Friday, January 30, 2015

Does citibank have the worst website?

I've used a handful of banking/credit card websites, and I have to say of them all, Citibank's by far the worst of them all. They are the Comcast of banking websites.

I logged into my business credit card account to try and get the yearly total interest. I can not find this information anywhere on the website. So I am guessing it might be included on the statements. Unlike every other website which usually give you the last 24 months of statements instantly available, Citibank makes you request a statement which then may take as long as 48 hours to be available.

Are they running their website off of floppies and a commodore 64?

And to make it just a little more unpleasant, their request form, which consists of nothing more than 2 drop downs and a submit button, doesn't work in chrome. I mean, requesting pdf statements is I think pretty basic functionality. The fact that it doesn't work in one of the most popular browsers is not a good sign.

But don't worry. Citibank has a plan to keep you happy. You see, if you go to their contact form to let them know what you think of their lackluster website, you get to play a guessing game. You get to guess which character that you entered in the form is the special character they don't like in the form. And when you go back to the form, you get to fill out the whole form all over again because it all gets wiped out. Isn't that fun?

**spoiler alert** the special character (one of them anyhow) is the single quote. Apparently the single quote is not considered standard punctuation according to Citibank. I guess they frown on contractions. I mean they allow you a whole 20 lines of text so I guess there's no excuse for contractions.

A single quote can be used in a special type of website hacking attempt. However, if handled properly the single quote is not a problem. Telling people to re-write their message is not handling it properly. Hell, they could just remove the single quote on their end, which is still not the right way to do it and would still be a much better way to handle it then the way they are handling it now.

As far as I can tell, they've basically done zero usability testing to see if the website is user friendly. And it's functionally poorly implemented. It's pretty astonishing that a bank as large as Citibank can't manage to put up a better website.

Saturday, July 19, 2014

Is Verizon purposely slowing down Netflix traffic?

I have Verizon FiOS at home. I have the 50/25 package, which means I should get roughly 5 megs a second download and 2.5 megs a second upload. I don't normally have too much need for the upload, but I do download quite a bit and I have to say for the most part I pretty much get what I pay for. When I'm downloading from someplace that has the bandwidth to support my max speeds, I usually get my max speeds or even a little faster. Any time I run a test on it pretty much always maxes out at what I pay for.

I also just recently re-activated my netflix account. And while I haven't experienced any issues with pauses during playback or having to wait a while before the video plays, it does take a while before it'll play at HD resolution. And sometimes it just won't play at HD at all.

Now Level3, which is the internet provider Netflix uses to connect to the internet, claims that Verizon is responsible for the slow down. They claim that verizon's network has plenty of capacity, and what it all boils down to is verizon is deliberately not increasing the connection speed between verizon and level3.

You can read about it in a blog post from level3 here:

In order for Verizon to fix that situation, all they would have to do is spend a few thousand dollars and connect a handful of wires. And for a company of Verizon's size, spending a few thousand dollars is nothing. Even further, Level3, also a large company, offered to cover the expense themselves and even connect the wires. And Verizon still has done nothing.

I decided to test this by installing a VPN (Virtual Private Network) using vyprvpn. There are other vpn services out there. But I wasn't trying to review VPN services, just determine if Verizon really is doing something to degrade netflix service.

A VPN is exactly what it says it is - a Virtual Private Network - it's a private network between myself and vyprvpn's servers. All the data between myself and the vyprvpn servers is encrypted so even though my internet connection is with Verizon, Verizon really doesn't know what I am sending back and forth between the vyprvpn servers. So with the vpn turned on, all my internet traffic flows from my Verizon connection at home, to the vpn servers, and then from the vpn servers out to the rest of the internet. Verizon has no way of knowing if I am browsing my email, watching Netflix or playing a game. All they can tell is data is going into the vpn server.

Without the VPN on, my download speeds from Netflix were very unimpressive compared to how my download speeds normally are. I wasn't even getting 1 meg a second. In fact, some of the time during playback it was so slow that it didn't even say it was buffering for HD, it just said it wasn't playing in HD at all.

The instant I turned on the VPN, suddenly my connection was fast enough that it started to buffer for HD and within a few seconds it had buffered enough that it was playing in HD. In fact the speed that i was downloading from Netflix increased by a factor of 20 or more.

So, lets recap.

When I'm not using the VPN and my data flows from me --> verizon --> level 3 --> netflix my speeds were very slow. About 0.2 megs a second.

When I am using the VPN and my data flows from me --> verizon --> vpn --> level3 --> netflix, I can play in HD within a few seconds of starting the video and my speeds went from 0.2 megs a second to anywhere from 2.0 to 6.0 megs a second. So that's 10x to 30x faster. The traffic flow that I marked in red is the traffic that Verizon doesn't know about. The only way Verizon could slow down my Netflix traffic while on the VPN would be to slowdown ALL traffic into the VPN. And I'm sure if enough people start to use this VPN service to get around Verizon's throttle of Netflix, Verizon will eventually throttle the VPN service as well.

If Verizon were not slowing down Netflix traffic, then using a VPN should actually result in worse performance since I now have a longer route to connect to Netflix. The more direct your connection is, typically the better your speed will be.

What this all comes down to is greed. We pay our ISP to connect us to the internet so we can download whatever content we're trying to access. And Verizon and the other big greedy ISP's now want Netflix to pay to send us that data. So they are literally trying to charge you coming and going. It would be like us paying FedEx to send someone a package, and then FedEx demanding the person receiving the package also pay them.

Thursday, October 31, 2013

Don't fall for scam artist website designers

I registered a new domain the other day, and literally within 24 hours I was receiving emails from people offering to help me build a website.

That should probably be your first and last clue not to do business with them if they are spamming you within 24 hours of registering a domain name. But in case you are tempted, or maybe they contact you several weeks or months after you register a domain name, here's some tips on how to tell if they are legit or a scam, or just incompetent.

The first one that contacted me claimed to be from

The first thing you should do is pull up their website. If their website looks like crap, what are the chances they are going to make your website look better?  And in my opinion, that site looks VERY outdated. Another thing to note is that at the bottom of the site the copyright says 2002-2008. Which either means the last time they updated the site was in 2008, which is a long time to never update a website. Or it means they've forgotten to update the copyright notice, or don't know how to make it update automatically. Either way that's not a good sign.

However, to be fair, one point in favor of clinkingz is that they have been around for several years. Most scammers change their names as often as most people change their socks. So clickingz might not be a scam. They just might not be very competent.

For comparison, another email i received claimed to be from

Their site certainly looks nicer when you first view it - but after about 2 seconds you'll realize their entire site consists of just one big giant image with zero content. There's no contact info. There's no links to any of their work. Literally the only text on the website is their domain name. That's a HUGE HUGE red flag.

Another thing you can check to get some idea of how long they have been around is to go to and type in their domain name.

If you look up clinkingz it says they registered their domain name in 2007. That's a point in their favor. However, their registration information is private, which to me is a little bit questionable.

On the other hand, if you look up webdesigncup, it says they registered their domain name on Sept 27th 2013. Big red flag there. And their domain information is also private - another red flag.

The other thing to look for on these sites is contact info. If there's no contact info listed, as is the case with webdesigncup, then don't contact them. Clickingz at least has a phone number and address on their site - another point in their favor.

If they do have contact info, plug it into google maps and see where they are. In this case I have a feeling the above business address is just a mail drop and not an actual office. There are several international shipping and mailing business at that same address. Plus you'll notice their suite number is 13389. If you look at that building on google maps i doubt there's thousands of offices there. Most office buildings either number their offices sequentially or number them sequentially with the floor number as the first set of digits. So my guess is 'suite' 13389 is nothing more then a mail drop that forwards to where ever they are actually located. In this case i have a feeling they are outside the US, due to the international shipping at that location. And the email i received from them was sent from some where in India.

There's nothing wrong in itself hiring someone in India. There's plenty of competent people there. But I wouldn't want to hire someone who's lying about where they are located.

Another thing to look for is if they have links to any of the websites they've done - or I should say claim to have done. In the case of clickingz, they have a link to which they claim they did. And that site certainly looks better then clickingz own website. However, if you scroll to the bottom of many websites, you'll often find a link back to whoever designed the site. In this case, compass-hs links back to someone entirely different then clickingz. Does this mean clickingz lied? I don't know - they might have done a website for compass and then compass might have hired someone else to make a new design at a later date.

But it does say clickingz hasn't update their site in a while if they are linking to a design that's not theirs.

Another website they link to is  - this design is not that great. And again - the bottom of the site says someone entirely different designed the site for them. In fact every site they linked to that I went to, none of them linked back to clinkingz, several of them linked to other sites as the designers.

So is clickingz a scam - i'm not sure. There does seem to be some questionable stuff about them. But the fact that they appear to have been in business for several years and do list an address and phone number gives them a little bit of legitimacy. Assuming of course that the address and phone number actually work. I did not try calling or mailing them to test that.

Scam or not, I wouldn't bother contacting them for design work as they effectively have no current portfolio of work and their own website is badly in need of a redesign.

In the case of webdesigncup, my guess is that's a scam. Their website has nothing on it. There's no contact info for them. There's no links to any work they claim as their own. And the domain appears to have been created less then a month ago. I can't imagine a company claiming to do web site design would have no design at all on their own website. A single background image is not a website design, that's just wallpaper.

So to summarize my ramblings:

1. Always look for links to past work and try to verify they really did the work. If you are unsure, try contacting whatever website they claim as their design and asking them if they did really design the site for them.
2. Look for contact info and google their address - see if they are located anyplace that looks shady.
3. Do a google search on their domain name, email address and phone number and see if you find discussions about them.
4.Look up their domain registration to try and determine how long they have been in business. The older the domain name the less likely they are scam artists. And if their domain registration is not private another point for not being scammers.
5. Lastly - if they emailed you out of the blue without you contacting them first, that's spam. And I wouldn't really want to do business with someone who spams.  But that's up to you.

Tuesday, March 12, 2013

Email Password security tips

Here are some general security tips to keep your email account safe.

1. Use a unique password for your email that you do not use anywhere else. The reason for this is pretty simple. Most websites when you register on them ask you to give them your email address. If you give that website your email address AND you use the same password that you used on your email login, you've just given that website access to your email account. Most websites are probably trustworthy. But what happens if that website gets hacked and someone steals all your registration information? Now some hacker has your email login information. So ALWAYS use a unique password for your email account that you do not use anywhere else.

2. Do not use a simple password. A simple password would be one that's only a few characters long and/or consist of simple words. Most hackers are not sitting in front of a computer typing in one password at a time. They have tools to automate it. So if your password is very short or consists of simple words, they can use a dictionary to guess your password. The best passwords are at least 10-12 characters long. Longer is even better. And it's good if it contains a mixture of letters and numbers. Even better if it contains letters, numbers and punctuation characters like $#@!%. Most passwords are case sensitive, which means mypassword is not the same as myPassWord. So mixing up the casing of the letters is another very good method to make your password hard to guess. The best passwords combine all of this into something called a pass phrase. A password implies a single word. A pass phrase is a combination of words.
So rather then having 'password' as your password, you would have 'this is my password' as your password, or pass phrase. And if you combine it with the other suggestions it might look like '@thiS is mY 1 passworD!'

3. Pick security question/answers only you know. Many websites ask you to set up security questions that you can answer if you ever forget your password, or login from a strange computer. These security questions can turn into security holes. If you pick a very simple question ' what is my favorite color' and pick an equally simple answer 'blue', it wont take very long for someone to guess your security answers. The best thing to do is to pick questions that only you would know the answer to. However, many sites don't allow you to type your own question, you have to pick one of their questions. And their questions are often questions that other people know the answer to. Like what school you went to, the name of your spouse, your first job etc. Those are all questions other people have the answers to and in many cases even strangers can find the answers to them by doing a little google searching. For example, if you have a linkedin account,  your first job AND what schools you attended might be listed there. Your spouse might be listed on facebook or another social site.

So if you can't type in your own question, you can always give an answer that has nothing to do with the question or is completely made up. For example, if it asked what school you went to, you might say Startfleet Academy (although in my case my friends could guess I'd pick that answer). Or make up an answer that's completely random. Instead of Starfleet Academy, you could say apple pie. You just have to remember the answer you give. The key is to make sure it's an answer know one but you knows and no one could figure out.

4. Don't type your password into strange computers. It's basically the same as catching an STD. You don't know who else used that computer or where it's been. That computer could have a virus on it and as soon as you type in your password, it's recorded it and sent it off to some nefarious hacker who now has access to your account. This applies even to your friends computer, unless you are sure they are practicing safe computing.

How can you tell if you were hacked/if a friend was hacked?

5. Don't click strange links. If you get an email from a friend that has a ton of people it was sent to and all the email contains is a strange looking link, chances are they were hacked. I would contact your friend other then through their email and ask them if they sent it. If they did not, have them read this post and then change their passwords. I said passwords, plural, because once someone has access to your email account, they could potentially gain access to your other online accounts since many of them have a forgot password feature that will email you instructions on how to change your password. So the hacker gains access to your email account and looks through your emails to find an email from your bank. They then go to your bank's website. The first thing they'll try doing is using your email password in case you used the same password for your email as for your bank. If that doesn't work, then they'll try the forgot password feature and within a minute they could have access to your bank account. I'm sure they'll enjoy spending your money.

6. You wake up one morning and suddenly find a bunch of returned messages in your email. This is a good sign your account may have been hacked. This could be because the hacker logged into your email and then sent out an email to EVERYONE you ever emailed before. Or at least everyone in your address book. Some of those emails might have gone to addresses that don't exist anymore, or might have been caught by spam filters. That's why you'll suddenly have a bunch of returned messages in your email.

Many email websites allow you to check and see all the places you logged in from. if so, take a look and see if there's a login from somewhere you've never been, or at time you know you weren't online. If you find a strange login or have an inbox full of returned messages, it's time to change your passwords and contact your friends and let them know not to click any links that were sent.


7. Use 2-step authentication. One of the features I like with gmail is something called 2 step authentication. It's basically using two passwords. You only are prompted for the 2nd password if you login from a new computer, or it's been 30 days since the last time you used the 2nd password.  If you have a smart phone, you download a small app to your phone and the app generates a new password for you every 30 seconds that you would type into your account the first time you log on from a new pc. That means even if a hacker gets your password, they still wont be able to log in because they wont have that random password generator. I still won't log in from a strange PC even with this if I can possibly avoid it. But at least if you do you know it'll still be almost impossible for them to get into your account. If you do login from a strange computer I would still change your password when you get home even with using the 2 step authentication.

I strongly encourage you to see if your email provider has 2-step authentication. If not, I would switch to someone who does.

Wednesday, March 6, 2013

Crashplan is untrustworthy - do not trust them with your back or data

I started using Crashplan for my backup needs back when Mozy switched away from doing an unlimited backup.  Initially I was very happy with their service.

However, since at least June of 2012 when I first noticed it, Crashplan has had horribly slow upload speeds. Many people are getting much less then 1mb uploads even though their internet connection supports speeds many times faster then that.

For anyone who frequently adds files to their backup set, this would make crashplan almost useless since you would never have a complete backup. You would always have files pending to be uploaded.

I myself could probably live with these speeds since I don't often add files to my backup. What I can not live with though is a company that lies. And crashplan lies. Their support has NOT ONCE responded to the thread I started here: (they require you to register to view threads, probably to hide complaints from showing up in search engines - i'll post a complete copy at the end of this post).

That thread is almost 6 months old and has NEVER received a response from someone in support. It did however receive a response within a day when I finally got fed up and accused them of being incompetent or liars. Then a Mike Evangelist (listed as Chief Marketing officer according to his linkedin profile) suddenly stepped in and deleted my post accusing me of 'name calling'. I'm not sure what other conclusion you can come to when you have a problem that's ongoing for months and the only response you get from CP support, if they respond at all, is to tell you the internet is shared resource. Basically their excuse is that the internet is slow, not them. Apparently the internet has been slow, ONLY for crashplan customers, night or day, for months.

His idea of customer support was to offer me a refund. That's a pretty shoddy business model - no actual response to the problem itself, just someone who gets upset when you use harsh words about the lack of support and communication and then tells you to leave.

The only conclusion I can draw is that crashplan is either incompetent and doesn't know how to fix the problem or is otherwise incapable of doing so, or they are lying to me. I think it's both. I suspect they signed up too many users too fast and don't have the resources to support them all and are just hoping people wont notice.

As I said earlier, I could probably live with the slower upload speeds. But I will not do business with a company that treats their customers like this. They lie to their customers pretending there is no problem or pretending the problem is with you and not with them. They don't respond to complaints in their forum for MONTHS and then the only official response they finally give is to delete a post that calls them out for what they are - liars.

I don't know about you, but I would not do business with a company that is dishonest with you and treats their customers like idiots. Would you trust all your personal data with them? What's going to happen if their servers ever get hacked, do you think they'll actually let you know? Can you be sure you're data is really encrypted and safe on their server? And what happens if some day you need to download your data, how can you be sure you'll be able to get it? Or that it wont take months or years to download because of their poor service?

I apologize if this sounds like a rant, but I am angry. I think anyone would be angry if they are lied to for months on end. Because of this I've canceled my subscription to crashplan. Oh, and they are actually planning on raising their rates at the start of 2013. I'm going to use amazon glacier with cloudberry. Shockingly, the shared resource that is the internet seems to have no problem maxing out my upload speed when uploading to amazon. And it'll cost me less then what crashplan charges.

Edit: I've been using cloudberry in conjunction with amazon glacier for several weeks now without a single slow down. And it's only costing me $2/mo. To be fair, it looks as though the issue with crashplan has been resolved, at least the technical issue has. The customer service/honesty issue though has not. Crashplan only once admitted to there being any problem and it was a rather vague message along the lines of 'some' customers report problems and 'they are looking into it'. No explanation as to what the problem was. No explanation as to what they did to fix it. No sort of apology. I still don't trust them.

Edit 2: It loosk like CP might still be lying to their customers. Someone who just signed up with CP starts off getting 6mbps uploads but then quickly drops down to 250-300kbps. When they contacted CP support, this is what they were told:
I looked over your backup logs from the past few days and it looks like everything is going exceptionally well. 200-300 KBps sustained transfer rates are normal for most people and are common when the CrashPlan Client is backing up media files or other large chunks of data (applications come to mind). Those types of data don't compress well and therefore have to be sent in their entirety versus smaller chunks that have already been efficiently indexed by the CrashPlan Client.
That's the first time I've heard that not being able to compress file means it'll download MUCH slower then your maximum internet connection. The support rep went on to say turning off data de-duplication might speed up the upload. Which I assume is also either a lie or an indication their system is poorly made if data de-duplication means a 20x reduction in upload speeds.

Edit 3: For anyone still using crashplan and having problems, you might want to take a look at this blog post. He greatly sped up his upload speeds by disabling the deduplication function in crashplan's client.