Two little annoyances

Since it was raining this afternoon, I did a couple of things that have been bugging me for a while. Here are some quick notes.

GiffGaff ‘adult’ filter

GiffGaff is a really great pay-as-you go mobile provider for people like me who use a lot of data (the £12 per month option gives you unlimited data and I can use the minutes for confcalls). However, it runs on the O2 network who use a blacklist for ‘adult’ content. Mostly when I hit a blocked page it is a random blog I have arrived at via Twitter, and it is not clear why it is ‘adult’. I don’t know where these lists come from, nor how sites end up on one. As this powerful survivor post and this ORG post on the Cameron firewall illustrate, it is far from obvious how to make the distinction between the kinds of sites that might help people who are victims trying to find out more, and the kinds of site that kids shouldn’t be looking at.

I loathe this conflation of ‘aimed at over 18s’ and ‘porn’, and these are difficult issues. But ok, I am an adult. If you go to GiffGaff’s ‘remove adult filter’ in the UK you get the option to

A). Add two lines from your machine-readable passport (the ones with all the <<<<s in them) OR
B). Add in your gender and drivers' license number

I don't drive (and I don't see what my gender has to do with anything – anyway, can't you drive when you're 17?). So, passport then. The two lines include my: name, gender, date of birth, passport number, passport expiry date (and four checksums).

I really object to this. I'm pretty careful with my data and I don't expect to have to give out a surfeit of personal information to a site just to look at a blogpost when I'm on the move. I was getting angry about this on Twitter and someone (I forget who sorry) suggested that I could use this algorithm to generate the appropriate string. And it works: I made one change to my passport number to test it. The code is here. Make sure you get the length of the first string right – the error reporting is ambiguous. Given that it is a publicly available algorithm it maybe wasn’t the best way for them to get people to prove their age.

Getting back Nike Fuelband data

I love my fuelband and have successfully gamified myself into doing much more moving about than I used to do because of it. The Fuelband is a robust, water-resistant accelerometer worn on your wrist. You set an activity goal in terms of Nike Fuel ‘points’ (whatever they are), but it also tracks steps and has a nice watch and lots of colourful LEDs light up when you reach your goal.

It is a USB device, and when you plug it in it phones home, firing up an app on your laptop and sending your data to the Nike cloud where you are supposed to compare progress with others and get badges for progress and other nonsense. Actually I find that I use it as a quick check of my activity levels throughout the day, and I don’t really look at my graphs, which in any case are not that interestingly implemented. I’ve been learning d3.js and I reckon I could make some nicer graphs, but there is no way to get an export of the data. Nike are planning a developer API but it is not available yet. Nevertheless, people have managed to get their data back, and I used this video to get mine. The short version:

  • you need the device id and an access token, which you can get using (for example) Burp, by setting it as the https proxy – (I had to click ‘forward’ to get it to work; I didn’t have to install the CA)
  • then you can make API calls like this:

curl -H "Content-Type: application/json" \
-H "appid: fuelband" \
-H "Accept: application/json" \


Extremely easy in fact.

I’d prefer for it not to send the data to Nike at all, but that will have to wait. There is more detail about the API calls available in the video.

(As a side-note, I suspect that these activity devices are not about selling hardware; a friend got Fitbit to send her a new one after she lost it, which is great customer service but suggests their business model might lie elsewhere).