Identity/biometrics/technology marketing and writing services
When I established the Bredemarket Yelp account, I sadly had to inform two inquirers that my services (what I do) did not include resume writing services.
But I just discovered that if you are near Upland, California, you can obtain resume writing services for free.
Today (March 29) and every Tuesday at 4:00 pm, the Upland Library hosts a resume writing workshop, “Resume Runners.” And unlike Bredemarket’s services, Upland Library services are free.
After a lack of appearances in the Bredemarket blog (none since November), Pangiam is making an appearance again, based on announcements by Biometric Update and Trueface itself about a new revision of the Trueface facial recognition SDK.
The new revision includes a number of features, including a new model for masked faces and some technical improvements.
So what is this revision called?
Version 1.0.
“Wait,” you’re asking yourself. “Version 1.0 is the NEW version? It sounds like the ORIGINAL version. Shouldn’t the new version be 2.0?”
Well, no. The original version was V0. Trueface is now ready to release V1.
Well, almost ready.
If you go to the Trueface SDK reference page, you’ll see that Trueface releases are categorized as “alpha,” “beta,” and “stable.”
(Again, this was on the afternoon of March 28, and may change by the time you read this.)
Now most biometric vendors don’t expose this much detail about their software. Some don’t even provide any release information, especially for products with long delivery times where the version that a customer will eventually get doesn’t even have locked-down requirements yet. But Pangiam has chosen to provide this level of detail.
Oh, and Pangiam/Trueface also actively participates in the ongoing NIST FRVT testing. Information on the 1:1 performance of the trueface-003 algorithm can be found here. Information on the 1:N performance of the trueface-000 algorithm can be found here.
I recently talked about planning for various scenarios, but I didn’t image something like this. Consider the following:
Put those two together, and you have this story from Los Angeles’ ABC station.
Yes, that’s an Amazon driver in the foreground, raising his hands to try to scare a bear away so he can make his delivery. He was successful.
The full Storyful video can be found here. (And of course it’s a Ring video. You didn’t expect a Nest video, did you?)
By the way, if your business has a story to tell, Bredemarket can help. (Psst: Upland businesses should scroll to the end of this page for a special “locals only” discount.)
If you would like Bredemarket to help your business tell your story…
A business owner needs to prepare Plan A and Plan B, and usually several other plans besides.
It’s important that the business remain as flexible as possible to prepare for possible eventualities, or at least the most likely ones. Don’t worry about the unlikely scenarios – for example, I never have to plan for a scenario in which Will Smith slaps someone and cusses the person out on live TV…wait, what’s that?
At Bredemarket, I’ve had business spring out of nowhere quickly, and I’ve had business not spring out of nowhere quickly.
But that was the past, and now I face the future. I’ve been thinking about this a lot, especially as I explore various ways to reach my goals for 2022 (including the super-secret unpublished third goal). And I’m wondering how various events could affect these goals…and how the events can affect other events.
Because I’m a writer, I have to write, and I’ve already started thinking through some of the “what ifs” attached to some of these events, and writing some draft communications that deal with the various events, should they happen.
But I’m leaving them in draft mode.
Because maybe neither event X nor event Y will occur.
But I’ll be ready if event Z occurs two years from now.
So how do you plan for events that may or may not occur?
Like any project, you start by taking a step back and examining the potential event at a high level.
And you start questioning, with not only “so what?” questions, but also with repeated “why?” questions (five whys is popular, but it can be any number). If you’ve never seen the five whys in action, watch this video. (H/T Mark Paradies at TapRooT.)
OK, maybe not that video.
But the important thing is to think about a potential event, what it means, and what ramifications emerge from that event if it occurs.
And then proceed accordingly…if the event happens.
I’m in the midst of a project. Not a project for Bredemarket clients, but a project for Bredemarket itself. I’m taking a brief break from the project to share some thoughts on “do not reply” email addresses.
Have you ever received an email and noticed that the sender’s email address includes some form of “do not reply”?
In effect, this means that the sender can transmit an email to you, but you cannot transmit an email back to the sender.
Because these “do not reply” email addresses are used so often, I figured that there was a good reason to do so. There HAS to be, if so many companies are using them; right?
While searching for good reasons to use “do not reply” email addresses, I instead found a bunch of reasons why you SHOULDN’T use this type of address.
After modifying my search, however, I found a Zendesk article that listed both the pros and the cons of “do not reply” emails. So there MUST be pros. Finally, a justification for this practice!
Pro: Reduce your team’s workload
From https://www.zendesk.com/blog/reply-emails-pros-cons-best-practices/
That is…it.
After additional searching, I found a ClickZ article that attempted to find some justification for the practice.
To be honest, it’s hard to find a good reason to ever use no-reply emails. There are emails which brands can send which don’t necessarily need a reply, such as:
Transactional emails – emails confirming a purchase, or sending invoice details.
Newsletters. No need to reply, just read the articles.
Marketing emails. Brands obviously want a response here, but not by replying to the email.
The problem with no reply is that, even when no response is needed, it doesn’t look good.
From https://www.clickz.com/should-brands-ever-use-do-not-reply-email-addresses/101887/
And even in the first two instances, I’m sure that ClickZ would agree that while these don’t necessarily need a reply, it would be nice to allow a reply.
So smart people never use “do not reply” email addresses.
Unless they do.
I recently signed up for a newsletter. I know that this person who writes the newsletter would be happy to engage with her subscribers.
But her newsletter provider doesn’t know this.
When I signed up for the newsletter, the acknowledgement of my subscription came from a “do not reply” email address.
Now I didn’t attribute this faux pas to the person. She may not even know that her tool is so marketing-unfriendly. And there isn’t much she can do about it, other than switch to another subscription tool.
But that got me thinking: do my own online properties similarly alienate people?
There was only one way to find out: subscribe to these services myself, using one of my alternate email addresses.
Test number one was to use email to subscribe to the Bredemarket blog. Most of my subscribers read my posts in the WordPress site or app itself, but there is an email subscription option that a few people use.
Using one of my alternate email addresses, I subscribed to test the process and see if I’m sending out messages with “do not reply” email addresses.
Back at my Bredemarket email address, I received notification of my new subscriber.
Back at the alternate email address, I waited for the promised email with “details of (my) subscription and an unsubscribe link.”
And waited.
And checked my spam folder.
And waited more.
And decided to conduct another test instead. Now that I was subscribed to the Bredemarket blog via email, I composed a test post to see what happened when email subscribers to the Bredemarket blog received test posts.
Now I received an email. While it didn’t provide details of my subscription, it did include an unsubscribe link.
And, most importantly, the email didn’t come from a “do not reply” address, but from the address “comment-reply@wordpress.com.”
Hmm…
So if I reply to this email, will the reply become a comment in the test post?
Actually it did become a comment, once I (putting my Bredemarket hat on again) approved the comment. Scroll to the bottom of the test post to see the comment.
Summary: while I ran into an issue with the subscription confirmation, emails generated by the WordPress email subscription itself do NOT come from a “do not reply” email address. And if you reply to the email, you can post a comment. Very functional two-way communication.
Good. Now for test number two, let’s check Mailchimp.
This will be a bit harder, because the “empoprises” email address already subscribes to Mailchimp. (I wanted to test out various email formats.) Luckily, I have more than two email addresses.
So I navigated through the Bredemarket website to the Mailchimp subscription page (still need to figure out how to embed that), and subscribed.
I’ve configured my Mailchimp to require a subscription confirmation, and here’s the subscription confirmation I received at my alternate alternate email address.
So if I reply to this message, the reply goes to the Bredemarket email address, not to a “do not reply” black hole.
Summary: emails generated by Mailchimp’s subscription function allow recipients to reply to…me.
It turns out there’s only one teeny tiny problem with Mailchimp’s implementation, in which all emails appear to come from me.
After my alternate alternate email successfully confirmed a subscription to the Bredemarket mailing list, Mailchimp sent a message from the Bredemarket email address to the Bredemarket email address.
When I received it, there was a big yellow caution.
Be careful with this message
This may be a spoofed message. The message claims to have been sent from your account, but Bredemarket Mail couldn’t verify the actual source. Avoid clicking links or replying with sensitive information, unless you are sure you actually sent this message. (No need to reset your password, the real sender does not actually have access to your account!)
Well, it looked safe to me.
Now I may have forgotten some service somewhere that generates emails on Bredemarket’s behalf, but as far as I know at the moment, none of the Bredemarket properties is guilty of sending out emails with a “do not reply” email address.
Now if we could just eliminate these fake “addresses” on a universal basis. Maybe the EU or California or Illinois can ban them.
Companies must choose how their marketing will address their competitors. Some choose to ignore the competition, while others publicly target them. And some companies do both simultaneously.
Trellix, the company that emerged from the combination of McAfee Enterprise and FireEye, chose the to target its competitors. Trellix’s website contains two pages that target two specific competitors.
For its part, CrowdStrike offers comparisons against both SentinelOne and “McAfee,” while SentinelOne offers comparisons against both CrowdStrike and “McAfee.” Apparently these firms need to update their pages to reflect the new company name (and possibly new features) of Trellix.
Obviously the endpoint protection industry demands these types of comparisons to sway buyers to choose one product over another.
But competitor targeting is also used by upcoming firms to displace established ones. I’ve previously talked about (then) Apple Computer’s famous “Welcome, IBM. Seriously” ad “welcoming” IBM to the personal computer industry. This was part of Steve Jobs’ multi-year effort to grow Apple by targeting and displacing IBM. But while IBM was the clear target, Apple also targeted everyone else, as Bill Murphy, Jr. noted:
Added benefit: There were actually other personal computer companies that were just as successful as Apple at the time, like Commodore, Tandy, and Osborne. The Apple ad ignored them.
From https://www.inc.com/bill-murphy-jr/37-years-ago-steve-jobs-ran-apples-most-amazing-ad-heres-story-its-almost-been-forgotten.html
By framing the circa 1981 computer industry as a battle between the Apple and IBM, Jobs captured the world’s attention. Not only by positioning Apple as David in a battle against Goliath, but by positioning Apple as one of only two companies that mattered. This marketing would reach its peak three years later, in 1984.
After 1984, the computer world changed dramatically (as it always does), with other companies creating what were then called “clones,” as well as the massive changes at both IBM and “Apple Computer” (now Apple).
Eventually, small spunky outfits challenged Apple itself, with Fortnite in particular targeting Apple’s requirement that Fortnite exclusively use Apple payments.
The decision on whether or not to publicly acknowledge and target competitors varies depending upon a company’s culture and its market position.
I need to step up my act regarding marketing, both for Bredemarket and my clients. In both cases, it’s critical that the word gets out quickly to potential clients.
For example, I drafted this post on Monday, but am not getting around to posting it until Wednesday. That’s two days of views lost right there!
I’m not the only one who needs to generate marketing material quickly.
I ran across a local company (which I will not name) that issued a press release in December 2021. In part, the press release mentioned the local company’s new dedication to the marketing function. The press release, in part, stated the following:
The Company has hired an international marketing firm…to support the Company’s efforts to increase revenue growth and brand recognition in the coming year. The firm focuses on working with companies to develop comprehensive marketing strategies that identify competitive delineation, drive-focused campaigns, and develop sales leads designed to materialize revenue. We expect their work to incorporate a website redesign, brand refresh, new strategic messaging and content, as well as focused video and digital campaigns that target markets such as [REDACTED]. We believe that a natural result of a formal marketing program, with a regular cadence of activity, will translate into market recognition of [REDACTED] as a highly-competitive brand that stands apart from the competition.
This sounds like an intelligent plan, or probably set of plans, that will address the firm’s strategic messaging, content, branding, and website, and a regular cadence of activity will keep the company visible. I certainly can’t argue with that.
Well, now we’re three months into the implementation of this comprehensive marketing strategy. As an outsider posing as a potential customer for the firm’s products and services, what can I observe?
In short, as far as outside customers are concerned, the firm has not improved its marketing at all.
What happened? Did the international marketing firm concentrate on creating a stellar plan for the company’s content? If so, when will the content be available? Mid 2022? Late 2022? 2023?
When I was a product manager twenty years ago, my company used a “waterfall” product development method in which the marketing requirements document, engineering requirements document, design documents, test documents, and other documents were developed sequentially. While some companies still use the waterfall method today, others don’t because it takes so long to do anything.
These days, product developers are moving to agile methods to release products. And marketers are moving to agile methods also.
Back in 2016, David Edelman, Jason Heller, and Steven Spittaels of McKinsey explained why marketing needs to be agile.
An international bank recently decided it wanted to see how customers would respond to a new email offer. They pulled together a mailing list, cleaned it up, iterated on copy and design, and checked with legal several times to get the needed approvals. Eight weeks later, they were ready to go.
In a world where people decide whether to abandon a web page after three seconds and Quicken Loans gives an answer to online mortgage applicants in less than ten minutes, eight weeks for an email test pushes a company to the boundaries of irrelevance.
From https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/agile-marketing-a-step-by-step-guide
The McKinsey authors then described how an agile marketing team organizes itself, sets goals, tests, and iterates.
The scrum master leads review sessions to go over test findings and decide how to scale the tests that yield promising results, adapt to feedback, and kill off those that aren’t working—all within a compressed timeframe.
From https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/agile-marketing-a-step-by-step-guide
While agile processes something result in things being wrong, the same agile processes can quickly correct the problem.
And waterfall methods can result in things being wrong also, especially when it takes so long to develop something that the initial assumptions have radically changed.
It took John DeLorean eight years to change his car concept into something coming off the production line. By that time, the automotive environment had changed.
Despite promising early sales the queue of willing buyers had dried up by the end of year – the chill wind of recession had struck the US automotive sector, and stockpiles of unsold cars started to mount up, both in Dunmurry and dockside in the USA. The worst winter in 50 years also played its part.
From https://www.aronline.co.uk/cars/de-lorean/dmc-12/the-cars-delorean-dmc-12/
This didn’t help DeLorean’s constant financing issues, and after DeLorean was caught (or entrapped by the FBI) in a $24 million cocaine deal, the DeLorean automobile was relegated to a movie prop.
If Agile processes had existed at the time, could they have reduced the 8-year gap from concept to the assembly line? Perhaps.
And if you can speed up production of a car, you can speed up production of marketing content and start putting your messaging on your Facebook, LinkedIn, and YouTube accounts, as well as your website immediately so that your customers can get your message.
Don’t wait two days, or eight years, for things to be just right.
Fielding Buck of the Southern California News Group (including my local Inland Valley Daily Bulletin) recently told a story about the opening of a restaurant in Redlands called Pizza Shack.
Sounds like a nice place for pizza, but Buck’s story didn’t end there.
Pizza Shack, at 1711 W. Lugonia, Suite 104, has the same owners as Taco Shack and Breakfast Shack in other parts of town.
From Redlands gets a third Shack: Pizza Shack on Lugonia – San Bernardino Sun (sbsun.com). Repurposed at other SCNG websites.
I couldn’t confirm the common ownership myself, so I’ll take Fielding Buck’s word for it. After all, he’s a professional with a quarter century of journalism experience (check his biography, which lists his 1995 award from his time at the Desert Sun), so I’m sure he got his facts straight. And you know that I like people with a quarter century of experience.
As Buck noted, the other two “Shack” restaurants are also in Redlands.
The three “shacks” are all within three miles of each other, which means that you could start the day at Breakfast Shack, go to Taco Shack for lunch, and then walk the breakfast and tacos off before enjoying a Pizza Shack dinner.
I had nothing to do with Fielding Buck’s story, or with the three “shacks” in Redlands, but this story caught my eye.
Perhaps you don’t own a restaurant, but you may be in another type of business that has a story that you want to share.
Bredemarket’s content creation process ensures that the final written content (a) advances your GOAL, (b) communicates your BENEFITS, and (c) speaks to your TARGET AUDIENCE. It is both iterative and collaborative. For the full process, read this.
Bredemarket can help your Inland Empire business tell that story. Even if you’re west of Redlands and don’t serve food.
(Psst: local readers should scroll to the end of this page for a special “locals only” discount.)
If you would like Bredemarket to help your business tell your story…
Eventually I’ll write a future post that explains why I created this test post.
Sometimes our mental horizons are limited, and we fail to notice things just outside of our sphere of vision. And when we ignore these things, we may receive nasty surprises.
The first step in competitive analysis is to identify your competitors. Some companies utterly fail at this by declaring, “We have no competitors.” (Voiceover: “You do.”) But even those companies that successfully identify their competitors do not always identify ALL of them.
For example, if you owned a taxicab company circa 2008, you might count other taxicab companies and buses as competitors, but you might not include the possibility of a competitor raising over $25 billion to create an infrastructure that allowed people to use their own cars to pick up people who needed rides. Of course, Uber and other companies did just that, while at the same time dodging taxicab industry regulations that mandated purchase of medallions. The rideshare companies weren’t always successful at dodging these regulations, but sometimes they were. As a result, by 2015 the taxicab industry was dying.
This is just one of many examples of competitors that seemingly arise out of nowhere and decimate existing businesses.
When considering authentication of individuals, we sometimes fail to, um, identify ALL the ways in which individuals can be identified.
When I entered the biometric industry in the mid-1990s, people were individually identified by something they had (such as a credit card), something they knew (such as a personal identification number or PIN associated with the credit card), and with a rudimentary form of something they were (a signature that matched the signature on the back of the credit card).
My employer and two other companies thought that we had a better solution than the rudimentary signature verification check—fingerprints. All three companies proposed solutions in which welfare benefit recipients would use fingerprints to authenticate themselves as the persons entitled to the welfare benefits. (Another ramification: the fingerprints could also be used to confirm that people weren’t receiving benefits under multiple names.) But in those pre-iPhone days signatures were associated with law enforcement, and benefit recipients feared that the benefit agencies would forward their fingerprints to the cops, and the use of fingerprints by welfare benefits agencies decreased.
But many people still felt that fingerprints could be used to identify individuals, and therefore people began to look at the fingerprint industry and identify competitors in that industry. Around 2000, those competitors included Cogent, Morpho, NEC, Printrak, livescan companies such as Digital Biometrics and Identix, and a few others.
But fingerprints aren’t the only biometric modality, and there were other competitors outside of the fingerprint companies.
By the early 2000s, other biometric modalities matured enough to be used for authentication purposes. Faces were tested for identification of people at Super Bowl XXXV. Irises began to be used for authentication at airports in Amsterdam (and elsewhere) in 2001, although they were cumbersome to capture. Individuals could eventually be identified via their voices.
All of these different biometric modalities got people excited. Some people, um, “advanced” the notion that biometrics (something you are) was THE way to identify people, and that passwords were of necessity going to die. Bill Gates predicted the death of the password in 2004, but he wasn’t (and isn’t) the only one to assert this view. Some assert that biometrics are clearly better than passwords. Opponents, however, objected to a reliance on only biometrics because of the ability to spoof biometrics, and because of perceived and actual racial disparities. (See my comments on faulty conclusions, and on the racist methods that people use when they DON’T use computerized facial recognition.)
The solution, as many people recognized, was to use multiple factors of authentication, not just “something you are” (biometrics).
Why multiple factors? Because if you use multiple methods to identify an individual, the ability to fraudulently impersonate an individual decreases rapidly.
Even if someone spoofed your fingerprint or face, it would be much harder for them to spoof your fingerprint/face and your driver’s license, or your fingerprint/face and your driver’s license and your password.
The National Institute of Standards and Technology (NIST) has helpfully defined the term multi-factor authentication, or MFA, for standardized U.S. government use.
Authentication using two or more factors to achieve authentication. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). See authenticator.
From https://csrc.nist.gov/glossary/term/Multi_Factor_Authentication
Source(s):
CNSSI 4009-2015 under multifactor authentication from NIST SP 800-53 Rev. 4
Sometimes the government moves more slowly than the industry. This is one of those times.
While NIST only discusses the three factors of something you know, have, and are as factors of authentication, other sources identify two additional factors. I personally use a model which includes five authentication factors, in which the other two factors are “something you do” and “somewhere you are.”
Let me illustrate how the fifth authentication factor could have helped me out several years ago.
In mid-2009, roughly fifteen years after joining the biometric industry, I had just become an employee of the new company MorphoTrak, but had not yet shifted from product management to proposals. MorphoTrak still operated as two separate divisions, and an opportunity arose for me to demonstrate a product from the Printrak division to customers of the Morpho division.
So I, along with a Metro ID demonstration system, flew to Atlantic City, New Jersey to attend a trade show which would have many attendees from New Jersey, a Morpho customer. Theoretically, local New Jersey agencies could buy Metro ID and submit results from that system to the New Jersey MetaMorpho system.
I had just acquired a new credit card for business purposes, which I would use for the first time at the trade show.
When I first tried to use the card, it was declined.
Look at it from the credit card issuer’s perspective:
So the credit card company had to verify that the use in Atlantic City was legitimate. To do so, they called my house in California.
Which ordinarily would be fine, but I was not at my house in California. I was in Atlantic City.
Eventually, everything worked out, but wouldn’t it be nice if the credit card company realized that not only did
Now you can see how “somewhere you are,” or geolocation, could be used as an identifier. Of course this would be very hard to authenticate in 1994, and wasn’t even a common authenticator in 2009, but clearly in 2022 everyone can figure out where you are.
Enter Incognia, a company that states that is offers an identification solution that uses what they call “zero factor authentication.” Tyler Choi of Biometric Update explains why Incognia’s solution is important:
Incognia points to an increase in revenue and activity across apps in financial services, crypto, social networks, and online gaming, which accentuates the need for fraud prevention.
From https://www.biometricupdate.com/202203/incognia-adds-location-fraud-detection-to-mobile-onboarding-and-authentication
While I have a problem with the “zero authentication factor” / “0FA” semantics Incognia uses (location IS an authentication factor, at least in my model), I can appreciate what the company does.
Incognia’s award-winning location identity technology is highly resistant to location spoofing and offers superior location precision for accurate fraud detection on mobile with very low false-positive rates. Incognia uses network, location, and device intelligence data to silently recognize trusted users based on their unique behavior patterns….
Incognia’s location technology uses data from not only GPS, but also WiFi, cellular and Bluetooth sensors, which makes it highly effective at detecting location spoofing, unlike fraud detection based on IP and GPS alone.
From https://www.incognia.com/location-behavioral-analytics?hsLang=en
Incognia asserts that the vast majority of transactions can be authenticated based on location alone. For example, if I perform a transaction when at my house, the chance is high that I am truly the person performing the transaction.
But what if I perform a transaction on the other side of the country, in a location that I have never visited before? Then Incognia uses additional factors of authentication to verify my identity.
For example, I could provide the password or a biometric identifier. The very fact that I possess a phone that was previously associated with me is another indicator that I may be who I say I am.
However, geolocation is not commonly used as an authentication factor, something that I subsequently discovered several years after my trip to Atlantic City.
By this time I had acquired another credit card for business purposes, and my credit card provider noticed some strange behavior. Not a single attempt to purchase food across the country at a restaurant in New Jersey, but multiple repeated purchases across the country at a store in Virginia.
The credit card provider got suspicious when the person made repeated small balance purchases at the same store, and froze the account until it could check with me to see if those purchases were legitimate. This time I was home in California and was able to confirm that the purchases were fraudulent.
Of course, the credit card provider could have detected this much more quickly if it knew that I was not in Virginia, but California.
So when you perform competitive analysis on authentication companies, don’t forget about competitors that use geolocation.
Bredemarket 