Last fall, I was asked to participate in a beta test of Rogers On Demand Online, a video streaming website for Rogers customers only. It has since launched and anyone who subscribes to Rogers Cable or Rogers Wireless can watch videos on the site. My review pointed out the disappointing video library, which included mostly Rogers-owned stuff like Citytv and a few specialty networks that didn’t really excite me (and are also unavailable unless you subscribe to the channel with Rogers Cable).
A couple of weeks ago I was on the site watching the one series that’s worth my attention – the West Wing through its Warner Brothers channel – when I noticed the video was a bit dark.
Make that very dark. I could barely make out what was going on in many scenes. Adjustments to my screen’s brightness were futile. So I clicked on the “feedback” link on the video and said that it was too dark.
This is the email I got back:
Dear Steve Faguy,
Thank you for emailing the Rogers On Demand Online Technical Support Team.
We understand your concerns, and would be happy to assist you.
In order to better determine the cause of the problem you are experiencing, please email us your username with the associated password and indicate the name, episode number, and the channel name of the show you are referring to.
If you have any further questions or comments you may want to try our new Rogers Live Chat – an agent is standing by to assist you online:
http://rogershelp.com/livesupport-v6/?queueID=20
For any Rogers Hi-Speed Internet Technical Support issues, you may also try emailing to:
You may also use our help website www.rogersondemand.com/help as a reference
Sincerely,
Mustafa C.
Rogers Hi-Speed Internet
Electronic Support Group
I was floored. Here was someone from Rogers asking me for my password by email. That violates one of the principal tenets of online security, that nobody ever asks users for their passwords by email. After all, why would they need to? It’s their system, they should know my password, or be able to reset it, or be able to access the account without needing my password. And why would they need my password to determine that one of their videos is darker than it should be?
The email also asked for my username and the name of the video, both of which should be unnecessary because they should be passed automatically through the form I filled out.
All this is beside the fact that someone should have, you know, actually watched the video before it went online. When all you’re doing is rebroadcasting stuff created by other people, the least you can do is ensure you’re doing it properly.
I emailed Rob Manne, the PR guy who originally invited me to test RODO, about this. He responded thusly:
Thanks for providing the feedback. We checked in with the Beta development team about your questions. As you know, the Beta service is continually being upgraded based on feedback we’re getting from customers and our Beta testers.
For question #1 – the feedback tool developed for the Beta wasn’t set up to carry program information, but we’re planning to get there in the future. Appreciate you flagging that for us – I can let you know when that’s been added.
For question #2 – The password request actually isn’t necessary, so we’ll be removing that item from the e-mail.
By the way, we’ve gotten similar feedback on the West Wing episodes and have tracked it to some errors with some files. We expect those files to be fixed today and viewers will notice a significant improvement.
We really appreciate you taking the time to continue trying out the service, and also you pointing out these fixes to us. Since your blog post in November, you’ll see we’ve added a lot more library content – both specialty and all-access – and plan to keep adding more.
So you can thank me for the fact that Rogers is no longer asking its users for their passwords in their default form letters.
I just hope they’re taking more serious measures behind the scenes when it comes to security than the half-assed support system they have setup, whose troubling failures are dismissed by calling it “beta”.
Who needs a Rogers password when the security questions they ask if you call them are always the same and very easy to obtain. “What is your date of birth and your postal code?”. I know that information of a lot of my friends, and it’s not very hard to find out even of a stranger. A little social engineering will do the trick.