Kyle Brady: Blog » Privacy

SJSU Mass Email Failure [Expose]

Kyle Brady — Fri, 21 Aug 2009 07:13:41 +0000

Alternative title: "How to Publicize 17,000 Private Email Addresses"

Earlier today, I received an email from "Tameka N. Harris" regarding parking permits at San Jose State University for the upcoming semester. It wouldn't have been an interesting email except for a minor detail:

There were 400 email addresses in the "To:" field, including mine.

Note that it was an actual email, instead of an anonymized message through the PeopleSoft-based system that hides any and all email addresses, usually used for such mass-communication.

After speaking with a friend, who had 700 separate and unique email addresses on his receipt, I discovered it's likely this was a mass email to the entire student body - over 17,000 people, all with email addresses exposed to each other.

I responded to the original, 400-person email in "Reply All" fashion, saying:

I would just like to point out to everyone on this list that Tameka N. Harris, the Almighty Beloved of SJSU Parking Services, has exposed your email address to the world, along with hundreds others, all because she couldn't figure out how to use the "BCC:" email property instead of "TO:".

That's how I'm able to email all of you.

Way to go, Tameka.

I intended, and tried, to email those on my friend's list, but Google prevented me from doing so, and accused me of spamming. Fair enough.

It's important to note just how unacceptable such a huge breach of student privacy this is, not to mention the gross administrative ignorance by both Tameka and SJSU - has she never used email before? "Irresponsible, outrageous, and unintelligent" only begins to describe the situation.

Her original email, which wasn't worth such a mass-mailing, is unedited as follows:

(note: the email has more color and formatting than Wordpress allowed me to copy-and-paste)

Please conserve: Think before you print this e-mail.

IMPORTANT PARKING NOTICE
BEWARE: Limited Parking and Heavy Traffic
During the first few weeks of instruction, traffic is unusually heavy and finding parking is difficult! Please plan accordingly and consider using SJSU Park & Ride or your VTA EcoPass for public transportation. Throughout the semester, the parking garages usually fill to capacity prior to 9:00 am and remain full past noon. UPD Officers provide traffic control during the beginning of each semester. It is important for the safety of everyone that you follow their directions!

THERE IS NO GRACE PERIOD
A valid parking permit is required at all times, including the first day of classes. Parking rules are enforced 24 hours a day/7 days a week. Possession of a permit does not guarantee a space in the main campus garages. Space is always available at the “Park & Ride Lot”. There is NO free parking on the Main Campus.

Avoid traffic and parking frustration…
Use SJSU PARK & RIDE LOT!
Only the “Park & Ride Lot” offers free parking the beginning of each semester (August 24- Sept 3, 2009).
Free parking is only available at the “Park & Ride Lot” August 24 – September 3, 2009. The “Park & Ride Lot” is located 8 blocks south of the main campus on South 7th Street at Humboldt Street across from Spartan Stadium. The parking rate is $4.00 per day (or $96.00 for a semester Park &
Ride Permit). ALL SJSU permits are valid in the “Park & Ride Lot”.
Free Park & Ride Shuttle service is available to campus Monday through Thursday. Free Shuttle Service begins at 6:30 am and runs every 10 minutes (depending on traffic) until 4:00 pm with stops at Park & Ride, Duncan Hall, MLK Library, Engineering Building and Business Tower. After 4:00 pm, Free Shuttle Service runs every 20 minutes until 10:20 pm with stops at Duncan Hall and Park & Ride only. Shuttle Service is not available Friday through Sunday.
All Park & Ride Permits are valid in all student areas on the main campus Friday through Sunday only.

DON’T WAIT IN LINE!
Buy Parking Permits or Pay Citations ON–LINE!
www.sjsu.edu/parking

.. No Additional Fees
.. No Lines – No Waiting
.. Print a temporary permit valid for 10 days
.. Fast delivery to your home without shipping and handling fees
A limited supply of Student Semester permits are available at the Student Services Center – Bursar’s Office located on the ground level of the North Garage(South 9th and East San Fernando Streets) (Cash or check ONLY). Please expect long waiting times during the first few weeks of school.

Student 1-day–a–week, 2-day-a-week and Park & Ride permits are available ONLY at the Parking Services’ Office located in the University Police Department (UPD) building at the South Garage (S. 7th and E. San Salvador Sts.) (Cash or Check ONLY)
Daily Permits: Pay stations are available on the 3rd floor and above in the North and South Garages and the 1st to 4th floors of the West Garage (E. San Salvador and S. 4th Streets).
Daily Rates:
Each ½ hour $1
Maximum Daily Rate $8
Maximum after 5:30 pm $5
Overnight parking $10 (Expires 8am next day)
THERE IS NO GRACE PERIOD
A permit is required at all times including the first day of classes. Parking rules are enforced 24 hours a day/7 days a week. Possession of a permit does not guarantee a space in the main campus garages. Space is always available at the Park & Ride Lot.
For more information or to review the Parking Rules and Regulations, visit our website: www.sjsu.edu/parking
(408) 924–6556
The latest SJSU Safety 101 Uniform Campus Crime and Security Report is available on–line at www.sjsu.edu/safetyreport. A pamphlet can be obtained at the University Police Department (call 408 924–2172 or visit the UPD web site at www.sjsu.edu/police for more information.

This issue follows on the heels of the "Beeson Debacle" from two and a half months ago (also at SJSU), which is about to be revived in the first issue of the Spartan Daily on Monday - 8/24/2009 - the first day of the Fall Semester.

Good timing, Tameka.

Facebook Re-Design FAIL [Expose]

Kyle Brady — Sat, 26 Jul 2008 21:02:07 +0000

If you haven't heard or noticed by now, Facebook is in the process (or is finished?) rolling out a redesign of ... pretty much everything. Check out www.new.facebook.com to activate it. But I'm not here to analyze it like everyone else, even though I think it's a pretty cool update.

I'm here because they screwed up.

I've been keeping an eye on the "applications" page, because I had a feeling that something was going to happen... and it did.

Click, because it's relevant.

See all the things I've circled in red? Most of those are applications I've never added. Ever. And in the case of "Bumper Sticker", "friendbinder", and "Top Friends"... those are ones that were added and removed (before the design change) within a 24 hour period.

My first question is: what the hell?

Is Facebook just randomly letting applications access my data, and decide that I'm now a "user" of them? Because, if so, that's not only stupid and wasting my time... but it's also a huge privacy concern.

My second question is: what the hell?

I've tried to remove ALL of the ones that I circled in the screenshot... they won't go away. They disappear from my profile, and from some of the settings pages... but remain on others. Which would lead me to believe they're not really gone, they're just pretending to be.

My third question is: what the hell?

There have long been rumors that Facebook doesn't actually delete any data, they just "delete" it. Instead of removal, a field is changed to tell the rendering engine "Hey! Don't show this!" - which might make sense in some cases, but not as an overall policy.

This is solid proof that they do exactly what people have been whispering about... besides the whole "delete my account" controversy, of course.

My fourth question is: what the hell?

I'm actually out of "Items for Hell" at this point.

Your Mission

This needs to be fixed immediately. Check your applications page, see if you've got anything weird going on. Send them feedback (using the "send feedback" button... obviously), regardless of whether or not you have this problem... they need to know that many people care about this, and it's kind of a big deal.

p.s. Yes, I'm still using Vista on this computer. But that's because I haven't gotten Ubuntu running yet... the RAID-1 array and the supersexy, but "too new", combo optical drive are creating major problems.

--------------

Update (7/28/2008 2:30pm PST): SitePoint blogger Josh Catone (formerly of RW/W) picked this up, and wrote his own take on it.

Microsoft, Please Steal My Data! [Old Content]

Kyle Brady — Thu, 11 Oct 2007 00:06:23 +0000

I think we should all let Microsoft take our data. Really. Everything about us... blood type, injuries, health insurance...

Did you catch the sarcasm? Did you? Because something tells me the creator of the most buggy, flawed, attacked, and hacked software in the world is going to have a hard time convincing people their data is secure. I don't know, maybe I'm wrong, but I just have this weird feeling that they're probably running the same software that gets hacked thousands of times a day worldwide...

Congratulations, Microsoft. You beat Google to a release of a new product for once. That is admirable. But that doesn't mean it's a better product, or that people will even care. Being the first to the finish line may win you a race... but we all know that in war there is no ticker tape. There are only mines, rocket launchers, and stealth bombers, but I digress.

Google has been supposedly developing their own product that is intended to revolutionize the medical industry, this is common knowledge in the tech world. Who do you really think is more secure with their data? How many times have you heard of your personal account information being leaked from Google? How often has Microsoft's systems been hacked? How often has Google's systems been hacked? Who is generally treated with greater trust?

The answer is obvious: Google. The world leader in search and information storage considers your personal health information to just be one more shelf to index: all the better to personalize your services, my dear. From my personal experience, people who use Google's products love Google, whereas people who use Microsoft's products typically don't. What is your most used email account, Gmail or Hotmail/Live Mail/Whatever-they-call-it-today?

When the battle is begun, and sides are taken, where will you side? Where will the doctors, and subsequently, the industry side? I'm willing to put the smart money on Google, it's a pretty simple choice. The two behemoths will face off, and battle for the attention... this much is true. But given the history of each company, and their respective mottos (both official and unofficial), chances are that Microsoft Windows Live Spaces Personal Health Identifier Super Home Edition will fail.

Completely, utterly, disastrously... fail.