The Customer Must Always Be Fleeced

Last week I went online and agreed to pay a little more for faster Internet. There are three adults in the house, and we all make pretty regular use of the ‘net for a variety of activities, so it seemed worth another $15 a month for a 50% faster connection.

We don’t have cable TV. My connection from Verizon is an ethernet connection, not cable. So this should have consisted entirely of my checking a box indicating that I want to pay more, followed by something in one of their data centers telling something in my house to operate at a faster speed.

But there are lawyers involved, so I had to click through 4 or 5 screens and check off at least four boxes because lawyers that work for tech companies make a lot of money by slowing things down and making them more complicated.

And this was Verizon, so after telling me that faster Internet would only cost me $15 a month more, they sent me an email saying “Your order has shipped!” I didn’t know what they were talking about.

I lied. I did know what they were talking about. I immediately knew that they shipped me a new router.

As I mentioned earlier, I have no cable connection; only a network connection. Since paying Verizon $10 a month or so for a crappy router would be silly, Verizon’s network cable is plugged directly into my expensive and very fast router.

So why would they send me a new one? I called, suspecting I knew the answer.

Their customer service person claimed that they sent it in case the equipment I have cannot handle the faster speed. This is male cattle feces. They have the ability to check their connection to my equipment and ensure that it is fast enough. They could do this automatically as part of the sales process.

I asked if I would pay a monthly fee for the router.

Yes. If I didn’t return it, I would.

I was right. That’s why they sent it!

So, since the package was not sent requiring a signature and I did not have a chance to refuse it, I went to the Verizon store to return it the day after it arrived.

Fun fact: you can’t return FIOS equipment at a Verizon Wireless. Never mistake them for one-stop-shopping business for cellular, Internet, and cable.

I didn’t open the box for the router. I had to open the shipping box because it since it didn’t say Verizon on it anywhere, but once I realized what it was, I left the router box sealed.

At the store, the customer service rep immediately opened the router. He had to scan a barcode on it to get my account info, apparently because the packing list inside bore no information about the device or why it as shipped.

Once it was open, I got a good look at the router. It was for cable service. I couldn’t have used it if I wanted to.

So, either Verizon doesn’t know what equipment I have, or they were hoping I would just throw the unused equipment on a shelf and pay a monthly fee for it.

While I was there, I overheard a conversation. I have paraphrased it below.

Service Rep: “Can I help you, Ma’am?”

Customer: “Yes, I would like to upgrade to the new cable boxes and faster Internet.”

Service Rep: “Can I have your phone number?”

Customer: (provides her number) She beckons to her husband, who was admiring the 65-inch display TV that was in desperate need of adjustment. 

Service Rep: “Your contract is expired.”

Customer: Looks at Service Rep as she doesn’t understand why she should care about this, she just wants those things she asked for when he asked her how he could help.

Service Rep: “You’ll have to get a new phone number.”

(In the interests of space, I won’t try to recount the Customer’s husband proceeding to lose his composure. I’ll summarize. Add your own histrionics.)

Customer’s Husband: “You have to port the number. It’s the law.” (He’s right.)

Service Rep: “That’s only between companies. We don’t have to when it’s inside our business.” (He’s also right, but in a very unhelpful way.)

Then the rep spent some time poking around on his computer and discovered that they could keep their number.

For a $22 fee.

I live in an area that’s lucky enough to have two cable monopolies instead of just one. I can only imagine how much more petty and abusive it is when there is only one.

This business model is based on abundance; clients are willing to sustain an abundance of abuse from the only company(s) that provide the service they need.

At some point, that abundance will run out. The FCC will eventually take the steps required to let broadband wireless providers become viable. This will be at least four years from now because the rather modest progress we’ve made with policing Internet providers is rapidly being undone right now. (#MAGA!)

My only hope is that I am still around when it happens so I can happily switch to one of them and watch these thieves recede into irrelevance and bankruptcy.

How to Suck At Security, By Verizon

I switched to Verizon FIOS a couple of weeks ago. I live in the U.S, so I don’t have access to anything resembling a good Internet provider. This is because a central tenet of our form of capitalism is that utilities must be delivered by poorly run and weakly regulated monopolies.

However I do live in area where I have a choice between a slowly dying cable company in the throes of denial (check out that 90s web design) and a company that only exists because the government won an antitrust suit and then let them ignore it.

I switched to Verizon because they finally offered what I wanted: just Internet. Cablevision advertises they will give you that, and then refuses to actually sell it to you.

So yesterday I realized a bill I was supposed to receive from Verizon hadn’t arrived. I wanted to pay it before I ended up in some kind of debtor’s prison, or worse, without access to Netflix. I went to their site, paid the bill, and while I was there I set my password to a stronger one than I had set up during the install, and also set the “secret question.”

Eighteen hours later I received this text message:


This seemed to be an alert regarding the changes I had made. But eighteen hours later? Really?

I decided to be safe and change them again. I could be sure the account hadn’t been compromised somehow and also see how long it really takes to get the alert.

Here’s the options for security questions:security questionsThe idea behind these questions is “something you know” beyond the password. It’s two factor authentication for companies that don’t really give a crap about their customers, but want to avoid a lawsuit.

The problems with Verizon’s pre-canned questions are two-fold:

What if you don’t have a good answer? For example: what if you’re single? What if you’re older than 12 and don’t have a “best friend?” What if you didn’t stay on campus for college or, gasp, didn’t even go? Etc.

This seems like a trivial issue, but if the questions don’t fit well there’s a chance you’ll use an answer that you can’t remember later.

The other problem is: they can be predicted. If another site is compromised and used the same lame-ass questions, those answers can be used to compromise this one, or vice versa.

The right way to handle this is to let me specify the both the question and the answer. It also requires very little additional development and testing.

Assuming, of course, that you are not trying to spend as little as possible on protecting your clients’ information.

Now here’s where you enter the answer:

enter answer

You only enter it once, and you never see it. What could go wrong?

When was the last time you entered a password, credit card number, or the name of your favorite pet, and was worried about someone watching over your shoulder?

Actually, when was the first time?

I’m going to go out on a limb here: fucking never.

This is an idiotic idea, cooked up by someone way too fond of 1974 Gene Hackman movies. Maybe, just maybe, this precaution is merited for cell phones, although if you think about it: if they can read your screen then watching what you type isn’t much of much of a stretch, is it?

But if you think you’ve got a problem  with people reading your passwords over your shoulder at work or at home on a computer you need a divorce lawyer or a recruiter. Or counseling.

At least give us a “show password” check box. Or maybe take a moment to think instead of following the flock over the cliff of shitty design.

Which brings us here:

No LastPass controls.

I use LastPass to manage my passwords. That’s because like most people in 2016 I have a ton of them to worry about. I like my passwords long and unique. (There’s a joke in there. I’ll leave it to you.) When I see a story or get a email that a website I use was compromised, I don’t have to worry. I can just update that one site and carry on.

LastPass creates unique passwords for me and will will fill them out. At least it will fill them out when the website doesn’t make it difficult with fancy pop-ups, lightboxes, and blatant disregard for their users. Some sites, like Verizon, don’t work with password managers.

I don’t blame low budgets for this one. I blame crappy design. Part of designing a login page/control/dialog should be testing compatibility with password managers built into browsers and at least 1Password and LastPass.

Encouraging your users to manage their passwords responsibly is good security and part of being user-friendly.

I wish I could say that Verizon’s crappy website was somehow unique, but it’s not, and I’m willing to bet it’s ample whitespace (literally), sparse design, and fancy lightboxes won some compliments: from people that don’t have to use it.

However, eighteen hours for a security text? That is uniquely bad. That’s “boy who cried wolf” bad.

By the way, it’s been two hours since I re-updated my password and security question. Still no alert.

Maybe I should find another Internet provider. Ha! Just kidding. I’m American.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑