Zoomed to Death

You’d think a service based on verifying identities via cryptographic tools could at least keep their certificates in order. Such is the slow demise of Keybase.io under the management of Zoom. I’ve been expecting this since the announcement in 2020, and I’m surprised it has taken this long.

A number of the tabs in the Keybase app were giving me this error:

This is the error I received when I tried to use that pretty Feedback button:

It seems their are their own issuer for the cert used for this API endpoint, but their own Keybase app doesn’t appear to recognize the cert as valid.

Goodbye, Askimet

I’ve been using WordPress for my site/blog so long I don’t remember when I started. It was definitely more convenient than the html blog I maintained in 1996 and edited with vi; though not as fun and quirky as the website I built with HoTMetaL Pro.

WordPress offers a slew of cool features and plugins. There are thousands, though I only use a few. Pretty much anytime I set up WordPress for a friend, there are two plugins I always install and activate:

  1. Duo for MFA logins, to protect against brute force login hacking.
  2. Askimet to block comment spam.

Both have been free to use within limitations. Duo has a free tier that allows you to have up to ten users, which is more than enough for personal WordPress installs where one or two users is the norm. Askimet is free for non-commercial sites, which is what I’ve always considered this site to be.

This site is a mixture of the occasional security/tech tips, political rants, television show plot speculation, and a bunch of highly personal posts I’ve written and hidden over the years. In short, this site is just my personal bullshit.

Like everyone else who has hosed their own content through the Web 2.0 evolution, I added Google adSense and Amazon affiliate links to my site in the hopes of capturing some of that sweet sweet internet money. But, like I said, this site is bullshit, so it isn’t raking in the ad cash. In the last four years it has made $27 in Google adSense (Less than the threshold necessary for them to pay out.), and since the ads were obnoxious I wound up disabling them. I’ve also made a whopping $0.40 in Amazon affiliate commissions in the last year. I’m Canada rich!

Well, times are hard in the tech world, and that means money grabs. Everyone has heard of Elon and his Blue Check Scam, but there’s a lot of similar money grabs that aren’t making the news. Askimet, owned by Automatic who also owns WordPress, Jetpack, and Crowdsignal, has started scanning websites for any hint of monetization and is categorizing those sites as commercial. I received this email on December 29th:

Thanks for using Akismet to prevent spam on your site, ghostwheel.com

You’re currently using Akismet for free, but the free plan is only allowed on non-commercial sites. 

You are displaying ads on your site, so it does not qualify as non-commercial. 

To continue using Akismet, please upgrade to the $10/month Plus plan

If you continue using the free plan, your account will be suspended. 

If you have any questions or believe that you have received this email in error, please get in touch

Thanks,
The Akismet Team

Ummm… OK… I go and look at my site settings, and I confirm I don’t have Google adSense anymore. Given how much I’m raking in on Amazon I didn’t even think about those instances. After contacting support, they confirmed that the existence of those Amazon links qualifies me as commercial, and that I need to pay them $10/month (US) to keep using their service.

Yeah, nah; that ain’t going to happen. So, I’ve disabled Askimet. Within the first few minutes blog spam started showing up in my moderation queue, which is just the annoyance Automatic/Askimet is counting on to make me shell out $10/month for their service. Rather than give in to extortion, I’ve installed a plugin for managing code snippets, and I’ve activated the built in snippet for disabling comments on all pages. Welcome back to Web 1.0, brought to you by Automatic, makers of WordPress and Askimet.

UPDATE: So, Bob, a “Happiness Engineer”, wrote me back to point out that “For what it is worth, this isn’t a new policy:” Yeah, Bob is right, this policy isn’t exactly new. But, it wasn’t the policy back when I first started using Askimet. Back then the policy was a lot more forgiving: “The free plan is designed for personal sites only. If your site is commercial in nature or involves a business than you need to sign up for one of the paid plans.”  My site is not commercial in nature, and does not involve a business. The prohibition against ads wasn’t added until September of 2019, and as far as I can recall Askimet did not proactively reach out to advise of this change to their policy. So, while the change may not be new, it wasn’t an informed change; and the aggressive campaign of hunting down websites that have a couple of affiliate links is certainly new.

COVID-19 Scams Spread Like Their Own Virus

It’s a sad fact of life that within moments of any tragedy there is a scammer scheming to turn a profit on it. These sick fucks are the bridge between sociopaths and homeopaths; willing to sell their own sick grandmothers distilled water on their deathbeds with a sick smile on their faces. Or, as in the case of Unichem Royal Oak Pharmacy in Auckland New Zealand, they’ll sell you a cardboard card on a lanyard and tell you you’re safe from COVID-19.

To the rest of the world, New Zealand is a beacon of hope. As a country, we used science to guide the response to COVID-19 and have beaten it back like no other country. But while the rest of the world looks on in wonder at our success, there is still an undercurrent of fear and ignorance that scammers can latch on to. As an example, this sponsored post popped up in my Facebook feed yesterday:

It is a link to a Youtube video promoting the virtues of a card you can wear on a lanyard that creates a ‘one-meter protection zone’ against viruses and bacteria. This is, of course, absolute bullshit. Really, if I have to explain this to you, how are you even functional in the modern world?

I filed a complaint about this video on Youtube, but I don’t expect it to be taken down. This isn’t your standard user-submitted video. This is a paid-to-be-hosted video on Youtube. Want to know what gives it away? No matter how many times you watch it, there’s never an ad. When’s the last time you saw that on one of your videos?

As you can see above, I felt compelled to comment. That comment has been deleted, and I’ve been blocked from commenting on any of Unichem Royal Oak Pharmacy’s posts.

So, I made a post instructing people on how to file a scam complaint. You can do it too, if you’d like to participate in the exercise. First visit their post, and then follow these steps:

It will be interesting to see what happens if a lot of people report it for the scam that it is. Sad to say, I won’t be surprised if Facebook leaves it up. They have a surprising amount of tolerance for hosting scams when the poster is a paying customer. Here’s the response I received:

As you can see, Facebook’s acceptable community standards include selling people quack ‘virus shields’.

I use Amazon affiliate links in some of my posts. I think it is fair to say my writing is not influenced by the $0.40 I earned in 2022.