All of us know the importance of privacy. Privacy is one of the corner stones of trust and security in any business, online or not. We all try to ask for privacy in the services we use in day to day life and every company worth their salt try to impress customers with their privacy statements. However it looks like neither the the authorities of a state nor a very prominent bank in India does know even the basics of privacy and security.

What you are looking at is the complete details of the voters list in the state of Andhra Pradesh. Complete details means every single thing the state knows about you.

Anyway I will tell where I got this data from. I did not hack into the secure servers of AP. I did not crack the pass-phrase of the DBA. Apparently the authorities sold their waste papers to a vendor. Incidentally this vendor made paper plates using these and sold it a local cafe. I got the paper plates whenever I ordered something from there.

I took some more samples from there. Then came another shocking truth. Among the data there was data corresponding to the details of the customers of a famous bank. Looking at the samples it was obvious that the papers contained data of all the customers of the bank from all parts of India.

I don’t know how to react to this. Just wanted to let you know that the next time you are doing business with anyone, ask them what they do with their waste papers.

Here is a screenshot of the comment form in Jeremy Zawodny’s blog

Zawodny is working at Yahoo. He is getting lots of comments in spite of this crappy comment processing cycle.

Here is what I was told after I posted a comment:

Thank you for commenting.

Your comment has been received and held for approval by the blog owner.

Return to the original entry

An approval from the commentator. Then an approval from the moderator. And don’t forget to solve the “Captcha” in the form.

Talk about the privilege of commenting.

There is a great deal of debate going on about the upcoming version of the Internet Explorer - IE8. It looks like Microsoft is going to screw up this time too.

From the A List Apart article Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8:

All of these factors leave us, the website developers, in a bit of a pickle when it comes to making websites. How do we ensure that browsers continue to render what we want them to?

We could specify the version of the languages we use, such as CSS 2.1 or JavaScript 1.5. Unfortunately, browser vendors often implement only part of a spec and the interpretation of a specification often differs from browser to browser, so any two contemporary browsers may offer completely different renderings of the same CSS or may trigger completely different events from the same form control.

With this spanner in the works, we’re really only left with one option for guaranteeing a site we build today will look as good and work as well in five years as it does today: define a list of browser versions that the site was built and tested on, and then require that browser makers implement a way to use legacy rendering and scripting engines to display the site as it was intended—well into the future.

This is exactly what our group decided to recommend for IE8, and we hope to see it implemented in other browsers as well.

Basically what they say is that every developer should add a meta tag specifying the version of the browser the page was tested on, to every web page he creates. This must be done for every browser - Microsoft recommends.

What kind of a solution is this? Certainly not scalable.

What are the implications of this foolishness? Every browser will have to carry the previous browser editions too. This is to ensure that a web pages are rendered exactly as the developer intended it to. For example, a page designed for IE5 should be rendered exactly as it was rendered in IE5. This means that IE8 will include rendering engines of all the previous editions of IE.

Here is what Ann Evan Kesteren of Opera thinks:

You’re shipping a lot more code, and it grows a lot with each release. If the user browses a mix of pages, you’ll actually execute a lot more code too. Good luck competing in the mobile space when you ship half a dozen engines and your competitors only need one.

Pathetic solution I would say. It is sure that this solution will not go beyond IE8. I predict that by IE9, Microsoft will be looking for another solution to break up the web.

Kesteren continues:

Solutions? We can ignore this all together. We can get popular Web server software to set IE=edge. We can convince the world to use a browser that does not have the ability to lock pages into a specific rendering mode. Bah.

And Robert O’Callahan from Firefox says:

It seems clear that for now we have no market need for drastic multi-engine compatibility, and therefore there’s no need to even consider the pain it would cause. One could argue that by slaving themselves to the needs of the corporate intranet, IE is actually being hobbled for the mass market.

I wonder why we took all the pain of developing our websites to the standards if Microsoft had this brilliant idea of breaking up the web.

TypeKey is a free, open system providing users a central identity for posting comments on weblogs and logging into other websites. It is run by Six Apart, the providers of TypePad and MovableType. It is a service used by thousands of users worldwide.

And guess what? They store your passwords in plaintext.

I forgot my password for TypeKey and clicked on the ‘forgot password’ link and provided my email ID. They sent me my username and password.

Great usability; poor security.

Alarming to see that even big names get security wrong.

The Internet is a world on its own. For many people around the world, it is the alternate world. And for many of us, it is where we live, and we dream - it is our primary world. But it turns out that the Internet is so broken, so insecure, and so dynamic that it is very difficult to live peacefully in here. Here are some problems I see with the Internet and why it works in spite of all these.

No or low Standards

99% of the websites (including this) are not made adhering to the standards and this is magnified by the fact that our major browsers are worse in standards compliance. People will respect the web standards only if the web browsers strictly follow the standards. But the current trend is that developers of the major browsers are competing in making standards of their own. Yes, the IE8 passed the Acid2 test, but that doesn’t mean Microsoft will not introduce any proprietary standards in it. And every new proprietary standard they introduce will result in a more broken web some years down the line.

Interoperability

There is nothing like this in the whole Internet, and most of the people don’t know what the term means. Interoperability is a big issue in today’s social web. Users would like the different web services they use to be helping them in combining the services. I would like to see the different web services to merge their services seamlessly and thus giving a unique experience to each user by forming a large application that incorporates all the small web services.

Data Portability

Data portability is an issue being discussed by many, related to the Facebook-Scoble debate. As Mathew Ingram puts it, the main question here is:

Who does that data belong to? It might have been collected and organized in the way it has because of Facebook’s tools, and he obviously agreed to the terms of use that he has since broken, but there’s no question that the information itself should belong to Scoble (and the rest of us). So what rights should he have when it comes to removing that data from a site like Facebook? And who gets to decide?

Obviously, the problem is that most of the big corporations ignore this right of a user. And this persuades users to continue with the crappy web application because their data is trapped in it for ever.

Privacy

Again, privacy issues are all around the place and people are enjoying the furious debates. Google knows what you searches for, what is in your e-mails and what videos you watch. And if you think that Google would not know you visited this site, think again.

The Adsense ads in this site may be tracking the cookies in your computer and it knows exactly who you are. It know exactly what tabs are open in your browser. We have heard the Facebook Beacon row too. Also I don’t mean privacy issues are related to just Google and Facebook. Something must be done fast before privacy becomes history.

Anonymity

Anonymity is different from privacy, but both are related. By anonymity I mean the inability to know who did what in the web. For example, in the real world you know who bought an item from your shop. You may not know his address but s/he has an identity. But in the web, you cannot know for sure who commented on your blog and who downloaded a software from your website. People do not have a face in the web. Anonymity or rather the feeling of anonymity is what boosted file sharing networks and caused widespread Piracy.

Others

There are other problems which I will just list here. These are mostly irritations which causes junk data in the web.

• Ads - Too much of them
• SEO - Why the hype?
• Meta-blogging - Blogging about blogging about blogging…
• Multiple accounts - Where do I store all these passwords?

If you can think of any others, please list them too.

So, how does the Internet work in spite of these?

The answer is simple. Millions of people out there are wasting billions of man hours trying to make the things work. It is not that the whole Internet is working in spite of it being broken. It is the magic of the hard work by human beings that make it work.

Orkut is famous for the never ending list of bugs in it. Users have even spotted bugs that can be exploited to view locked private albums. Today while browsing through a forum, I spotted this*:

As you can see, the forum shows messages 1-10 of 10. This means that there are no further messages. But the next link is active!!! What for?

This is just a case of not applying thought to the development of the product. Adding more features, bells and whistles and then more, you forget to get the usability right. If you have millions of users, who cares to fix these small bugs? You will be working on the ads. Won’t you?

As if it weren’t bug enough, I found something more when I clicked the next link just out of curiosity:

Yes. 11-10 of 10. Clearly, someone got his loop wrong.

*I have squeezed images parts to show the relevant portions.

I was checking out the latest version of EA Sports Fifa - Fifa 2008. I found a bug in it…

I was playing a match between Liverpool and Manchester United, and my controller was assigned to ManU. Continue Reading »