Cookies and tracking

Cookies under attack

So, Max Schrems is going to have a go now at cookie banners, so many of which are either confusing or downright illegal.

No specifically picking on them but Forbes is a case in point. It throws up the usual huge cookie page and when you go to choose (rather than just click click click accept everything), after scrolling down a very long way one finds a ‘reject all’ button. But it still sets 15 cookies that the Brave browser blocks and a further 11 that get through.

Ironically I was looking for info about WhatsApp’s latest about turn on its new forcing of users to accept its new privacy T&Cs. This led me to the Forbes story on the issue…

I have cookies disabled on one of the browsers I use and it’s always amusing to see sites screaming that they will not work without cookies… and yet they all seem to work just fine (obviously, shopping carts and such excepted), although you do meet the occasional website that just cycles endlessly trying and failing to set a cookie and showing a blank page. Well done guys. Nice.


iCloud photos blues

Having a MacBook and iPhone I use iCloud to store photos and synchronise them between the two devices. In general this all works well but sometimes it can be very infuriating, in particular it sometimes gets fed up and decides not to synchronise photos. In such times one really misses a large button marked ‘force synchronisation’ or similar but unprintable phrases.

Looking around the web throws up such comments like the photos app will not pull new photos down from iCloud until it has finished uploading. Ok I can see the logic there and presumably there is some form of contention checking, for example if a photo was edited on both devices simultaneously.

But when it fails to update it is really frustrating!

I had this recently where I had taken a lot of photos of documents on the iPhone and later adjusted these on the Mac to put them the right way up. After that, no sync. Nothing. Several days later and no amount of fiddling or swearing made any difference. So I wondered if it was simply never finishing uploading the changes. Tethering the Mac to the phone so it uses 4G made no difference.

What appears to solve it was I selected all the changed photos on the Mac and reverted them to the originals, all of which were taken on the phone. My assumption here was that the originals are on the phone and had synchronised to iCloud and later arrived on the Mac but the changes made had clogged the thing up.

Low and behold about 10 minutes later and all new iPhone photos have arrived on the Mac and everything is in sync again. While this is not really a solution it does mean I need to be careful bulk-modifying photos. Rather annoying really but hey.

Privacy Website whinging

The problem of stats

No, not statistics in itself. The problem I am writing about is website statistics, and it started a long time ago.

Back in the day we simply used web server logs to analyse website traffic. One could see an incoming IP address and see where the associated browser went in the website. This worked well back then as websites were simple affairs and essentially all one big lump. Of course, this was an era when web servers were run almost in the spare time of those few IT (and indeed non-IT) that had any interest in the web. Back then I was not in the central IT team but I was afforded some latitude for experimenting with new things, especially when redundant hardware could be used. It was 1992 and the IMG tag was still in the realm of fantasy.

Later, there were two open source packages that became very popular, one called Analog and the other Linklint. The former produced statistics about website visitors and the latter could be used to check for errors, missing pages for example. Analog could, when provided with valid data estimate which countries visitors were coming from, very useful when your organisation markets itself globally.

Of course, the marketeers desired more. I was once asked to find out where everyone who only looked at our home page went next. Ok, where they visited another of our own web servers this was do-able, but the question was expanded to ask which of our competitors they visited next. This was new thinking, by which I mean thinking that one could not associate with any other media. For example, if the publisher of one newspaper wanted to know which other newspaper a person took after only glancing at their own it would need some form of physical surveillance, or perhaps a questionnaire. Neither would be particularly reliable, the questionnaire in particular.

Enter, stage left, Google Analytics. I had attended a launch event – well of a sort anyway – where a new product was described which would enable one to search all across the web. The name? Google. We had rudimentary search products by this time but nothing like what was being described. Bells were ringing, but rather quietly. I think we could see back then that all of a sudden content has value, just not to us. But, Google search aside we later got wind of Google Analytics ad the bells got louder amongst those of us who could already see future issues.

Google Analytics arrived with two quite major advantages. First, IT people no longer had to do anything, and second, the marketeers would have access to easy to understand graphs. But those of us who had this nagging voice about global surveillance and the fact that a corporate entity would effectively have access to data indicating where everyone browsed were ignored. Fast forward to the later times of the GDPR and the coming soon and already years late PECR replacement, cookie laws and all that and I resist shouting we told you so but we did and it was back in 1994.

Of course, there was still an issue. Ok, we have this useful global search facility now but how do we include local content which is not accessible from outside? Google again to the rescue. I had a pair of Google Search Appliances (GSA) installed, one in each of our main data centres and fronted by a NetScaler appliance. This provided resilience to the loss of a single GSA. Being on our LAN the GSAs were able to spider content that was restricted to local access and which therefore could not be spidered by Big Google. It also provided a useful facility whereby we could rank, to some extent, content and could apply keyword and key phrase matching to direct searches to specific content which would then appear top in the list of results. This little Google was far more friendly, not being bloated by the desire of the mothership to know all things of all people. Perhaps no surprise then that Google eventually retired the GSA product in favour of a cloud based provision. You guessed it, they wanted to know who was accessing all your secret stuff too.

Are we really where we are because marketing people wanted to know everything about everyone and companies, not just Google cashed in on it? Yes, I think so, and you can see just how far by those invasive adverts that themselves continually leverage new technologies to further invade. Remember pop-ups? And then pop-up blockers? And of course the whole cookie debate where a really quite useful facility enabling shopping carts among other things was hijacked in order to track us across webspace. Yeah, those. Remember the good old doubleclick cookie, adware, ad blockers, layers upon layers of this stuff. It is almost all because of marketing.

Advertising is here to stay and I have absolutely no issue with it. Although I generally ignore it I will admit to having seen something advertised that I was unaware of and which actually filled a need. But there is a constant battle between the marketeers and the techies which will continue because all of this, the Internet, the web, email is designed to help us and  be easy to use and to access. And that’s where it all went wrong but it could not really exist any other way.


15″ MacBook stiff screen

My 15″ MacBook dating to early 2013 (or so it claims) had been getting very difficult to open recently. This culminated in the screen popping up about a quarter of an inch when closed, the magnet just not strong enough to hold on. So, time to get the diddy screwdrivers out. I had looked on the Web for tips and found some discussion of removing the screen to clean the hinges, not something I was looking forward to but I decided to have a look anyway.

On removing the base I was presented with this!

That’s a lot of fluff! Ok, I’ve had it from new, so it’s 8 years of fluff (has it really been 8 years?).

Anyway, after de-fluffing all I did was very carefully, and with a teeny bit of WD40 sprayed onto a cotton bud cleaned the parts of the hinge that I could see. And that did the trick. No need to dismantle or otherwise adjust anything fortunately. YMMV of course, but it worked out for me.

But… 8 years! And it will not take the latest OS… sad.

Cookies and tracking Web content Website whinging


Trust in websites is under attack as has been for some time now.  These days it is really very hard to know what website to trust and which to avoid, which produce valid, trustable news stores and which are fake, even which product reviews are valid and which are misleadingly good and may even have been paid for. Fake websites include those that wish, among other things to deprive you of your hard earned cash, or persuade you that voting ‘x’ is what you must do.

A recent win for Microsoft in a private trademark case highlights part of the issue and I have witnessed similar first hand. It transpired that scammers had passed themselves off as Microsoft or Microsoft partners and used various trademarks owned by Microsoft. This was all related to those well known ‘your computer has a virus’ type phonecalls and pop-up adverts. I have worked on cases regarding academic integrity and websites passing off as our own and so this case is interesting to me. However, it serves to highlight just how easy it is to get someone to trust you by throwing up a website which looks identical to a company that you do trust, or at least you know of.

To make matters worse of there are now so many domain variants available that it is very difficult to fully protect one’s brand. Again, I was very active here in the past and I could, for example buy and activate domains similar to those used by people who created websites to pass off as our own. It was not helped one bit when Nominet decided to sell single-letter domains such as ‘’ where typo-squatting was then made easy, for example mistyping as Some years ago the Ascension Islands opened up their ‘.ac’ domain, again causing confusion where people would register hoping to trap typo’s from Just how far one goes buying any domains that come close to your own is a very difficult question and can result in large spends.

Encryption, aimed at promoting trust and security does not really help. While it is laudable that one can obtain digital certificates for free, when coupled with domain squatting this can result in trust being placed where it really should not. 

This is not limited to websites. Whoever thought it a good idea to allow people using IP telephony to put their actual phone number into the system on trust was just daft. You can no longer assume that a call comes from the number shown in the caller-ID, and if someone by chance or design fakes their number to be one already in your contacts lists, well, you can see that going badly for the recipient.

So, where are we? Well, anyone can throw up a website, for free or very little cost. Anyone can grab the design of a valid website and repurpose it as their own scammer base. Anyone can buy just about any domain regardless of how close it is to a real company URL, set up email addresses and either wait for hits or advertise the fake website somehow. And this is without doing anything actually half clever like using malware. And it does not stop there. I worked on a case where a website had a valid-looking address in the City of London. Calls to the building management (on office block with lots of various companies) found no such name on record. In the event I was close to retirement and let this one slide, but I can just imagine some mailroom employee diverting any received post to the scammer. My longest running case took seven years but I finally had a foreign-based fake website closed down after radically disrupting their ‘business’.

To answer my ‘where are we?’ question in part all I can say is it has become very hard to trust any information on the web, and that’s a crying shame. The scammers are like a virus – they are killing their host. How we can stop people becoming a victim I do not know. For myself, I begin by trusting nothing and I use my decades of experience to parse what I see and determine whether or not it is valid. Mobile phone calls from numbers not in my contacts are ignored. URLs in SMS message or emails are NEVER clicked. If I can be bothered to I will investigate – obfuscated URLs, those where someone is attempting to be clever by mixing letters to look like something real, or adding to real-looking domains can be easier to read if pasted into a text-editor. Anything that comes from the bank will also appear in their app and so can be checked.

And don’t get me started on cookies!

Website whinging

The joys of recaptcha return

I’ve managed to avoid websites that use Google’s daft recaptcha thing until recently. But now PayPal wants it even though I log in and enter the SMS’d 2FA code. Despite clearing all cookies and probably-illegally stored crud it simply will not work on my Mac.

The daft thing is PayPal works fine on my iPhone – well, ok that’s the app version not the website. But I keep cookies disabled on the phone and run a cookie cruncher on the Mac. Even with that turned off recaptcha simply does not work on the Mac and it seems I’m the only one with an issue. Google hates me… but then, I rarely need to interact with it, given I use DuckDuckGo for searches and I have transferred almost all email that used to come to my Gmail account to a more reliable host.


MacBook Pro battery replacement

Recently the battery in one of our old MacBook Pro laptops gave up the ghost, big time. First, it would run for a few minutes but not long after it was totally dead, with the Mac loosing power completely if the charger was removed. We replaced this Mac as it was a vital component in our IT armoury but I wanted to fix it and, hopefully sell it as working. It’s a 2015 13″ model.

So, off to the excellent iFixit site, specifically in our case this. The guys that put these pages together are a huge help to those of us daring to venture into repairing our own kit. Anyway, I have a decent range of tools for abusing small electronic devices such as phones and laptops, so why not?

The case comes apart quite easily:

Getting the battery unstuck – my goodness they glue them in well – is hard but not so much so that it cannot be done with care. A note here, this is solely from my own experience, do not rely on this!

It took maybe 20 minutes and 4 old credit cards to very carefully unstick the entire battery. I had a new OEM battery from the Replace Base that arrived within a day, came in a neat package and included the necessary screwdrivers but I already have plenty. The price of the battery was somewhere between the cheapest eBay price for a non-OEM part and the price from Apple. Everything went back together with no screws left over (!) and the Mac works nicely, holding 100% charge and with a battery recharge indicator of 1. oh yes and I managed to throw Big Sur onto the Mac too.

I have to say though, I went through this because I have some time, being retired, and I wanted to not be beaten by something that should be simple, i.e. changing a battery. Having been through the exercise, and bearing creases on my palms for a couple of days from the force needed to unstick the battery, paying Apple to do this is actually fairly good value for money!

Data protection Privacy

Proof of existence

In the march to get rid of paper records and have everything online it is becoming increasingly difficult to prove one’s details when signing up to, or dealing with a process still based on old school mechanisms such as requiring bank statements and proof of address. This, plus the fact that in becoming ever more online the World is requiring people to own and know how to use a mobile phone while having little, if any regard to the affordability of such an item. Cursory throw-away lines such as pointing people without online access at home to their public library is becoming increasingly moot with library closures and, not least with Covid19.

Examples of the complexities one may face are rife but here are two real-world examples, carefully crafted so as to not give any names away.

Person A works for organisation B and is changing roles within B. B needs two proofs of ID and two of address from A for the new role. However, A only has one proof of address, a bank statement. B states that a second bank account will do. A can open a bank account with another bank (C) online. C only needs a single proof of ID and a single proof of address, and A’s existing bank statement will suffice for the latter. Therefore, C has a lesser requirement for proof of ID and address than B and will provide a second proof of address to A to send to B. While one may argue that C has too low a burden of proof or that B has one too high one cannot get round the fact that B already has all the information It needs as it is A’s employer.

Another example. A needs government department B to change some details about property C. B will not accept the evidence available to A but government department D does hold valid details about C. B tells A to purchase these from D. Why? Both B and D are government departments. In this case A simply dropped the issue given they had informed B of an error in the records held by B regardless of whether or not B would do anything about it.

In both the above cases the organisation in question (B in each case) has access, directly or otherwise to the information that they require from A. In the first example via existing employment records, and in the second by simply requesting it from another department.

Now, in each case, if A had an official government-scheme ID card, as was proposed and shot to bits several years ago in the UK, B would not require any further information because all such information would be tied into the ID card provided to A. A hypothesis therefore exists that the establishment, governmental, quasi-governmental and commercial, are collectively making processes so hard for all the ‘A’s in the country that a future proposal for all citizens to be issued with ID cards will succeed by the mere fact that people are so fed up with having to find more exotic ways of proving their existence that they will not vote against it.

That cannot be right.


Why is this so hard

I had to edit and then print an official form downloaded from a Government website today. All it needed was some names and addresses putting in at the prescribed lines. Easy… hmmm.

First off, the form is an MS Word document. Ok, I have Pages on the Mac. Ah, but the format is wrong and lines appear in places they should not. Oddly, the first half is fine, but the second where it needs a date entering ends up with a line through the date.

Ok. Borrow a laptop that has Word. Download the form again and it was filled in properly. I had to struggle to get a USB stick to be recognised even though it has been in there before – two goes and it found it. This is because I did not want to store the edited document on the laptop at all, well, other than whatever temporary files Windows wants to create.

So, to print.

The laptop will not find the printer

The copy of Word will not print to PDF


Finally I managed to export to PDF, stuff it on the USB, put the USB in the Mac, open it (and check the format is still ok! The ‘p’ in PDF is not always what it makes out to be) and print it.

Two laptops, one USB stick, about 10 edited lines in a document.




So we’re out of the EU as of 23:00 on 31st December, 2020. Two things come to mind.

The first order of business for me seems to be to go over PayPal’s 58 page User Agreement which is valid from today (1/1/21). 58 pages. It begins by indicating it is an agreement between me and them, they being PayPal (Europe). No surprises there then. It goes on to mention the Temporary Permissions Regime which I had never heard of. This says it “allows EEA-based firms that were passporting into the UK at the end of the transition period (31 December 2020) to continue operating in the UK within the scope of their previous passport permission for a limited period after the end of the transition period.” (1)

So, I have a 58 page document to read (and I always read T&Cs and such as should everyone) but I am a tad wary of this ‘temporary’ agreement which perhaps means there will be further updates from PayPal in due course. For all those who were celebrating our ‘escape’ it is, of course just the beginning.

Nothing wrong here of course and I use PayPal all the time. It is obvious they, and all manner of other companies need to produce new terms for this new age and this blog is not a political platform (I do all my political whining elsewhere!)

On to the second thing. I received an email this morning telling me that my .eu domain, which I abandoned a long time ago when Brexit got going, has been suspended. I am just letting it expire so no worries here. But it does rather tickle me that the people have a correspondence email for their domain which has a .ie address. So, they have moved their correspondence address to Eire, which is, of course still in the EU, in order to keep their .eu domain.