Keeping a Facebook page would be less work if Facebook were less tolerant of scammers tagging my Facebook page with other Facebook pages impersonating Facebook

Living a public work life on social media can be tiresome under many conditions, but my occupational outpost on Facebook–facebook.com/robpegoraro–has been feeling especially tedious lately.

And I can’t even blame random Facebook commenters for that! Instead, it’s the random Facebook scammers that have been nibbling away at my social-media attention span by staking out fake Facebook pages that impersonate Facebook itself, and which then tag my page with grammatically-iffy posts threatening to have my page suspended (for example, “someone has reported you with non-compliance with the terms of service”) if I don’t click/tap to verify my page ownership at a site that is obviously not at Facebook.

(Pro tip: Facebook is an American company and, AFAIK, does not have any substantial presence in Vanuatu that would require it to point users to a .vu domain name for terms-of-service compliance.)

I resent being treated like an idiot and I resent having my time wasted, but I also resent seeing a gigantic social network with country-sized resources fail so badly at stopping its own tenants from impersonating it. Every single time, the scam page has a big blue “f” icon matching Facebook’s and calls itself something like “Pages Identity Policy Issue,” which combined should seem like easy bait for a company with Facebook’s machine-learning capacity to quash or at least quarantine.

Instead, I get to play Whac-a-Mole with these idiotic impostors, and Facebook doesn’t even make that efficient.

Here’s the workflow on my iPad if I want to report the tagging post itself: Tap the ellipsis menu at the top right, select “Find support or report post,” select “False information” from the menu (“impersonation” isn’t an option), select “Social Issue,” (other choices being “Health,” “Politics,” “Something Else”), confirm that the post goes against community standards, then tap “Submit.” That last step doesn’t remove the tag, which takes another tap or two to zap.

If, however, I tap the fake page itself (which, in the most recent incident, had been set up for a construction firm in 2013 and then renamed this week, presumably after a hack), I tap the ellipsis menu at the top right, select “Find Support or Report Page,” select “Scams and Fake Pages,” then choose “Misleading Page Name Change” (had I not seen that switcheroo, I would have picked “Pretending to be Another Business” or “Fake Page”). Then it took another tap to block the page’s tag from my own page.

My gripe here isn’t so much with the number of clicks Facebook required but with the gap between its apathetic enforcement against con artists ripping off its own identity and its aggressive and punitive reaction against the New York University researchers who invited readers to install a browser extension that would track which ads Facebook served them, so that we might learn a little more about how that advertising gets targeted. What’s the priority at Facebook?

It’s yet another reason–on top of of the recurring nags to spend money on Facebook ads–to make me wonder why I keep up that Facebook marketing output when it’s so much more work than my other social-media presences. And yet if I want to see how the advertising machinery works, I feel like I have to stick around, scammers and all.

A mediocre experience with Apple’s Migration Assistant

This post is coming to you from a Mac manufactured in this decade, but it took far more fiddling with software and cables and more swearing at them than I ever expected to make that possible.

The fault here was Apple’s Migration Assistant, a tool to move your apps, files and settings from one Mac to another that I’d found so faultless in the past that in 2010 I touted it to Washington Post readers as “fantastically helpful.” I expected the same seamless experience this time, but after connecting my old iMac to my new M1 Mac mini via Ethernet (weirdly enough, Apple’s instructions only mentioned WiFi), launching Migration Assistant on each computer, having it add up all of the hundreds of gigabytes of data to be moved, and beginning that process… that progress stopped after about three hours without explanation.

After further fruitless trial and error, I settled on plan B in Migration Assistant: Transferring my data from a Time Machine backup. After a strange wait for it to see the backup volume, Migration Assistant informed me that it was “Starting up…”

Two hours later, it was still “Starting up…”

Nine hours later: still “Starting up…”

(Memo to Apple: This is one fantastically uncommunicative app here. Can’t you hire some underemployed English majors to write more informative status messages for it?)

Then I remembered that Migration Assistant can also restore from a disk image. And that I could create a new clone of the old iMac’s SSD using the same tool I’d downloaded three years ago when I transplanted the SSD into that aging computer.

I launched Shirt Pocket’s SuperDuper for the first time since 2018, had it create a new disk image in a partition on my backup drive, and then plugged that drive into the new Mac mini. I set Migration Assistant to transfer from that, it once again added up all of the files to be moved. And this time, it not only started the job but finished it, rewarding me with a “Migration Complete” message the next morning.

Not cool: freezing my credit after yet another data breach

The text message I was especially uninterested in receiving hit my phone Sunday morning. “T-Mobile has determined that unauthorized access to some business and/ or personal information related to your T-Mobile business account has occurred,” it read. “This may include SSN, names, addresses, phone numbers and dates of birth.”

T-Mobile’s texted non-apology for a data breach affecting tens of millions of subscribers went on to note that “we have NO information that indicates your business or personal financial/ payment information were accessed,” as if those data points were the ones I couldn’t reset with a phone call or three.

Instead, I got to spend part of an evening at the sites of the three major credit bureaus to freeze my credit, just in case any recipient of the stolen T-Mobile data was going to try to go to town on my data. In the exceedingly-likely event that you, too, will have to clean up after a corporation’s carelessness with your data, here’s how that went down.

At Experian, at least I didn’t have to clutter my password manager with another saved login. After providing my name, address, complete Social Security Number, birth date and e-mail, the site asked me to verify my identity by answering a personal-data pop quiz (for example, picking previous cities of residence or a cost range for my monthly mortgage payment). After passing that test and starting the credit freeze, Experian generated a 10-digit PIN I could use for subsequent access.

Things were not quite as easy at TransUnion. I had to create an account and provide almost as much personal information as Experian demanded, except that TransUnion only required the last four digits of my SSN. On the other hand, the sign-up workflow included a tacky invitation to sign up for marketing spam: “Please send me helpful tips & news about my service, including special offers from TransUnion and trusted partners!” The site asked me to pick a security question from a preset menu, none of which would have been too difficult for a stranger to research had I answered them truthfully, and then verify my identity in another personal-data quiz.

The company that had itself lost my data before, Equifax, offered the easiest on-ramp. After coughing up another mouthful of personal data–including my full SSN as well as a mobile number–I was able to create an account and, after clicking through a link sent in an account-confirmation e-mail, put a freeze in place. I did not have vouch for my identity by picking a ballpark figure for my mortgage payment or identifying a phone number I’d used before… and I’m not sure that’s a good thing.

I do know it’s not a good thing that T-Mobile kept information like Social Security Numbers that it could not have needed after checking my credit–a failure its apologies have yet to acknowledge. Firing them for that data hoarding, compounded by weak security, might offer a certain emotional closure. But I have no reason to think that switching to AT&T or Verizon and then handing over the same personal data wouldn’t open me to the same risk, because I’m struggling to see anybody at the giant telcos who gives a shit about data minimization.

Two ways your mailing list could be less terrible

Monday’s USA Today column on cleaning out an overloaded Gmail inbox required me to spend an unpleasant amount of time scouring my own inbox to find the most prolific senders. The experience left me mostly convinced of the grotesque selfishness of many e-mail marketing types, but it also yielded some grounds for optimism.

Photo shows a series of bulk-mail stamps

As in, the user experience with some of these companies’ mailing lists let me at least think that they recognized concepts like cognitive load, limited attention span and finite storage space. Here are two practices in particular that I liked:

  • Don’t send promotional e-mails from the same address as order confirmations. This makes it so much easier to find and bulk-delete the sales pitches that no longer carry any relevance–or, if you use Microsoft’s Outlook.com, to set up a “sweep” filter that automatically deletes those messages after a set period of time. Ecco, Macy’s and Staples all seemed to follow this polite, filter-friendly custom.
  • Let me choose how often to get emails–a message a day is often just clingy, but one a week could be less obnoxious–and let me specify what kind of pitches might interest me. Best Buy (“Receive no more than one General Marketing email per week”) and Macy’s (“Let’s Take It Down A Notch—Send Me Fewer Emails, Please”) get the frequency thing right, while L.L. Bean not only lets people choose between weekly, monthly or twice-monthly frequencies but invites them to request only messages about departments like Men’s, Home, or Fishing.

I’d like to close by writing something like “see, it doesn’t have to be this hard”–but a look at my Gmail inbox shows that some of my visits to the mail-preference pages of some retailers hasn’t led to them putting a smaller dent in my inbox. I guess they’d prefer I click their unsubscribe link–or use Gmail’s “block” command.

Google’s useless-to-the-self-employed “External” label: another tiny bit of freelancer erasure

The Gmail app on my phone and in my browser looks a lot more yellow when I switch to my work account, and it’s all Google’s fault. Sometime in the last week or so, Google began slapping an “External” label in a shade of deep yellow on every message sent from somebody not in my organization.

Which, since I am self-employed, constitutes the rest of the population of Earth, plus every bot and script capable of sending me e-mail. Google describes the security measure it began enforcing in late April for Google Workspace accounts–the business accounts it once gave away for free as Google Apps, then turned into a paid service in 2012, then renamed to G Suite in 2016, and then renamed once again in 2020 to Workspace–as its way to help employees “avoid unintentionally sharing confidential information with recipients outside of their organization.”

Photo shows a spam message purporting to be from Comcast with Gmail's yellow "External" label, as seen on a Pixel 3a phone in front of graph paper.

But for solo practitioners who have no employees, it’s useless. It cannot teach me anything except that even when self-employed, I can still fall victim to IT department control-freakery–and that freelancers remain invisible to many business app and service developers.

(Fun fact about the obvious phishing message in the image here: Gmail’s spam filter did not catch it.)

A support note from Google indicates that Workspace users can turn off this warning. It does not explain why I don’t see that in my own admin console. But in a Reddit thread–once again, that site proved to be an underrated source of tech supportanother Workspace user said legacy free accounts don’t get that opt-out. A frequent Twitter correspondent with a grandfathered free account has since confirmed that he doesn’t have this setting either.

I suppose Google would like me to upgrade to a paid account, but I’m already paying: $19.99 a year for 100 GB of storage. The cheapest Workspace plan would only give me 30 GB and cost almost four times as much. Since Google apparently can’t be bothered to document this new limit to free accounts, the answer there is a hard nope.

All the time I’ve sunk into investigating this problem has not, however, been without benefits. Thanks to some hints from my fave avgeek blogger Seth Miller, I figured out how to disable the also-useless default warning about replying to external e-mails. To do that, sign into your admin console’s apps list page, click Calendar, click its “Sharing Settings” heading, click the pencil icon that will appear to the right of “External Invitations,” click to clear that checkbox, and click “Save.”

Although Calendar is clearly not Gmail, this settings change seems to apply in the mail app too. At some point while I was futzing around with Workspace settings, I also found an off switch for the comparable warning about sharing Google Docs with outsiders–but now I can’t find it, so maybe that opt-out is now yet another feature reserved for paying users but not documented accordingly.

A virtual-event hobby: desktop Easter eggs

This week involved two panels I recorded from my desk, which made it like a great many weeks since February of 2020. But the specifics of my appearances Thursday and Friday represented a serious advance overall compared to the virtual-panel game I brought last March–and not just because my camera setup is now much less crummy.

My earliest upgrade was to improve the art on the wall visible behind me when I sit facing the windows for optimal lighting. Meaning, I filled a spot I’d left open by framing a cue sheet from one of the century rides I completed as a younger cyclist. That continues to offer the bonus of reminding me that difficult things are doable with enough practice, time, and rest stops that involve volunteers handing you bagels.

It took me longer to realize that my usual camera angle–a phone and then a webcam mounted on a tripod between the windows and me–left space on my desk to fill with something besides the vintage Bell System Trimline phone I keep parked there (but no longer have plugged into our VoIP service, because having robocalls interrupt an interview is no good).

First, I realized that if I was going to be talking about information security, I should leave the printed program from 2019’s DEF CON hacker conference resting against the wall behind me as a visual credential. Then I figured that parking a spare Rubik’s Cube in front of that would provide a little visual contrast and confirm that I’m a child of the ’80s. My service as an election officer last year left me with a badge from working the general election, and that seemed like another good totem to leave visible for anyone doubting my civic dedication. Still later, I decided that I couldn’t possibly hide the ThinkGeek Millennium Falcon multi-tool kit (don’t ask, just covet) that my brother gave me years ago.

Because I am slow, I eventually further thought that I could spotlight event-specific flair. For example, in a virtual panel about cruise-ship apps, I arranged a set of my dad’s old passports on that corner of the desk. An interview of a Major League Baseball executive gave me an excuse to park a Livan Hernandez bobblehead on the desk. I was tempted to display a pair of drumsticks I got as a conference souvenir years ago for the panel I recorded Friday morning with a music-app executive–but I didn’t want to suggest skills I lack, so I broke out the sticks for the sound check before that recording.

I hope some of you have enjoyed seeing these little tchotchkes, but if not at least they’ve injected a little variety to my own virtual-panel routine. I’ll enjoy that while it lasts, because at some point–that’s now looking like the third quarter of this year–I will go back to moderating in-person panels and will have to return to hoping anybody in the room notices the panel socks I’m wearing.

Reminder: Don’t overlook Reddit for crowdsourced tech support

Two weeks ago, I spent too much time on T-Mobile’s site because I didn’t go to Reddit’s first. I was trying to opt out of my wireless carrier’s new targeted-advertising scheme, but I could not find any way to do so when logged into my business account–and like any dummy perplexed by an unintuitive interface, I kept trying the same thing over and over instead of asking for help.

Screenshot of the icon for Reddit's r/tmobile subreddit: Snoo the alien, but wearing a magenta T-Mobile t-shirt under a jacket while holding a cell phone.

The answer I needed was waiting in a thread on Reddit’s r/tmobile subreddit, in which one T-Mo customer replied to a comment about the unhelpfulness of the carrier’s site for this opt-out by saying “I had to use the app and eventually found it in the privacy section.” As in, the T-Mobile app I’d had on my phone all long but had forgotten about, and which coverage I’d read about this issue had not clarified would be the only way for a business customer to adjust this setting.

(In case you’re still puzzling this through, open the app, sign in, tap the “More” button at the bottom right, and then tap “Advertising & Analytics.”)

This wasn’t the first time I’ve found Reddit’s company- or service-specific forums exceptionally useful for tech support. While smart companies maintain their own forums where people can sort out problems and share tips, Reddit has three things going for it that many other discussion boards lack: scale, a search that works, and crowdsourced measures of the value of a comment and its author.

Reddit upvotes, downvotes and the karma score they feed into can be abused like any other social-media system to protect toxic behavior–it was only last June that Reddit nuked r/The_Donald and some 2,000 other subreddits for repeated hate-speech violations. (Of course, there’s a subreddit on which you can debate those risks of abuse at length.) But in the context of a subreddit set up for users of the same app, service or gadget to solve each other’s problems, these collective accountability features seem to function well enough. I also keep wondering if Twitter could use some version of a karma score–and that, decades ago, Usenet could have had one as well.

Plus, many of these product-specific subreddits also feature wikis maintained by their more-frequent contributors, something you almost never see at the forums a company maintains for its customers.

In addition to T-Mobile tech support, I’ve found Reddit a good resource for help with my HP laptop, and some of my earlier smartphones. Reddit’s also proved useful as a journalistic resource when I’ve needed to find people using a service with limited availability, like Verizon’s 5G Home fixed-wireless service or SpaceX’s Starlink satellite broadband. I try to pay that assistance back by showing up in threads other people have started about my own stories–yes, “robpegoraro” there is me–and offering to answer whatever questions people have.

Writing this post made me realize I’ve probably neglected Reddit’s potential to help me puzzle through one app I use all the time: this blogging platform. Maybe r/Wordpress can help me feel less grumpy about the Block Editor?

Daily newsletters I delete every day–only after reading them

If you don’t want your inbox to start filling up with newsletters, you probably shouldn’t become a journalist. Even if you decide not to sign up for daily updates from one organization or another, the PR people at that organization will probably make that decision for you.

But newsletters exist for a reason, that being that they can make it easy to catch up on developments you missed over the last day, week or month. So whether or not I opted in to get somebody’s daily update, I usually don’t click the “unsubscribe” link if the newsletter covers my own occupational interests–and skimming and deleting takes very little out of my time.

Really good newsletters, however, earn not just a quick glance at a subject header and the first headline or two, but start-to-finish reading. I want to talk about two in particular that help keep me current about my fellow scribes.

Morning Consult Tech: Morning Consult, a data-intelligence firm with offices in D.C., New York and San Francisco, puts out this recap of tech-policy headlines before 9 a.m. weekday mornings. It’s an impressively comprehensive summary of recent work that covers publications beyond the usual boldface news names–the left-wing magazine Mother Jones and Vice’s tech-news site Motherboard have each gotten shout-outs. In addition to those two- or three-sentence story blurbs, each message features an events calendar that in the Before Times was a good way to ensure my work social calendar didn’t stay empty as well as a modest amount of self-promotion for the parent firm’s work. My only real complaint is predictably vain: I wish this newsletter would spotlight my own work more often.

Muck Rack Daily: This GIF-laden, moderately gossipy message arrives weekday afternoons from New York-based Muck Rack, which provides tools for PR types, lets journalists post their own portfolios (writing this post reminded me of how overdue I was to update my own), and used to and hopefully once again will host get-togethers for reporters at such events as CES and SXSW. As you can see from Friday’s e-mail, each one revisits the day’s top stories as interpreted through journalists’ tweets–a not-dumb move by the senders to play off of our own vanity–and illustrated by pop-culture GIFs that I occasionally recognize. Here I should note that my father-in-law receives this newsletter, which every now and then leads to him sending me a nice look-who-they-featured e-mail.

If you work on either one of these newsletters, feel free to take a bow. And please don’t be offended when I add that I delete each newsletter after reading, because my inbox is crowded enough already without my squirreling away copies of these and other daily dispatches.

My recipe management remains surprisingly analog

All the kitchen time I’ve had over the last year of not going out to eat in restaurants has seriously advanced my cooking, but it has not advanced my recipe management nearly as much.

Yes, I still save recipes on paper, cutting them out of various publications and gluing them into pages in the binder I’ve tended for last 20 years or so. I also keep recipes in digital form–there’s an entire notebook in my Evernote for that–but each time I add one electronically and then cook off of that on-screen copy, I’m reminded of the advantages ink on paper retains in this use case.

Photo of an iPad open to Evernote, showing a list of recipes. Below it sits my recipe binder, showing a handwritten recipe from my mom.

Start with my primary source for new recipes, the Washington Post’s Food section. The Post’s Recipe Finder sites is fantastic, but it provides no way for me to save my favorites like the Recipe Box of the New York Times’ Food section. So each time I hit that page, I have to redo my search or hope the browser’s autocomplete takes me back to a specific recipe page.

As for NYT, my second most-frequent cooking read, it neglects its Recipe Box feature by not providing any obvious way for me to get to it in the Times’ iPad app, much less add a personal shortcut to it. I could fix that by installing the paper’s NYT Cooking app, but I resent the idea of getting a second app from one company to fix a usability problem in its first app.

So in practice, the recipes I find online that I want to keep making go into Evernote. Adding recipes on my desktop isn’t bad, since Evernote’s Web Clipper extension offers a variety of import options that go from pulling in an all of a page to just the text I select. But on the device I use far more often to look up recipes, my iPad, that clipping feature–available via the Share menu–ingests the entire page. Which on foodie blogs mean I get the multi-paragraph opening essay, the affiliate links to buy ingredients or kitchen gadgets, and the comments.

(I don’t mind all that stuff when I’m in recipe-browsing mode–I respect how my fellow indie creators work to monetize their content–but I don’t need it once I’ve got a spatula or a spoon in hand.)

Deboning one of these imported recipes requires an extra, non-obvious step in Evernote: select the clip, tap or click the banner at its top, and tap or click the magic-wand “Simplify & Make Editable” icon. Then I finally have a clean copy of a recipe that I can look up anywhere… well, whenever I’m once again in a position to cook in somebody else’s kitchen.

Finally, consulting a recipe on an iPad gets awkward the moment both of my thumbs get covered in flour, oil, butter or whatever else is going into the recipe–at which point I can no longer unlock the screen via Touch ID once the tablet automatically locks. Unfortunately, iOS doesn’t offer any sort of recipe mode, and it doesn’t appear that I can use a Siri shortcut to keep the screen unlocked for only the next hour or two.

Meanwhile, I have my three-ring binder of recipes. The workflow to add a recipe from the paper is not what I’d call elegant, but breaking out scissors to cut that out of the paper and using a glue stick to attach it to a paper at least exercises arts-and-crafts skills that have mostly gone unused since grade school. (Removing a recipe that’s been added this way is difficult to impossible, so I have a separate folder of recipes that I haven’t yet made enough times to deem them binder-worthy.) More important, this collection also includes recipes that never made it to any screen of mine: handouts from farmers’ markets and restaurant and winery events, printouts from friends, and the occasional handwritten one from my mom.

There’s no search tool in this binder, but it does support a limited sort of favorites functionality that works automatically over time and yet is incompatible with digital storage: stains from sauces and other dripped ingredients.