Showing posts with label Security and Permissions. Show all posts
Showing posts with label Security and Permissions. Show all posts

Making someone an author on your blog

This article shows you how to set up another person (ie another Google account) as an author for your blog.

Google, Blog-Authors and Blogger

Setting someone up as an "author" in Blogger is one way that you can let other people post to your blog.

It's easy to do: you tell blogger to create an invitation, which sends the person an email saying you would like to be an author, they click a link in the email and then sign in with a Google account to accept the invitation. And once it is done, the person can write and edit their own posts.
All you need to know is the person's email address: it doesn't matter if it's a gmail address or not.  You can send invitations to people with hotmail, yahoo, and indeed any email address where your invitee can read their email.

 However the other person will need to use a Google account (which doesn't necessarily include Gmail) to accept the invitation: don't waste time inviting people who are allergic to Google and not willing to sign up for an account.


How to make someone an author on your blog

Send them an invitation:
  • Go to Settings > Basic > Permissions
  • Beside Blog Authors, click + Add Authors
  • Enter the email address of the person you want to invite
  • Click Ok


A few minutes later, the email address that you sent to receives an email invitation, like this, from no-reply@google.com:
-------- Original Message --------
Subject: You have been invited to contribute to AnotherTestBlog
Date: Tue, 06 Dec 2011 20:47:45 +0000
From:   THE NAME OF FROM YOUR BLOGGER PROFILE 
To: maryc@act.nz

The Blogger user Mary has invited you to contribute to the blog: AnotherTestBlog.

To contribute to this blog, visit:
http://www.blogger.com/i.g?inviteID=468-GEEKY-LOOKING-CODE-973&blogID=31-GEEKY-LOOKING-CODE-83

You'll need to sign in with a Google Account to confirm the invitation and start posting to this blog. If you don't have a Google Account yet, we'll show you how to get one in minutes.

To learn more about Blogger and starting your own free blog visit http://www.blogger.com.


When the person who gets the email clicks on the link, they are taken to Blogger, and asked to sign in

Once they have clicked the link and sign in, the Google account that they log in with has "author rights" to your blog (just the one you invited them to, not any others you've made).

The person does not need to have a gmail or Google account for you to invite them to be an author - but they will need to sign in using a Google account (new or existing) to accept the invitation.



What you will see

Once the person has accepted the invitation, the Google account name (which looks like an email address) that they use to accept it is shown as an author on the permissions tab (the one that you went to to invite them to be an author):



If they accept the invitation by signing to Google in with a different email address than the one you invited, you will get a message telling you about this. It says
-------- Original Message --------
Subject: Your invitation was accepted using a different email address
Date: Tue, 06 Dec 2011 22:51:33 +0000
From: Blogger
To: YOUR-EMAIL-ADDRESS

Your invitation for THE-EMAIL-ADDRESS-YOU-INVITED for your private blog "AnotherTestBlog" has been accepted, but using a different email address. It has been accepted by THE-ACCEPTING-EMAIL ADDRESS.

If your invitation has been accepted by someone you do not know or did not intend to invite, please visit the Permissions tab of your blog where you can choose to revoke access.

Thanks,
 The Blogger Team




What your new author will see

When your new author logs in to Blogger.com - using the Google account they accepted your invitation with - they see a regular Blogger dashboard, except that they only have access to a limited range of functions:


An author can:

  • Create a post,
  • Edit the date for posts they have made
  • Turn comments of for posts they can edit (provided the default setting is On)
  • Edit a post that they made
  • Add a mobile device so they can post using SMS/MMS - (this may only work in certain countries)
  • Set themselves up to post using email (the mail2Post feature) - note that their "secret words" address is different to yours - and that an author could use this feature to let anyone else post from their account.
  • Remove themselves as an author


An author cannot:

  • Edit posts made by other authors or administrators
  • Change the template, layout or gadgets
  • Change the blog's URL, title or description
  • Set up for any email address to receive comment-moderation alert messages
  • Moderate comments (even about their own posts), or change the global comments settings
  • Edit any of the blog's Pages
  • See the blog's statistics
  • Install AdSense into the blog (although they can put ad-units of their own inside their own posts)
  • Give other people permission to write on the blog - except by sharing their own mail2Post "secret words" address.
  • Change the default language and date/time settings for the blog
  • Alter the RSS feed settings in any way
  • Set up Google Analytics for the blog
  • Edit the Adult-content warning setting, or the blog's Open-ID URL.


Troubleshooting

Be sure your transfer works

If you are accepting the invitation yourself (eg you are transferring the blog to another Google account that you control), then make sure that you either
  • [Recommended]: use a different browser for each Google account, or
  • Each time you need to change Google accounts, log out of the present account, clear your cache and re-start your browser.

Make sure the emails arrive

We sometimes see questions in Blogger Help Forum from people who say that they sent invitations, but the email message was never received.

The most common solution is that the author-to-be needs to check their spam folder - very often that's where the messages have gone.  If that doesn't work:
  • Try sending the person an email address from your regular email account - so you know if there's a  problem with their email.
  • Cancel the invitation (there's a link in the Invitation screen), wait a few minutes and try again.
  • Try sending an invitation to a different email address that you control, and forwarding that message (without clicking the accept link) to the person.yourself.

If none of this helps, post a question in Blogger Help Forum: tell us your blog's URL, and exactly what options you have tried.


More things to think about

As well as giving the person rights, you may also need to work with them to make sure they understand how you use certain features in Blogger:
  • What policies do you have for responding to comments - Who is notified about comments left about their posts?  What guidelines are followed about complaints?  How do you deal with spam and abuse - and what do you regard as abuse?
  • How do you organise pictures, and other external files that your blog uses?
    I always upload pictures to Picasa-web-albums outside of Blogger, LINK so I can control the picture size/resolution. If you do this, you need to make sure that your new author knows where to file their pictures.
  • Have you got a place where you keep policies, documetation, ideas for new posts, etc (eg I use a separate documentation blog for this) - does your new author need access to this?


What next?

Giving someone administrator access to your blog.




Related Articles

Understanding Google accounts

Putting AdSense ads into your posts

How to put posts into your blog's pages

Why RSS / Subscribe to Posts matters for your blog

Your blog and the so-called-social networks:  Facebook, Twitter, eg al

Putting pictures onto your blog

Advertising and your blog, some things to consider

Letting other people send email from your Google account - and checking who can do this already

This article explains how you can control who can send mail on your behalf if you have a gmail account, why you might want to do that, and how to stop people from sending email messages on your behalf.



If you have given other people rights to publish to your blog , then you may also want to let them send emails on your blog's behalf - particularly if you are using an "organisational" email account.   I do this for several blogs - eg the one for the choir that I'm currently doing public relations for.

This is a way to let the the other people use their current email client, ie what looks to them like their "normal email", but still to send official-looking messages from your organisation or blog.

Note that this is not the same as spoofing, which is a way that people with malicious intentions create email messages which appear to come from your account, even though you didn't send them and did give anyone else permission to send them.
  • Spoofing, ie sending "on behalf of" without permission is bad.
  • Granting "Send as" rights is good - and is a very useful feature that Gmail offers.

How to allow another email account send emails on your behalf

Log into www.gmail.com, using the Google / Blogger account that you want to lets other people send from.

From the Options gear-wheel (top right corner), choose Settings.

Choose the Accounts and Imports tab.

Click the "Add another email address that you own" link in the "Send mail as" section.

Enter the email address you want to give rights to, and the name which you want to be displayed when people receive email sent by this address on your behalf.




Click Next

Enter the other account's password. (This is a first step to stop you from impersonating someone by sending emails on behalf of accounts which you don't own.)




Click Add Account

Wait for the verification email to arrive at the other email address (if you use a web-based system for it, you may need to open it in a different browser).

Open the message and either click the link provided or copy-and-paste the code into the gmail window.



Job done!   The email account that you named should now be able to send messages which look like they came from you.


How another email account can send emails on your behalf

Firstly, you must give the other account permission to send emails which look as though they come from you - as explained in the section above.

Once you have done that, anyone using the other account can enter you (ie your gmail account) as the message-sender, and they will be permitted to send the message like this.

How specifically they do it depends on the email system which they use: In Gmail there is simply a drop-down box beside the From address, while other tools have different approaches.



Controlling who can send emails on your behalf - how to stop people sending emails from you

If you manage an email account which regularly gives other people the right to send on your behalf, then it is a good idea to regularly review the list, and revoke the access of anyone who doesn't need to send any more. To do this:

Log into www.gmail.com

Choose Settings from the Options gear-wheel (top right corner).

Choose the Accounts and Imports tab.

The list of email addresses beside Send Mail As is all the people who have been authorized to write emails that are sent as though they come from the current account.




Beside every entry on this list, there are options to:
  • Make it the sending default for your account
  • Edit the sending information (mainly the display name)
  • Delete its rights to send on your behalf.
If you see an email address which shoudn't be sending any more, then delete it, by clicking the Delete link.

It's a good idea to check this, also, if someone has just given you a Google account instead of using the full procedure to transfer ownership of a blog to you.



Questions / Troubleshooting

Does this only work for Gmail accounts?

No. These instructions show you how to set up your gmail account so that other email accounts can send email "from" your account. But the other acccount does not need to be a Gmail account or a Google account - provided it has a feature to let the user say what account to use as the sender.


Where is the Sent-Mail copy of the message kept?

When you send a message from Gmail with a different account selected as the sender, then the "send mail" copy of the message is put into the send-mail folder of the account that you are logged into.

If you would like the nominated account to also get a copy of the message, then the person who is writing it needs to put that nominated account is as a carbon copy (CC) or blind-carbon-copy (BCC) recipient, as well as selecting it as the From address.




Related Articles:

Letting other people post on your blog

Understanding Google accounts

Transferring blog-ownership to a different account

Did you know that your blog is in the cloud?

This article explains the relationship between your blog and "the cloud", and other ways that you might be using the cloud without even realising it.




A few days ago, I received an email from Sam who works for "SingleHop, a company that specializes in cloud computing."

He explained that
"Due to recent events like Heartbleed, the Target breach and the leaking of celebrity photos to the public, the world is abuzz about "the cloud." However, you may be wondering what exactly it is and what it does. We are hoping you would be interested in sharing a post with your readers about cloud computing in everyday life.

In a nutshell, the cloud is a way to store data remotely, rather than on your home computer. This gives you easy access to your photos, documents, and other files from anywhere at any time. We are hoping that by spreading awareness about how the cloud works, we can help others make smarter decisions about what they post/share online.

We have put together a graphic discussing some of the most common ways you use the cloud. We would love to share this with you so that you can use the information to help create a post about how you use cloud computing in your day-to-day life.

Being the suspicious sort, I wondered if this was come kind of spam / scam. But it didn't feel totally spammy: there was no link to SingleHop in the email, his message text didn't come up in any of the hoax or urban-legend sites, and the company looks legitimate - though I cannot see how they will benefit from being linked to from my blog.

I wrote back to Sam, and sure enough he sent me a graphic. It looks sensible-enough, doesn't appear to have any viruses in it, and a Google image search isn't showing it anywhere else on the web. So far, so good.

I had asked "what's the catch" and he replied "No catch, we're just trying to spark discussion and create awareness about how people use the cloud. We’d love for you to talk about how you use the cloud, whether it’s to be productive at work, share special moments with friends or relax at home."

So here goes - a blog post about blogs, bloggers, Blogger and the cloud, with an illustration compliments of SingleHop (who didn't ask for the backlink).


Your blog is already in "the cloud"

For all the hype, "the cloud" is nothing new - at least not for individuals.

 As Sam said the cloud is just "a way to store data remotely, rather than on your home computer". 

I've been doing this on in Blogger since 2006 and doing it seriously (ie writing for more than just myself) since 2009. I've been using internet-email since 1987 - eve though most of the world didn't start until ten years later.   More recently I switched to using email accounts that let me keep all my email on-line and access it via IMAP rather than downloading it to my PC using POP3.

Obviously - if you have a blog made with Blogger, then it is already in "the cloud".

And this is true whether your have a public blog, or a private blog with restricted readers:  even those select people will be seeing the version of your blog that it on the internet.

The same if you are using Picasa-web-albums or any other picture-hosting service to keep photos that you show in your blog.   Or Youtube to store your videos, Google-Contacts to manage your address book, Google Drive to store the PDF files that you distribute through it, or a Facebook page, Twitter account or Pinterest boards to promote your blog.

These are all "in the cloud" because people who see them on your blog see the version that you uploaded to the internet, not the one on your home computer. This means that the pictures, videos etc can still be seen, even when your computer is turned off.

There are also new ways of interacting with your blog, which "the cloud" is making possible, eg I'm currently experimenting with an app called Pixlr, as a way to manage the size of photos loaded to my "quirky pictures from my city" photoblog directly from my phone.   But the basic idea - that your blog is "in the cloud" hasn't changed since well before the cloud became hip.


Are there other ways that you can, should and do use "the cloud"?

Probably. Some of these will just be about the way your blog develops - for example if you start makign vlogs (video-blog-posts), you can store them on YouTube.

Others could be more suable. Looking through Sam's picture (below), one issue that stands out for me is backup: as well as using Google Takeout to make periodic copies of the contents of all my blogs, I should probably start to save these somwhere extra-safe just in case anything bad happens.

And for some types of blog, using streaming-media might be important.  SingleHop says that this is for entertainment.  But I can easily see it being useful for choral singers who are learning new works, teachers who want to share their materials, and even sports players who want to train to specific regimes that are distributed by "video", and available to play when needed - as well as for bloggers who write about these topics.

More information

Sam's graphic is shown below: he didn't say whether it it was ok to include in my post or not, so I thought I'd risk it and share it with you - I'm sure he'll be in touch if he wants me to take it down!

Most probably, your blog itself will fit into his social media category: blogs are really just ultra-long Twitter posts, delivered inside a tool that gives lots of creative freedom about how material is displayed.

But in some cases, you may fit into the collaboration category, if you are writing a team blog and have set up other team-members to write in it. B ut what do you think - does it belong somewhere else?

The cloud, that big and nebulous thing that everyone seems to be using - does anyone really know what it is?   Cloud computing is actually pretty simple:  instead of storing information on a specific computer, it gets stored in a networked system that allow access from anywhere that you have an Internet connection.  Cloud computing is leveraged to deliver a wide variety of applications.   More of our lives are lived in the cloud every day, so we put together this list of the most common uses of cloud computing to help people understand what's going on.  File storage and transfer:  extend your hard drive by storing documents, apps and other files elsewhere.  Also, if you're cleaning up your computer and decide you want to keep some files on your desktop intead of your laptop, cloud systems are the most convenient way to move them over. Backup:  everyone has lost something irreplaceable, whether it's a precious picture, a key piece of financial information or the manuscript for the next Great American Novel.  Backing up your files remotely is recommended by many data experts, and cloud services are the best way for individuals and companies to do this. Entertainment:  Streaming media has become big.   Rather than packing computers with large swathes of music or video, many people are opting for services that serve up content on demand, which often means access to more entertainment options than if storing everything locally. Productivity:  When's the last time you got home and realised you forgot to pick up something at the store for dinner?  Many cloud services offer ways to plan your day, take notes and organize your whole life. collaboration:  for business or pleasrure, getting put from multiple people can be hard to pull off, especially when people live far away.   Cloud-based apps lets you work together to build documents, spreadsheets, presentations, brainstorms and a host of other ways to join family, friends, co-workers and business partners throughout the world. Social media:  from big-name services to small niche communities, people enjoy gathering on-line to share and discuss their favourite topics of interest.   The next time that you like, retweet or pin something, keep in mind that you're doing it in the cloud. Email:  Web-based email was a cloud service before the cloud was even a thing!   Instead of downloading electronic messages to your computer, the cloud lets you view them anywherever you want.  There are many other ways that cloud computing is used on a daily basis, of course, and SingleHop has a blend of Cloud services.   We'd love to hear about some of the ways you use your cloud on a daily basis.



What you can and cannot know

For most bloggers, their use of "the cloud" will be pretty invisible: they see themselves as using Blogger or Wordpress or whatever, rather than using "the cloud"

If you look harder at Sam's company website, you will see that they are offering virtual private cloud services. In very, very rough terms, this means they own a very large set of computers, and rent out space on them - set up so that only people from the organisation which has leased the space can see the space and use the computer-power behind it.  This is different to public cloud services, where the processing power is shared with other people using the same computer.

For almost all cloud systems that you will use as a blogger, you aren't going to be certain whether they are based on public-cloud or private-cloud services - but for all practical purposes, you don't need to know.


But is it safe?

This is the biggest question for most when people someone starts talking about "the cloud" - especially if they've heard about passwords being hacked etc

Certainly my first reaction was that the companies I work within my day job would never use the cloud, because they would have to put too much sensitive data onto computers outside their control. And for some, this is true.

But what I eventually realised is that generally the large "cloud services companies" provide better computer security than you do in your house - and far better than the single IT-staff person in a small company can manage.  So overall, I think it's now safe to say that "the cloud is as secure as any other computing tool you use", and that the biggest risk to the safety of your information comes from choosing bad passwords, or having viruses / malware attack your computer.


What do you think?

Are you happy that your blog is in "the cloud" - would you prefer a blogging solution that let you keep your private blogs, at least, in a non-cloud place?




Related Articles:

Understanding Picasa: Picasa-web-albums are Picasa "in the cloud"

Planning a social-media strategy for your blog.

Letting other people post to your blog.

Blogs, bloggers, Blogger - understanding the basic defintions around blogging

How to let another person load pictures to your Picasa-web-album

This article shows how to let another person (Google account) upload pictures to your Picasa-web-albums:   this is one possible way to work around the issues with Google's photo auto-enhance feature.

Picasa-web-albums and your Google account

Previously I've described Picasa desktop vs Picasa-web-albums, and noted that you can upload pictures to your PWA folders using either of the two pieces of software.

Each album and folder in Picasa-web-albums belongs to one Google account (which may or may not have an associated Google+ account).

Google now provide a tool to transfer Picasa-web albums from one account to another - but only once ever in the life-time of the album.   You cannot transfer ownership to one person now, and to another person in  a year's time (which is quite different to the way you can easily transfer other aspects of your blog to a new owners).

And Google also provide a way for an account owner to let another Google account add photos to the owners albums.


How to let another Google account add photos to one of your  Picasa-web-albums.

Log in to Picasa-web-albums using the Google account that owns the photo-albums and other related things (eg blogger administration rights), and which you want to be the main owner/administrator of your photos.
(See Stop being automatically redirected from PWA to Google+ Photos if you have difficulty staying in Picasa-web-albums.)

View the  individual album that you want to allow someone else to add photos to.

Click the Share button in the right-hand panel.

If your account does not have a Google+ Profile, then clicking the Share button opens the basic Picasa-web-sharing invitation.   In it:
  • Enter the email address of the Google account that you want to give upload permissions to, and any message that you want to send them., 
  • Tick "Let people I share with contribute photos".   
  • Then click Share Via Email.

Standard Picasa-web-albums album sharing settings screen


If your account has a Google+ Profile, then clicking the share button open a "Share on Google+" window.  To use this to give someone permission to upload to the album:
  • Remove any suggested circles
  • Enter the Google account name(s) that you want go give upload permissions to.
  • Click Share
  • When you return to the standard Picasa-web-screen, in the right-hand-panel, click the "allow uploads" icon to the right of the name that you entered.

Google+ Profile photo-album sharing request screen



Allow shared-with users to upload pictures to your album


What the people you have invited will see

The people who you have invited to contribute pictures to your Picasa-web-albums will get either an email message or a Google+ notification telling them about the permission you have given them.

When they go into Picasa-web-albums, they will see the album that you have shared listed as an album that they can see - and they will have an Add Photos link where they can upload pictures in the same way they would add photos to their own albums.


Sharing several or all your albums at once

Picasa does not seem to provide any options for this at the moment.





Related Articles:

Understanding Picasa vs Picasa-web-albums

How to set up a Google+ Profile for an existing Blogger account - and why you might not want to

How to set up a Google+ profile for an existing Blogger account

This article is about how to set up a Google Plus profile for a Blogger account which already exists.  It looks at the history of Blogger and Google accounts, how to make a Google+ profile for a Blogger account, and what the consequences of this might be.



Google+ and Blogger accounts

Once upon a time, you could sign up to use Blogger without using Google at all.

Then Google purchased Blogger, and over time the two types of accounts were slowly combined - and everyone who had an old "Blogger-only" account was asked to convert it to a Google account, which also gave them access to other features like Picasa-web-albums, Analytics, etc. People who signed up to Gmail first found that this made them a Google account that had access to email (via a gmail address), and Blogger, PWA, etc.

More recently, Google introduced Google+.

Today, people who sign-up to use Blogger are asked for their real name during the registration process, and are automatically set up with a Google+ account at the same time. But it is possible to opt out of this and not use Google+ with the Google/Blogger account. And there are many people - and organisations - who have Google accounts which were created before Google+ was launched and which do not currently have a Google+ profile.   This is is not a problem until the owner finds there is some feature in Google+ which affects how Blogger operates, eg the auto-enhance features in Picasa-web-albums / Google+ Photos.

Luckily it's very easy to set up a Google+ profile for an existing Blogger or Google account.   And doing this does not force you to actually use Google+ for anything:   it's possible to set up the Google Plus account, use it for whatever you need to, and then never use it again.


How to set up a Google+ account for an existing Blogger account


Log in to Blogger using the Google account that you use to edit / administer your blog at the moment.


In another tab or window in the same browser, to go www.plus.google.com


If your Google account is not already set up for Google+, then the Google Plus registration screen will open, with some details automatically filled in from your Blogger/Google account profile.




Check these details, enter a gender and date of birth, tick the "I understand the Picasa" changes box, and press Upgrade.


Depending on how Google has interpreted your name from your Google / Blogger profile, you may get an error message like this:
The name you entered doesn't seem to meet our Names Policy. Check it over and try again.
Did we mess up? Click here to submit an appeal (usually processed in 24 hours).
If so, you can either submit an appeal (by clicking the button) or change the name that Google suggested from your Blogger profile - for example by removing any hyphens from it..   Notice that they don't actually ask for your real name - even though this is what Google Plus is supposed to have.


Once you have resolved any problems with the name etc, your Google Plus profile will be created.



Customizing your Google+ Profile - or not

After your profile is created, the sign-up tool takes you through two more screens where you can connect to other people, and to choose people or pages to follow.  

If you want to use your Google+ profile, then it is a good idea to do this.

And if you don't connect to any people, you will get a message telling you that you might be lonely - just click Continue Anyway, unless this concerns you.







Has this linked your blog to Google+?

Absolutely not.  

The procedure described above simply creates a Google+ profile for the Google account that you are using.    It does not change your blog settings in any way, and any Blogger posts that you make will still be attached to your Blogger profile, not to the Google+ profile.

If you want to attach your blog to your Google+ profile, then you can change this by clicking the Get Started button on the Google+ tab, and accepting the changes.    But this is not compulsory - and it may not be a good idea on if you are an administrator of any team blogs, because this switch affects all your blogs.






Terms and Conditions

Notice that you were not asked to agree to any Terms and Conditions at any point in the Google+ account creation process - apart from agreeing that you understood the impact on your Picasa-web-albums.

However there are, of course, some.   You can read them here.  There is also a Names Policy, which says that:
Google+ profiles are for individuals. If you want to use Google+ to represent someone or something other than yourself -- like your business, your band, your family, or your pet -- you should create a Google+ page instead.

So if your Blogger account represents something other than you (eg I have one for my choir, and one for a local parents group), and you convert it to a Google+ profile, then you will be breaking Google's rules - even though they did not point this out to you during the conversion process, and even though there are some aspects than you cannot set for a Google+ page.

So you need to be aware of this, and weigh up whether the benefits of having a non-compliant Google+ account are worth the risks involved.

At the moment, it's just not clear how much Google are viewing this as a problem, and whether they will do things like delete Google+ profiles that break the rules in this way.    By comparison, Facebook do this.   But the Google+ situation is a little different because of the historic nature of the separate accounts.



Related Articles:

Understanding Google accounts

Ways to let other people contribute to your blog

How to keep your Blogger password safe

This QuickTip introduces a useful post about password management from Google.


quick-tips logo

Giving computer or password-management advice to people who don't have lot of experience with IT has always been challenging: there is a lot of background information that you need to know before it all starts to make sense.

And eaching colleagues to use a mouse back in the 1990s was a lot easier than explaining on-line services and security is in the twenty-teens!  I know that I'm not the only person who struggled to explain the difference between email and gmail to someone who just didn't understand "gmail is one type of software for doing emails" - he just kept asking "so what does fmail do?"

To help with this challenge, Google have released a very carefully written article with advice about managing passwords. My guess is that lots of research went into working out exactly how much someone who uses a few on-line services needs to know, and how to explain it simply.

They key points they cover are:
  1. Use a different password for each important service
  2. Make your password hard to guess
  3. Keep a copy of your password somewhere safe (and yes, it's ok to write it down, provided you write it somewhere safe)
  4. Set a recovery option.

And of course the article has plenty of useful links to show you how to do these things for your Google account.

There are a couple of things that I would like to say a little more about.


How to identify your important on-line services

This is a very personal process, and may vary over time.

Google, of course, think that your Google account is important. But that may not be true for everyone. For most people, the important services are:
  • Ones to do with money (on-line banking, AdSense, AdWords, other affiliate accounts, Amazon and others that you have your credit card listed with)
  • Their primary email account - the one that you set as the password-recovery email for other online services.

After that, it's very individual. For some people, Facebook is important, while other people don't use it at all. Ditto Twitter, LinkedIn, YouTube etc. Job-hunting websites may be very important at certain times in your life, and of no importance at all in-between times.

Personally, I started deciding if passwords were "important" or not years ago: ones that are vital always get a unique passphrase, while lower-priority ones usually get an obvious variation on one password that I use in lots of places.


Keeping your passwords somewhere safe

The issues you need to consider here are probably wider than you think.

Most people plan to deter hackers and other malicious people. Keeping passwords in a paper notebook in your bedside table, not beside your computer, is probably enough to keep things safe from them. (Unless of course you are so famous that hackers might break into your house looking for your password - and if that's the case, you probably don't need to read this post!)

But it might not keep them safe from obsolescence - for example from becoming out-of-date when you change a password or set up a new account on your computer but don't immediately walk upstairs to update your notebook.

And it most certainly won't work if there's a fire in your house: your passwords will be safe, but totally inaccessible too.  And while it's easy to say that if your house burns down you've got more important things to worry about, for people who make their living on-line, losing access to their accounts could make things a lot worse.

Personally, I haven't worked out a good solution for this yet: it seems to me that it's some kind of balance between keeping password in safe on-line services (as much as any electronic "vault" is every really secure), and using a range of off-line options.


What worries you about managing your passwords?

What happens to your blog if your Google account becomes inactive?

This article describes Google's Inactive Account Manager, a new tool that gives you control over what happens to your Google account if you don't log on to it for a period of time.



Ages ago, I read a thought-provoking article on ProBlogger about making a "blogging will". His main aim was to ensure that his family could access his business assets (ie his blogs etc) if something untoward happened to him.

Now, Google's Data Liberation Front have annnounced a new tool called the Inactive Account Manager, which lets Google account owners say what should happen if they ever stop using their account.

This tool lets you decide
  1. If and when your account should be treated as inactive
  2. What happens with your data if it becomes inactive, and
  3. Who else is notified, and what is said to them.

At the moment, it covers these Google tools - which are attached to your Google account:
  • +1s
  • Blogger
  • Contacts and Circles
  • Drive (which I guess means Docs too)
  • Gmail
  • Google+ Profiles, Pages and Streams
  • Picasa Web Albums
  • Google Voice
  • YouTube.

AdSense is a notable exception: I don't know what happens to your outstanding balance and income if your AdSense account becomes inactive.   But I suspect that it might be managed in the same way as a bank account or book royalties - and because each country will have different laws about managing estates and the like, it's not possible to let you "opt-out" in the same way as it is for regular data.


What situations is this for

There are a few scenarios that the IAM ("Inactive Account Manager" is such a mouthful) might be useful for.

Death / Serious illness or injury

The most obvious thing that you could use the IAM to provide for is if you unexpectedly die, or become so sick/injured that you cannot log in any more.

In this case, if your blog and other Google content (eg YouTube videos) is personal, you may or may not want family or friends to access it - and you may or may not want it to be deleted.

But if your blog belongs to an organisation or a business, it's quite a different scenario:   you will almost certainly want someone else to have access.

And if it contains material about a hobby or public interest topic, you may well want to have it transferred to some kind of "data steward" - or you may want your estate to manage it as an asset, if it is profitable.

Losing access to your account

Some people lose access to their Google account because they:
  1. Set them up with an external email address
  2. Lose access to that email address
  3. Forget the Google account password
  4. Cannot remember enough details to regain access via the forgotten-password wizard.
The IAM will only help these people if they have set it up, and if they (or a friend) still has access to the alternative email address they entered.   So it's not a universal cure for this problem, but may help a little.

Losing interest in your account

People's lives and priorities change over time.   The blog that was all-important ten years ago may now be a distant memory.   In this case, if IAM is set up, people will at least get a chance to think about whether they want to maintain what was there, or not

The best approach?

There is no "one right way" to use the IAM to look after your blog when you stop updating it.   It's a very private decision, and depends on what risks you think you want to cover off, and how you are using your Google account.

Personally, I don't think that losing interest or losing access are likely to happen.    So I've set up my IAM information to cover the first case, ie death or incapacity, and used it to send messages to carefully selected friends and relatives.  I could do more, eg include details about selling a couple of blogs that would be "assets" in the right hands, and send messages to the firm who would be looking after my affairs.   But it's a start - and as with so many "death and taxes" type of issues making a start is half the battle.


How to set up your inactive account information


Once you have thought about what sort of situations you want to deal with, then setting up your inactive-account information is pretty easy.

To start with, go to the Account Management option your Google account settings page.   Once you're there, there is an easy set-up wizard, which covers the following points.

Warning that you're in danger of becoming inactive

Google doesn't want your account to suddenly become inactive.   So they collect details are used to warn you by sending a text message to your cellphone and email to an alternative address, saying that your account is close to becoming inactive. The current definition of "close" is one-month. Basically, this is your chance to stop the account becoming inactive by logging in.  

They ask for:
  • A mobile phone number (which needs to be verified - so it must be one that you can access now)
  • An alternative email address (which isn't verified - yet!)

Setting the timeout period

You need to choose how much time needs to go by without you logging in before your account is considered to be inactive. The default is three months, and other options are six, nine and 12 months.

Who else to tell

You can nominate one or more trusted contacts - ie email addresses that receive notification, and (if you choose, access to your data), once your account actually becomes inactive.



For each trusted contact, you need to give some message-text and also say which specific Google products they should get access too.



You can also set up an auto-reply to messages to your Gmail account, which is sent in response to all incoming messages after your account becomes inactive - or at most once every 4 days if one account sends you lots of messages.


What happens to your account:

Finally, you choose whether to delete your data once your account is inactive - the default value is "no", but you should change it to "yes" if you want to be sure that your blog etc are removed.


Confirmation

After you have saved your settings, you will get an email confirming that you entered.    (In my case, this message took several days to arrive - possibly because I get up my IAM settings fairly shortly after it had been introduced.   Hopefully it's got quicker now.


Limitations of the IAM

At the moment, IAM lets you set thresholds, notifications and actions for a whole Google account - there is no way to say that some blogs should be kept, and some deleted.

And there are still lots of things that we don't know about how IAM will work in practise.
  • Do you get only one reminder - or one every time you reach the inactive-account threshold again  (ie every 3, 6, 9 or 12 months)?
  • What happens if you're one administrator of a team blog, and your account becomes inactive with instructions to delete it - but there are other member or administrators who are still actively contributing?   (I would hope that the presence of these people means that your "delete" instruction is ignores, at least for the blog.   But I suspect that this won't be an easy scenario to provide for - and it's possible that Google haven't worked through all the options here.

    Ditto other shared resources (YouTube Channels, Shared folder/documents in Drive, etc)?  The dimensions will be different in each product, but the underlying problem is the same.


So while I think that IAM is a great idea, I'm also a little nervous about what problems it could cause if people choose to delete things without thinking through all the consequences.

And if you are going to set it up for your own personal blogs, then maybe now is a good time to transfer ownership of blogs that you made for clubs / societies / organisations / businesses to generic accounts being managed for them.




Related Posts

Understanding Google accounts

Team blogs:  letting other people write to your blog

Transferring blog ownership

Understanding how Blogger and Picasa-web-albums work together

Setting up AdSense for your blog

The "Single-Slash Double-Dot" rule for identifying spam links in phishing emails

This article is about email phishing, and spam-links in emails: how you can recognize them and what to do about them.


Understanding Spam vs Phishing


Most people know what regular spam is. Phishing is a more sophisticated type of spam, which combines information that the spammer knows (or guesses) with conventional spam techniques. Often phishing emails are addressed directly to you, and offer a "product" or "service" that you might realistically want. For example, they may offer to fix a security problem with your on-line banking (just as soon as you have gone to their website and given them your real on-line banking details).

Bloggers are particularly susceptible to phishing emails, because we write websites where we share information about ourselves. For example, anyone who reads Are-You-Blogger should have no trouble guessing that I use both Amazon Associates and Chitika, and that I have a domain hosted with DomainDiscount24.  It's not much harder to work out that I'm interested in folk-music, and know a lot about public transport in my city. And even though I don't display my email address on the blog, it isn't that hard to guess from some of the screen-shots I use, or by subscribing to my RSS feed.    And you might be even more vulnerable if you link your blog to your Facebook profile instead of a Page.


Protecting yourself from Phishers

ISPs and email services detect and delete most regular spam emails before they are delivered. But this is harder to do with phishing emails, because they often look genuine. So you need to protect yourself against phishing.

The best way to do this is to be curious-and-cautious about any email you receive. There are lots of suggestions below about what this means, and what characteristics to look for. None of them can give a 100% certain answer about whether a message or offer is dodgy. But being aware of the sort of things you need to check, and in particular the "single-slash-double-dot" rule for checking links, is a an excellent start.


How to spot phishing emails

An email message may be a phishing attempt if some of the following are true:
  • You were not expecting the message, or any contact from the organisation it apparently comes from.
  • You've never heard of the organisation or company that it comes from - or you don't have any dealings with them.
    (That said, sometimes unknown organisations do contact you - try to establish their legitimate website or phone number from another source, to check if they're "for real" or not).
  • The message asks you to confirm account details by giving some personal information: no reputable company will ever want you to do this by email. Intelligent reputable companies will not expect you to do so by clicking on links in their website.
  • The message tries to make you respond quickly, to stop something bad from happening. (Basically, they're trying to stop you from thinking about the message before you respond to it.)
  • An email doesn't have your address in the To field - or it has your address and many others which you don't know.
  • The message-body doesn't start with your name (eg if it says "Dear Customer" instead of "Dear Joe Soap")
  • The from address, or the name as the bottom of the message (like the "signature" in a paper-based letter) is missing, or seems strange given where the message came from.
  • Bad spelling. Bad grammar. Poor formatting. Odd looking graphics / pictures / logos. Strange sentence structures (either to try to trick you, or because the author doesn't know your language well).

None of those features guarantee that a message is dodgy. But any of them should be enough to make you a little suspicious.

But there are some features that are more of a give-away:
  • The URL / hyperlink in the message isn't the right one for the company (eg it's from www.ebay.org instead of www.ebay.com)
  • The message contains a link which doesn't match the website show when you hover the mouse over it eg www.amazon.com - notice that it's linked back to Blogger-HAT instead of to the real Amazon.
    NB Even if a link looks like a link, ALWAYS check where it goes to by hovering your mouse over and seeing what the "tool tip" text is.
  • The message uses an URL shortening service (eg tinyurl.com, bit.ly, goo.gl) which stops you from checking where the link really goes.
    (This is a good reason why you shouldn't use link shortening services yourself:  they make it look like you have something to hide. Whenever I tweet about a post, I always put in the full URL: even though Twitter doesn't display all the characters in the message, they are available to anyone who hovers over the link).


A simple rule for evaluating links:

The last three points are the most helpful - but they rely on you being able to look at a website-link and know if it's spammy or not.

And spammers know that it's easy to confuse people by showing them long, complicated real links, that superficially look like real ones.  For example, consider
www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html
Lots of people will look at this, see the "cnn.com" and think "ahh, that's a reliable news site, it must be fine."   But that's not actually true.

Fortunately there's a simple rule that you can use to find the real website that a link points to. It is
Single-Slash, Double-Dot

To use it, look at where the the link really goes (by hovering the mouse above it) and:
  • Find the first single forward slash
  • Look at the words between the two or three dots just before the slash
  • Decide if the link is genuine, based on these words.

The Single-Slash Double-Dot rule explained


In the example above, the first single forward slash is actually half-way through the link:
www.cnn.com.newslist.2013-01.headlines.trouble.com/headline-listing/xx03/index.html

So the website that it is pointing to is actually trouble.com - which might not be a place that you want to visit.  Compare this with
http://www.bbc.com/future/story/20130129-blue-heart-of-the-planet
where the first single-slash is quite near the start, just before the very genuine www.bbc.com.

In summary, the website name between these two or three dots should match the one that is shown in the email, and should be the right one for the company. For example, one of these points to the real TradeMe, and one doesn't:
TradeMe 
TradeMe
(Yes they look the same:  remember you need to start by hovering your mouse over the links, to find out where they really point to.


Two vs three dots?

You sometimes have to check back three dots because some countries have two-level internet addresses. For example, instead of .com you will find
  • .co.uk - in the United Kingdom (two level, so you need to check three dots)
  • .com.au in Australia (again,two level, so you need to check three dots)
  • .ie - in Ireland, (single-level, so you only need to check two dots).

So like the many internet security issues, there are still judgements you need to make, and knowledge you need to apply.   But still, it's fair to say that you can ...
Use the single-slash-double-dot rule to work out where the link in an email message really goes to.
[Tweet this quote].


What do to if an email or link is suspicious

With old-fashioned spam, the rule was always to delete the message, no questions asked.

With suspected phishing emails, it's a little harder.   You need to make a judgement:
  • What are the chances that this is genuine?/
  • What are the consequences if it is genuine, but I ignore it?
  • Is there some other way that I can check out this out, without clicking on the link in the email? For instance by going directly to the banks' website by typing in the address myself - or by phoning the person to ask if they really did email me.

You need to weigh up these three factors, and based on them decide whether to investigate further (eg by going to the website directly, or emailing the sender for more information, whether to trust the email message, or to just delete it.


TL/DR:

Phishing emails use information about you to personalize spam.

Apply common sense and intuition to every email that you receive. Check that links go where they are supposed to - and don't click them if they don't.

Use the single-slash-double-dot rule to work out where the link in an email message really goes to. [Tweet this quote]






Related Articles:

Displaying email addresses on your blog

Offering an RSS feed

Linking your blog to your Facebook profile

How to make a "tweet this quote" option.