paypal – Climb to the Stars

LeWeb'09: Bloggers, Social Media Club House, Boat Party [en]

In less than a week, I’ll be jumping on the TGV to Paris to attend the conference LeWeb’09. Clearly, this is a long overdue post — the conference starts in a week. You probably saw my post about blogger accreditations way back when, and if I haven’t communicated about it since, it’s because I’ve been very very busy behind the scenes. Time to fill you in a bit.

The choice was tough, but we ended up with a selection of official bloggers who are invited specially to come and cover the conference live on their blogs. You can also follow them all on Twitter with the official bloggers list. During the conference, you will be able to find all their posts about LeWeb’09 on a single page, with a single feed (thanks to Superfeedr). Another way to access their publications is through the LeWeb’09 Pearltree — just click on the Official Bloggers branch.

Aside from my job as Official Bloggers “list mom”, I’m thrilled that I’ve been invited to be a resident of the Social Media Club House during my stay in Paris. The five other residents are Cathy Brooks, Chris Heuer, Dana Oshiro, Kristie Wells, and Robert Scoble, and PayPal is our main sponsor. We’ve got a wicked schedule planned, so stay tuned (tag: smch, #smch) and follow us on Twitter upto and during the conference.

Official Bloggers and Social Media Club House will collide during the evening before LeWeb’09, when we will head over to le Six/Huit for an “Official Bloggers and friends” pre-conference party, hosted by well-known Paris bloggers Frédéric de Villamil and Damien Douani.

Clearly, there is no shortage of choice when it comes to pre-LeWeb’09 events, but this party is to my knowledge the only one taking place on a boat (yes, on the Seine!) and right next to Notre-Dame cathedral. Plus, as we all have to fit on the boat, it’s limited to 150 people, so it’s a pretty exclusive event, with a high concentration of official bloggers, Social Media Club House residents, and a handful of top PayPal executives (you know, the kind of people you don’t really get to approach during the conference because they are permanently surrounded by a wall of folks who want to talk to them).

The party starts at 5.30 for the official bloggers and our special guests, and will open its doors to the general public at 7pm, until 9-10pm.

Please sign up quickly if you want to come to the boat party!

And if you’re looking to sponsor a cool event (or know somebody who would like to), we’re more than happy to let you offer a round of drinks. Just give Fred a call on +33 6 62 19 1337 to set things up.

See you next week in Paris!

This is an Experiment [en]

[fr] Ceci est une expérience.

Not All Switzerland Speaks German, Dammit! [en]

Here we go, yet another misguided attempt at localisation: my MySpace page is now in German.

MySpace now joins PayPal, eBay, Amazon, Google in defaulting to German for Swiss people.

Switzerland is a multilingual country. The linguistic majority speaks Swiss-German (reasonably close to German but quite un-understandable for native German-speakers who have not been exposed to it). Second language in the country is French. Third is Italian, and fourth is… (no, not English) …Romansh.

You know how linguistic minorities are. Touchy. Oh yeah.

As a French speaker with rather less-than-functional German, I do find it quite irritating that these big “multinational” web services assume that I speak German because I’m Swiss. I’d rather have English, and so would many of my non-bilingual fellow-cititzens (particularly amongst web-going people, we tend to be better at English than German).

Yes, I’ve said that English-only is a barrier to adoption. But getting the language wrong is just as bad, if not worse (most people have come to accept the fact that English is the “default” language on the internet, even if they don’t understand it). If I want my Amazon books to be shipped here free of charge, I have to use Amazon.de, which is in German, and doesn’t have a very wide choice of French books. My wishlist is therefore on Amazon.de too, which maybe explains why I never get anything from it.

Paypal is almost worse. I can’t really suggest it to clients as a solution for “selling stuff over the internet”, because all it offers in its Swiss version is a choice between German (default) and English. You can’t sell a book in French with a payment interface in German or English.

So please, remember that country != language, and that there is a little place called Switzerland scrunched up in the middle of Europe, caught between France, Italy, Germany and Austria (Liechtenstein is even worse off than us I suppose), and that not everyone in that little country speaks German.

Thank you.

Alarm: Orcut, Evil Fake Orkut Clone? [en]

How I thought orCut.com might be a phishing operation to grab orKut.com usernames and passwords. A comment on Google’s irresponsibility in encouraging users to fall for phishing.

[fr] Comment j'ai cru que orCut.com était un faux site destiné à ramasser des mots de passe orKut, et un commentaire sur l'irresponsabilité de Google, qui par de telles pratiques encourage les internautes à tomber victimes du phishing.

Preliminary note: although nice blogging tools like WordPress have really sexy interfaces for you to type your posts in, resist the temptation. I won’t tell you more, except that Q and W are right next to each other on my keyboard, and that I’m about to write up this bl***y post for the second time.

So, I’m a bit of a referrer junkie. When I see something new, I usually click’n see. Today, I found this in my recent referrals. Now, since I nearly got phished, I’m a bit cautious, and I immediately noticed that it was orCut and not orKut in the URL, even though (particularly as) the pages on the two sites look exactly the same.

Do you smell a rat? I smelled a phish, and it seems I’m not alone. A quick expedition on google, however, tells us that many think orCut.com is legitimate. Scary! Think of what these people would do with all the juicy information they would get out of our Orkut logins and profiles! And hey, it’s not just orCut, there is orkAt too!

But wait. Everybody freeze! Look what Suw managed to dig out: a May 04 post from Evan William’s blog, telling us orkAt, orCut, and even orCIt are legitimate alternatives to orKut.com. Well, we’re most relieved to know this wasn’t all some evil scam — and Ev should know what he’s talking about, as he works from Google.

However, doesn’t it strike you as a trifle irresponsible on the part of Google to do something like this? I mean, doesn’t this make users more vulnerable to phishing? Next time they get a PayPal e-mail with a fake link in it, are their alarm bells going to ring, after their positive experience with the “alternative Orkut URLs”? Methinks they could at least have specified the alternate URLs somewhere on the home pages. A quick trip to orkut.com would have cleared any doubts of mine. ‘Coz now, who is to stop Orkit.com, or any other nice-sounding possible clone that phishers may come up with?

Paypal Scam Nearly Got Me [en]

How I almost got scammed by people masquerading as PayPal. Remember to always type https://paypal.com in your browser, and never to click links!

I consider myself pretty web-savvy and spam/hoax-aware. Today I very nearly got fooled into giving my PayPal information to some shady characters.

This morning I got an e-mail from PayPal — or so I thought. It looked nice and branded, no spelling or grammar mistakes, security warnings telling me not to give my password or anything to anybody, and even a link inviting me to go and see PayPal’s Security Tips page. It was just asking me to login on the site and check my data there (that’s what I understood then, re-reading it now, it says they will verify the information I have entered, which is much more fishy).

I had already made a mental note of one of the PayPal warnings, which is to not trust any other site than https://www.paypal.com/ (I’m not linking it so as not to encourage you to click on links which seem to point there — you’ll understand why in a minute). Now, remember this was early morning for me (don’t you also check your e-mail in the morning?). I clicked on the login link, and noticed the browser was sending me to a website identified by an IP address (194.183.4.23 in this case). I stopped everything, and clicked the nice blue link that said https://www.paypal.com/us/cgi-bin/cmd=profile-update. The login page looked furiously like the real PayPal login page, and I was about to login with no second thoughts when I noticed the name in the browser bar was http://www.ssl2-paypal.com/support/update.html — not the link I had clicked on!

I had seen this address before, in another “PayPal” e-mail I had got a couple of weeks back. Already then they had managed to fool me, even though the e-mail was less well crafted than this time. I smelled a rat, so finally typed https://paypal.com/ in my browser and logged in there. Nothing special happened.

I dug out the previous e-mail, slightly worried now. You see, although I had been suspicious about this first e-mail, I do remember that I had logged in somewhere. But to this moment I’m not sure if I logged into the fake website or if I had the sense to point my browser to the real PayPal website myself before logging in. I think I did, I hope I did, and in any case I just checked my account for fraudulous activity and changed my password. The first e-mail was really bad, but I was convinced enough that it came from PayPal to forget about it, just making a mental note that their copywriting was really really poor.

This made the second scam e-mail seem all the more real: when I got it, I thought “oh, so that last e-mail must really have been a fake, this is what a real one looks like.” Poor unsuspecting me.

At this point, I still thought the second e-mail was a “real” one, but that the ssl2-paypal people had someway managed to hack a redirect on the official PayPal site. I hadn’t looked at the e-mail source yet, see?

Anyway, I decided to report the first e-mail I had received.

Coming back home at the end of the day, I had an automated response from PayPal regarding my complaint. It again stated all the security measures to take, in particular the one about always typing https://paypal.com in your browser. And I thought: “you doofuses, you had better stop putting clickable links in your e-mails if you want people to get used to typing the address!”

I was going to respond to them with a more politically correct comment in that direction when I went to have a second look at the e-mail (which, I remind you, I still thought legitimate) I had got in the morning. And that is when I realised that the beautiful blue link was in fact a fake link, disguised as a real one. You can put anything in the href attribute of an achor tag — the catch here is that their link looks a lot like the blue links e-mail reading programs create when they encounter plain-text URL’s.

So, there we go. I was nearly caught by those not-that-dumb spammers. Remember the golden rule:

Always TYPE the address in your browser, don’t CLICK on links in PayPal or other e-mails.