My #DeleteFacebook Story

I have been following the Facebook/Cambridge Analytica saga since it broke just over a week ago and my initial feelings were lack of surprise and “oh, here we go again”. But something felt different about this latest exposé, so I decided to delve deeper to see how much Facebook have captured (or at least what they tell me they have captured – how will I ever verify whether they have sent me everything?). This is my story, what I found out and what I’m going to do next….

I requested a copy of my data from Facebook on March 24. It was an easy process once I discovered that I could only do this via the FB website (at the bottom of the General Account Settings page) but NOT via the FB App on my iPad. My data arrived within the hour – all 673 files of it. I then performed an initial browse of the files to see what was there. Initially it looked to be exactly what I expected – loads of photos, a myriad of comments regarding other folks FB posts etc. etc. Nothing surprising. Then I started to delve deeper……

The really interesting stuff (in my case) comes in the last few files, so if I had not spent time during the initial analysis making sure I scanned EVERY SINGLE FILE, I wouldn’t have uncovered the juicy stuff!! So, what is the juicy stuff? The majority of the files contain photos in my case as this is typically what I post. The next major category of posts fall into the “commenting on others” posts. This is open to all comers as far as I am concerned so I spent only a short amount of time on this. However, as I mention towards the end of this piece, the photo data does uncover a few nasty surprises 😦

The first file that really grabs my attention is file no. 551 (of 673). This contains my main FB profile data. This reveals my (FB allocated) email address – something I’ve never used, won’t ever use but could be a direct access point for spam and malware for those who do. Next up on my Profile Page is the date I first joined FB (2006) followed by my primary email address, the city where I currently live and my FULL date of birth. Within my account settings I restrict the access of these fields to “Me Only”, yet they are readily available here, unencrypted and completely free for anyone to read. What upsets me the most though is the information regarding my family. There is a list of ALL my family members who are (or have been) on FB. The list also specifies their exact relationship to me. Again this is not information that I have sanctioned for sharing, yet here it is in an unencrypted file. My reaction to this is that I must tell all my family of this breach so that they are also aware. The other disappointing breach on my profile is the disclosure of all the “interests” that I have tagged over the years, the majority of which I don’t remember but would be very useful in understanding my lifestyle, my ethics, my politics, my specific interests and pastimes. Wonderful information for anyone wanting to target me.

The second file I zero in on is no. 666 of 673, it provides a complete list of all my family and friends on FB (past and present) plus the date that they joined. Why FB would keep the joining date (of my family and friends) within MY data is baffling. The underlying file structure within FB would already have the joining dates for each person and the only reason that I can see for also storing them within my data is to make it easier for someone data mining relationships between the various FB users. As part of this file there is a breakdown as follows: current friends, my friend requests still outstanding, friend requests to me that I rejected (all, in my case, because I didn’t know them), friends that I have removed (in my case I regularly clean up all my social media contacts). This final category is the most concerning for me because it includes people who have passed away and therefore it could be very upsetting to the families of those affected if this information were misused.

This is not, unfortunately, the worst breach regarding my family and friends data. File 672 (the penultimate file) provides the worst breach with respect to my story. File 672 includes details of family and friends who are NOT on Facebook. Mysteriously, it also contains details of people I have never heard of!! This is really baffling. I am going to go into this breach more forensically and provide some examples.

1) All (231) of the people listed have their mobile (cell) phone number provided. Some have multiple numbers provided.

2) 15 of these people are completely unknown to me

3) The majority of the people on the list are NOT on Facebook – to the best of my knowledge

4) The list (of 231 people) does not correspond to my current mobile (cell) phone contacts list and (as I have previously stated) I have NEVER provided permission for FB to access my personal contacts list anyway

5) Two of the people on the list have never even used the Internet – one of them is deceased and the other is over 80 years old and wouldn’t know a computer from commuter!!

6) At least 10% of those I do know (on the list) I have never had in any of my contacts files and until I received this data (from FB) didn’t know their contact details

If this data that I have received is a true reflection of my utilisation of Facebook then how come I don’t recognise some of these people? How trustworthy is any of the data? It leaves me thinking that FB have NOT provided me with everything they have from the time I joined. What is even worse is that this could be a system failure/oversight, meaning that they think they have the right data, but they don’t!! There is a big difference between knowingly providing false evidence and unknowingly providing false evidence.

Before I conclude this first part of my story I want to just briefly touch on a few other rather worrying aspects of the data captured. While I expected my uploaded photos to be stored I didn’t expect the meta data relating to them to be captured. For example, they have captured the exact longitude and latitude coordinates for many of my photos (to 14 decimal points). They have stored the IP address from where the photos were uploaded. They have stored the equipment used to take the photos. What reason could they possibly have for capturing this information? I won’t ever look it up on FB and I’m sure none of my family and friends are interested. This is an obvious data grab for future sales/marketing opportunities for FB.

So, what am I going to do next? Firstly, I am NOT going to leave Facebook, at least not in the short term. This is mainly due to my wanting to finish this analysis and I can only do this by staying on FB.

Here are my next steps…

1) Write to FB and ask them why they have captured information (that I believe has been captured against my express wishes). My contacts data being accessed will be my first question

2) Write to FB and ask them who they have shared my data with (and why) since I joined in 2006

3) Write to FB and ask them NOT to share ANY of my data with ANYONE NOT specified within my FB Privacy settings

4) Continue to request files from FB on a monthly basis, so that I can monitor the data they are storing. I am going to compare successive data files and identify changes and report any strange/unexpected activity via this Blog and other social media forums

I use FB for one reason only, it is the most appropriate software for staying in touch with my family and friends. It doesn’t mean it’s the best software for staying in touch with my family and friends but it is the most effective from a reach perspective and at this moment in time that is a major factor in my decision to stay.

I have read widely over the past week and listened to many better qualified folks that I with respect to personal and technical risk. I am hoping that my story will help others with less time on there hands (and maybe less inclination) to make their own judgement with respect to using Facebook. I have also analysed my risk with respect to Google and have closed my Google account and deleted my GMail account – as of yesterday. Google’s invasiveness is a whole other level of risk that I am not prepared to endure. There are many excellent accounts of this risk already out there – I have provided references to these via Twitter and Facebook, so you can make your own judgements there too.

In closing, I would like to offer any support I can to help my family and friends make their own decisions (and perform their own analysis if they are interested) in order that we can all come to the best decisions regarding our use of social media.

Stay safe, stay vigilant.

Dateline: Melbourne, Friday March 30 2018


On Privilege, Power & Perspective

I am a 64 year old Caucasian male. I live in a middle class suburb of Melbourne, Australia. I was educated to a level where I can make informed decisions and understand the implications of my actions. I have access to world leading health care. I can afford to buy food and drink whenever I need to. I have zero debt and unless I make serious errors of judgement I should be able to live the rest of my life in the same way I have so far – safe from famine and hunger, safe from war and bloodshed, safe from suppression and tyranny. I know right from wrong and have a clearly defined set of ethics that guide me whenever I need to make decisions or take action. I make no apology for any of this. It is my context. It is my life. It is my current existence. However, my life has not always been this good and I know what it is to struggle – admittedly, within my own white bread world.

So it is with the perspective (from my brief personal history) that I make the following statement – “I promise unequivocally that whenever I see an abuse of privilege and/or power, within my community, I will act. I will not sit on my hands or be a spectator. I will not look to someone else to take a stand. I will do whatever I can, with whatever means I have at my disposal, to highlight and address this abuse”.I have in the past acted strongly against bullying both in the workplace and my personal life. I have in the past called out and dealt with unethical behavior, personal bias and discrimination. I have resigned from organisations when I have encountered actions that have challenged my personal code of ethics. From today I am going to redouble my efforts and increase my focus on what I consider to be these totally unacceptable behaviors. 

Today I make a promise to all those within my community (who do not possess the same level of privilege and power as I) that I will act on their behalf. This is not from a perspective of being a vigilante, this is about being a decent human being who doesn’t cross the road or close their eyes to avoid an intolerable situation.

When men (and, in my experience, it is men 99% of the time) abuse their privilege and power they are showing weakness. These “men” are morally bankrupt and ethically bereft. These “men” are cowards who pray on those with less privilege and power. These “men” should be shown up for what they are – bullies, tyrants, abusers – some of the ugliest people in our society.

By letting these “men” get away with the behaviors I have described we give them more privilege and more power. We feed their hunger. We protect them. We encourage them. We even support them.

I am no figurehead or leader. I do not possess fortune or fame. I am an “average Joe”, with my own failings (that I try to learn from every day). But I will endeavor to “punch above my weight” in this situation and lead by example.

Today, I am one person standing up and saying “If you cross the line by disrespecting, disempowering or humiliating others less fortunate than yourself I will be there and I will not look the other way. I WILL ACT. I WILL STAND AGAINST YOU. I WILL DO ALL I CAN TO TAKE AWAY THE PRIVILEGE AND POWER YOU ARE ABUSING AND MISUSING.

In the meantime, I am here to provide whatever support I can to those who have been abused and disrespected. I will not pry or judge or meddle. I will respect the privacy of those who approach me. I will honor my promises. I will not wait for others to follow.

None of these self-absorbed, self-indulgent, deluded individuals have power over me and I do not seek to have power over them. I just want everyone in my community to feel safe and respected. I do this from a belief system where LOVE CONQUERS ALL.

Dateline: Sunday October 22;  Page, Arizona

We Need a Model Office Jim, Didn’t You Know That

It’s been a while since I put together a new conference talk, so I thought I’d share “We Need a Model Office Jim, Didn’t You Know That?”. I presented this a couple of weeks ago at the LAST (Lean Agile Systems Thinking) Conference in Melbourne. The content is focused on how to design and build a Model Office.

Model Office (PDF)

Any comments or questions please feel free….

Fear of Failure, Lure of Success

Why is it that so many people are driven by the fear of failure, rather than the lure of success? Is it because there is a stigma attached to failure to the point that we want to avoid failure at all costs? Is it because success seems elusive to so many of us? And what is success anyway?

Success for me isn’t momentary or transient, it’s an ongoing paradigm. It’s a state of grace. If I take a sporting analogy, it’s winning a competition that lasts 9 months (against 19 other teams), rather than winning a single (albeit important) game. Here is my take on my some of my successes and a few of my failures (and why, with hindsight, the failures don’t matter).

Younger Me: In high school I wanted so much to play for the 1st XI at soccer and cricket, but no matter how hard I trained, I was never quite skilful enough. At the same time I discovered that I could run (fast) and that I also had excellent stamina; however, running wasn’t cool in school, so I kept on trying out for the soccer and cricket teams and eventually, in my final year, became a fringe player, getting a game when others were injured or sick.

Wiser Me: I never played cricket again after high school, but I did play soccer (and for a few years 3 times each weekend) until a few years ago. The wiser me reflects that I won far more trophies in the last 5 years of my soccer “career” than I did in the previous 30!!! The biggest success, in hindsight though, was the camaraderie and friendships I forged with the hundreds of guys I played with. On the running front, I have completed five marathons and about 20 half marathons and these days I employ my fitness and stamina on a daily basis playing tennis, badminton and squash while also riding my bike as often as I can. Brain and body fitness go hand in hand in my book.

Younger Me: When I left high school University wasn’t really an option as my academic achievements weren’t consistent enough – great at Maths and Geography, crap at science and languages!! I fantasised that if I’d lived in the USA I would have gained an athletics scholarship to a top Uni, but it was a fantasy! Somehow I won a national writing competition in my final year at high school, but in hindsight, I think the rest of my final year suffered because of the 3 months I focused on that competition.

Wiser Me: As far as I can tell my lack of a University degree hasn’t damaged my career, but I think that is more of a reflection of the time I left high school (the early ’70s) than any monumental effort on my part. I did manage my career strategically but also got a break early when I lucked onto a job as a computer operator in 1971 and from there I gained access to programming, business analysis and latterly software testing. The key decisions were to focus on the finance industry in the mid ’80s, specialise in software testing in the mid ’90s and move business sectors every two years from early 2000. If I hadn’t taken a strategic approach to my career I would have drifted along, like many of my early contemporaries, and achieved far less.

Younger Me: I was desperate to become a manager in my late 20s and early 30s, but opportunities alluded me. I’ve never been good at taking direction and this led me to take up freelancing in my late 20s in an effort to have more autonomy.

Wiser Me: In hindsight, it was just as well I was into my 40s when I first managed a team, because I needed the maturity and life skills to be (what I now consider) an effective manager and (ultimately) leader. I was talking to my daughter the other day and she got her first management position in her early 20s and she’s now unhappy with many of her decisions in those early management opportunities.

Younger Me: Until my mid 30s I was ego-driven and self-centred. I wanted to prove that a young working class lad from the wrong side of the tracks could be successful if he worked hard and stayed focused on the dollar.

Wiser Me: Today I look back and note that my happiest working days are when I am working with great people who care about each other more than than they care about wealth and social standing. Once I learned to trust others, give guidance (as opposed to direction) and accept what I can directly control (ultimately, very little), I became a far better employee and a far better human being.

I am realistic about my talent, but unless I apply effort my talent is wasted. I know that I have never shirked responsibility for my actions and have worked tirelessly to achieve business outcomes, but unless I apply thought to those efforts, I’m wasting my energy.

Here are the top 10 reasons why I have achieved success…

  1. I seek out those that are smarter than me, seek to work with them and then study them
  2. I listen more than I speak
  3. I analyse data, look for patterns and work out easier ways to do things
  4. I try not to complicate stuff, simplicity is always my aim
  5. I take my time when detail is required and move quickly when it’s not
  6. I summarise information and offer insights rather than throw a myriad of detail out there
  7. I treat people as individuals
  8. I get specific when it’s appropriate
  9. I work as if I’m coming second in a race I want to win
  10. I don’t confuse popularity with success

Earlier in this post I said that my failures don’t matter. Why would I say this? Because for me failure is not an end, it’s a beginning. What I mean by this is that unless someone physically stops me from pursuing an outcome or goal I will keep trying until I succeed, I’m resilient and determined and these attributes have stood me in good stead all my working life. It is my belief that my lifelong involvement in sport has heavily influenced my ability to succeed in business as it has taught me the value of consistency and resilience.

How do you quantify your successes?

Dateline: Monday January 16 2017, Bagshot (UK)

Software Testing Conferences: The Why

A couple of days ago I was having a discussion with @nzben and @maaretp on Twitter regarding whether speakers should be paid (as a minimum expenses) to speak at Software Testing Conferences. During that discussion @nzben asked me how much I had (personally) spent on speaking and attending conferences during my (25) years in software testing. I thought about this for a while and came up with a figure in excess of $250k. Before you all get your calculators out, I used a very simple formula – I budget for 10 days of formal learning each year and on average over the years I’ve earned $1,000 per day (as a freelance testing consultant). When you work freelance you only get paid for your days in the office. Now I didn’t quite make 10 days every year (mainly due to heavy workloads and holidays) and I didn’t always pay large amounts to attend conferences or training events but you can see that the financial investment was significant by most people’s standards. If I had my time over I would have spent more, but that’s another story.

The reason I am writing about this today is that we (in Australia) have long been poor cousins to the rest of the world with respect to local access to thought leaders in our field and therefore I needed to travel to Europe and the USA for the majority of my (career development) needs. This has been slowly changing over the past few years with the likes of Michael Bolton and a few others visiting several times. This year we are very fortunate to have TWO major international conferences within the next few months in Sydney and Melbourne respectively. From my perspective anyone who is serious about software testing should attend at least one of these events and, if possible, both. I will definitely be attending the Melbourne event ( on May 10-12 and I’m currently deciding on the Sydney event ( that occurs February 20-21.

If you can’t steal your self away for either of these excellent events we are beginning to get traction on Software Testing Meetups around the country and as far as I am aware these are all FREE. I belong to several Meetup groups in Melbourne and get along whenever I can. The TEAM Meetup in Melbourne is very active; you can find them at Also in Melbourne is STAG (Software Test Automation Group), Melbourne Software Testing Meetup and Agile Testers Melbourne. In Sydney the have (the aptly named) Sydney Testers who are one of the top five (by registrations) software testing Meetups in the world, so they must be doing something right. You can just download the Meetup App as an easy way to find stuff.

Long before the Meetup buzz began there were (Australia and NZ focused) ANZTB Special Interest Groups established and I’ve attended and spoken at several of these over the years. However, it’s been a couple of years since I attended one of these, as I’ve been banned by the ANZTB from speaking at their events after a rather silly infraction several years ago in Canberra. I’ve written about this previously, so I’m not going to harp on about it again. Their loss…..

So, there you have it, I urge you to take control of you career development by attending one of the previously mentioned Conferences or (failing that) a local Meetup as often as you can. We are not as fortunate as our European and American cousins who can attend a Conference almost weekly!!

My next Blog post will provide a list of all the 2017 Conferences in Australia and New Zealand that I think you may be interested in.

Dateline: Friday January 13 2017, Bagshot

Defect Priority v Severity: Debate No. 763

A dear friend of mine (let’s call her Cheryl – because that’s her name!), sent me a message on LinkedIn today. Here’s the central question – “If you avoid looking at IEEE or ISTQB, in your opinion, what do you think is the right description of Defect Severity v Defect Priority? Does it vary based on agile v waterfall worlds?”

It is my experience that we have been debating the concepts of Defect Priority and Severity for most of my 25+ years in software testing and I have been asked hundreds (probably thousands) of times, to define/explain/clarify etc. these terms. On top of this, as Cheryl points out, there are “standards” that define these terms also. So, in the expectation that this could be a protracted debate (which is something I’m quite comfortable with, by the way) here is what I said to Cheryl,plus my  broader  thoughts on the subject….

“Hi Cheryl, great to hear from you – Happy new Year 🙂 

My views on this question haven’t really changed over the years and I know plenty disagree but (from a triage perspective) Defect Severity is the impact on the business and/or technology capability, while Defect Priority is the impact on getting the solution out there. For me this means that in a context where external customers are the primary users, Severity is always more important, because you can’t always (perhaps even rarely) contain the impact of a high severity defect. 

It’s an interesting point you raise regarding agile v waterfall – and one I hadn’t really considered much before. My initial view is that the context within which you are working is key. I would probably say that momentum is more important in most agile contexts, but if you were working on mission critical stuff, I’d be back on Severity. I think it’s a great question regarding agile v waterfall as there are far more non-testing specific complications in play.”

So, there’s the initial discussion and here are my broader thoughts (and the context within which they live)…..

I have spent the majority of my software testing career driven by and focused on customer-centric outcomes. By this I mean that if the customer (or user, more generically) can’t use the software effectively and efficiently there’s not a lot of point in producing it in the first place. I have always been more driven by outcomes than journeys and for me the Priority of something like a defect is part of a journey, while the Severity of a defect (while possibly waxing and waning) will generally remain long after the software is released (unless there is a significant business shift). Putting it slightly more bluntly, shit will always be shit.

As I said in my response to Cheryl, the context within which we discuss and agree these things is key and there are so many contexts within which we all work and more broadly exist. Therefore, my strategic and operational solutions to introducing Defect Severity and Priority guidelines over the years have been varied; however, the bottom line for me is that we identify the impact and root cause of a defect as quickly as possible (triage) and then get it fixed within the most appropriate timeframe that our business allows. And this is where the question of agile and waterfall seeps in. The waterfall approach will more often than not mean that there is far more time for reflection and planning and I have seen the Priority and severity of defects change significantly as the various test cycles unfold. This is less likely in a more agile environment.

I think I’ve provided enough insight into my own ideas here without getting too specific or contextual. So, what is the current consensus out there. I’m eager to hear from anyone, whether they agree or disagree or want to build on or tear down my thoughts.

Dateline: Sunningdale, Thursday January 5, 2017

PS Happy New Year everyone

Testing Wars (Episode IV): The Software Tester with an Identity Crisis

So long, fair world, it is time for me to sail off into the sunset, taking with me my orthogonal array gun and retire to that beautiful corner of the Universe where old Software Testers go to die – GitHub Major… It is a sad day for me, as I have finally accepted the brutality of software development in the 21st century – there is no place for a relic such as I – the much maligned Software Tester. For several years now I have been fighting a rearguard action while under constant attack from Agilist Propaganda. And so I have decided to cut and run, while I’m still at the top of my game. I don’t want to end up like some 70’s pop idol working for peanuts in some third-rate government agency backwater, regression testing a 40-year old payroll system cobbled together using fragments of COBOL-74.

But you still have so much to offer, I hear you say….

But what shall I do and where will I be respected for my skills (and ISTQB qualifications) that I have so diligently acquired throughout my professional career? Maybe there is some far flung planet in a galaxy far, far away that still needs a bug magnet. Maybe I can join the Dojo Alliance and spend my days recording defect triage videos that will appear as a backdrop to some 22nd century Reality TV show? Maybe I’ll download the entire EuroSTAR back catalog and sun myself on a beach near the Sea of Tranquility?

Yesterday I was a Software Tester and the force was with me. Today I am too sad to face reality. Maybe next week I’ll seek inspiration from the Life of Brian and pursue a long held ambition and search for the Holy Grail of software development: the on-time, on-budget, bug-free software delivery project. A search that I fear will end like some Quentin Tarantino movie – in a pool of blood.

Dateline: Tuesday November 22, 2016