Monday, April 16, 2007

List of Ancestry CEOs

Paul Allen lists all the company's Chief Executive Officers in a recent blog posting:

Paul says, "Tim has made a number of very good decisions in the past year, and in the past few months I’ve seen an acceleration of good moves being made by the company. I’m very encouraged." He points out as he usually does when commenting about the company, that he left the company in February 2002 and has no inside information.

Paul's comments are interesting in another way. He always calls the company "Ancestry.com" even though since Paul's left it has gone through two name changes. When the company's myfamily.com web property was hot, the company changed its name to MyFamily.com, Inc. Then the dot-com bubble burst and revenues shifted dramatically from the myfamily.com property back to its ancestry.com property.

Tempting as it was, the company resisted the notion of changing the company name back. Instead, it has adopted the web-neutral name, "The Generations Network."

I think it was a good move, and I really like the company's new branding. Leaves, trees, and green dominate the series of company brands.

But some mischievious soul has given the company logo a hilarious nickname, "the Nervous Green Duck," and given it its own website. I'll tell you more secrets of the nervous green duck some other time.

Thursday, April 5, 2007

Ancestry.com message on APG regarding use at LDS libraries

Thank you to the alert Ancestry employee who alerted me to this recent post on the APG mailing list.

From: apg-bounces@rootsweb.com On Behalf Of Suzanne Russo Adams
Sent: Thursday, April 05, 2007 12:23 PM
To: apg@rootsweb.com
Subject: Re: [APG] Ancestry.com blocked at LDS libraries

Dear Colleagues,

The Family History Library and Ancestry.com have used IP authentication for several years to help manage the access to the Ancestry.com experience to the library. Since Ancestry and the FHL started using IP authentication several years ago, patrons at the Family History Library have not been able to use their own personal accounts on Ancestry.com. With the changes in the FHL access to Ancestry.com effective on Monday, this has become more of an issue than it was in the past.

Ancestry learned a few days ago that patrons at the Family History Library had inadvertently used a deep link into Ancestry.com to bypass the IP authentication that made the computer unable to log out of a personal account, even if the user wanted to, creating a security risk. Ancestry closed that hole to protect our site security and customer privacy. Shutting down the deep link log in function on the FHL computers was not a direct or an intentional ploy to upset current Ancestry.com subscribers.

Ancestry and the FHL are currently exploring solutions to allow people to gain access to their personal accounts at the Family History Library while still protecting the privacy of customers. Rest assured that we (Ancestry and the FHL) are working on a resolution--but there is not yet a timetable for its completion.

SUZANNE RUSSO ADAMS, AG(r)
Professional Services Desk Manager
ancestry.com
Part of The Generations Network

You know things have gotten Ancestry's attention when they make a public pronouncement!

I've gotten a lot of information on this issue from inside Ancestry. It turns out what they're saying about customer privacy is true. When you used the hack to login to your personal account at the Salt Lake Family History Library (FHL), the cookies dropped by the IP authentication were not completely replaced. As a result, some of the website behavior of the website reflected personal account behavior, and some of the behavior exhibited FHL behavior. No testing had ever been done in this weird, hybrid environment.

But it only took a little testing to show very, large problems. On the one hand, there was no way to logout. On the other hand, there were several code paths that allowed one to change the username, password, and email address of that account.

There were several ways to see the account owner's private data, including credit card billing address, street address, phone numbers, and any genealogical data entered about living individuals. That means anyone could see the names, ages, address, and phone number for the account owner's minor children and name and ages for nieces, nephews, etc.

If you still think Ancestry was unjustified in blocking yesterday's hack, you're out of your mind.

Tuesday, April 3, 2007

Titles Available at Family History Centers

Despite the recent spat between Ancestry.com and FamilySearch.org, Ancestry is continuing to provide the following titles to the FHL and FHCs.
  • 1841 Census of England, Wales, Channel Islands and Isle of Man
  • 1851 Census of England, Wales, Channel Islands and Isle of Man
  • 1861 Census of England, Wales, Channel Islands and Isle of Man
  • 1871 Census of England, Wales, Channel Islands and Isle of Man
  • 1881 Census of England, Wales, Channel Islands and Isle of Man
  • 1891 Census of England, Wales, Channel Islands and Isle of Man
  • England & Wales, Birth Index: 1837-1983
  • England & Wales, Death Index: 1837-1983
  • England & Wales, Marriage Index: 1837-1983
  • 1880 US Federal Census
  • 1900 US Federal Census
  • 1920 US Federal Census
  • Atlantic Ports Passenger Lists, 1820-1873 and 1893-1959
  • Baltimore Passenger Lists, 1820-1948
  • Boston Passenger Lists, 1820-1943
  • California Passenger and Crew Lists, 1893-1957
  • Detroit Border Crossings and Passenger and Crew Lists, 1905-1957
  • Florida Passenger Lists, 1898-1951
  • Galveston Passenger Lists, 1896-1948
  • New Orleans Passenger Lists, 1820-1945
  • New York Passenger Lists, 1820-1957
  • Philadelphia Passenger Lists, 1800-1945
  • Seattle Passenger and Crew Lists, 1882-1957
  • U.S. World War II Draft Registration Cards, 1942
  • World War I Draft Registration Cards, 1917-1918
This is great news for research in England and U.S. immigration. While the U.S. census collection is sparse, its fortunate that the available titles are evenly spaced and cover an important time frame. (Source: http://www.ancestry.com/fhc/dblist.aspx)

Yes, Leland. Ancestry is Now Blocking Your Workaround

But the reason is not greed. You may not be aware that a personal account accidentally left logged in is very dangerous to the account holder. Someone can come along, change the username and password, and they've taken over your account!

Further, there may be an unknown security flaw that could allow the unscrupulous to order hard goods with your credit card and have them sent somewhere else. Theoretically, Ancestry has gone through several security audits and this is not possible. But believe me, they take the threat of this very seriously.

Word in the halls is that Ancestry is searching for a safe and officially sanctioned way of accessing non-FHL accounts at the FHL.