Slashdot Mirror
Online Trust Failing Overall
twitter writes "The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure. The BBC goes on to quote experts who back up the perception, ZDNet claims that action is being taken and is well."
ZDNET is well?
bluespaceradio.com - New Wave, Indie and Alternative
I was born in 1984, a body builder making over 250k a year. Female and my occupation is the fist item in the drop down list. Whats the problem you guys have?
Most people who distrust internet commerce will gladly hand their credit card over to minimum-wage waiters, who disappear into the back room of the restaurant with it for ten minutes. It's all a matter of image and perception.
Have you read my blog lately?
or not taking the security concerns seriously. If you are saving peoples Social Security Numbers and CC Numbers then you should be encrypting that data. Venture to guess how many places actually encrypt that in a database?
But then again i would say most larger places do take these steps. More often than not I won't buy from somewhere I am unsure of or if they are not in the http://www.bbb.org/. Plus, how many people know how to always use SSL when sending sensitive stuff? I would venture my grandparents and mother have no idea.
On a side not to the last statement, i would like to say, office depot does NOT use SSL for their secure communications when you order something from in store.
The problem is the concept of ecommerce. Online transactions are just a different , cheaper frontend for a store. It's cheaper to maintain and market, there are less startup costs, but you still have to sell something: goods or services. The common misconception is the web front-end alone will create some kind of revenue flow.
I think society as a whole doesn't trust any companies any more. Everyone is so sick of the Government screwing them over and companies ignoring the laws these Governments got paid (by other companies usually) to put in place. Lets face it, I don't trust anyone I can't blackmail or back stab and get back whatever I've give them. The world has become like that and it's getting worse and worse.
I like muppets.
I just got a really nice email from a DR. VICENTE A. SOUSA from the DEPARTMENT OF OIL & DOWNSTREAM SECTOR in ANGOLA.
... you know, the email was really long with all sorts of details (kind of like those agreements when you put a CD in the computer) so I just said yes because it's supposed to be easy money. :)
Very polite, humble (he even SAYS so) and
While I'm somewhat surprised the average user pays attention to such things, I'm not surprised trust is failing in light of recent large scale compromises.
Until the industry as a whole adopts a strategy of preventing compromises, this is not going to improve. Most companies would rather pay a PR guy to fix their image after the fact than a security consultant to keep it from happening in the first place. That's certainly not how I want my information taken care of.
I rarely criticize things I don't care about.
From the article: "This survey demonstrates that awareness and action are replacing fear," Robert Holleyman, BSA's chief executive, said in a statement.
How is awareness and action replacing fear when people are afraid to shop/bank online but don't handle their passwords any differently?
Oh, wait... It was an executive who made the statement so all meanings should be reversed.
Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
Dear God, ain't this the truth??? I'm a network admin at a large company (please don't ask which), and the password situation here would be laughable if it weren't so sad. I ran LC5 on our hash file here, and was shocked and dismayed at the number of passwords cracked within 10 seconds. I'm constantly finding passwords on sticky notes on monitors and under keyboards, and many users haven't even bothered to change the default Lotus password ('password') to something else! >:(
Last year, a street survey found that more than 70% of people would reveal their password for a bar of chocolate.
That seems to be about the right figure for users in my company.
____
~ |rip/\/\aster /\/\onkey
Yeah, timothy is going to be so pissed. That spot was all his until Zonk came along and stole it.
I think the mistrust comes from people who never receive their Free Vi.a.gra Cheep! in the mail. It's such a shame, that M.ale_Enhanc3ment_P1ll sounded good to me.
If people trust the web less, then maybe it is a step forward for anti-spyware. Most spyware is after all installed on the computers of people who trust the new shiny sexy pr0n toolbar far too much.
I'm not liable for any $$ amount on my credit card or my debit. I'll say, though, I use debit card rather than my credit card. Why? Cause the bank doesn't have as much to lose as the CC company. With the bank it's all your money, with the CC company, it's their's until you pay it back, which means you have one more person in your corner - and with better lawyers, probably ;).
Despite conventional wisdom, I've discovered you can blame a guy for trying. It's called "attempted murder".
Kind of like the great majority of child kidnappings involve a non-custodial parent. But that's not a scary enough story to draw viewers, so doesn't get reported much.
(at this point the child-kidnapping activists will rise up and smite me with their negative mod-point hammers, I'm sure. :)
Have you read my blog lately?
oxy-moron
If businesses want people's trust, they need to earn it.
Should online businesses be trusted ?
I myself give out accurate personal data only when I really, really have to, and even then am pretty picky about the companies I work with - both online and offline. If confidence has declined, maybe people are learning...
...as long as Claria says it's okay.
I'm not good in groups. It's difficult to work in a group when you're omnipotent. - Q
I like using MBNA bank's credit card number proxy feature whereby you create a onetime use CC# with a limited spending limit to give out online. It's a great feature for paying at Sam's Shady Online Store with a CC# that has a $30 limit and expires in a month.
I TOTALLY know! I saw a video of this girl who had confidence that this guy WASN'T going to do this thing to her... AND HE DID! I was like, "I SO don't have confidence in the net anymore!" ...I'm sorry, I don't know where that came from. It must be time to go home...
Note: This sig contains nine S's, nine I's and five O's which... means absolutely nothing.
...As I'm currently working on three sites that have a variety of eCommerce worked into them. One is linking to a ridiculous third party all-in-one shopping cart package the client repeatedly insisted on using. I'm having the damndest time trying to ensure that everything is secure and that items being paid for are being flagged properly when they are fully paid for. Because of the hopping back and forth from our server to theirs I'm using browser cookies and I'm not fond of it at all.
I have to ask how does one inspire confidence and secure feelings in visitors to the site? It helps to make sure the site looks nice and has a minimum of spelling errors, but there isn't anything I can think of that will suggest "Hey! We're really a legitimate business and won't just take your money and run" to people who don't know what SSL is.
As someone who likes to buy things online I only trust a handful of sites to accept and process my transactions properly. I know what will keep me from using an online store (no SSL at payment, no multiple protected ways to pay, ridiculous things like having to get a Yahoo! account just to be able to checkout my shopping cart). But I can't put my finger on what keeps me feeling secure in making my transactions after that.
Starkle, starkle, little twink.
They'll just sell it all to ChoicePoint and their den of thieves.
It's not just the scammers and phishers and 419 letters. The basic infrastructure for most people is their precious box, and that is falling apart.
Look: if one of my PCs gets a problem, I start to get sympathetic symptoms. If my notebook crashes, I get really ill too. When it's fixed, I feel much better.
I run Linux, we all do in this company, but people who run Windows are contaminated from something akin to a epidemic of the plague.
It's not surprising they are reluctant to trust much else.
Sig for sale or rent. One previous user. Inquire within.
I lost my online trust when I fell victim to a particular .cx site.
Here in GA we have ChoicePoint, a company which recently allowed a criminal gang to make off with something like half-a-million IDs.
Only people in California were notified of the leak, because CA has a law requiring notification. Everyone else is going to have to wait 'til their identity gets stolen.
The GA legislature is taking up a bill to require notification of GA residents when their personal information is stolen or accidentally leaked.
Part of the problem, IMHO, is that companies won't tell you when they've shared your information with a non-trusted third party. So, a good first step would be voluntary disclosure.
668: Neighbour of the Beast
Ive had this little link in my bookmarks for a very long time Toysmart
I site this link alot when I deal with any online purchases and ask for some assurances, not just what is put in thier online agreements.
Good?
hot foreign sheep.
When knowing a number is sufficient to use it (credit cards, SSN), security is impossible.
It is a fact of life that your important numbers hang around indeffinitely in various databases. Unless more than a number is required to use them, it will become impossible to maintain your identity.
I rarely criticize things I don't care about.
In Denmark we have very good consumer protection on online trades. Whenever the card holder challenges a withdrawal, the issuing bank shall reverse the transfer immediatly. Afterwards, the burden of proof for actual goods delivery lies with the bank. The banks of course passes the burden on to the online merchants, so we have very few fradulent online traders here in denmark.
I'm not sure how it works for foreign trades, but as the banks must make the refund, no matter what, the general confidence in denmark is pretty high.
//Wegge
Put your faith in your CC company and their fraud prevention
I think we shouldn't, or at least, I don't want to.
There should be a method of paying that was time-sensitive, say a two-level authentication method that consisted of a PIN and a randomly generated number that changed with time that could only be authenticated by you and your CC company... just like we do with some sensitive computer passwords (and I'd say that Credit Cards ARE a sensitive password for the users). It could one-transaction only.
That would cut the timeframe and opportunity for frauds.
Now that I think of it, I might be able to market this to someone...
There are three kinds of lies: lies, damned lies, and statistics.
Not to defend them but ChoicePoint has voluntarily agreed to notify everyone that was involved inthis issue.
I actually think that there should be Federal legistlation for disclosure of this type of crime.
As below, so above and beyond, I imagine drawn beyond the lines of reason. Push the envelope. Watch it bend.
Also, people order things from catalogs all the time. And they require you to give your credit card # over the phone to some operator. What's stopping them from scribbling down a couple #s for their own use. Like you said, It's all about how one looks at it. Honestly, SSL/HTTPS is at least as secure as a phone line and a site is about as trustworthy as a sales assistant. As long as you order from a reputable company, one should have no problems.
However, with phishing becoming more prevalent, we might have a problem. Honestly people, check the freaking URLs and apply the security-related updates!
This is a bunch of hoohey. It is not in the sense that this is really how people feel, but those people are actually very ill informed. All they listen to is the news reports about identity theft, or they listen to their banks who are touting improved protection against identity theft. What people don't consider is that online transactions probably lower the risk for identity theft. If these banks actually offered an alternative to their competitors perhaps they could curtail their alarmist advertising.
The problem is that Credit Card companies, banks and anyone else whose revenue is generated by transaction volume have a vested interest in making transactions easier and more frequent.
As big a problem as fraud is, the reality is that there is far more to be gained from lowering barriers to credit card use than there are to raising barriers. The other sad corrolary is that the real losers when it comes to fraud are the consumers.
We have voluntarily traded security for convenience. Now it seems we want our cake too.
------ The best brain training is now totally free : )
43% of respondents were reluctant to give details to online sites
Apparently filling out a survey about online security doesn't qualify. Perhaps, 57% of respondents don't mind giving info and the other 43% give it anyway.
I don't see the problem, there are major sites like Amazon which are obviously not back-alley enterprises and its unlikely someone is going to get your credit card number on an encrypted connection - its just not worth the effort to thieves when there are so many easier ways they can do it. Other non-global sites often use well established credit card processing systems like world-pay - as long as there's no phishery involved, the site you are buying from never sees your credit card, they just get a yes or no from the bank, of course if there is some dodgy browser scripting going on then they can do what they like, but at the end of the day the bank is involved and isn't going to want dodgy sites on their books. If people are scared about their details being shared around then they should check that the company is on the data protection register (for Europe) and if not then report them, if a company starts 'loosing' your personal information they're going to end up in trouble.
This comment does not represent the views or opinions of the user.
I didn't know they'd volunteered to notify everyone. Last I heard, it was just CA residents.
I'm happy they're notifying everyone affected.
668: Neighbour of the Beast
The BBC and ZDNet are reporting on an RSA poll of 1,000 users about failing confidence in ecommerce. 43% of respondents were reluctant to give details to online sites and 70% said that firms were not doing enough to keep their data secure.
This means that the populace is getting edumacated about online activities over time.
Back in the Day (tm), we all knew that the 'net was filled with wierdos and perverts and knew what not to do. Then came this wave of n00bs who hadn't a clue and we see all the scams and stuff. This just means the n00bs are getting more informed.
Denny's is your idea of a good restaurant? Could you give an example of a bad restaurant? Um, wait, I don't really want to know. Never mind.
If you don't bother to set security standards for everything that uses or is linked to your network - this includes PEOPLE then your not doing your job. Every place i work has a clean desk policy and weekly walkthroughs that happen to verify shutdown pc's at night, all drawers are locked and desk is clean and nothing with numbers, address, emails or unmarked notes are left out. Your network is only as secure as those who are entrusted to it. If people take security this lightly then create an environment that disciplines for such.
Byron Miller for Congress.
I could have told you years ago that anything that is connected to a larger network can get stolen. But its only when something happens to a celebrity does it make it in the news and is seen as a problem that needs to be fixed. Damn it, put Justin Timberlake in charge of Home Land Security, then we might get something fixed over there.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
How, exactly, is someone supposed to remember ten different passwords for multiple systems that they have to change once every few months?
I'd say I'm "wary" of giving a clerk personal information in a store checkout line -- but in order to get an occasional break on dog food, I've given a local store some address info. (Hey, she's a Newfie, she eats her share of food.) Lots of retail stores are collecting this type of information now, as part of their loyalty card programs partly.
If Web sites are vulnerable and could have their database compromised, so is the pet store. I take the risk because of the convenience and savings.
I'm wary that the sky might fall one day, but I'll still go outside today. It's worth it.
"Fundamentalism" isn't about divine morality. It's about human authority.
It's assholes like you who are ruining the magic industry! We want the audience to be wondering how we dispose of the bodies, not if it's real or not!
nt
This is fantastic news. Now hopefully phishing, non-ActiveX assisted spyware and other suchlike 'net garbage will grow scarce.
...
then again, while I'm dreaming, I'd like a pony
Combine the ubiquitous use of SSN as college ID (at least at my school) which the state of NJ recently made illegal (thankfully) with the fact that some resturants (Qdoba being one major one) actually have printed the entire credit card number on the physical receipt. I would really like to know, though, if online website are encrypting data AS WELL AS using SSL. Maybe they could indicate this on the page or whatever...
This sig donated to Pater. Long live
As someone who works exclusively with e-commerce support and has seen a number of clients' store data, the situation generally ranges from frustratingly bad to comic ineptitude.
Was troubleshooting a client's osCommerce store to see if we could encrypt and decrypt credit card numbers and return them securely. OSC has a MySQL backend, so to make this a bit easier, I suggested he install phpMyAdmin.
"Oh, don't worry," he said, "we've already got it installed at www.mywebsite.com/phpMyAdmin."
When I went to the page, phpMA had been installed in "config" security - ie, any master of reverse-engineering that could guess he might have a folder called "phpMyAdmin" could see ALL of his tables and had root privileges on his store database.
Stupid.
Most end-users know little about protecting data and are only now starting to wise up because credit card fraud is RAMPANT and the card companies are complaining (and actually enforcing some new protection standards). I believe Visa/MC will start requiring at least RSA encryption of credit card data if customer information is stored on a publicly-accessible server.
Then there was the guy whose entire site was a group of perl scripts and whose "Checkout" script handled credit card information by setting - guess what? - COOKIES, with the full cc# and personal data available to anyone who would read the client cookie. No cookie domain, just raw cookies with plain unencrypted data.
It's a mystery to me that more people aren't blatantly ripped off, but thankfully, commercial hosts seem to be reasonably knowledgable about this and are taking appropriate precautions.
What a coincidence - I just recieved an email today from someone in a very similar situation. MR. ALBERT WABANGO from Siera Leone (at least I think - he said he was "sieralionese"). Anyway, long story short, he's going to give me nearly 20% of his dearly departed Dad's money - AND pray to god for my health and safety. What a swell guy.
Seriously though, I'm still astounded that people ACTUALLY fall for this crap - I think there should be an entire class sometime in high school dedicated to giving some common sense "real life" skills (and at least a quarter of the time dedicated to online malfeasance-avoidance) - First lesson: If it sounds too good to be true, that's because it is!
"Nokia is not a country, it's the capital of Finland!" -Moderated "Informative". Yeesh.
Well, Denmark is nice and all... At least from a tourist point of view.
But right now there is a racist party in the government. Their party chairwoman suggested that the border union with Sweden (there are no customs nor do you need a passport or anything to pass between Sweden and Denmark) should be removed because to many people are allowed in as refugees in Sweden, they also have many new rules that severely limits the possibilities for people to seek sefuge in Denmark. I think that may even be an issue for you to get citizenship there.
between t-mobiles lack security and paymaxx inc leak of w-2 information, i really cant blame anyone for worrying about online trust failing. i remember a few years back when online shopping first got started and everyone was worried about buying stuff online due to fraud. Now, when almost everyone started getting comfortable with the idea of online payments , and online billing, and online banking. now is when certain companies start to slip...and i feel its going to cause people to go back to that same mind set that nothing is safe on the net.... god forgive them for corporate america knows not what they do!
Good Karma, Bad Karma, doesnt matter to me... I'm still going to say whats on my mind!
Stay alert!
Only the dead have seen the end of war.
So what? What did you expect them to say? No one wants to sound like an idiot when the friendly neighborhood pollster comes by. What really matters is not how concerned people say they are about security, but whether they put their money where their mouth is. Do they actually give info to companies and make actual purchases? Plenty of people do. Does this poll indicate real reasons why online commerce is not more popular, or does it just let people say things that make them feel intelligent?
So maybe people aren't shopping at Amazon because they are concerned about security, or maybe they like the feel of books, or maybe it's just habit, or maybe Amazon has pretty well saturated the market.
From the BBC article: The challenge for banks is to provide the customer with something that improves security but balances that with usability."
Sadly, if the poll actually does represent reality, then the real challenge is for banks to provide the customer with something that makes them feel secure but balances with usability.
In short, "GetLoaded.com" stole information from "Truckstop.com" because truckers used the same ids and passwords for both sites.
For context, click Parent.
We all know how insecure it is, and especially those of us with technical knowledge know it's even more insecure than that.
However, this doesn't necessarily stop us from using the Net to transact business.
It's like a marketplace.
Some are crooked - and you keep your money close and take precautions and only risk a bit. Like a biker bar or most websites.
Some are mostly honest - you relax a bit, like in a secure website, but you know that sometimes you'll be robbed or defrauded - like the stock market or a bank.
And some are totally trustworthy - and don't exist except in fairytales we tell neocons, who are really more naive than children.
-- Tigger warning: This post may contain tiggers! --
"When I discuss SFTP, they scratch their head and drool a little bit, and it's clear they don't understand the threat of cleartext passwords ..."
Were they able to put their socks on?
I used to work for a company that required everyone to use the same, default password. I changed mine one day and got a visit from my supervisor a few days later asking why I'd changed it, and an order to change it back. Needless to say, I found another job quick.
"Hardly used" will not fetch you a better price for your brain.
Combine the ubiquitous use of SSN as college ID (at least at my school) which the state of NJ recently made illegal (thankfully) with the fact that some resturants (Qdoba being one major one) actually have printed the entire credit card number on the physical receipt.
Or you could just avoid places that use such things - for example, the University of Washington uses a Student ID that is assigned separately, for students, staff, and faculty, instead of your SSN and placed on your ID card that's also your bus pass and cash card.
Of course, if you then choose a PIN like 1234, you're just asking to be taken advantage of.
Our state does the same for Driver's Licenses.
-- Tigger warning: This post may contain tiggers! --
the way I do it is have a three-tier password scheme - one for public access where I don't mind being hacked (e.g. insecure logins)
- one for private access where I don't want to be hacked (4 digit)
- one for secure websites where I would be worried if I was hacked (non-dictionary words plus digits)
that way you have three passwords.
-- Tigger warning: This post may contain tiggers! --
It works, they don't ask for my ID (unless I'm at the liquor store or Radio Slump), and the transaction is anonymous.
Maybe that's why smart people use cash.
-- Tigger warning: This post may contain tiggers! --
Is go to netcraft.com and check "What's that site running?..." - If it's running Microsoft anything, then I skip the online credit card and call in the purchase.
I can't give out any of my documents, but Google for Visa CISP. Requirements are different (less or more strict, compliance required sooner versus later) for different sizes and types of merchants, but Visa is going to start requiring stricter security measures, and backing that requirement up with fines for noncompliance.
This is a Big Hairy Deal for merchant processors (like the company I work for), who provide credit card acceptance services for merchants.
ChoicePoint has also bought tri-buruea credit reports and a one year credit monitoring service for each person whose information might have been compromised. That way each person will know right away if someone tries to steal their identity.
I don't think it's the fear of insecure data transmission that keeps people from buying online, it's wondering whether they'll ever get anything back in return. This is particularly true for small operations out there. They just don't damand the same confidence as Amazon.com and other mega e-retailers.
However, I've never had a problem with not recieving product I've paid for. In practically every instance, I've been more than happy with my purchase.
SEO Copywriter. Just Say ON
I mean, does it fire off an email to a receptionist to process the card (leaving your card exposed) or something more secure (like processing the transaction directly and storing only a reference number that could be used for void/credits, if need be).
I'm not sure what the secret to success is, but the secret to failure lies in trying to please everyone -Bill Cosby
I know a team that's studying trust and loyalty interests in online commerce circumstances (i.e. eBay, company stores, etc.). I'm posting this in case anybody's interested in such matters.
http://www.eloyalty.ca/
----- Wtcher Dragon, UDIC
As an ecommerce merchant, it is true here as well that chargebacks take place before the merchant can defend itself. Only after the chargeback takes place and the money is taken out of the merchant's account can the merchant make a rebuttal.
This has happenned a couple times to me in the last month as the item and service was delivered but the client didn't recognize our doing business as name.
The real problem is companies like choicepoint cant take care of their business and the entire ecommerce world is blamed. This is the media's fault for not explaining that Choicepoint and Amazon have nothing to do with eachother.
PAY PAL
BTW probably 40% of those were the ones that got the
pay pal phishing mail.. Its amazing these people
don't bother to read the web source to determine
where the links in the email are going.. Its even more amazing, email programs are not designed to compare the receiving email to the links in the email, if they come from different domains, its a
sign that the email is phish..
He knows enough to ruin the world and his own. Does he know enough to change himself and the world as well?
Anywho, I plodded through the various screens of signing up, filling in my personal information, and when it came time to charge my credit card MoneyBookers said that it had some "Secure Shopping" system on it, and they would forward me to the appropriate site to enter my password. That site was in fact my credit card issuer's site, and they had me sign up for and pick an initial password for my credit card. Subsequently the MoneyBookers site said my transaction failed, at which point I gave up trying to buy SkypeOut time.
After that I got an email from my credit card issuer saying I should go set my preferences in this new service, and when I went there, lo and behold there is a "reciept" for that failed transaction (they don't seem to think it failed). But the transaction has yet to post to my actual credit card, which I can monitor using a separate website from the "Secure Shopping" website, and which website never refers to "Secure Shopping" feature at all!
When I asked at the "Secure Shopping" website for the places where I can use my "Secure Shopping" password, they list only a few in the U.S., but many, many places in the U.K. So I suspect that this service is more widespread in Europe than it is here. After all, if the merchant doesn't use the service, the check just isn't done-- the charges still go through. It's sort of "optional" extra security. Wouldn't the thief just use a site that doesn't use that security?
I'm posting this so that you (the moderator) have some context to consider twitter and not mod him up whenever he posts his filler preformatted rants about installing Knoppix or Mepis or whatever that unfortunately get him karma every single time and allow him to continue posting his trademark toxic crap (read on) day in and day out. You may consider this a troll - I consider it community service. And I ain't kidding.
If you're a /. subscriber, I invite you to look through some of his posting history. I guarantee that you'll be hard pressed to find someone that is more "out there" than twitter. You'll also probably notice he's got quite an AC following. Don't just read his posts, make sure you go through the replies.
To get an idea of what I'm talking about, check this post out. This is an article about email disclaimers. The parent of the post is complaining about the ads in the linked page and so on, and twitter actually goes off on a rant to blame it on Microsoft and recommend Lynx, because "is teh free".
Here's another. In this post twitter not only calls the OP a troll but attempts to "tell it like it is" while making some vague argument about "GNU". Yes, if you're confused, you're not alone. The reply (modded +4) proceeds to simply destroy his bogus argument. You will notice he did not reply. This is what some people call "drive-by advocacy". A sort of I'll just leave you with my thoughts here and move on to the next flamebait kind of deal. In fact, he almost never replies because he knows that his fanatical arguments simply do not hold up to any sort of discussion. It's not that he's chosen the wrong cause - he's just going at it in a completely wrong way.
Here's that drive-by advocacy and FUD in motion: twitter goes on about some topic and then drops the usual "oh and M$ is teh evil" because "WMP phones home" or some such. Called on his FUD, he then claims that WMP stores every song and movie you've ever played in a file, somewhere. Pressed further, he just sort of slithers out of sight, his FUD-spreading complete. This is not about some Microsoft technology that nobody likes anyway; it's about lying for the sake of lying. Way too many of his posts are exactly like this one.
More? Just read though this post and the subsequent replies. I guess this stands on its own. Or these two. Or this one. Or this one.
Still not convinced? This is what twitter considers "humour" while going about his daily "M$" routine.
M