ALA TechSource Logo

ala-online-v1.jpg

 
curve Home spacer Publications spacer Subscribe spacer Blog spacer About  
    

"Sorry if I Spammed You"

Submitted by Kate Sheehan on May 18, 2010 - 9:59am


"Hi, I'm sorry if I spammed you" has been my standard greeting for the last several weeks. If you've ever had email contact with me, you already know some of this story: a few weeks ago, my gmail account was hijacked. I believe this is what they call a "learning experience."

As usual, timing is everything. In the middle of April, I spent two weeks at conferences, one of them driving distance from my house. On my way home from the first day of the conference, my phone chirped with the familiar text-message sound. Like a good driver, I ignored it. As I pulled into my driveway, I see that it's from the wonderful Cindi Trainor, telling me that not only has she gotten some strange email from me, but that our shared contacts at ALA have gotten weird things from me too.

Generally speaking, I don't believe in panicking. I belong to the "take a deep breath and ask a few questions" school of getting through life. The mobile app I had been using would occasionally resend email from earlier in the day, so, I texted back "like hiccups or like someone's in my account?" and went inside to see what was up.

What was up was total chaos in my online life. My gmail box was a mess, I had messages on Twitter and Facebook telling me that I'm spamming everyone, and Cindi texted back saying that it looks like I'm spamming and she'll look at the email headers for me when she gets a chance (didn't I tell you she was wonderful?).

Like many people, I have given over much of my life to Google. I manage several addresses, including my domain email (kate {at} loosecannonlibrarian {dot} net) through a single gmail sign-on. This has worked well for me for years. The "many eggs, one basket" approach has one obvious drawback, which I experienced nearly viscerally when I opened my sent mail folder. Evidently, I wanted everyone I have ever emailed, ever, to buy some Canadian viagra.

This would be bad enough if it were just my personal account or just a professional account, but the combination of all of my accounts in one gmail inbox meant that for days I was getting confused emails from colleagues, friends, relatives, and the befuddled friends of my parents who didn't understand why I was sending them links to pills. Under normal circumstances, I would have policed my email for a week and written proactive notes to everyone I know, but I was in the middle of a conference marathon, so a somewhat more triage-esque approach was required.

I changed my password, posted frantic apologies on twitter and facebook, deleted google buzz and the mobile app I had been using, unlinked all of my accounts and changed all of the rest of my passwords. Then I started cleaning out and paring down my address books. At some point, my twitter pals informed me that this was a problem for a number of them and there were a few preliminary theories about what was going on.

Following the advice of the Google help page, I saw that someone in Romania had accessed my gmail account via the mobile interface- at the bottom of the page, Google will show you a list of all the IPs that have accessed your account recently. I had a fleeting thought that Google, of all companies, should be better at knowing my every move than, say, my credit card company, and perhaps block the out-of-country access? Ultimately, I felt fortunate that I managed to stop the spam exploding from my account before Google got wind and shut me out of my account altogether.

I haven't sent an email forward in over a decade, which may have contributed to the fairly high rate of "I clicked on the link you sent, but it was for Canadian Viagra" emails I received. Several friends commented that they assumed that I was somehow immune to email problems (I am reassured by Cory Doctorow's recent tale of woe). I'm still working my way through some of the fallout. I've left all of my accounts separate, rather than funneling everything through one address.

The single biggest project this has created for me is the clean up of bacn (you know, the legit email you get that you maybe signed up for but probably don't really want, but what if you miss a great sale at your favorite online store kind of emails). Should you need to know if there is a sale on the Internet, I am the person to ask. I try to remember to opt out of mailing lists, but I've ended up on a lot of store mailing lists. Some of them twice. I've never considered it much of a problem to delete the daily accumulation of advertising in my inbox. But I only had the one inbox. Now I have several and the fact that dealing with these promos is actually a huge waste of time has hit home.

This is not a problem particular to online life - signing up for a mailing or for more information about something always seems like a good idea. Or like a neutral idea, at least. But it drags down our signal-to-noise ratios just a little bit each time, fostering a dependence on the dopamine cycle of the online era with each flurry of false hope that there's something good in our inboxes. Clay Shirky famously said that we don't suffer from information overload, we suffer from filter failure and the stream of mail I don't really need was taxing my filter every day. Unsubscribing from all of those notifications has turned out to be more work than I suspected, though. Never mind the mailing lists I was on more than once; there are stores that send me email because I bought something from them once, years ago; restaurants I left comments for when I was on vacation (I do think the restaurant that grew much of its own food in northern California was a gem, but it's unlikely I'll eat there again, never mind make it there for their Friday night jazz concerts); and mailing lists I can't quite figure out how I ended up on. Many of these lists have needed repeated requests to unsubscribe me, or take a week to process my request (they can't be managing this by hand, can they?), and the New Yorker gives me an error message each time I unsubscribe.

I remain a little jumpy about my email. I'm happy that my smartphone allows me to see several accounts at once, but I still haven't added the account that was compromised to my phone. The worst part of the problem was the huge range of people I spammed, the giant mash-up of personal history, social connections, online life, and libraryland. It's a little bit of magical thinking on my part, but I don't want that account connected to my phone's address list (which is the same sort of (though not nearly as extensive) mix of people my original Google account contained).

As with any small, personal crisis, the silver lining comes in the clean-up. I'm reducing my online clutter, streamlining my correspondence, and cutting down on the places I have to check online (not that I checked Buzz all that much, but it's one less thing to think about). I haven't been as attuned to Google Reader, but my twitter friends have kept me posted about important content. I'm thinking through how to avoid keeping all of my electronic eggs in one basket - not only am I overly reliant on Google, but I was managing far too much of my online life through a single, not very secure, sign on. Twitter pals have pointed me to good password managers and although my passwords have always been pretty secure, I'm upping the ante.

This past weekend, Roy Tennant posted a link to an essay by Anne Lamott about making time in your life for what's important. My ongoing project to rid my inboxes of bacn has taken time, but with each "click here to unsubscribe" I like to think I'm creating a little more room in my life for meaningful interactions, for reading long, rambling emails from friends and answering them in kind, for actually reading the poem a day that appears in my inbox (which too often got swept out with the latest style of tablecloth from crate and barrel), for using my online life to augment and enrich my life. I wouldn't go so far to say I'm grateful to spammers, but as far as silver linings go, this one's been pretty good.

Oh, and I'm sorry if I spammed you.


Comments (2)

I haven't picked one yet!

I haven't picked one yet! Twitter pals have suggested a few:
http://keepass.info/
http://splashdata.com/splashid/index.asp

and Lifehacker had a post with three others:
http://lifehacker.com/5529133/five-best-password-managers

I'll try to settle on one by ALA and let you know what I find. Does anyone else have one they like a lot?

So... which password manager

So... which password manager have you decided on? Back when Palm was my PDA, I was a big fan of Keyring. But since moving on from Palm, I haven't found a system that feels like the right mix of secure and simple-to-use.