Categories
oliverwjones

An Email Automation Marketing Platform

The purpose of this article is to describe the architecture and implementation of a cost-effective and basic email marketing platform, It’s easy to manage, relatively easy to build, and scalable. It’s a great solution for startups or a business unit to keep in touch with their clients.

I won’t be talking about acquiring emails, opt-in approaches, or the regulatory aspects of mass emailing. My opinion is that email acquisition should be approached with integrity. The popular email hosts have effectively implemented spam blocking and a reputation measurement, so to acquire emails otherwise, seems like a waste of time. But we’ll leave that subject for another post!

The primary components of the solution we’ve built include:

  • A SendGrid Marketing Plan
  • SendGrid API’s
  • A Supabase DB
  • Vue/Nuxt 3
  • A Digital Ocean App Instance

We were already familiar with the SendGrid Email API for individual sends that we integrate commonly with Stripe. Therefore, when we decided to add an email marketing platform to our process, SendGrid Marketing was an obvious choice. We were specifically interested in SendGrid’s dynamic templates and SendGrid’s automation functionality. The dynamic templates are available across plans, allowing you to pass (auth codes, names, products, quantities, etc.) to the template and trigger an individual send.

They have plans that run from free to over $900.00/month with a ‘Basic’ and ‘Advanced’ delineation. We were interested in automating a series of emails to a specific list of contacts and this put us into the ‘Advanced’ category where for 10k contacts and 50k emails you start at $60/month.

The automations are interesting because they can be triggered by adding an email to a predefined list, which is a subset of the complete contact list that you’re being charged for.

You simply create a list, add an email address to that list and it triggers an automated send of 1 to n predefined emails with a preset time period between each send.

That looks great but would the API allow us to manage this directly from our front end? The short answer is yes. But they’ve designed them to make a few tasks overly complicated. I’ll get to that later, but for the moment the SendGrid Event Webhook worked well allowing us to capture the standard events (delivered, blocked, bounced, opened, clicked, etc.), and the SendGrid API allowed us to add/update/delete from our contact lists which could in turn drive the automations.

Supabase…

This was a difficult choice, you have plenty of other options. We’ve used Firebase, our own servers, and a bunch of other public options, but I wanted to experiment with Supabase. Their reputation seems to be positive and improving. The free plan was feature rich and accessible. It was all I needed to get the architecture in place and I’d set up a basic test in no time. But… Setting up RLS (Row Level Security) with confidence is difficult, and borders on incomprehensible. And the Supabase AI RLS-wizard-help-assistant-tool, must be alpha-alpha, because it only added to my confusion. Poke around enough and you’ll get it working but you won’t have much confidence that it’s policies correspond to your needs. If you’re working on anything sensitive, make sure you dig into this with patience.

Supabase is storing our parsed events from the Sendgrid Webhook. The SendGrid Webhook documentation is here. The idea was to store individual mail events into the Supabase tables, extract and prioritise the contacts associated to a specific mailing. For example a ‘unique click’ on one of my email links, makes THIS event, just a bit more valuable than an unopened delivery event. Maybe I’ll add a specific ‘weight’ to this contact. Keep in mind the event we’re writing into a Supabase events table is for a specific contact, and a specific email automation. The next event might be for the same contact yet from a different automation. I can gather and infer a lot of data from this basic event tracking.

Nuxt 3…

I’ll go into more detail later, but writing and exposing the API which handled the SendGrid Webhook was the key challenge. If you’re familiar with Nuxt 3, you drop an EventHandler into the server/api directory which parses the Webhook, checks SendGrid for the contact id and writes the email, timestamp, and Automation name to Supabase. The code would look something like this:

import { createClient } from "@supabase/supabase-js";
const supabaseUrl = process.env.SUPABASE_URL!;
const supabaseKey = process.env.SUPABASE_KEY!;
const supabase = createClient(supabaseUrl, supabaseKey);


interface EventData {
email: string;
timestamp: number;
event: string;
category: string[];
mc_auto_name: string;
}

export default defineEventHandler(async (event) => {
const body = await readBody(event);
if (Array.isArray(body)) {
for (const item of body) {
if (item.event) {
const listIds = await findContactId(item);
await insertEventToSupabase(item, listIds);
}
}
}
return { success: true };
});

async function insertEventToSupabase(eventData: EventData, listIds: string[]){ ... }

async function findContactId(eventData: EventData) { ... }

Digital Ocean App Platform

You’re familiar with this fully managed hosting solution. I’m a fan. I’d highly recommend configuring your Repo to work with DO’s App Platform. It’s a major time-saver.

Say it again…

Now that you see the different elements, lets do this again.

Start with the Supabase db, add an events table, and set up RLS. Prepare your SendGrid Webhook, capture it with a Nuxt API, parse and write the event to Supabase, build out a front-end in Nuxt 3. That’s it!

Starting with just individual events from SendGrid you can build out contact lists, statistics, automation triggers, list builders, etc. There is a huge potential for interacting directly with SendGrid based on metrics or unique filters which you might define and discover on the front end. For example, I’ve set up a bunch of filters and one of them shows me users who have opened the email multiple times but never clicked on a link. I want those users to cycle into another list – an automation – which is maybe more ‘click motivating’! You get the idea.

Categories
datacappy dsdefender oliverwjones

TikTok Under Scrutiny: The Need for a Comprehensive Data Privacy Strategy

The House of Representatives recently approved a legislative measure that might either outlaw TikTok or compel its divestment. This decision stems from dual concerns: Firstly, there’s apprehension about the potential for TikTok, given its extensive influence and capabilities, to mold public opinion in the United States through the content it disseminates. Secondly, the extensive data harvesting practices of the platform raise alarm. Both issues are significant and warranted earlier intervention. A critical flaw in the legislation, however, is its exclusive focus on TikTok without considering the broader landscape of applications that exploit user data for their benefit.

The power TikTok wields in shaping public discourse became evident when it motivated users to contact their congressional representatives en masse to express opposition to the proposed ban, thus demonstrating its capacity to potentially manipulate public sentiment. This incident underlines a significant concern for national security.

The core of TikTok’s dominance lies in its data collection capabilities, driven by an opaque algorithm that remains a mystery outside of TikTok and its parent company, ByteDance. Critical questions about the app’s operations, such as whether it employs background keystroke logging or the final recipients of the collected data, and whether artificial intelligence is used to profile its users, are of paramount concern not only to the lawmakers for national security reasons but should alarm the users as well.

The legislative attention on TikTok overlooks the expansive and equally vital issues of data privacy and potential abuse. The presence of foreign threats indeed warrants concern, yet the overarching practices of data collection across the board pose a substantial risk that should not be ignored. The persistent cyber-attacks on major corporations, exemplified by Microsoft’s battle against Russian malware, highlight the ever-present danger of data breaches. This situation points to the urgent necessity for a comprehensive strategy that safeguards data and upholds privacy across the entire digital landscape, rather than isolating specific platforms. Adopting such a holistic approach is imperative for tackling the multifaceted challenges of data security and protecting user privacy in our globally connected digital environment.

Categories
datacappy dsdefender oliverwjones

French Cyberattack affecting half of the French population

In late January 2024, France experienced its largest cyberattack to date, affecting approximately 33 million people, nearly half of the nation’s population. This significant breach targeted two French health insurance service providers, Viamedis and Almerys, responsible for managing third-party payments for medical insurance companies. The compromised data includes sensitive personal information such as civil status, date of birth, social security numbers, health insurer names, and policy coverage details for insured individuals and their families. However, it’s been reported that banking information, medical records, healthcare reimbursements, postal addresses, phone numbers, or emails were not believed to be affected by the breach​​​​.

This incident underlines the critical vulnerabilities in the digital infrastructures of health care systems and raises significant concerns regarding the protection of personal data. The cyberattack was orchestrated via phishing, exploiting healthcare professionals’ logins to gain unauthorized access. The French data protection authority, CNIL, and the affected companies have confirmed the scale and sensitivity of the data involved, prompting an immediate investigation to understand the full extent of the breach and to identify the perpetrators​​.

The implications of this cyberattack extend beyond the immediate risk of identity theft and fraud for the individuals affected. It emphasizes the growing challenge of securing sensitive personal data against increasingly sophisticated cyber threats. The incident serves as a stark reminder of the potential consequences of digital vulnerabilities, particularly in systems as critical as health care, where the stakes for privacy and data security are exceptionally high.

The breach also highlights the necessity for robust cybersecurity measures, continuous vigilance, and rapid response strategies to mitigate the risks and impacts of such incidents. It underscores the importance of strengthening the digital infrastructure and security protocols within the healthcare sector and beyond, to safeguard against future attacks that threaten personal privacy and the integrity of critical systems.

This event should serve as a catalyst for broader discussions and actions on improving cybersecurity measures, enhancing data protection policies, and fostering a culture of security awareness among all stakeholders involved in handling and protecting personal data.

Sources: link 1, link 2, link 3

Categories
datacappy dsdefender oliverwjones

Opt-in Surveillance

Admittedly, chatGPT got us started on this article… It brings up some great points and we thought you’d like them as well!

The concept of “opt-in surveillance” raises important philosophical and practical questions about genuine choice and consent in the digital age. While, on the surface, many services appear to offer choices, the real dynamics underlying these choices are more complex:

  1. Ubiquity of Services: Many digital services, like Google, Facebook, and others, have become so integral to daily life and professional requirements that opting out can significantly hamper one’s ability to communicate, work, or socialize. In many contexts, using these services is less a choice and more a necessity.
  2. Illusion of Choice: Even when alternatives exist, they might not be practical. For instance, while one can use non-mainstream search engines that prioritize privacy, they might not offer the same efficiency or results as industry giants like Google.
  3. Opaque Terms of Service: Most digital platforms require users to agree to terms of service before using their products. These documents are often lengthy, filled with legal jargon, and are not thoroughly read by the average user. Even if users read them, they often don’t have the option to negotiate terms; it’s typically an “all or nothing” agreement.
  4. Data Collection by Default: Many services, especially free ones, collect data by default. While some allow users to limit data collection, these settings can be hard to find, understand, or modify.
  5. Network Effects: Some platforms, especially social media, have value tied to the number of users. If all your friends and family are on a particular platform, there’s considerable social pressure to join, regardless of the platform’s privacy policies.
  6. Economic Constraints: Privacy-focused services often come with a price, as they don’t monetize user data. Not everyone can afford to pay for privacy, leading to a situation where privacy becomes a luxury.
  7. Lack of Awareness: Not everyone is aware of the extent to which their data is collected, stored, and utilized. Without this knowledge, users can’t make informed decisions about using a service.
  8. Interconnected Data Ecosystems: Even if one opts out of a specific service, their data can still be accessed indirectly. For example, a person might not use a particular social platform, but if their friends do and share information about them (like photos or tags), their data becomes part of the platform’s ecosystem.

While “opt-in” suggests a proactive and informed choice, the reality is that many people feel they have little to no choice when it comes to using digital services. Given this landscape, there’s a growing call for clearer regulations, more transparent business practices, and increased public education about digital rights and privacy.

Categories
datacappy dsdefender oliverwjones

10 ways to protect your personal information from AI

Artificial intelligence (AI) is an increasingly powerful tool that is being used by companies and governments around the world to process and analyze vast amounts of data. While AI can be used for many beneficial purposes, such as medical research and fraud detection, it also has the potential to be misused or to infringe on our privacy.

  1. Use a VPN: A virtual private network (VPN) is a tool that encrypts your internet traffic and hides your IP address, making it more difficult for AI to track your online activities or identify your location. By using a VPN, you can protect your online privacy and prevent data breaches.
  2. Be Careful What You Share Online: One of the easiest ways for AI to collect personal information is through social media platforms and other online services. Be careful about what you share online, including sensitive information such as your full name, address, or phone number.
  3. Use Strong Passwords: AI can be used to crack weak passwords, so it’s essential to use strong, complex passwords for all your online accounts. Use a combination of letters, numbers, and symbols, and avoid using the same password for multiple accounts.
  4. Enable Two-Factor Authentication: Two-factor authentication (2FA) is an extra layer of security that requires you to enter a code or use a biometric factor in addition to your password to access your accounts. This can help protect your personal information from AI.
  5. Keep Your Software Up to Date: Keeping your software up to date is essential to protect against security vulnerabilities that could be exploited by AI. Make sure to regularly update your operating system, web browser, and other software to the latest version.
  6. Limit the Information You Provide: When creating accounts or filling out forms online, only provide the minimum amount of information required, and avoid giving out sensitive information such as your social security number or financial details.
  7. Be Cautious About Public Wi-Fi: Public Wi-Fi networks can be insecure and are often targeted by hackers and AI tools. Avoid using public Wi-Fi for sensitive activities such as online banking or shopping, and if you do need to use public Wi-Fi, use a VPN to protect your personal information.
  8. Use Anti-Malware Software: Malware and viruses can be used by AI to collect personal information from your device. Use anti-malware software to scan your device regularly and remove any malicious software.
  9. Be Cautious About Emails and Messages: Phishing attacks are a common method used by hackers and AI to collect personal information. Be cautious about emails and messages that ask you to provide sensitive information or click on links.
  10. Read Privacy Policies Carefully: When using online services or apps, make sure to read the privacy policies carefully. Look for details about what information is collected, how it’s used, and whether it’s shared with third parties. If you’re not comfortable with the terms, consider using a different service or app.
Categories
dsdefender oliverwjones

Android Phones from China – A Greater Privacy Risk than TikTok?

If you’re concerned about national security, there are many scarier things than Chinese weather/spy balloons and TikTok. Maybe the balloon was just a distraction. Maybe the Chinese are concerned that US lawmakers will figure out Tik Tok isn’t the only way they can spy on us.

Think about how much information your phone collects about you every day—apps you use, products you buy, friends you text. Most people allow their phones—and their homes—to listen to and record everything they say. And most people allow their phone to track their location, count their steps, and gather other personal information. But have you ever thought about where this information goes? Who gathers it? What do they use it for?

Most of us have no idea where the websites and apps we use were built or who built them. Websites load cookies onto your browser, allowing you to be tracked across the internet. Apps have the ability to access your camera, microphone, your contacts, and other private information. Are you certain the latest game you downloaded wasn’t produced by developers in Russia, North Korea, or Iran? And then there’s the equipment itself to consider.

Laptops and phones produced by Chinese companies are way more dangerous than Tik Tok and spy balloons. The Trump administration made it illegal to use components from Huawei and ZTE (two powerful Chinese companies) in American cell towers. It was a good first step, but we need to go further. There are several Chinese companies that sell mobile phones and tablets in the US. The most popular is Xiaomi. It uses the MIUI operating system that is based on Android. This operating system has the capacity to collect almost everything done with the device. Opoo is another that uses its own form of Android. Lenovo, maker of widely popular laptops, is a Chinese company, too.

These phones and computers should be banned by the US government as well. They pose a greater risk to US national security than Tik Tok or a surveillance balloon. Until lawmakers understand the real threat posed by digital devices—hardware and software in our homes in and in our pockets, constantly gathering personal information—our national security is at risk.

Categories
datacappy dsdefender oliverwjones

What’s Your Name? Data Brokers Are Selling It Right Now.

Go ahead. Search for yourself online. Your address? EASY. Your telephone number? EASY. Your family members? EASY.

Anyone wanting to find out information about you can pay quick $ for a detailed file. Public records are, well, public. Marriage licenses, driver licences, property ownership, voter registation, vehicle registration, you name it. Currently, public records are not protected and data brokers have full access. Your own government and state/local agencies are the ones who sell your information to these data brokers. If you are an activist of any kind and someone wants to harrass you, it’s not hard to find you. Read here about the nuances and difficulty in trying to scrub your personal information from the internet. We have to keep this conversation alive and spread the word. Your privacy is at grave risk.

Categories
datacappy dsdefender oliverwjones

Are YOU the Algorithm?

Every tap on that keyboard, every search or purchase online, every time you say, “Hey Siri…” are all trackable behaviors which create your digital footprint. Take this trackable behavior a few layers deeper and you are unknowingly traveling down the tunnel of algorithms.

An algorithm, in the simplest form, is a command: “If this, then that.” For example, if this birdseed is sprinkled out on the ground, then the birds should come eat it. It’s a predictive model. If the birds do not come, then we try another area where they will come until we have success. Turning this model towards our brains on the internet, algorithms are underlying everything we do. If you spend a little time viewing puppies on Instagram, you will be served up posts and Reels that are suggestions based upon your previous puppy viewing. Instagram tracks your behavior and assumes that if you watched these puppies, then you must like puppies, dog food, dog toys, kids with puppies, puppies pooping and literally anything with puppies in it. The more you watch these suggestions, the more the algorithm fine tunes your online profile…and off you go merrily falling into the trap.

If you want to take this to an even deeper level, LinkedIn ran a series of experiments with their “People You May Know” section. Did you ever wonder how any of that worked and how “magical” it seemed that your friend you had not thought of in 30 years suddenly appeared as a contact? Your behavior while using LinkedIn was tracked for every step you took and algorithms were tested on users. Every bit of your posted information and resume was scrubbed to help build these algorithms. Were you doing the work on this platform or was it working you? Are the suggested jobs truly based upon your organic searches or upon LinkedIn’s algorithmic guesses on where to steer you? The bigger concern is whether you even knew this was happening. Did you give permission for your information to be made into a experiment and used to manipulate results? Take a look here and read more about LinkedIn’s so-called tests on its users.

Categories
datacappy dsdefender oliverwjones

Do kindergarteners need to know their heart rate?

Apple wants to slap their watches on your children’s wrists.

Let’s add some more anxiety into our children’s lives.

Every phone call, every Siri command, every tap, every text, everything your child does with this tool will be data-tracked and kept on file with Apple. And after that, every ad your child sees on a device will be catered to your child based upon all the conversations and behavior while using the watch. If this is not enough to creep you out, we don’t know what is. Under the guise of parental control and safety, Apple is cleverly marketing their watch to younger and younger users.

Should a kindergartener obsess over heartrates? Has helicopter parenting soared to new heights? Attention spans at this young age are hard enough to manage and now, teachers will be tasked with corraling device behavior in their classrooms at an even younger age. Imagine a classroom of five-year-olds with texts pinging or buzzing on their tiny wrists. This new generation of learners has already been gobsmacked by Covid’s shrapnel. Adding an Apple Watch is just one more anxiety-provoking leash. Every move they make is being watched by their parents…and tracked by Apple.

Read more here.

Categories
datacappy dsdefender oliverwjones

Do You Want Instagram to Remix Your Privacy?

Using Instagram’s Remix feature makes your content fair game for anyone to use. Is that what you want?

If you have a public account on Instagram, any of your posted videos or Reels are considered fair game to be remixed without permission. Important to note: The remix option in Settings is defaulted to ON (shame on you, Instagram!). A lot of people open an account and never think to make it private. Instagram capitolizes on this behavior to saturate IG social media with as much content as possible and to compete with TikTok’s Duet feature.

If you want to double-check your IG account to set it to private, that solves the Remix permissions and automatically removes the remix option. Phew! If you want your account public but do NOT want your video posts to be remixed with other random content and posted who knows where, here is how you turn that off:

1. Go to Settings

2. Tap Privacy

3. Tap Reels and Remix 

4. Under Remix, in Allow Remixing, turn OFF ‘Allow for reels’ and ‘Allow for feed videos’. Note that this new feature is auto-defaulted to ON unless you make this change.

If you want your videos remixed, leave as is but user-beware—they can show up anywhere and be used completely out of context without your permission. Remember, leaving the remix to ON means your videos can be used by anyone, anywhere.

Coming soon to a phone near you: remix for static photos. It’s already here and starting to show up as Instagram does a slow roll-out. Watermark those photos and put a (c) All Photos Copyrighted in your Instagram Bio for a small level of protection but…it’s Meta…watch out. Same settings will apply so check your account to see when you are offered the feature and turn them OFF.

To read more about the remix feature, click here.

To read more about remix on static photo posts, click here.