A lot of online behavior is habitual. My e-mail client is Eudora, for example — an orphaned program that hasn’t been updated since 2006. People keep telling me to switch to this or that but I like Eudora and have 17 years of mail stored in it, though I sense an end coming there. I also use Orbitz, primarily, for my travel planning. And it isn’t that Orbitz is particularly better (though not particularly worse since I use Kayak from time to time to compare) but that it holds already in its digital innards a whole succession of my credit cards as well as my five frequent flier numbers. Or it did.
You see Orbitz has lost my numbers.
Last week I took a flight to Dallas and they were right there on the screen in my user profile — a bunch of credit card numbers dating back to the late 1990s and my frequent flier numbers for American, United, US Airways, Delta, and Northwest. I know those last two have merged but I’m not sure my frequent flier numbers yet reflect that. Frankly I don’t KNOW any of those numbers, relying instead on Orbitz to keep track of them. But then today I went to book a flight to LAX and while the web site knew who I was from the cookie I was carrying, it suddenly had no idea how I paid for tickets or what affinity programs I was with. I only hope it guessed that I prefer windows to aisles — I’ll have to check on that.
Remember last week we discussed in this space how you’d manage personal data following the demise of a photo-sharing or social networking site? Well here’s an analogous problem — how do you manage YOUR data in ANY e-commerce site? And what does it mean if THEY do a lousy job of managing it for you, as Orbitz has done with me?
So I called customer support. When I eventually got through a guy named “Richard” told me my numbers were hosed, though he claimed never to have seen the effect before. Somehow I doubt that. And from his accent I doubted that he was born “Richard,” either. Still he tried to be helpful.
By this point I was down to two questions: 1) How the heck did this happen?, and; 2) will my numbers reappear during some restore or is it up to me to find and reenter them?
“Richard” had no idea how it happened and, sadly, it’s up to me to do the dirty work of restoring the data.
I hope he’s wrong on that last part. I hope that the Orbitz technology is robust enough to correct such a problem, especially after it has been brought to their attention. But the somber finality with which”Richard” gave me the bad news suggested that you can’t go home again. Or at least I can’t.
If so, think what this means. Even if cosmic rays somehow nuked my and ONLY my profile information from among millions of registered users (my new and old reservations were intact) the idea that the information couldn’t be restored was disturbing. What kind of an outfit is this, anyway? And if the problem extended beyond me and thousands or millions of Orbitz users were inconvenienced, well then my loyalty is at an end. Because a company that can erase my information can also lose it, and I don’t need that data floating around.
If you are an Orbitz customer please check YOUR profile information and see if your frequent flier numbers and credit cards data are intact.
Get back to me on that, okay?
Cringely: “Because a company that can erase my information can also lose it, and I don’t need that data floating around.”
I’m not sure I see the correlation. There’s a huge difference between erasure (or more likely, the data somehow got disconnected form your account and losing it to an outside source. I doubt they published ir before it went away, or gave it to someone and then erased it, since the only viable copy went to a third party.
Data security is crucial to any online enterprise, obviously, but being able to “lose” the data and having it erased (or disappeared) are two entirely different things.
About the only connection I can draw is that both are being sloppy with the data, and that’s a weak connection at best.
Losing or unintentionally erasing are both equally careless. Saying they are not the same thing begs the question (and point).
Or, from another point of view, if the data has disappeared and Orbitz doesn’t know how it happened, there’s a measurable chance that the data was harvested and wiped.
The flip side: When “Richard” says “we can’t recover your data”, he really means “we won’t call up our offsite archive and pay for all the costs of retrieving and restoring data from tape for a nitpicky low severity incident.”
All in the best service tradition of the modern airline industry.
Sorry, Bob. My stuff all seems to still be in Orbitz – credit cards, frequent flier number, etc. – all still there. I feel for you. That sucks. Good luck, and thanks for the heads up!
This happened to me recently with my news provider Giganews of some 10 years. Some sort of glitch caused them to forget my current settings (account name and credit card info). Support said they’d have engineering get back to me in a few days. By that time, I’d moved to another provider. I couldn’t login to cancel my account because I didn’t have the 10-year-old account info. Eventually I got customer service to forget trying to retain me a client by offering me free service and just delete my account altogether.
Yes, I read news groups several times a day and this is an important service for me. Luckily I keep all my current personal info on file, so you’re preaching to the choir.
“…have 17 years of mail stored in it…”
Please tell me this is just a gaffe and you are using IMAP. Please? POP3 is so…ancient. Even more ancient than Orbitz!
-Erica
Using IMAP with 17 years of mail would be glacial. I’m with Bob on this one. My mail only goes back to ’97, but at around 6000 legit messages per year, it adds up.
I forgot to mention that with attachments (I do video) each year tops several gigabytes, so I could only get a few years into Gmail.
What? You can upgrade gmail storage pretty cheaply…
@Blomquarter. You shouldn’t use new things just for the sake of it when old things still get the job done. That’s like buying a new car or computer every few years just to have the “latest thing”. A waste of precious resources.
Why do you think 17 years of e-mail would be glacial in IMAP? I have 10 years of e-mail in my IMAP store and it’s plenty fast. And I have access to the full e-mail store, including blazing fast server side searches, from my iPhone, the web and 2 different e-mail clients. All properly tracking which messages I’ve read and which I haven’t.
How the old Get Older-
17 years is not a lot of data to have, but it is a _lot_ of data to _lose_ but in 1992 what IMAP client would he have been using?
We are only as good as OUR access to our data. Which means if I am someplace with no access or where web access restricted then my data is no good – and someday IMAP is going to seem old like POP3. Heck I am only 40 and I remember 1992 and OS 7.1 for the Mac and 80386 was rare and 286 was common.
I use Eudora also. I’m sure he means he has 17 years of email stored on his hard drive. Yes, Eudora is IMAP, and POP. But, Eudora gives you the ability to store all your mail locally; as any other non-web mail client does.
I don’t use Orbitz but had a similar problem with another site a couple of years ago. My solution is program called 1Password (mac app). You can populate it with profiles that have all your various kinds of personal info. It will populate it onto a site to make a transaction via a browser plugin. Since I adopted this app I try to avoid letting sites keep my cc info on file, instead I supply it to them each time from my copy on my disk. Its just one extra click. The app also keeps pw & account data synched between my desktop, my laptop, and my iPhone so I can do transactions and visit pw protected sites from any of these without remembering any password except the master password for the app.
Another vote for 1Password. The iPhone app is also good to keep your information with you while you travel.
This is why I still keep hard copy versions of all my info I use online – no matter what promises any online company or service makes, you can’t trust anyone to remember or keep secure all your passwords, e-mail addresses, frequent flier accounts, bank accounts, etc. This gets especially frustrating with me as I have multiple e-mail accounts but insist on changing the passwords on each at least twice a week, thus I’m unable to take advantage of some browser features of remembering passwords for me. Why change passwords so often? You can’t be too careful. I got burned once eight years ago and once is enough. My bank account was compromised and the person attempting identity theft(whom I knew personally, and caught and had arrested and prosecuted successfully) wrote a disparaging piece on AmIAnnoying.com about a good friend of mine in my name. We were estranged for the longest time because of this, though we finally “made up” a couple of years ago, a lot of hurt feelings and loss of trust was felt for years.
I want to clarify, I was estranged from my friend who got dissed by the identity robber because she thought I wrote the profile on AmIAnnoying.com and no matter how I protested and threatened, the owners of website refuse to take it down.
Don’t know about about 1Password but for Windows, try Keepass (http://keePass.info/; data interchangeable with Linux KeepassX: https://www.keepassx.org/).
I’ve no connection to either of them, other than as a happy user of both (and yes, I do interchange datafiles seamlessly).
It’s your data– you need to own it. Personally, I think it is a very, very bad idea to use credit card memory on any site if you can help it. Having a website remember frequent flyer numbers doesn’t bother me– but credit card numbers seem to be stolen way too frequently from apparently secure sites.
I’m with Kevin Kunreuther on this.
I keep details of all my online accounts on my home server, which is backed up nightly. This runs Apache as a private webserver to act as a superior replacement for the uninformative, proprietary bookmarks beloved by browser writers. This lets me link account details to the company’s website reference. A major benefit is that I can see this stuff from any computer on my network and use any browser to do so.
E-mail: I used to dump the folders to files on an annual basis, but as searching either files of e-mails or large folders is a real pain, I wrote a proper archive system to store each day’s mail in a PostgreSQL database. At last count it held 60,000 messages and, given a date range and a phrase in a message, its search tool can retrieve the relevant messages in under 5 seconds. Problem solved for good.
Have you made the source available for either of those “projects”? I’d find both of them quite handy.
kneufeld at gmail dot com
Thanks.
Web notes: there’s nothing to distribute. Apache comes bundled with most Linux distributions, is easy to set up and needs virtually no admin when running. I learnt HTML from Elizabeth Castro’s excellent “HTML for the World Wide Web”. I write web pages with my favourite text editor, check for mistakes with HTML-tidy and back them up with the CVS version control system.
Mail Archive: Yes, I’m intending to release it later this year.
It should be fairly portable since its written in Java and can take an automatic feed from any mail server with an automatic BCC facility. For good measure I wrote a Spamassassin plugin that lets it automatically whitelist mail from anybody who I’ve previously sent mail to.
Release early, release often, Martin. 🙂 I’ve been threatening to do one just like that for a number of years and am so glad you did it instead! Do you know what you’re going to call it? I’ll throw a reminder in my tickler to go look for it later this year.
-Bill
It will be called MailArchive (highly original!) and will be announced in the computing section of my website, http://www.gregorie.org, and on the comp.lang.java.programmer news group.
Bob, check out MailForge from Infinity Data Systems. It is written from the ground up to look and work like Eudora, but is a paid, supported project. I tried version 1.0 last month, and it’s not quite ready for prime time but they’re close:
https://www.infinitydatasystems.com/mailforge/index.html
It looks a lot like Eudora, but is still missing quite a bit. I’ve gone on to Apple’s Mail.app and probably won’t switch back to a Eudora clone once I have gotten completely used to the new client.
I guess I would have started a fresh account instead of repopulating my old account, in the hopes of having the old one come back miraculously.
I have used Eudora for 14 years, and have many email accounts and thousands and thousands of emails.
But I got fed up with copying all email data from desktop to laptop or to second laptop and back depending where I was accessing my email. I couldn’t check email on any computer, just on one with Eudora, and I needed to use anti spam program before I check email. To complicated.
Early this year I decided to move to GMail. In Gmail account I added all my accounts (to be able to send from gmail with different “from” addresses), I created filters to sort out incoming/outgoing email to labels depending on account. And I forwarded all my email accounts to gmail.
I created IMAP gmail account in Eudora, and all labels I created in gmail appeared there. Than I just copied all my mailboxes to corresponding labels. It took some time to copy all, but now I am a free man :-).
No more Eudora baggage to carry around. I can access my email from any computer, pocket pc, mobile phone without worrying about synchronization. No matter from what device I send email, it is in “Sent Mail” folder. Mail search is instant. Most important, no more spam filtering, gmail does pretty good job 🙂
That’s nice, Sasa, but what do you do when Gmail eventually loses some or all of it??
I still don’t trust anything totally to the cloud. If I can’t use a local client or easily back it up locally the cloud doesn’t get my business.
…ken…
I’d stick with Eudora until you can’t any more. But yes, Mailforge is the obvious next step – once they hit version 1.0, or as they refer to it, 2.0 (which will be re-dubbed 1.2 in two months).
POP3 is great for huge email collections spanning 17 years. It also means that if someone steals your email password, as in the recent Twitter escapade, they don’t get your past emails, too, unless they have your physical computer.
Email is a tool, not a fashion accessory.
Oh, and by the way, Orbitz has my info. But I’m not so happy with them since I had a dispute with a parking service they pointed me to, and I ended up dealing with customer service’s doublespeak.
So I’m not the last person to be using Eudora… I’m a fan of applications having multiple windows. So many other mail (and other apps) now open a big environment and open up all windows within that environment. Sometimes it’s nice to have an inbox and an ‘important’ box and a tool menu floating out there on their own.
Eudora is not exactly dead. Qualcomm, realizing that it wouldn’t be getting any more traction out of Eudora, made it an open-source project that is currently in version 8 beta. But from what I have read from the project Web site (https://www.eudora.com/download/eudora/8.0b6/README.txt), the new Eudora appears to be Mozilla Thunderbird with a Eudora-coated shell.
Not just eye candy, there are some good engineers working to bring much of Eudora’s usability to Thunderbird. I can use Thunderbird thanks to some of their work. Get the Nostalgy extension for Thunderbird if you try it (but best wait for 3.0 at this point).
My orbitz stuff is intact. Sorry for that, and the queezy feeling you have that some backup tape at some storage company has those numbers, and company who commissioned them can’t get them back, really gets to me too. Has someone turned the tapes over to kayak? Where is my data? Who’s got their grubby hands on it, if you don’t have a firm grasp?
Maybe in a maintenance cycle the parts of your data that are encrypted (CC numbers at least) might have been corrupted as they were moved or if there was a migration program shuffling your data from server to server it used the wrong encryption key to update or display your data. Only Orbitz knows and unless it affects thousands of users you’re probably just stuck with reentering all that data with no explanation.
This is why I only treat online sites as an extension of my local data and not a replacement for that local data (aside from a gmail account). I either have a cache of my online stuff from Google Calendar in iCal or it is uploaded from my computer aka pictures into Picasa. Yes I have a back up of that computer on another computer as well as an online backup.
That online backup is Mozy.com and it encrypts the data on my machine before it transmits it over an SSL link to their servers where it is stored encypted. I am putting faith in Mozy that they won’t lose it or have some master key to unlock and then use my data.
Having faith in a companies capabilities and adherence to their own policies is about all the average joe can do aside from choosing to not use the company all together. In the end the companies that don’t lose and abuse our data will survive, sorry if that seems obvious.
My Orbitz info is still there. Sorry about yours. It is looking like you got singled out somehow.
This happens regularly on expedia. My credit cards and frequently flyer numbers disappear every year without fail.
On my computer at home I have a file, “passwords.txt”, which has all of that info. Useful when a site loses my data.
In an attempt to log into my Orbitz account, I may have found a (partial) explanation. I realized I couldn’t remember my password (I fly very rarely), and after clicking the “Forgot Password?” link, was greeted with this message:
Orbitz will send a temporary password to your e-mail address. After logging in, you can create a new password. For your security, we will delete the billing information currently stored in your account.
So your billing information would be missing if someone had tried to reset the password on your account, but you would have also received an email in that case. Mysterious…
Holy schnikeys, you could DOS any account using that mechanism. That seems to be a security hole.
Just checked the Orbitz site and my personal data is all intact. What’s the old saying? You’re not paranoid, just picked on.
My information is all intact. However in my Seat Preferences, under “Special Requests,” Orbitz has decided I’m deaf. I’ll admit that at my age I don’t hear as well as I did in my youth, but I had no idea it had gotten that bad!
I made the transition from Eudora to Thunderbird using Eudora Rescue http://qwerky.50webs.com/eudorarescue which helped a lot. Moving Outlook stuff to Thunderbird was more painful… had to import into Outlook Express first, as I remember.
Thunderbird can be a PITA, and it’s txt vs html message handling isn’t good. But it is easy to have the email data separate (in a TrueCrypt drive) from the installed Thunderbird on your computers, so easy to move emails between machines and keep the content private. Also true with Firefox, BTW.
I would also come away from this with another lesson. How good is a web services customer service? Before you use any service, demand to know exactly how their customer service works, where it is based (local, regional or out sourced out of country), carefully check user satisfaction and check every six months if you use service, if suddenly there is a rather marked increase of user dissatisfaction that isn’t being resolved, move away from service ASAP to something else before a glitch or worse happens to you.
The comment about ‘cosmic rays’ wasn’t too far off the mark
for those of us who supported SUN h/w a few years ago.
There was a mirror cache problem with their CPU boards
which could crash for number of reasons, one of which –
you got it – the mirror cache chip got hit my cosmic rays..
no joke
The data loss aside, there’s something wrong with their customer service situation, if their CS reps can’t send your problem off to Orbitz to fix, and tell you so and that they’ll deal with it. Outsourced CS in particular has this problem, if all the outsourced rep has is a limited set of information he can give you, and the whole outsourcing company has no particular connection to other parts of Orbitz other than whatever office hired them. When a CS rep or CS department is not really a full part of the company, it also may not even occur to them that it’s possible to have real communication with the company, even if there is theoretically a procedure for doing so.
C’mon, if Orbitz was really keen on first-class customer service, Bob wouldn’t have been talking to ‘Richard’. So, “we could fix this, but it would cost $x/customer” is likely considered not worth doing, as this-quarter’s margins are likely more important than customer retention. I saw the Kayak founder do a presentation once – they’re probably a bit more fanatical on customer service than Orbitz.
I wish online merchants would lose my account details. Reentering my online order parameters is a small price to pay for privacy. I, too, have been a victim of identity theft. Despite efforts to the contrary, having data online, sooner or later, really means having that data in the public domain.
What if the data is medical data ala “certifiied EHR technology” that has “meaningful use”? IF you’re on the emergency room table a data restore is useless. We need to seriously think about these issues before we modernize the medical IT community.
I’ve not used Orbitz in some years, but all my information was still there….
First my solution:
I would like to have a standard “super cookie” that contains my personal internet information, and lets ME manage it, and lets ME control access to it. It could contain and release to any website my zip code — as this information usually makes some websites more helpful. After that if someone wants my address, I can permit access to my super cookie to get it. Access to type or group of data in my super cookie would be controlled by me. I would also like a provision where I can keep a backup of my cookie with my email provider. Other things. My super cookie would be encrypted and password protected. It can even be a password-safe and manage all my user-id’s and passwords I use on the web. If there was a standard super-cookie, then in time browsers and websites could be set up to automate the access and login process — under OUR control at all times.
Now to start at the beginning:
Many years ago during the early days of the internet I found out my ISP was giving away (probably selling) my personal information. They were one of the really big ISP’s of the time who never had enough modems for customer connections. I was suspicious and performed a test. I created a new account and loaded it with erroneous personal information. I had an old credit card I was about to cancel, so I put the new account on it. (Just in case) Within hours I started receiving junk email from scores of firms. They contained my erroneous information AND they had my correct mailing address — having lifted it off of my credit card. It scared me! From that point on I have been very careful about the use of my email account, credit card use on the internet, keeping personal info on the internet, etc.
Over time we have accumulated LOTS of website accounts — our banks, our credit cards, our utilities, our insurance, our investments, our employee benefits, various stores, etc…. For each account I have a different and pretty hard to crack password. I have a password scheme that allows me to keep track of them. Even though my wife knows my account and password system, she doesn’t use it enough to master it. Not too long ago I realized I needed to document all our website accounts. If I got sick, my wife would have a lot of trouble logging into our accounts. Our list is up to 86 entries. Think about that — today we have 86 different accounts on websites around the internet! I keep a copy of the list in a spreadsheet. I have a template that prints each entry on a 3×5 index card. I have a set of cards on my desk. My wife has a set on her desk. We now have both an electronic and paper backup of this information.
If our favorite travel website loses our information, it won’t be the end of the world.
Still 86 accounts is a lot to keep track of. Each of them have a few items of important information. Which of our nieces is our favorite? What is the account number? What is the account balance? What is the customer service phone number? Our spreadsheet has 14 fields for account specific information. At the moment there are 450 individual data items.
My guess is most people who use the internet now have at least 25 accounts somewhere and are managing at least 150 data items. People like Mr. Cringely, who are internet studs probably have 100’s of accounts and over 1000 data items. This is an interesting personal data management idea.
Once I had all our information consolidated and in electronic form, I thought about putting it into my iPod or cell phone. It would make it more accessible to me. BAD IDEA. Before I got a chance to try, my iPod was stolen out of a hotel room. The perpetrator would have had access to everything. The hotel was able to identify the employee who entered our room. They traced other recent thefts to that employee. The police arrested the person within 2 hours after the theft of my iPod. My iPod and several NerdTV podcasts were never recovered. (At the time Apple had no way to cut off my iPod from iTunes. I hope they can today.) If our personal information had been on that iPod, we would have been in serious trouble and 1000 miles from home.
As the world moves to netbooks, and cell phones and iPods become more capable, the temptation will be there to put one’s personal information on them. Before you do, think long and hard about it. The first step in security is to ask a very basic risk/loss question. If some compromised your security — what could they do? What could they take? What would be your loss? How would you know?
It would be nice if we had a way to store, protect, manage, and control our personal internet information. So I propose the idea at the beginning of this comment.
Sans Paranoia:
I used to chide my wife because she kept all of that semi sensitive information in a flat text file. She assumed that I was just being annoying. Recently I have started to keep much of the same information that Bob lost in an encrypted flat text file. It is still in the cookies but when I need it which so far I have not OR when I move to a new machine then all I have to do is move that one file. Plus 2 of the CC numbers are for cards that are shredded and only exist on this document
Plus Paranoia:
As a seasoned engineer. I change almost all of my passwords to something difficult and big every three months. Webmail / GMail, Facebook and LAN /Sysadmin passwords – All of it. That is about four hours a year of hard work. I go down the list and go to my web portals in a VM and then trash the cookies and type the old password and change it to the new one. Sometimes an overprivileged VIP or a junior tech will tell me that I am taking it too far. But if god forbid that my laptop is stolen and then they get through the hard login password and the encrypted directory and encrypted VM and (blah^3) If I loose my laptop that is one less thing that I want to trip out about.
It is, like all security – at heart a mix between how accessible your data is AND how easily I (or my wife) can get to it. Most of the time I life like anyone else. And I almost never want to call “Richard” or “Theodore” — he|| it is simple rule of engineering “trust no failure mode” and a backup plan is only as good as the mind that made it. Some of this would have helped Bob but that is like laughing at someone who fell. Some of it would not b/c the error is on the host side but that is my .01 euro –
This reminds me of something I read on Bruce Schneier’s blog a while back.
Online identity and information is a MESS, and the failure is regulatory, in both direct and contributory ways. Right now there are no legal repercussions for a data problem, to those online entities who hold your information – at least other than medical information. (As Far As I Know) There are standards for data interchange, protection, etc, but outside of medical information there is no liability for the holder. Credit institutions will help you sort it out to varying degrees, but I’m not sure how much of that is law/regulation and how much is customer service.
The way to stop this is to institute liability for holding personal data. You collect the data, you’re responsible for it. There would be of course mitigating factors and standards, like the data interchange and protection mentioned above, and other “best practices.” But at the core of it, the same liability that makes us all reasonably confident that when we climb into a car and drive down the highway at 65MpH it’s not going to suddenly shake apart leaving us with a severe case of road-rash. That’s really where we are today with non-medical holders of our personal information – red and sore, and sometimes worse.
Once it becomes financially necessary for online sites to be responsible for the data they collect, they will become so. Most likely whole new markets will emerge in data security and integrity products to enable this. But until proper care of personal data is legally necessary, it’s an unnecessary cost.
I also mentioned “contributory” above. Because there is no responsibility for our personal data, online (and meat-space) organizations are eager to collect it – it makes their job easier, and “Why not?” With legal liability there would be a very good reason why not – exposure.
Not likely to happen in the US, because it’s bad for profitability.
LastPass will hold all sorts of webform info, so this type of problem can’t occur:
http://www.lastpass.com
First, no site especially one with the resources of Orbitz should be keeping credit card information in their database. Even if it’s encrypted. They will never pass PCI certification if they keep those numbers in their database. There are methods of retaining the ability to process the transaction without needing the credit card number.
However, I once experienced Paypal/Versign actually expunging credit card transactions from a merchant account. Those references are used to process future transactions. In this case, it was the 3rd party transaction house that lost the data. So while the small shop was fully capable of maintaining, and protecting the data they failed the customer and were without recourse.
I am paranoid about losing those accounts and passwords.
I use KeePass on a USB-drive, the Portable version from John Haller.
Since it runs from any folder, I copy it periodically to a PC I am using, so I always have a somewhat recent backup.
I also snag screencaps of sensitive stuff, and archive it at home — also using tools like DropBox and EverNote to make them available to me while mobile. (Evernote can even find words in the pictures and screen grabs – VERY handy.)
If any one of those services dies, I am not without. I will have time to find my new contingency.
Twice in the last two years AT&T has managed to associate my data with someone else’s. Just last week I was congratulated on my new iPhone and given my new contract, with its associated higher cost and use of services I don’t use. (I know nothing about this.) I repeat: this happened two years ago as well.
I call AT&T. They don’t believe me. They–politely–call me a crook. I get up to a fairly senior person (she at least has her own number and answering machine). She cannot help me; she suggests I go back to the Apple store where I got my (nonexistent) phone. And she tried to call me back on my cell phone…which doesn’t work because they’ve killed the chip moving me to “my” iPhone and indeed I’ve called to tell them the phone doesn’t work. They cannot tell me who bought the phone or even where it came from, since it was an Apple store.
I repeat: this is the second time this has happened, down to the inability to tell me where the transaction took place or who signed for it. After the first time I put an extra code on my account. Still, this idiocy. Nobody could possibly have hacked my data; it is screamingly obviously a software failure.
It’s fixed, after much labor and a 10 mile trip to an AT&T store for a new chip.The point: an absolute inability to believe their system has failed and, accordingly, no procedure to deal with failure except to accuse the victim of the failure of lying. Nobody apparently has read or seen Jurassic Park, with its moral that all human systems fail. Put not youir faith in princes nor in software.
Since it happened to you twice, maybe someone stole your identity information and only uses it to create cell phone accounts. In that case AT&T is not at fault.
Call the current number and see if anybody answers? It’s either: in the customers’s pocket right at the store, lost, or somebody answers and says, “um, no, I’m not trying to upgrade my phone.”
I can’t believe such a tech-savvy guy as you would let websites store you credit card data. Forgive me for asking but ARE YOU CRAZY???!!! I feel your pain on having to enter the data every time but we all need to be a little more risk averse with our personal data.
Well, we know Bob is plane crazy. 🙂
If you let anyone other than yourself handle your data, you deserve what happens to you.
Your data is useless to you unless it is shared.
Use a separate one or set of credit cards **only** for web transactions. A different card (or set) for in-person transactions. The web-based transactions will be easier to trace and if lost/stolen, you cancel them and still have your physical, bricks-n-sticks cards – and a viable credit account available to you.
I would rather not have any company keep my card numbers on file. I would rather type it in each time I need to use it.
You do have an account with one or more of the credit agencies, don’t you? Also vital for tracking and monitoring your credit.
Apart from the obvious backup, backup locally and backup often…
Apart from the obvious backup, backup locally and backup often…
This column raises two very important points which havn’t been really been covered…
1. Distributed backups. 17 years of mail on a hard drive isn’t much good if the drive fails but having all that personal information in the cloud for someone else to control as noted in your previous column probably isn’t a good idea without some encryption.
2. If your providers support services are being outsourced to somewhere outside the country along with access to the data what remedies are available if that data is misused or misplaced?
You need to backup to 4 different places…. 🙁 and verify your backups!
True story. I had a ‘special’ Outlook folder for my ‘important email’.
I had a corporate desktop backup solution that did not back that up
for some reason (they filtered out ~My Documents/application data for some reason).
I was also running IBM’s ADSM/TSM Solution to a mainframe, but the corporate
sponsor of the s/w had stopped paying and the backups were deleted,
and I was running ‘AMANDA’ to a Sun Spac workstation.
I lost my hard drive on my PC and the Sun workstation lost it’s OS drive
in the same week…
Sorry Bob, I checked my account and all of my info is there, including all the (expired) credit cards. I haven’t used Orbitz in years.
There are a lot of good ideas regarding data redundancy in the comments section. I use Thunderbird/IMAP to access “Recent” messages and then I periodically download “old” messages and delete them from the server. I have thought about putting the locally stored mail on a TrueCrypt volume but haven’t done so yet – I am glad others have thought of it and actually done it.
But as time goes on, it’s occurred to me that there are very few emails (outside of work, for regulatory and/or CYA purposes) that are really important after 1-2 years. I keep them almost out of force of habit than anything else. However, I’m not a writer… I’m sure Bob has very good reason to hold on to email for that long. But as an average joe, I’m half tempted just to blow all the old email away. Chances are there’s more likely to be something in there that I will be embarrassed about, rather than something that will vindicate me somehow.
I also advocate using KeyPass to keep local copies of registration data used for web sites. The password DB is kept on the local hard drive, but the DB is also encrypted with a key file that is only stored on a flash drive (several, actually). That way if the PC itself is compromised, the password data is still inaccessible (unless there is some flaw in KeePass that allows recover without the keyfile, etc etc etc).
Still, this all is besides Bob’s point, which is the fact that Orbitz somehow deleted Bob’s data.
I used to be part of the tech management team of a reasonably large web site, and while we truly did our best to avoid gaffes, they occasionally occurred. On the other hand, our customer service was based in the US and it was fairly easy for them to ring a hotline and escalate data problems, whether it was for multiple users or even just one.
From my experience I would say that deleting data is not the same as losing data except for a common thread of clumisness or carelessness, which another reader pointed out. I agree with the user who suggested there was some sort of maintenance activity that zapped some, but not all, records.
So many points I can reply on…
I used to use Eudora for the longest time. My sister still does. I migrated to Opera some years ago, but before I did that, I setup my own personal IMAP server. Well, it also does MTA, HTTP and a couple of other things. Over 150Mb of email in MailDir format. IMAP is fine for years and years of email; it’s your client that has to be able to handle that.
I keep my passwords and such in a NewtonWorks file on a memory card in my Newton. I probably should make a paper copy for when said Newton finally bites the dust. 🙂
About credit cards being kept… I paid for some train tickets with Amtrak a few years ago over the web with my credit card. In Penn Station, NY wondering how to get the actual tickets, I found their self-service machines. They recognised me by my credit card number. :-O I’m sure that would not be legal in Australia…
I haven’t looked into it carefully, but my cursory impression of the VRM efforts that Doc Searls mentions frequently is that it seems to include solving the problem of owning the data that various online organizations hold about you. The user owns his own data and hands it out to vendors as needed. That isn’t the only thing that VRM aims to do, but it is one of them.
I don’t mention this as a solution, since the VRM stuff is, as far as I know, not anywhere near ready for use. I just want to point out that there has been some considerable thought and implementation effort directed at the problem already. How successful it will be, I have no idea.
Seems most likely Orbitz is competent enough to solve this problem. But they made a conscious choice to let the broken data go rather than invest the money to fix it. Orbitz must have figured it costs less to lose a few customers than try to fix this “glitch”, right?
“Remember last week we discussed in this space how you’d manage personal data following the demise of a photo-sharing or social networking site?” How convenient! 🙂
It sounds like fate. True story: last week my boss was telling me that his chiro called to let him know he hadn’t seen him in a little over a year. And we talked about him taking a day off (which he NEVER does) last year because of his back. Well, two days later he stayed home for a couple of days because his back had locked up.
The moral: don’t talk about bad things if you don’t them to happen to you! 😉
my Tracelocity data is still intact. 😉
I also have a problem with an online service: LinkedIn.
This service is really helpful to build and maintain your professional network. But when it blocks your whole account, it gets really annoying: you can’t log in anymore and accept invitations, validate group members, etc People think you don’t want to accept their invitation and you need to mail them rapidly to avoid misunderstandings…. In short, it becomes a burden and gives a bad image, when its initial goal was the opposite
If it is a problem limited to a few users like in my case, don’t count on the provider to help, certainly when you’re not a paying user. I’ve been locked out of LinkedIn for months, they have identified the problem, but haven’t fixed it and they don’t want to help find a work around (eg creating a new account and migrating my data to it).
Here’s what I wrote about it back in april:
http://blog.raphinou.com/2009/04/linkedin-locked-out.html
I’m seriously considering to ask them to delete my account as it is in this state a problem rather than a help.
Raphaël
I use Thunderbird with Gmail.
Gmail archives a copy, Thunderbird downloads a copy…we’re all good. I even imported my ISP mail into it several years ago and it’s been a great solution.
Also, Expedia has never lost my frequent customer info…
+1 for keepassX, it’s a real lifesaver.
Sorry Bob – its your data, your responsibility.
I’m not preaching. I don’t claim to have off-line copies of all my information. But I should.
A few weeks ago I lost simultaneous access to all Windows Live services. I think the Outlook Connector hosed the password requests too many times on all my accounts. Couldn’t sign-in for three days. Here I was, I thinking I had lost all the information I had archived to my Skydrive. It led to some changes in practices on my end.
If Eudora works for you, by all means, stick with it.
Luckily, my info is still there. And, like you, it’s the only place I store that information.
Scott
bob,
regarding losing your data – you missed the point – there was a backup – and they have access to it – and they could use it – but they DECIDED NOT TO – you and your data are NOT IMPORTANT ENOUGH to pick through, restore and filter back into the main system your small dataset.
Keep in mind why banks have fees on oddball transactions like overdraft – it costs them more money when you squeal than when you keep quiet, there is no way they can restore data for individuals – who knows how many – especially when it will not cost them anything to ignore you. they have enough to do.
the transition from eudora to Gmail is painless and the benefits are huge, the main one being you don’t have to backup as frequently and you can use your email without your computer.
you must still backup gmail – i do this from pop using thunderbird – the desktop successor to the Eudora franchise.
then i store all of my old email back to 1995 in Info Select, but you could simply index it in text files using Google Desktop.
brad
bob,
regarding losing your data – you missed the point – there was a backup – and they have access to it – and they could use it – but they DECIDED NOT TO – you and your data are NOT IMPORTANT ENOUGH to pick through, restore and filter back into the main system your small dataset.
Keep in mind why banks have fees on oddball transactions like overdraft – it costs them more money when you squeal than when you keep quiet, there is no way they can restore data for individuals – who knows how many – especially when it will not cost them anything to ignore you. they have enough to do.
the transition from eudora to Gmail is painless and the benefits are huge, the main one being you don’t have to backup as frequently and you can use your email without your computer.
you must still backup gmail – i do this from pop using thunderbird – the desktop successor to the Eudora franchise.
then i store all of my old email back to 1995 in Info Select, but you could simply index it in text files using Google Desktop.
by the way- info select is the way to go for your frequent flier numbers, every login for every web site and every credit card number etc etc – quick and easy it’s the way to go. if all of my information were not in a PIM like this i would not be able to breathe.
brad
Don’t want this to happen again? Want to buy your tickets from somebody who actually gives a $hit? Well, there are millions of real travel agents out there just dying to help you, and knowing your preferences is part of their job. You might have to pay a fee (thanks to greedy airlines like United and BA killing agent commissions), but you’ll never get equivalent service from a website.
Bob,
With as many years experience as you have, not having your data stored safely surprises me. Systems fail and Orbitz is just another system, like harddrive. It will fail and recovery may not happen or happen completely.
This is why I’ve used things like Passwords Plus (Palm/Windows) and 1Password (iPhone and OS X).
Good luck with hunting down all those numbers.
OS X’s Keychain Access. Put whatever you want in there, securely.
Bob,
My profile is blank as well and I have been a fairly regular user of Orbitz (4+ times a year on average) since 2001. After checking just now, all they seem to remember of me is my email address, which would be hard for them to forget since it also serves as the username. No credit card info, no billing or mailing addresses, no frequent flier numbers. I have just come to expect this of online companies like Orbitz: every now and then you’re going to get “reset” and have to go through some sort of minor re-registration process. I’ve had to do that with every online retailer in one way or another with the sole exception of Amazon.
I would just say that failures are a fact of life, and every company worth their salt has some sort of backup and disaster recovery process documented and in place. I don’t give companies any extra credit for that. It’s something they should be doing in the first place. Where you will really get insight into a company is how well and quickly they successfully respond to those failure events when they do happen.
To Orbitz: Good luck keeping your customers, guys. For some of us, this is the last straw on top of really bad customer service.
But…they have a hovercraft!
Clearly, although their marketing is aimed at nerds, their service is not.
Sorry for your loss. Anyway, for what it’s worth, all of my data is still safely in Orbitz.
PCI
My affinity program and credit card numbers are still in my Orbitz profile.
You can easily copy whole folders of your e-mail from Eudora to Gmail via IMAP.
Or you can backup & restore the e-mail using IMAP server running on the localhost or on LAN
@Matt
Finally someone that gets it.
I’m gonna sound like an old geezer, but not all new things are better. Lately everyone seems to trade in security (including back-ups) for ease of use. People are getting lazy.
[…] couple weeks ago you may recall a column I wrote about how Orbitz, the Internet travel service, lost all my personal data including my […]
Have a awesome day!
Hey there I discovered your site by sheer luck, I was digging around the worldwide web for things to do on Oahu when I found your site, I must say your webpage is very great I just love the content, its astounding!. I’m strapped for time right now to completely read through your webpage but I have saved the location of it and also subscribed for your RSS feeds. I will be back when I free up some time. Thank you for a fantastic webpage.
truebeginnings online dating
Its beter than the loan you couldnt get.
are you able to discover iphone news – choice
Which? The actual safest please do not master the way to go, outfits identified proven methods to uncover the product?
Im no expert, but I presume you just produced an exceedingly wonderful point stage. You of course know what youre talking about, and I can definitely get behind that. Thanks for being so upfront and so honest.
I enjoyed this. Where is your contact details though?
regarding losing your data – you missed the point – there was a backup – and they have access to it – and they could use it – but they DECIDED NOT TO – you and your data are NOT IMPORTANT ENOUGH to pick through, restore and filter back into the main system your small dataset.
cheap VPS
Keep in mind why banks have fees on oddball transactions like overdraft – it costs them more money when you squeal than when you keep quiet, there is no way they can restore data for individuals – who knows how many – especially when it will not cost them anything to ignore you. they have enough to do.
the transition from eudora to Gmail is painless and the benefits are huge, the main one being you don’t have to backup as frequently and you can use your email without your computer.
you must still backup gmail – i do this from pop using thunderbird – the desktop successor to the Eudora franchise.
then i store all of my old email back to 1995 in Info Select, but you could simply index it in text files using Google Desktop.
by the way- info select is the way to go for your frequent flier numbers, every login for every web site and every credit card number etc etc – quick and easy it’s the way to go. if all of my information were not in a PIM like this i would not be able to breathe.
Thanks for taking the time to write that, I found it very educational. If you get a chance you should check my blog as well. I hope you have a good day!
I really enjoyed visiting your site, and it looks great. If you get a chance you should visit my blog as well. I hope you have a great day!
I’m not actually too familiar with this topic. I more so just love to visit blogs for layout tips and points like that. But you essentially constructed a subest that i mostly care absolutely nothing about very intriguing. This really is a perfect blog site to design mine soon after. I hope you don’t mind if i bookmark your webpage, to ensure that i can easily pick it once again at the future. Cheers
Thanks for that superb website publish! I very enjoyed reading it, you will be a excellent author. I genuinely added your blog site to my favorites and will arrive back contained in the futureto your web log. Continue to keep up the outstanding task, I wish you may have a terrific day!
Some exceptional thoughts the following. Are you convinced this is certainly the proper strategy to look at it however? My own personal expertise is the fact that most people might pretty considerably stay and let live for the reason that what an individual someone thinks just — yet another someone merely does not. Human beings are about to do what they like to do. Inside a end, they constantly do. Probably the most we can pray for is always to highlight a few things right here and there that hopefully, makes it possible for them to create just a little much better informed decision. Otherwise, great post. You are definitely making me think!
Thanks for that perfect blog site article! I honestly enjoyed reading it, that you are a tremendous author. I literally added your web site to my favorites and will come back inside a futureto your webpage. Hold up the extremely good task, I wish you could have a awesome day!
Bookmarked your blog. Are grateful for expressing. Absolutely worthy of the time far from my personal reports.
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I’ll be subscribing to your feed and I hope you post again soon.
Whats up ! Love your blog.
Good to find out you back. And again through an interesting post.
This is a really beautiful theme. Can you hook me up with your designer?
xamrajyrvuofhwayuk, mattress topper, VrqFyEgxsNsrsyckfJgr. odqqefetncrzjbwcjp, gloria vanderbilt jeans, vzAWeZnFYPgwSshoMgvm.
Thanks very good o/
Like the design, template, post is OK, writing is good. I’ll probably check your blog again….
great thanks man…
great thanks man…
good thanks o/
I’d just like to let u know how much I learn from your writtings Tweeted you.Hope 2 be back soon for some more good stuff
good (article|information) thanks
Zune and iPod: Most people compare the Zune to the Touch, but after seeing how slim and surprisingly small and light it is, I consider it to be a rather unique hybrid that combines qualities of both the Touch and the Nano. It’s very colorful and lovely OLED screen is slightly smaller than the touch screen, but the player itself feels quite a bit smaller and lighter. It weighs about 2/3 as much, and is noticeably smaller in width and height, while being just a hair thicker.
Profile Themes for Facebook
Great blog! I definitely love how it’s easy on my eyes and the information are well written. I am wondering how I can be notified whenever a new post has been made. I have subscribed to your rss feed which need to do the trick! Have a nice day!
Thank you, I’m glad it helped !
Great blog! I definitely love how it’s easy on my eyes and the information are well written. I am wondering how I can be notified whenever a new post has been made.
Definitely a good deal of off subject commentary on the site, just how have you been bringing in a lot of these opinions, By the way I’m on a world trip, going from country to country. Nonetheless I’m entirely secured with travel insurance
Hey, thanks for the terrific guide. Honestly, about five months back I started taking reading blogs and there is certainly just so much nonsense in existence. I value that you put wonderful written content out that is certainly distinct and well-written. Superior luck and thank you for that excellent content!!!
Another great post. Thanks
GREAT BLOG! You are one of the best writers I’ve seen in a long long time. I hope you keep writing because people like you inspire me!
Find the information and comments here very worthy read.
I really like this site and I, Cringely » Blog Archive » Falling Out of Orbitz – Cringely on technology . I read about you on another site I found on Bing and thought they had great views as well.
ohhhh really..Really glad I found this article! Thank you so much for submitting.
Awesome site. Find your site very beneficial. Keep up the excellent job!
From all the sites I have been to covering this subject matter, I think you do that best at explaining it, so very well done my friend.
[…] for signs of genetic disorder that will increase my premium, a book I bought gets erased or my frequent flier numbers get erased. All of that data, while not in my exclusive possession, cannot be safely guarded against […]
I really like this site and I, Cringely » Blog Archive » Falling Out of Orbitz – Cringely on technology . I read about you on another site I found on Bing and thought they had great views as well…
Awesome site. Find your site very beneficial. Keep up the excellent job! x
the bags on behalf of the brand under Chanel bag then let us tell you that they
your business today.good luck with using article…
marketing in your business today. have you ever experienced the so-called “writer’s block” while trying to come up with new ideas to blog about? those dry spells can be tough when you just can’t seem to think of anything to write…
writer for?it is not only for web…
content that people look for a skilled writer. you might have an excellent business idea and need to write a business plan to show to your investors. or, maybe you are an employee in your business organization and want to write…
A round of applause for this weblog.Appreciate it All over again. Keep writing. Jaydeep Biswas
Hi there, I read your new stuff like every week. Your story-telling style is witty, keep up the
good work!
Regards – http://midsummerr.com/ – K0nst4ntyn0
I could not resist commenting. Perfectly written!
My website penisvergroting
Hi, this weekend is nice for me, because this moment i
am reading this great informative post here at my residence.