Even when I go to a restaurant, I don't need their special offers to go back again. If I liked the experience, I will return myself, if I didn't, no offer would make me. And unless I am in the airport or out for a long time, I don't use the local wifi if it asks to create an account.
The other day I went to a small restaurant and paid for my order with a debit card.
A minute or two after leaving I got an email on my personal Gmail thanking me for my patronage, even though I had never been there before, and I hadn't offered my email...
Except while I had been next door at a meetup and used their Wi-Fi. I guess they had the hotspot setup to send an email after you left the network.
Gave me a bit of a spook thinking a small restaurant would go as far as to look get my email based on my card information, but it was still an unwelcome use of my email.
Not only did they send that email, but they subscribed me to their mailing list without any indication on the capture site.
In these cases, please please don’t click unsubscribe. Just mark as spam. Even if gmail helpfully offers to unsubscribe for you: resist the temptation. It puts the incentives in the right place. It’s the only way to fight this, and it’s a damn good one.
I urge everyone to stop clicking unsubscribe, ever, unless you explicitly subscribed to something. [edit: Even that automatically enabled “subscribe to our mailing list” nonsense, or “click this to not subscribe”, or whatever stupid games they play on us these days. No. Don’t let them joke you around.]
Not saying you didn’t, just wanted to take this opportunity for a cheeky PSA :)
Ironically, conditioning people to respect the unsubscribe button has, probably, insidiously led to more spam making it into people’s inboxes than anything else in recent memory.
[edit: to answer the Why not both? ] Because incentives makes our world go around. Make no mistake: They don’t give a damn about you or your inbox and will do anything for those sweet sweet engagement and conversion metrics. Unsubscribe makes them feel the pain (this is the jncentive), and it helps them not take your inbox for granted.
Making them eat bad spam rep score is the only weapon we have, to make them treat our inbox with respect. Use it.
To add to above, also some scummy lists use the unsubscribe click as an indicator of a working email, and then classify/sell these at higher prices. And of course, you never get unsubscribed, just get added to more and more lists.
If they use mailchimp, unsubscribing gives you the opportunity to report there account as spam and get them banned from the service. Also no reason you can’t also mark it as spam in your email client too.
Clicking unsubscribe relies on gentlemanship instead of self motivation to work. It relies on people respecting you and being kind, rather than doing what is best for them. This kind of system rewards unscrupulous behaviour (not respecting the click, subscribing you by default , etc).
It is a common mistake in organising workflows involving humans. It works beautifully on small groups but collapses under its own weight at scale. You will always be swimming upstream.
If you will allow me to take some liberty, this is comparable to communism vs capitalism, in practice. Loosely. :)
And yes: clicking spam makes google lower their reputation , eventually spam holing all their email directly (= disincentivising bad behaviour ). This means that now, suddenly, the company and you have the same goal: not to send you email you would consider unwanted. Currently, they can get away with spam by calling it a mailing list and adding an unsubscribe button.
I'm not sure which system you're comparing to capitalism and communism to be honest.
Capitalism reward some dishonest behavior by its nature, because the ultimate reward is money (thinking of tax evasions, stealing..) . Communism also rewards some dishonest behavior, but not the same kind (it's more like work the least to earn the same)
If everyone clicked "unsubscribe", there would be no harm in spamming you. Because if you don't want it, you just opt out with no fuss
If you click "report spam", their spam rate goes up. And after it goes past a certain %, Gmail and other clients will filter them into the "spam" folder
Why would I want do download mail I don't want? Because when I refresh my IMAP client or or POP3 my mail from the remote mailbox, the messages are at least partially downloaded, and in my case fed to a local spamassassin daemon. Receiving dozens or hundreds of unwanted mail can cause the time required to process all my messages by my MTA increase significantly, and also spam that manages to make it into my inbox increases the time required for me to mentally process e-mail.
> Ironically, conditioning people to respect the unsubscribe button has, probably, insidiously led to more spam making it into people’s inboxes than anything else in recent memory.
I doubt this.
> Making them eat bad spam rep score is the only weapon we have, to make them treat our inbox with respect. Use it.
Doubt this also. A bit of manual vetting of your inbox goes a long way. And also avoiding inserting your mail address into bad websites which will sell them or whatnot, and when including it in text making sure to obfuscate it somehow. Spam filtering is vital, but it can't do all for you.
I started to setup a rule to mark newsletters as read and redirect them some info@ or simimar address of the company. I wanna waste their time if they waste my time.
Just an offshoot topic. What really grinds my gears these days is when you click unsubscribe and then they ask you to login in to change your email preferences.
I also hate that. You could claim that doing this is a violation of the CAN-SPAM act since it can be assumed that there will be people who have forgotten their password, so therefore the unsubscribe button is nonfunctional.
By "you", do you mean companies that send these emails? But good point. What you said is another reason that the CAN-SPAM might be violated by requiring a login to unsubscribe.
You're sure that it wasn't the POS terminal at the restaurant? I get quite a few email receipts from cafes and merchants who use the same POS as other places I've paid in past, lots of them from Index[1].
They are not allowed to send anything except for the receipt and only if customers agreed to it. And Even if customer agrees - the merchant themselves do not have access the email/phone number, the payment processor is the one who sends the receipt
There's no way they can verify the email address you enter in the form is correct as they must give you web access to allow you to click a confirmation email! Just entering a made-up one works 99% of the time.
It's getting harder, as there are only a few remaining free email provider. And if you don't login, some delete the account after 6 months, or some don't have proper spam protection in case I want to open the inbox and find a registration confirmation mail.
But whenever I have reason to believe I'm being signed up for spam on an email that will not be verified (which is the case for most "free wifi" login prompts), I usually try to find a real email of someone involved, such as sales@terrible-wifi-gateway.com
Besides burner e-mail services, Fastmail allows you to create addresses on the fly with subdomain addressing. E.g. if you are using me@mydomain.tld, and have subdomain addressing enabled, you can use me@foobar.mydomain.tld where foobar is a random subdomain. I like it for a couple of reasons:
- You can easily set up rules on subdomains to send e-mails to separate folders or to discard them.
- You can find out who is selling your e-mail addresses.
- It is less trivial for spammers to abuse than plus addressing.
I do something similar with Fastmail, except instead of subdomain, I use the prefix, e.g. reddit@example.com, hn@example.com. I have a generic one (hi@example.com) for certain use cases but in general I use the specific ones so I know who may have sold/"lost" my email address. It's a lot better than Gmail style plus addressing since some input websites disallow plus emails or have terrible email systems that can't properly recognize it.
The only thing I wish that would go further would be to be able to flag a certain email address to be set to "not exist", so that if someone emails it, it gets bounced back as undeliverable. I set up something similar on my own server a while back using Postfix and Postgres to deal with holding the emails/undeliverable emails but it ended up being a hassle to keep up with and I am glad to pay for Fastmail to not deal with anything but getting my emails.
Additionally, one downside to the burner email services is that some companies have tracked down the popular ones and mark email addresses from those domains as invalid, meaning they really want something that isn't a burner email.
A lot of sites will block it, but yopmail does the trick for me. It's a public email repository (anyone can see any email sent to any address), so it's a good place for burner emails
All these disposable temporary email providers don't support IMAP and are temporary. I need aa hassle free solution (also on smartphone - IMAP).
Can someone suggest more free traditional email providers (beside GMail, Outlook.com, Yahoo) that are free forever, require no phone number to register, support IMAP.
Last place I went to offered unblocked access to google, hotmail, and probably a few others until you finished confirming your email address. Joke's on them, though, because I only needed to access google services to write some emails and attach pics from google photos.
It is. Back in 2009 in France there used to be 3 major networks and they'd charge insane prices up to $80ish a month for unlimited 3G. Then Free Mobile came and announced a $24 (19.99€) a month for ever unlimited, virtually the next day all those other operators created a "low cost" version of their plan at basically 19.99€ a month for unlimited phone/text/data ... What a coincidence.. nowadays it's still the same price, except it's 4G LTE.
Free Mobile almost had plans to buy T-Mobile[1], that would have been awesome...
I'm now rocking an unlimited calls and texts with 20GB 4G data plan on SFR for 12 € / month. Without Free, I'm pretty sure that plan would cost me around 100 €.
T-Mobile “Unlimited” doesn’t throttle you until you hit upwards of 50GB in a month in the States, and my understanding is that mobile data is very inexpensive in Europe.
Typical. There used to be a cheaper alternative (Public Mobile), but they got bought and killed by one of the four giants. So now there is nothing cheaper.
This is certainly true for my province (Quebec), but the rest of Canada has the same (lack of) players, so I expect they have the same issues.
I’m not sure what to do with your anectodal hyperbole except counter with other anectdotal hyperbole and say that 50gigs/month is more than enough for me under normal circumstances.
Granted I don’t watch a ton of streaming video, but I do work mostly online and am on multi party video conference for multiple hours per week.
50 gigabytes is enough to stream more 2 hour movies in high definition than anyone would care to watch in a single month. We are talking mobile data here, not FTTH or something. We're talking about activity you'll be doing on your phone or, at best, tablet.
I imagine what Yelp really want is to track footfall and IRL behaviors via MAC addresses.
You do not need to attempt to connect to the wifi for them to obtain this, merely walk/move past the restaurant.
This will let them know your movements in meatspace (‘you’ being the derived identifier, until/unless they pay/trade-with a data broker for enrichment).
While both Apple and Google have boasted about MAC address randomization for years, it’s always been crap, and still is[1].
ZenReach (https://www.zenreach.com/) has done this for quite a bit of time and has grown very fast doing it.
It's unclear how Yelp's offering is differentiated from ZenReach's, but Yelp may capture a significant share of the market simply by virtue of the fact that they have excellent reach into brick and mortar businesses.
This backfires since sites and browsers started defaulting to HTTPS. The WiFi can't present its spammy "login" page in response to an HTTPS request. Some WiFi nodes try to MITM HTTPS pages, but that generates forged-site messages that are hard to bypass in newer browsers.
Good move for Yelp. Probably bad news for data privacy advocates.
They could track you from venue to venue, without your even connecting to the wifi. They could see how busy a restaurant is at any time based on number of smart devices with wifi, they could infer demographic data based on device id, etc. etc.
They could probably correlate this with other data sources to 100% identify who you are and target you.
It's good for business owners if they surface this insight to their audience. It's bad for business owners because previously Yelp has been notoriously a bad actor in the space and can't be trusted.
It's good for business owners that want a great interface and offer wifi that might also better the experience for their customers.
Also looks like you have to sign in with a social network? Double nope. Also looks like its an app instead of the normal connect screen, but since it's a mockup I'll give that a pass.
Thinking about it - not really all that different than the google wifi at Starbucks. Google definitely is mining some data there... how long you're connected, locations visited...
What's the full extent of the Google Wifi surveillance at Starbucks? Browser fingerprinting? Some MITM technique? It seems to bounce you through appspot.com, i.e. GAE, but I can't figure out the tracking mechanism there.
Just a thought: custom software on the ap/router that logs your mac address and anything else useful for fingerprinting that they might not get through a browser.
except if they actually verify the email doesn't bounce and you don't have a cell-data device, then you need the wifi in order to get your 10minutemail address…
A year ago, I was at Montreal Trudeau Airport waiting for my flight. I tried to connect to the Wifi, it asked for an email address and as usual I entered something in the like of dksqjd@skqdhqsd.com
Problem is you first get 10 minutes of wifi to go check your email. Once the email is confirmed, you get unlimited wifi.
Some operating systems use a "fake" MAC address when not associated and scanning for networks. In theory, this would prevent tracking when a user is not connected to the SSID.
Form based landing pages are the norm for public WiFi here in England. I just always give fake information. I’m not sure how many people give out their real name email and phone?
Agreed. Once or twice I gave a "real" email on the basis that I assumed they'd email me a confirmation-code, or similar. Since that has never happened I just enter "example@example.com", or similar, these days.
This seems like a clever ploy to recapture some of the ground that Foursquare is taking, in that Foursquare has the deeper intuition on customer preferences linked to social networking data - you have to use some identifying info to connect to the network, plus there’s the possibility these wireless routers may be scanning for nearby phones/computers. It could lead to the Yelp app advertising based on proximity to restaurants that people in similar demographics liked.
Knew the guys that were likely the predecessors of Yelp Wifi before they got acquired: Turnstyle Analytics, solid Canadian company, good to seem them being used.
One thing I've noticed about my personal habits is that I use WiFi less and less. WiFi is so horribly unreliable that I turn it off and use LTE. I'm sure there is a segment of people who this would work great for, but after almost every US carrier revamped their cell phone plans earlier this year to offer unlimited data, I struggle to see this product's future.
At first I have the "lol really that's blunt, no way I am gonna use it", then I thought to myself, yeah that's really blunt and should give some credit for being blunt. But it'd be better if Yelp would at least give one or two examples....
Personally, I do find this disturbing. Regardless, I use my 4G.
There’s certainly a small and beautifully designed “I have read the [terms and conditions]” checkbox next to the field where you input your email (and no non tech savvy user/lawyer has ever bothered to click those links)
This makes a bit of sense. One can't help but wonder what all their engineering resources have been going towards since Yelp and Eat24 are so buggy and seem to be gradually getting worse. At least now there's an answer
I've never used public Wi-Fi, and don't see why one would really want to, if they have a data plan. If you don't watch videos outside, 2-4GB suffices monthly (2GB monthly costs me ŧ27/~$6, with an educational discount, and I've never used it all up). If you do video conferences outside, you probably would have the income to buy a larger data plan. It's just not worth the risk. Maybe things like Facebook consume people's data plans quickly so that they're always looking to find free wifi?
If you work remote just doing things like using ssh, browsing web pages, and using Spotify and the occasional YouTube vid can eat up more than 10 GB a month. It's not hard to set up an OpenVPN server in AWS along with LetsEncrypt and have a custom VPN to use to browse securely over public wifi. Now as for speed and whether they block vpn ports or other ports needed to do your job, is where I draw the line for pub wifi usage... actually probably wouldn't use at DEF CON as well.
How often do you really need to connect to WiFi these days? The four major wireless providers all offer "unlimited" data. T-mobile even has "unlimited" 3g tethering. I've gone over the prioritization limit plenty of times and not seen a difference.
This is brilliant on Yelp's part. Surprised a POS system didn't already do this, but I guess they have less to gain. I wonder what % of US consumers max out their data plans in a month - that would give you an idea of what adoption might look like.
yelp seems pretty thirsty, must to be doing so well. they're (the restaurant) in the wrong business if they care about offering wifi instead of quality service. I have zero interest is being contacted later for promotions or loyalty.
A me-too product in a crowded field. Based on other comments below it appears to be a rebrand of a prior acquire, Turnstyle Analytics in this case.
Also, it's pretty clear based on these early comments that HN has a bunch of people that never talked to or sold to a small business owner before and empathize with their needs.
When you open up a QSR (quick service restaurant as compared to FSQ full service restaurant) there's really only three strategies to build up your initial customer base, one is using wifi as the honeypot.
The default would be to be just broadcast your business account cable or DSL modem and call it a day. The nicer places have a Meraki, set up the captive portal settings, and call it a day. The smart thing to do is to call Facebook and setup a Facebook Wifi service account with them.
They set you up an account, you configure your router, then let Facebook lock up your wifi in exchange for a like or to click the tiny dark patterned opt-out link.
The store owner wins, they get exposure through Facebook with likes, Facebook wins because they get more data points to track, and the customer wins in that they get data access.
It's a simple idea and there are plenty of vendors that offers this to help business owners not have to deal with the as-is software from equipment vendors.
ZenReach.com is another solution provider that integrates multiple services to make it so you mix and match to set up your own preferred workflow.
Yelp jumping in is to boost up their yelp ratings and reviews which in turn boosts their value and extend their relationship with the store so that they can push and upsell more services like local advertising, profile promotion, or orders lead generation.
Lots of the shops will buy in, it's one less hassle out of a lot of hassles they deal with day in and day out, and they might get more Yelp reviews and Yelp stars? Yes, let's go.
The lifecycle for a product like this though is only 2 or 3 years. After two or three years the shop owners smarten up and switch back to a custom branded captive portal because after enough likes they don't want to keep feeding the Facebook bottom line. But now they get to maybe boost up Yelp reviews and ratings for awhile.
Are you sure? I'm looking at my email inbox and saw an email from Pizza ranch. When I went there the first time, they simply asked me if I'd like to give them my email address. I gave them my email address. Easy enough. You don't need to offer anything.
You can offer free WiFi if you like. You don't have to make it conditional to this crap. Owners and management, if you're reading this: you don't need this.
> Your customers connect to your free WiFi with an email address, social media profile, or phone number. [...] Target your customers with email and SMS promotions that are easy to build and keep customers coming back.
I'll just keep using my mobile provider's data service that I already pay for anyway. More spam is exactly what I don't need in my life, ESPECIALLY not SMS spam which has no effective filters or controls.
Even when I go to a restaurant, I don't need their special offers to go back again. If I liked the experience, I will return myself, if I didn't, no offer would make me. And unless I am in the airport or out for a long time, I don't use the local wifi if it asks to create an account.