apple store 慢_建议改善与Apple Store(以及一般的Cloud Services)的客户互动
apple store 慢
备用标题:“良好的欺诈检测是什么样的”(Alternative Title: "What good fraud detection looks like")
My recent 'screed' called "Welcome to the Cloud - "Your Apple ID has been disabled" got a number of people talking. Yes, Gruber's DF called it a 'screed' which is a common enough term on his site I suppose. Sure, it was a rant, I'll accept that.
我最近的“冗长的句子”称为“欢迎使用云-“您的Apple ID已被禁用”引起了很多人的讨论。是的, Gruber的DF称它为“冗长的句子” ,这在我想的网站上已经很常见了。 ,这是一种咆哮,我会接受的。
MG Siegler from TechCrunch had these comments, some very valid. Emphasis mine.
来自TechCrunch的MG Siegler发表了这些评论,其中一些非常有效。 强调我的。
But what Hanselman, who happens to work for Microsoft, seems most upset about is that Apple sent him a email warning him of strange activity on his account, but worded it in a way he didn’t like. And then they locked down his account with wording he didn’t like. And they made him go through iTunes to double-check his activity.
但是,碰巧在微软工作的汉瑟尔曼(Hanselman)似乎最不高兴的是,苹果向他发送了一封电子邮件,警告他帐户中有异常活动,但用他不喜欢的方式措辞。 然后他们用他不喜欢的话锁定了他的帐户。 他们让他通过iTunes再次检查了他的活动。
And he doesn’t like that Apple knows what device he has, but let the download happen anyway. I mean, people buy new devices all the time. What’s the proposed solution here? The perpetrators clearly had the correct Apple ID and password. I’m not sure what you can do to protect against that. Kill the cloud?
而且他不喜欢苹果知道他拥有什么设备,但是无论如何都要让下载发生。 我的意思是,人们一直在购买新设备。 建议的解决方案是什么? 犯罪者显然拥有正确的Apple ID和密码。 我不确定您可以采取什么措施来防止这种情况的发生。 杀云?
I honestly don't how my Apple ID account was compromised. I had a high-entropy generated site-specific password. I've scanned all my systems for trojans, keyloggers and rootkits. However, that's not the point, nor was it the point of the post (although it was a bit of a rant on my part, admittedly.) The point isn't even Apple-specific, although they are an excellent example.
老实说,我不会破坏我的Apple ID帐户。 我有一个由高熵生成的特定于站点的密码。 我已经在所有系统上扫描了木马,键盘记录程序和rootkit。 但是,这不是重点,也不是发布的重点(尽管,这对我来说有点麻烦)。尽管它们是一个很好的例子,但该重点甚至不是特定于Apple的。
This security related user interaction could just as easily been on Xbox Live, Amazon Kindle, DropBox, or any of a hundred other Cloud services. Regardless of how the fraud occurred, what happens next is a user interaction point that is an opportunity to make things right for the customer.
与安全性相关的用户交互可以轻松地在Xbox Live,Amazon Kindle,DropBox或其他一百种Cloud服务中进行。 无论欺诈是如何发生的,接下来发生的都是用户交互点,这是为客户提供正确解决方案的机会。
Before I worked for Microsoft, I was the Chief Architect at an Online Banking vendor. At our high point, 25% of the retail online banking in the US ran through the system I worked on. We worked half the top ten banks in the country, as well as banks overseas. We worked with anti-fraud systems and the FBI. We designed a number of interesting systems around keeping users safe and informed.
在为Microsoft工作之前,我曾是一家在线银行供应商的首席架构师。 在高峰期,美国25%的零售在线银行业务是通过我使用的系统运行的。 我们为全国十大银行和海外银行提供了一半的服务。 我们与反欺诈系统和FBI合作。 我们围绕保持用户安全和知情而设计了许多有趣的系统。
For example, in one system, if your account password is compromised the bad guys could be able log into and see your account balances. However, there was a scale of 'risky operations' from seeing your account numbers (hidden by default) to transferring money internally (risky) to transferring money overseas (very risky) that would throw up gauntlets. Using Bayesian algorithms we would assign a user's session and their activities a risk value. When those values passed a threshold, we get challenge them for more information. The user isn't bothered when they do the stuff they always do from the computers they always use. But if you're suddenly on a new browser from a new system in a new country doing something you've never done before, we'll challenge you. This kind of adaptive real-time fraud detection with security gates is will have to become the norm in user interactions with Cloud Services.
例如,在一个系统中,如果您的帐户密码遭到破坏,则坏人可以登录并查看您的帐户余额。 但是,从查看您的帐号(默认情况下为隐藏)到内部转帐(风险)到海外转帐(非常冒险),这存在一定程度的“风险操作”,这会带来麻烦。 使用贝叶斯算法,我们可以为用户的会话及其活动分配风险值。 当这些值超过阈值时,我们将挑战它们以获取更多信息。 当用户从他们经常使用的计算机上执行他们总是会做的事情时,他们不会受到困扰。 但是,如果您突然从一个新国家的新系统中使用新的浏览器来执行您从未做过的事情,我们将挑战您。 这种具有安全门的自适应实时欺诈检测将必须成为用户与Cloud Services交互的规范。
MG Siegler calls me out here:
MG齐格勒在这里叫我:
Apple sent him a email warning him of strange activity on his account, but worded it in a way he didn’t like.
苹果向他发送了一封电子邮件,警告他帐户中有异常活动,但用他不喜欢的方式措辞。
这是电子邮件,它给我的感觉是。 然后,我将提出一个解决方案。 (Here is the email and what it made me feel. Then I'll propose a solution.)
Your Apple ID was just used to purchase 明珠三国OL from the App Store on a computer or device that had not previously been associated with that Apple ID.
If you made this purchase, you can disregard this email. This email was sent as a safeguard designed to protect you against unauthorized purchases.
If you did not make this purchase, we recommend that you go to iforgot.apple.com to change your password, then see Apple ID: Tips for protecting the security of your account for further assistance.您的Apple ID只是用于在以前未与该Apple ID关联的计算机或设备上从App Store购买明珠三国OL 。 如果您进行了购买,则可以忽略此电子邮件。 发送此电子邮件是为了保护您免遭未经授权的购买。 如果您没有购买此产品,建议您访问iforgot.apple.com更改密码,然后参阅Apple ID:有关保护帐户安全的提示,以寻求进一步的帮助。
I read this as:
我读为:
- We know what devices you have, and a new device we've never seen before has bought something. 我们知道您拥有的设备,以及从未见过的新设备已经购买了东西。
- If it was you, don't worry, this email was FYI. 如果是您,不用担心,这封电子邮件是供您参考。
-
If it wasn't you, you should go to iforgot.apple.com and change your password and protect your account.
如果不是您,则应该转到iforgot.apple.com并更改密码并保护您的帐户。
-
Whatever happened was probably your fault and you should be more careful with these tips.
无论发生什么事,都可能是您的错,您在使用这些提示时应格外小心。
It may very well be my fault, but this user interaction isn't designed to comfort me or to make me feel safer. It succeeding in upsetting me and making me feel not only out of control but also helpless.
这很可能是我的错,但是这种用户交互并不是为了让我感到舒适或使我感到更安全。 它成功地使我不安,并使我不仅感到失控,而且感到无助。
这是我希望收到的电子邮件 (Here's a email I would have loved to have received)
Congrats on your new iPhone/iPad! We noticed you've made your first purchase, as your Apple ID was just used to buy 明珠三国OL from the App Store on a computer or device that had not previously been associated with that Apple ID.
Ordinarily we wouldn't bother you but we noticed a few things about your recent purchase.
You've never purchased an app in Chinese. Your last 492 app purchases have been English.
This purchase was from the China Unicom carrier, while your other 3 devices are on AT&T.
This purchase originated from a location in Shanghai, while your previous app purchases have originated from Oregon.
This application included In-App purchases over $20 and you've set your in-App purchase threshold at $10.
We realize this may be inconvenient, but in instances like these, it's best to be extra careful. We need to associate your new device with your Apple ID. This is a one-time operation. If you made this purchase, please click here to confirm. This email was sent as a safeguard designed to protect you against unauthorized purchases on new devices. If you did not make this purchase, click here and let us know. The security of your account is important to us and we always recommend you
protect the security of your account.
恭喜您使用了新的iPhone / iPad! 我们注意到您已经进行了首次购买,因为您的Apple ID只是用于从App Store上从未与该Apple ID关联的计算机或设备上购买明珠三国OL 。 通常,我们不会打扰您,但我们注意到您最近购买的一些事项。
您从未购买过中文应用程序。 您最近一次购买492个应用是英语。
此次购买是从中国联通运营商处购买的,而您的其他3台设备都在AT&T上。
此次购买来自上海的某个地点,而您之前的应用购买来自俄勒冈州。
该应用程序包含应用内购买金额超过20美元的应用,您已将应用内购买阈值设置为10美元。
我们意识到这可能不方便,但是在此类情况下,最好格外小心。 我们需要将您的新设备与您的Apple ID相关联。 这是一次性操作。 如果您购买了此产品,请单击此处确认。 发送此电子邮件是为了保护您免受新设备的未经授权的购买。 如果没有这次交易,请点击这里,让我们知道。 您帐户的安全性对我们很重要,我们始终建议您
保护您帐户的安全 。
MG Siegler says:
MG齐格勒说:
And he doesn’t like that Apple knows what device he has, but let the download happen anyway. I mean, people buy new devices all the time.
而且他不喜欢苹果知道他拥有什么设备,但是无论如何都要让下载发生。 我的意思是,人们一直在购买新设备。
I have, according to iTunes, 492 applications. They have all been purchased on either my iPad or my iPhone. I purchase new apps all the time. In fact, the ratio of my app purchases to my device purchases is 492:2. I realize MG says "people buy new devices all the time" but I would argue that a single confirmation email on the first application purchased on a new device would greatly reduce cases of fraud like this (assuming you don't have a @me email account that the bad guys own.)
根据iTunes,我有492个应用程序。 它们都是在我的iPad或iPhone上购买的。 我一直在购买新应用。 实际上,我的应用购买量与设备购买量之比为492:2。 我意识到MG会说“人们一直在购买新设备”,但我认为在新设备上购买的第一个应用程序上的一封确认电子邮件将大大减少此类欺诈案件(假设您没有@me电子邮件)坏人拥有的帐户。)
This is a single example of an Apple interaction, but I would expect nothing less from my Xbox, from my Kindle, or from my Bank. In fact, I get notifications from Gmail that make me feel better about my interaction with them, not worse. Recently I logged into my Google Apps account and a small red banner was at the top that said "You are forwarding email to [email protected]. Why is this notice here?"
这是苹果互动的一个例子,但是我希望Xbox,Kindle或Bank都可以。 实际上,我从Gmail收到通知,使我对与它们的交互感觉更好,而不是更糟。 最近,我登录了我的Google Apps帐户,并在顶部显示了一个红色的小标语: “您正在将电子邮件转发到[email protected] 。为什么在这里显示此通知?”
I saw this Gmail notice and said to myself, "rock on." I didn't realize I was forwarding emails with certain keywords to another account. This could be an attack vector for bad guys to siphon information out of a compromised email account. And the "why is this notice here?" link is subtle brilliance. Inform the customer and answer common questions.
我看到了这个Gmail通知,对自己说:“继续前进”。 我没有意识到我正在将带有某些关键字的电子邮件转发到另一个帐户。 这可能是坏蛋从受感染的电子邮件帐户中窃取信息的攻击媒介。 而“为什么在这里通知呢?” 链接是微妙的光彩。 通知客户并回答常见问题。
Gmail also has a "notify me of suspicious activity" setting. I receive this when I am overseas or after coming back. Also brilliant. You don't usually go to Poland, so here's how to protect yourself.
Gmail还具有“通知我可疑活动”设置。 当我在国外或回来后会收到此邮件。 也辉煌。 您通常不去波兰,所以这里是保护自己的方法。
I expect my cloud services to let me know in a way that escalates appropriately with the threat when something that doesn't' match my patterns happens.
我希望我的云服务能够以某种方式通知我,该方式会在发生与我的模式不匹配的情况时随着威胁适当升级。
元点是 (The meta-points are)
- The Cloud(s) and all its services are protected only by our passwords and the most basic of fraud systems. 云及其所有服务仅受我们的密码和最基本的欺诈系统保护。
- Cloud services are totally centralized, which makes them a big target, but they have activity information about what we're doing online that isn't being utilized to keep us safe. 云服务是完全集中的,这使其成为一个很大的目标,但是它们具有关于我们在网上所做的活动的活动信息,而这些信息并未被用来确保我们的安全。
- We, the Users, need to demand better, more secure interactions from the cloud vendors that we put our trust in. 我们,用户,需要我们信任的云供应商要求更好,更安全的交互。
- It sucks to lose access to your cloud data. 糟透了,无法访问您的云数据。
What are your thoughts, Dear Reader?
亲爱的读者,您的想法是什么?
Thanks to Matt Sherman for the Alternative Title! ;)
感谢Matt Sherman的替代标题! ;)
关于斯科特 (About Scott)
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.
斯科特·汉塞尔曼(Scott Hanselman)是前教授,前金融首席架构师,现在是演讲者,顾问,父亲,糖尿病患者和Microsoft员工。 他是一位失败的单口相声漫画家,一个玉米种植者和一本书的作者。
apple store 慢