Blast from the past. Doing some email testing & dredged up my old netscape.net address. Had to re-activate it, and the handful of messages I probably saved way back in the day were gone, and now it’s aim.com instead…but it’s still got my years-outdated contact list, including people I haven’t interacted with in a decade.

As near as I can tell, I put together the list when I was in college, and never updated it. It’s still got all the old uci.edu and geocities.com addresses.

Oh, wow…there’s a pager number in there! (Remember those?)

Originally posted on Google+

I’ve dealt with a couple of companies that try to plug the general lack of security in email by using a “secure email” service. The way this works is:

  1. The company sends you an email with a link to a third-party or co-branded website, asking you to click on it in order to read important information about your financial/insurance/whatever account. (Or better yet, the third party site sends you the mail on the company’s behalf.)
  2. You click on the link and open the site in your web browser.
  3. You register for the site (which usually involves entering your name, choosing a password, and possibly entering other personal detail like a reminder question.)
  4. You log into the site and actually read the message.

Can you see what the problem is?

That’s right: Steps 1-3 are exactly what you see in a phishing attack. Only in a phishing attack, the third-party site is a fake that’s trying to collect account information (like your login and password) or personal information (like your SSN).

So while they may be solving the immediate problem of “someone might intercept this message,” they’re perpetuating a broader problem by training people to fall for phishing attacks.

Sadly, this is not new.

Update 2022: A decade later, they’re still doing it.

Google has just launched desktop notifications for Gmail using HTML5 technology. Of course, they’ve had a separate pop-up notifier for quite a while now. How does this one compare?

Improvements:

  • Will run on any operating system.
  • Doesn’t need to be installed on your computer.
  • Doesn’t require a registry hack now that GMail requires SSL on everything.
  • Doesn’t require you to enter your login & password in a separate app.
  • Lets you choose between only chat notifications, only email notifications, or both.
  • If you use Priority Inbox, lets you choose between all new messages or only those PI has marked as Important.

Downside:

  • Needs Gmail to be open. No biggie, as this is true of pop-up notifications for Outlook, Thunderbird, etc. But since the old notifier was a separate app, it could run on its own.
  • Only works with Chrome so far.

Twitter writes that link length shouldn’t matter, but the zillions of URL shortening services out there show that, for now, it does.

But why?

There are two main reasons to shorten* a link:

  • There’s a technical limit, such as SMS message length or email line width.
  • You expect people to manually enter the URL.

Right now, with Twitter messages limited to 140 characters and links forced to share that space with the rest of the post, URL shorteners are critical. But they’re working on a plan to accept longer URLs, and specifically shorten them for SMS messages. The full link will be available on the Twitter website, desktop clients, and other platforms that don’t have that hard and fast limit.

That will cut down on the demand for shorteners, but they’ll still be useful.

For one thing, there are other microblogging platforms out there like StatusNet.

For another, there’s email.

IIRC, the first URL shorteners launched because email programs often break up really long lines, including really long URLs. In plain-text messages, that leaves links not just unclickable, but inconvenient even to copy and paste, because you have to copy each line separately and paste them together. This will continue to be an issue as long as people continue to put visible URLs in email.

And then there’s the human factor. It might not be easy to remember http://is.gd/cGE8V, but it certainly takes a lot less time to write it on a scrap of paper than http://blogs.discovermagazine.com/badastronomy/2010/06/07/hard-to-port-eject-goose-eject/.

Which of those URLs would you rather type on your keyboard? Or worse, on your mobile phone?

*In this case, I mean making it really short and cryptic. There are plenty of reasons to keep links readable and sort of short.