First: here is the list of organisations that have leaked my email address to spammers (most probably because they have been compromised):

• Ning (probably through the Association of Virtual Worlds, which has published its entire membership list as a PDF including everyone’s email addresses)
• Amnesty International (probably by publishing my email address on a petition)
• Palmgear (yes, I was a huge Palm fan, long ago)
• Reqall (an iPhone app with an online service – I prefer Evernote, who have also never leaked my email address to spammers)
• socialthing (now AOL LifeStream, and utterly uninteresting to me)
• Skitch (dammit, I like Skitch!)
• ServiceCentral – a service to book tradespeople to come and break your plumbing.
• Whrrl (some kind of location-based iPhone game thing).
• 3Dexplorer.
• Spotlight – I’m a “VIP member” of this store, which apparently means that I want Russian spammers to sell me a counterfeit watch.
• Webjam – I presented at Webjam once, so this may not be a leak from their website – I gave out this address to the entire audience so anyone there could be the source of the leak.
• Saasu – online (cloud) accounting. If I can’t trust them with my email address, I’m not going to trust them with my financial data.
• Xero – as above. This is a pretty severe problem in both cases; I’ve signed up for free trials of two cloud accounting services and both have leaked my email address to Russian spammers.

I’m getting about 40 spams a day at the moment, all through the above vectors. I’m redirecting those email addresses into the void now.

(I’m getting about another 40 spams each day to my ACM and SIGGRAPH addresses, but those are all obvious enough that Apple Mail’s spam filters are catching them for me. And oddly, none of those are in English.)

I’ve been signing up for online services this way for a long time, and it’s only recently that they have become a serious vector for spam. And the spam is pretty consistently for the same group of Russian-registered sites.

I wonder how long my personal information has been accumulating, being leaked, then sold, then finally used. I wonder whether other cloud services that I’m actually using have been compromised (as opposed to ones I’ve only signed up for and not entered data into). I wonder how long the attackers will wait, accumulating more personal information on us, and how damaging the resulting identity-theft storm might be.

DISCLAIMER: This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments.

Translation: We don’t trust you.

If you have received this message in error, please notify the sender immediately and delete this message.

Translation: We don’t trust email.

Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of the University of Technology Sydney.

Translation: We don’t trust our staff.

Before opening any attachments, please check them for viruses and defects.

Translation: You should not trust this message.

And sometimes the official channels do fail. For example, our emergency dispatch services in Australia rely on automated systems that demand a street address. In situations where that’s not available the system can break down, as it did for David Iredale, who called 000 seven times when lost in the Blue Mountains in December 2006, and clearly explained that he was on the “Mt Solitary walking track heading towards the Kedumba River”, but tragically died after being dismissed by operators because he could not provide a street address.

Street addresses are not a perfect system; friends can work around that but centralised institutions have trouble with it. I once lived on Sutherland Avenue, one block down from Sutherland Street and not very well signposted. Taxis would ignore the instruction to come to “Sutherland Avenue, NOT SUTHERLAND STREET” every. single. time. And yes, ambulances too.

In extremis I’d want my friends to know I needed help, not just an “ambulance triple-0 centre [...] hopelessly inflexible and staffed by civilians forced to work 12-hour shifts without sufficient breaks“. The emergency services do save a lot of people, and clearly they’re working very hard to do so. However it seems this is in spite of inefficient systems, rather than because of efficient ones.

And sometimes, in some places calling the emergency services isn’t an option. As for James Buck, whose single-word tweet of “Arrested” alerted his network of friends to spring him from political arrest in Egypt. We are lucky in Australia to have our police working for us, at least most of the time.

So let’s not decry the fact that these girls reached out to their connected community directly for help, instead of thinking first of the crucial but overburdened and overcentralised triple-0 service. Let’s recognise that new ways of doing things have their own strengths, and that hyperconnected ten and twelve-year-olds might have something to teach us.