How do I correct AI data to tell it I’m not a Microsoft MVP anymore? There’s also no forum or community section here, or newsletter, but it’s still said some very nice things about the site :) This is really a good example of how you leverage AI to do content, but also need someone who knows the topic well to sanity check the material, rather than expecting it to do everything for you. It’s still not bad for 10 seconds of work – this paragraph took a lot longer!
I thought it might be interesting to share some stats/trends around https://msportals.io which currently uses Google Analytics. Most sites have a commercial aspect and don’t like to share this data, but as it’s purely community and no financial gain, let’s check out some stats:
Last 7 days from 31st May (Monday):
Last 28 days from 10th May:
Last 12 months:
All time – from October 2021 to June 2023.
Unsurprisingly, there is a constant peak/trough for weekdays and weekends. I’m not sure why it’s more evident over the ‘all time’ stats vs ‘last 12 months’, but ’28 days’ and ‘7 days’ show a good reflection of this. Those giant peaks on the ‘all time’ are from either a news article posting about the site, or someone having a very successful social media post bringing attention to msportals.io.
There is also a pretty steady user count between 1500 and 2000 a day, excluding weekends.
Where are users coming from? (last 90 days)
Another unsurprising statistic is that most users are coming from the US – UK is next, and probably more surprising is Australia being third – maybe because I have a wider audience and more connections here?
US is the first most common US city in 7th place, while London is 1st, which I’m sure matches the expected stats due to population distribution.
Which pages are most hit? (last 90 days)
Still more unsurprising stats, the main page accounts for the most hits, which contains the standard Microsoft Admin portals. Next up is the Government portals, which is only US Gov – so there is obviously fairly high usage of those; double the stats of the user page which I did think would be a bit more widespread – but I expect the waffle from office.com serves most users quite well.
How do users get to msportals.io? (last 90 days)
Most have the site bookmarked, or are typing the URL directly into their browser. The next most common is via search engine – testing via private browser mode, searching for ‘Microsoft Portals’ brings up msportals.io as the first result on both Bing and Google, but I can’t see any stats on what search terms refer people to my site the most.
Average Engagement Time (last 90 days)
If someone visits the main msportals.io site, the average engagement time is 36 seconds (based on the last 90 days). Most sites will want higher engagement times, but the point of this site is to get people to where they want to get to as quickly as possible, so I’m pretty happy with 36 seconds as an average. Other pages have similar times, although I have no idea how language conversion is happening, or why what I assume is the French language ‘Portails adminitraeur | Portails Microsoft’ has more than 2 minutes engagement time despite France not being in the top 7 countries (I’ll blame Canada – sorry).
Tech – Device, Platform (last 90 days)
These stats I find quite interesting. No surprise that Windows is vastly the main OS used to access msportals.io, with similar numbers of Macs vs iOS users, and slightly behind that, Android. There’s 90% desktop users vs 10% mobile users – rounding to nearest number and ignoring the 0.3% of tablet users.
Very similar browser stats on Edge vs Chrome (which compared to the stats for the sites’ entire life, Chrome has been used slightly over 2x as much as Edge, which shows Edge’s usage drastically increasing for at least my sites’ user base), and fair way behind are similar usage stats for Safari vs Firefox (and again comparing since the site launched, that’s been similar the whole way along with a tiny bit more Safari).
Screen resolutions I am happy to see the standard 1920 x 1080 being far ahead. Quad HD is second, with a bit of ultrawide 5th on the list. Again, historically 1920 x 1080 has always been far ahead, but 1366 x 768 makes up second place with half the amount of 1920 x 1080 hits – yet in the last 90 days, it’s not even top 7 so there must be a lot of monitor or laptop upgrades recently :)
I hope those stats gave you some insights into both what msportals.io sees, and also very easily what any site can learn about it’s visitors – this is using Google Analytics, without any costs involved.
Getting files from A to B is sometimes easy, sometimes not so easy. As I’m writing a blog post on this topic, guess which category this falls into?
I recently purchased a Canon EOS R10 camera, and it’s been quite a while since I’ve done anything beyond a smartphone device in this space. It’s actually for my wife, but I still get to play with it.
Anyway, the simple concept of ‘I take photos on a camera and want them in OneDrive for Business the easiest and most automated way possible’ seems like it shouldn’t be a complicated ask, but the answers I’ve found aren’t as straight forward as I was expecting.
At a basic level, the camera takes photos and saves them onto a removable SD card (in this case, a Micro SD in a standard SD card adapter). Here’s the options that I found and didn’t like:
Using that solution and cutting it back a bit to an 8 hour sync and just deleting all the files found, I’ve now got a clunky but working solution:
1. Camera auto uploads to image.canon
2. image.canon syncs to Google Drive (free tier) as they come in
3. Power Automate checks every 8 hours for new files in Google Drive, copies to OneDrive for Business, deletes Google Drive files (and for 30 days I’ll still have a backup in image.canon, plus the files on the SD card in the camera until I delete them)
4. Synology NAS on-premises syncs files from OneDrive for Business to local storage
5. Plex locally scans the OneDrive for Business backup path and indexes images to play anywhere via Plex
I don’t like how many moving parts the solution has, plus the camera’s upload speed isn’t great (also a mid-range camera built in 2022 only has Wi-Fi 4 standards from what I’m seeing on my Ubiquiti equipment which is a bit disappointing), but it is an automated solution end to end. Sometimes the camera may go flat doing it’s long sync, but thankfully it keeps a record of where it was up to and continues on power on.
Continuing on from the Part 1 story, not long after I saw this story from Linus Tech Tips – they’d been hacked and although that’s on YouTube and I just lost my personal Facebook account, they sound like the same issue. This is worth a watch to understand what’s going on, if you think because you’ve got 2FA set up, you’re completely safe:
I still don’t know exactly what happened, but my cookie being hijacked made sense based on what I saw on the access logs – the same browser cookie used for auth that I’d used many months before, but no new login attempt, no MFA hacks etc.
Facebook have the same issue as YouTube – there is no MFA challenge when you change something major about your account, like your display name. It would make sense to do so when major profile changes are made, but they don’t.
Beyond that, logging onto Facebook today I saw an alert about my other profile – which was my taken over one but the browser was still aware (the account wasn’t deleted, purely completely blocked/disabled by Facebook). I’d also note here that I didn’t receive any email or other alert,
I thought I’d log back onto the account out of intertest, and was presented with a different screen:
This sounded like I might be able to get the old account back – so going through the process was purely a SMS code to type in based on my saved phone number, asking me if the phone number/email addresses were correct, then kicking of a bot who’s also a doctor seeing what actions might have been done under my account:
Strangely, this bot who I don’t believe actually is a qualified doctor, came back to tell me nothing was changed on my account:
Ah, I must have always been Lily and not realised it… even though the downloaded logs showed that was the last change on my Facebook account. If this system can’t detect that, it’s already failed.
Those Extra security settings were purely to get notifications and emails if my account is ever logged on at a new device – not a terrible thing, but probably not going to save me at 1am.
I really don’t want my old profile now anyway, but it has let me easily delete the Facebook Page I had for ‘Adam Fowler IT’ so that’s now gone.
I was considering maybe reviving the old account, but I couldn’t even change the name back because I’d changed it in the last 60 days.
Also, there might be something historical I want to get from the account, and although I have everything downloaded, it’s a bit of a pain to go through so rather than deleting the account, I changed the account profile photo to ‘do not use’ and deactivated it.
Overall, I’m still very unimpressed over the entire process, and the above continues to prove how even one of the most valuable companies in the world still gets this stuff so wrong.
And I couldn’t recover it.
A few weeks ago, I woke up to look at my phone, opened the Facebook app and saw someone else’s account flash up, which then changed to a message saying that my account had been de-activated due to breaking community standards. I first thought ‘this isn’t even my account’ but upon logging out and in, I soon came to the realization that it was actually my account.
This also affected Facebook Messenger, which I could no longer access. Others could see my account in chats, with it’s new name ‘Lily’ and profile picture (which on doing a reverse Google Image search, I found was a very popular fashion influencer – and not the potentially breaking community standards type).
Facebook had an option on signing in for me to request the decision to be reviewed. As it seemed like it was a pretty cut and dry case where someone had somehow accessed my account, I followed that process. The process sounds like a scam in itself but is an actual thing they do – first I had to take a photo of myself and upload it, then take a photo of some sort of ID and upload that too. After that, the automated Facebook system told me to wait for the results of that review.
Only an hour or so later I logged back in to check, and saw this message:
I’m going to conclude that their review process isn’t very thorough, or they’ve automated it and it’s come back in the negative for some reason. Although I don’t expect much of Facebook, I did expect to get my account back, but that was a dead end. I didn’t really care about my Facebook account too much – I was really just using it for Messenger, as well as Facebook Marketplace and some local news/events stuff. Creating a new account didn’t take long and got me back to where I needed to be.
I was still curious on what happened – I was using a unique email address and password for Facebook, and 2FA was configured; any time I’d log onto a new device I’d get an existing device to prompt via the Facebook app to authenticate. I used the ‘Download Your Information’ button above, which took several hours to be ready and give me some download links.
The 3 ZIP files Facebook provided contained quite a large amount of information – it’s interesting to see how much data they actually keep about your activities – too many to list, but some examples:
“Advertisers using your activity or information” (list of thousands)
“Your off-Facebook activity” (thousands again, example – Menulog feeds back searches, purchases etc)
“IP Address Activity”
That’s when I became ‘Lily’.
Interestingly, “Authorised Logins” shows no logins from this IP, but there is a record under “Session updated“
Unsurprisingly the IP appears to be a VPN endpoint. I’m no cyber expert, but appears someone potentially obtained a cookie off me to gain access judging by the first 4 characters, as the logs show I first used it in April 2022.
The other biggest ‘loss’ I had from losing this account was any other service I used that I’d done the lazy thing of using my Facebook account to set up access, rather than creating an individual account. One I knew I’d done this with, I could luckily follow a reset password process using the email address I used for Facebook.
I also lost control of my Facebook page where articles from here were posted – there’s probably a way to take this over, but having a quick read it requires uploading your ID, and that didn’t go to well so far.
I still haven’t been able to exactly work out how access was obtained, or what was actually done with the account to breach community guidelines (maybe just impersonating someone famous was enough) despite having all these logs. I’ve gone through chats, page likes etc and could not see anything suspicious.
The biggest lessons learned I can pass on from this is – realise that you may lose your Facebook account at any time, and despite doing the right thing and being able to prove you are you, not be able to recover it. Also, don’t be lazy and use that account to access other services if the other service can let you create an account in another way (ideally email + password + another authentication factor). If you are concerned about what Facebook might be gathering for you, follow their instructions on how to download your data – it gets presented in a nice HTML front page to dig through.
Also – if you post on social media about your account being hacked, a bunch of bots will respond and recommend services to get your account back. Ignore these.
Update: Check out Part 2 where I get the account back.
