Adobe Creative Cloud: Adobe’s Stupid Mistake
In the process of upgrading to Adobe’s Creative Suite 6 (CS6) software package, I spoke with an Adobe representative who then tried to up-sell me into their monthly software plan labeled Adobe Creative Cloud. The representative also told me there would not be a CS7 or CS8 version released ever with the introduction of Adobe Creative Cloud. Let’s explore why offering only Adobe’s Cloud will ultimately become a huge blunder.
Adobe’s software has always been purchased!
The business model for Adobe software has always been to purchase the software and upgrade later by paying an upgrade fee. It’s a model that has fully worked for all of their versions up to CS6. This has been the software purchase model for years and years (not even just from Adobe). Yes, while it is how we have always purchased Adobe software packages, it is also how we have purchased software from every other software developer. In fact, for sellers other than Adobe, it’s still how we buy software. Basically, nearly every other software package out there is a one-time payment to own the version you are buying. So, what’s changed?
Adobe’s Clouded Mind
Adobe has now made the decision that they are no longer ‘selling’ software. They are now ‘renting’ it to you in exchange for a monthly or yearly fee. Clearly, this is an entirely different business model from their original purchasing model. This is not the software purchasing model we have come to know, understand and agree to. But, someone who thinks they are brilliant at Adobe has decided the old model is no longer valid and they are now wanting us to buy this purchase model. Because they have done away with purchased software, they are now forcing YOU to ‘rent’ their software through the cloud. No longer can you just ‘buy’ it.
The pricing model is currently $600 yearly or $50 monthly for their service. But, you have no guarantees that they won’t double or triple these prices in two or three years. Once your plan ends, they can charge you whatever they want and your software is invalidated if you don’t agree. You don’t get to keep your software that you’ve purchased during the plan. The money you’ve spent is entirely lost. However, when you previously bought the software, you own that software to use forever no matter what pricing they use later. When purchased outright, the software is on your system and can be used forever without further involvement of Adobe. This permanency in ownership is just as it should be with software.
The Mistake
Whomever at Adobe that made this decision must have done so without consulting us, the software buyers, because why would anyone want to rent software forever? Software that you cannot keep or use after you shut the plan off. It’s an entirely different business model and an entirely different way to manage software. I don’t want to use cloud based Adobe software. I want the software installed on my system to use for as long as I want. I want to be able to move around and not be dependent on a 24/7 always-on Internet connection. If I’m offline, I still want to be able to edit and create work.
If you’re already using this service, you know that the software requires checking in every 30 days for monthly subscriptions and every 99 days for yearly subscriptions. This is not what I want. I want software that works infinitely offline. I don’t want anything ‘checking home to mothership’ ever. If I need to get a new version, just notify me of it and, if there’s a fee I’ll pay and download it. This is the tried-and-true model. Why abandon it?
Throwing out the baby with the bathwater?
Seriously, why would any top level executive dump a fully functional business model that has sustained an entire company for years in exchange for an extremely risky new business model that may not be adopted by buyers? Why wouldn’t you want to carry both models? Clearly, there are those of us out here who still want to ‘buy’ software, not ‘rent’.
For example, renting a car for a day is fine, but the market still is a big enough place where you can also ‘buy’ cars. Why would you, as Adobe, decide to close down the entire ‘buy’ market in lieu of a ‘rent’ only market? Think about it, the cloud rental software is fully downloadable but hobbled to check in every 30 days. It’s like paying to use a never ending trial version. To carry both business models, it’s just semantics to set up the software to check in every 30 days, 99 days (as it does right now) or NEVER (to buy it outright.. which doesn’t exist). If I want to pay full price up front for a package, that’s my choice and I should have that choice available to me. If I choose not to rent, then that’s your loss when I choose not to rent. And believe, I won’t rent ANY software from any business.
But, Adobe has decided to throw the baby out with the bathwater. The model that they formerly and successfully used to sell their software they have entirely abandoned for this new ‘rental’ world. A world that is likely to not only backfire badly on Adobe, but likely to force them to completely rethink this idea. Some ideas need to die and rental software like this is one of those ideas that needs to go away as fast as possible. That someone thought it would be a great idea needs to be slapped sane.
Renting is not Acceptable
Rentable software is both a creepy ‘big brother’ privacy invading tactic (no thanks Adobe) and a crappy business model that, as I have already said, needs to die a horrific and fiery death. I understand why it exists (companies want residual income and to collect all sorts of creepy privacy metrics), but it’s not a model that I will ever endorse or use. Therefore, I do not accept this business model and thusly CS6 will be my LAST purchase from Adobe until this company comes to its senses.
If you agree with me on this, please leave a comment below. Adobe, if you’re reading, you need to wake up and realize that there are some of us out here who want to actually buy software, not rent it. We want to be able to use purchased software without having to check home to mothership ever (except for updates when I request it to check).
It always amazes me just how stupid some company executives can be. So long Adobe, it was nice knowing you. Don’t let the door hit you on the way out.
Rant Time: Google Wallet Verification
So, I know how much everyone love my rants. Well, here’s another one. This falls under personal security and internet security common sense. Today, let’s explore the safety of Google Wallet and it’s so-called verification system.
What is Google Wallet?
Basically, it’s another type of payment system like Paypal or Amazon checkout. Effectively, it’s a way to pay for things or send money on the Internet using Google. That’s about as simple as it gets. Who uses it? I certainly don’t nor will I ever if Google doesn’t change its ways.
Verification of Identity
Like most other payment systems, they want to know who you are. Or, at least, that the person who is wanting to use the payment system owns the card or bank accounts added into their system. However, each one of these payment systems usually does verification in similar ways. For example, Paypal verifies you by requiring you to add a checking account (i.e., routing and account info) and then adding a small amount of money to your checking account. Later, you enter those two tiny amounts of money into their verification panel and you’re all set. That’s pretty much it for Paypal. This is similar to other financial institutions like E-Trade.
Google’s Verification = Stupid
And I thought Paypal’s verification was stupid. Leave it to Google to diverge and make it even more difficult. In the verification form, Google requires you to enter your social security number, your birth date, your home address, your phone number and various other information that could easily lead to identity theft. Then they require that you submit it. Information, I might incidentally add, that is not required for you to use an established credit card or bank account for payment. After all, banks are already required to identify you before opening an account. This is the whole reason why Paypal’s verification system is enough. Paypal merely hangs onto the coattails of the bank that has already previously verified your identity when you opened the account. I digress.
When their entry form doesn’t work, they require you to attach a PDF document of a government issued identification card. Not only is that stupidly manual, who the hell know what Google is going to do with that PDF file once you send it to them? Why would you want to do this anyway? Seriously, you’re not opening a bank account with Google. You’re not getting anything out of it by sending this to Google. And, you’re opening yourself up to huge personal risk by leaving PDF documents of your identification cards floating around on the Internet for hackers to find. Seriously, what is Google thinking here?
For me, that’s a big red flag and a BIG FAT NO to Google. I have no intention of providing any physical paperwork to a private corporation. If you can’t figure out proper method to identify the user electronically, that’s not my problem.
Legal Compliance?
I know that Google claims that this is all in the name of Federal compliance, but I’m quite sure the compliance laws don’t require you to verify a user using any specific implementation techniques. Clearly, Paypal is able to comply with these laws without requiring a PDF version of physical government issued identification. The reality is that Google also does not need a copy of this. That they claim that this is required to fulfill legal obligations is smoke and mirrors.
No, it’s quite clear, Google’s verification system is broken and completely unnecessary. They can certainly comply with all identity verification laws without resorting to asking for a copy of your identification be submitted to them in PDF or any other format.
Merchant Requirements
In fact, while credit card issuers like Visa and Mastercard don’t forbid asking for identification when using a credit card, the merchant must still accept the card for payment as long as it’s properly signed without seeing an ID. Because Google wallet requires actually seeing your identification before using some services with your credit card, this violates card issuer rules regarding the requirement for seeing identification before purchases. On the other hand, unlike a retailer who has the physical card in hand, Google cannot see your card and whether it’s signed. But, the spirit of this rule remains. Using a method of charging a small charge to the card and asking you to check the statement, then supply that dollar amount should be enough to verify that you own that card and that you have access to statements… just like Paypal and E-Trade.
Because a lot of statements have now become e-statements online, the small charge method doesn’t necessarily verify your physical address. Though, if they need to verify your physical address, they can simply send a postcard with a code. Then, have you enter that code into a verification panel once you receive it. In fact, this is really the only method that will verify your physical address is valid.
Google Wallet’s Usefulness?
With all of that said, Google has failed to make any traction towards becoming a defacto wallet. In fact, there are so few merchants that actually use Google Wallet, it’s probably safer not to verify with Google. Being as unused as it is around the Internet and seeing as Paypal is the primary method of paying for things today, it’s too much of a personal risk to submit PDFs of your passport or drivers license to a random corporation. You have no idea where that PDF might end up. Though, it will likely end up on Google drive because Google likely requires its employees to eat Google’s own dogfood (i.e., uses its own services).
And since the risk of using Google drive is as yet unknown with all of the Facebook-like features that Google has added (and continues to add), it wouldn’t surprise me to find Google internal documents accidentally shared through a Google employee’s personal account via Google+. This would obviously be bad for Google, but it wouldn’t surprise me. That’s why you don’t upload PDF files to corporations like Google. In fact, I wouldn’t share PDF files of that type on any network drive unless it’s encrypted and passworded. Better, don’t put it there in the first place.
Companies requiring copy of a personal ID
Personally, I won’t do this type of ‘give me a copy’ verification for any company unless I’m opening a bank account, credit card or need to provide it for some specific financial transaction. Even then, I will only transact that business in person and allow the person long enough time to see the documents to get what they need from it. And no, they are not allowed to photocopy it unless there’s some specific requirement.
I especially won’t do this with companies as big as Google or Microsoft when no transaction is involved. As companies grow larger and larger, employees get more and more careless in document handling. Asking for photocopies of identification cards, social security cards, credit card faces or any other issued card is not cool and I have no intention of ever providing that to a company for any identification purposes unless I’m actually performing a transaction. I won’t do it for ‘just in case’ services that I may never use. Doing so stupidly leaves a financial time bomb out there ready to be exploited.
The most they need is the number off of the face. If a company cannot make do with what’s printed on the face of the card (by being typed in), they get nothing. Just like giving your check routing information to a company such as Paypal is like writing a blank check, giving copies of physical documents to corporations is tantamount to identity theft. I simply don’t trust corporations with access to copies of my physical documents.
Though, were Google to set up a storefront and I could walk in and hand my card to someone to visually inspect and then maybe have them swipe it (although, I’d prefer not), I’d be somewhat okay with that. But, knowing a PDF file is floating around on the internet somewhere with a copy of my physical card, that’s not in any way cool. I will never do that for any corporation sight unseen no matter who they are. Since there’s no way to transact business with Google in person, there’s no way I’ll ever verify my identity for Google Wallet.
Yahoo: When recycling is not a good idea
After Marissa Mayer’s team recently decimated Flickr with its new gaudy and garish interface and completely alienated professional photographers in the process, her team is now aiming its sights on a new, but unnecessary, problem: recycling of long expired user IDs. Yahoo had been collecting user IDs for years. That is, people sign up and use the account for a while, then let the account lapse without use for longer than 30 days. Yahoo marks the ID as ‘abandoned’ (or similar) and then locks it out forever, until now. Some employee at Yahoo offered up the incredibly bad idea to recycle IDs. Unfortunately, this decision to recycle IDs may actually become the demise of Yahoo. Let’s explore.
Recyclables
I’m guessing that Yahoo has decided to make it look like it’s doing something good by recycling something, anything. That is, Yahoo is now letting people Wishlist long-closed user IDs that had been previously locked. Hurry, though, you only have until Aug 7, 2013 to wishlist that long forgotten ID. The trouble is, these old abandoned IDs are clearly second-hand goods. Let’s understand what exactly that means and why you really don’t want one (unless, of course, it was previously yours).
1) Obviously… Spam
Clearly, you aren’t asking for this old ID so you can jump onto that horrendous new Flickr interface or because you intend to read Yahoo News or OMG. The most obvious reason to want that ‘primo’ ID is for the email address. Unfortunately, you have no idea how that account was formerly used or what baggage might be associated with it! So, unfortunately, you will have no idea what exactly you’re getting into by re-using someone’s old ID. The person might have signed up for it just to divert tons of spam into it. Yes, this happens. That means, you could open the account and find it filled with spam in only 5-10 minutes, literally. Who’s to say someone wasn’t using it for illegal purposes and it was shut down for that purpose?
Yeah yeah.. Yahoo claims they will ‘unsubscribe’ the old ID from newsletters and so forth and these will have been ‘idle’ for at least 12 months (the first batch), but they’ve outlined no way in which they plan to accomplish this unsubscribe piece. Are they really going to hire a bunch of people to sit around clicking unsubscribe links and filling out unsubscribe forms? I think not. It’s all song and dance with no substance. Not to mention unsubscribing legitimate email subscriptions only accounts for about half (or less) of the total email volume that ends up in an inbox. So, don’t expect any miracles from Yahoo. If they can stop email, the best they can stop is about 40-50% at most. All of the rest will still show up merely by you having signed into your ‘new’ account.
A new email header?
Oh yeah, Yahoo is also trying to rush through the IETF RFC process a new header called require-recipient-valid-since that takes a date as an argument. This header basically requires marketers to know the exact acquisition date of every email address in their lists. Assuming email marketers know this date, which is a huge and incorrect assumption for Yahoo to make, when the email marketers send email containing this date, the email will supposedly end up in the correct account (or not) depending on the date. Because of this date header, that could lead real email to go missing or spam to show up. Unfortunately, as I said, this is an incorrect assumption. Most email marketers barely know the source of their leads, let alone when they acquired it. No, this date thing simply won’t work. And even then, this header will only work with email marketers willing to follow the rules. Spammers that don’t care won’t bother.
Worse, Yahoo is planning on handing out these newly freed old accounts in mid-August. Like every email marketing firm will simply drop whatever business plans they currently have to retool their applications to support this rushed and nearly useless header. Is Yahoo really that asleep at the switch?
2) Fraud, Account and/or Identity Theft
If you happened to have owned one of these long abandoned accounts or you otherwise lost your Yahoo account long ago, you’ll want to be very careful here. You can be guaranteed that there are already people scouting for popular long dead accounts to resurrect and phish for accounts, theft and identities. These thieves know that banks and other legacy institutions keep email addresses on file until you explicitly change them. Even then, they can have issues even updating this information in their systems even when you do request the change. So, someone who obtains a long dead account and then browses to Wells Fargo or Bank of America’s web site to request a password reset, they could abscond with your account credentials and your money assuming you still have (or ever had) any old Yahoo accounts hooked up to any financial accounts.
Yahoo claims to have ‘security’ mechanisms planned, but good luck with relying on that. I can’t even see that working. Granted, if banks fill in ‘require-recipient-valid-since’ with the appropriate acquisition date in every email they send, the banks can help prevent this issue (assuming the header works as expected). But, that also assumes the bank has an email address acquisition date to fill in this header. That also assumes that the bank can even roll out this header change in the time allotted before Yahoo starts doling these old IDs out. The clock is ticking and Yahoo hasn’t even gotten the RFC completed.
Fraud and identity theft is a very likely outcome of recycling old Yahoo accounts. If you’re reading this article and you have ever used a now-long-closed Yahoo ID for email, I urge you to go through all of your important accounts and make sure you have deleted all references to your old Yahoo email address immediately! Otherwise, some random person could come to own your old ID and can then cycle through sites requesting password resets just to find what sites your old ID may have used. This is the number one security threat that Yahoo can’t easily get around or easily address. Note, that a hacker who obtains an old ID only needs to get access to one of your accounts that will email your real plaintext password back to them and then they’ll work their way up to your bigger accounts. This is one of the biggest reasons this is an incredibly bad idea from Yahoo.
I’d also suggest that for any accounts you do have (i.e., Facebook, Gmail, etc), make sure to add alternative email addresses other than your Yahoo address for password resets and other security related emails. If you can, remove all your Yahoo addresses outright even if they are live. Use Gmail or Windows Live Mail instead (at least until they decide to go down this stupid ID recycling road).
3) Yahoo Mistakes
Ooops.. we didn’t actually intend to give away your live account. Sorry, ’bout that.
And then you’re stuck without an account. Yahoo is not publishing what accounts are under consideration specifically. They only say that these ‘dead accounts’ have been idle longer than 12 months in the first batch. Thereafter, any account that has been not accessed for 30 days is up for reissue consideration. There is nothing to say that Yahoo won’t make a mistake and re-issue a live and active account to some random person wbo signed up on the Wishlist. I can easily see this becoming one of the biggest blunders that Yahoo makes in this process. Unless the Yahoo staff is incredibly careful with this process, it would be super easy to accidentally give some random schmo access to an active live Yahoo account by mistake. For this reason alone, I’d consider closing out all of my Yahoo accounts except for one thing. They would recycle my account string name in 12 months (0r 30 days) and I’d be right back here in this situation again worrying about what of my other accounts were tied to this email address.
Basically, I can’t close my Yahoo account because it’s too great of a security risk. If I leave it open, I risk Yahoo accidentally giving it away in this stupid ‘wishlist’ process. It’s really a no-win situation. After Flickr, I have less and less trust in Yahoo and this is now leaving every Yahoo user in the lurch. This basically means you can NEVER EVER close your active Yahoo account if you want to keep your other accounts secure.
4) Missing Email
Even if you do manage to get your hands on one of these ‘prized’ IDs, Yahoo claims to be putting technical measures into place to prevent security issues. That could very well mean that for recycled accounts your mail delivery will be spotty, if it even works. Meaning, Yahoo may so heavily scrutinize emails heading to these recycled IDs that legitimate mail may simply never show up that’s been marked as ‘a security risk’. So, for emails like password resets to accounts, you may find that these emails simply never show up at all. Basically, anything that Yahoo’s email system construes as a security risk could simply just go missing. This is the most likely outcome of this recycling. Note that this problem could end up extending to every Yahoo account which could make Yahoo Mail a very problematic place for any email purposes.
Excess Baggage?
If after reading the above, you are still considering an ‘old used account’, I really can’t understand why. Taking on someone else’s old email and Yahoo baggage isn’t something I’d want to deal with (are they going to be sure to clear off all old comments and Yahoo answers for this old ID?). So, someone pops up from years past not knowing that Yahoo ID has been reissued and then you get some old boyfriend email, or someone who hated the previous owner of that ID. Then what? So, then you’ll be left with a mess to clean up. Why would you want to deal with this excess baggage when you can get a new account that’s never been issued and not have to deal with this problem at all? However, knowing that any account you create at Yahoo would be recycled later, how could you rely on it for any kind of security? You can’t. So, I might suggest Gmail or Windows Live Mail (or any other free email service not recycling IDs) instead of Yahoo.
Alternatives?
Unfortunately, I don’t see any other alternatives with Yahoo at this point. This is an incredibly stupid decision from Yahoo. I have no idea what the folks at Yahoo are even thinking. It’s not like a telephone number. You give that up and no one thinks twice that someone could use that old phone number nefariously. Unfortunately, nearly every site now uses email addresses to know if you ‘own’ your accounts. So, password resets, pin codes, and all manner of secure information traverses through email addresses.
One thing that Yahoo may inadvertently cause from this change is for Banks and other financial institutions to rethink how they validate a user’s identity. Clearly with this change, email addresses can no longer be trusted as secure or even know that it’s owned by only one person. This throws security surrounding email addresses into complete turmoil for any site that uses email addresses as validation.
Based on the previous paragraph, sites may start preventing use of @yahoo.com email addresses for their services. Knowing that you could lose your Yahoo account and then have it turned over to someone else 30 days later could easily lead to site compromises. To simply avoid this situation entirely, sites that rely on security may simply stop letting @yahoo.com email addresses sign up for service. So, one of the biggest benefits of using Yahoo Mail will end. I’d expect a mass exodus to Gmail or Windows Live Mail after the dust settles here. In fact, this decision may kill Yahoo Mail as any kind of a real email service. Does Marissa have any idea what the hell she’s doing? If I were on the Yahoo board, I’d be seriously considering right about now of ousting this one.
If I were in a position at Yahoo to make this decision, I would have killed this idea before I’d ever left the conference room. That Yahoo is even contemplating making this move at this time is completely questionable. Let’s just hope that when someone’s account is compromised and/or has identity theft as a direct result of this bad Yahoo decision, that someone will sue the pants off of Yahoo. That will at least teach other ISPs that this is not, in any way, an acceptable practice.
Risky Business
This decision has disaster written all over it. This is also a huge liability risk for Yahoo. Yes, Yahoo may have written in their Terms and Conditions that they have the right to reissue account names. But, since they hadn’t been doing this from the beginning and they’re now choosing to do this without proper preparations, this is a huge legal risk. It only takes a handful of users who’s accounts get compromised or who’s identities get stolen as a result of Yahoo’s new policy that this will end in courtroom dates. I can’t even fathom what benefit Yahoo derives from reissuing old IDs, but I can definitely see huge legal liabilities and black clouds looming over this now floundering company. In fact, the liabilities so outweigh the potential benefits to Yahoo, I have to completely question the purpose of this decision. Let’s hope Yahoo is all lawyered up as I can see the court dates piling up from this very very bad decision.
Looking for that unique gift?
I know that it can be difficult to find unique gift items for picky spouses, friends, boyfriends, girlfriends or relatives, but here’s a tip. A little known site called Kickstarter.com offers opportunities to fund creative projects from around the globe. These projects include film, art, novels, video games and more. About right now you’re probably asking how this relates to a giving unique gift item. Well, I’ll tell you…
Pledging to back a project
When you pledge to back a project, each project offers unique incentives to back at certain dollar amount levels. Once you back a project at a specific level, the project creator offers deliverables at specific pledge dollar amounts. For example, at $20, a film project might offer you a DVD copy of the film when available. A novelist might offer you a signed copy of the novel at the end of the project.
Bigger pledges offer bigger rewards
As the dollar amounts get higher, so too do the incentives. Again as an example, if you pledge to give $2500, you might get to meet the director, cast and crew of a film. They might even include airfare too and from the meeting location. Alternatively, they might fly to your home and do work around your house in addition to giving you a copy of the film. Each project’s incentives are unique and different. Some offer limited edition features (one of a kind props or art used in the project).
Gift opportunities
Look at it this way. If you would like to find something truly unique that only a few people can actually get, you can back a project at Kickstarter.com. The higher you pledge, the more unique and rare the return. So, if you back a project at $5000, for example, you’ll get a lot for your money. Not only will you get a copy of the project (book or DVD), you may get to meet the director, give input into the film, get credits on IMDB and on the film itself, airfare to fly to a location to meet the cast, you might get a walk-on roll in the film, you might get a speaking roll in the film, you might get a one of a kind collectible from the project or any number of other things that the project coordinator can devise.
You will need to look at the pledge levels to see what projects meet your idea of a unique gift. But, where else can you help fund the arts, help someone start or further their career and, at the same time, get a unique gift opportunity out of it? Heck, being in a short film that premieres at Sundance might be worth $5000 to some and it’s definitely unique and one-of-a-kind. These opportunities are so one-of-a-kind that there really is nothing else like it out there.
Hollywood vs Kickstarter
Sure, you could go pay $20 and see a Hollywood blockbuster at your local theater, but you could pledge that same $20 at Kickstarter and get a DVD, a book, a piece of art, a music CD or any number of other one-of-a-kind items at the conclusion of the project. Your pledge also helps the artist to produce their unique vision. Hollywood is all about cookie cutter. Kickstarter is all about unique individual ground-up projects and helping people out while getting something cool in return.
Definitely a unique gift idea for that hard-to-please person. Of course, that person must also like the entertainment arts to appreciate what Kickstarter has to offer. But, who doesn’t like entertainment? And, who wouldn’t like the opportunity to participate in such a project? Cool eh?
Random Thoughts - Randocity! 
2 comments