The Government's $200,000 Useless Android Application

Rich Jones of Gun.io, regarding the "Heat Safety Tool" mobile app that OSHA recently released. Great use of a Freedom of Information Act (FOIA) request:

[…] When I first tried the application, it told me that it was currently 140F in Boston. It is also extremely slow, it looks like butt, and it crashes all the time. It is completely horrible in every way. If I had to reproduce it, I'd say that it would take be about 6 hours at the maximum. At my hourly rate of $100, that's $600. […] Still, I was curious about how much we taxpayers payed for the program - and it knocked me off my feet.

[…]

After a few weeks of waiting (which is exceptionally short in the FOIA world, and OSHA should be commended for that), I received a response. The application cost $106,467 for the Android version, and an additional $96,000 for the iPhone and (non-existent) BlackBerry version. That's more than $200,000 for less than $2,000 worth of non-functional temperature converters.

Elsewhere on the Internet, Rafe Colburn tracked down the source of the offending application, attempting to see whether the apps were a matter of low-effort/high-cost fleecing, or a genuine effort by honest people.

His post has a fairly good step-through of just how bad the app is, inside and out. In the end, the OSHA Heat Safety Tool falls pretty short:

The first thing that stood out to me was that the variable name of the SAX content handler is myExampleHandler. A quick Google search revealed that they just copied that part of the code from this blog post and didn’t bother to change the variable names or the comments. That’s a pretty clear indicator that the code was not written by a professional who cares about their work.

[…]

I went into this thinking that maybe everybody involved was honest and the bad result was due to flaws in the process, but now I think it’s pretty clear that ERG sold the OSHA a false bill of goods and wound up fleecing them pretty badly. I hope it’s not too late to get their money back.

Google Analytics A Potential Threat to Anonymous Bloggers

Using a sample of 50 anonymous blogs pulled from discussion forums and Google news, only 14 were using Google Analytics, much less than the average. Half of those, about 15% of the total, were sharing an analytics ID with one or more other domains.

In about 30 minutes of searching, using only Google and eWhois, I was able to discover the identities of seven of the anonymous or pseudonymous bloggers, and in two cases, their employers. One blog about Anonymous' hacking operations could easily be tracked to the founder's consulting firm, while another tracking Mexican cartels was tied to a second domain with the name and address of a San Diego man.

The middle part of a Google Analytics ID (i.e. the X part in UA-XXXXXXX-NN) — which is always visible on a page using Google Analytics — is uniquely tied to your Google Analytics account, and shared among the individual sites you’ve set up.


Semi-connected in my mind: an Anonymous-related group called off a doxing operation against a Latin American drug cartel after the cartel a) kidnapped an Anonymous member, b) claimed to have identified other members, and c) sent out death threats.

Playing with fire — i.e. staying truly anonymous online — is tough.