scam. …They might just suffer from personnel and communication problems.

If I don’t receive shipping reimbursement within a week I will contact the California Attorneys General, the BBB, the IRS, their local news media, and anybody else I can think of. I’ll pass along every bit of information I have about Works of Life and how they’ve (so far) reneged on the implied contract presented on their website, in their emails, and via phone. …I’m pretty sure that’s a crime. They are messing with the wrong dude.

I strongly urge you to find another charity for your donation. I will revise this review if they eventually make things right.

Update:

It’s 11/17/2014. After nearly two months staying on them, I have a shipping reimbursement check in hand. (They paid up!) Did this blog post have anything to do with it? I don’t know.

If you’re going to incur considerable postage expenses when you ship something to any With Causes charity, note that you might have to wait and/or fight for reimbursement. If I had to do it all over again, I’d donate to a local charity instead. Lesson learned.

Update:

2/16/2015:  Very unofficial response from alleged former Collectibles with Causes volunteer is in comments. While it’s entertaining, I smile more when I read my response to it. Enjoy.

Update:

1/30/2017:  Somebody claiming to be Cameron Arballo from Works of Life called both my wife’s and sister’s places of employment and left threatening messages saying that he knows where she lives. Conveniently, these conversations were recorded. I’m giving them to the police.

Dan Dreifort is a professional part-time complainer. (In lieu of donations, send his wife earplugs.) He consults on web optimization and usability for fun.

Pizza Poem

3 Apr pizza
pizza

Avalanche Pizza’s Pesto Chicken Pizza

A member of my stalwart Wednesday evening badminton crew introduced me to fifty cent slice night at a local pizzeria. It reminded me of a pizza poem I wrote circa 1998. I think it’s a metaphor, or something.

I ate a slice of it for lunch
I’d like to have some more
I can not get enough, you see
I am the pizza whore

To eat a slice is not a sin
To waste one is a crime
I think I ate too much today
I do it all the time

And if the oceans ceased to crash
And the sun did cease to rise
I’d sit back and gorge my huge fat ass
On a million pizza pies

Flying Mantra adapted parts of this ode into a song we affectionately called, “Serpentine”. Excerpt available here.

Looking for the best Hawaii digital marketing agency

8 Jul Hawaii Destination Marketing SEO and a Beach

I fired a Hawaii marketing agency a couple of months ago. I was not a client. I’d been providing usability and SEO services to their clients since 2007. (Does that mean I quit?) I grew online business for a few of their big-name clients and received decent money for it. Everybody at the agency was polite and skilled. So why did I fire them? Throughout the six-year engagement they paid several hundred invoices, but rarely on time. I fired them because they regularly forced me to act as an accountant and a collections agent.

Glutton For Digital Media Agency Punishment

Hawaii Destination Marketing SEO and a Beach

I heart Hawaii !

A few weeks later I was approached by another Hawaii digital marketing outfit. I’m not hungry for work now, but with so much SEO and usability experience in the Hawaii destination and hospitality verticals, part of me wants to put that knowledge to good use. So when this new agency reached out to me, I engaged.

I insist on signing a mutual non-disclosure agreement with all clients. The NDA serves to protect any private information and ostensibly allows us to discuss anything without worry of public eyes and ears. After a month of wasting my time, this new agency today tells me, “We can’t sign this.” I tried to identify and fix the perceived problem, but after receiving a couple more obtuse emails, I eventually jabbed, “I take my clients’ privacy very seriously. If [Agency] doesn’t respect that, we’re obviously not a good match.” I sent a friendly “goodbye” note to his partner.

I assure you I won’t be communicating with them again unless we agree about privacy.

What I’ve learned:

  • Fool me once, shame on, um… how does that go, George Bush? Fire clients more quickly if/when they’re late with payments.
  • Don’t invest too much speculative time with clients until they agree to protect privacy.
  • I’d again like to help a Hawaii company or agency with search engine optimization and user experience.
  • I *still* don’t like time-wasters.
Dan Dreifort‘s current clients include: Product recommendation SaaS company, Plastic container manufacturer/retailer, Adjustable air-mattress retailer/manufacturer, Memory foam mattress manufacturer/retailer, Specialty shipping company, Brazilian jiu jitsu franchises, Tourist magazine, Childcare franchises, Acting school, Real estate brokers, Lawyer, Fence manufacturer/retailer, Online drug rehab center and a couple more. Dan is busy and can’t accept new work until January, 2014.

A Post About Droste

6 Feb
pre-droste

Nice, but needs some cropping.

(In which our amateur blogger plays the role of self-aggrandizing art critic.)

Always bad web-form to refer to something that might soon change, but see that banner up there? It’s a Droste effect applied to a picture I took in NYC on September 21, 2001, just ten days after 911. My digital camera (a Fuji Finepix) served me well at the time, but its 640 x 480 output pales and pixelates next to even the cheapest digital cameras available today. Still, I really like that picture.

Not even worthy of Droste!

No flash?!

I didn’t use a flash for the first snap of this picture. In it the chain link fence looks cold and constraining, confining and defining the entire composition. How ironic then, that illuminating the foreground barrier really delivered a sense of openness? This is the first and last time I’ll display it. You’re welcome.

The one I Drosted.

Much better. (2001)

Shortly after my trip to post-911 New York, I started doctoring the w/flash-version of the picture. First I cropped it. That looked nice enough, got rid some extraneous color palette (who needs trees anyhow?) and provided subjective focus. It’s in this phase that I came to call the picture “Jung Gym” for what may be obvious pun-inspired reasons. But cropping wasn’t enough.

Banksy? Meh.

Next on the image doctoring docket, a pass through what looks like a Photoshop cutout filter with some selective digital hand painting wherein the artist introduces fresh, bold color to the ensemble. So enamored by this piece, I tacked on my dotcom brand and slapped the would-be commercial art on a coffee mug. It has not sold well. A dozen years later, it’s still available. Buy your uncool mug today.

Recursion, pre-Droste

Is that recursion?

Still haunted by this lo-fi image of a fence partly obscuring a jungle gym in front of a building, I immediately modded it again. This iteration, while not a true Droste, includes elements of recursion, no doubt planting the seed for future self-similar expression experimentation. What does that mean? When I look at this throwaway sketch, I see the seeds of my journey into Droste effects.

I thought this was a post about Droste?

Droste Jung Gym

Yes, it’s a Droste. (2010)

So, back to the banner on top of every page of DanDreifort.com; it’s a Drosted version of this “Jung Gym” picture wherein we replicate the original introducing near-infinite recursion. It’s not really infinite, silly. That’s impossible. We can only hint at it. Hell, instead of referring to that banner (that might go away someday,) I’ll just post the full version of that and erase the bit where I asked future reader noticing the absence of said banner to tell me to post that image over to the right. See it there? That’s why I make the big bucks.

Fast-forward to September 2009: My Sony Elph digital camera is a little better and there exists a plugin for The GIMP called MathMap. Pair the two with moderate investment in time and elbow grease and voilà! Pixel pushers the world ’round are able to create myriad mergings of art and math. For me, that meant the ability to create Droste effect images. I’ll offer only one more thumbnail image here. Clicking it, just like the following hyper-linked text, will take you to a selection of Dan Dreifort Droste effect efforts, displayed in chronological order. Enjoy!

Do you want a personalized Droste effect image? Tell me. Maybe we can work something out.

Robocalls Are Easy To Fix

4 Jan
English: A Fox 40 whistle from the late 1980s.

A Fox 40 whistle from the late 1980s. (Photo credit: Wikipedia)

In early November I received my umpteenth call from Rachel at cardholder services. A few years ago I wasted time filing FTC reports on these jokers in a wholly ineffective effort to thwart their incessant nagging. Of late I’ve instead taken to passive aggressively nagging them back.

How I Used to Deal With Rachel and her Cardholder Services Minions

This time, as is now my custom, I pressed whatever number would get me to a consultant to discuss the urgent scam relating to my credit cards. I then pressed mute and walked away. A few minutes later, per my routine, I picked up the phone to hang it up, but this time there’s a guy whispering all sorts of awesome stuff still on the line. So I listened for a while. He’d just started at his call center job two weeks earlier and had yet to get any training. He was bitching about the people near him and how backwards and horrible everybody and everything about his job was. Very entertaining. (He was using more colorful language than I’m willing to recount here.)

I wanted to un-mute and talk to him but decided not to. What would I have said? “Become a whistle-blower!” These $#%^ing phone spammers are breaking the law and I’d love to see some convictions. Unfortunately I (and likely most call center drones) are unaware of incentive to blow the whistle on such illegal activity, if any even exists.

FTC Robocall Challenge to the Rescue?

The FTC is planning to spend serious dough on “new and innovative ways to block these illegal calls,” and is soliciting fresh ideas via the U.S.A.’s official challenge website. They’re also offering $50,000 in prizes for challenge winners. But I recognize problems with most of the submissions. They’re either ineffective, costly, unproven, violate basic privacy or show other weaknesses. Solving this problem is as simple as the American dream itself and it’s a bargain too.

Incentivize Whistleblowers

From aforementioned breathy undertones of the underbelly of the robocall world, I was able to infer that call center workers are overworked, underpaid, shown little respect and mistreated. What if we offered cash rewards for proof of illegal telemarketing activity? How much would it take? I’m guessing not much.

What person working at a thankless illegal job is going to turn down a four figure reward for ten minutes of work? IT WILL WORK. But how will we fund it? While there’s likely already a budget for this sort of thing, I understand that taxing and spending isn’t sexy these days and that we’re to rely on the private sector for things like… money. (?!)

I’ll start. If I win the challenge, I’ll donate 10% of my take to an FTC telemarketing whistle blower fund.

Won’t you join me? (Boring details for my FTC challenge submission follow. Thanks for reading!)

Project Details FAQ

Q: What is required to stop robocalls and encourage whistleblowers?

A: Funding. A website to field scam reports. Small staff to review reports. Initial marketing push.

Q: What about robocalls that don’t provide an option to speak to a human?

A: There are still underpaid minions in these shady organizations. We can turn them from the dark side.

Q: What about robocalls from other countries?

A: People in other countries like cash too. We can turn them and stop the flow of robocalls.

Q: Harumph! I hate government spending! What else would we need to crowdsource the funding?

A: If the gov doesn’t have the ability to do it already, hire somebody to use free, off the shelf, open source scripts to accept donations. Initial marketing push.

When he’s not traveling or making music, Dan Dreifort likes to consult on search and usability. Dan also likes his wife even though she has neglected him for almost four years while she’s been at veterinary school. She comes back in three weeks. Dan is very happy about this.
Swine Flu Tracker

Swine Flu News and Information

Grown Up Book Reports

Book reviews with a healthy dollop of snark

Ethan McCarty

Digital strategy | Social business | People-centric biznology

%d bloggers like this: