It looks like Comcast is in the news again but not for the best of reasons. So today seems like a good day for me to share my latest Comcast experience. I recently moved and subsequently signed up for Comcast’s all-in-one package (TV, Internet, and phone). I didn’t really need the phone service, but the way the marketing department has things, the same services I wanted without phone service are the same price as having the phone service included. Bundling and all that, go figure.

So I take the glass-is-half-full approach and assume I’m getting a good deal, like phone service for free! (Rather than the glass-is-half-empty approach: overpriced other services with something I don’t need included.) But then the phone calls start coming in. I’ve given my phone number to no one and yet, I’m getting an average of 2-3 phone calls per day with people calling me “Mr. Caswell.”

The most ironic phone call was the one from a Comcast competitor, Dish Network, trying to lure me away. I didn’t give Dish Network my phone number, so who did? Well, I called Comcast to find out. It turns out that unless I ask for a special service that stops these calls from happening, they happen.

Actually, there are two different special services, as it was explained to me. But I already forget their differences. All I know is that if I pay Comcast another $2 per month for these two services (nothing, considering I’m paying them over $100 already), then I don’t get 2-3 bonus phone calls per day.

Of course, I also had to change my number in order to stop the current onslaught of solicitors, and there’s a feel for that, you see. But the Comcast rep on the other side actually did a pretty good job at empathizing and waived the fee since, as she put it, “I should have been offered these services when I first signed up.”

The services in questions, you know, the ones that add up to another $2 per month charge, well, they have non-descript names (I can’t remember them). To be honest, I might not have signed up for them even if I had heard about them before. What I told the rep and what I’d like to tell Comcast now is the following:

Offer the services this way: “Would you like 3 solicitor calls per day or a $2 monthly charge? Your choice.” I could be wrong, but I think most Comcast customers would prefer to be charged $2. And if the “decide later” alternative is a change fee and a new phone number, well, that won’t be as painless a process as it was for me (no fee and no one I cared about knew my number yet).

Whatever the case, thanks Comcast, for taking care of me. Now try and figure out how to take care of the rest of your customers out there.

So I joined MySpace about a week ago and was already annoyed at the way they sent me my password over email. But then, just a few days later, I got an email with my first MySpace message / friend request from someone named Riley whose profile picture is a girl in a swimsuit. Originally, her (or his?) profile showed the same city and state that I live in, though now it’s been changed to Greenville, Ohio. Here’s the text of the message:

“Heya sunshine!
I recently broke up (9 months ago) and am ready to date once again. I’m not looking for a serious relationship though. It’s too soon. A little about me: I’m adventurous, outgoing and open-minded. I’m pretty good-looking and healthy. I like going out but also dont mind snuggling! If you make me laugh, you’re half way into my heart. I was browsing the site; my best-friend. After figuring out how things worked I came across your profile. I’m interested! I hope you’re not shy and that you’ll respond. Please dont reply directly though, this is really not my profile, I’m just borrowing it. Send your reply to my real email address instead: kate_cannon_x@yahoo..

Thanks and have a nice day!”

Interestingly enough, I’ve used Facebook and LinkedIn for years now and have never had this problem (or the previous password problem I discussed). But MySpace, for being the most popular social network out there, continues to disappoint. And it’s only been one week!

Perhaps I’m the exception rather than the rule, but if anyone joining MySpace for the first time should expect spam posing as a wannabe friend within one week… Wow, it just seems like one more issue to fuel the lack-of-privacy fire.

In MySpace’s defense, they do have some spam settings in the privacy section of your profile. I suppose it’s nice to be able to customize those settings, but I wonder why the default setting gets me spam? I suppose that’s the catch-22 of social networking and privacy: default openness vs. default privacy. What should those defaults be?

I’m personally a fan of “opting in” to the “my profile is accessible to everyone in every possible way” configuration rather than having to “opt out” of it. But I get the impression that, in general, the default demographic for social networks may prefer it the other way around. And that can make implementing decent privacy settings all the more tricky…

Coincidentally, MySpace updated both their terms of use and privacy policy this past week. Of course, it’s not like I read that relatively long legal verbage every day (if ever). So I have no idea what might have changed recently.

Last month I picked on search engine Mahalo as an example of a company emailing its customers passwords. I mentioned how having your password floating around openly on mail servers can defeat the purpose of having a password in the first place. Mahalo’s founder and CEO, Jason Calacanis, joined the discussion and some good thoughts were shared from both sides of the issue.

Today I found out that MySpace is on the list of companies sending out passwords through email. I finally signed up (that could be a separate conversation, why I’ve ignored MySpace till now) and promptly got a welcome email with my password staring back at me. MySpace, though, takes it one step further and adds insult to injury by saying “Keep it secret. Keep it safe.” right below my visible password. As if I had a choice at that point, MySpace, you just made it less secret and less safe.

But, of course, I used a I-don’t-care-as-much-if-others-know password that I wouldn’t use for other “important” sites. And I’m sure that the hundreds of millions of MySpace users do the same (yeah, right). In all seriousness, though, I can see how certain sites don’t need the same level of security as others. As an example, there is an obvious difference between MySpace and your bank in terms of security.

In reality, though, there’s a wide spectrum of sites and services protected by passwords. It’s not black and white with only “banks” on the one side and “social networking” on the other. So who should decide which service deserves what level of protection? Well, in this case, it’s my opinion that it’s in the best interest of any company protecting your information with a password to avoid sending that password insecurely over email.

But assuming a world where there will always be companies that send passwords in emails, the very least they could do is tell you this before you decide on your password. That way, you’d know to what degree a company values the protection of your information before you decide on what password to give them.

One very simple implementation of this is that of a company showing you your password as you choose it. You’d then know that this should be a less important type of password. In fact, I’m not sure why asterisks are necessary to “hide” your password as you’re typing it the first time if 30 seconds later the same password previously hidden by asterisks is visible on screen in your email.

However the “less secure” message is conveyed before you create your password, is it too much to ask for this kind of disclosure from companies?

Let’s face it; we all reuse the same password for login accounts all over the Internet. At best, some of us create a few passwords through which we rotate.

So why is it that some companies still insist on sending me my password via email right after I create my online account? The reason I have a password in the first place is so that it doesn’t flow back and forth openly in cyberspace only to reside peacefully on multiple mail servers.

This type of action, to me, is a sure sign of amateurs at work. In fact, it’s the lazy man approach for me to give (or take away) initial credibility to any company, startup or established: see how they handle the process of creating an online account.

So who gets picked on today? Search engine Mahalo, which is too bad, really, since they otherwise have plenty going for them. In their own words: “Mahalo is a human-powered search engine that creates organized, comprehensive, and spam free search results for the most popular search terms.”

It’s a fairly useful site and doesn’t require an account for much of what you can get out of it. But there are certain features and functions you do need an account for. So I signed up without hesitation and trusted the site subconsciously by using one of my “real” passwords. When I received the subsequent welcome email, there my password was, staring right back at me.

My only workaround to this all-too-common problem is to sign up with any new service with a token I-don’t-care-if-you-know-my-password password only to change it to a real password after a) I receive that initial “thanks for signing up, here’s your account info” email and see that the password was not included and b) find that I am interested in using the service for longer than just my first time of messing around.

But even then, I’ve seen some companies send out a “thank you for changing your password” update email which shows both your new and old password. (I’m not sure how Mahalo handles this; I haven’t gotten that far with them.)

What can make it even more of an eye roller is when the situation is thick with irony. I remember last year: An otherwise reputable affiliate program I signed up for wanted to make sure that my password was at least eight characters long and included both numbers and letters. It was then promptly sent out to my email. Wow. Thanks for making sure it was a good password!

Now, Jason Calacanis, the founder / CEO behind Mahalo seems like a reasonable guy. I’ve emailed him to ask for this to be changed (or an explanation). I can already give you the generic explanation I’ve heard before from other companies: “If you forget your password, you can just look it up in your email.” Here’s a better solution:

If I forget my password, I email support at mahalo.com (or whatever appropriate address) saying as much. Mahalo then should email me (only to the email registered in my account) a randomly generated temp password that only works for a limited amount of time. But it’s enough to get me into my account and allow me to change my password.

Is it a perfect solution? No. Just the first simple solution that comes to mind (that I’ve seen implemented elsewhere). There are other methods, too, like asking you for your mother’s maiden name / third grade teacher / favorite animal, etc. at the time of account creation. The site then asks you one of those questions if you’ve forgotten your password. Even then, though, it shouldn’t just let you in. Again, it should send a temp password to the email address on file.

I’m no security expert. But I do know that most any solution is better than automated open emailing of passwords.

*Update* Thanks to Jason Calacanis for responding (see comments below) and opening up for discussion via Twitter. For anyone interested, feel free to follow me on Twitter here.

While it’s nothing new for organized crime to focus on phishing and identity theft, Windows-based computers have traditionally taken the brunt of most attacks. So much so, in fact, that plenty of my Apple friends claimed it as yet another reason to switch to the below-the-radar Mac. Too bad, then, that a report out last week shows that the end of 2007 was the beginning of “financially-motivated” organized crime targeting Apple computers.

Is this good news or bad? After all, it could be taken as a sign of Apple’s success. Macs finally appear to be popular enough that cybercriminals care. However you frame it, check out this call to arms of sorts from Graham Cluley, senior technology consultant at Sophos (the firm responsible for this report):

“Mac users have for years prided themselves on making smarter decisions than their PC cousins – well, now’s the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac users resist clicking on unsolicited weblinks or downloading unknown code from the web then there’s a chance they could send a clear message to the hackers that it’s not financially rewarding to target Macs. If they fail to properly defend themselves, however, there’s a chance that more cybercriminals will decide it’s worth their while to develop more malware for Mac during 2008.”

So there you have it, Mac users, unite and be as smart as you feel! The report also noted that Wi-Fi enabled devices and other mobile technologies (even mentioning Apple’s iPhone and iPod Touch) are likely to be targeted this year.

This past week a national cable and high-speed Internet provider by the name of Charter Communications accidentally deleted all the contents of 14,000 active email accounts. A spokeswoman for the company explained that there is no way for them to retrieve anything that was erased. The spokeswoman offered this explanation and apology:

“We really are sincerely sorry for having had this happen and do apologize to all those folks who were affected by the error… During this maintenance we erroneously deleted active accounts along with the others. It’s never happened before. They are taking steps to make sure it never happens again.”

As a result, the company has decided to give every affected customer a $50 credit on their bill. So there you have it: according to Charter, at least, your online email account and data is worth about $50. The company, which has around 2.6 million high-speed Internet subscribers, could have done worse than taking a $700,000 hit. But the irresponsibility of the situation shows that they could have done much, much better.

Indeed, how can a multi-million dollar company with millions of subscribers not have any sort of data backup? But then again, who’s really to blame here? Charter offers this “free” email account to any of its customers who pay for Internet service. And it’s likely to have the same terms of service as all the freebie email accounts available online: you know, the “we provide no guarantee and accept no liability, use at your risk” type of agreement no one actually reads.

The point is that, in many ways, $50 is quite generous even if obviously undervaluing most anyone’s personal value of all emails. But imagine if this was Google (Gmail), Yahoo, or Microsoft (Hotmail) making the mistake. Would they give you anything? Answer: No.

So the moral of the story is just how much we take for granted products or services we pay nothing for. Perhaps I’m alone here, but I would actually pay something reasonable for an online email account if the repercussions of a screw up valued my collective emails at a price well above $0 to $50. But that reality doesn’t exist and is part of the reason I still use a desktop email client (Thunderbird) to download and save all my emails locally.

The privacy and portability of your online data may become more of an issue in 2008. News is out today of a Federal case which will investigate whether the use of a false identity could be considered Internet fraud under federal statutes. This was originally triggered by the October 2006 case in which a 13-year-old named Megan Meier committed suicide after receiving “cruel” messages on MySpace (messages allegedly received from the mother of a school rival who was posing as a 16-year-old boy).

Take this news and mix in this BBC piece which discusses how Facebook will have an uncomfortable year due to privacy issues, and we’re back to question of who owns what data online? And who should be able to see what? These are not easily answered questions. After all, there are different types of data (email address vs. phone number, for example) and different types of decision makers (13-year-olds, twenty-somethings, baby boomers, etc.).

But even if more control and ownership were given back to the user, we’d still see conflicting opinions. For control, how granular should it be? While I may want lots of levers to pull for sharing and unsharing tidbits of my information differently with different people, someone else may find that confusing. And for ownership, how will we deal with the viral nature of information spreading? Even if you “own” something, what stops anyone with whom you’ve shared from doing whatever they want with your theoretically “owned” data?

It’s a big mess that many don’t care about (or are perhaps in denial?). But 2008 is shaping up to be the year where online data control and ownership will be in the spotlight.

The Wall Street Journal has the scoop on the latest Google news. Google is hoping to offer consumers a new way to store and access files online. The search giant is working on a service that would let you store essentially all of your files online (documents, music, photos, videos, etc.).

I already do this with Mozy for free. But Mozy works more as a backup that I generally access only when I need to restore files. Google wants to simplify the process of transferring and opening files such that you would actually be using your online files actively.

In true Google style, the service will be free for a limited amount of storage with charges occurring above a certain threshold. In fact, for an example of how this might work, take a look at Google’s Picasa Web Albums photo-hosting service. You can upload photos online and share them with friends, up to one gigabyte for free. You can then purchase 10 gigabytes to 400 gigabytes for around $20 to $500 per year. Just take that service, throw in other types of files and better accessibility, and you might have the GDrive.

Of course, all the standard issues will apply: data privacy, copyright, scalability, etc. We’re all accustomed to targeted ads along side our email in Gmail. But Google bots mining my documents to send me ads? No, thank you.

Copyright issues will also be a tricky one this time around. If these plans are true and Google makes it easy for consumers to share different types of files online as part of this new service, how will it address copyright complaints? One person familiar with the matter says Google is discussing with copyright holders how to approach the issue and has some “preliminary solutions.” Whatever the solutions, how likely would you be to move all your computing online if Google was watching over your shoulder to make sure you weren’t violating copyrights?

Google’s response to the privacy concerns seemed like it could have been taken seriously: “It is certainly approached with the utmost sensitivity on our end,” said a Google spokeswoman. “We have extensive safeguards in place currently to protect our user data and we have a very strong track record in this regard.”

I say “could have” because just a few paragraphs later, we find this:

“A document Google inadvertently released on the Web in March 2006 said it was moving toward being able to “store 100% of user data,” citing “emails, Web history, pictures, bookmarks” as a few examples. The document referred to what appeared to be unannounced Google initiatives, including one dubbed “GDrive” and said they could help compete with Microsoft.”

So Google wants me to entrust them with all my files when it has issues inadvertently releasing its own. Oh, the irony.

Sophos, an internet-security company, released numbers on the amount of spam sent per country between this past July and September. And the United States is responsible for about 30% of it (see chart below). Despite legislation such as the CAN-SPAM Act, the U.S. hasn’t been able to do much to stop spam. And spam is getting more complicated: fake e-cards, virus-infected PDF attachments, and worthless MP3 files or ringtons are the latest methods. In fact, according to anti-spam company MXSweep, nearly one in ten spam e-mails attach MP3 files or ringtones.

I guess I wouldn’t know much about this. I use Google’s gmail and rarely see any spam.

The Economist (subscription required) dives into what it thinks is the next generation of the Internet: the Geoweb. Interestingly enough, it formalizes the thoughts of TechConsumer author Marion Jensen who received attention when he wrote on this subject two months ago. While Marion stopped short of calling the location-based Internet Web 3.0, it’s good to know he is not alone in his concept of the “next big thing.”

Apparently, the geoweb already has an emerging architecture: traffic jams, seismic tremors, crime rates, and melanoma stats are just a few areas where data is being collected and tied to location. A new discipline of “geographic information systems” (GIS) is on the rise, which includes fancy software used mostly by governments and companies to analyze spatial data. And the data “tend to be of impeccable quality.”

Combine the analysis and data quality of GIS with the visualization of the geoweb and things really start to get interesting. One example: Last year geodata for 13 American air-force bases were compiled and put into a modified version of NASA’s World Wind geobrowser. This made it possible to do a walk through of 3-D models of each base while analyzing multiple layers of data. The project cost less than one million dollars and is expected to save the air force five million per year due to faster decision-making. In this case, live video from a construction site is tagged such that contractors and vehicles are identifiable. Planners can assess a proposed building’s effect on runway visibility. And an environmental engineer can see 45 years of relevant documentation while viewing a plume of contaminated groundwater.

But at what cost will this new world come to us?

“Indeed, all the features—good and bad—of the internet will eventually gain new dimensions on the geoweb. Bots and intelligent agents will crawl it. It will be populated by avatars, as Second Life becomes first life, and it will enable the inverse: telepresent machines roaming the real world. Ghostly, private worlds will be overlaid on reality, sensitive only to members. The malicious possibilities are sobering: location-based viruses, geohacking and, worst of all, geospam.”

Though, Google Earth’s chief technologist Michael Jones has a decent comeback response: “I think there’s a social barrier to everything new.” He believes in the availability of useful information and thinks it outweighs concern over surveillance and loss of privacy. He pointed out that five or six years ago people were worried about camera phones. But now “everyone just presumes that everybody has a camera on their phone—it’s nothing special.” The lesson of previous technologies, he says, is that “we all are happy to tolerate things that would have previously been considered intolerable.”

What will it take before this is widespread and in front of the consumer?

“…[T]he incorporation of satellite-positioning technology into mobile phones and cars could open the floodgates. When it is available, simply moving about one’s neighbourhood can then be tantamount to browsing and generating content without doing anything, as demonstrated by a company called Socialight. Its service lets mobile users attach notes to any location, to be read by others who come along later. Taken further, the result could end up being a sort of extrasensory information awareness, annotation and analysis capability in the real world. “When that happens”, says Mr Jones, “then the map is actually a little portal on to life itself.” The only thing that can hold it back, he believes, is the rate at which society can adapt.”

I don’t mind admitting my mixed feelings on this one: Cool but scary.