I was just sitting there …

As an IT manager, I’m constantly summoned to coworkers’ desks when things unexpectedly go wrong. Roughly 90% of the time, their saga begins with, “I was just sitting there and all of a sudden it did this …”

I usually sigh, give them a long look, and remind myself that they  believe this is true. They’ll stick to that story to the death and be terribly offended if I suggest that they, in fact, did cause the problem.

And yes, most of the time it is the user’s fault.

When they say, “I didn’t touch anything, I swear!” I always chuckle to myself. That’s a pretty weird thing to claim when you’ve just spent three hours at your desk, presumably working on this very computer. But I understand that what they’re really trying to say is, “I didn’t push a button labeled ‘Self Destruct.’ ”

What “I didn’t do anything” usually translates to is:

  • I clicked through an error message without reading it.
  • I was downloading a bunch of stuff, but since none of it was work-related, it doesn’t really exist.
  • I opened a spam e-mail attachment, but dropped my mouse as soon as I realized it, so it wasn’t really me doing it.
  • I currently have every application on my machine open at once. Is that bad?
  • I’ve plugged a few personal devices into the machine and hidden them under my desk, but I’m not going to mention that because I don’t want you to tell me to unplug them.
  • Sure, I clicked yes when that application prompted me to run updates this morning. But you’re IT so surely you already know about that.

We often joke in IT that we’re solving absurd mysteries all day. It’s like Hugh Laurie in House, always trying to perform a complicated diagnosis, even though the patient refuses to give all the facts. I wonder how many doctors have similar stories – a patient walks in with a broken wrist and says, “I don’t know. I was just sitting there, doing nothing, and all of a sudden it broke.”

Subliminal Advertising

The thing you should know about subliminal advertising is … absolutely nothing. Why waste brain cells on something that doesn’t exist? And, unlike other silly sciences like, say, alchemy, nobody ever seriously thought it did exist.

Why do we all talk about it, then? Advertising.

The whole concept was a Hail Mary move by a struggling advertising company. This guy, James Vicary, needed a gimmick to compete, so he convinced a movie theater owner that he could improve his concession sales. He rethreaded the film to cut in a few frames here and there with the words “Eat Popcorn” and “Drink Coca-Cola.” Then, after the movie aired for a weekend, he ran to all the other movie joints in the area to brag that he’d increased sales of both popcorn and Coke with this little maneuver.

So did it work? No, not really. That particular weekend did see a slight increase in sales, though it quickly leveled off again and was more likely due to a change in the room temperature of the theater. They certainly never conducted any research on the subject.

Vicary himself admitted in later interviews that the whole thing was a hoax. There is even speculation that the whole thing never happened at all, as no theater ever admitted to working with Vicary on this.

So why on earth do we still talk about it?

A) We are such a paranoid society, constantly worried that someone will make us do something we don’t want to by getting inside our heads. It’s why shrinks make us uncomfortable and stage hypnotists have such clout.

Kids, there is nothing subliminal about this.

B) Vicary wasn’t the last adman to need a hook. Though the FCC quickly banned subliminal advertising from television and movies (just in case it did work), it’s common practice in graphic design to insert or suggest things within graphics – to hide elements of one image within another. This is so prevalent in modern print advertising that a quick search will turn up thousands of websites “exposing” this, but they get the terminology wrong. Subtle or suggestive is not synonymous with subliminal advertising. Or, to put it even more simply:  if you can see it, it’s not subliminal.

C) And finally, it’s exactly the sort of thing that Psychology Departments love to experiment with.*

*Though I’ve always preferred the “electric shock to amplify ESP” experiments, myself.

Oodles of tests have been conducted over the last fifty years trying to link Subliminal Perception to actions. In other words, we know that if you flash images too quickly for the person to fully process what they’ve seen, they still may retain a vague sense of it. But it’s not strong enough to make a person do anything that they weren’t already planning to do. You just can’t manipulate people that easily.

But I’ll give Vicary credit — it would have been a billion dollar idea if it could have worked.

Secure Websites – who can you trust?

How do you know which websites to trust with your credit card information? My answer: almost none of them. That’s a strange thing to say when 99% of my purchases are done online, both at home and work. And yet, there are very few web services that you should trust with your info.

lockWhat most people have been taught is to look for the Padlock icon on your browser to tell whether a site is secured. I dispense that advice myself, but would you be shocked to hear that anybody can add that to their site for about $100  (or for free with a little coding)?

Let’s talk about what that Padlock really means.

It’s a “Site Security Seal” which simply means that the website is using public data encryption to help you upload your information securely. (*The process of this public encryption is something I love explaining, but we’ll get to that another day.*) This is a good thing — and by no means should you ever give your credit card info to a site that doesn’t have this seal — but it only protects the info for the quick passage from your computer to the website’s host.

Why does that matter? Because to get from your house to the webserver, every page request is relayed through dozens of ISPs. Any of these could potentially be storing your info if it’s unencrypted.

So if you’ve entered your info into a secure site, what’s the problem?

If you’ll allow me an analogy: Pretend you’ve got a burning secret that you want to tell your best friend and you’re paranoid about anyone else overhearing. You don’t trust cell phones, texting, anything like that, so you employ a spectacularly complicated method involving invisible ink, carrier pigeons, and a Flintstones decoder ring.

Ingenious.

But you forgot … your friend is a blabbermouth.

And that’s the problem in a nutshell with websites. Internet standard is to enforce this Padlock security protocol when sending/receiving critical information, but there is absolutely nothing enforcing these businesses to keep your info secure after they’ve received it.

You’d be shocked at how many businesses keep their customers’ credit card info in places that can be accessed from the outside, just waiting to be burgled. It’s insane.

Me, I’ve always followed the Amazon model. They built their business on getting people to trust credit card transactions, and in the early days they went to great lengths to explain to people how their practices worked. The server that held the credit card info was far removed from the servers that gathered the info initially. They even claimed that this financial server had no internet access, though today you’d just bullet-proof the firewall that contained it.

Before I scare you away from ever shopping online again, I’ll tell you who you can and should trust. The big players who employ large networks security teams: eBay/Paypal, Amazon, your banking institution, major department stores. (Yes, Target got hacked last Christmas, proving that nobody is foolproof, but your odds are much better with major companies like this.) It’s when you start shopping small business that you need to be on guard.

There are dozens, maybe hundreds, of 3rd party credit card processors and most new sites today will use them; GoDaddy is a major pusher for this type of eCommerce solution. There’s nothing wrong with it. It allows small businesses to create websites without having to know anything about security. It gives you, the user, another level of security because the eCommerce processor holds all the credit card info so securely that the business itself cannot log in to see all of your card info. It works great.

So how will you know when your website is using one of these? Um … yeah, that’s the trouble. Most of the time, you won’t. Once in a while you’ll get a message about being redirected to the eCommerce site to complete your transaction, but the more fashionable method is to make it all look and feel like one seamless site. Furthermore, you as the end user will probably never know which eCommerce site they are using and you can’t be expected to stop and read reviews of them before you buy those designer sweat socks that are going, going, gone.

So my rule whenever I’m ordering from a business smaller than a national chain is simple: don’t give your info to them directly. Look for the sites that allow you to use PayPal – that’s the easiest way to make sure your info is secure because PayPal mandates that all the sites that use their services redirect to the PayPal website for transferring information.You’ll get the message that you’re going to PayPal and you can verify in your browser’s address bar that you are actually on the PayPal website before you enter any passwords. That’s one site that doesn’t mess around when it comes to security protocols.