Author Archives: admin

Graphic designer or website developer?

You are planning a new website and wondering whether to use a graphic designer or a web developer. What’s the difference?

Most graphic designers have extensive knowledge and experience with print media. That is, they understand how to work with files that have large file resolutions, to align text and images in grids using desktop publishing programs, and make color separations and master pages. They can set CMYK and Pantone colour specifications for digital print production, and prepare files for traditional printing companies.

Unfortunately, the layout and design of your site depend on many factors that have nothing to do with its graphic design. Websites are created like jigsaw puzzles, not like posters. Think of them as many different pieces that are assembled in the browser via coded instructions, rather than a grid or layout program. The design needs to be planned by someone who understands how the design elements will work in the context of headers and footers, content areas and sidebars, as well as menu structures, widgets, plugins, tags, categories and scripts. Knowledge of web fonts – as opposed to typography – is also vital.

To create a website, a graphic designer needs to be familiar with optimizing files for the web, so they transfer quickly over the Internet and web pages load quickly. The content must be prepared for flexible images and fluid grids, because text and images on websites re-size according to the dimensions and orientation of each visitor’s monitor or cellphone. (You have to plan for people turning their iPad sideways, among many other considerations.)

In other words, a web design is not one single page, but multiple areas all coded separately. To be search-engine-friendly, all areas of the website need proper image titles, alt tags, css style sheets and media queries. Experienced web developers further test for differences between current browsers and older versions of browsers, including IE 7, IE 8, IE 9, Firefox and Chrome as well as Safari. They also understand (or should) how servers work and the most recent server technologies.

If you want your site to work efficiently on all devices, and for people to find it on the Internet, you need someone with the knowledge and experience of a seasoned website designer. This is not to say a graphic designer won’t succeed at getting something visible on the Internet  –  after all, anyone can make a website, just like anyone can cut your hair. But you may not reap the benefits of a site made by someone who understands how websites are interactive and configure themselves differently on different monitors and in different browsers.

There are some areas where you might use the services of a graphic designer to prepare files for your website. For example:

– Have a graphic designer create your logo. The logo will likely be used extensively in print media, so it’s best to have it created in the first place by someone who understands printing. It can easily be adapted to the web, but an image prepared for the web cannot be adapted to print media.

– For the same reason, a graphic designer could likewise prepare any elements of the website that will be used on business cards and brochures.

In addition:

– Be sure he or she understands the conventions of naming structures for Internet images, such as no spaces or symbols in the file names.

– If a graphic designer prepares images files for you on a Mac, be sure he or she understands the differences between how websites display on PCs, tablets and cell phones, in addition to how they look on Mac desktops, laptops, iPhones, iPads etc. There are profound differences in brightness and contrast.

Read more about differences in monitors and testing for different browsers

Additional reading
Understanding responsive design issues

How Much Code Should Web Designers Need to Know?

CAPTCHA-solving sweatshops

I get pretty bristly when I think about people being paid to make annoying stupid and illiterate comments on blogs. They do this in the hope you will approve their comments, which will give them a link from your site to theirs.

Most comments are not sent to your site by individuals, however. They arrive as a result of automated spambots. A company selling Viagra, for example, might write a general comment that can be sent to any site, such as, “I love your site so much, you are the best writer”. Somewhere in the comment there will also be a link to a site selling Viagra. If you approve the comment, which many people do because they are flattered and don’t notice the link, they now have a link from your site to theirs, which helps increase their page rank in Google. (Many people don’t even approve their comments. Their WordPress sites are left open to accept unapproved comments from anyone.)

However, before that comment can be submitted to you, the sender of the comment has to read and re-type the CAPTCHA code – that series of squiggly letters and numbers just above the “Submit” button. Since most comment spam is automated, and since automated spambots cannot read or re-type CAPTCHA codes, these companies use the services of other companies who hire real humans to decipher CAPTCHA codes. Once they have deciphered the code on your site, your site becomes one of thousands that can be re-sold in packets.

All over the world, especially in India, Malaysia, China and Russia, there are tens of thousands of non-English speaking workers hired for a pennies a day to decipher the CAPTCHA codes on WordPress comment forms.

With the going rate ranging from 80 cents to $1.20 for each 1,000 deciphered CAPTCHAs, a really fast worker can make $2 to $3 a day. Imagine deciphering 1,000 CAPTCHAs in one day, then doing it again for the next 365 days. International CAPTCHA-solving teams are effectively sweatshop labor, where people — especially young children — will just sit and be given these images to solve and will type them in all day.

In India, major CAPTCHA-solving companies openly advertise that they can crack CAPTCHA codes. They sell their services in turn to companies selling not only drugs like Viagra but search engine optimization (SEO) sites, sites selling vitamins, cosmetics and shoes, and hundreds of other types of businesses who can profit from getting their web link on your site.

Typical newspaper ads in India read:

I have 40 PCs and 55 Persons working in my office for data entry work. As 1 person can do 800 captcha entry per hour. We can deliver you good quantity with quality

Hello Sir, I will kindly introduce myself.. This is Shivakumar. We have a team to type capcthas 24/7 and we can type more than 200k captchas per day


In Bangladesh at this very minute, a team of international workers is actively soliciting deals for breaking Craigslist, Gmail, Yahoo, MySpace, YouTube and Facebook’s CAPTCHA scripts, promising to deliver 250k solved CAPTCHAs per day on a “$2 for a 1000 solved CAPTCHAs” basis.

It’s a losing battle for the well-intentioned WordPress sites of the world. The only protection is to ensure you have checked off “Administrator must always approve comments” under Discussion in your General Settings. Then check your Comments regularly and immediately delete any spam comments that appear.


Nasty Facebook notifications

Some days I feel like I’m walking through a minefield.

No sooner had I posted a blog piece about WordPress comment spam today (see Caution: WordPress Comments), I noticed an email message from someone who had commented on my Facebook wall.

It was a weird comment, which should have warned me. After the fact, I also saw the tell-tale row of multiple O’s in the sender’s address, from

But at the time, I was seduced into logging on to my Facebook account then clicking the link with a message from “Amanda Phillips” in my email program. At a quick glance it looked like any of the legitimate Facebook notifications I receive every day. (Without the swearing of course. In fact that was part of what intrigued me: Why was someone so mad at us?)

Curiosity almost killed the cat. I was immediately blasted by my Avast anti-virus/anti-malware protection which announced it had blocked an executable Trojan horse, a split second after clicking the link and a hair before it initiated.

Close, very close.

[BTW If you don’t have an anti-virus program, I urge you to stop now and download Avast here. You will be very glad you did. Avast is also available for the Mac at As the market share for Mac grows, viruses are an increasing threat for people on Macs.]

What does a Trojan horse do? A Trojan horse is a program that gives a hacker power over your computer. It can provide the attacker with unauthorized remote access to a your files, infect your files and damage the system, carry additional dangerous parasites, and steal sensitive information. Trojans delivered to your computer through email can be are set in action when you click an infected link, play an infected video or click on an infected image. Without protection, they can wipe out your harddrive and all your programs and files.

More information about Trojan Horses can be found at Wikipedia

Read more about Facebook scams and spams at

If you fall for one of these notifications like I did, I hope you have as excellent malware protection in place as I did.

Caution: WordPress comments

Think twice about accepting comments on your blog. Most WordPress comments are spam. Disguised as notes of appreciation, millions of spam comments are sent every day to WordPress blogs like yours and mine.

Most comments are innocuous, like the one above. Typically they read as a variation of:

“Great article. Keep up the great work.”
“You are very astute to write about this matter.”
“Spot on with this write-up, I truly think this fabulous website needs considerably more consideration.”

The goal of most of these senders is to have you approve their comments so they increase the number of links to their own sites. The scammers who generate these comments (by the thousands) are happy if only a fraction are accepted. But by approving them, you can be allowing potentially dangerous links to be created between their site and yours.

The more dangerous comments contain links to malware/virus/phishing sites, but you may not be able to tell by the email of the sender or other clues. Not only can you infect your own computer by accepting them, but the computers of your own visitors who may clicks on a malware link.

Other comments are much more damaging. Approving them can corrupt all the files on your site, including your design and all the posts you have made. You can lose everything. In a particularly brutal example, this morning someone contacted our company for help because he had approved a comment on his site which turned out to be malware. By approving it, it wrote malware into every .php file in his installation, installed someone else as the admin, and changed the admin e-mail address to their own. Basically he lost his entire site. He is on a server that does not do backups. This is one of the worst cases we’ve heard of.

Following are the absolute least, the most basic things you must do to protect yourself.

1. In the Discussion settings of your blog, check An administrator must approve comments.

2. Click the Comment Author Must Fill Out Name And E-mail box, which forces anyone making a comment to provide the necessary information. Some spammers might be deterred by this extra step.

3. Vigilantly check your comments by logging in to your dashboard, and trash all spam. Your speedy response can help diminish further comments from the same source.

4. Install a CAPTCHA script to ensure anyone leaving a comment has to type in the extra code. Automated spam cannot do this.

5. Never, ever approve a comment unless the writer has made a specific reference to something in your post. If the comment could have been made about any of your posts, or any other post, trash it.

6. Check the email of the sender. Trash it if the comment sender’s emails contains strange characters (like %/solarsp0), an exceptionally long address (like, or comes from a company that sounds odd or too generic (like hotbraininsights, xxxlivecam or bestvaluerugs).

7. Never, ever upload an html page from another site. If you copy a photo from another site, be sure to rename it rather than using the entire http:// link. You never want to take the chance that malicious code from another site can infect your own.

In general, unless you have very strong reasons to believe the sender is genuine – for example, they made a comment that includes information that could only have been obtained from reading and thinking about your post, or if you visit the website associated with the email address and decide you do want to be associated with it – I recommend that you do not accept any comments at all.

It is much better to be safe than sorry.

For more information, please refer to these articles.

The Never-Ending Battle Against Comment Spam

Comment Spam

Removing Malware from a WordPress Site

Note: Be particularly careful if you’re on a Mac. Mac users do not tend to protect themselves adequately, in part because of a false sense of security caused by the company’s advertising. One study found that only 26% of Mac users have installed anti-malware software, as opposed to 92% of PC users. Read more

How to keep people from stealing your images

Unfortunately this is a difficult topic without a solution. Anyone can copy any image from any site if they know how. Without really disfiguring your images quite badly, there is no way to prevent them. Personally, if I want a copy of an image on the web, I have many ways of copying it, and I’m certainly not alone in my skills.

Most watermarks only cover a small part of the picture. People can still see the image perfectly and copy it if they want. A little photoshopping can easily remove most traces of a watermark – often it is only a line of text along the top or bottom. A larger watermark that disfigures the images looks unprofessional and amateur. And people can still copy the idea.

You can add a “right-click disabled” to your images, but thieves can easily do a screenshot then cut the image out. They would have the same image as they would if they copied it in the first place. There is no way to disable a screenshot.

On the plus side, there isn’t much anyone can do with a copied image. The resolution of a web image is only 72 pixels an inch, while print resolution is 300 pixels an inch. This means that printed pictures are four times more detailed than web images (they have four times the resolution). Images from the web cannot be used for reproductions such as prints or postcards (they will be useless and fuzzy), unless the image size on the web is extremely large.

Example: A 600-pixel wide image produces an 8 inch print, but the lower resolution of only 72 pixels/inch will make the image unsuitable for most printing purposes. If it was converted to 300 pixels per inch, the image would be only about 2 inches big.

Unfortunately people with blogs are not usually in the habit of re-sizing their images before they upload them. I see a lot of WordPress sites with direct click-throughs from small images to large, full screen beauties that could easily be converted to 300 pixels per inch. These are prime targets for image stealing.

If you’re a blogger and you’re in the habit of uploading photos without re-sizing them, be aware that you’re making them available for people to copy and re-use in printed materials. If you don’t want this to happen, you need to pre-size any pictures you put online to a much smaller size (for example, 600 pixels wide). This is the most effective thing you can do to protect your images.

There are a couple of ways you can find out if someone has already copied one of your pictures. Use the Google tool as described on

Or try linking to and follow the directions. I personally haven’t  found either of these tools work very well for slightly modified images, but if someone has copied your image intact, it will show duplicates.

If you find that your image has been copied, you should first attempt to contact the site owner. You can also contact the host of the site and let them know about the copyright infringement. If you’re an artist represented by a gallery, have the gallery owner contact the thief.

It definitely helps to have a digital copyright (this is information about the image that is “hidden” in the code) in the case of disputes. However, in most cases direct contact by email or phone with the site owner or website developer will result in the copied image being removed.

Website developers usually add a link to their own company in either the footer or the source code. Since web developers are equally liable if a site uses a copyrighted image without permission, the developer is more likely to remove it or bring it to the attention of the site owner.

Otherwise you must be prepared to invest a great deal of time, money and energy following through. And if it’s the ”idea” you don’t want anyone to copy, it’s best not to show your work anywhere at any time, because there will always be someone who will copy your style, composition, colours, brushwork, themes or ideas.

It is very disheartening when this happens. When I was a painter, I frequently saw copies of my work. Once I walked into Malaspina College and saw a large, perfect duplicate of one of my paintings hanging in a graduate show. It had been used on a Bau-Xi exhibit invitation and I later saw it copied on two other occasions. A couple of years ago I put some small, decorative canvasses for sale on Etsy. Within only 48 hours, exact duplicates of my paintings were reproduced verbatim by another artist, right to the last detail. The only recourse offered by Etsy was to contact a lawyer. 

For many, many years I have had the same thing happen to my writing, especially my reviews of gallery shows. My art writing is frequently copied intact and used by artists on their websites as their own statements. My reviews for Preview Magazine have even been returned to me as “press releases” from galleries for their subsequent shows. Strangely, artists and galleries are usually offended when I contact them.

Either there are a lot of otherwise intelligent people who really believe that images and writing found on the Web are up for grabs, or they just don’t care.

Note: If you’re wondering whether your writing has been copied, try Copyscape, Plagiarism Checker or the plagiarism checker at Small SEO Tools.

Should Canadian companies use Canadian hosts?

Should the host for your website or blog be geographically located in Canada? A lot of people believe this is essential but it’s not. In fact, it may work against you.

This short article describes some factors to consider if you’re looking for information about having a .ca domain name, wondering about the effectiveness of a .ca name for reaching Canadian consumers, wishing to support Canadian companies, or have privacy concerns.

Hosting is not the same thing as having a .ca name
Hosting has nothing to do with having a .ca name. You can register for a .ca name but still host outside Canada.

Having a .ca domain name is a good idea if:
• you have a service or company of interest mainly to people in Canada
• you provide services or products where Canadian branding is important
• you are not very interested in providing services outside Canada
• you have a strong reason why you want people to know your company is in Canada

You must register for a .ca name with a company in Canada that has been licensed to sell .ca names by CIRA. You must have a Canadian street address and phone. But you don’t need to host with the same company, and it may be preferable not to host in Canada.

Search engine optimization and .ca names
If you have reason to believe the majority of your market uses a Canadian search engine like, then having a .ca address may help your site come up on Canadian search engine results above sites outside Canada.

Be aware this also depends on how well your search engine optimization has been done. Proper search engine optimization using key words like Canada, Canadian, British Columbia, BC, Vancouver (or any other Canadian city) will result in similar rankings without having a .ca name. The .ca name alone is usually not sufficient.

Factors to consider when choosing a host
A host is a company that owns servers (computers) where your website files are stored. The choice of a host should be made on factors like the quality of their servers and their position on the Internet.

The majority of requests to servers in Canada are routed through the States and back again. You should think about the geographic location of your target market, and choose a host geographically located close to both your target market and the Internet backbone. A server’s proximity or “hops” to the internet backbone are equally important. A low number of hops ensures fast and efficient connections between your visitor’s computer and your server’s location.







The image above was taken from a traceroute program that connected a computer in Vancouver, BC to a host called Netfirms in Ontario. If your target market is in Vancouver BC and you host with Netfirms, your target market would have to make 15 Internet hops to reach their server (and 15 more for the files to be sent back to them). Conversely, if your clients are in BC, we can offer them a local server based in Vancouver.

Canadian hosts are not necessarily located in Canada
Many people host with companies because they advertise as Canadian companies, and people want to support businesses located in Canada. Canadian hosting companies, however, do not usually use servers in Canada. Most Canadian host companies use servers located outside Canada, usually in the UK or the States.

Popular hosts like (Arizona), Justhost (Utah), Hostmonster (Utah) and Fat Cow (Massachusetts) spend vast amounts of money promoting themselves as Canadian web hosts but in fact their servers are geographically located in the United States, as your own files will be as well.

In addition, many Canadian hosting companies outsource their support services to other countries. So signing up for a Canadian host because they advertise “superior Canadian service” really may not be to your advantage, because the representatives may actually be in foreign countries.

We regularly see companies charge insane amounts of money for plans they call “Gold”, “Platinum”, “Advanced” or other names assigned to a “level” of service. We frequently see Canadian companies charging more than $40/month for service that should cost less than $7/month, and there is no practical reason for it.

Concerns about the Patriot Act
Many people express concerns about the Patriot Act and its implications for the content on their websites. But if the pages of your website are public, the information is available to everyone anyways. If the information on your site is private, such as information stored in a database, only citizens of the US are subject to the Patriot Act. Neither citizens of the US nor hosts in the US are required by law to give up usernames and passwords.

Concerns about privacy
People who are concerned about hosting in Canada for reasons of “privacy” on the Internet often do not realize the amount of information that is already accessible about them on servers spread across the States.

Most people use online services that store enormous amounts of history about their activities. The information you post on your Facebook account, Linked in, Twitter or any of the hundreds of other social media accounts is stored on servers in the States. It is accessed and used by companies you’ll never know about.

If you use Google docs, Flickr or Youtube, your content is on American servers. If you use Gmail, Hotmail or Yahoo mail, copies of all of your emails are being stored on US servers. Credit card information for multinational corporations is routinely stored on US servers. Every time you register software or other online product, you are likely registering it on a US server. Web analytics tools like Google Analytics store your visitor information on US servers. If you belong to a professional organization, like the Kitsilano Chamber of Commerce, your membership information and event photos are likely stored on a US server (in their case, Texas). By comparison, the information on most websites is pretty innocent and, by nature, in the public domain already. 

In summary, small companies and individuals should be more concerned about the quality and qualifications of the host’s servers, getting good value for their money (shared hosting for $9.95/month or less, with no limitations on storage or bandwidth), and the host’s geographic proximity to Internet hubs.

Preparing and sending images by email

Unlike Facebook, where you can upload 10 MB files straight off your camera, attaching and sending images by email requires a little extra image preparation. This is a basic skill that’s good to have, whether you’re an artist working with a gallery or sending holiday pictures to friends.

Image files have to be sent by email in the right size and format. Often a publication or gallery will ask for two sets of images – one set as low-resolution jpgs for review, and the other as high resolution TIFs or TIFFs for printing. In both cases, the images should be prepared properly. It’s not at all difficult to learn – you just need to know where the tools are located. There are also differences in the way images attach in PC and Mac mail programs. It’s important for people to receive them properly or they may have trouble opening them.

Preparing image files for email
To create a jpg that will fly through the mail, open the original image in Photoshop and make it a decent size file first. Do this by opening Image/Image size, set the resolution to 72 first, then set the width or height to 800 pixels (one or the other, not both). The resulting image will display nice and large on most monitors, but it won’t be too large to fit the screen.

Next, under File click on Save for Web and devices instead of using “Save”. In the top right of the window which opens, set the quality to 80. Be sure the image type (also at the top right) is set to JPG. Then save the image to a folder and prepare the next one.

If you’re asked to send a TIFF, try to find out if the TIFF will be used on a Mac or PC. There is a difference in the file structure. Do not re-size the image unless you’ve been given instructions.

If you are asked to send 300 dpi CKMY TIFFs, here’s how to set the resolution and colour before saving the image. Open Image/Image size first and set the resolution to 300. To convert the images to CMYK for printing, open Image/Mode and select CMYK.

To save a TIFF, use File/Save As…  A window will open where you can type a simple file name (no spaces, no symbols). Also choose TIFF as the Format (at the bottom of the drop-down list). You should probably give the image a new file name so it won’t replace your original copy. On the following screen, choose either IBM PC or MacIntosh for “byte order”. Tip: you can always save it as one, then go back and save it as the other if you’re not sure which version is required. The PC version has a .tif file extension and the Mac version a .tiff file extension so you can tell them apart by the single or double “f”.

Attaching images to an email
Most PC programs make this pretty easy. Just start a new email, type in a recipient and subject, maybe write a line or two in the body. Then use the paperclip symbol or the word “ATTACH” to browse and attach your images.

If you work on a Mac, you’ve probably been told that PCs tend to display Mac image attachments in the body of the email instead of showing as attachments. This can be quite annoying to the PC (Windows) user. It happens because a lot of PC mail clients automatically convert HTML/Rich Text image attachments into inline images.

PC users have found ways around this dilemma although none of them are very satisfactory. In some cases, if a PC user right-clicks the image in the email body, they can save it to a folder in its original file format. In other cases, they will only get a crummy bitmap version of it. A third option is for the PC user to do a screenshot then cut out the image; however this is problematic for images which are huge and don’t entirely show on the screen.

The solution for Mac users is to switch to “plain text” email before attaching images. Find “plain text” under Preferences/Composing. You will not be able to use your graphic signature in plain text mode, but your pictures will be sent properly — as attachments — instead of being embedded in the email. Again, do not include any image signatures or your mail will be converted back to HTML and the images will embed themselves in the email.

Best wishes for your new skill set! You are welcome to email or comment for more information.

Can the same keywords be used on different web pages?

This is a great topic. It is really important to add keywords properly to your site or visitors will not easily find it. Keywords can and should be repeated, but repetition should be used in moderation and very discretely.

How to avoid keyword stuffing
When I look at the source code for a site, I often see the same few words repeated over and over in title tags, page descriptions, keyword tags and throughout the page. This can be a bad thing for your site.

There is a tipping point at which Google starts to see over-use of one or more key words as a kind of spam called “keyword stuffing”. At this point, your site will not receive as high a ranking in their results. See a, b, and c below. Which site uses keyword stuffing? Not sure? Read on!

Each keyword should only be used once in the title tag. However, variations of it can be used in the description. An example would be “dentist Vancouver” as part of the title and “Vancouver dentist offers a full range of dental services” as a phrase in the description.

The title tag allows 65 characters to be used, so there are plenty of opportunities to use other phrases besides “dentist Vancouver”, such as a description of services offered. What counts as a variation of a word? Google sees “dentists” plural as a different word than “dentist” singular. You can use quite a range of endings, like dentist, dentists, dental and dentistry, and they will all be seen as different words. The same holds true for words with variations ending in “ed”, “es”, “ion” or “ing”.

I would recommend using as many variations as possible. You not only avoid Google’s poor impression of your site, but you will pick up more visitors to your site because you can’t count on every single visitor typing “dentist” and no other variation of it.

What about WordPress and other blog-type sites?
I recommend you install a plugin called Headspace. This creates a place below the text for each page where you can type in a title and description. Your Google results will be much superior to using tags alone. In fact I do not recommend tags. WordPress users in particular should avoid using the tag function of WordPress, and should download a free and easy to use SEO plugin instead. (Tags of course may be your only choice if you are hosted on

How does Google use your title tags and description tags?
Google uses the keywords and descriptions you enter to annotate your site in the results, as shown in the picture above. By writing them yourself, separate from the page content, you draw Google’s attention to a proper description of the page instead of allowing Google to randomly select any text.

You are also providing a targeted message to your visitors. Your words form the first impression of your site and encourage people to link to it.

The following three descriptions were found by typing “dentist Vancouver” into Google. These are the Google results that visitors are seeing when they search for a dentist.  I have copied them here as they appeared in the annotations.

Which one do you think was written with Google and visitors in mind? Which one was stuffed with keywords without much thought to how it would look to visitors? And which one do you think Google randomly copied from the original web page?

a) Vancouver dentist provides general dentistry and teeth whitening with the latest technology in a downtown dental clinic. Emergencies and new patients are welcome.

b) Dentist downtown Vancouver, dental services including dentist tooth extraction, dental Implants, dental surgeries by dentist, white fillings, dental root canal

c) Welcome to Vancouver’s Smile City Square Dental. Enriching Lives. One Smile at a Time. Vancouver’s Smile City Square Dental is dedicated to transforming, …

Invasion of privacy online

I know I’m not the only one having trouble with the rapidly increasing assault on my privacy while I use the Internet. It’s getting downright creepy.

A couple of weeks ago I was looking at a weekender bag on Roots. The next day it was featured in an ad on another site I was browsing.

“Hey look – there’s the bag I want!” I said. “That’s so funny it’s in an ad!”

A few days later it wasn’t very funny anymore. The Roots bag began to stalk me as I moved from site to site, regardless of the site I was on. It got to the point where I really didn’t want the bag anymore because it was so popular and over-exposed.

Of course, that wasn’t really the case at all. Roots had left a little script behind on my own computer in the first place. This “cookie” continued to neatly insert the image of the bag at every opportunity it could find over the next few days. They obviously weren’t going to let me forget about it.

I soon noticed my Facebook ads were getting rather pointed as well. A certain (ahem) health product I had been researching began popping up in numerous guises – and from a variety of companies – in the right side column. I assured myself that of course no one else knew the topic of my search – unless they happened to use my computer. But tonight while on Facebook I noticed the names of two people I do know, who must have clicked on an Ikea ad in Facebook. Or perhaps they visited and picked up a third-party cookie (scripts placed on other websites to track your browsing information).

No offense to Cate and Brian, but I really don’t want to know that! I don’t want ANYONE to know if I visited Ikea, and I don’t want to know who else did!

It’s not that there’s anything wrong with Ikea, and I’ve long ago given up the idea of personal privacy in many aspects of my life. There’s just something very doppelganger about these little scripts tip-toeing around after me and other people I know, and waving to everyone else to announce everything we do. It’s…  weird. It’s also completely relentless.

Recently a friend posted an article from the San Francisco Chronicle about social reader apps. It outlines how Facebook’s idea of “frictionless sharing” has grown. “No activity is too big or too small to share,” Facebook claims. I guess that includes my search for a small nameless health product. (Heck – wait a minute – you’ve probably already know what it was!)

And the whole thing is utterly pervasive. The Washington Post Social Reader gets your name, profile picture, gender, user ID, friends list, the networks you’ve joined and anything you’ve posted publicly. Under the default setting, it can also post every article you read through the app, the people you’ve “liked” and more. Yahoo’s social reader gets most of that, plus your e-mail address, birthday and permission to post the videos you watch. Google has dedicated itself to capturing every site you visit and letting your friends know if you “plussed” it. In 2011, Google Buzz drew criticism for violating user privacy because it automatically allowed Gmail users’ contacts to view their other contacts. In February this year, Google announced it will now combine user data across all of its services –  including search, Gmail, YouTube, Google+ and Google Docs.

How can these companies proceed as if nothing is wrong?! A post on Venture Beat  confirms the worst:  One in every 10 US consumers has now been victimized by identity theft. Online public data can be used to predict the full 9-digit social security numbers of nearly 5 million people.  More than 900,000  sites employ Facebook “Like” buttons, feeding yet more information directly into Facebook. Both Google and Facebook are currently facing 20 years of privacy audits, but they keep rolling out information I really don’t want to know, and show no signs of slowing down.

I digress. I am currently online at a news site that is displaying ads for malware, dog heartworm medicine and bicycle panniers – all topics I’ve researched in the past couple of days. While it is heartening to know that Google slowly “fades” cookies from its history of me over two or three weeks, I have a feeling this says more about Google not wanting to get too bunged up with data about my searches than it does about giving me some breathing room.

Logging off here.

Malware: Case of a Malicious URL

Last week I was showing a site to a client when my spam blocker, Avast, opened the red warning window shown below.

The original client has a beautiful website that showcases her artwork. A couple of years ago we created a WordPress blog as an add-on to the basic html site. She was on her way to a residency in Europe and blogged about her work for several months. Although the blog is no longer active in the sense that she continues to add to it, it is a valuable photo archive and journal of her experiences.

It was surprising to us that she had  been hacked since the blog is not active at this time. Some searching through the source code soon led us to the answer. The blog section of her site had acquired a patch of javascript that had been inserted by a wandering bot into the source code near the top. This javascript re-directed anyone who connected to her blog to go instead to a spam site. This type of “malware” directs visitors elsewhere when you type the URL or click on a link to an URL.

The javascript code itself was not contagious from one site to another, and my own Avast program recognized it as malware, as did the Norton anti-virus program of the other visitor. But the loud alarm and red flag of the spam blocker would doubtless scare off anyone from further exploring her blog. We quickly removed the offending code and her site is back to normal.

This type of “infection” generally occurs when  you don’t have the most recent version of WordPress. WordPress updates its own platform on a regular basis and there are pros and cons to updating it yourself – see our earlier article on WordPress updates. Talk to your developer on a regular basis and ask him or her to check your current version of WordPress and see if any updates are recommended. Although we encourage all clients to let us perform a major update once a year, there is a strong case for updating sooner. WordPress is the platform on which your entire site rests. It is constantly releasing new versions to patch security leaks in earlier versions. If you don’t perform major updates on a regular basis, you are leaving your site wide open to this kind of nasty behaviour. And if you don’t host with a company that does regular backups, you risk losing everything if a more aggressive attack gets through.