Random Thoughts – Randocity!

Virus Outbreak: nCoV-2019

Posted in Health, tips by commorancy on January 25, 2020

virus-1280In recent days, it has been reported that a new coronavirus has emerged from Wuhan city in the Hubei province in China. It is dubbed nCoV-2019. Let’s explore.

Outbreak

The “novel Corona Virus” (nCoV-2019) outbreak began sometime in early December in Wuhan with the WHO being notified on December 31st of a possible new coronavirus strain. It seems the incubation period of this virus is somewhere around 7 and 14 days, after which symptoms begin to manifest. It was first assumed that nCoV-2019 was spread through a seafood market and food items. However, it seems that many in China are now getting the virus without having visited or eaten the suspected foods. The CDC is currently investigating exactly the means of transmission, but it is suspected that this virus has now moved into a person-to-person contact phase. Assuming person-to-person contact, then it is worth following standard winter Cold and Flu virus transmission precautions.

The nCoV-2019 virus is not an influenza or “the flu” type virus. This is an entirely different type of virus, but it does have similar symptoms to a cold virus, including respiratory distress. You can read this CBS news article to understand how it has been determined (so far) that this virus spreads. However, the means of spread should now be considered like most other viruses, including cold and flu, such as through body fluid contact. It may even be able to live on surfaces for a time like other viruses. That means if you touch a surface that has a latent virus on it and you touch your eyes, nose or mouth, you could become infected. It may also be transmitted through airborne contact by a sneeze or a cough.

Cold and Flu Prevention

In 2009, I wrote an article regarding flu prevention during winter months. I updated this article in 2018 to discuss getting the flu vaccine (which that vaccine won’t apply to nCoV-2019). However, this prevention information is now more prescient than ever when a new virus outbreak occurs. While we must all venture out into the public for various reasons, such as grocery shopping and for work. You can help prevent and limit your exposure by taking certain preventative measures as described in my earlier article. Let’s take my previous article’s advice and expand on it a bit further.

Limit Your Exposure

For nCoV-2019, it’s more important than ever to limit your exposure to others and particularly avoid face-to-face meeting with those people who tend to travel to and from China. If you work at a business where travel to and from China is important to your employer’s bottom line, you should warn your employer and the HR team to enforce mandatory quarantine on all staff returning from China. Insist that these folks must work from home for at least 16 days before returning to work. There’s no reason to risk your entire office staff’s exposure to a possible serious contagion by those returning from China. If a person begins showing any symptoms during that 16 day home quarantine, they should immediately seek medical attention.

Face Masks

surgical-maskWhile I know that these surgical face masks seem popular, they can’t fully prevent exposure to viruses. They may help limit the possibility, but they absolutely will not prevent exposure. Why? Because they still allow air around the edge of the mask. Further, you can still touch a surface with your hand or glove and then wipe your eyes. If you have open sores or cuts, you can easily expose yourself to a virus simply by touching a surface. When you can smell odors with a mask on, then the mask allows very small particulate matter through the mask to your nose and mouth (either at the sides or through the mesh). This can allow a virus in. Standard surgical face masks may help some, but they are no where near perfect.

A face mask only eliminates some airborne particulates, but does nothing to stop body fluid contact on surfaces or air flow around the edge of the mask. Shaking hands with someone might also be enough to transmit and expose you to a virus like nCoV-2019… particularly if you rub your eyes. Even a sneeze in your direction could cause you to inhale it through the sides of a mask.

If you must shake hands with someone, use hand sanitizer immediately after. Better, don’t shake hands. If you can get to a restroom to wash your hands in hot water after shaking hands, you can likely wash off any viruses with soap and hot water. Cold water will work, but hot water works better.

Airborne Viruses

While many state that the nCoV-2019 virus isn’t airborne, that’s kind of a misnomer and somewhat deceptive. Once a person begins showing signs and symptoms of a virus infection, such as coughing and sneezing, it’s possible to spread the contagion. These symptoms ensure that the ill become carriers for the virus. It’s all part of the virus’s plan to spread itself. It uses the body’s reflex mechanisms to launch the virus into the air through coughing and sneezing.

If you hear someone coughing or sneezing near you, you should move as far away as possible. If you’re on a multi-car public transportation system (like a train), you should move to another car. If you’re on a bus, you might want to consider pressing the stop bar, stepping off and waiting for the next bus.

If you’re on a plane, you’re kind of stuck. Planes offer closed recirculated air environments, which can actually lead airborne viruses around the entire plane through the ventilation system. On a plane, if someone is infected with a cold or flu or even nCoV-2019, you’re likely going to get it if they are coughing or sneezing even if they aren’t seated near you.

Office Buildings

Unfortunately, like planes, many office buildings also use closed recirculated air systems. This is done to retain the heat or cold air within, requiring less energy to heat or cool that air again. This also means that it takes only one person to sneeze or cough near an intake vent and a virus can be carried and spread over the entire building, landing on surfaces and making the virus airborne.

Yeah, kinda gross isn’t it? If the building uses HEPA filters on its HVAC system, this may or may not reduce the spread of such particulate matter. Unfortunately, HEPA filters are expensive to set up and maintain on so many intake vents in a large building. Even then, HEPA filters may not reduce airborne viruses. Many building landlords don’t and won’t spend for such filtration systems, mostly because of their limited effectiveness.

In other words, don’t rely on a HEPA filter to protect you from viruses.

Wearing Masks Part II

If you want to completely remove particulate matter and drastically reduce infection possibilities, then you’ll need a mask that not only seals tightly about the face, it must contain strong particulate filters. Such a respirator mask looks like so:

respirator-mask

There are many respirator masks similar to this one. It doesn’t have to be this exact respirator mask model. But, it must fit tightly to the face. If you’re a man with a beard, plan to shave your beard so that no beard portion sits under the edge of the mask. The mask must make tight contact directly with skin, not hair, to fit properly and allow for proper air flow through the mask without leaking air around the edge.

When wearing one of these masks, you should notice three things:

  1. No odors should be discernible
  2. The mask should allow for easy air flow through the mask and not get hot
  3. No air should flow around the edge of the mask

You should not have to struggle to breathe when wearing a mask like this. Air should flow easily, but seemingly all particulate matter should be eliminated. If you can smell nothing in the air, even when around solvents, spray paints or food smells, then the mask is working properly and is fitted correctly. If you begin to smell odors or the mask seems to perform differently than it did, it’s time to replace the filters or check the mask’s fit.

The above type of respirator mask is typically used when spray painting, sandblasting, when using chemicals with noxious fumes or when handling other noxious substances.

I used a respirator mask similar to this when I airbrushed T-Shirts at an amusement park. The particulate overspray coming from the aerosolized paint was palpable until I donned a similar respirator mask. Once I donned a properly fitted respirator mask, I could no longer smell the paint fumes or any other odors (not even the hamburger and fries scent coming from just across the way). Wearing the respirator mask made painting so much more enjoyable and allowed me to focus on the job. I didn’t have to worry about breathing in unnecessary and potentially harmful fumes.

If you’re looking for much better airborne virus protection, a respirator mask is a better option to the mostly ill-fitting surgical masks, which those masks offer only limited protection. Of course, a respirator won’t stop surface to surface contact of a virus, but it can drastically reduce airborne infection. In fact, it might be worth wearing one of these styles of masks when flying on a plane… only taking the mask off to eat or drink. Even then, I’d suggest eating and drinking before the flight and not taking it off until you’re off of the flight. If it’s a 13 hour flight, that might be a little difficult, however.

Just be sure that whatever filtered respirator mask that you choose to buy is well supported by its manufacturer. No-name manufacturers tend to discontinue their masks and filters quickly, leaving you with no way to buy replacement filters. You’ll be forced to buy a brand new mask with an all new filter system. If you choose to buy a respirator mask, be sure to buy enough filters with your purchase to last for as long as you think you’ll need. When you run out of filters, you may be forced to buy a new mask simply because the manufacturer has discontinued that product. Don’t think that because you decide to buy a 3M respirator mask that they will continue to support their products indefinitely. A large brand name is equally likely to discontinue a product as a no-name brand. This is the reason to stock up with as many filters as you can afford while they are available. Don’t let brand names lull you into a sense of security with the availability of product. Even just 1 year can see product changes.

Additionally, these masks rely on rubber and other parts that must come into contact with skin surfaces and whatever chemicals you may work around. It’s possible that skin oils and chemical exposure can degrade the mask’s components over time. Expect to buy a new mask whenever you notice signs of wear and tear or if the mask begins performing poorly even with new filters. Don’t forget that you bought the mask to protect you. If the mask has lost its ability to do this, you’ll want to buy a new one.

nCoV-2019

This new virus underscores the need to always be vigilant in our every day lives, particularly during winter months. During the height of winter is our most susceptible time to viruses because they can live on surfaces much, much longer than during summer months when it’s hot. This is the reason why colds, flu and viruses flare during the winter months. Cold temperatures are a great preservative to viruses.

Unfortunately, the nCoV-2019 virus isn’t something that has any protection yet. Taking a flu shot won’t protect you from nCoV-2019. It’s a virus that is a new strain and it’s also not a form of influenza.

When you’re out and about, be cautious of placing your hands anywhere on your face. If you must, visit a restroom first, wash your hands with warm soapy water, then touch your face. If you’ve been out shopping, you’ll want to wash your hands as soon as you leave the store. In fact, you might want to wash your hands in the store’s restroom once you have your bags loaded into your car. If you want, you can use hand sanitizer, but it’s not always as effective as washing your hands.

Shopping for Delivery

With apps like Instacart, Safeway and Postmates, it’s easy to avoid leaving home for certain types of shopping. With services like these, it’s easy to place an order for 1-3 hour delivery later that day. You’ll pay a little more for the delivery, but it avoids leaving the house. You can even use GrubHub and Yelp delivery services for home delivery of meals. This also avoids visiting a restaurant, potentially infecting yourself at the restaurant.

Dine-In Restaurants with Buffet Bars

As was described in my 2009 article, I’ll reiterate this point here. During fall and winter months, October through March, it’s wise to avoid buying foods from buffet bars (whether at a restaurant or a grocery store). In fact, it’s worth avoiding these types of bars year round. These buffet bars are completely unsanitary. The serving utensils are rarely changed throughout the day. This means that perhaps hundreds, if not thousands, of people could have touched that very spoon you are holding. Yuck!

While the serving trays get regularly changed for fresh foods, the utensils remain. Simply by touching one of these utensils, you may infect yourself with a cold or the flu, let alone nCoV-2019.

I can’t even recall the last time I visited a restaurant that had a salad bar or hot food buffet. Not only are these restaurants far too expensive these days, the food is typically grade C or worse. I’m looking for much better quality food. To get that, I visit restaurants with dine-at-the-table only options. Because sit-down restaurants make your order fresh in the kitchen, you’re unlikely to catch a virus by eating at this type of restaurant. However, serve-yourself restaurants may seem like great ideas, they are far from it.

Restaurants and grocery stores with food bars should be required for each person to grab their own clean serving utensil from a holder then place that utensil into a dirty bin when they are done. For restaurants, it’s better to have a waitperson from the restaurant dish out the food to your plate and not allow the unsanitary practice of people serving themselves from dirty communal serving utensils. This practice is so unsanitary.

Worse, while these bars typically have sneeze and cough glass coverings over the food, children’s faces sit under these protection mechanisms. Children can cough and sneeze all over the food… and it is these children who are typical carriers of cold and flu due to their school age nature. Avoid buffet bars!

Diligence

Always be vigilant with your health in winter months, regardless of outbreaks like nCoV-2019. Yes, this virus strain seems particularly virulent, but you should assume (unless told otherwise) that it is communicable in the same way as a standard Cold and Flu virus. This means following all of the same precautions as documented above (with the exception of the respirator mask). The respirator mask is a bit odd looking, yes, but if you’re heavily concerned that you could come into contact with this virus or if you are particularly susceptible to sinus or bronchial infections, wearing a respirator mask (instead of a surgical mask) can reduce your chances of contracting a virus through airborne means.

With a mask, this means that you’ll need to be diligent to keep your hands away from your eyes and keep all open sores fully covered when out and about. You must always be vigilant and maintain strict health protocols to avoid getting the flu or a cold, let alone a virus like nCoV-2019.

In the US, it seems the nCoV-2019 cases are presently limited to but a few. The difficulty with this situation is that it can change quickly. It only takes a few people who are not known to be infected to head home to the US to begin a large scale infection within the US. The CDC is monitoring the situation, but unfortunately, they can’t stop the spread of an infection like nCoV-2019 themselves.

Traveling is the easiest way for viruses to spread around the world. It only takes a few infected people to visit a few public places and the situation can easily get out of control. You, however, can limit your own exposure by taking the steps described to help keep you healthy and well.

↩︎

Marketing, Facebook & Data Privacy

Posted in botch, business, california by commorancy on April 14, 2018

FacebookLockHow is marketing related to Facebook and data privacy? These all fall under the same umbrella. Should you be concerned? Yes, you should be. Let’s explore.

Email Marketing

Let’s start with email marketing first, the precursor to social marketing. I’ve worked in the email marketing industry for the last 17 years at an operational level. I’ve worked on general email systems for over 25+ years. So, I fully understand at all levels how email and email marketing works and what is required to make it continue to work in today’s world.

Email marketing became a “thing” in the mid-late 1990s in earnest. Before that, people dabbled in email marketing to the chagrin of many early internet users. It was around this time that the term ‘spam’ was coined to denote unwanted / unsolicited email.

Over the years, email marketing has evolved into a big business with firms now utilizing marketing automation systems. These systems help you marketers manage their email marketing campaign efforts.

In the beginning, as a marketer, you had a list of emails and you sent content to those addresses. The content was the same to each user. There was no thought to personalization, tailored content or privacy of any of this data. Emails were sent using cron jobs via command line tools using Sendmail. This was initially the most basic form of email marketing. This would have been in 90s.

Evolution of Email Marketing

By the 2005, email marketing had evolved from its simplistic roots into more sophisticated systems using dedicated email marketing software from companies like Port 25 and OmniTI. These email server solutions facilitated the trend of building sophisticated marketing automation UI systems on top of these robust, fast, scalable and customizable email delivery systems.

By 2018, these underlying email softwares now include the ability to send push notifications to apps and also offer sophisticated clustering systems to allow for highly scalable, highly available infrastructure offering incredibly fast delivery times.

On top of these infrastructures sit today’s marketing automation solutions. These systems offer such features as list management, drip marketing, recipient nurturing, automagic feedback reporting and detailed reporting of how each campaign is doing.

List Management

Back in the early days, list management was a chore. You had to deal with adding and removing new entries yourself manually. In reality, few marketers ever practiced real list hygiene. Most would add new entries, but never remove people who didn’t want to see that content. It was just too much of a hassle culling through thousands of email addresses. This is why email marketing got such a bad rap. Marketer didn’t take the time to remove users from their lists.

As of today, it is now legally required to remove recipients timely from lists in most countries. If you don’t remove addresses timely, your company (and possibly even you personally) may be held liable for failure to remove an address.

If you use a legitimate email marketing company today (one that upholds legal compliance), they will automatically handle opt-out requests for every email you send. No need to worry about if you’re compliant as email marketing firms automatically add links to handle all of this for you, as long as you use their database.

Recipient Likes and Preferences

Email marketing has a huge drawback (well, two actually). The first and biggest drawback, the inability to understand the user’s likes and wants. There’s just no real way to get that level of detail out of a particular recipient simply because email interactions are so few and far between. You can’t get what you need out of email marketing to effectively target each individual user in a way that makes sense for their likes, product preferences, location and personal information…. at least, not without using more advanced features like drip marketing and advanced real-time feedback. Email marketing is typically just too hands-off for this type of experience. Enter the second problem…

Evolution of Social Marketing

The second drawback is that while email marketing today is still a very valuable form of communication, it is becoming old and dated technologically. Email clients haven’t been updated in a very long time, technologically and interactively speaking. Basically, the features that were commonplace in email by the late 90s are still the standards that we’re rocking today. In other words, email clients don’t support updated technologies like video and audio content right in the email. You have to click to a web page to see this type of interactive content. The best an email can do is an animated GIF, and that’s of little consolation when you’re wanting to offer much, much more interactive content.

In comes social media. Sites like Twitter and Facebook and Snapchat and, to some degree, even YouTube offer better ways to find like-minded folks and advertise to them. Marketers also have a lot of the same tools at their disposal, like list upload to find their existing users on Facebook. Unlike email which is pretty much a one-way system, social media offers two way interaction. People share their family information, their favorite products, their favorite restaurants, their friend information and so on. All of this sharing means more ways for marketers to mine that information about a specific individual. This information is, in fact, a gold mine for advertisers. It means that instead of the mostly one-way interactions and guessing with email, advertisers can now utilize the two way interactions of social media and find out what a user likes very quickly.

Amazon follows this trend with its own systems by targeting users with product ads that third parties purchase. It’s a way to target users with products and services the user is most likely to be interested in.

Of course, these are not perfect systems. There’s still a certain amount of guessing involved. Social marketing are only offering seemingly relevant best guess suggestions based on other people’s social and purchasing habits. However, social guesses at least based on actual data of purchase history and other shared information, rather than a near completely blind guess that email marketing uses.

Facebook and Privacy

In order for these suggestion systems to work, they must have enough information about your buying habits, what you already own, how many people are in your family, their ages, if you have pets, what car you drive and so on. The more companies know about your personal habits, the more they can target products that make sense to you. It’s a catch-22 though. The more they know, the more dangerous it is for you. Sharing your personal information means someone could learn about you and your habits and then steal your identity.

Enter Facebook. Facebook collects all of this data and more about you. They then mine this data on behalf of their advertisers. Advertisers submit their product(s) to Facebook for advertisement on its platform. The system then finds folks, based on their shared content and interests and displays an ad for a product you might be interested in. If you talked about cancer in a wall post, an ad might pop up for oncology services.

This heavily personalized advertisement system is a far cry from the old cold guess email marketing. However, social marketing was born from the idea of email. Email has now been trying to catch up and compete with this more interactive and interest-based advertising system. Unfortunately, email is firmly entrenched in the past. It’s great for individual communication. For predictive communication, email sorely lacks. Worse, it’s not likely to ever catch up in this area. Though, it’s still a good medium when combined with social marketing. Meaning, if you can mine people’s interests out of social platforms, you can then target them with products and services via email.

Data Privacy

Here’s where Facebook has failed time and time again. When someone uses a social platform to share information, it is expected that that information will remain private and only be shared with those folks whom have been allowed to see it. Or, more specifically, shared with people licensed to see it based on the agreed terms and conditions.

However, Facebook only offers a very basic permissions system. Extensive permissions systems have been available on operating systems for years. Yet, Facebook’s platform didn’t start out that way and still isn’t anywhere close. Facebook started with no privacy at all. Your data was published for everyone to see. As time progressed and people complained, Facebook added more and more user controllable permissions.

For each step that Facebook took, it consisted of tiny baby steps. They’d add incremental protection of that data, just enough to satisfy a single complaint. But, they’d leave plenty of other data exposed. As they would take more baby steps, they would implement one more control, then another, then another and on and on to where we are today. Instead of designing a system that offered robust privacy from the beginning, Facebook opted to build it piece by piece as they went along… sometimes backtracking in certain areas,

While Facebook’s user privacy controls were fairly robust by 2014 (user to user), Facebook still didn’t have much in the way of privacy when using its application programming interface (API). Developers could sign up and extract data via this API with far fewer boundaries. It wouldn’t be until later when Facebook, yet again, took another baby step that they would limit what developers could extract. By then, it was too late for Facebook to do anything about Cambridge Analytica, a company whose data brokerage business model is all about selling collected data.

Abuse

Email marketing has long recognized abuse to be a big factor in the industry. Handling abuse is what distinguishes good actors from bad. Sites such as Spamhaus exist to watchdog and prevent such email abuse and enforce industry best practices. While email marketers have had to grow much more knowledgeable about email marketing best practices, Facebook is entirely new territory for marketers with no such outside policing as Spamhaus. Even new email tools such as DMARC, DKIM and SPF have grown to help protect and legitimize the email marketing industry. Nothing like these exist for social marketing.

While Spamhaus helps to protect and prevent unwanted spam from random third parties, there is no such watchdog to protect your data from unwanted prying eyes within companies like Facebook or Twitter. With email abuse, there are also organizations like MAAWG to also help manage that email abuse. Again, there’s nothing offered on Facebook, except whatever Facebook decides is necessary. You’re at the mercy of Facebook to give you those tools, and currently their solutions are limited and swayed entirely to Facebook’s best monetary interests.

On the one hand, most people are very protective of giving out their email address to random people. Yet, on the other these same folks are completely willing to log into Facebook, Instagram, Snapchat, Whatsapp and Twitter and give up their every day lives, their pet’s name, their employer, their spouse’s name, their location and sometimes even their phone number, email address or other personally identifying information (PII). Worse, Facebook now requires the use of what appears to be a valid First and Last name, though you can put any data you want into those fields and there’s no way for Facebook to verify this. Other social platforms don’t require this. This Facebook requirement ensures the lack of privacy and that users can be targeted by outside third parties. It also ensures that data can be e-pended by outside parties.

Abuse of email has real tangible penalties behind it. Abuse of social networks only has a single company behind it, like Twitter or Facebook. There are no industry standard watchdog groups out there helping guide marketing organizations towards best practices. In fact, such a watchdog group couldn’t really exist because, unlike email, there are no sanctions that could work to stop bad actors short of asking their ISPs to stop routing traffic for those companies. Such a move would likely be met with a huge legal backlash from the company. After all, the ISP did sign contracts to supply service to Facebook. If they cut off peering to them, Facebook would have them for legal lunch. Nope, there’s no sanction against a company like Facebook that could work. Not even a lawsuit could be all that effective.

Instead, these unstoppable organizations are in it to make money off of your data. For this reason, this is why companies like Cambridge Analytica can come to exist on Facebook and steal 87 million (or more) users’ data. This is why there’s nothing Congress can do to Facebook. No laws means nothing to enforce. The only thing Congress (or each state) can do is enact laws to protect each person’s data and force Facebook to become legally compliant with those laws. Of course, Facebook might face other laws they could have run afoul, but because the US has no real data privacy laws, there’s nothing here to enforce… even with companies like Cambridge Analytica.

Protecting Your Privacy

Only you can protect your privacy and your data. You can’t leave it to companies to do this for you… particularly if you live in the United States. If you want to share everything you do with the world, then you can’t easily protect your privacy. Note that even if you never put a single piece of personally identifying information online, you still may have shared enough other minimally identifying information that when put together, someone can eventually identify you.

For example, if you visit Starbucks every day to take a photo of your coffee cup each morning, someone could find that particular Starbucks and stalk your movement there. They could hear you give the cashier your name or other personal information. They might listen for your name to be called. They might bump into you intentionally to make you drop your stuff. They might watch you get into your car and take down your plate number. They might even follow you home. This is why sharing your everything you do online can be dangerous.

Even if you never give your real first name, last name, address, phone number or other information, you (or your friends) may have shared enough photos, locations and friend information to eventually identify you. This information isn’t considered personally identifying information alone, but when pieced together, it is. With enough data pieced together, someone might find out who you are, where you live, your address and possibly even your phone number… maybe even other data such as SS#, CC# or anything else were they to obtain some of your mail.

This is, of course, all made worse by companies like Facebook that don’t take data privacy seriously and only produce half-baked “security theater” mechanisms designed to look like they protect you, but that in reality they don’t. You’re continually putting your data into the hands of folks like Mark Zuckerberg who has, time and time again, shown that his platform cannot be trusted to store personal data.

Security Theater

While email marketing now has a robust set of industry checks and balances, technological measures, industry watchdogs, laws and best practices… social marketing offers very limited controls. The reason for this 1) it’s so young, 2) it doesn’t interact with third parties like email and 3) Systems like Facebook won’t offer such controls. Email must interact with many unrelated parties along the way to get your email to an inbox. Social marketing has a captive audience inside a single platform operated by a single company, whether inside of Twitter’s network or Facebook’s network or whomever.

This means that while email marketers must comply with laws, technical standards, best practices and other data collection and use controls, sites like Facebook face far fewer data handling laws. This means that your data is effectively open to the highest bidder. Yes, Facebook claims to have taken strides to help protect and safeguard your personal data, but you don’t know if that’s true or not. No one audits Facebook to make sure these claims are, in fact, true.

With email marketing, it’s crystal clear when a customer uses an inappropriately collected list. With Facebook, there is no way to know whether your data has been appropriately or inappropriately used because Facebook gets to make the rules. Rules that can change one day to the next.

I’ve worked for enough high tech companies to know that most companies create lot of security and data privacy theater in place of actual mechanisms. Meaning, they state in their policies that they do something, but the technological measures to back up those policies don’t always exist. This facade, otherwise known as “theater”, is what let’s companies get away with policy breaches unaware. It’s usually driven by a case of “Easier said than done”. Implementing technical measures to enforce a policy isn’t always easy, particularly if said data is terabytes in size. Instead, companies perform it on a case-by-case basis. It also might take them weeks to complete the task. The policy is may be written into the legal terms and conditions. However, when a customer actually wants to know if that policy is enforced, the company will then manually enforces that policy on that person’s data, assuming they even give you an honest response to your question.

You’d be surprised to find that this situation happens a lot more often than you might be aware. Even many legal teams are unaware of this situation in their own companies. They think that what’s in the policy is always carried out every time. In fact, that’s not true much of the time. This is simply because legal teams rarely carry out internal audits to ensure that written, published policies are being followed internally. Even then, some legal teams are both aware and complicit in allowing the technical teams to not follow the policies to the letter.

I would also be remiss by not mentioning that some legal teams write data policies without informing the necessary internal teams of the policy changes or additions. Without buy-in and support from the appropriate technical teams, the written word can’t always be translated into functional technical procedures. This means that the legal team is out of step with what is technically feasible. Legal teams should always propose and write policy in conjunction with the teams that must support those policies. As a lawyer on an in-house legal team, you can’t just write policy because it sounds good and then assume it can be implemented easily. That doesn’t always work. Hence, security theater.

Data Deletion and Right to be Forgotten Laws

Here’s the outcome of security and data privacy theater. If you request a company to delete your data, you won’t know if your data has been irrevocably deleted. Many companies hang onto long term backups for exceedingly long periods of time. This means that while your personal data may no longer exist on a live hard drive and may not longer be visible via a web interface, it could still exist on a long term data backup solution the company uses. It might even exist via an API system. Note that some data backup solutions exist on live disks, such as using the Cassandra or Elastic database system or even such reporting systems like Splunk or Elastic’s ELK. Some of these internal systems may never or rarely get purged. Even basic text log files, which may contain some or all of your personal data, may be retained for years due to Sarbanes Oxley and other data retention requirements.

Early in the life of email marketing, you might not expect to be unsubscribed. Today, laws require email marketers to remove your email address from their list within 10 days. The word remove is subjective. The actual term is unsubscribe. Even after unsubscribing, the company can continue to hold onto your email address in their database so long as they never email you. In fact, an opt-out request is simply to unsubscribe you from their mailings. It doesn’t ensure your email address will be deleted from their list. This is how your email address can accidentally be mailed again in the future despite a previous opt-out request.

Data deletion has no laws in effect in the US. US companies are not obligated to delete your data even if you so request it. They can leave it on systems within their organization. This, unfortunately, leaves your information vulnerable to data breaches by unauthorized persons. This is why you can request a company to delete your data and later find out your data was involved in a data breach years later. Or, you may find identity theft from a data breach where you had asked a company to delete your data. There are no laws that require companies to delete data when requested… at least, not in the United States. In the UK and EU, the right to be forgotten laws have been written and will apply to UK and EU citizens under the GDPR. Whether those laws continue to exist after Brexit in the UK, I’m unsure. Canada appears to be working towards (or has enacted) a similar data purge law for its citizens.

However, no such ‘right to erasure / right to be forgotten’ law has been enacted in the US. Companies in the US are still free to store and keep your personal data for as long as they see fit. Yes, even after your deletion request. This means that your data is still at risk of a data breach, even after you’ve requested Facebook, Snapchat, Whatsapp, Instagram, YouTube, Google or Twitter to delete your data. US companies are just not obligated to irretrievably delete your data. Even in the EU, the laws may not fully protect you from irrevocable deletion of your data. Meaning, it may be enough for a company to actively delete visibility of your data on their web site, but that doesn’t ensure irrevocable erasure from all media in that company’s possession. Worse, as long as that data never surfaces in the future, that company can hold onto it… even if they are considered ‘breaking laws’. The only way to make sure irrevocable deletion occurs is by adding incredibly stiff penalties when the laws are willfully broken.

Social Networks and Marketing

Facebook, Twitter, Instagram, Whatsapp and more bank on their ability to collect your data, store it and use it freely. As long as you digitally agree to their terms and conditions regarding their data collection and use, then you have little recourse against them when a situation like Cambridge Analytica occurs.

In email marketing, selling of lists has been taboo for years and has always been considered an email marketing dubious practice. In fact, list purchasing is considered one of the worst email marketing practices. In Social Marketing, no such rules have been laid down. Facebook has been hitting these walls one-by-one since at least 2008. Each time, they put up yet another road block to stop that particular practice (aka, baby steps). Facebook doesn’t want to stop these practices, they’re just forced to by public outcry, the media and the government each and every time.

They knee-jerk by enacting new policies each time, but only because of duress. Policies, I might add that email marketers have been adhering to for years. Policies that now have laws like the CAN-SPAM Act and individual state laws. Yet, here we are again, reliving this same abuse pattern over again in another form.

Marketing Today

Marketers have always wanted to do the least work possible and gain the most money from their efforts. That’s the whole reason email marketing exists. That’s the reason advertising exists. They want to create the most effective campaign and Facebook allows them to do this with their personalized marketing.

Cambridge Analytica took that one step further. They mined Facebook’s data and stored it in their own offsite database. A database that Facebook claims they thought had been deleted. They then combined that data with other data to create an even more comprehensive profile of each person. Yes, even more comprehensive than Facebook alone. If they had first and last name along with at least one piece of identifying information, they could have gone to LexisNexis and gotten even more identifying information. Who knows, they might have?

Marketers today are looking for the easiest way to target ads to the people they need. Hence, the reason Cambridge Analytica can even exist as an organization. There are many, many data brokerage services available to buy list and user data. Data that can be populated into databases and targeted with ads. Most of these outside brokerage services sell with the intent of using email marketing, but there may be more today that are using Facebook to present their ads. Cambridge Analytica is but one in many data brokerage services that exist on the Internet. You can bet many others also exist and may have taken advantage of Facebook’s situation, just the same as Cambridge Analytica.

That Facebook claimed to believed that a data brokerage service, whose sole business is in selling data, would ever delete data they had legitimately collected from Facebook is entirely naïve and disingenuous. Facebook had to have known the business Cambridge Analytica was in at the time they were extracting data from the platform. One only needs to visit Cambridge Analytica’s web site for a few minutes to understand their line of work. Even then, if you weren’t certain, you could certainly pick up the phone, call them and ask what it is they do. Companies are always eager to talk about their line of business, particularly if they think they’re about to make a sale.

Ad targeting is not going away and is only likely to grow as artificial intelligence systems grow. The data privacy issue will continue to be ever more important as time goes on. To protect yourself, you must ask yourself, what should I share and what should I not? For example, publishing a single cute puppy or kitty photo or video is probably fine. However, many cameras today also add EXIF data to store location data and possibly other information about where and when photo or video was created. Data that might be used to link you to that photo. However, taking a photo every day of your cup of coffee might reveal things about the location that you visit (names, people, location identifiers, etc). These are things when you need to be cautious before posting. Even if the photo appears innocuous, you might want to think twice because someone else might see something that you don’t see.

Social platforms, while fun, are big business for their owners. Don’t be fooled into thinking it’s all fun and games. Those games and fun have a price to pay. That price is what they get to do with your user data. As has been said, if the service is free, you are the product… or more specifically, your data.

Cinavia: Annoying? Yes. What is it?

Posted in botch, business, california by commorancy on February 23, 2014

If you’re into playing back movies on your PS3, you might have run into an annoying problem where your movie plays for about 20 minutes, then the audio suddenly drops out entirely with a warning message on the screen. This is Cinavia. Let’s explore.

What is Cinavia and how does it work?

Cinavia is an audio watermarking technology created by the company Verance where an audio subcode is embedded within digital audio soundtracks at humanly imperceptible levels, but at a level where a DSP or other included hardware chip can read and decode its presence. Don’t be fooled by the ad with smiling children on the Verance site, this has nothing to do with helping make audio better for the consumer. No, it is solely created for industry media protection.

This Cinavia watermark audio subcode seems to be embedded at a phase and frequency that can be easily isolated and extracted from an audio soundtrack, then processed and determined if it’s valid for the movie title being played back. Likely, it’s also an analog audio-based digital carrier subcode (like a modem tone) that contains data about the title being played.

How is Cinavia used in the film industry?

There are two types of known uses of Cinavia watermarking. The first use is to protect theatrical releases from being pirated. Because the audio watermarking is audible, but imperceptible, it will be picked up by microphones (strictly because of the Hz range where the subcode is embedded). Keep in mind that just because the subcode cannot be heard by human ears, it doesn’t mean it can’t be heard and decoded by a specialty hardware chip. So, if a theatrical release is CAMed (i.e. recorded from the screen), the Cinavia watermarking will also be recorded in the audio. After all, what is a movie without audio?

The second use is to protect Blu-ray copies of films from being pirated. For the same reason as theatrical releases, Blu-ray films are also embedded with a subcode. But, that subcode is different from theatrical films. For this reason, films destined for theatrical releases will never play in a consumer Blu-ray player ever (including players such as the PS3, PS4 or Xbox One). Commercial Blu-ray disks play because the audio track uses AACS with a key likely embedded within the subcode watermark. If the AACS key matches the value from the watermark, the check passes and the audio continues to play.

I have also read there is a third use emerging… to protect DVD releases. But, I have yet to confirm any DVDs currently using this technology. If you have run into any such releases, please leave a comment.

How would I be affected by this?

All consumer Blu-ray players manufactured after 2012-2013 are required to support Cinavia. If the Cinavia subcode is present, the player will blank the audio track if the AACS key is mismatched. This means hardware Blu-ray players from pretty much any manufacturer will be affected by Cinavia protection if the title supports it. CAM copies of theatrical releases will never play because the audio subcode is entirely different for theatrical films and the Blu-ray player will recognize that theatrical subcode and stop audio playback.

Not all movie titles use Cinavia to protect their content. Not all players support the Cinavia protections from all media types. For example, some Blu-ray players can play media from a variety of sources beside BD disks (e.g., USB drives, Network servers, etc). These alternative sources are not always under Cinavia protection even if the specific movie has an embedded subcode.

Since Sony is the biggest proponent and user of this technology, all Sony players, including the PS3 and PS4 along with their standalone Blu-ray players will not play back Cinavia protected material if it doesn’t continue to pass the subcode tests. For example, if you rip a Blu-ray disk protected by Cinavia and then burn it to a BD-rom disk, the movie will stop playing audio at around the 20 minute mark and display a warning. If you attempt to stop and start the movie, it will play audio again for a few seconds and then stop playing with a warning.

How can you remove Cinavia protection?

In short, it’s not as easy as that may sound. Once the Cinavia protection is detected on the media, the hardware activates and continues to look for the information it needs to make sure the content is ‘legitimate’.

With that said, there are ways of getting around this on certain devices. As I explained, some players don’t check for Cinavia for certain types of media (i.e., USB or Network streaming). Sony, however, does check for all media types. The PS3, though, doesn’t seem to check for Cinavia if the playback is through the optical output port (i.e., when playing back through an optical receiver). That would make sense, though, as it would be left up to the receiver to blank the audio based on Cinavia. Since most receivers probably don’t support Cinavia, there should be no issue with playback.

Other technical methods include garbling the audio somewhat or using variable speed on the audio. Neither of these two methods are really acceptable to the ears when watching a movie. We all want our movies to both look and sound correct.

How can I avoid this problem?

You can easily avoid this issue by using a a player that doesn’t support Cinavia protection. For example, Windows Media Player, VLC, etc. Most PC media players do not support Cinavia. Though, if you get a PC from Sony, expect the media player on any Sony product to support Cinavia (yes, even Windows Media Player might as Sony may have loaded a system-wide Cinavia plugin). If you buy a PC from any manufacturer other than Sony, you likely won’t be affected by Cinavia.

This problem almost solely exists on Blu-ray standalone players. So, if you avoid playing movies on such consumer hardware players, you can usually avoid the Cinavia issue entirely. Though, there are some commercial PC media players that do support Cinavia.

A possible real solution?

Another method which I have not seen explored, I have decided to propose here. With a film protected by Cinavia, the Cinavia subcode should exist both within silence as well as noisy portions likely at the same volume. First, extract a length of silence (that contains Cinavia subcode). Now, garble, stretch, warp and generally distort this subcode so that it cannot be recognized by a Cinavia decoder. Then duplicate the garbled ‘silence’ subcode to fill the length of the entire film. Extract the film’s audio soundtrack, mix in the new garbled full length subcode throughout the entire film. Note that remixing 7.1 or 5.1 track is a bit tricky, but it can be done. I would suggest inserting it on the subwoofer track or the center track, though it may be present on all of the tracks by design. After the audio track is remixed and remuxed into a resulting MP4 (or other format), the new garbled subcode should hopefully interfere just enough with the existing already-embedded subcode to prevent the Cinavia protection from getting a lock on the film’s original subcode.

The outcome of the garbled subcode could cause one of two things to happen. 1) The Cinavia detection is rendered useless and the Cinavia hardware ignores the subcode entirely or 2) The Cinavia detection realizes such tampering and shuts down the audio track immediately. While erroring on the side of fail is really a bad move in an industry already fraught with bad press around failed past media protection schemes, I would more likely suspect scenario number 1. But, it’s probably worth a test. No, I have not yet had time to test my theory.

While this doesn’t exactly remove Cinavia, it should hopefully render it useless. But, it won’t recover the lost audio portions being used by the Cinavia subcode.

How would I go about doing this?

I wouldn’t attempt doing the above suggestion manually on films as it takes a fair amount of time demuxing audio, creating the garbled audio subcode, remixing the new track and remuxing it into the video. But an application capable of ripping could easily handle this task during the rip and conversion process if provided with a length of garbled subcode.

[Updated: 2018-01-06]

Apparently, DVDFab seems to have a way to rip and disable Cinavia protections according to their literature. They have released the DVDFab DVD and Blu-ray Cinavia Removal tool. If you’re still having difficulties with Cinavia while watching your movies, it might be worth checking out this tool. Note, I have not personally used this tool, so I can’t vouch for its effectiveness. I am also not being sponsored by DVDFab in this article. I’m only pointing out this tool because I recently found it and because it seems to have a high rating. On the other hand, I do see some complaints that it doesn’t always recognized and remove Cinavia on some movies. So, caveat emptor. Even though it’s not an inexpensive product, it is on sale at the time of this update for whatever that’s worth.

It seems that someone finally may have implemented my idea above. Good on them if they did… it only took around 4 years.

Tagged with: , ,
%d bloggers like this: